GMER 2.2.19882 - http://www.gmer.net Rootkit scan 2017-06-04 13:23:05 Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 rev. 931,51GB Running: 81sypk8v.exe; Driver: C:\Users\UKASZ~1\AppData\Local\Temp\ugrdipoc.sys ---- User code sections - GMER 2.2 ---- .text C:\Program Files\Bitdefender\Bitdefender 2017\vsserv.exe[168] C:\Windows\system32\kernel32.dll!UnhandledExceptionFilter + 1 000000007715bab1 11 bytes [B8, F0, 12, DD, 00, 00, 00, ...] .text C:\Program Files\Bitdefender\Bitdefender Device Management\DevMgmtService.exe[1408] C:\Windows\system32\kernel32.dll!UnhandledExceptionFilter + 1 000000007715bab1 11 bytes [B8, F0, 12, 2E, 01, 00, 00, ...] .text C:\Windows\system32\svchost.exe[1724] C:\Windows\SYSTEM32\ntdll.dll!RtlEqualSid + 1 00000000773076b1 11 bytes [B8, E6, 21, F2, FF, FF, 07, ...] .text C:\Windows\system32\svchost.exe[1724] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateProcessParametersEx + 1 0000000077315121 7 bytes [B8, 64, 0D, F2, FF, FF, 07] .text C:\Windows\system32\svchost.exe[1724] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateProcessParametersEx + 10 000000007731512a 2 bytes [50, C3] .text C:\Windows\system32\svchost.exe[1724] C:\Windows\SYSTEM32\ntdll.dll!NtClose 000000007732be20 12 bytes [48, B8, 98, 15, F2, FF, FF, ...] .text C:\Windows\system32\svchost.exe[1724] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory 000000007732beb0 12 bytes [48, B8, A0, 1C, F2, FF, FF, ...] .text C:\Windows\system32\svchost.exe[1724] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess 000000007732bef0 12 bytes [48, B8, 14, 12, F2, FF, FF, ...] .text C:\Windows\system32\svchost.exe[1724] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationToken 000000007732bf40 12 bytes [48, B8, 50, 21, F2, FF, FF, ...] .text C:\Windows\system32\svchost.exe[1724] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 000000007732bf90 12 bytes [48, B8, 5C, 06, F2, FF, FF, ...] .text C:\Windows\system32\svchost.exe[1724] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 000000007732bfb0 12 bytes [48, B8, 80, 00, F2, FF, FF, ...] .text C:\Windows\system32\svchost.exe[1724] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection 000000007732bfd0 12 bytes [48, B8, 16, 01, F2, FF, FF, ...] .text C:\Windows\system32\svchost.exe[1724] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000000007732bff0 12 bytes [48, B8, 7E, 11, F2, FF, FF, ...] .text C:\Windows\system32\svchost.exe[1724] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 000000007732c0a0 12 bytes [48, B8, 12, 23, F2, FF, FF, ...] .text C:\Windows\system32\svchost.exe[1724] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000000007732c0d0 12 bytes [48, B8, 30, 05, F2, FF, FF, ...] .text C:\Windows\system32\svchost.exe[1724] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 000000007732c0f0 12 bytes [48, B8, 88, 07, F2, FF, FF, ...] .text C:\Windows\system32\svchost.exe[1724] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 000000007732c130 12 bytes [48, B8, 74, 1B, F2, FF, FF, ...] .text C:\Windows\system32\svchost.exe[1724] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 000000007732c180 12 bytes [48, B8, F2, 06, F2, FF, FF, ...] .text C:\Windows\system32\svchost.exe[1724] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcessEx 000000007732c200 12 bytes [48, B8, 04, 04, F2, FF, FF, ...] .text C:\Windows\system32\svchost.exe[1724] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 000000007732c210 12 bytes [48, B8, D8, 02, F2, FF, FF, ...] .text C:\Windows\system32\svchost.exe[1724] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory 000000007732c230 12 bytes [48, B8, 36, 1D, F2, FF, FF, ...] .text C:\Windows\system32\svchost.exe[1724] C:\Windows\SYSTEM32\ntdll.dll!NtSetValueKey 000000007732c330 12 bytes [48, B8, 3E, 24, F2, FF, FF, ...] .text C:\Windows\system32\svchost.exe[1724] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 000000007732c700 12 bytes [48, B8, 0A, 1C, F2, FF, FF, ...] .text C:\Windows\system32\svchost.exe[1724] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcess 000000007732c750 12 bytes [48, B8, 6E, 03, F2, FF, FF, ...] .text C:\Windows\system32\svchost.exe[1724] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 000000007732c7b0 12 bytes [48, B8, 42, 02, F2, FF, FF, ...] .text C:\Windows\system32\svchost.exe[1724] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 000000007732cb20 12 bytes [48, B8, 2E, 16, F2, FF, FF, ...] .text C:\Windows\system32\svchost.exe[1724] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcessToken 000000007732ccf0 12 bytes [48, B8, BA, 20, F2, FF, FF, ...] .text C:\Windows\system32\svchost.exe[1724] C:\Windows\SYSTEM32\ntdll.dll!NtRaiseHardError 000000007732d060 12 bytes [48, B8, 52, 10, F2, FF, FF, ...] .text C:\Windows\system32\svchost.exe[1724] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 000000007732d260 12 bytes [48, B8, C6, 05, F2, FF, FF, ...] .text C:\Windows\system32\svchost.exe[1724] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 000000007732d420 12 bytes [48, B8, C4, 16, F2, FF, FF, ...] .text C:\Windows\system32\svchost.exe[1724] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 000000007732d500 12 bytes [48, B8, 4A, 09, F2, FF, FF, ...] .text C:\Windows\system32\svchost.exe[1724] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 000000007732d510 12 bytes [48, B8, B4, 08, F2, FF, FF, ...] .text C:\Windows\system32\svchost.exe[1724] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 000000007732d520 12 bytes [48, B8, A8, 23, F2, FF, FF, ...] .text C:\Windows\system32\svchost.exe[1724] C:\Windows\SYSTEM32\ntdll.dll!RtlReportException + 1 000000007739e391 11 bytes [B8, E8, 10, F2, FF, FF, 07, ...] .text C:\Windows\system32\svchost.exe[1724] C:\Windows\system32\kernel32.dll!Process32NextW + 1 00000000770c1b21 11 bytes [B8, 02, 15, F2, FF, FF, 07, ...] .text C:\Windows\system32\svchost.exe[1724] C:\Windows\system32\kernel32.dll!CreateToolhelp32Snapshot 00000000770c1c10 12 bytes [48, B8, 1E, 08, F2, FF, FF, ...] .text C:\Windows\system32\svchost.exe[1724] C:\Windows\system32\kernel32.dll!MoveFileExW + 1 00000000770c2b61 8 bytes [B8, 86, 18, F2, FF, FF, 07, ...] .text C:\Windows\system32\svchost.exe[1724] C:\Windows\system32\kernel32.dll!MoveFileExW + 10 00000000770c2b6a 2 bytes [50, C3] .text C:\Windows\system32\svchost.exe[1724] C:\Windows\system32\kernel32.dll!CreateProcessInternalW 00000000770ddd20 12 bytes [48, B8, 9A, 04, F2, FF, FF, ...] .text C:\Windows\system32\svchost.exe[1724] C:\Windows\system32\kernel32.dll!GetStartupInfoA + 1 00000000770e08c1 11 bytes [B8, 7C, 22, F2, FF, FF, 07, ...] .text C:\Windows\system32\svchost.exe[1724] C:\Windows\system32\kernel32.dll!ReadConsoleInputW + 1 00000000771154f1 11 bytes [B8, 90, 0E, F2, FF, FF, 07, ...] .text C:\Windows\system32\svchost.exe[1724] C:\Windows\system32\kernel32.dll!ReadConsoleInputA + 1 0000000077115511 11 bytes [B8, FA, 0D, F2, FF, FF, 07, ...] .text C:\Windows\system32\svchost.exe[1724] C:\Windows\system32\kernel32.dll!ReadConsoleW 000000007712a830 12 bytes [48, B8, BC, 0F, F2, FF, FF, ...] .text C:\Windows\system32\svchost.exe[1724] C:\Windows\system32\kernel32.dll!ReadConsoleA 000000007712a940 12 bytes [48, B8, 26, 0F, F2, FF, FF, ...] .text C:\Windows\system32\svchost.exe[1724] C:\Windows\system32\kernel32.dll!MoveFileWithProgressW + 1 000000007714f6e1 11 bytes [B8, B2, 19, F2, FF, FF, 07, ...] .text C:\Windows\system32\svchost.exe[1724] C:\Windows\system32\kernel32.dll!MoveFileWithProgressA + 1 000000007714f8e1 11 bytes [B8, 1C, 19, F2, FF, FF, 07, ...] .text C:\Windows\system32\svchost.exe[1724] C:\Windows\system32\kernel32.dll!MoveFileExA + 1 000000007714f911 8 bytes [B8, F0, 17, F2, FF, FF, 07, ...] .text C:\Windows\system32\svchost.exe[1724] C:\Windows\system32\kernel32.dll!MoveFileExA + 10 000000007714f91a 2 bytes [50, C3] .text C:\Windows\system32\svchost.exe[1724] C:\Windows\system32\KERNELBASE.dll!CloseHandle + 1 000007fefd251861 11 bytes [B8, CE, 0C, F2, FF, FF, 07, ...] .text C:\Windows\system32\svchost.exe[1724] C:\Windows\system32\KERNELBASE.dll!GetProcAddress + 1 000007fefd253371 11 bytes [B8, 6C, 14, F2, FF, FF, 07, ...] .text C:\Windows\system32\svchost.exe[1724] C:\Windows\system32\KERNELBASE.dll!FindClose + 1 000007fefd256401 11 bytes [B8, 8E, 1F, F2, FF, FF, 07, ...] .text C:\Windows\system32\svchost.exe[1724] C:\Windows\system32\KERNELBASE.dll!FindFirstFileExW 000007fefd256620 12 bytes [48, B8, 62, 1E, F2, FF, FF, ...] .text C:\Windows\system32\svchost.exe[1724] C:\Windows\system32\KERNELBASE.dll!FindNextFileW + 1 000007fefd257901 11 bytes [B8, F8, 1E, F2, FF, FF, 07, ...] .text C:\Windows\system32\svchost.exe[1724] C:\Windows\system32\KERNELBASE.dll!CreateMutexW 000007fefd258750 9 bytes [48, B8, 38, 0C, F2, FF, FF, ...] .text C:\Windows\system32\svchost.exe[1724] C:\Windows\system32\KERNELBASE.dll!CreateMutexW + 10 000007fefd25875a 2 bytes [50, C3] .text C:\Windows\system32\svchost.exe[1724] C:\Windows\system32\KERNELBASE.dll!CreateWellKnownSid + 1 000007fefd25a5c1 11 bytes [B8, 24, 20, F2, FF, FF, 07, ...] .text C:\Windows\system32\svchost.exe[1724] C:\Windows\system32\KERNELBASE.dll!FreeLibrary + 1 000007fefd25aa61 11 bytes [B8, D6, 13, F2, FF, FF, 07, ...] .text C:\Windows\system32\svchost.exe[1724] C:\Windows\system32\KERNELBASE.dll!CreateRemoteThreadEx 000007fefd25acb0 12 bytes [48, B8, CC, 1D, F2, FF, FF, ...] .text C:\Windows\system32\svchost.exe[1724] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExA + 1 000007fefd25c751 11 bytes [B8, AA, 12, F2, FF, FF, 07, ...] .text C:\Windows\system32\svchost.exe[1724] C:\Windows\system32\KERNELBASE.dll!OpenThread + 1 000007fefd25ef51 11 bytes [B8, E0, 09, F2, FF, FF, 07, ...] .text C:\Windows\system32\svchost.exe[1724] C:\Windows\system32\KERNELBASE.dll!OpenMutexW + 1 000007fefd261c41 11 bytes [B8, A2, 0B, F2, FF, FF, 07, ...] .text C:\Windows\system32\svchost.exe[1724] C:\Windows\system32\KERNELBASE.dll!DeleteFileW + 1 000007fefd263291 11 bytes [B8, 48, 1A, F2, FF, FF, 07, ...] .text C:\Windows\system32\svchost.exe[1724] C:\Windows\system32\KERNELBASE.dll!DeleteFileA + 1 000007fefd2635a1 11 bytes [B8, DE, 1A, F2, FF, FF, 07, ...] .text C:\Windows\system32\svchost.exe[1724] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd269ac0 12 bytes [48, B8, 40, 13, F2, FF, FF, ...] .text C:\Windows\system32\svchost.exe[1724] C:\Windows\system32\KERNELBASE.dll!WriteProcessMemory 000007fefd2838a0 12 bytes [48, B8, 0C, 0B, F2, FF, FF, ...] .text C:\Windows\system32\svchost.exe[1724] C:\Windows\system32\KERNELBASE.dll!DefineDosDeviceW + 1 000007fefd28ff01 11 bytes [B8, 5A, 17, F2, FF, FF, 07, ...] .text C:\Windows\system32\svchost.exe[1724] C:\Windows\system32\KERNELBASE.dll!CreateRemoteThread + 1 000007fefd2922c1 8 bytes [B8, AC, 01, F2, FF, FF, 07, ...] .text C:\Windows\system32\svchost.exe[1724] C:\Windows\system32\KERNELBASE.dll!CreateRemoteThread + 10 000007fefd2922ca 2 bytes [50, C3] .text C:\Windows\system32\svchost.exe[1724] C:\Windows\system32\KERNELBASE.dll!CreateThread + 1 000007fefd292301 11 bytes [B8, 76, 0A, F2, FF, FF, 07, ...] .text C:\Windows\system32\svchost.exe[1724] C:\Windows\system32\GDI32.dll!GdiDllInitialize + 353 000007feff3caf11 11 bytes [B8, D4, 24, F2, FF, FF, 07, ...] .text C:\Windows\system32\svchost.exe[1724] C:\Windows\system32\GDI32.dll!SetBrushAttributes + 1 000007feff3e49a9 11 bytes [B8, AA, 38, F2, FF, FF, 07, ...] .text C:\Windows\system32\svchost.exe[1724] C:\Windows\system32\GDI32.dll!ClearBrushAttributes + 1 000007feff3e49c9 11 bytes [B8, 40, 39, F2, FF, FF, 07, ...] .text C:\Windows\system32\svchost.exe[1724] C:\Windows\system32\GDI32.dll!NamedEscape + 1 000007feff3f9271 11 bytes [B8, D6, 39, F2, FF, FF, 07, ...] .text C:\Windows\system32\svchost.exe[1724] C:\Windows\system32\ADVAPI32.dll!CryptExportKey + 1 000007fefeb7ac21 11 bytes [B8, 0A, 44, F2, FF, FF, 07, ...] .text C:\Windows\system32\svchost.exe[1724] C:\Windows\system32\ADVAPI32.dll!CryptAcquireContextA + 1 000007fefeb7ac7d 11 bytes [B8, 32, 41, F2, FF, FF, 07, ...] .text C:\Windows\system32\svchost.exe[1724] C:\Windows\system32\ADVAPI32.dll!CryptImportKey + 1 000007fefeb7e415 11 bytes [B8, B6, 45, F2, FF, FF, 07, ...] .text C:\Windows\system32\svchost.exe[1724] C:\Windows\system32\ADVAPI32.dll!OpenServiceW 000007fefeb7e514 12 bytes [48, B8, 82, 3B, F2, FF, FF, ...] .text C:\Windows\system32\svchost.exe[1724] C:\Windows\system32\ADVAPI32.dll!CryptAcquireContextW + 1 000007fefeb801bd 11 bytes [B8, C8, 41, F2, FF, FF, 07, ...] .text C:\Windows\system32\svchost.exe[1724] C:\Windows\system32\ADVAPI32.dll!CryptCreateHash + 1 000007fefeb80291 11 bytes [B8, 74, 43, F2, FF, FF, 07, ...] .text C:\Windows\system32\svchost.exe[1724] C:\Windows\system32\ADVAPI32.dll!CryptGetHashParam + 1 000007fefeb802bd 11 bytes [B8, A0, 44, F2, FF, FF, 07, ...] .text C:\Windows\system32\svchost.exe[1724] C:\Windows\system32\ADVAPI32.dll!CloseServiceHandle 000007fefeb8a830 12 bytes [48, B8, 70, 3F, F2, FF, FF, ...] .text C:\Windows\system32\svchost.exe[1724] C:\Windows\system32\ADVAPI32.dll!IsTextUnicode + 49 000007fefeb94291 11 bytes [B8, 6C, 3A, F2, FF, FF, 07, ...] .text C:\Windows\system32\svchost.exe[1724] C:\Windows\system32\ADVAPI32.dll!CreateServiceW 000007fefeb949b0 12 bytes [48, B8, 9C, 40, F2, FF, FF, ...] .text C:\Windows\system32\svchost.exe[1724] C:\Windows\system32\ADVAPI32.dll!CryptEncrypt + 1 000007fefebaa409 7 bytes [B8, DE, 42, F2, FF, FF, 07] .text C:\Windows\system32\svchost.exe[1724] C:\Windows\system32\ADVAPI32.dll!CryptEncrypt + 10 000007fefebaa412 2 bytes [50, C3] .text C:\Windows\system32\svchost.exe[1724] C:\Windows\system32\ADVAPI32.dll!CreateServiceA 000007fefebaa490 12 bytes [48, B8, 06, 40, F2, FF, FF, ...] .text C:\Windows\system32\svchost.exe[1724] C:\Windows\system32\ADVAPI32.dll!ControlServiceExW 000007fefebaa5e8 36 bytes [48, B8, AE, 3C, F2, FF, FF, ...] .text C:\Windows\system32\svchost.exe[1724] C:\Windows\system32\ADVAPI32.dll!ChangeServiceConfigA 000007fefebaa66c 12 bytes [48, B8, 44, 3E, F2, FF, FF, ...] .text C:\Windows\system32\svchost.exe[1724] C:\Windows\system32\WS2_32.dll!WSASend + 1 000007fefea813b1 11 bytes [B8, FC, 4A, F2, FF, FF, 07, ...] .text C:\Windows\system32\svchost.exe[1724] C:\Windows\system32\WS2_32.dll!closesocket 000007fefea818e0 12 bytes [48, B8, 66, 4A, F2, FF, FF, ...] .text C:\Windows\system32\svchost.exe[1724] C:\Windows\system32\WS2_32.dll!WSASocketW + 1 000007fefea81bd1 11 bytes [B8, D0, 49, F2, FF, FF, 07, ...] .text C:\Windows\system32\svchost.exe[1724] C:\Windows\system32\WS2_32.dll!WSARecv + 1 000007fefea82201 11 bytes [B8, 54, 4D, F2, FF, FF, 07, ...] .text C:\Windows\system32\svchost.exe[1724] C:\Windows\system32\WS2_32.dll!GetAddrInfoW 000007fefea823c0 12 bytes [48, B8, 78, 47, F2, FF, FF, ...] .text C:\Windows\system32\svchost.exe[1724] C:\Windows\system32\WS2_32.dll!connect 000007fefea842f0 12 bytes [48, B8, E2, 46, F2, FF, FF, ...] .text C:\Windows\system32\svchost.exe[1724] C:\Windows\system32\WS2_32.dll!send + 1 000007fefea87cd1 11 bytes [B8, 3A, 49, F2, FF, FF, 07, ...] .text C:\Windows\system32\svchost.exe[1724] C:\Windows\system32\WS2_32.dll!gethostbyname 000007fefea88ac0 8 bytes [48, B8, A4, 48, F2, FF, FF, ...] .text C:\Windows\system32\svchost.exe[1724] C:\Windows\system32\WS2_32.dll!gethostbyname + 9 000007fefea88ac9 3 bytes [00, 50, C3] .text C:\Windows\system32\svchost.exe[1724] C:\Windows\system32\WS2_32.dll!GetAddrInfoExW 000007fefea8be40 12 bytes [48, B8, 0E, 48, F2, FF, FF, ...] .text C:\Windows\system32\svchost.exe[1724] C:\Windows\system32\WS2_32.dll!socket + 1 000007fefea8d911 11 bytes [B8, 92, 4B, F2, FF, FF, 07, ...] .text C:\Windows\system32\svchost.exe[1724] C:\Windows\system32\WS2_32.dll!recv + 1 000007fefea8d9c1 11 bytes [B8, BE, 4C, F2, FF, FF, 07, ...] .text C:\Windows\system32\svchost.exe[1724] C:\Windows\system32\WS2_32.dll!WSAConnect + 1 000007fefeaae081 11 bytes [B8, 28, 4C, F2, FF, FF, 07, ...] .text C:\Windows\system32\svchost.exe[1724] C:\Windows\system32\winhttp.dll!WinHttpCloseHandle 000007fef67e22d0 12 bytes [48, B8, 16, 4F, F2, FF, FF, ...] .text C:\Windows\system32\svchost.exe[1724] C:\Windows\system32\winhttp.dll!WinHttpOpenRequest 000007fef67e45f0 12 bytes [48, B8, 80, 4E, F2, FF, FF, ...] .text C:\Windows\system32\svchost.exe[1724] C:\Windows\system32\winhttp.dll!WinHttpConnect 000007fef67f3e68 12 bytes [48, B8, AC, 4F, F2, FF, FF, ...] .text C:\Windows\system32\svchost.exe[1724] C:\Windows\system32\DNSAPI.dll!DnsQuery_UTF8 000007fefc5e56e0 12 bytes [48, B8, 04, 52, F2, FF, FF, ...] .text C:\Windows\system32\svchost.exe[1724] C:\Windows\system32\DNSAPI.dll!DnsQuery_W 000007fefc5f010c 12 bytes [48, B8, 6E, 51, F2, FF, FF, ...] .text C:\Windows\system32\svchost.exe[1724] C:\Windows\system32\DNSAPI.dll!DnsQuery_A 000007fefc60daa0 12 bytes [48, B8, D8, 50, F2, FF, FF, ...] .text C:\Windows\system32\svchost.exe[1788] C:\Windows\SYSTEM32\ntdll.dll!RtlEqualSid + 1 00000000773076b1 11 bytes [B8, E6, 21, F2, FF, FF, 07, ...] .text C:\Windows\system32\svchost.exe[1788] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateProcessParametersEx + 1 0000000077315121 7 bytes [B8, 64, 0D, F2, FF, FF, 07] .text C:\Windows\system32\svchost.exe[1788] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateProcessParametersEx + 10 000000007731512a 2 bytes [50, C3] .text C:\Windows\system32\svchost.exe[1788] C:\Windows\SYSTEM32\ntdll.dll!NtClose 000000007732be20 12 bytes [48, B8, 98, 15, F2, FF, FF, ...] .text C:\Windows\system32\svchost.exe[1788] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory 000000007732beb0 12 bytes [48, B8, A0, 1C, F2, FF, FF, ...] .text C:\Windows\system32\svchost.exe[1788] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess 000000007732bef0 12 bytes [48, B8, 14, 12, F2, FF, FF, ...] .text C:\Windows\system32\svchost.exe[1788] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationToken 000000007732bf40 12 bytes [48, B8, 50, 21, F2, FF, FF, ...] .text C:\Windows\system32\svchost.exe[1788] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 000000007732bf90 12 bytes [48, B8, 5C, 06, F2, FF, FF, ...] .text C:\Windows\system32\svchost.exe[1788] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 000000007732bfb0 12 bytes [48, B8, 80, 00, F2, FF, FF, ...] .text C:\Windows\system32\svchost.exe[1788] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection 000000007732bfd0 12 bytes [48, B8, 16, 01, F2, FF, FF, ...] .text C:\Windows\system32\svchost.exe[1788] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000000007732bff0 12 bytes [48, B8, 7E, 11, F2, FF, FF, ...] .text C:\Windows\system32\svchost.exe[1788] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 000000007732c0a0 12 bytes [48, B8, 12, 23, F2, FF, FF, ...] .text C:\Windows\system32\svchost.exe[1788] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000000007732c0d0 12 bytes [48, B8, 30, 05, F2, FF, FF, ...] .text C:\Windows\system32\svchost.exe[1788] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 000000007732c0f0 12 bytes [48, B8, 88, 07, F2, FF, FF, ...] .text C:\Windows\system32\svchost.exe[1788] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 000000007732c130 12 bytes [48, B8, 74, 1B, F2, FF, FF, ...] .text C:\Windows\system32\svchost.exe[1788] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 000000007732c180 12 bytes [48, B8, F2, 06, F2, FF, FF, ...] .text C:\Windows\system32\svchost.exe[1788] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcessEx 000000007732c200 12 bytes [48, B8, 04, 04, F2, FF, FF, ...] .text C:\Windows\system32\svchost.exe[1788] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 000000007732c210 12 bytes [48, B8, D8, 02, F2, FF, FF, ...] .text C:\Windows\system32\svchost.exe[1788] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory 000000007732c230 12 bytes [48, B8, 36, 1D, F2, FF, FF, ...] .text C:\Windows\system32\svchost.exe[1788] C:\Windows\SYSTEM32\ntdll.dll!NtSetValueKey 000000007732c330 12 bytes [48, B8, 3E, 24, F2, FF, FF, ...] .text C:\Windows\system32\svchost.exe[1788] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 000000007732c700 12 bytes [48, B8, 0A, 1C, F2, FF, FF, ...] .text C:\Windows\system32\svchost.exe[1788] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcess 000000007732c750 12 bytes [48, B8, 6E, 03, F2, FF, FF, ...] .text C:\Windows\system32\svchost.exe[1788] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 000000007732c7b0 12 bytes [48, B8, 42, 02, F2, FF, FF, ...] .text C:\Windows\system32\svchost.exe[1788] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 000000007732cb20 12 bytes [48, B8, 2E, 16, F2, FF, FF, ...] .text C:\Windows\system32\svchost.exe[1788] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcessToken 000000007732ccf0 12 bytes [48, B8, BA, 20, F2, FF, FF, ...] .text C:\Windows\system32\svchost.exe[1788] C:\Windows\SYSTEM32\ntdll.dll!NtRaiseHardError 000000007732d060 12 bytes [48, B8, 52, 10, F2, FF, FF, ...] .text C:\Windows\system32\svchost.exe[1788] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 000000007732d260 12 bytes [48, B8, C6, 05, F2, FF, FF, ...] .text C:\Windows\system32\svchost.exe[1788] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 000000007732d420 12 bytes [48, B8, C4, 16, F2, FF, FF, ...] .text C:\Windows\system32\svchost.exe[1788] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 000000007732d500 12 bytes [48, B8, 4A, 09, F2, FF, FF, ...] .text C:\Windows\system32\svchost.exe[1788] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 000000007732d510 12 bytes [48, B8, B4, 08, F2, FF, FF, ...] .text C:\Windows\system32\svchost.exe[1788] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 000000007732d520 12 bytes [48, B8, A8, 23, F2, FF, FF, ...] .text C:\Windows\system32\svchost.exe[1788] C:\Windows\SYSTEM32\ntdll.dll!RtlReportException + 1 000000007739e391 11 bytes [B8, E8, 10, F2, FF, FF, 07, ...] .text C:\Windows\system32\svchost.exe[1788] C:\Windows\system32\kernel32.dll!Process32NextW + 1 00000000770c1b21 11 bytes [B8, 02, 15, F2, FF, FF, 07, ...] .text C:\Windows\system32\svchost.exe[1788] C:\Windows\system32\kernel32.dll!CreateToolhelp32Snapshot 00000000770c1c10 12 bytes [48, B8, 1E, 08, F2, FF, FF, ...] .text C:\Windows\system32\svchost.exe[1788] C:\Windows\system32\kernel32.dll!MoveFileExW + 1 00000000770c2b61 8 bytes [B8, 86, 18, F2, FF, FF, 07, ...] .text C:\Windows\system32\svchost.exe[1788] C:\Windows\system32\kernel32.dll!MoveFileExW + 10 00000000770c2b6a 2 bytes [50, C3] .text C:\Windows\system32\svchost.exe[1788] C:\Windows\system32\kernel32.dll!CreateProcessInternalW 00000000770ddd20 12 bytes [48, B8, 9A, 04, F2, FF, FF, ...] .text C:\Windows\system32\svchost.exe[1788] C:\Windows\system32\kernel32.dll!GetStartupInfoA + 1 00000000770e08c1 11 bytes [B8, 7C, 22, F2, FF, FF, 07, ...] .text C:\Windows\system32\svchost.exe[1788] C:\Windows\system32\kernel32.dll!ReadConsoleInputW + 1 00000000771154f1 11 bytes [B8, 90, 0E, F2, FF, FF, 07, ...] .text C:\Windows\system32\svchost.exe[1788] C:\Windows\system32\kernel32.dll!ReadConsoleInputA + 1 0000000077115511 11 bytes [B8, FA, 0D, F2, FF, FF, 07, ...] .text C:\Windows\system32\svchost.exe[1788] C:\Windows\system32\kernel32.dll!ReadConsoleW 000000007712a830 12 bytes [48, B8, BC, 0F, F2, FF, FF, ...] .text C:\Windows\system32\svchost.exe[1788] C:\Windows\system32\kernel32.dll!ReadConsoleA 000000007712a940 12 bytes [48, B8, 26, 0F, F2, FF, FF, ...] .text C:\Windows\system32\svchost.exe[1788] C:\Windows\system32\kernel32.dll!MoveFileWithProgressW + 1 000000007714f6e1 11 bytes [B8, B2, 19, F2, FF, FF, 07, ...] .text C:\Windows\system32\svchost.exe[1788] C:\Windows\system32\kernel32.dll!MoveFileWithProgressA + 1 000000007714f8e1 11 bytes [B8, 1C, 19, F2, FF, FF, 07, ...] .text C:\Windows\system32\svchost.exe[1788] C:\Windows\system32\kernel32.dll!MoveFileExA + 1 000000007714f911 8 bytes [B8, F0, 17, F2, FF, FF, 07, ...] .text C:\Windows\system32\svchost.exe[1788] C:\Windows\system32\kernel32.dll!MoveFileExA + 10 000000007714f91a 2 bytes [50, C3] .text C:\Windows\system32\svchost.exe[1788] C:\Windows\system32\KERNELBASE.dll!CloseHandle + 1 000007fefd251861 11 bytes [B8, CE, 0C, F2, FF, FF, 07, ...] .text C:\Windows\system32\svchost.exe[1788] C:\Windows\system32\KERNELBASE.dll!GetProcAddress + 1 000007fefd253371 11 bytes [B8, 6C, 14, F2, FF, FF, 07, ...] .text C:\Windows\system32\svchost.exe[1788] C:\Windows\system32\KERNELBASE.dll!FindClose + 1 000007fefd256401 11 bytes [B8, 8E, 1F, F2, FF, FF, 07, ...] .text C:\Windows\system32\svchost.exe[1788] C:\Windows\system32\KERNELBASE.dll!FindFirstFileExW 000007fefd256620 12 bytes [48, B8, 62, 1E, F2, FF, FF, ...] .text C:\Windows\system32\svchost.exe[1788] C:\Windows\system32\KERNELBASE.dll!FindNextFileW + 1 000007fefd257901 11 bytes [B8, F8, 1E, F2, FF, FF, 07, ...] .text C:\Windows\system32\svchost.exe[1788] C:\Windows\system32\KERNELBASE.dll!CreateMutexW 000007fefd258750 9 bytes [48, B8, 38, 0C, F2, FF, FF, ...] .text C:\Windows\system32\svchost.exe[1788] C:\Windows\system32\KERNELBASE.dll!CreateMutexW + 10 000007fefd25875a 2 bytes [50, C3] .text C:\Windows\system32\svchost.exe[1788] C:\Windows\system32\KERNELBASE.dll!CreateWellKnownSid + 1 000007fefd25a5c1 11 bytes [B8, 24, 20, F2, FF, FF, 07, ...] .text C:\Windows\system32\svchost.exe[1788] C:\Windows\system32\KERNELBASE.dll!FreeLibrary + 1 000007fefd25aa61 11 bytes [B8, D6, 13, F2, FF, FF, 07, ...] .text C:\Windows\system32\svchost.exe[1788] C:\Windows\system32\KERNELBASE.dll!CreateRemoteThreadEx 000007fefd25acb0 12 bytes [48, B8, CC, 1D, F2, FF, FF, ...] .text C:\Windows\system32\svchost.exe[1788] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExA + 1 000007fefd25c751 11 bytes [B8, AA, 12, F2, FF, FF, 07, ...] .text C:\Windows\system32\svchost.exe[1788] C:\Windows\system32\KERNELBASE.dll!OpenThread + 1 000007fefd25ef51 11 bytes [B8, E0, 09, F2, FF, FF, 07, ...] .text C:\Windows\system32\svchost.exe[1788] C:\Windows\system32\KERNELBASE.dll!OpenMutexW + 1 000007fefd261c41 11 bytes [B8, A2, 0B, F2, FF, FF, 07, ...] .text C:\Windows\system32\svchost.exe[1788] C:\Windows\system32\KERNELBASE.dll!DeleteFileW + 1 000007fefd263291 11 bytes [B8, 48, 1A, F2, FF, FF, 07, ...] .text C:\Windows\system32\svchost.exe[1788] C:\Windows\system32\KERNELBASE.dll!DeleteFileA + 1 000007fefd2635a1 11 bytes [B8, DE, 1A, F2, FF, FF, 07, ...] .text C:\Windows\system32\svchost.exe[1788] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd269ac0 12 bytes [48, B8, 40, 13, F2, FF, FF, ...] .text C:\Windows\system32\svchost.exe[1788] C:\Windows\system32\KERNELBASE.dll!WriteProcessMemory 000007fefd2838a0 12 bytes [48, B8, 0C, 0B, F2, FF, FF, ...] .text C:\Windows\system32\svchost.exe[1788] C:\Windows\system32\KERNELBASE.dll!DefineDosDeviceW + 1 000007fefd28ff01 11 bytes [B8, 5A, 17, F2, FF, FF, 07, ...] .text C:\Windows\system32\svchost.exe[1788] C:\Windows\system32\KERNELBASE.dll!CreateRemoteThread + 1 000007fefd2922c1 8 bytes [B8, AC, 01, F2, FF, FF, 07, ...] .text C:\Windows\system32\svchost.exe[1788] C:\Windows\system32\KERNELBASE.dll!CreateRemoteThread + 10 000007fefd2922ca 2 bytes [50, C3] .text C:\Windows\system32\svchost.exe[1788] C:\Windows\system32\KERNELBASE.dll!CreateThread + 1 000007fefd292301 11 bytes [B8, 76, 0A, F2, FF, FF, 07, ...] .text C:\Windows\system32\svchost.exe[1788] C:\Windows\system32\GDI32.dll!GdiDllInitialize + 353 000007feff3caf11 11 bytes [B8, D4, 24, F2, FF, FF, 07, ...] .text C:\Windows\system32\svchost.exe[1788] C:\Windows\system32\GDI32.dll!SetBrushAttributes + 1 000007feff3e49a9 11 bytes [B8, AA, 38, F2, FF, FF, 07, ...] .text C:\Windows\system32\svchost.exe[1788] C:\Windows\system32\GDI32.dll!ClearBrushAttributes + 1 000007feff3e49c9 11 bytes [B8, 40, 39, F2, FF, FF, 07, ...] .text C:\Windows\system32\svchost.exe[1788] C:\Windows\system32\GDI32.dll!NamedEscape + 1 000007feff3f9271 11 bytes [B8, D6, 39, F2, FF, FF, 07, ...] .text C:\Windows\system32\svchost.exe[1788] C:\Windows\system32\ADVAPI32.dll!CryptExportKey + 1 000007fefeb7ac21 11 bytes [B8, 0A, 44, F2, FF, FF, 07, ...] .text C:\Windows\system32\svchost.exe[1788] C:\Windows\system32\ADVAPI32.dll!CryptAcquireContextA + 1 000007fefeb7ac7d 11 bytes [B8, 32, 41, F2, FF, FF, 07, ...] .text C:\Windows\system32\svchost.exe[1788] C:\Windows\system32\ADVAPI32.dll!CryptImportKey + 1 000007fefeb7e415 11 bytes [B8, B6, 45, F2, FF, FF, 07, ...] .text C:\Windows\system32\svchost.exe[1788] C:\Windows\system32\ADVAPI32.dll!OpenServiceW 000007fefeb7e514 12 bytes [48, B8, 82, 3B, F2, FF, FF, ...] .text C:\Windows\system32\svchost.exe[1788] C:\Windows\system32\ADVAPI32.dll!CryptAcquireContextW + 1 000007fefeb801bd 11 bytes [B8, C8, 41, F2, FF, FF, 07, ...] .text C:\Windows\system32\svchost.exe[1788] C:\Windows\system32\ADVAPI32.dll!CryptCreateHash + 1 000007fefeb80291 11 bytes [B8, 74, 43, F2, FF, FF, 07, ...] .text C:\Windows\system32\svchost.exe[1788] C:\Windows\system32\ADVAPI32.dll!CryptGetHashParam + 1 000007fefeb802bd 11 bytes [B8, A0, 44, F2, FF, FF, 07, ...] .text C:\Windows\system32\svchost.exe[1788] C:\Windows\system32\ADVAPI32.dll!CloseServiceHandle 000007fefeb8a830 12 bytes [48, B8, 70, 3F, F2, FF, FF, ...] .text C:\Windows\system32\svchost.exe[1788] C:\Windows\system32\ADVAPI32.dll!IsTextUnicode + 49 000007fefeb94291 11 bytes [B8, 6C, 3A, F2, FF, FF, 07, ...] .text C:\Windows\system32\svchost.exe[1788] C:\Windows\system32\ADVAPI32.dll!CreateServiceW 000007fefeb949b0 12 bytes [48, B8, 9C, 40, F2, FF, FF, ...] .text C:\Windows\system32\svchost.exe[1788] C:\Windows\system32\ADVAPI32.dll!CryptEncrypt + 1 000007fefebaa409 7 bytes [B8, DE, 42, F2, FF, FF, 07] .text C:\Windows\system32\svchost.exe[1788] C:\Windows\system32\ADVAPI32.dll!CryptEncrypt + 10 000007fefebaa412 2 bytes [50, C3] .text C:\Windows\system32\svchost.exe[1788] C:\Windows\system32\ADVAPI32.dll!CreateServiceA 000007fefebaa490 12 bytes [48, B8, 06, 40, F2, FF, FF, ...] .text C:\Windows\system32\svchost.exe[1788] C:\Windows\system32\ADVAPI32.dll!ControlServiceExW 000007fefebaa5e8 36 bytes [48, B8, AE, 3C, F2, FF, FF, ...] .text C:\Windows\system32\svchost.exe[1788] C:\Windows\system32\ADVAPI32.dll!ChangeServiceConfigA 000007fefebaa66c 12 bytes [48, B8, 44, 3E, F2, FF, FF, ...] .text C:\Windows\system32\svchost.exe[1788] C:\Windows\system32\WS2_32.dll!WSASend + 1 000007fefea813b1 11 bytes [B8, FC, 4A, F2, FF, FF, 07, ...] .text C:\Windows\system32\svchost.exe[1788] C:\Windows\system32\WS2_32.dll!closesocket 000007fefea818e0 12 bytes [48, B8, 66, 4A, F2, FF, FF, ...] .text C:\Windows\system32\svchost.exe[1788] C:\Windows\system32\WS2_32.dll!WSASocketW + 1 000007fefea81bd1 11 bytes [B8, D0, 49, F2, FF, FF, 07, ...] .text C:\Windows\system32\svchost.exe[1788] C:\Windows\system32\WS2_32.dll!WSARecv + 1 000007fefea82201 11 bytes [B8, 54, 4D, F2, FF, FF, 07, ...] .text C:\Windows\system32\svchost.exe[1788] C:\Windows\system32\WS2_32.dll!GetAddrInfoW 000007fefea823c0 12 bytes [48, B8, 78, 47, F2, FF, FF, ...] .text C:\Windows\system32\svchost.exe[1788] C:\Windows\system32\WS2_32.dll!connect 000007fefea842f0 12 bytes [48, B8, E2, 46, F2, FF, FF, ...] .text C:\Windows\system32\svchost.exe[1788] C:\Windows\system32\WS2_32.dll!send + 1 000007fefea87cd1 11 bytes [B8, 3A, 49, F2, FF, FF, 07, ...] .text C:\Windows\system32\svchost.exe[1788] C:\Windows\system32\WS2_32.dll!gethostbyname 000007fefea88ac0 8 bytes [48, B8, A4, 48, F2, FF, FF, ...] .text C:\Windows\system32\svchost.exe[1788] C:\Windows\system32\WS2_32.dll!gethostbyname + 9 000007fefea88ac9 3 bytes [00, 50, C3] .text C:\Windows\system32\svchost.exe[1788] C:\Windows\system32\WS2_32.dll!GetAddrInfoExW 000007fefea8be40 12 bytes [48, B8, 0E, 48, F2, FF, FF, ...] .text C:\Windows\system32\svchost.exe[1788] C:\Windows\system32\WS2_32.dll!socket + 1 000007fefea8d911 11 bytes [B8, 92, 4B, F2, FF, FF, 07, ...] .text C:\Windows\system32\svchost.exe[1788] C:\Windows\system32\WS2_32.dll!recv + 1 000007fefea8d9c1 11 bytes [B8, BE, 4C, F2, FF, FF, 07, ...] .text C:\Windows\system32\svchost.exe[1788] C:\Windows\system32\WS2_32.dll!WSAConnect + 1 000007fefeaae081 11 bytes [B8, 28, 4C, F2, FF, FF, 07, ...] .text C:\Windows\system32\svchost.exe[1788] C:\Windows\system32\SHELL32.dll!Shell_NotifyIconW + 1 000007fefd81dc11 11 bytes [B8, 80, 4E, F2, FF, FF, 07, ...] .text C:\Windows\system32\svchost.exe[1788] C:\Windows\system32\DNSAPI.dll!DnsQuery_UTF8 000007fefc5e56e0 12 bytes [48, B8, D8, 50, F2, FF, FF, ...] .text C:\Windows\system32\svchost.exe[1788] C:\Windows\system32\DNSAPI.dll!DnsQuery_W 000007fefc5f010c 12 bytes [48, B8, 42, 50, F2, FF, FF, ...] .text C:\Windows\system32\svchost.exe[1788] C:\Windows\system32\DNSAPI.dll!DnsQuery_A 000007fefc60daa0 12 bytes [48, B8, AC, 4F, F2, FF, FF, ...] .text C:\Windows\system32\svchost.exe[1788] C:\Windows\system32\WINHTTP.dll!WinHttpCloseHandle 000007fef67e22d0 12 bytes [48, B8, 9A, 52, F2, FF, FF, ...] .text C:\Windows\system32\svchost.exe[1788] C:\Windows\system32\WINHTTP.dll!WinHttpOpenRequest 000007fef67e45f0 12 bytes [48, B8, 04, 52, F2, FF, FF, ...] .text C:\Windows\system32\svchost.exe[1788] C:\Windows\system32\WINHTTP.dll!WinHttpConnect 000007fef67f3e68 3 bytes [48, B8, 30] .text C:\Windows\system32\svchost.exe[1788] C:\Windows\system32\WINHTTP.dll!WinHttpConnect + 4 000007fef67f3e6c 8 bytes [F2, FF, FF, 07, 00, 00, 50, ...] .text C:\Windows\system32\svchost.exe[1872] C:\Windows\SYSTEM32\ntdll.dll!RtlEqualSid + 1 00000000773076b1 11 bytes [B8, E6, 21, F2, FF, FF, 07, ...] .text C:\Windows\system32\svchost.exe[1872] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateProcessParametersEx + 1 0000000077315121 7 bytes [B8, 64, 0D, F2, FF, FF, 07] .text C:\Windows\system32\svchost.exe[1872] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateProcessParametersEx + 10 000000007731512a 2 bytes [50, C3] .text C:\Windows\system32\svchost.exe[1872] C:\Windows\SYSTEM32\ntdll.dll!NtClose 000000007732be20 12 bytes [48, B8, 98, 15, F2, FF, FF, ...] .text C:\Windows\system32\svchost.exe[1872] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory 000000007732beb0 12 bytes [48, B8, A0, 1C, F2, FF, FF, ...] .text C:\Windows\system32\svchost.exe[1872] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess 000000007732bef0 12 bytes [48, B8, 14, 12, F2, FF, FF, ...] .text C:\Windows\system32\svchost.exe[1872] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationToken 000000007732bf40 12 bytes [48, B8, 50, 21, F2, FF, FF, ...] .text C:\Windows\system32\svchost.exe[1872] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 000000007732bf90 12 bytes [48, B8, 5C, 06, F2, FF, FF, ...] .text C:\Windows\system32\svchost.exe[1872] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 000000007732bfb0 12 bytes [48, B8, 80, 00, F2, FF, FF, ...] .text C:\Windows\system32\svchost.exe[1872] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection 000000007732bfd0 12 bytes [48, B8, 16, 01, F2, FF, FF, ...] .text C:\Windows\system32\svchost.exe[1872] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000000007732bff0 12 bytes [48, B8, 7E, 11, F2, FF, FF, ...] .text C:\Windows\system32\svchost.exe[1872] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 000000007732c0a0 12 bytes [48, B8, 12, 23, F2, FF, FF, ...] .text C:\Windows\system32\svchost.exe[1872] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000000007732c0d0 12 bytes [48, B8, 30, 05, F2, FF, FF, ...] .text C:\Windows\system32\svchost.exe[1872] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 000000007732c0f0 12 bytes [48, B8, 88, 07, F2, FF, FF, ...] .text C:\Windows\system32\svchost.exe[1872] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 000000007732c130 12 bytes [48, B8, 74, 1B, F2, FF, FF, ...] .text C:\Windows\system32\svchost.exe[1872] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 000000007732c180 12 bytes [48, B8, F2, 06, F2, FF, FF, ...] .text C:\Windows\system32\svchost.exe[1872] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcessEx 000000007732c200 12 bytes [48, B8, 04, 04, F2, FF, FF, ...] .text C:\Windows\system32\svchost.exe[1872] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 000000007732c210 12 bytes [48, B8, D8, 02, F2, FF, FF, ...] .text C:\Windows\system32\svchost.exe[1872] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory 000000007732c230 12 bytes [48, B8, 36, 1D, F2, FF, FF, ...] .text C:\Windows\system32\svchost.exe[1872] C:\Windows\SYSTEM32\ntdll.dll!NtSetValueKey 000000007732c330 12 bytes [48, B8, 3E, 24, F2, FF, FF, ...] .text C:\Windows\system32\svchost.exe[1872] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 000000007732c700 12 bytes [48, B8, 0A, 1C, F2, FF, FF, ...] .text C:\Windows\system32\svchost.exe[1872] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcess 000000007732c750 12 bytes [48, B8, 6E, 03, F2, FF, FF, ...] .text C:\Windows\system32\svchost.exe[1872] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 000000007732c7b0 12 bytes [48, B8, 42, 02, F2, FF, FF, ...] .text C:\Windows\system32\svchost.exe[1872] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 000000007732cb20 12 bytes [48, B8, 2E, 16, F2, FF, FF, ...] .text C:\Windows\system32\svchost.exe[1872] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcessToken 000000007732ccf0 12 bytes [48, B8, BA, 20, F2, FF, FF, ...] .text C:\Windows\system32\svchost.exe[1872] C:\Windows\SYSTEM32\ntdll.dll!NtRaiseHardError 000000007732d060 12 bytes [48, B8, 52, 10, F2, FF, FF, ...] .text C:\Windows\system32\svchost.exe[1872] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 000000007732d260 12 bytes [48, B8, C6, 05, F2, FF, FF, ...] .text C:\Windows\system32\svchost.exe[1872] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 000000007732d420 12 bytes [48, B8, C4, 16, F2, FF, FF, ...] .text C:\Windows\system32\svchost.exe[1872] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 000000007732d500 12 bytes [48, B8, 4A, 09, F2, FF, FF, ...] .text C:\Windows\system32\svchost.exe[1872] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 000000007732d510 12 bytes [48, B8, B4, 08, F2, FF, FF, ...] .text C:\Windows\system32\svchost.exe[1872] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 000000007732d520 12 bytes [48, B8, A8, 23, F2, FF, FF, ...] .text C:\Windows\system32\svchost.exe[1872] C:\Windows\SYSTEM32\ntdll.dll!RtlReportException + 1 000000007739e391 11 bytes [B8, E8, 10, F2, FF, FF, 07, ...] .text C:\Windows\system32\svchost.exe[1872] C:\Windows\system32\kernel32.dll!Process32NextW + 1 00000000770c1b21 11 bytes [B8, 02, 15, F2, FF, FF, 07, ...] .text C:\Windows\system32\svchost.exe[1872] C:\Windows\system32\kernel32.dll!CreateToolhelp32Snapshot 00000000770c1c10 12 bytes [48, B8, 1E, 08, F2, FF, FF, ...] .text C:\Windows\system32\svchost.exe[1872] C:\Windows\system32\kernel32.dll!MoveFileExW + 1 00000000770c2b61 8 bytes [B8, 86, 18, F2, FF, FF, 07, ...] .text C:\Windows\system32\svchost.exe[1872] C:\Windows\system32\kernel32.dll!MoveFileExW + 10 00000000770c2b6a 2 bytes [50, C3] .text C:\Windows\system32\svchost.exe[1872] C:\Windows\system32\kernel32.dll!CreateProcessInternalW 00000000770ddd20 12 bytes [48, B8, 9A, 04, F2, FF, FF, ...] .text C:\Windows\system32\svchost.exe[1872] C:\Windows\system32\kernel32.dll!GetStartupInfoA + 1 00000000770e08c1 11 bytes [B8, 7C, 22, F2, FF, FF, 07, ...] .text C:\Windows\system32\svchost.exe[1872] C:\Windows\system32\kernel32.dll!ReadConsoleInputW + 1 00000000771154f1 11 bytes [B8, 90, 0E, F2, FF, FF, 07, ...] .text C:\Windows\system32\svchost.exe[1872] C:\Windows\system32\kernel32.dll!ReadConsoleInputA + 1 0000000077115511 11 bytes [B8, FA, 0D, F2, FF, FF, 07, ...] .text C:\Windows\system32\svchost.exe[1872] C:\Windows\system32\kernel32.dll!ReadConsoleW 000000007712a830 12 bytes [48, B8, BC, 0F, F2, FF, FF, ...] .text C:\Windows\system32\svchost.exe[1872] C:\Windows\system32\kernel32.dll!ReadConsoleA 000000007712a940 12 bytes [48, B8, 26, 0F, F2, FF, FF, ...] .text C:\Windows\system32\svchost.exe[1872] C:\Windows\system32\kernel32.dll!MoveFileWithProgressW + 1 000000007714f6e1 11 bytes [B8, B2, 19, F2, FF, FF, 07, ...] .text C:\Windows\system32\svchost.exe[1872] C:\Windows\system32\kernel32.dll!MoveFileWithProgressA + 1 000000007714f8e1 11 bytes [B8, 1C, 19, F2, FF, FF, 07, ...] .text C:\Windows\system32\svchost.exe[1872] C:\Windows\system32\kernel32.dll!MoveFileExA + 1 000000007714f911 8 bytes [B8, F0, 17, F2, FF, FF, 07, ...] .text C:\Windows\system32\svchost.exe[1872] C:\Windows\system32\kernel32.dll!MoveFileExA + 10 000000007714f91a 2 bytes [50, C3] .text C:\Windows\system32\svchost.exe[1872] C:\Windows\system32\KERNELBASE.dll!CloseHandle + 1 000007fefd251861 11 bytes [B8, CE, 0C, F2, FF, FF, 07, ...] .text C:\Windows\system32\svchost.exe[1872] C:\Windows\system32\KERNELBASE.dll!GetProcAddress + 1 000007fefd253371 11 bytes [B8, 6C, 14, F2, FF, FF, 07, ...] .text C:\Windows\system32\svchost.exe[1872] C:\Windows\system32\KERNELBASE.dll!FindClose + 1 000007fefd256401 11 bytes [B8, 8E, 1F, F2, FF, FF, 07, ...] .text C:\Windows\system32\svchost.exe[1872] C:\Windows\system32\KERNELBASE.dll!FindFirstFileExW 000007fefd256620 12 bytes [48, B8, 62, 1E, F2, FF, FF, ...] .text C:\Windows\system32\svchost.exe[1872] C:\Windows\system32\KERNELBASE.dll!FindNextFileW + 1 000007fefd257901 11 bytes [B8, F8, 1E, F2, FF, FF, 07, ...] .text C:\Windows\system32\svchost.exe[1872] C:\Windows\system32\KERNELBASE.dll!CreateMutexW 000007fefd258750 9 bytes [48, B8, 38, 0C, F2, FF, FF, ...] .text C:\Windows\system32\svchost.exe[1872] C:\Windows\system32\KERNELBASE.dll!CreateMutexW + 10 000007fefd25875a 2 bytes [50, C3] .text C:\Windows\system32\svchost.exe[1872] C:\Windows\system32\KERNELBASE.dll!CreateWellKnownSid + 1 000007fefd25a5c1 11 bytes [B8, 24, 20, F2, FF, FF, 07, ...] .text C:\Windows\system32\svchost.exe[1872] C:\Windows\system32\KERNELBASE.dll!FreeLibrary + 1 000007fefd25aa61 11 bytes [B8, D6, 13, F2, FF, FF, 07, ...] .text C:\Windows\system32\svchost.exe[1872] C:\Windows\system32\KERNELBASE.dll!CreateRemoteThreadEx 000007fefd25acb0 12 bytes [48, B8, CC, 1D, F2, FF, FF, ...] .text C:\Windows\system32\svchost.exe[1872] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExA + 1 000007fefd25c751 11 bytes [B8, AA, 12, F2, FF, FF, 07, ...] .text C:\Windows\system32\svchost.exe[1872] C:\Windows\system32\KERNELBASE.dll!OpenThread + 1 000007fefd25ef51 11 bytes [B8, E0, 09, F2, FF, FF, 07, ...] .text C:\Windows\system32\svchost.exe[1872] C:\Windows\system32\KERNELBASE.dll!OpenMutexW + 1 000007fefd261c41 11 bytes [B8, A2, 0B, F2, FF, FF, 07, ...] .text C:\Windows\system32\svchost.exe[1872] C:\Windows\system32\KERNELBASE.dll!DeleteFileW + 1 000007fefd263291 11 bytes [B8, 48, 1A, F2, FF, FF, 07, ...] .text C:\Windows\system32\svchost.exe[1872] C:\Windows\system32\KERNELBASE.dll!DeleteFileA + 1 000007fefd2635a1 11 bytes [B8, DE, 1A, F2, FF, FF, 07, ...] .text C:\Windows\system32\svchost.exe[1872] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd269ac0 12 bytes [48, B8, 40, 13, F2, FF, FF, ...] .text C:\Windows\system32\svchost.exe[1872] C:\Windows\system32\KERNELBASE.dll!WriteProcessMemory 000007fefd2838a0 12 bytes [48, B8, 0C, 0B, F2, FF, FF, ...] .text C:\Windows\system32\svchost.exe[1872] C:\Windows\system32\KERNELBASE.dll!DefineDosDeviceW + 1 000007fefd28ff01 11 bytes [B8, 5A, 17, F2, FF, FF, 07, ...] .text C:\Windows\system32\svchost.exe[1872] C:\Windows\system32\KERNELBASE.dll!CreateRemoteThread + 1 000007fefd2922c1 8 bytes [B8, AC, 01, F2, FF, FF, 07, ...] .text C:\Windows\system32\svchost.exe[1872] C:\Windows\system32\KERNELBASE.dll!CreateRemoteThread + 10 000007fefd2922ca 2 bytes [50, C3] .text C:\Windows\system32\svchost.exe[1872] C:\Windows\system32\KERNELBASE.dll!CreateThread + 1 000007fefd292301 11 bytes [B8, 76, 0A, F2, FF, FF, 07, ...] .text C:\Windows\system32\svchost.exe[1872] C:\Windows\system32\GDI32.dll!GdiDllInitialize + 353 000007feff3caf11 11 bytes [B8, D4, 24, F2, FF, FF, 07, ...] .text C:\Windows\system32\svchost.exe[1872] C:\Windows\system32\GDI32.dll!SetBrushAttributes + 1 000007feff3e49a9 11 bytes [B8, AA, 38, F2, FF, FF, 07, ...] .text C:\Windows\system32\svchost.exe[1872] C:\Windows\system32\GDI32.dll!ClearBrushAttributes + 1 000007feff3e49c9 11 bytes [B8, 40, 39, F2, FF, FF, 07, ...] .text C:\Windows\system32\svchost.exe[1872] C:\Windows\system32\GDI32.dll!NamedEscape + 1 000007feff3f9271 11 bytes [B8, D6, 39, F2, FF, FF, 07, ...] .text C:\Windows\system32\svchost.exe[1872] C:\Windows\system32\ADVAPI32.dll!CryptExportKey + 1 000007fefeb7ac21 11 bytes [B8, 0A, 44, F2, FF, FF, 07, ...] .text C:\Windows\system32\svchost.exe[1872] C:\Windows\system32\ADVAPI32.dll!CryptAcquireContextA + 1 000007fefeb7ac7d 11 bytes [B8, 32, 41, F2, FF, FF, 07, ...] .text C:\Windows\system32\svchost.exe[1872] C:\Windows\system32\ADVAPI32.dll!CryptImportKey + 1 000007fefeb7e415 11 bytes [B8, B6, 45, F2, FF, FF, 07, ...] .text C:\Windows\system32\svchost.exe[1872] C:\Windows\system32\ADVAPI32.dll!OpenServiceW 000007fefeb7e514 12 bytes [48, B8, 82, 3B, F2, FF, FF, ...] .text C:\Windows\system32\svchost.exe[1872] C:\Windows\system32\ADVAPI32.dll!CryptAcquireContextW + 1 000007fefeb801bd 11 bytes [B8, C8, 41, F2, FF, FF, 07, ...] .text C:\Windows\system32\svchost.exe[1872] C:\Windows\system32\ADVAPI32.dll!CryptCreateHash + 1 000007fefeb80291 11 bytes [B8, 74, 43, F2, FF, FF, 07, ...] .text C:\Windows\system32\svchost.exe[1872] C:\Windows\system32\ADVAPI32.dll!CryptGetHashParam + 1 000007fefeb802bd 11 bytes [B8, A0, 44, F2, FF, FF, 07, ...] .text C:\Windows\system32\svchost.exe[1872] C:\Windows\system32\ADVAPI32.dll!CloseServiceHandle 000007fefeb8a830 12 bytes [48, B8, 70, 3F, F2, FF, FF, ...] .text C:\Windows\system32\svchost.exe[1872] C:\Windows\system32\ADVAPI32.dll!IsTextUnicode + 49 000007fefeb94291 11 bytes [B8, 6C, 3A, F2, FF, FF, 07, ...] .text C:\Windows\system32\svchost.exe[1872] C:\Windows\system32\ADVAPI32.dll!CreateServiceW 000007fefeb949b0 12 bytes [48, B8, 9C, 40, F2, FF, FF, ...] .text C:\Windows\system32\svchost.exe[1872] C:\Windows\system32\ADVAPI32.dll!CryptEncrypt + 1 000007fefebaa409 7 bytes [B8, DE, 42, F2, FF, FF, 07] .text C:\Windows\system32\svchost.exe[1872] C:\Windows\system32\ADVAPI32.dll!CryptEncrypt + 10 000007fefebaa412 2 bytes [50, C3] .text C:\Windows\system32\svchost.exe[1872] C:\Windows\system32\ADVAPI32.dll!CreateServiceA 000007fefebaa490 12 bytes [48, B8, 06, 40, F2, FF, FF, ...] .text C:\Windows\system32\svchost.exe[1872] C:\Windows\system32\ADVAPI32.dll!ControlServiceExW 000007fefebaa5e8 36 bytes [48, B8, AE, 3C, F2, FF, FF, ...] .text C:\Windows\system32\svchost.exe[1872] C:\Windows\system32\ADVAPI32.dll!ChangeServiceConfigA 000007fefebaa66c 12 bytes [48, B8, 44, 3E, F2, FF, FF, ...] .text C:\Windows\system32\igfxCUIService.exe[1940] C:\Windows\SYSTEM32\ntdll.dll!RtlEqualSid + 1 00000000773076b1 11 bytes [B8, 7C, 22, F2, FF, FF, 07, ...] .text C:\Windows\system32\igfxCUIService.exe[1940] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateProcessParametersEx + 1 0000000077315121 7 bytes [B8, 64, 0D, F2, FF, FF, 07] .text C:\Windows\system32\igfxCUIService.exe[1940] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateProcessParametersEx + 10 000000007731512a 2 bytes [50, C3] .text C:\Windows\system32\igfxCUIService.exe[1940] C:\Windows\SYSTEM32\ntdll.dll!NtClose 000000007732be20 12 bytes [48, B8, 98, 15, F2, FF, FF, ...] .text C:\Windows\system32\igfxCUIService.exe[1940] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory 000000007732beb0 12 bytes [48, B8, 36, 1D, F2, FF, FF, ...] .text C:\Windows\system32\igfxCUIService.exe[1940] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess 000000007732bef0 12 bytes [48, B8, 14, 12, F2, FF, FF, ...] .text C:\Windows\system32\igfxCUIService.exe[1940] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationToken 000000007732bf40 12 bytes [48, B8, E6, 21, F2, FF, FF, ...] .text C:\Windows\system32\igfxCUIService.exe[1940] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 000000007732bf90 12 bytes [48, B8, 5C, 06, F2, FF, FF, ...] .text C:\Windows\system32\igfxCUIService.exe[1940] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 000000007732bfb0 12 bytes [48, B8, 80, 00, F2, FF, FF, ...] .text C:\Windows\system32\igfxCUIService.exe[1940] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection 000000007732bfd0 12 bytes [48, B8, 16, 01, F2, FF, FF, ...] .text C:\Windows\system32\igfxCUIService.exe[1940] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000000007732bff0 12 bytes [48, B8, 7E, 11, F2, FF, FF, ...] .text C:\Windows\system32\igfxCUIService.exe[1940] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 000000007732c0a0 12 bytes [48, B8, A8, 23, F2, FF, FF, ...] .text C:\Windows\system32\igfxCUIService.exe[1940] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000000007732c0d0 12 bytes [48, B8, 30, 05, F2, FF, FF, ...] .text C:\Windows\system32\igfxCUIService.exe[1940] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 000000007732c0f0 12 bytes [48, B8, 88, 07, F2, FF, FF, ...] .text C:\Windows\system32\igfxCUIService.exe[1940] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 000000007732c130 12 bytes [48, B8, 0A, 1C, F2, FF, FF, ...] .text C:\Windows\system32\igfxCUIService.exe[1940] C:\Windows\SYSTEM32\ntdll.dll!NtAdjustPrivilegesToken 000000007732c140 12 bytes [48, B8, 48, 1A, F2, FF, FF, ...] .text C:\Windows\system32\igfxCUIService.exe[1940] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 000000007732c180 12 bytes [48, B8, F2, 06, F2, FF, FF, ...] .text C:\Windows\system32\igfxCUIService.exe[1940] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcessEx 000000007732c200 12 bytes [48, B8, 04, 04, F2, FF, FF, ...] .text C:\Windows\system32\igfxCUIService.exe[1940] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 000000007732c210 12 bytes [48, B8, D8, 02, F2, FF, FF, ...] .text C:\Windows\system32\igfxCUIService.exe[1940] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory 000000007732c230 12 bytes [48, B8, CC, 1D, F2, FF, FF, ...] .text C:\Windows\system32\igfxCUIService.exe[1940] C:\Windows\SYSTEM32\ntdll.dll!NtSetValueKey 000000007732c330 12 bytes [48, B8, D4, 24, F2, FF, FF, ...] .text C:\Windows\system32\igfxCUIService.exe[1940] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 000000007732c700 12 bytes [48, B8, A0, 1C, F2, FF, FF, ...] .text C:\Windows\system32\igfxCUIService.exe[1940] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcess 000000007732c750 12 bytes [48, B8, 6E, 03, F2, FF, FF, ...] .text C:\Windows\system32\igfxCUIService.exe[1940] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 000000007732c7b0 12 bytes [48, B8, 42, 02, F2, FF, FF, ...] .text C:\Windows\system32\igfxCUIService.exe[1940] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 000000007732cb20 12 bytes [48, B8, 2E, 16, F2, FF, FF, ...] .text C:\Windows\system32\igfxCUIService.exe[1940] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcessToken 000000007732ccf0 12 bytes [48, B8, 50, 21, F2, FF, FF, ...] .text C:\Windows\system32\igfxCUIService.exe[1940] C:\Windows\SYSTEM32\ntdll.dll!NtRaiseHardError 000000007732d060 12 bytes [48, B8, 52, 10, F2, FF, FF, ...] .text C:\Windows\system32\igfxCUIService.exe[1940] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 000000007732d260 12 bytes [48, B8, C6, 05, F2, FF, FF, ...] .text C:\Windows\system32\igfxCUIService.exe[1940] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 000000007732d420 12 bytes [48, B8, C4, 16, F2, FF, FF, ...] .text C:\Windows\system32\igfxCUIService.exe[1940] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 000000007732d500 12 bytes [48, B8, 4A, 09, F2, FF, FF, ...] .text C:\Windows\system32\igfxCUIService.exe[1940] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 000000007732d510 12 bytes [48, B8, B4, 08, F2, FF, FF, ...] .text C:\Windows\system32\igfxCUIService.exe[1940] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 000000007732d520 12 bytes [48, B8, 3E, 24, F2, FF, FF, ...] .text C:\Windows\system32\igfxCUIService.exe[1940] C:\Windows\SYSTEM32\ntdll.dll!RtlReportException + 1 000000007739e391 11 bytes [B8, E8, 10, F2, FF, FF, 07, ...] .text C:\Windows\system32\igfxCUIService.exe[1940] C:\Windows\system32\kernel32.dll!Process32NextW + 1 00000000770c1b21 11 bytes [B8, 02, 15, F2, FF, FF, 07, ...] .text C:\Windows\system32\igfxCUIService.exe[1940] C:\Windows\system32\kernel32.dll!CreateToolhelp32Snapshot 00000000770c1c10 12 bytes [48, B8, 1E, 08, F2, FF, FF, ...] .text C:\Windows\system32\igfxCUIService.exe[1940] C:\Windows\system32\kernel32.dll!MoveFileExW + 1 00000000770c2b61 8 bytes [B8, 86, 18, F2, FF, FF, 07, ...] .text C:\Windows\system32\igfxCUIService.exe[1940] C:\Windows\system32\kernel32.dll!MoveFileExW + 10 00000000770c2b6a 2 bytes [50, C3] .text C:\Windows\system32\igfxCUIService.exe[1940] C:\Windows\system32\kernel32.dll!CreateProcessInternalW 00000000770ddd20 12 bytes [48, B8, 9A, 04, F2, FF, FF, ...] .text C:\Windows\system32\igfxCUIService.exe[1940] C:\Windows\system32\kernel32.dll!GetStartupInfoA + 1 00000000770e08c1 11 bytes [B8, 12, 23, F2, FF, FF, 07, ...] .text C:\Windows\system32\igfxCUIService.exe[1940] C:\Windows\system32\kernel32.dll!ReadConsoleInputW + 1 00000000771154f1 11 bytes [B8, 90, 0E, F2, FF, FF, 07, ...] .text C:\Windows\system32\igfxCUIService.exe[1940] C:\Windows\system32\kernel32.dll!ReadConsoleInputA + 1 0000000077115511 11 bytes [B8, FA, 0D, F2, FF, FF, 07, ...] .text C:\Windows\system32\igfxCUIService.exe[1940] C:\Windows\system32\kernel32.dll!ReadConsoleW 000000007712a830 12 bytes [48, B8, BC, 0F, F2, FF, FF, ...] .text C:\Windows\system32\igfxCUIService.exe[1940] C:\Windows\system32\kernel32.dll!ReadConsoleA 000000007712a940 12 bytes [48, B8, 26, 0F, F2, FF, FF, ...] .text C:\Windows\system32\igfxCUIService.exe[1940] C:\Windows\system32\kernel32.dll!MoveFileWithProgressW + 1 000000007714f6e1 11 bytes [B8, B2, 19, F2, FF, FF, 07, ...] .text C:\Windows\system32\igfxCUIService.exe[1940] C:\Windows\system32\kernel32.dll!MoveFileWithProgressA + 1 000000007714f8e1 11 bytes [B8, 1C, 19, F2, FF, FF, 07, ...] .text C:\Windows\system32\igfxCUIService.exe[1940] C:\Windows\system32\kernel32.dll!MoveFileExA + 1 000000007714f911 8 bytes [B8, F0, 17, F2, FF, FF, 07, ...] .text C:\Windows\system32\igfxCUIService.exe[1940] C:\Windows\system32\kernel32.dll!MoveFileExA + 10 000000007714f91a 2 bytes [50, C3] .text C:\Windows\system32\igfxCUIService.exe[1940] C:\Windows\system32\KERNELBASE.dll!CloseHandle + 1 000007fefd251861 11 bytes [B8, CE, 0C, F2, FF, FF, 07, ...] .text C:\Windows\system32\igfxCUIService.exe[1940] C:\Windows\system32\KERNELBASE.dll!GetProcAddress + 1 000007fefd253371 11 bytes [B8, 6C, 14, F2, FF, FF, 07, ...] .text C:\Windows\system32\igfxCUIService.exe[1940] C:\Windows\system32\KERNELBASE.dll!FindClose + 1 000007fefd256401 11 bytes [B8, 24, 20, F2, FF, FF, 07, ...] .text C:\Windows\system32\igfxCUIService.exe[1940] C:\Windows\system32\KERNELBASE.dll!FindFirstFileExW 000007fefd256620 12 bytes [48, B8, F8, 1E, F2, FF, FF, ...] .text C:\Windows\system32\igfxCUIService.exe[1940] C:\Windows\system32\KERNELBASE.dll!FindNextFileW + 1 000007fefd257901 11 bytes [B8, 8E, 1F, F2, FF, FF, 07, ...] .text C:\Windows\system32\igfxCUIService.exe[1940] C:\Windows\system32\KERNELBASE.dll!CreateMutexW 000007fefd258750 9 bytes [48, B8, 38, 0C, F2, FF, FF, ...] .text C:\Windows\system32\igfxCUIService.exe[1940] C:\Windows\system32\KERNELBASE.dll!CreateMutexW + 10 000007fefd25875a 2 bytes [50, C3] .text C:\Windows\system32\igfxCUIService.exe[1940] C:\Windows\system32\KERNELBASE.dll!CreateWellKnownSid + 1 000007fefd25a5c1 11 bytes [B8, BA, 20, F2, FF, FF, 07, ...] .text C:\Windows\system32\igfxCUIService.exe[1940] C:\Windows\system32\KERNELBASE.dll!FreeLibrary + 1 000007fefd25aa61 11 bytes [B8, D6, 13, F2, FF, FF, 07, ...] .text C:\Windows\system32\igfxCUIService.exe[1940] C:\Windows\system32\KERNELBASE.dll!CreateRemoteThreadEx 000007fefd25acb0 12 bytes [48, B8, 62, 1E, F2, FF, FF, ...] .text C:\Windows\system32\igfxCUIService.exe[1940] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExA + 1 000007fefd25c751 11 bytes [B8, AA, 12, F2, FF, FF, 07, ...] .text C:\Windows\system32\igfxCUIService.exe[1940] C:\Windows\system32\KERNELBASE.dll!OpenThread + 1 000007fefd25ef51 11 bytes [B8, E0, 09, F2, FF, FF, 07, ...] .text C:\Windows\system32\igfxCUIService.exe[1940] C:\Windows\system32\KERNELBASE.dll!OpenMutexW + 1 000007fefd261c41 11 bytes [B8, A2, 0B, F2, FF, FF, 07, ...] .text C:\Windows\system32\igfxCUIService.exe[1940] C:\Windows\system32\KERNELBASE.dll!DeleteFileW + 1 000007fefd263291 11 bytes [B8, DE, 1A, F2, FF, FF, 07, ...] .text C:\Windows\system32\igfxCUIService.exe[1940] C:\Windows\system32\KERNELBASE.dll!DeleteFileA + 1 000007fefd2635a1 11 bytes [B8, 74, 1B, F2, FF, FF, 07, ...] .text C:\Windows\system32\igfxCUIService.exe[1940] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd269ac0 12 bytes [48, B8, 40, 13, F2, FF, FF, ...] .text C:\Windows\system32\igfxCUIService.exe[1940] C:\Windows\system32\KERNELBASE.dll!WriteProcessMemory 000007fefd2838a0 12 bytes [48, B8, 0C, 0B, F2, FF, FF, ...] .text C:\Windows\system32\igfxCUIService.exe[1940] C:\Windows\system32\KERNELBASE.dll!DefineDosDeviceW + 1 000007fefd28ff01 11 bytes [B8, 5A, 17, F2, FF, FF, 07, ...] .text C:\Windows\system32\igfxCUIService.exe[1940] C:\Windows\system32\KERNELBASE.dll!CreateRemoteThread + 1 000007fefd2922c1 8 bytes [B8, AC, 01, F2, FF, FF, 07, ...] .text C:\Windows\system32\igfxCUIService.exe[1940] C:\Windows\system32\KERNELBASE.dll!CreateRemoteThread + 10 000007fefd2922ca 2 bytes [50, C3] .text C:\Windows\system32\igfxCUIService.exe[1940] C:\Windows\system32\KERNELBASE.dll!CreateThread + 1 000007fefd292301 11 bytes [B8, 76, 0A, F2, FF, FF, 07, ...] .text C:\Windows\system32\igfxCUIService.exe[1940] C:\Windows\system32\GDI32.dll!GdiDllInitialize + 353 000007feff3caf11 11 bytes [B8, 00, 26, F2, FF, FF, 07, ...] .text C:\Windows\system32\igfxCUIService.exe[1940] C:\Windows\system32\GDI32.dll!SetBrushAttributes + 1 000007feff3e49a9 11 bytes [B8, 2C, 27, F2, FF, FF, 07, ...] .text C:\Windows\system32\igfxCUIService.exe[1940] C:\Windows\system32\GDI32.dll!ClearBrushAttributes + 1 000007feff3e49c9 11 bytes [B8, C2, 27, F2, FF, FF, 07, ...] .text C:\Windows\system32\igfxCUIService.exe[1940] C:\Windows\system32\GDI32.dll!NamedEscape + 1 000007feff3f9271 11 bytes [B8, 58, 28, F2, FF, FF, 07, ...] .text C:\Windows\system32\igfxCUIService.exe[1940] C:\Windows\system32\ADVAPI32.dll!CryptExportKey + 1 000007fefeb7ac21 11 bytes [B8, A0, 44, F2, FF, FF, 07, ...] .text C:\Windows\system32\igfxCUIService.exe[1940] C:\Windows\system32\ADVAPI32.dll!CryptAcquireContextA + 1 000007fefeb7ac7d 11 bytes [B8, C8, 41, F2, FF, FF, 07, ...] .text C:\Windows\system32\igfxCUIService.exe[1940] C:\Windows\system32\ADVAPI32.dll!CryptImportKey + 1 000007fefeb7e415 11 bytes [B8, 4C, 46, F2, FF, FF, 07, ...] .text C:\Windows\system32\igfxCUIService.exe[1940] C:\Windows\system32\ADVAPI32.dll!OpenServiceW 000007fefeb7e514 12 bytes [48, B8, 18, 3C, F2, FF, FF, ...] .text C:\Windows\system32\igfxCUIService.exe[1940] C:\Windows\system32\ADVAPI32.dll!CryptAcquireContextW + 1 000007fefeb801bd 11 bytes [B8, 5E, 42, F2, FF, FF, 07, ...] .text C:\Windows\system32\igfxCUIService.exe[1940] C:\Windows\system32\ADVAPI32.dll!CryptCreateHash + 1 000007fefeb80291 11 bytes [B8, 0A, 44, F2, FF, FF, 07, ...] .text C:\Windows\system32\igfxCUIService.exe[1940] C:\Windows\system32\ADVAPI32.dll!CryptGetHashParam + 1 000007fefeb802bd 11 bytes [B8, 36, 45, F2, FF, FF, 07, ...] .text C:\Windows\system32\igfxCUIService.exe[1940] C:\Windows\system32\ADVAPI32.dll!CloseServiceHandle 000007fefeb8a830 12 bytes [48, B8, 06, 40, F2, FF, FF, ...] .text C:\Windows\system32\igfxCUIService.exe[1940] C:\Windows\system32\ADVAPI32.dll!IsTextUnicode + 49 000007fefeb94291 11 bytes [B8, 96, 26, F2, FF, FF, 07, ...] .text C:\Windows\system32\igfxCUIService.exe[1940] C:\Windows\system32\ADVAPI32.dll!CreateServiceW 000007fefeb949b0 12 bytes [48, B8, 32, 41, F2, FF, FF, ...] .text C:\Windows\system32\igfxCUIService.exe[1940] C:\Windows\system32\ADVAPI32.dll!CryptEncrypt + 1 000007fefebaa409 7 bytes [B8, 74, 43, F2, FF, FF, 07] .text C:\Windows\system32\igfxCUIService.exe[1940] C:\Windows\system32\ADVAPI32.dll!CryptEncrypt + 10 000007fefebaa412 2 bytes [50, C3] .text C:\Windows\system32\igfxCUIService.exe[1940] C:\Windows\system32\ADVAPI32.dll!CreateServiceA 000007fefebaa490 12 bytes [48, B8, 9C, 40, F2, FF, FF, ...] .text C:\Windows\system32\igfxCUIService.exe[1940] C:\Windows\system32\ADVAPI32.dll!ControlServiceExW 000007fefebaa5e8 36 bytes [48, B8, 44, 3D, F2, FF, FF, ...] .text C:\Windows\system32\igfxCUIService.exe[1940] C:\Windows\system32\ADVAPI32.dll!ChangeServiceConfigA 000007fefebaa66c 12 bytes [48, B8, DA, 3E, F2, FF, FF, ...] .text C:\Windows\system32\igfxCUIService.exe[1940] C:\Windows\system32\WS2_32.dll!WSASend + 1 000007fefea813b1 11 bytes [B8, 92, 4B, F2, FF, FF, 07, ...] .text C:\Windows\system32\igfxCUIService.exe[1940] C:\Windows\system32\WS2_32.dll!closesocket 000007fefea818e0 12 bytes [48, B8, FC, 4A, F2, FF, FF, ...] .text C:\Windows\system32\igfxCUIService.exe[1940] C:\Windows\system32\WS2_32.dll!WSASocketW + 1 000007fefea81bd1 11 bytes [B8, 66, 4A, F2, FF, FF, 07, ...] .text C:\Windows\system32\igfxCUIService.exe[1940] C:\Windows\system32\WS2_32.dll!WSARecv + 1 000007fefea82201 11 bytes [B8, EA, 4D, F2, FF, FF, 07, ...] .text C:\Windows\system32\igfxCUIService.exe[1940] C:\Windows\system32\WS2_32.dll!GetAddrInfoW 000007fefea823c0 12 bytes [48, B8, 0E, 48, F2, FF, FF, ...] .text C:\Windows\system32\igfxCUIService.exe[1940] C:\Windows\system32\WS2_32.dll!connect 000007fefea842f0 12 bytes [48, B8, 78, 47, F2, FF, FF, ...] .text C:\Windows\system32\igfxCUIService.exe[1940] C:\Windows\system32\WS2_32.dll!send + 1 000007fefea87cd1 11 bytes [B8, D0, 49, F2, FF, FF, 07, ...] .text C:\Windows\system32\igfxCUIService.exe[1940] C:\Windows\system32\WS2_32.dll!gethostbyname 000007fefea88ac0 8 bytes [48, B8, 3A, 49, F2, FF, FF, ...] .text C:\Windows\system32\igfxCUIService.exe[1940] C:\Windows\system32\WS2_32.dll!gethostbyname + 9 000007fefea88ac9 3 bytes [00, 50, C3] .text C:\Windows\system32\igfxCUIService.exe[1940] C:\Windows\system32\WS2_32.dll!GetAddrInfoExW 000007fefea8be40 12 bytes [48, B8, A4, 48, F2, FF, FF, ...] .text C:\Windows\system32\igfxCUIService.exe[1940] C:\Windows\system32\WS2_32.dll!socket + 1 000007fefea8d911 11 bytes [B8, 28, 4C, F2, FF, FF, 07, ...] .text C:\Windows\system32\igfxCUIService.exe[1940] C:\Windows\system32\WS2_32.dll!recv + 1 000007fefea8d9c1 11 bytes [B8, 54, 4D, F2, FF, FF, 07, ...] .text C:\Windows\system32\igfxCUIService.exe[1940] C:\Windows\system32\WS2_32.dll!WSAConnect + 1 000007fefeaae081 11 bytes [B8, BE, 4C, F2, FF, FF, 07, ...] .text C:\Windows\system32\svchost.exe[2000] C:\Windows\SYSTEM32\ntdll.dll!RtlEqualSid + 1 00000000773076b1 11 bytes [B8, E6, 21, F2, FF, FF, 07, ...] .text C:\Windows\system32\svchost.exe[2000] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateProcessParametersEx + 1 0000000077315121 7 bytes [B8, 64, 0D, F2, FF, FF, 07] .text C:\Windows\system32\svchost.exe[2000] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateProcessParametersEx + 10 000000007731512a 2 bytes [50, C3] .text C:\Windows\system32\svchost.exe[2000] C:\Windows\SYSTEM32\ntdll.dll!NtClose 000000007732be20 12 bytes [48, B8, 98, 15, F2, FF, FF, ...] .text C:\Windows\system32\svchost.exe[2000] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory 000000007732beb0 12 bytes [48, B8, A0, 1C, F2, FF, FF, ...] .text C:\Windows\system32\svchost.exe[2000] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess 000000007732bef0 12 bytes [48, B8, 14, 12, F2, FF, FF, ...] .text C:\Windows\system32\svchost.exe[2000] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationToken 000000007732bf40 12 bytes [48, B8, 50, 21, F2, FF, FF, ...] .text C:\Windows\system32\svchost.exe[2000] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 000000007732bf90 12 bytes [48, B8, 5C, 06, F2, FF, FF, ...] .text C:\Windows\system32\svchost.exe[2000] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 000000007732bfb0 12 bytes [48, B8, 80, 00, F2, FF, FF, ...] .text C:\Windows\system32\svchost.exe[2000] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection 000000007732bfd0 12 bytes [48, B8, 16, 01, F2, FF, FF, ...] .text C:\Windows\system32\svchost.exe[2000] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000000007732bff0 12 bytes [48, B8, 7E, 11, F2, FF, FF, ...] .text C:\Windows\system32\svchost.exe[2000] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 000000007732c0a0 12 bytes [48, B8, 12, 23, F2, FF, FF, ...] .text C:\Windows\system32\svchost.exe[2000] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000000007732c0d0 12 bytes [48, B8, 30, 05, F2, FF, FF, ...] .text C:\Windows\system32\svchost.exe[2000] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 000000007732c0f0 12 bytes [48, B8, 88, 07, F2, FF, FF, ...] .text C:\Windows\system32\svchost.exe[2000] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 000000007732c130 12 bytes [48, B8, 74, 1B, F2, FF, FF, ...] .text C:\Windows\system32\svchost.exe[2000] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 000000007732c180 12 bytes [48, B8, F2, 06, F2, FF, FF, ...] .text C:\Windows\system32\svchost.exe[2000] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcessEx 000000007732c200 12 bytes [48, B8, 04, 04, F2, FF, FF, ...] .text C:\Windows\system32\svchost.exe[2000] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 000000007732c210 12 bytes [48, B8, D8, 02, F2, FF, FF, ...] .text C:\Windows\system32\svchost.exe[2000] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory 000000007732c230 12 bytes [48, B8, 36, 1D, F2, FF, FF, ...] .text C:\Windows\system32\svchost.exe[2000] C:\Windows\SYSTEM32\ntdll.dll!NtSetValueKey 000000007732c330 12 bytes [48, B8, 3E, 24, F2, FF, FF, ...] .text C:\Windows\system32\svchost.exe[2000] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 000000007732c700 12 bytes [48, B8, 0A, 1C, F2, FF, FF, ...] .text C:\Windows\system32\svchost.exe[2000] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcess 000000007732c750 12 bytes [48, B8, 6E, 03, F2, FF, FF, ...] .text C:\Windows\system32\svchost.exe[2000] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 000000007732c7b0 12 bytes [48, B8, 42, 02, F2, FF, FF, ...] .text C:\Windows\system32\svchost.exe[2000] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 000000007732cb20 12 bytes [48, B8, 2E, 16, F2, FF, FF, ...] .text C:\Windows\system32\svchost.exe[2000] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcessToken 000000007732ccf0 12 bytes [48, B8, BA, 20, F2, FF, FF, ...] .text C:\Windows\system32\svchost.exe[2000] C:\Windows\SYSTEM32\ntdll.dll!NtRaiseHardError 000000007732d060 12 bytes [48, B8, 52, 10, F2, FF, FF, ...] .text C:\Windows\system32\svchost.exe[2000] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 000000007732d260 12 bytes [48, B8, C6, 05, F2, FF, FF, ...] .text C:\Windows\system32\svchost.exe[2000] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 000000007732d420 12 bytes [48, B8, C4, 16, F2, FF, FF, ...] .text C:\Windows\system32\svchost.exe[2000] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 000000007732d500 12 bytes [48, B8, 4A, 09, F2, FF, FF, ...] .text C:\Windows\system32\svchost.exe[2000] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 000000007732d510 12 bytes [48, B8, B4, 08, F2, FF, FF, ...] .text C:\Windows\system32\svchost.exe[2000] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 000000007732d520 12 bytes [48, B8, A8, 23, F2, FF, FF, ...] .text C:\Windows\system32\svchost.exe[2000] C:\Windows\SYSTEM32\ntdll.dll!RtlReportException + 1 000000007739e391 11 bytes [B8, E8, 10, F2, FF, FF, 07, ...] .text C:\Windows\system32\svchost.exe[2000] C:\Windows\system32\kernel32.dll!Process32NextW + 1 00000000770c1b21 11 bytes [B8, 02, 15, F2, FF, FF, 07, ...] .text C:\Windows\system32\svchost.exe[2000] C:\Windows\system32\kernel32.dll!CreateToolhelp32Snapshot 00000000770c1c10 12 bytes [48, B8, 1E, 08, F2, FF, FF, ...] .text C:\Windows\system32\svchost.exe[2000] C:\Windows\system32\kernel32.dll!MoveFileExW + 1 00000000770c2b61 8 bytes [B8, 86, 18, F2, FF, FF, 07, ...] .text C:\Windows\system32\svchost.exe[2000] C:\Windows\system32\kernel32.dll!MoveFileExW + 10 00000000770c2b6a 2 bytes [50, C3] .text C:\Windows\system32\svchost.exe[2000] C:\Windows\system32\kernel32.dll!CreateProcessInternalW 00000000770ddd20 12 bytes [48, B8, 9A, 04, F2, FF, FF, ...] .text C:\Windows\system32\svchost.exe[2000] C:\Windows\system32\kernel32.dll!GetStartupInfoA + 1 00000000770e08c1 11 bytes [B8, 7C, 22, F2, FF, FF, 07, ...] .text C:\Windows\system32\svchost.exe[2000] C:\Windows\system32\kernel32.dll!ReadConsoleInputW + 1 00000000771154f1 11 bytes [B8, 90, 0E, F2, FF, FF, 07, ...] .text C:\Windows\system32\svchost.exe[2000] C:\Windows\system32\kernel32.dll!ReadConsoleInputA + 1 0000000077115511 11 bytes [B8, FA, 0D, F2, FF, FF, 07, ...] .text C:\Windows\system32\svchost.exe[2000] C:\Windows\system32\kernel32.dll!ReadConsoleW 000000007712a830 12 bytes [48, B8, BC, 0F, F2, FF, FF, ...] .text C:\Windows\system32\svchost.exe[2000] C:\Windows\system32\kernel32.dll!ReadConsoleA 000000007712a940 12 bytes [48, B8, 26, 0F, F2, FF, FF, ...] .text C:\Windows\system32\svchost.exe[2000] C:\Windows\system32\kernel32.dll!MoveFileWithProgressW + 1 000000007714f6e1 11 bytes [B8, B2, 19, F2, FF, FF, 07, ...] .text C:\Windows\system32\svchost.exe[2000] C:\Windows\system32\kernel32.dll!MoveFileWithProgressA + 1 000000007714f8e1 11 bytes [B8, 1C, 19, F2, FF, FF, 07, ...] .text C:\Windows\system32\svchost.exe[2000] C:\Windows\system32\kernel32.dll!MoveFileExA + 1 000000007714f911 8 bytes [B8, F0, 17, F2, FF, FF, 07, ...] .text C:\Windows\system32\svchost.exe[2000] C:\Windows\system32\kernel32.dll!MoveFileExA + 10 000000007714f91a 2 bytes [50, C3] .text C:\Windows\system32\svchost.exe[2000] C:\Windows\system32\KERNELBASE.dll!CloseHandle + 1 000007fefd251861 11 bytes [B8, CE, 0C, F2, FF, FF, 07, ...] .text C:\Windows\system32\svchost.exe[2000] C:\Windows\system32\KERNELBASE.dll!GetProcAddress + 1 000007fefd253371 11 bytes [B8, 6C, 14, F2, FF, FF, 07, ...] .text C:\Windows\system32\svchost.exe[2000] C:\Windows\system32\KERNELBASE.dll!FindClose + 1 000007fefd256401 11 bytes [B8, 8E, 1F, F2, FF, FF, 07, ...] .text C:\Windows\system32\svchost.exe[2000] C:\Windows\system32\KERNELBASE.dll!FindFirstFileExW 000007fefd256620 12 bytes [48, B8, 62, 1E, F2, FF, FF, ...] .text C:\Windows\system32\svchost.exe[2000] C:\Windows\system32\KERNELBASE.dll!FindNextFileW + 1 000007fefd257901 11 bytes [B8, F8, 1E, F2, FF, FF, 07, ...] .text C:\Windows\system32\svchost.exe[2000] C:\Windows\system32\KERNELBASE.dll!CreateMutexW 000007fefd258750 9 bytes [48, B8, 38, 0C, F2, FF, FF, ...] .text C:\Windows\system32\svchost.exe[2000] C:\Windows\system32\KERNELBASE.dll!CreateMutexW + 10 000007fefd25875a 2 bytes [50, C3] .text C:\Windows\system32\svchost.exe[2000] C:\Windows\system32\KERNELBASE.dll!CreateWellKnownSid + 1 000007fefd25a5c1 11 bytes [B8, 24, 20, F2, FF, FF, 07, ...] .text C:\Windows\system32\svchost.exe[2000] C:\Windows\system32\KERNELBASE.dll!FreeLibrary + 1 000007fefd25aa61 11 bytes [B8, D6, 13, F2, FF, FF, 07, ...] .text C:\Windows\system32\svchost.exe[2000] C:\Windows\system32\KERNELBASE.dll!CreateRemoteThreadEx 000007fefd25acb0 12 bytes [48, B8, CC, 1D, F2, FF, FF, ...] .text C:\Windows\system32\svchost.exe[2000] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExA + 1 000007fefd25c751 11 bytes [B8, AA, 12, F2, FF, FF, 07, ...] .text C:\Windows\system32\svchost.exe[2000] C:\Windows\system32\KERNELBASE.dll!OpenThread + 1 000007fefd25ef51 11 bytes [B8, E0, 09, F2, FF, FF, 07, ...] .text C:\Windows\system32\svchost.exe[2000] C:\Windows\system32\KERNELBASE.dll!OpenMutexW + 1 000007fefd261c41 11 bytes [B8, A2, 0B, F2, FF, FF, 07, ...] .text C:\Windows\system32\svchost.exe[2000] C:\Windows\system32\KERNELBASE.dll!DeleteFileW + 1 000007fefd263291 11 bytes [B8, 48, 1A, F2, FF, FF, 07, ...] .text C:\Windows\system32\svchost.exe[2000] C:\Windows\system32\KERNELBASE.dll!DeleteFileA + 1 000007fefd2635a1 11 bytes [B8, DE, 1A, F2, FF, FF, 07, ...] .text C:\Windows\system32\svchost.exe[2000] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd269ac0 12 bytes [48, B8, 40, 13, F2, FF, FF, ...] .text C:\Windows\system32\svchost.exe[2000] C:\Windows\system32\KERNELBASE.dll!WriteProcessMemory 000007fefd2838a0 12 bytes [48, B8, 0C, 0B, F2, FF, FF, ...] .text C:\Windows\system32\svchost.exe[2000] C:\Windows\system32\KERNELBASE.dll!DefineDosDeviceW + 1 000007fefd28ff01 11 bytes [B8, 5A, 17, F2, FF, FF, 07, ...] .text C:\Windows\system32\svchost.exe[2000] C:\Windows\system32\KERNELBASE.dll!CreateRemoteThread + 1 000007fefd2922c1 8 bytes [B8, AC, 01, F2, FF, FF, 07, ...] .text C:\Windows\system32\svchost.exe[2000] C:\Windows\system32\KERNELBASE.dll!CreateRemoteThread + 10 000007fefd2922ca 2 bytes [50, C3] .text C:\Windows\system32\svchost.exe[2000] C:\Windows\system32\KERNELBASE.dll!CreateThread + 1 000007fefd292301 11 bytes [B8, 76, 0A, F2, FF, FF, 07, ...] .text C:\Windows\system32\svchost.exe[2000] C:\Windows\system32\GDI32.dll!GdiDllInitialize + 353 000007feff3caf11 11 bytes [B8, D4, 24, F2, FF, FF, 07, ...] .text C:\Windows\system32\svchost.exe[2000] C:\Windows\system32\GDI32.dll!SetBrushAttributes + 1 000007feff3e49a9 11 bytes [B8, AA, 38, F2, FF, FF, 07, ...] .text C:\Windows\system32\svchost.exe[2000] C:\Windows\system32\GDI32.dll!ClearBrushAttributes + 1 000007feff3e49c9 11 bytes [B8, 40, 39, F2, FF, FF, 07, ...] .text C:\Windows\system32\svchost.exe[2000] C:\Windows\system32\GDI32.dll!NamedEscape + 1 000007feff3f9271 11 bytes [B8, D6, 39, F2, FF, FF, 07, ...] .text C:\Windows\system32\svchost.exe[2000] C:\Windows\system32\ADVAPI32.dll!CryptExportKey + 1 000007fefeb7ac21 11 bytes [B8, 0A, 44, F2, FF, FF, 07, ...] .text C:\Windows\system32\svchost.exe[2000] C:\Windows\system32\ADVAPI32.dll!CryptAcquireContextA + 1 000007fefeb7ac7d 11 bytes [B8, 32, 41, F2, FF, FF, 07, ...] .text C:\Windows\system32\svchost.exe[2000] C:\Windows\system32\ADVAPI32.dll!CryptImportKey + 1 000007fefeb7e415 11 bytes [B8, B6, 45, F2, FF, FF, 07, ...] .text C:\Windows\system32\svchost.exe[2000] C:\Windows\system32\ADVAPI32.dll!OpenServiceW 000007fefeb7e514 12 bytes [48, B8, 82, 3B, F2, FF, FF, ...] .text C:\Windows\system32\svchost.exe[2000] C:\Windows\system32\ADVAPI32.dll!CryptAcquireContextW + 1 000007fefeb801bd 11 bytes [B8, C8, 41, F2, FF, FF, 07, ...] .text C:\Windows\system32\svchost.exe[2000] C:\Windows\system32\ADVAPI32.dll!CryptCreateHash + 1 000007fefeb80291 11 bytes [B8, 74, 43, F2, FF, FF, 07, ...] .text C:\Windows\system32\svchost.exe[2000] C:\Windows\system32\ADVAPI32.dll!CryptGetHashParam + 1 000007fefeb802bd 11 bytes [B8, A0, 44, F2, FF, FF, 07, ...] .text C:\Windows\system32\svchost.exe[2000] C:\Windows\system32\ADVAPI32.dll!CloseServiceHandle 000007fefeb8a830 12 bytes [48, B8, 70, 3F, F2, FF, FF, ...] .text C:\Windows\system32\svchost.exe[2000] C:\Windows\system32\ADVAPI32.dll!IsTextUnicode + 49 000007fefeb94291 11 bytes [B8, 6C, 3A, F2, FF, FF, 07, ...] .text C:\Windows\system32\svchost.exe[2000] C:\Windows\system32\ADVAPI32.dll!CreateServiceW 000007fefeb949b0 12 bytes [48, B8, 9C, 40, F2, FF, FF, ...] .text C:\Windows\system32\svchost.exe[2000] C:\Windows\system32\ADVAPI32.dll!CryptEncrypt + 1 000007fefebaa409 7 bytes [B8, DE, 42, F2, FF, FF, 07] .text C:\Windows\system32\svchost.exe[2000] C:\Windows\system32\ADVAPI32.dll!CryptEncrypt + 10 000007fefebaa412 2 bytes [50, C3] .text C:\Windows\system32\svchost.exe[2000] C:\Windows\system32\ADVAPI32.dll!CreateServiceA 000007fefebaa490 12 bytes [48, B8, 06, 40, F2, FF, FF, ...] .text C:\Windows\system32\svchost.exe[2000] C:\Windows\system32\ADVAPI32.dll!ControlServiceExW 000007fefebaa5e8 36 bytes [48, B8, AE, 3C, F2, FF, FF, ...] .text C:\Windows\system32\svchost.exe[2000] C:\Windows\system32\ADVAPI32.dll!ChangeServiceConfigA 000007fefebaa66c 12 bytes [48, B8, 44, 3E, F2, FF, FF, ...] .text C:\Windows\system32\svchost.exe[2000] C:\Windows\system32\WS2_32.dll!WSASend + 1 000007fefea813b1 11 bytes [B8, 92, 4B, F2, FF, FF, 07, ...] .text C:\Windows\system32\svchost.exe[2000] C:\Windows\system32\WS2_32.dll!closesocket 000007fefea818e0 12 bytes [48, B8, FC, 4A, F2, FF, FF, ...] .text C:\Windows\system32\svchost.exe[2000] C:\Windows\system32\WS2_32.dll!WSASocketW + 1 000007fefea81bd1 11 bytes [B8, 66, 4A, F2, FF, FF, 07, ...] .text C:\Windows\system32\svchost.exe[2000] C:\Windows\system32\WS2_32.dll!WSARecv + 1 000007fefea82201 11 bytes [B8, EA, 4D, F2, FF, FF, 07, ...] .text C:\Windows\system32\svchost.exe[2000] C:\Windows\system32\WS2_32.dll!GetAddrInfoW 000007fefea823c0 12 bytes [48, B8, 0E, 48, F2, FF, FF, ...] .text C:\Windows\system32\svchost.exe[2000] C:\Windows\system32\WS2_32.dll!connect 000007fefea842f0 12 bytes [48, B8, 78, 47, F2, FF, FF, ...] .text C:\Windows\system32\svchost.exe[2000] C:\Windows\system32\WS2_32.dll!send + 1 000007fefea87cd1 11 bytes [B8, D0, 49, F2, FF, FF, 07, ...] .text C:\Windows\system32\svchost.exe[2000] C:\Windows\system32\WS2_32.dll!gethostbyname 000007fefea88ac0 8 bytes [48, B8, 3A, 49, F2, FF, FF, ...] .text C:\Windows\system32\svchost.exe[2000] C:\Windows\system32\WS2_32.dll!gethostbyname + 9 000007fefea88ac9 3 bytes [00, 50, C3] .text C:\Windows\system32\svchost.exe[2000] C:\Windows\system32\WS2_32.dll!GetAddrInfoExW 000007fefea8be40 12 bytes [48, B8, A4, 48, F2, FF, FF, ...] .text C:\Windows\system32\svchost.exe[2000] C:\Windows\system32\WS2_32.dll!socket + 1 000007fefea8d911 11 bytes [B8, 28, 4C, F2, FF, FF, 07, ...] .text C:\Windows\system32\svchost.exe[2000] C:\Windows\system32\WS2_32.dll!recv + 1 000007fefea8d9c1 11 bytes [B8, 54, 4D, F2, FF, FF, 07, ...] .text C:\Windows\system32\svchost.exe[2000] C:\Windows\system32\WS2_32.dll!WSAConnect + 1 000007fefeaae081 11 bytes [B8, BE, 4C, F2, FF, FF, 07, ...] .text C:\Windows\system32\svchost.exe[2000] c:\windows\system32\DNSAPI.dll!DnsQuery_UTF8 000007fefc5e56e0 12 bytes [48, B8, AC, 4F, F2, FF, FF, ...] .text C:\Windows\system32\svchost.exe[2000] c:\windows\system32\DNSAPI.dll!DnsQuery_W 000007fefc5f010c 12 bytes [48, B8, 16, 4F, F2, FF, FF, ...] .text C:\Windows\system32\svchost.exe[2000] c:\windows\system32\DNSAPI.dll!DnsQuery_A 000007fefc60daa0 12 bytes [48, B8, 80, 4E, F2, FF, FF, ...] .text C:\Windows\system32\svchost.exe[2000] c:\windows\system32\WINHTTP.dll!WinHttpCloseHandle 000007fef67e22d0 12 bytes [48, B8, 6E, 51, F2, FF, FF, ...] .text C:\Windows\system32\svchost.exe[2000] c:\windows\system32\WINHTTP.dll!WinHttpOpenRequest 000007fef67e45f0 12 bytes [48, B8, D8, 50, F2, FF, FF, ...] .text C:\Windows\system32\svchost.exe[2000] c:\windows\system32\WINHTTP.dll!WinHttpConnect 000007fef67f3e68 12 bytes [48, B8, 04, 52, F2, FF, FF, ...] .text C:\Windows\System32\spoolsv.exe[1524] C:\Windows\SYSTEM32\ntdll.dll!RtlEqualSid + 1 00000000773076b1 11 bytes [B8, 7C, 22, F2, FF, FF, 07, ...] .text C:\Windows\System32\spoolsv.exe[1524] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateProcessParametersEx + 1 0000000077315121 7 bytes [B8, 64, 0D, F2, FF, FF, 07] .text C:\Windows\System32\spoolsv.exe[1524] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateProcessParametersEx + 10 000000007731512a 2 bytes [50, C3] .text C:\Windows\System32\spoolsv.exe[1524] C:\Windows\SYSTEM32\ntdll.dll!NtClose 000000007732be20 12 bytes [48, B8, 98, 15, F2, FF, FF, ...] .text C:\Windows\System32\spoolsv.exe[1524] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory 000000007732beb0 12 bytes [48, B8, 36, 1D, F2, FF, FF, ...] .text C:\Windows\System32\spoolsv.exe[1524] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess 000000007732bef0 12 bytes [48, B8, 14, 12, F2, FF, FF, ...] .text C:\Windows\System32\spoolsv.exe[1524] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationToken 000000007732bf40 12 bytes [48, B8, E6, 21, F2, FF, FF, ...] .text C:\Windows\System32\spoolsv.exe[1524] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 000000007732bf90 12 bytes [48, B8, 5C, 06, F2, FF, FF, ...] .text C:\Windows\System32\spoolsv.exe[1524] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 000000007732bfb0 12 bytes [48, B8, 80, 00, F2, FF, FF, ...] .text C:\Windows\System32\spoolsv.exe[1524] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection 000000007732bfd0 12 bytes [48, B8, 16, 01, F2, FF, FF, ...] .text C:\Windows\System32\spoolsv.exe[1524] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000000007732bff0 12 bytes [48, B8, 7E, 11, F2, FF, FF, ...] .text C:\Windows\System32\spoolsv.exe[1524] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 000000007732c0a0 12 bytes [48, B8, A8, 23, F2, FF, FF, ...] .text C:\Windows\System32\spoolsv.exe[1524] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000000007732c0d0 12 bytes [48, B8, 30, 05, F2, FF, FF, ...] .text C:\Windows\System32\spoolsv.exe[1524] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 000000007732c0f0 12 bytes [48, B8, 88, 07, F2, FF, FF, ...] .text C:\Windows\System32\spoolsv.exe[1524] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 000000007732c130 12 bytes [48, B8, 0A, 1C, F2, FF, FF, ...] .text C:\Windows\System32\spoolsv.exe[1524] C:\Windows\SYSTEM32\ntdll.dll!NtAdjustPrivilegesToken 000000007732c140 12 bytes [48, B8, 48, 1A, F2, FF, FF, ...] .text C:\Windows\System32\spoolsv.exe[1524] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 000000007732c180 12 bytes [48, B8, F2, 06, F2, FF, FF, ...] .text C:\Windows\System32\spoolsv.exe[1524] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcessEx 000000007732c200 12 bytes [48, B8, 04, 04, F2, FF, FF, ...] .text C:\Windows\System32\spoolsv.exe[1524] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 000000007732c210 12 bytes [48, B8, D8, 02, F2, FF, FF, ...] .text C:\Windows\System32\spoolsv.exe[1524] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory 000000007732c230 12 bytes [48, B8, CC, 1D, F2, FF, FF, ...] .text C:\Windows\System32\spoolsv.exe[1524] C:\Windows\SYSTEM32\ntdll.dll!NtSetValueKey 000000007732c330 12 bytes [48, B8, D4, 24, F2, FF, FF, ...] .text C:\Windows\System32\spoolsv.exe[1524] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 000000007732c700 12 bytes [48, B8, A0, 1C, F2, FF, FF, ...] .text C:\Windows\System32\spoolsv.exe[1524] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcess 000000007732c750 12 bytes [48, B8, 6E, 03, F2, FF, FF, ...] .text C:\Windows\System32\spoolsv.exe[1524] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 000000007732c7b0 12 bytes [48, B8, 42, 02, F2, FF, FF, ...] .text C:\Windows\System32\spoolsv.exe[1524] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 000000007732cb20 12 bytes [48, B8, 2E, 16, F2, FF, FF, ...] .text C:\Windows\System32\spoolsv.exe[1524] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcessToken 000000007732ccf0 12 bytes [48, B8, 50, 21, F2, FF, FF, ...] .text C:\Windows\System32\spoolsv.exe[1524] C:\Windows\SYSTEM32\ntdll.dll!NtRaiseHardError 000000007732d060 12 bytes [48, B8, 52, 10, F2, FF, FF, ...] .text C:\Windows\System32\spoolsv.exe[1524] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 000000007732d260 12 bytes [48, B8, C6, 05, F2, FF, FF, ...] .text C:\Windows\System32\spoolsv.exe[1524] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 000000007732d420 12 bytes [48, B8, C4, 16, F2, FF, FF, ...] .text C:\Windows\System32\spoolsv.exe[1524] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 000000007732d500 12 bytes [48, B8, 4A, 09, F2, FF, FF, ...] .text C:\Windows\System32\spoolsv.exe[1524] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 000000007732d510 12 bytes [48, B8, B4, 08, F2, FF, FF, ...] .text C:\Windows\System32\spoolsv.exe[1524] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 000000007732d520 12 bytes [48, B8, 3E, 24, F2, FF, FF, ...] .text C:\Windows\System32\spoolsv.exe[1524] C:\Windows\SYSTEM32\ntdll.dll!RtlReportException + 1 000000007739e391 11 bytes [B8, E8, 10, F2, FF, FF, 07, ...] .text C:\Windows\System32\spoolsv.exe[1524] C:\Windows\system32\kernel32.dll!Process32NextW + 1 00000000770c1b21 11 bytes [B8, 02, 15, F2, FF, FF, 07, ...] .text C:\Windows\System32\spoolsv.exe[1524] C:\Windows\system32\kernel32.dll!CreateToolhelp32Snapshot 00000000770c1c10 12 bytes [48, B8, 1E, 08, F2, FF, FF, ...] .text C:\Windows\System32\spoolsv.exe[1524] C:\Windows\system32\kernel32.dll!MoveFileExW + 1 00000000770c2b61 8 bytes [B8, 86, 18, F2, FF, FF, 07, ...] .text C:\Windows\System32\spoolsv.exe[1524] C:\Windows\system32\kernel32.dll!MoveFileExW + 10 00000000770c2b6a 2 bytes [50, C3] .text C:\Windows\System32\spoolsv.exe[1524] C:\Windows\system32\kernel32.dll!CreateProcessInternalW 00000000770ddd20 12 bytes [48, B8, 9A, 04, F2, FF, FF, ...] .text C:\Windows\System32\spoolsv.exe[1524] C:\Windows\system32\kernel32.dll!GetStartupInfoA + 1 00000000770e08c1 11 bytes [B8, 12, 23, F2, FF, FF, 07, ...] .text C:\Windows\System32\spoolsv.exe[1524] C:\Windows\system32\kernel32.dll!ReadConsoleInputW + 1 00000000771154f1 11 bytes [B8, 90, 0E, F2, FF, FF, 07, ...] .text C:\Windows\System32\spoolsv.exe[1524] C:\Windows\system32\kernel32.dll!ReadConsoleInputA + 1 0000000077115511 11 bytes [B8, FA, 0D, F2, FF, FF, 07, ...] .text C:\Windows\System32\spoolsv.exe[1524] C:\Windows\system32\kernel32.dll!ReadConsoleW 000000007712a830 12 bytes [48, B8, BC, 0F, F2, FF, FF, ...] .text C:\Windows\System32\spoolsv.exe[1524] C:\Windows\system32\kernel32.dll!ReadConsoleA 000000007712a940 12 bytes [48, B8, 26, 0F, F2, FF, FF, ...] .text C:\Windows\System32\spoolsv.exe[1524] C:\Windows\system32\kernel32.dll!MoveFileWithProgressW + 1 000000007714f6e1 11 bytes [B8, B2, 19, F2, FF, FF, 07, ...] .text C:\Windows\System32\spoolsv.exe[1524] C:\Windows\system32\kernel32.dll!MoveFileWithProgressA + 1 000000007714f8e1 11 bytes [B8, 1C, 19, F2, FF, FF, 07, ...] .text C:\Windows\System32\spoolsv.exe[1524] C:\Windows\system32\kernel32.dll!MoveFileExA + 1 000000007714f911 8 bytes [B8, F0, 17, F2, FF, FF, 07, ...] .text C:\Windows\System32\spoolsv.exe[1524] C:\Windows\system32\kernel32.dll!MoveFileExA + 10 000000007714f91a 2 bytes [50, C3] .text C:\Windows\System32\spoolsv.exe[1524] C:\Windows\system32\KERNELBASE.dll!CloseHandle + 1 000007fefd251861 11 bytes [B8, CE, 0C, F2, FF, FF, 07, ...] .text C:\Windows\System32\spoolsv.exe[1524] C:\Windows\system32\KERNELBASE.dll!GetProcAddress + 1 000007fefd253371 11 bytes [B8, 6C, 14, F2, FF, FF, 07, ...] .text C:\Windows\System32\spoolsv.exe[1524] C:\Windows\system32\KERNELBASE.dll!FindClose + 1 000007fefd256401 11 bytes [B8, 24, 20, F2, FF, FF, 07, ...] .text C:\Windows\System32\spoolsv.exe[1524] C:\Windows\system32\KERNELBASE.dll!FindFirstFileExW 000007fefd256620 12 bytes [48, B8, F8, 1E, F2, FF, FF, ...] .text C:\Windows\System32\spoolsv.exe[1524] C:\Windows\system32\KERNELBASE.dll!FindNextFileW + 1 000007fefd257901 11 bytes [B8, 8E, 1F, F2, FF, FF, 07, ...] .text C:\Windows\System32\spoolsv.exe[1524] C:\Windows\system32\KERNELBASE.dll!CreateMutexW 000007fefd258750 9 bytes [48, B8, 38, 0C, F2, FF, FF, ...] .text C:\Windows\System32\spoolsv.exe[1524] C:\Windows\system32\KERNELBASE.dll!CreateMutexW + 10 000007fefd25875a 2 bytes [50, C3] .text C:\Windows\System32\spoolsv.exe[1524] C:\Windows\system32\KERNELBASE.dll!CreateWellKnownSid + 1 000007fefd25a5c1 11 bytes [B8, BA, 20, F2, FF, FF, 07, ...] .text C:\Windows\System32\spoolsv.exe[1524] C:\Windows\system32\KERNELBASE.dll!FreeLibrary + 1 000007fefd25aa61 11 bytes [B8, D6, 13, F2, FF, FF, 07, ...] .text C:\Windows\System32\spoolsv.exe[1524] C:\Windows\system32\KERNELBASE.dll!CreateRemoteThreadEx 000007fefd25acb0 12 bytes [48, B8, 62, 1E, F2, FF, FF, ...] .text C:\Windows\System32\spoolsv.exe[1524] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExA + 1 000007fefd25c751 11 bytes [B8, AA, 12, F2, FF, FF, 07, ...] .text C:\Windows\System32\spoolsv.exe[1524] C:\Windows\system32\KERNELBASE.dll!OpenThread + 1 000007fefd25ef51 11 bytes [B8, E0, 09, F2, FF, FF, 07, ...] .text C:\Windows\System32\spoolsv.exe[1524] C:\Windows\system32\KERNELBASE.dll!OpenMutexW + 1 000007fefd261c41 11 bytes [B8, A2, 0B, F2, FF, FF, 07, ...] .text C:\Windows\System32\spoolsv.exe[1524] C:\Windows\system32\KERNELBASE.dll!DeleteFileW + 1 000007fefd263291 11 bytes [B8, DE, 1A, F2, FF, FF, 07, ...] .text C:\Windows\System32\spoolsv.exe[1524] C:\Windows\system32\KERNELBASE.dll!DeleteFileA + 1 000007fefd2635a1 11 bytes [B8, 74, 1B, F2, FF, FF, 07, ...] .text C:\Windows\System32\spoolsv.exe[1524] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd269ac0 12 bytes [48, B8, 40, 13, F2, FF, FF, ...] .text C:\Windows\System32\spoolsv.exe[1524] C:\Windows\system32\KERNELBASE.dll!WriteProcessMemory 000007fefd2838a0 12 bytes [48, B8, 0C, 0B, F2, FF, FF, ...] .text C:\Windows\System32\spoolsv.exe[1524] C:\Windows\system32\KERNELBASE.dll!DefineDosDeviceW + 1 000007fefd28ff01 11 bytes [B8, 5A, 17, F2, FF, FF, 07, ...] .text C:\Windows\System32\spoolsv.exe[1524] C:\Windows\system32\KERNELBASE.dll!CreateRemoteThread + 1 000007fefd2922c1 8 bytes [B8, AC, 01, F2, FF, FF, 07, ...] .text C:\Windows\System32\spoolsv.exe[1524] C:\Windows\system32\KERNELBASE.dll!CreateRemoteThread + 10 000007fefd2922ca 2 bytes [50, C3] .text C:\Windows\System32\spoolsv.exe[1524] C:\Windows\system32\KERNELBASE.dll!CreateThread + 1 000007fefd292301 11 bytes [B8, 76, 0A, F2, FF, FF, 07, ...] .text C:\Windows\System32\spoolsv.exe[1524] C:\Windows\system32\GDI32.dll!GdiDllInitialize + 353 000007feff3caf11 11 bytes [B8, 00, 26, F2, FF, FF, 07, ...] .text C:\Windows\System32\spoolsv.exe[1524] C:\Windows\system32\GDI32.dll!SetBrushAttributes + 1 000007feff3e49a9 2 bytes [B8, 58] .text C:\Windows\System32\spoolsv.exe[1524] C:\Windows\system32\GDI32.dll!SetBrushAttributes + 4 000007feff3e49ac 8 bytes [F2, FF, FF, 07, 00, 00, 50, ...] .text C:\Windows\System32\spoolsv.exe[1524] C:\Windows\system32\GDI32.dll!ClearBrushAttributes + 1 000007feff3e49c9 2 bytes [B8, EE] .text C:\Windows\System32\spoolsv.exe[1524] C:\Windows\system32\GDI32.dll!ClearBrushAttributes + 4 000007feff3e49cc 8 bytes [F2, FF, FF, 07, 00, 00, 50, ...] .text C:\Windows\System32\spoolsv.exe[1524] C:\Windows\system32\GDI32.dll!NamedEscape + 1 000007feff3f9271 11 bytes [B8, 84, 29, F2, FF, FF, 07, ...] .text C:\Windows\System32\spoolsv.exe[1524] C:\Windows\system32\ADVAPI32.dll!CryptExportKey + 1 000007fefeb7ac21 11 bytes [B8, CC, 45, F2, FF, FF, 07, ...] .text C:\Windows\System32\spoolsv.exe[1524] C:\Windows\system32\ADVAPI32.dll!CryptAcquireContextA + 1 000007fefeb7ac7d 11 bytes [B8, F4, 42, F2, FF, FF, 07, ...] .text C:\Windows\System32\spoolsv.exe[1524] C:\Windows\system32\ADVAPI32.dll!CryptImportKey + 1 000007fefeb7e415 11 bytes [B8, 78, 47, F2, FF, FF, 07, ...] .text C:\Windows\System32\spoolsv.exe[1524] C:\Windows\system32\ADVAPI32.dll!OpenServiceW 000007fefeb7e514 12 bytes [48, B8, 44, 3D, F2, FF, FF, ...] .text C:\Windows\System32\spoolsv.exe[1524] C:\Windows\system32\ADVAPI32.dll!CryptAcquireContextW + 1 000007fefeb801bd 11 bytes [B8, 8A, 43, F2, FF, FF, 07, ...] .text C:\Windows\System32\spoolsv.exe[1524] C:\Windows\system32\ADVAPI32.dll!CryptCreateHash + 1 000007fefeb80291 11 bytes [B8, 36, 45, F2, FF, FF, 07, ...] .text C:\Windows\System32\spoolsv.exe[1524] C:\Windows\system32\ADVAPI32.dll!CryptGetHashParam + 1 000007fefeb802bd 11 bytes [B8, 62, 46, F2, FF, FF, 07, ...] .text C:\Windows\System32\spoolsv.exe[1524] C:\Windows\system32\ADVAPI32.dll!CloseServiceHandle 000007fefeb8a830 12 bytes [48, B8, 32, 41, F2, FF, FF, ...] .text C:\Windows\System32\spoolsv.exe[1524] C:\Windows\system32\ADVAPI32.dll!IsTextUnicode + 49 000007fefeb94291 11 bytes [B8, 96, 26, F2, FF, FF, 07, ...] .text C:\Windows\System32\spoolsv.exe[1524] C:\Windows\system32\ADVAPI32.dll!CreateServiceW 000007fefeb949b0 12 bytes [48, B8, 5E, 42, F2, FF, FF, ...] .text C:\Windows\System32\spoolsv.exe[1524] C:\Windows\system32\ADVAPI32.dll!CryptEncrypt + 1 000007fefebaa409 7 bytes [B8, A0, 44, F2, FF, FF, 07] .text C:\Windows\System32\spoolsv.exe[1524] C:\Windows\system32\ADVAPI32.dll!CryptEncrypt + 10 000007fefebaa412 2 bytes [50, C3] .text C:\Windows\System32\spoolsv.exe[1524] C:\Windows\system32\ADVAPI32.dll!CreateServiceA 000007fefebaa490 12 bytes [48, B8, C8, 41, F2, FF, FF, ...] .text C:\Windows\System32\spoolsv.exe[1524] C:\Windows\system32\ADVAPI32.dll!ControlServiceExW 000007fefebaa5e8 36 bytes [48, B8, 70, 3E, F2, FF, FF, ...] .text C:\Windows\System32\spoolsv.exe[1524] C:\Windows\system32\ADVAPI32.dll!ChangeServiceConfigA 000007fefebaa66c 12 bytes [48, B8, 06, 40, F2, FF, FF, ...] .text C:\Windows\System32\spoolsv.exe[1524] C:\Windows\System32\DNSAPI.dll!DnsQuery_UTF8 000007fefc5e56e0 12 bytes [48, B8, 42, 50, F2, FF, FF, ...] .text C:\Windows\System32\spoolsv.exe[1524] C:\Windows\System32\DNSAPI.dll!DnsQuery_W 000007fefc5f010c 12 bytes [48, B8, AC, 4F, F2, FF, FF, ...] .text C:\Windows\System32\spoolsv.exe[1524] C:\Windows\System32\DNSAPI.dll!DnsQuery_A 000007fefc60daa0 12 bytes [48, B8, 16, 4F, F2, FF, FF, ...] .text C:\Windows\System32\spoolsv.exe[1524] C:\Windows\system32\WS2_32.dll!WSASend + 1 000007fefea813b1 11 bytes [B8, 28, 4C, F2, FF, FF, 07, ...] .text C:\Windows\System32\spoolsv.exe[1524] C:\Windows\system32\WS2_32.dll!closesocket 000007fefea818e0 12 bytes [48, B8, 92, 4B, F2, FF, FF, ...] .text C:\Windows\System32\spoolsv.exe[1524] C:\Windows\system32\WS2_32.dll!WSASocketW + 1 000007fefea81bd1 11 bytes [B8, FC, 4A, F2, FF, FF, 07, ...] .text C:\Windows\System32\spoolsv.exe[1524] C:\Windows\system32\WS2_32.dll!WSARecv + 1 000007fefea82201 11 bytes [B8, 80, 4E, F2, FF, FF, 07, ...] .text C:\Windows\System32\spoolsv.exe[1524] C:\Windows\system32\WS2_32.dll!GetAddrInfoW 000007fefea823c0 12 bytes [48, B8, A4, 48, F2, FF, FF, ...] .text C:\Windows\System32\spoolsv.exe[1524] C:\Windows\system32\WS2_32.dll!connect 000007fefea842f0 12 bytes [48, B8, 0E, 48, F2, FF, FF, ...] .text C:\Windows\System32\spoolsv.exe[1524] C:\Windows\system32\WS2_32.dll!send + 1 000007fefea87cd1 11 bytes [B8, 66, 4A, F2, FF, FF, 07, ...] .text C:\Windows\System32\spoolsv.exe[1524] C:\Windows\system32\WS2_32.dll!gethostbyname 000007fefea88ac0 8 bytes [48, B8, D0, 49, F2, FF, FF, ...] .text C:\Windows\System32\spoolsv.exe[1524] C:\Windows\system32\WS2_32.dll!gethostbyname + 9 000007fefea88ac9 3 bytes [00, 50, C3] .text C:\Windows\System32\spoolsv.exe[1524] C:\Windows\system32\WS2_32.dll!GetAddrInfoExW 000007fefea8be40 12 bytes [48, B8, 3A, 49, F2, FF, FF, ...] .text C:\Windows\System32\spoolsv.exe[1524] C:\Windows\system32\WS2_32.dll!socket + 1 000007fefea8d911 11 bytes [B8, BE, 4C, F2, FF, FF, 07, ...] .text C:\Windows\System32\spoolsv.exe[1524] C:\Windows\system32\WS2_32.dll!recv + 1 000007fefea8d9c1 11 bytes [B8, EA, 4D, F2, FF, FF, 07, ...] .text C:\Windows\System32\spoolsv.exe[1524] C:\Windows\system32\WS2_32.dll!WSAConnect + 1 000007fefeaae081 11 bytes [B8, 54, 4D, F2, FF, FF, 07, ...] .text C:\Windows\system32\svchost.exe[2112] C:\Windows\SYSTEM32\ntdll.dll!RtlEqualSid + 1 00000000773076b1 11 bytes [B8, E6, 21, F2, FF, FF, 07, ...] .text C:\Windows\system32\svchost.exe[2112] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateProcessParametersEx + 1 0000000077315121 7 bytes [B8, 64, 0D, F2, FF, FF, 07] .text C:\Windows\system32\svchost.exe[2112] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateProcessParametersEx + 10 000000007731512a 2 bytes [50, C3] .text C:\Windows\system32\svchost.exe[2112] C:\Windows\SYSTEM32\ntdll.dll!NtClose 000000007732be20 12 bytes [48, B8, 98, 15, F2, FF, FF, ...] .text C:\Windows\system32\svchost.exe[2112] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory 000000007732beb0 12 bytes [48, B8, A0, 1C, F2, FF, FF, ...] .text C:\Windows\system32\svchost.exe[2112] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess 000000007732bef0 12 bytes [48, B8, 14, 12, F2, FF, FF, ...] .text C:\Windows\system32\svchost.exe[2112] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationToken 000000007732bf40 12 bytes [48, B8, 50, 21, F2, FF, FF, ...] .text C:\Windows\system32\svchost.exe[2112] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 000000007732bf90 12 bytes [48, B8, 5C, 06, F2, FF, FF, ...] .text C:\Windows\system32\svchost.exe[2112] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 000000007732bfb0 12 bytes [48, B8, 80, 00, F2, FF, FF, ...] .text C:\Windows\system32\svchost.exe[2112] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection 000000007732bfd0 12 bytes [48, B8, 16, 01, F2, FF, FF, ...] .text C:\Windows\system32\svchost.exe[2112] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000000007732bff0 12 bytes [48, B8, 7E, 11, F2, FF, FF, ...] .text C:\Windows\system32\svchost.exe[2112] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 000000007732c0a0 12 bytes [48, B8, 12, 23, F2, FF, FF, ...] .text C:\Windows\system32\svchost.exe[2112] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000000007732c0d0 12 bytes [48, B8, 30, 05, F2, FF, FF, ...] .text C:\Windows\system32\svchost.exe[2112] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 000000007732c0f0 12 bytes [48, B8, 88, 07, F2, FF, FF, ...] .text C:\Windows\system32\svchost.exe[2112] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 000000007732c130 12 bytes [48, B8, 74, 1B, F2, FF, FF, ...] .text C:\Windows\system32\svchost.exe[2112] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 000000007732c180 12 bytes [48, B8, F2, 06, F2, FF, FF, ...] .text C:\Windows\system32\svchost.exe[2112] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcessEx 000000007732c200 12 bytes [48, B8, 04, 04, F2, FF, FF, ...] .text C:\Windows\system32\svchost.exe[2112] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 000000007732c210 12 bytes [48, B8, D8, 02, F2, FF, FF, ...] .text C:\Windows\system32\svchost.exe[2112] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory 000000007732c230 12 bytes [48, B8, 36, 1D, F2, FF, FF, ...] .text C:\Windows\system32\svchost.exe[2112] C:\Windows\SYSTEM32\ntdll.dll!NtSetValueKey 000000007732c330 12 bytes [48, B8, 3E, 24, F2, FF, FF, ...] .text C:\Windows\system32\svchost.exe[2112] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 000000007732c700 12 bytes [48, B8, 0A, 1C, F2, FF, FF, ...] .text C:\Windows\system32\svchost.exe[2112] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcess 000000007732c750 12 bytes [48, B8, 6E, 03, F2, FF, FF, ...] .text C:\Windows\system32\svchost.exe[2112] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 000000007732c7b0 12 bytes [48, B8, 42, 02, F2, FF, FF, ...] .text C:\Windows\system32\svchost.exe[2112] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 000000007732cb20 12 bytes [48, B8, 2E, 16, F2, FF, FF, ...] .text C:\Windows\system32\svchost.exe[2112] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcessToken 000000007732ccf0 12 bytes [48, B8, BA, 20, F2, FF, FF, ...] .text C:\Windows\system32\svchost.exe[2112] C:\Windows\SYSTEM32\ntdll.dll!NtRaiseHardError 000000007732d060 12 bytes [48, B8, 52, 10, F2, FF, FF, ...] .text C:\Windows\system32\svchost.exe[2112] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 000000007732d260 12 bytes [48, B8, C6, 05, F2, FF, FF, ...] .text C:\Windows\system32\svchost.exe[2112] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 000000007732d420 12 bytes [48, B8, C4, 16, F2, FF, FF, ...] .text C:\Windows\system32\svchost.exe[2112] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 000000007732d500 12 bytes [48, B8, 4A, 09, F2, FF, FF, ...] .text C:\Windows\system32\svchost.exe[2112] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 000000007732d510 12 bytes [48, B8, B4, 08, F2, FF, FF, ...] .text C:\Windows\system32\svchost.exe[2112] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 000000007732d520 12 bytes [48, B8, A8, 23, F2, FF, FF, ...] .text C:\Windows\system32\svchost.exe[2112] C:\Windows\SYSTEM32\ntdll.dll!RtlReportException + 1 000000007739e391 11 bytes [B8, E8, 10, F2, FF, FF, 07, ...] .text C:\Windows\system32\svchost.exe[2112] C:\Windows\system32\kernel32.dll!Process32NextW + 1 00000000770c1b21 11 bytes [B8, 02, 15, F2, FF, FF, 07, ...] .text C:\Windows\system32\svchost.exe[2112] C:\Windows\system32\kernel32.dll!CreateToolhelp32Snapshot 00000000770c1c10 12 bytes [48, B8, 1E, 08, F2, FF, FF, ...] .text C:\Windows\system32\svchost.exe[2112] C:\Windows\system32\kernel32.dll!MoveFileExW + 1 00000000770c2b61 8 bytes [B8, 86, 18, F2, FF, FF, 07, ...] .text C:\Windows\system32\svchost.exe[2112] C:\Windows\system32\kernel32.dll!MoveFileExW + 10 00000000770c2b6a 2 bytes [50, C3] .text C:\Windows\system32\svchost.exe[2112] C:\Windows\system32\kernel32.dll!CreateProcessInternalW 00000000770ddd20 12 bytes [48, B8, 9A, 04, F2, FF, FF, ...] .text C:\Windows\system32\svchost.exe[2112] C:\Windows\system32\kernel32.dll!GetStartupInfoA + 1 00000000770e08c1 11 bytes [B8, 7C, 22, F2, FF, FF, 07, ...] .text C:\Windows\system32\svchost.exe[2112] C:\Windows\system32\kernel32.dll!ReadConsoleInputW + 1 00000000771154f1 11 bytes [B8, 90, 0E, F2, FF, FF, 07, ...] .text C:\Windows\system32\svchost.exe[2112] C:\Windows\system32\kernel32.dll!ReadConsoleInputA + 1 0000000077115511 11 bytes [B8, FA, 0D, F2, FF, FF, 07, ...] .text C:\Windows\system32\svchost.exe[2112] C:\Windows\system32\kernel32.dll!ReadConsoleW 000000007712a830 12 bytes [48, B8, BC, 0F, F2, FF, FF, ...] .text C:\Windows\system32\svchost.exe[2112] C:\Windows\system32\kernel32.dll!ReadConsoleA 000000007712a940 12 bytes [48, B8, 26, 0F, F2, FF, FF, ...] .text C:\Windows\system32\svchost.exe[2112] C:\Windows\system32\kernel32.dll!MoveFileWithProgressW + 1 000000007714f6e1 11 bytes [B8, B2, 19, F2, FF, FF, 07, ...] .text C:\Windows\system32\svchost.exe[2112] C:\Windows\system32\kernel32.dll!MoveFileWithProgressA + 1 000000007714f8e1 11 bytes [B8, 1C, 19, F2, FF, FF, 07, ...] .text C:\Windows\system32\svchost.exe[2112] C:\Windows\system32\kernel32.dll!MoveFileExA + 1 000000007714f911 8 bytes [B8, F0, 17, F2, FF, FF, 07, ...] .text C:\Windows\system32\svchost.exe[2112] C:\Windows\system32\kernel32.dll!MoveFileExA + 10 000000007714f91a 2 bytes [50, C3] .text C:\Windows\system32\svchost.exe[2112] C:\Windows\system32\KERNELBASE.dll!CloseHandle + 1 000007fefd251861 11 bytes [B8, CE, 0C, F2, FF, FF, 07, ...] .text C:\Windows\system32\svchost.exe[2112] C:\Windows\system32\KERNELBASE.dll!GetProcAddress + 1 000007fefd253371 11 bytes [B8, 6C, 14, F2, FF, FF, 07, ...] .text C:\Windows\system32\svchost.exe[2112] C:\Windows\system32\KERNELBASE.dll!FindClose + 1 000007fefd256401 11 bytes [B8, 8E, 1F, F2, FF, FF, 07, ...] .text C:\Windows\system32\svchost.exe[2112] C:\Windows\system32\KERNELBASE.dll!FindFirstFileExW 000007fefd256620 12 bytes [48, B8, 62, 1E, F2, FF, FF, ...] .text C:\Windows\system32\svchost.exe[2112] C:\Windows\system32\KERNELBASE.dll!FindNextFileW + 1 000007fefd257901 11 bytes [B8, F8, 1E, F2, FF, FF, 07, ...] .text C:\Windows\system32\svchost.exe[2112] C:\Windows\system32\KERNELBASE.dll!CreateMutexW 000007fefd258750 9 bytes [48, B8, 38, 0C, F2, FF, FF, ...] .text C:\Windows\system32\svchost.exe[2112] C:\Windows\system32\KERNELBASE.dll!CreateMutexW + 10 000007fefd25875a 2 bytes [50, C3] .text C:\Windows\system32\svchost.exe[2112] C:\Windows\system32\KERNELBASE.dll!CreateWellKnownSid + 1 000007fefd25a5c1 11 bytes [B8, 24, 20, F2, FF, FF, 07, ...] .text C:\Windows\system32\svchost.exe[2112] C:\Windows\system32\KERNELBASE.dll!FreeLibrary + 1 000007fefd25aa61 11 bytes [B8, D6, 13, F2, FF, FF, 07, ...] .text C:\Windows\system32\svchost.exe[2112] C:\Windows\system32\KERNELBASE.dll!CreateRemoteThreadEx 000007fefd25acb0 12 bytes [48, B8, CC, 1D, F2, FF, FF, ...] .text C:\Windows\system32\svchost.exe[2112] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExA + 1 000007fefd25c751 11 bytes [B8, AA, 12, F2, FF, FF, 07, ...] .text C:\Windows\system32\svchost.exe[2112] C:\Windows\system32\KERNELBASE.dll!OpenThread + 1 000007fefd25ef51 11 bytes [B8, E0, 09, F2, FF, FF, 07, ...] .text C:\Windows\system32\svchost.exe[2112] C:\Windows\system32\KERNELBASE.dll!OpenMutexW + 1 000007fefd261c41 11 bytes [B8, A2, 0B, F2, FF, FF, 07, ...] .text C:\Windows\system32\svchost.exe[2112] C:\Windows\system32\KERNELBASE.dll!DeleteFileW + 1 000007fefd263291 11 bytes [B8, 48, 1A, F2, FF, FF, 07, ...] .text C:\Windows\system32\svchost.exe[2112] C:\Windows\system32\KERNELBASE.dll!DeleteFileA + 1 000007fefd2635a1 11 bytes [B8, DE, 1A, F2, FF, FF, 07, ...] .text C:\Windows\system32\svchost.exe[2112] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd269ac0 12 bytes [48, B8, 40, 13, F2, FF, FF, ...] .text C:\Windows\system32\svchost.exe[2112] C:\Windows\system32\KERNELBASE.dll!WriteProcessMemory 000007fefd2838a0 12 bytes [48, B8, 0C, 0B, F2, FF, FF, ...] .text C:\Windows\system32\svchost.exe[2112] C:\Windows\system32\KERNELBASE.dll!DefineDosDeviceW + 1 000007fefd28ff01 11 bytes [B8, 5A, 17, F2, FF, FF, 07, ...] .text C:\Windows\system32\svchost.exe[2112] C:\Windows\system32\KERNELBASE.dll!CreateRemoteThread + 1 000007fefd2922c1 8 bytes [B8, AC, 01, F2, FF, FF, 07, ...] .text C:\Windows\system32\svchost.exe[2112] C:\Windows\system32\KERNELBASE.dll!CreateRemoteThread + 10 000007fefd2922ca 2 bytes [50, C3] .text C:\Windows\system32\svchost.exe[2112] C:\Windows\system32\KERNELBASE.dll!CreateThread + 1 000007fefd292301 11 bytes [B8, 76, 0A, F2, FF, FF, 07, ...] .text C:\Windows\system32\svchost.exe[2112] C:\Windows\system32\GDI32.dll!GdiDllInitialize + 353 000007feff3caf11 11 bytes [B8, D4, 24, F2, FF, FF, 07, ...] .text C:\Windows\system32\svchost.exe[2112] C:\Windows\system32\GDI32.dll!SetBrushAttributes + 1 000007feff3e49a9 11 bytes [B8, AA, 38, F2, FF, FF, 07, ...] .text C:\Windows\system32\svchost.exe[2112] C:\Windows\system32\GDI32.dll!ClearBrushAttributes + 1 000007feff3e49c9 11 bytes [B8, 40, 39, F2, FF, FF, 07, ...] .text C:\Windows\system32\svchost.exe[2112] C:\Windows\system32\GDI32.dll!NamedEscape + 1 000007feff3f9271 11 bytes [B8, D6, 39, F2, FF, FF, 07, ...] .text C:\Windows\system32\svchost.exe[2112] C:\Windows\system32\ADVAPI32.dll!CryptExportKey + 1 000007fefeb7ac21 11 bytes [B8, 0A, 44, F2, FF, FF, 07, ...] .text C:\Windows\system32\svchost.exe[2112] C:\Windows\system32\ADVAPI32.dll!CryptAcquireContextA + 1 000007fefeb7ac7d 11 bytes [B8, 32, 41, F2, FF, FF, 07, ...] .text C:\Windows\system32\svchost.exe[2112] C:\Windows\system32\ADVAPI32.dll!CryptImportKey + 1 000007fefeb7e415 11 bytes [B8, B6, 45, F2, FF, FF, 07, ...] .text C:\Windows\system32\svchost.exe[2112] C:\Windows\system32\ADVAPI32.dll!OpenServiceW 000007fefeb7e514 12 bytes [48, B8, 82, 3B, F2, FF, FF, ...] .text C:\Windows\system32\svchost.exe[2112] C:\Windows\system32\ADVAPI32.dll!CryptAcquireContextW + 1 000007fefeb801bd 11 bytes [B8, C8, 41, F2, FF, FF, 07, ...] .text C:\Windows\system32\svchost.exe[2112] C:\Windows\system32\ADVAPI32.dll!CryptCreateHash + 1 000007fefeb80291 11 bytes [B8, 74, 43, F2, FF, FF, 07, ...] .text C:\Windows\system32\svchost.exe[2112] C:\Windows\system32\ADVAPI32.dll!CryptGetHashParam + 1 000007fefeb802bd 11 bytes [B8, A0, 44, F2, FF, FF, 07, ...] .text C:\Windows\system32\svchost.exe[2112] C:\Windows\system32\ADVAPI32.dll!CloseServiceHandle 000007fefeb8a830 12 bytes [48, B8, 70, 3F, F2, FF, FF, ...] .text C:\Windows\system32\svchost.exe[2112] C:\Windows\system32\ADVAPI32.dll!IsTextUnicode + 49 000007fefeb94291 11 bytes [B8, 6C, 3A, F2, FF, FF, 07, ...] .text C:\Windows\system32\svchost.exe[2112] C:\Windows\system32\ADVAPI32.dll!CreateServiceW 000007fefeb949b0 12 bytes [48, B8, 9C, 40, F2, FF, FF, ...] .text C:\Windows\system32\svchost.exe[2112] C:\Windows\system32\ADVAPI32.dll!CryptEncrypt + 1 000007fefebaa409 7 bytes [B8, DE, 42, F2, FF, FF, 07] .text C:\Windows\system32\svchost.exe[2112] C:\Windows\system32\ADVAPI32.dll!CryptEncrypt + 10 000007fefebaa412 2 bytes [50, C3] .text C:\Windows\system32\svchost.exe[2112] C:\Windows\system32\ADVAPI32.dll!CreateServiceA 000007fefebaa490 12 bytes [48, B8, 06, 40, F2, FF, FF, ...] .text C:\Windows\system32\svchost.exe[2112] C:\Windows\system32\ADVAPI32.dll!ControlServiceExW 000007fefebaa5e8 36 bytes [48, B8, AE, 3C, F2, FF, FF, ...] .text C:\Windows\system32\svchost.exe[2112] C:\Windows\system32\ADVAPI32.dll!ChangeServiceConfigA 000007fefebaa66c 12 bytes [48, B8, 44, 3E, F2, FF, FF, ...] .text C:\Windows\system32\svchost.exe[2112] C:\Windows\system32\WS2_32.dll!WSASend + 1 000007fefea813b1 11 bytes [B8, FC, 4A, F2, FF, FF, 07, ...] .text C:\Windows\system32\svchost.exe[2112] C:\Windows\system32\WS2_32.dll!closesocket 000007fefea818e0 12 bytes [48, B8, 66, 4A, F2, FF, FF, ...] .text C:\Windows\system32\svchost.exe[2112] C:\Windows\system32\WS2_32.dll!WSASocketW + 1 000007fefea81bd1 11 bytes [B8, D0, 49, F2, FF, FF, 07, ...] .text C:\Windows\system32\svchost.exe[2112] C:\Windows\system32\WS2_32.dll!WSARecv + 1 000007fefea82201 11 bytes [B8, 54, 4D, F2, FF, FF, 07, ...] .text C:\Windows\system32\svchost.exe[2112] C:\Windows\system32\WS2_32.dll!GetAddrInfoW 000007fefea823c0 12 bytes [48, B8, 78, 47, F2, FF, FF, ...] .text C:\Windows\system32\svchost.exe[2112] C:\Windows\system32\WS2_32.dll!connect 000007fefea842f0 12 bytes [48, B8, E2, 46, F2, FF, FF, ...] .text C:\Windows\system32\svchost.exe[2112] C:\Windows\system32\WS2_32.dll!send + 1 000007fefea87cd1 11 bytes [B8, 3A, 49, F2, FF, FF, 07, ...] .text C:\Windows\system32\svchost.exe[2112] C:\Windows\system32\WS2_32.dll!gethostbyname 000007fefea88ac0 8 bytes [48, B8, A4, 48, F2, FF, FF, ...] .text C:\Windows\system32\svchost.exe[2112] C:\Windows\system32\WS2_32.dll!gethostbyname + 9 000007fefea88ac9 3 bytes [00, 50, C3] .text C:\Windows\system32\svchost.exe[2112] C:\Windows\system32\WS2_32.dll!GetAddrInfoExW 000007fefea8be40 12 bytes [48, B8, 0E, 48, F2, FF, FF, ...] .text C:\Windows\system32\svchost.exe[2112] C:\Windows\system32\WS2_32.dll!socket + 1 000007fefea8d911 11 bytes [B8, 92, 4B, F2, FF, FF, 07, ...] .text C:\Windows\system32\svchost.exe[2112] C:\Windows\system32\WS2_32.dll!recv + 1 000007fefea8d9c1 11 bytes [B8, BE, 4C, F2, FF, FF, 07, ...] .text C:\Windows\system32\svchost.exe[2112] C:\Windows\system32\WS2_32.dll!WSAConnect + 1 000007fefeaae081 11 bytes [B8, 28, 4C, F2, FF, FF, 07, ...] .text C:\Windows\system32\taskhost.exe[2160] C:\Windows\SYSTEM32\ntdll.dll!RtlEqualSid + 1 00000000773076b1 11 bytes [B8, 7C, 22, F2, FF, FF, 07, ...] .text C:\Windows\system32\taskhost.exe[2160] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateProcessParametersEx + 1 0000000077315121 7 bytes [B8, 64, 0D, F2, FF, FF, 07] .text C:\Windows\system32\taskhost.exe[2160] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateProcessParametersEx + 10 000000007731512a 2 bytes [50, C3] .text C:\Windows\system32\taskhost.exe[2160] C:\Windows\SYSTEM32\ntdll.dll!NtClose 000000007732be20 12 bytes [48, B8, 98, 15, F2, FF, FF, ...] .text C:\Windows\system32\taskhost.exe[2160] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory 000000007732beb0 12 bytes [48, B8, 36, 1D, F2, FF, FF, ...] .text C:\Windows\system32\taskhost.exe[2160] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess 000000007732bef0 12 bytes [48, B8, 14, 12, F2, FF, FF, ...] .text C:\Windows\system32\taskhost.exe[2160] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationToken 000000007732bf40 12 bytes [48, B8, E6, 21, F2, FF, FF, ...] .text C:\Windows\system32\taskhost.exe[2160] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 000000007732bf90 12 bytes [48, B8, 5C, 06, F2, FF, FF, ...] .text C:\Windows\system32\taskhost.exe[2160] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 000000007732bfb0 12 bytes [48, B8, 80, 00, F2, FF, FF, ...] .text C:\Windows\system32\taskhost.exe[2160] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection 000000007732bfd0 12 bytes [48, B8, 16, 01, F2, FF, FF, ...] .text C:\Windows\system32\taskhost.exe[2160] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000000007732bff0 12 bytes [48, B8, 7E, 11, F2, FF, FF, ...] .text C:\Windows\system32\taskhost.exe[2160] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 000000007732c0a0 12 bytes [48, B8, A8, 23, F2, FF, FF, ...] .text C:\Windows\system32\taskhost.exe[2160] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000000007732c0d0 12 bytes [48, B8, 30, 05, F2, FF, FF, ...] .text C:\Windows\system32\taskhost.exe[2160] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 000000007732c0f0 12 bytes [48, B8, 88, 07, F2, FF, FF, ...] .text C:\Windows\system32\taskhost.exe[2160] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 000000007732c130 12 bytes [48, B8, 0A, 1C, F2, FF, FF, ...] .text C:\Windows\system32\taskhost.exe[2160] C:\Windows\SYSTEM32\ntdll.dll!NtAdjustPrivilegesToken 000000007732c140 12 bytes [48, B8, 48, 1A, F2, FF, FF, ...] .text C:\Windows\system32\taskhost.exe[2160] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 000000007732c180 12 bytes [48, B8, F2, 06, F2, FF, FF, ...] .text C:\Windows\system32\taskhost.exe[2160] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcessEx 000000007732c200 12 bytes [48, B8, 04, 04, F2, FF, FF, ...] .text C:\Windows\system32\taskhost.exe[2160] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 000000007732c210 12 bytes [48, B8, D8, 02, F2, FF, FF, ...] .text C:\Windows\system32\taskhost.exe[2160] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory 000000007732c230 12 bytes [48, B8, CC, 1D, F2, FF, FF, ...] .text C:\Windows\system32\taskhost.exe[2160] C:\Windows\SYSTEM32\ntdll.dll!NtSetValueKey 000000007732c330 12 bytes [48, B8, D4, 24, F2, FF, FF, ...] .text C:\Windows\system32\taskhost.exe[2160] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 000000007732c700 12 bytes [48, B8, A0, 1C, F2, FF, FF, ...] .text C:\Windows\system32\taskhost.exe[2160] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcess 000000007732c750 12 bytes [48, B8, 6E, 03, F2, FF, FF, ...] .text C:\Windows\system32\taskhost.exe[2160] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 000000007732c7b0 12 bytes [48, B8, 42, 02, F2, FF, FF, ...] .text C:\Windows\system32\taskhost.exe[2160] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 000000007732cb20 12 bytes [48, B8, 2E, 16, F2, FF, FF, ...] .text C:\Windows\system32\taskhost.exe[2160] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcessToken 000000007732ccf0 12 bytes [48, B8, 50, 21, F2, FF, FF, ...] .text C:\Windows\system32\taskhost.exe[2160] C:\Windows\SYSTEM32\ntdll.dll!NtRaiseHardError 000000007732d060 12 bytes [48, B8, 52, 10, F2, FF, FF, ...] .text C:\Windows\system32\taskhost.exe[2160] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 000000007732d260 12 bytes [48, B8, C6, 05, F2, FF, FF, ...] .text C:\Windows\system32\taskhost.exe[2160] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 000000007732d420 12 bytes [48, B8, C4, 16, F2, FF, FF, ...] .text C:\Windows\system32\taskhost.exe[2160] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 000000007732d500 12 bytes [48, B8, 4A, 09, F2, FF, FF, ...] .text C:\Windows\system32\taskhost.exe[2160] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 000000007732d510 12 bytes [48, B8, B4, 08, F2, FF, FF, ...] .text C:\Windows\system32\taskhost.exe[2160] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 000000007732d520 12 bytes [48, B8, 3E, 24, F2, FF, FF, ...] .text C:\Windows\system32\taskhost.exe[2160] C:\Windows\SYSTEM32\ntdll.dll!RtlReportException + 1 000000007739e391 11 bytes [B8, E8, 10, F2, FF, FF, 07, ...] .text C:\Windows\system32\taskhost.exe[2160] C:\Windows\system32\kernel32.dll!Process32NextW + 1 00000000770c1b21 11 bytes [B8, 02, 15, F2, FF, FF, 07, ...] .text C:\Windows\system32\taskhost.exe[2160] C:\Windows\system32\kernel32.dll!CreateToolhelp32Snapshot 00000000770c1c10 12 bytes [48, B8, 1E, 08, F2, FF, FF, ...] .text C:\Windows\system32\taskhost.exe[2160] C:\Windows\system32\kernel32.dll!MoveFileExW + 1 00000000770c2b61 8 bytes [B8, 86, 18, F2, FF, FF, 07, ...] .text C:\Windows\system32\taskhost.exe[2160] C:\Windows\system32\kernel32.dll!MoveFileExW + 10 00000000770c2b6a 2 bytes [50, C3] .text C:\Windows\system32\taskhost.exe[2160] C:\Windows\system32\kernel32.dll!CreateProcessInternalW 00000000770ddd20 12 bytes [48, B8, 9A, 04, F2, FF, FF, ...] .text C:\Windows\system32\taskhost.exe[2160] C:\Windows\system32\kernel32.dll!GetStartupInfoA + 1 00000000770e08c1 11 bytes [B8, 12, 23, F2, FF, FF, 07, ...] .text C:\Windows\system32\taskhost.exe[2160] C:\Windows\system32\kernel32.dll!ReadConsoleInputW + 1 00000000771154f1 11 bytes [B8, 90, 0E, F2, FF, FF, 07, ...] .text C:\Windows\system32\taskhost.exe[2160] C:\Windows\system32\kernel32.dll!ReadConsoleInputA + 1 0000000077115511 11 bytes [B8, FA, 0D, F2, FF, FF, 07, ...] .text C:\Windows\system32\taskhost.exe[2160] C:\Windows\system32\kernel32.dll!ReadConsoleW 000000007712a830 12 bytes [48, B8, BC, 0F, F2, FF, FF, ...] .text C:\Windows\system32\taskhost.exe[2160] C:\Windows\system32\kernel32.dll!ReadConsoleA 000000007712a940 12 bytes [48, B8, 26, 0F, F2, FF, FF, ...] .text C:\Windows\system32\taskhost.exe[2160] C:\Windows\system32\kernel32.dll!MoveFileWithProgressW + 1 000000007714f6e1 11 bytes [B8, B2, 19, F2, FF, FF, 07, ...] .text C:\Windows\system32\taskhost.exe[2160] C:\Windows\system32\kernel32.dll!MoveFileWithProgressA + 1 000000007714f8e1 11 bytes [B8, 1C, 19, F2, FF, FF, 07, ...] .text C:\Windows\system32\taskhost.exe[2160] C:\Windows\system32\kernel32.dll!MoveFileExA + 1 000000007714f911 8 bytes [B8, F0, 17, F2, FF, FF, 07, ...] .text C:\Windows\system32\taskhost.exe[2160] C:\Windows\system32\kernel32.dll!MoveFileExA + 10 000000007714f91a 2 bytes [50, C3] .text C:\Windows\system32\taskhost.exe[2160] C:\Windows\system32\KERNELBASE.dll!CloseHandle + 1 000007fefd251861 11 bytes [B8, CE, 0C, F2, FF, FF, 07, ...] .text C:\Windows\system32\taskhost.exe[2160] C:\Windows\system32\KERNELBASE.dll!GetProcAddress + 1 000007fefd253371 11 bytes [B8, 6C, 14, F2, FF, FF, 07, ...] .text C:\Windows\system32\taskhost.exe[2160] C:\Windows\system32\KERNELBASE.dll!FindClose + 1 000007fefd256401 11 bytes [B8, 24, 20, F2, FF, FF, 07, ...] .text C:\Windows\system32\taskhost.exe[2160] C:\Windows\system32\KERNELBASE.dll!FindFirstFileExW 000007fefd256620 12 bytes [48, B8, F8, 1E, F2, FF, FF, ...] .text C:\Windows\system32\taskhost.exe[2160] C:\Windows\system32\KERNELBASE.dll!FindNextFileW + 1 000007fefd257901 11 bytes [B8, 8E, 1F, F2, FF, FF, 07, ...] .text C:\Windows\system32\taskhost.exe[2160] C:\Windows\system32\KERNELBASE.dll!CreateMutexW 000007fefd258750 9 bytes [48, B8, 38, 0C, F2, FF, FF, ...] .text C:\Windows\system32\taskhost.exe[2160] C:\Windows\system32\KERNELBASE.dll!CreateMutexW + 10 000007fefd25875a 2 bytes [50, C3] .text C:\Windows\system32\taskhost.exe[2160] C:\Windows\system32\KERNELBASE.dll!CreateWellKnownSid + 1 000007fefd25a5c1 11 bytes [B8, BA, 20, F2, FF, FF, 07, ...] .text C:\Windows\system32\taskhost.exe[2160] C:\Windows\system32\KERNELBASE.dll!FreeLibrary + 1 000007fefd25aa61 11 bytes [B8, D6, 13, F2, FF, FF, 07, ...] .text C:\Windows\system32\taskhost.exe[2160] C:\Windows\system32\KERNELBASE.dll!CreateRemoteThreadEx 000007fefd25acb0 12 bytes [48, B8, 62, 1E, F2, FF, FF, ...] .text C:\Windows\system32\taskhost.exe[2160] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExA + 1 000007fefd25c751 11 bytes [B8, AA, 12, F2, FF, FF, 07, ...] .text C:\Windows\system32\taskhost.exe[2160] C:\Windows\system32\KERNELBASE.dll!OpenThread + 1 000007fefd25ef51 11 bytes [B8, E0, 09, F2, FF, FF, 07, ...] .text C:\Windows\system32\taskhost.exe[2160] C:\Windows\system32\KERNELBASE.dll!OpenMutexW + 1 000007fefd261c41 11 bytes [B8, A2, 0B, F2, FF, FF, 07, ...] .text C:\Windows\system32\taskhost.exe[2160] C:\Windows\system32\KERNELBASE.dll!DeleteFileW + 1 000007fefd263291 11 bytes [B8, DE, 1A, F2, FF, FF, 07, ...] .text C:\Windows\system32\taskhost.exe[2160] C:\Windows\system32\KERNELBASE.dll!DeleteFileA + 1 000007fefd2635a1 11 bytes [B8, 74, 1B, F2, FF, FF, 07, ...] .text C:\Windows\system32\taskhost.exe[2160] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd269ac0 12 bytes [48, B8, 40, 13, F2, FF, FF, ...] .text C:\Windows\system32\taskhost.exe[2160] C:\Windows\system32\KERNELBASE.dll!WriteProcessMemory 000007fefd2838a0 12 bytes [48, B8, 0C, 0B, F2, FF, FF, ...] .text C:\Windows\system32\taskhost.exe[2160] C:\Windows\system32\KERNELBASE.dll!DefineDosDeviceW + 1 000007fefd28ff01 11 bytes [B8, 5A, 17, F2, FF, FF, 07, ...] .text C:\Windows\system32\taskhost.exe[2160] C:\Windows\system32\KERNELBASE.dll!CreateRemoteThread + 1 000007fefd2922c1 8 bytes [B8, AC, 01, F2, FF, FF, 07, ...] .text C:\Windows\system32\taskhost.exe[2160] C:\Windows\system32\KERNELBASE.dll!CreateRemoteThread + 10 000007fefd2922ca 2 bytes [50, C3] .text C:\Windows\system32\taskhost.exe[2160] C:\Windows\system32\KERNELBASE.dll!CreateThread + 1 000007fefd292301 11 bytes [B8, 76, 0A, F2, FF, FF, 07, ...] .text C:\Windows\system32\taskhost.exe[2160] C:\Windows\system32\GDI32.dll!GdiDllInitialize + 353 000007feff3caf11 11 bytes [B8, 6A, 25, F2, FF, FF, 07, ...] .text C:\Windows\system32\taskhost.exe[2160] C:\Windows\system32\GDI32.dll!SetBrushAttributes + 1 000007feff3e49a9 11 bytes [B8, 40, 39, F2, FF, FF, 07, ...] .text C:\Windows\system32\taskhost.exe[2160] C:\Windows\system32\GDI32.dll!ClearBrushAttributes + 1 000007feff3e49c9 11 bytes [B8, D6, 39, F2, FF, FF, 07, ...] .text C:\Windows\system32\taskhost.exe[2160] C:\Windows\system32\GDI32.dll!NamedEscape + 1 000007feff3f9271 11 bytes [B8, 6C, 3A, F2, FF, FF, 07, ...] .text C:\Windows\system32\taskhost.exe[2160] C:\Windows\system32\ADVAPI32.dll!CryptExportKey + 1 000007fefeb7ac21 11 bytes [B8, A0, 44, F2, FF, FF, 07, ...] .text C:\Windows\system32\taskhost.exe[2160] C:\Windows\system32\ADVAPI32.dll!CryptAcquireContextA + 1 000007fefeb7ac7d 11 bytes [B8, C8, 41, F2, FF, FF, 07, ...] .text C:\Windows\system32\taskhost.exe[2160] C:\Windows\system32\ADVAPI32.dll!CryptImportKey + 1 000007fefeb7e415 11 bytes [B8, 4C, 46, F2, FF, FF, 07, ...] .text C:\Windows\system32\taskhost.exe[2160] C:\Windows\system32\ADVAPI32.dll!OpenServiceW 000007fefeb7e514 12 bytes [48, B8, 18, 3C, F2, FF, FF, ...] .text C:\Windows\system32\taskhost.exe[2160] C:\Windows\system32\ADVAPI32.dll!CryptAcquireContextW + 1 000007fefeb801bd 11 bytes [B8, 5E, 42, F2, FF, FF, 07, ...] .text C:\Windows\system32\taskhost.exe[2160] C:\Windows\system32\ADVAPI32.dll!CryptCreateHash + 1 000007fefeb80291 11 bytes [B8, 0A, 44, F2, FF, FF, 07, ...] .text C:\Windows\system32\taskhost.exe[2160] C:\Windows\system32\ADVAPI32.dll!CryptGetHashParam + 1 000007fefeb802bd 11 bytes [B8, 36, 45, F2, FF, FF, 07, ...] .text C:\Windows\system32\taskhost.exe[2160] C:\Windows\system32\ADVAPI32.dll!CloseServiceHandle 000007fefeb8a830 12 bytes [48, B8, 06, 40, F2, FF, FF, ...] .text C:\Windows\system32\taskhost.exe[2160] C:\Windows\system32\ADVAPI32.dll!IsTextUnicode + 49 000007fefeb94291 11 bytes [B8, 02, 3B, F2, FF, FF, 07, ...] .text C:\Windows\system32\taskhost.exe[2160] C:\Windows\system32\ADVAPI32.dll!CreateServiceW 000007fefeb949b0 12 bytes [48, B8, 32, 41, F2, FF, FF, ...] .text C:\Windows\system32\taskhost.exe[2160] C:\Windows\system32\ADVAPI32.dll!CryptEncrypt + 1 000007fefebaa409 7 bytes [B8, 74, 43, F2, FF, FF, 07] .text C:\Windows\system32\taskhost.exe[2160] C:\Windows\system32\ADVAPI32.dll!CryptEncrypt + 10 000007fefebaa412 2 bytes [50, C3] .text C:\Windows\system32\taskhost.exe[2160] C:\Windows\system32\ADVAPI32.dll!CreateServiceA 000007fefebaa490 12 bytes [48, B8, 9C, 40, F2, FF, FF, ...] .text C:\Windows\system32\taskhost.exe[2160] C:\Windows\system32\ADVAPI32.dll!ControlServiceExW 000007fefebaa5e8 36 bytes [48, B8, 44, 3D, F2, FF, FF, ...] .text C:\Windows\system32\taskhost.exe[2160] C:\Windows\system32\ADVAPI32.dll!ChangeServiceConfigA 000007fefebaa66c 12 bytes [48, B8, DA, 3E, F2, FF, FF, ...] .text C:\Windows\Explorer.EXE[2288] C:\Windows\SYSTEM32\ntdll.dll!RtlEqualSid + 1 00000000773076b1 11 bytes [B8, B2, 19, F2, FF, FF, 07, ...] .text C:\Windows\Explorer.EXE[2288] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateProcessParametersEx + 1 0000000077315121 7 bytes [B8, A2, 0B, F2, FF, FF, 07] .text C:\Windows\Explorer.EXE[2288] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateProcessParametersEx + 10 000000007731512a 2 bytes [50, C3] .text C:\Windows\Explorer.EXE[2288] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory 000000007732beb0 12 bytes [48, B8, 6C, 14, F2, FF, FF, ...] .text C:\Windows\Explorer.EXE[2288] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess 000000007732bef0 12 bytes [48, B8, CE, 0C, F2, FF, FF, ...] .text C:\Windows\Explorer.EXE[2288] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationToken 000000007732bf40 12 bytes [48, B8, 1C, 19, F2, FF, FF, ...] .text C:\Windows\Explorer.EXE[2288] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 000000007732bf90 12 bytes [48, B8, 5C, 06, F2, FF, FF, ...] .text C:\Windows\Explorer.EXE[2288] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 000000007732bfb0 12 bytes [48, B8, 80, 00, F2, FF, FF, ...] .text C:\Windows\Explorer.EXE[2288] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection 000000007732bfd0 12 bytes [48, B8, 16, 01, F2, FF, FF, ...] .text C:\Windows\Explorer.EXE[2288] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000000007732bff0 12 bytes [48, B8, 38, 0C, F2, FF, FF, ...] .text C:\Windows\Explorer.EXE[2288] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 000000007732c0a0 12 bytes [48, B8, DE, 1A, F2, FF, FF, ...] .text C:\Windows\Explorer.EXE[2288] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000000007732c0d0 12 bytes [48, B8, 30, 05, F2, FF, FF, ...] .text C:\Windows\Explorer.EXE[2288] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 000000007732c0f0 12 bytes [48, B8, 88, 07, F2, FF, FF, ...] .text C:\Windows\Explorer.EXE[2288] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 000000007732c130 12 bytes [48, B8, 40, 13, F2, FF, FF, ...] .text C:\Windows\Explorer.EXE[2288] C:\Windows\SYSTEM32\ntdll.dll!NtAdjustPrivilegesToken 000000007732c140 12 bytes [48, B8, 7E, 11, F2, FF, FF, ...] .text C:\Windows\Explorer.EXE[2288] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 000000007732c180 12 bytes [48, B8, F2, 06, F2, FF, FF, ...] .text C:\Windows\Explorer.EXE[2288] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcessEx 000000007732c200 12 bytes [48, B8, 04, 04, F2, FF, FF, ...] .text C:\Windows\Explorer.EXE[2288] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 000000007732c210 12 bytes [48, B8, D8, 02, F2, FF, FF, ...] .text C:\Windows\Explorer.EXE[2288] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory 000000007732c230 12 bytes [48, B8, 02, 15, F2, FF, FF, ...] .text C:\Windows\Explorer.EXE[2288] C:\Windows\SYSTEM32\ntdll.dll!NtSetValueKey 000000007732c330 12 bytes [48, B8, 0A, 1C, F2, FF, FF, ...] .text C:\Windows\Explorer.EXE[2288] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 000000007732c700 12 bytes [48, B8, D6, 13, F2, FF, FF, ...] .text C:\Windows\Explorer.EXE[2288] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcess 000000007732c750 12 bytes [48, B8, 6E, 03, F2, FF, FF, ...] .text C:\Windows\Explorer.EXE[2288] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 000000007732c7b0 12 bytes [48, B8, 42, 02, F2, FF, FF, ...] .text C:\Windows\Explorer.EXE[2288] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 000000007732cb20 12 bytes [48, B8, 64, 0D, F2, FF, FF, ...] .text C:\Windows\Explorer.EXE[2288] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcessToken 000000007732ccf0 12 bytes [48, B8, 86, 18, F2, FF, FF, ...] .text C:\Windows\Explorer.EXE[2288] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 000000007732d260 12 bytes [48, B8, C6, 05, F2, FF, FF, ...] .text C:\Windows\Explorer.EXE[2288] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 000000007732d420 12 bytes [48, B8, FA, 0D, F2, FF, FF, ...] .text C:\Windows\Explorer.EXE[2288] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 000000007732d500 12 bytes [48, B8, 4A, 09, F2, FF, FF, ...] .text C:\Windows\Explorer.EXE[2288] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 000000007732d510 12 bytes [48, B8, B4, 08, F2, FF, FF, ...] .text C:\Windows\Explorer.EXE[2288] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 000000007732d520 12 bytes [48, B8, 74, 1B, F2, FF, FF, ...] .text C:\Windows\Explorer.EXE[2288] C:\Windows\system32\kernel32.dll!CreateToolhelp32Snapshot 00000000770c1c10 12 bytes [48, B8, 1E, 08, F2, FF, FF, ...] .text C:\Windows\Explorer.EXE[2288] C:\Windows\system32\kernel32.dll!MoveFileExW + 1 00000000770c2b61 8 bytes [B8, BC, 0F, F2, FF, FF, 07, ...] .text C:\Windows\Explorer.EXE[2288] C:\Windows\system32\kernel32.dll!MoveFileExW + 10 00000000770c2b6a 2 bytes [50, C3] .text C:\Windows\Explorer.EXE[2288] C:\Windows\system32\kernel32.dll!CreateProcessInternalW 00000000770ddd20 12 bytes [48, B8, 9A, 04, F2, FF, FF, ...] .text C:\Windows\Explorer.EXE[2288] C:\Windows\system32\kernel32.dll!GetStartupInfoA + 1 00000000770e08c1 11 bytes [B8, 48, 1A, F2, FF, FF, 07, ...] .text C:\Windows\Explorer.EXE[2288] C:\Windows\system32\kernel32.dll!MoveFileWithProgressW + 1 000000007714f6e1 11 bytes [B8, E8, 10, F2, FF, FF, 07, ...] .text C:\Windows\Explorer.EXE[2288] C:\Windows\system32\kernel32.dll!MoveFileWithProgressA + 1 000000007714f8e1 11 bytes [B8, 52, 10, F2, FF, FF, 07, ...] .text C:\Windows\Explorer.EXE[2288] C:\Windows\system32\kernel32.dll!MoveFileExA + 1 000000007714f911 8 bytes [B8, 26, 0F, F2, FF, FF, 07, ...] .text C:\Windows\Explorer.EXE[2288] C:\Windows\system32\kernel32.dll!MoveFileExA + 10 000000007714f91a 2 bytes [50, C3] .text C:\Windows\Explorer.EXE[2288] C:\Windows\system32\KERNELBASE.dll!FindClose + 1 000007fefd256401 11 bytes [B8, 5A, 17, F2, FF, FF, 07, ...] .text C:\Windows\Explorer.EXE[2288] C:\Windows\system32\KERNELBASE.dll!FindFirstFileExW 000007fefd256620 12 bytes [48, B8, 2E, 16, F2, FF, FF, ...] .text C:\Windows\Explorer.EXE[2288] C:\Windows\system32\KERNELBASE.dll!FindNextFileW + 1 000007fefd257901 11 bytes [B8, C4, 16, F2, FF, FF, 07, ...] .text C:\Windows\Explorer.EXE[2288] C:\Windows\system32\KERNELBASE.dll!CreateWellKnownSid + 1 000007fefd25a5c1 11 bytes [B8, F0, 17, F2, FF, FF, 07, ...] .text C:\Windows\Explorer.EXE[2288] C:\Windows\system32\KERNELBASE.dll!CreateRemoteThreadEx 000007fefd25acb0 12 bytes [48, B8, 98, 15, F2, FF, FF, ...] .text C:\Windows\Explorer.EXE[2288] C:\Windows\system32\KERNELBASE.dll!OpenThread + 1 000007fefd25ef51 11 bytes [B8, E0, 09, F2, FF, FF, 07, ...] .text C:\Windows\Explorer.EXE[2288] C:\Windows\system32\KERNELBASE.dll!DeleteFileW + 1 000007fefd263291 11 bytes [B8, 14, 12, F2, FF, FF, 07, ...] .text C:\Windows\Explorer.EXE[2288] C:\Windows\system32\KERNELBASE.dll!DeleteFileA + 1 000007fefd2635a1 11 bytes [B8, AA, 12, F2, FF, FF, 07, ...] .text C:\Windows\Explorer.EXE[2288] C:\Windows\system32\KERNELBASE.dll!WriteProcessMemory 000007fefd2838a0 12 bytes [48, B8, 0C, 0B, F2, FF, FF, ...] .text C:\Windows\Explorer.EXE[2288] C:\Windows\system32\KERNELBASE.dll!DefineDosDeviceW + 1 000007fefd28ff01 11 bytes [B8, 90, 0E, F2, FF, FF, 07, ...] .text C:\Windows\Explorer.EXE[2288] C:\Windows\system32\KERNELBASE.dll!CreateRemoteThread + 1 000007fefd2922c1 8 bytes [B8, AC, 01, F2, FF, FF, 07, ...] .text C:\Windows\Explorer.EXE[2288] C:\Windows\system32\KERNELBASE.dll!CreateRemoteThread + 10 000007fefd2922ca 2 bytes [50, C3] .text C:\Windows\Explorer.EXE[2288] C:\Windows\system32\KERNELBASE.dll!CreateThread + 1 000007fefd292301 11 bytes [B8, 76, 0A, F2, FF, FF, 07, ...] .text C:\Windows\Explorer.EXE[2288] C:\Windows\system32\ADVAPI32.dll!CryptExportKey + 1 000007fefeb7ac21 11 bytes [B8, 6A, 27, F2, FF, FF, 07, ...] .text C:\Windows\Explorer.EXE[2288] C:\Windows\system32\ADVAPI32.dll!CryptAcquireContextA + 1 000007fefeb7ac7d 11 bytes [B8, 92, 24, F2, FF, FF, 07, ...] .text C:\Windows\Explorer.EXE[2288] C:\Windows\system32\ADVAPI32.dll!CryptImportKey + 1 000007fefeb7e415 11 bytes [B8, 16, 29, F2, FF, FF, 07, ...] .text C:\Windows\Explorer.EXE[2288] C:\Windows\system32\ADVAPI32.dll!OpenServiceW 000007fefeb7e514 12 bytes [48, B8, E2, 1E, F2, FF, FF, ...] .text C:\Windows\Explorer.EXE[2288] C:\Windows\system32\ADVAPI32.dll!CryptAcquireContextW + 1 000007fefeb801bd 11 bytes [B8, 28, 25, F2, FF, FF, 07, ...] .text C:\Windows\Explorer.EXE[2288] C:\Windows\system32\ADVAPI32.dll!CryptCreateHash + 1 000007fefeb80291 11 bytes [B8, D4, 26, F2, FF, FF, 07, ...] .text C:\Windows\Explorer.EXE[2288] C:\Windows\system32\ADVAPI32.dll!CryptGetHashParam + 1 000007fefeb802bd 11 bytes [B8, 00, 28, F2, FF, FF, 07, ...] .text C:\Windows\Explorer.EXE[2288] C:\Windows\system32\ADVAPI32.dll!CloseServiceHandle 000007fefeb8a830 12 bytes [48, B8, D0, 22, F2, FF, FF, ...] .text C:\Windows\Explorer.EXE[2288] C:\Windows\system32\ADVAPI32.dll!IsTextUnicode + 49 000007fefeb94291 11 bytes [B8, A0, 1C, F2, FF, FF, 07, ...] .text C:\Windows\Explorer.EXE[2288] C:\Windows\system32\ADVAPI32.dll!CreateServiceW 000007fefeb949b0 12 bytes [48, B8, FC, 23, F2, FF, FF, ...] .text C:\Windows\Explorer.EXE[2288] C:\Windows\system32\ADVAPI32.dll!CryptEncrypt + 1 000007fefebaa409 7 bytes [B8, 3E, 26, F2, FF, FF, 07] .text C:\Windows\Explorer.EXE[2288] C:\Windows\system32\ADVAPI32.dll!CryptEncrypt + 10 000007fefebaa412 2 bytes [50, C3] .text C:\Windows\Explorer.EXE[2288] C:\Windows\system32\ADVAPI32.dll!CreateServiceA 000007fefebaa490 12 bytes [48, B8, 66, 23, F2, FF, FF, ...] .text C:\Windows\Explorer.EXE[2288] C:\Windows\system32\ADVAPI32.dll!ControlServiceExW 000007fefebaa5e8 36 bytes [48, B8, 0E, 20, F2, FF, FF, ...] .text C:\Windows\Explorer.EXE[2288] C:\Windows\system32\ADVAPI32.dll!ChangeServiceConfigA 000007fefebaa66c 12 bytes [48, B8, A4, 21, F2, FF, FF, ...] .text C:\Windows\Explorer.EXE[2288] C:\Windows\system32\GDI32.dll!GdiDllInitialize + 353 000007feff3caf11 11 bytes [B8, 36, 1D, F2, FF, FF, 07, ...] .text C:\Windows\Explorer.EXE[2288] C:\Windows\system32\GDI32.dll!SetBrushAttributes + 1 000007feff3e49a9 11 bytes [B8, 8C, 33, F2, FF, FF, 07, ...] .text C:\Windows\Explorer.EXE[2288] C:\Windows\system32\GDI32.dll!ClearBrushAttributes + 1 000007feff3e49c9 11 bytes [B8, 22, 34, F2, FF, FF, 07, ...] .text C:\Windows\Explorer.EXE[2288] C:\Windows\system32\GDI32.dll!NamedEscape + 1 000007feff3f9271 11 bytes [B8, B8, 34, F2, FF, FF, 07, ...] .text C:\Windows\Explorer.EXE[2288] C:\Windows\system32\WS2_32.dll!connect 000007fefea842f0 12 bytes [48, B8, E4, 35, F2, FF, FF, ...] .text C:\Windows\system32\taskeng.exe[2340] C:\Windows\SYSTEM32\ntdll.dll!RtlEqualSid + 1 00000000773076b1 11 bytes [B8, 7C, 22, F2, FF, FF, 07, ...] .text C:\Windows\system32\taskeng.exe[2340] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateProcessParametersEx + 1 0000000077315121 7 bytes [B8, 64, 0D, F2, FF, FF, 07] .text C:\Windows\system32\taskeng.exe[2340] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateProcessParametersEx + 10 000000007731512a 2 bytes [50, C3] .text C:\Windows\system32\taskeng.exe[2340] C:\Windows\SYSTEM32\ntdll.dll!NtClose 000000007732be20 12 bytes [48, B8, 98, 15, F2, FF, FF, ...] .text C:\Windows\system32\taskeng.exe[2340] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory 000000007732beb0 12 bytes [48, B8, 36, 1D, F2, FF, FF, ...] .text C:\Windows\system32\taskeng.exe[2340] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess 000000007732bef0 12 bytes [48, B8, 14, 12, F2, FF, FF, ...] .text C:\Windows\system32\taskeng.exe[2340] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationToken 000000007732bf40 12 bytes [48, B8, E6, 21, F2, FF, FF, ...] .text C:\Windows\system32\taskeng.exe[2340] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 000000007732bf90 12 bytes [48, B8, 5C, 06, F2, FF, FF, ...] .text C:\Windows\system32\taskeng.exe[2340] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 000000007732bfb0 12 bytes [48, B8, 80, 00, F2, FF, FF, ...] .text C:\Windows\system32\taskeng.exe[2340] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection 000000007732bfd0 12 bytes [48, B8, 16, 01, F2, FF, FF, ...] .text C:\Windows\system32\taskeng.exe[2340] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000000007732bff0 12 bytes [48, B8, 7E, 11, F2, FF, FF, ...] .text C:\Windows\system32\taskeng.exe[2340] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 000000007732c0a0 12 bytes [48, B8, A8, 23, F2, FF, FF, ...] .text C:\Windows\system32\taskeng.exe[2340] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000000007732c0d0 12 bytes [48, B8, 30, 05, F2, FF, FF, ...] .text C:\Windows\system32\taskeng.exe[2340] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 000000007732c0f0 12 bytes [48, B8, 88, 07, F2, FF, FF, ...] .text C:\Windows\system32\taskeng.exe[2340] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 000000007732c130 12 bytes [48, B8, 0A, 1C, F2, FF, FF, ...] .text C:\Windows\system32\taskeng.exe[2340] C:\Windows\SYSTEM32\ntdll.dll!NtAdjustPrivilegesToken 000000007732c140 12 bytes [48, B8, 48, 1A, F2, FF, FF, ...] .text C:\Windows\system32\taskeng.exe[2340] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 000000007732c180 12 bytes [48, B8, F2, 06, F2, FF, FF, ...] .text C:\Windows\system32\taskeng.exe[2340] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcessEx 000000007732c200 12 bytes [48, B8, 04, 04, F2, FF, FF, ...] .text C:\Windows\system32\taskeng.exe[2340] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 000000007732c210 12 bytes [48, B8, D8, 02, F2, FF, FF, ...] .text C:\Windows\system32\taskeng.exe[2340] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory 000000007732c230 12 bytes [48, B8, CC, 1D, F2, FF, FF, ...] .text C:\Windows\system32\taskeng.exe[2340] C:\Windows\SYSTEM32\ntdll.dll!NtSetValueKey 000000007732c330 12 bytes [48, B8, D4, 24, F2, FF, FF, ...] .text C:\Windows\system32\taskeng.exe[2340] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 000000007732c700 12 bytes [48, B8, A0, 1C, F2, FF, FF, ...] .text C:\Windows\system32\taskeng.exe[2340] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcess 000000007732c750 12 bytes [48, B8, 6E, 03, F2, FF, FF, ...] .text C:\Windows\system32\taskeng.exe[2340] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 000000007732c7b0 12 bytes [48, B8, 42, 02, F2, FF, FF, ...] .text C:\Windows\system32\taskeng.exe[2340] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 000000007732cb20 12 bytes [48, B8, 2E, 16, F2, FF, FF, ...] .text C:\Windows\system32\taskeng.exe[2340] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcessToken 000000007732ccf0 12 bytes [48, B8, 50, 21, F2, FF, FF, ...] .text C:\Windows\system32\taskeng.exe[2340] C:\Windows\SYSTEM32\ntdll.dll!NtRaiseHardError 000000007732d060 12 bytes [48, B8, 52, 10, F2, FF, FF, ...] .text C:\Windows\system32\taskeng.exe[2340] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 000000007732d260 12 bytes [48, B8, C6, 05, F2, FF, FF, ...] .text C:\Windows\system32\taskeng.exe[2340] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 000000007732d420 12 bytes [48, B8, C4, 16, F2, FF, FF, ...] .text C:\Windows\system32\taskeng.exe[2340] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 000000007732d500 12 bytes [48, B8, 4A, 09, F2, FF, FF, ...] .text C:\Windows\system32\taskeng.exe[2340] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 000000007732d510 12 bytes [48, B8, B4, 08, F2, FF, FF, ...] .text C:\Windows\system32\taskeng.exe[2340] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 000000007732d520 12 bytes [48, B8, 3E, 24, F2, FF, FF, ...] .text C:\Windows\system32\taskeng.exe[2340] C:\Windows\SYSTEM32\ntdll.dll!RtlReportException + 1 000000007739e391 11 bytes [B8, E8, 10, F2, FF, FF, 07, ...] .text C:\Windows\system32\taskeng.exe[2340] C:\Windows\system32\kernel32.dll!Process32NextW + 1 00000000770c1b21 11 bytes [B8, 02, 15, F2, FF, FF, 07, ...] .text C:\Windows\system32\taskeng.exe[2340] C:\Windows\system32\kernel32.dll!CreateToolhelp32Snapshot 00000000770c1c10 12 bytes [48, B8, 1E, 08, F2, FF, FF, ...] .text C:\Windows\system32\taskeng.exe[2340] C:\Windows\system32\kernel32.dll!MoveFileExW + 1 00000000770c2b61 8 bytes [B8, 86, 18, F2, FF, FF, 07, ...] .text C:\Windows\system32\taskeng.exe[2340] C:\Windows\system32\kernel32.dll!MoveFileExW + 10 00000000770c2b6a 2 bytes [50, C3] .text C:\Windows\system32\taskeng.exe[2340] C:\Windows\system32\kernel32.dll!CreateProcessInternalW 00000000770ddd20 12 bytes [48, B8, 9A, 04, F2, FF, FF, ...] .text C:\Windows\system32\taskeng.exe[2340] C:\Windows\system32\kernel32.dll!GetStartupInfoA + 1 00000000770e08c1 11 bytes [B8, 12, 23, F2, FF, FF, 07, ...] .text C:\Windows\system32\taskeng.exe[2340] C:\Windows\system32\kernel32.dll!ReadConsoleInputW + 1 00000000771154f1 11 bytes [B8, 90, 0E, F2, FF, FF, 07, ...] .text C:\Windows\system32\taskeng.exe[2340] C:\Windows\system32\kernel32.dll!ReadConsoleInputA + 1 0000000077115511 11 bytes [B8, FA, 0D, F2, FF, FF, 07, ...] .text C:\Windows\system32\taskeng.exe[2340] C:\Windows\system32\kernel32.dll!ReadConsoleW 000000007712a830 12 bytes [48, B8, BC, 0F, F2, FF, FF, ...] .text C:\Windows\system32\taskeng.exe[2340] C:\Windows\system32\kernel32.dll!ReadConsoleA 000000007712a940 12 bytes [48, B8, 26, 0F, F2, FF, FF, ...] .text C:\Windows\system32\taskeng.exe[2340] C:\Windows\system32\kernel32.dll!MoveFileWithProgressW + 1 000000007714f6e1 11 bytes [B8, B2, 19, F2, FF, FF, 07, ...] .text C:\Windows\system32\taskeng.exe[2340] C:\Windows\system32\kernel32.dll!MoveFileWithProgressA + 1 000000007714f8e1 11 bytes [B8, 1C, 19, F2, FF, FF, 07, ...] .text C:\Windows\system32\taskeng.exe[2340] C:\Windows\system32\kernel32.dll!MoveFileExA + 1 000000007714f911 8 bytes [B8, F0, 17, F2, FF, FF, 07, ...] .text C:\Windows\system32\taskeng.exe[2340] C:\Windows\system32\kernel32.dll!MoveFileExA + 10 000000007714f91a 2 bytes [50, C3] .text C:\Windows\system32\taskeng.exe[2340] C:\Windows\system32\KERNELBASE.dll!CloseHandle + 1 000007fefd251861 11 bytes [B8, CE, 0C, F2, FF, FF, 07, ...] .text C:\Windows\system32\taskeng.exe[2340] C:\Windows\system32\KERNELBASE.dll!GetProcAddress + 1 000007fefd253371 11 bytes [B8, 6C, 14, F2, FF, FF, 07, ...] .text C:\Windows\system32\taskeng.exe[2340] C:\Windows\system32\KERNELBASE.dll!FindClose + 1 000007fefd256401 11 bytes [B8, 24, 20, F2, FF, FF, 07, ...] .text C:\Windows\system32\taskeng.exe[2340] C:\Windows\system32\KERNELBASE.dll!FindFirstFileExW 000007fefd256620 12 bytes [48, B8, F8, 1E, F2, FF, FF, ...] .text C:\Windows\system32\taskeng.exe[2340] C:\Windows\system32\KERNELBASE.dll!FindNextFileW + 1 000007fefd257901 11 bytes [B8, 8E, 1F, F2, FF, FF, 07, ...] .text C:\Windows\system32\taskeng.exe[2340] C:\Windows\system32\KERNELBASE.dll!CreateMutexW 000007fefd258750 9 bytes [48, B8, 38, 0C, F2, FF, FF, ...] .text C:\Windows\system32\taskeng.exe[2340] C:\Windows\system32\KERNELBASE.dll!CreateMutexW + 10 000007fefd25875a 2 bytes [50, C3] .text C:\Windows\system32\taskeng.exe[2340] C:\Windows\system32\KERNELBASE.dll!CreateWellKnownSid + 1 000007fefd25a5c1 11 bytes [B8, BA, 20, F2, FF, FF, 07, ...] .text C:\Windows\system32\taskeng.exe[2340] C:\Windows\system32\KERNELBASE.dll!FreeLibrary + 1 000007fefd25aa61 11 bytes [B8, D6, 13, F2, FF, FF, 07, ...] .text C:\Windows\system32\taskeng.exe[2340] C:\Windows\system32\KERNELBASE.dll!CreateRemoteThreadEx 000007fefd25acb0 12 bytes [48, B8, 62, 1E, F2, FF, FF, ...] .text C:\Windows\system32\taskeng.exe[2340] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExA + 1 000007fefd25c751 11 bytes [B8, AA, 12, F2, FF, FF, 07, ...] .text C:\Windows\system32\taskeng.exe[2340] C:\Windows\system32\KERNELBASE.dll!OpenThread + 1 000007fefd25ef51 11 bytes [B8, E0, 09, F2, FF, FF, 07, ...] .text C:\Windows\system32\taskeng.exe[2340] C:\Windows\system32\KERNELBASE.dll!OpenMutexW + 1 000007fefd261c41 11 bytes [B8, A2, 0B, F2, FF, FF, 07, ...] .text C:\Windows\system32\taskeng.exe[2340] C:\Windows\system32\KERNELBASE.dll!DeleteFileW + 1 000007fefd263291 11 bytes [B8, DE, 1A, F2, FF, FF, 07, ...] .text C:\Windows\system32\taskeng.exe[2340] C:\Windows\system32\KERNELBASE.dll!DeleteFileA + 1 000007fefd2635a1 11 bytes [B8, 74, 1B, F2, FF, FF, 07, ...] .text C:\Windows\system32\taskeng.exe[2340] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd269ac0 12 bytes [48, B8, 40, 13, F2, FF, FF, ...] .text C:\Windows\system32\taskeng.exe[2340] C:\Windows\system32\KERNELBASE.dll!WriteProcessMemory 000007fefd2838a0 12 bytes [48, B8, 0C, 0B, F2, FF, FF, ...] .text C:\Windows\system32\taskeng.exe[2340] C:\Windows\system32\KERNELBASE.dll!DefineDosDeviceW + 1 000007fefd28ff01 11 bytes [B8, 5A, 17, F2, FF, FF, 07, ...] .text C:\Windows\system32\taskeng.exe[2340] C:\Windows\system32\KERNELBASE.dll!CreateRemoteThread + 1 000007fefd2922c1 8 bytes [B8, AC, 01, F2, FF, FF, 07, ...] .text C:\Windows\system32\taskeng.exe[2340] C:\Windows\system32\KERNELBASE.dll!CreateRemoteThread + 10 000007fefd2922ca 2 bytes [50, C3] .text C:\Windows\system32\taskeng.exe[2340] C:\Windows\system32\KERNELBASE.dll!CreateThread + 1 000007fefd292301 11 bytes [B8, 76, 0A, F2, FF, FF, 07, ...] .text C:\Windows\system32\taskeng.exe[2340] C:\Windows\system32\GDI32.dll!GdiDllInitialize + 353 000007feff3caf11 11 bytes [B8, 00, 26, F2, FF, FF, 07, ...] .text C:\Windows\system32\taskeng.exe[2340] C:\Windows\system32\GDI32.dll!SetBrushAttributes + 1 000007feff3e49a9 11 bytes [B8, 96, 26, F2, FF, FF, 07, ...] .text C:\Windows\system32\taskeng.exe[2340] C:\Windows\system32\GDI32.dll!ClearBrushAttributes + 1 000007feff3e49c9 11 bytes [B8, 2C, 27, F2, FF, FF, 07, ...] .text C:\Windows\system32\taskeng.exe[2340] C:\Windows\system32\GDI32.dll!NamedEscape + 1 000007feff3f9271 11 bytes [B8, C2, 27, F2, FF, FF, 07, ...] .text C:\Windows\system32\taskeng.exe[2340] C:\Windows\system32\ADVAPI32.dll!CryptExportKey + 1 000007fefeb7ac21 11 bytes [B8, A0, 44, F2, FF, FF, 07, ...] .text C:\Windows\system32\taskeng.exe[2340] C:\Windows\system32\ADVAPI32.dll!CryptAcquireContextA + 1 000007fefeb7ac7d 11 bytes [B8, C8, 41, F2, FF, FF, 07, ...] .text C:\Windows\system32\taskeng.exe[2340] C:\Windows\system32\ADVAPI32.dll!CryptImportKey + 1 000007fefeb7e415 11 bytes [B8, 4C, 46, F2, FF, FF, 07, ...] .text C:\Windows\system32\taskeng.exe[2340] C:\Windows\system32\ADVAPI32.dll!OpenServiceW 000007fefeb7e514 12 bytes [48, B8, 18, 3C, F2, FF, FF, ...] .text C:\Windows\system32\taskeng.exe[2340] C:\Windows\system32\ADVAPI32.dll!CryptAcquireContextW + 1 000007fefeb801bd 11 bytes [B8, 5E, 42, F2, FF, FF, 07, ...] .text C:\Windows\system32\taskeng.exe[2340] C:\Windows\system32\ADVAPI32.dll!CryptCreateHash + 1 000007fefeb80291 11 bytes [B8, 0A, 44, F2, FF, FF, 07, ...] .text C:\Windows\system32\taskeng.exe[2340] C:\Windows\system32\ADVAPI32.dll!CryptGetHashParam + 1 000007fefeb802bd 11 bytes [B8, 36, 45, F2, FF, FF, 07, ...] .text C:\Windows\system32\taskeng.exe[2340] C:\Windows\system32\ADVAPI32.dll!CloseServiceHandle 000007fefeb8a830 12 bytes [48, B8, 06, 40, F2, FF, FF, ...] .text C:\Windows\system32\taskeng.exe[2340] C:\Windows\system32\ADVAPI32.dll!IsTextUnicode + 49 000007fefeb94291 11 bytes [B8, 02, 3B, F2, FF, FF, 07, ...] .text C:\Windows\system32\taskeng.exe[2340] C:\Windows\system32\ADVAPI32.dll!CreateServiceW 000007fefeb949b0 12 bytes [48, B8, 32, 41, F2, FF, FF, ...] .text C:\Windows\system32\taskeng.exe[2340] C:\Windows\system32\ADVAPI32.dll!CryptEncrypt + 1 000007fefebaa409 7 bytes [B8, 74, 43, F2, FF, FF, 07] .text C:\Windows\system32\taskeng.exe[2340] C:\Windows\system32\ADVAPI32.dll!CryptEncrypt + 10 000007fefebaa412 2 bytes [50, C3] .text C:\Windows\system32\taskeng.exe[2340] C:\Windows\system32\ADVAPI32.dll!CreateServiceA 000007fefebaa490 12 bytes [48, B8, 9C, 40, F2, FF, FF, ...] .text C:\Windows\system32\taskeng.exe[2340] C:\Windows\system32\ADVAPI32.dll!ControlServiceExW 000007fefebaa5e8 36 bytes [48, B8, 44, 3D, F2, FF, FF, ...] .text C:\Windows\system32\taskeng.exe[2340] C:\Windows\system32\ADVAPI32.dll!ChangeServiceConfigA 000007fefebaa66c 12 bytes [48, B8, DA, 3E, F2, FF, FF, ...] .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[2424] C:\Windows\SysWOW64\ntdll.dll!NtClose 00000000774df9f0 5 bytes JMP 000000007ef20700 .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[2424] C:\Windows\SysWOW64\ntdll.dll!NtAllocateVirtualMemory 00000000774dfad0 5 bytes JMP 000000007ef208ba .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[2424] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationProcess 00000000774dfb38 1 byte JMP 000000007ef20656 .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[2424] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationProcess + 2 00000000774dfb3a 3 bytes {JMP 0x7a40b1e} .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[2424] C:\Windows\SysWOW64\ntdll.dll!NtQueryInformationToken 00000000774dfbb8 5 bytes JMP 000000007ef209ca .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[2424] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess 00000000774dfc30 5 bytes JMP 000000007ef203f2 .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[2424] C:\Windows\SysWOW64\ntdll.dll!NtMapViewOfSection 00000000774dfc60 5 bytes JMP 000000007ef20018 .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[2424] C:\Windows\SysWOW64\ntdll.dll!NtUnmapViewOfSection 00000000774dfc90 5 bytes JMP 000000007ef2003a .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[2424] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 00000000774dfcc0 5 bytes JMP 000000007ef20634 .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[2424] C:\Windows\SysWOW64\ntdll.dll!NtOpenSection 00000000774dfdd8 5 bytes JMP 000000007ef20a0e .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[2424] C:\Windows\SysWOW64\ntdll.dll!NtWriteVirtualMemory 00000000774dfe24 5 bytes JMP 000000007ef203ae .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[2424] C:\Windows\SysWOW64\ntdll.dll!NtDuplicateObject 00000000774dfe54 5 bytes JMP 000000007ef20436 .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[2424] C:\Windows\SysWOW64\ntdll.dll!NtOpenEvent 00000000774dfeb8 5 bytes JMP 000000007ef20876 .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[2424] C:\Windows\SysWOW64\ntdll.dll!NtAdjustPrivilegesToken 00000000774dfed0 5 bytes JMP 000000007ef20810 .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[2424] C:\Windows\SysWOW64\ntdll.dll!NtQueueApcThread 00000000774dff34 5 bytes JMP 000000007ef20414 .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[2424] C:\Windows\SysWOW64\ntdll.dll!NtCreateProcessEx 00000000774dfffc 5 bytes JMP 000000007ef2036a .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[2424] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread 00000000774e0014 5 bytes JMP 000000007ef20326 .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[2424] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory 00000000774e0048 5 bytes JMP 000000007ef208dc .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[2424] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile 00000000774e00c4 2 bytes JMP 000000007ef20128 .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[2424] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile + 3 00000000774e00c7 2 bytes [A4, 07] .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[2424] C:\Windows\SysWOW64\ntdll.dll!NtSetValueKey 00000000774e01d4 5 bytes JMP 000000007ef201b0 .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[2424] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant 00000000774e07ac 2 bytes JMP 000000007ef20898 .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[2424] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant + 3 00000000774e07af 2 bytes [A4, 07] .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[2424] C:\Windows\SysWOW64\ntdll.dll!NtCreateProcess 00000000774e0824 5 bytes JMP 000000007ef20348 .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[2424] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx 00000000774e08b4 5 bytes JMP 000000007ef20304 .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[2424] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver 00000000774e0e04 5 bytes JMP 000000007ef20722 .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[2424] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessToken 00000000774e10d0 5 bytes JMP 000000007ef209a8 .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[2424] C:\Windows\SysWOW64\ntdll.dll!NtRaiseHardError 00000000774e1614 5 bytes JMP 000000007ef205f0 .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[2424] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread 00000000774e1930 5 bytes JMP 000000007ef203d0 .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[2424] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation 00000000774e1bf4 5 bytes JMP 000000007ef20744 .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[2424] C:\Windows\SysWOW64\ntdll.dll!NtSuspendProcess 00000000774e1d64 5 bytes JMP 000000007ef2047a .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[2424] C:\Windows\SysWOW64\ntdll.dll!NtSuspendThread 00000000774e1d80 5 bytes JMP 000000007ef20458 .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[2424] C:\Windows\SysWOW64\ntdll.dll!NtSystemDebugControl 00000000774e1d9c 5 bytes JMP 000000007ef20a30 .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[2424] C:\Windows\SysWOW64\ntdll.dll!RtlQueryPerformanceCounter 00000000774f2954 5 bytes JMP 000000007ef200c2 .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[2424] C:\Windows\SysWOW64\ntdll.dll!RtlEqualSid 00000000774f8ee1 5 bytes JMP 000000007ef209ec .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[2424] C:\Windows\SysWOW64\ntdll.dll!RtlCreateProcessParametersEx 000000007752005b 5 bytes JMP 000000007ef2016c .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[2424] C:\Windows\SysWOW64\ntdll.dll!RtlReportException 0000000077568757 5 bytes JMP 000000007ef20612 .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[2424] C:\Windows\SysWOW64\ntdll.dll!RtlCreateProcessParameters 000000007756e9f7 5 bytes JMP 000000007ef2014a .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[2424] C:\Windows\syswow64\kernel32.dll!GetStartupInfoA 0000000076310e00 5 bytes JMP 000000007ef200e4 .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[2424] C:\Windows\syswow64\kernel32.dll!CreateProcessA 0000000076311072 5 bytes JMP 000000007ef202c0 .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[2424] C:\Windows\syswow64\kernel32.dll!LoadLibraryA 0000000076314977 5 bytes JMP 000000007ef20238 .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[2424] C:\Windows\syswow64\kernel32.dll!CreateProcessInternalW 0000000076323bbb 5 bytes JMP 000000007ef2038c .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[2424] C:\Windows\syswow64\kernel32.dll!MoveFileWithProgressW 0000000076329abc 5 bytes JMP 000000007ef207ee .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[2424] C:\Windows\syswow64\kernel32.dll!MoveFileExW 0000000076329b1d 5 bytes JMP 000000007ef207aa .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[2424] C:\Windows\syswow64\kernel32.dll!CreateToolhelp32Snapshot 000000007633733f 5 bytes JMP 000000007ef2025a .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[2424] C:\Windows\syswow64\kernel32.dll!Process32NextW 00000000763388f2 5 bytes JMP 000000007ef206de .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[2424] C:\Windows\syswow64\kernel32.dll!MoveFileExA 000000007633ccf1 5 bytes JMP 000000007ef20788 .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[2424] C:\Windows\syswow64\kernel32.dll!MoveFileWithProgressA 000000007633cd11 5 bytes JMP 000000007ef207cc .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[2424] C:\Windows\syswow64\kernel32.dll!WinExec 0000000076393231 5 bytes JMP 000000007ef2029e .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[2424] C:\Windows\syswow64\kernel32.dll!ReadConsoleInputA 00000000763b773b 5 bytes JMP 000000007ef20568 .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[2424] C:\Windows\syswow64\kernel32.dll!ReadConsoleInputW 00000000763b775e 5 bytes JMP 000000007ef2058a .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[2424] C:\Windows\syswow64\kernel32.dll!ReadConsoleA 00000000763b7b09 5 bytes JMP 000000007ef205ac .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[2424] C:\Windows\syswow64\kernel32.dll!ReadConsoleW 00000000763b7b82 5 bytes JMP 000000007ef205ce .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[2424] C:\Windows\syswow64\KERNELBASE.dll!GetSystemTimeAsFileTime 0000000077078fa5 5 bytes JMP 000000007ef200a0 .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[2424] C:\Windows\syswow64\KERNELBASE.dll!CloseHandle 000000007707c558 5 bytes JMP 000000007ef20546 .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[2424] C:\Windows\syswow64\KERNELBASE.dll!WriteProcessMemory 000000007707edc6 5 bytes JMP 000000007ef204e0 .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[2424] C:\Windows\syswow64\KERNELBASE.dll!ExitProcess 000000007707f329 5 bytes JMP 000000007ef201d2 .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[2424] C:\Windows\syswow64\KERNELBASE.dll!GetStartupInfoW 000000007707fbac 5 bytes JMP 000000007ef20106 .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[2424] C:\Windows\syswow64\KERNELBASE.dll!DefineDosDeviceW 000000007707fcda 5 bytes JMP 000000007ef20766 .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[2424] C:\Windows\syswow64\KERNELBASE.dll!CreateMutexW 000000007708147b 5 bytes JMP 000000007ef20524 .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[2424] C:\Windows\syswow64\KERNELBASE.dll!OpenMutexW 00000000770814a2 5 bytes JMP 000000007ef20502 .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[2424] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000077081e4c 5 bytes JMP 000000007ef2007e .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[2424] C:\Windows\syswow64\KERNELBASE.dll!GetProcAddress 0000000077081f38 5 bytes JMP 000000007ef20216 .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[2424] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000077082bdc 5 bytes JMP 000000007ef2069a .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[2424] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExA 0000000077082e40 5 bytes JMP 000000007ef20678 .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[2424] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000077082e7e 5 bytes JMP 000000007ef206bc .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[2424] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleA 0000000077082fe1 5 bytes JMP 000000007ef2005c .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[2424] C:\Windows\syswow64\KERNELBASE.dll!OpenThread 000000007708396a 5 bytes JMP 000000007ef2049c .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[2424] C:\Windows\syswow64\KERNELBASE.dll!SleepEx 0000000077083cd7 5 bytes JMP 000000007ef2018e .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[2424] C:\Windows\syswow64\KERNELBASE.dll!CreateRemoteThreadEx 0000000077083fdf 5 bytes JMP 000000007ef208fe .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[2424] C:\Windows\syswow64\KERNELBASE.dll!Sleep 00000000770845fd 5 bytes JMP 000000007ef201f4 .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[2424] C:\Windows\syswow64\KERNELBASE.dll!CreateThread 000000007708476f 5 bytes JMP 000000007ef204be .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[2424] C:\Windows\syswow64\KERNELBASE.dll!CreateRemoteThread 0000000077084798 5 bytes JMP 000000007ef202e2 .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[2424] C:\Windows\syswow64\KERNELBASE.dll!DeleteFileW 0000000077089dcf 5 bytes JMP 000000007ef20832 .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[2424] C:\Windows\syswow64\KERNELBASE.dll!DeleteFileA 000000007708a11c 5 bytes JMP 000000007ef20854 .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[2424] C:\Windows\syswow64\KERNELBASE.dll!FindNextFileW 000000007708a37a 5 bytes JMP 000000007ef20942 .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[2424] C:\Windows\syswow64\KERNELBASE.dll!FindClose 000000007708a589 5 bytes JMP 000000007ef20964 .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[2424] C:\Windows\syswow64\KERNELBASE.dll!FindFirstFileExW 000000007708a663 5 bytes JMP 000000007ef20920 .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[2424] C:\Windows\syswow64\KERNELBASE.dll!CreateFileA 000000007708c8a8 5 bytes JMP 000000007ef2027c .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[2424] C:\Windows\syswow64\KERNELBASE.dll!CreateWellKnownSid 000000007708e414 5 bytes JMP 000000007ef20986 .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[2424] C:\Windows\syswow64\USER32.dll!GetWindowLongW 0000000076ef6ffe 5 bytes JMP 000000007ef2115c .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[2424] C:\Windows\syswow64\USER32.dll!GetMessageW 0000000076ef78e2 5 bytes JMP 000000007ef20ed6 .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[2424] C:\Windows\syswow64\USER32.dll!GetMessageA 0000000076ef7bd3 5 bytes JMP 000000007ef20eb4 .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[2424] C:\Windows\syswow64\USER32.dll!SetWindowLongW 0000000076ef8332 5 bytes JMP 000000007ef211a0 .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[2424] C:\Windows\syswow64\USER32.dll!CreateWindowExW 0000000076ef8a29 5 bytes JMP 000000007ef20f80 .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[2424] C:\Windows\syswow64\USER32.dll!FindWindowW 0000000076ef98fd 5 bytes JMP 000000007ef210f6 .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[2424] C:\Windows\syswow64\USER32.dll!UserClientDllInitialize 0000000076efb6fa 5 bytes JMP 000000007ef20a52 .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[2424] C:\Windows\syswow64\USER32.dll!GetWindowLongA 0000000076efd166 5 bytes JMP 000000007ef2113a .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[2424] C:\Windows\syswow64\USER32.dll!CreateWindowExA 0000000076efd23e 5 bytes JMP 000000007ef20fa2 .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[2424] C:\Windows\syswow64\USER32.dll!SetWinEventHook 0000000076efee21 5 bytes JMP 000000007ef20e92 .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[2424] C:\Windows\syswow64\USER32.dll!FindWindowA 0000000076effffe 5 bytes JMP 000000007ef210b2 .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[2424] C:\Windows\syswow64\USER32.dll!FindWindowExA 0000000076f000f1 5 bytes JMP 000000007ef210d4 .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[2424] C:\Windows\syswow64\USER32.dll!PeekMessageW 0000000076f005d2 5 bytes JMP 000000007ef20f1a .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[2424] C:\Windows\syswow64\USER32.dll!ShowWindow 0000000076f00e13 5 bytes JMP 000000007ef20fc4 .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[2424] C:\Windows\syswow64\USER32.dll!SetWindowTextW 0000000076f01f14 5 bytes JMP 000000007ef21090 .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[2424] C:\Windows\syswow64\USER32.dll!UnhookWindowsHookEx 0000000076f0392d 5 bytes JMP 000000007ef20f5e .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[2424] C:\Windows\syswow64\USER32.dll!FindWindowExW 0000000076f0398a 5 bytes JMP 000000007ef21118 .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[2424] C:\Windows\syswow64\USER32.dll!PeekMessageA 0000000076f07044 5 bytes JMP 000000007ef20ef8 .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[2424] C:\Windows\syswow64\USER32.dll!SetWindowLongA 0000000076f071e0 5 bytes JMP 000000007ef2117e .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[2424] C:\Windows\syswow64\USER32.dll!CallNextHookEx 0000000076f07355 5 bytes JMP 000000007ef20f3c .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[2424] C:\Windows\syswow64\USER32.dll!SetWindowsHookExW 0000000076f081f5 5 bytes JMP 000000007ef20e70 .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[2424] C:\Windows\syswow64\USER32.dll!SendNotifyMessageW 0000000076f0825a 5 bytes JMP 000000007ef211e4 .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[2424] C:\Windows\syswow64\USER32.dll!SetWindowTextA 0000000076f086de 5 bytes JMP 000000007ef2106e .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[2424] C:\Windows\syswow64\USER32.dll!SetWindowsHookExA 0000000076f08f4c 5 bytes JMP 000000007ef20e4e .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[2424] C:\Windows\syswow64\USER32.dll!DialogBoxIndirectParamAorW 0000000076f1d954 5 bytes JMP 000000007ef21008 .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[2424] C:\Windows\syswow64\USER32.dll!CreateDialogIndirectParamAorW 0000000076f21080 5 bytes JMP 000000007ef20fe6 .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[2424] C:\Windows\syswow64\USER32.dll!MessageBoxExA 0000000076f4fd66 5 bytes JMP 000000007ef2102a .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[2424] C:\Windows\syswow64\USER32.dll!MessageBoxExW 0000000076f4fd8a 5 bytes JMP 000000007ef2104c .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[2424] C:\Windows\syswow64\USER32.dll!SendNotifyMessageA 0000000076f56df5 5 bytes JMP 000000007ef211c2 .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[2424] C:\Windows\syswow64\GDI32.dll!TranslateCharsetInfo + 505 0000000076d1633b 5 bytes JMP 000000007ef20a74 .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[2424] C:\Windows\syswow64\GDI32.dll!SetBrushAttributes 0000000076d385fd 5 bytes JMP 000000007ef20b40 .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[2424] C:\Windows\syswow64\GDI32.dll!ClearBrushAttributes 0000000076d3861c 5 bytes JMP 000000007ef20b62 .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[2424] C:\Windows\syswow64\GDI32.dll!NamedEscape 0000000076d4421d 5 bytes JMP 000000007ef20b84 .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[2424] C:\Windows\syswow64\msvcrt.dll!_lock + 41 000000007652a472 5 bytes JMP 000000007ef20a96 .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[2424] C:\Windows\syswow64\msvcrt.dll!__p__fmode 00000000765327ce 5 bytes JMP 000000007ef20b1e .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[2424] C:\Windows\syswow64\msvcrt.dll!__p__environ 000000007653e6cf 5 bytes JMP 000000007ef20afc .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[2424] C:\Windows\syswow64\ADVAPI32.dll!CryptGenKey 0000000076c28e69 5 bytes JMP 000000007ef20d60 .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[2424] C:\Windows\syswow64\ADVAPI32.dll!CryptAcquireContextA 0000000076c29159 5 bytes JMP 000000007ef20d1c .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[2424] C:\Windows\syswow64\ADVAPI32.dll!CryptExportKey 0000000076c29166 5 bytes JMP 000000007ef20dc6 .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[2424] C:\Windows\syswow64\ADVAPI32.dll!CryptImportKey 0000000076c2c4b2 5 bytes JMP 000000007ef20e2c .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[2424] C:\Windows\syswow64\ADVAPI32.dll!OpenServiceW 0000000076c2c9cc 5 bytes JMP 000000007ef20bc8 .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[2424] C:\Windows\syswow64\ADVAPI32.dll!CryptAcquireContextW 0000000076c2de94 5 bytes JMP 000000007ef20d3e .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[2424] C:\Windows\syswow64\ADVAPI32.dll!CryptHashData 0000000076c2deb6 5 bytes JMP 000000007ef20e0a .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[2424] C:\Windows\syswow64\ADVAPI32.dll!CryptCreateHash 0000000076c2dece 5 bytes JMP 000000007ef20da4 .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[2424] C:\Windows\syswow64\ADVAPI32.dll!CryptGetHashParam 0000000076c2defe 5 bytes JMP 000000007ef20de8 .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[2424] C:\Windows\syswow64\ADVAPI32.dll!OpenServiceA 0000000076c32b38 5 bytes JMP 000000007ef20ba6 .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[2424] C:\Windows\syswow64\ADVAPI32.dll!CloseServiceHandle 0000000076c335e4 5 bytes JMP 000000007ef20cb6 .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[2424] C:\Windows\syswow64\ADVAPI32.dll!RegOpenKeyExA + 222 0000000076c34939 5 bytes JMP 000000007ef20ab8 .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[2424] C:\Windows\syswow64\ADVAPI32.dll!CreateServiceW 0000000076c470a4 5 bytes JMP 000000007ef20cfa .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[2424] C:\Windows\syswow64\ADVAPI32.dll!ControlService 0000000076c470bc 5 bytes JMP 000000007ef20c2e .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[2424] C:\Windows\syswow64\ADVAPI32.dll!DeleteService 0000000076c470d4 5 bytes JMP 000000007ef20c50 .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[2424] C:\Windows\syswow64\ADVAPI32.dll!CryptEncrypt 0000000076c4771b 5 bytes JMP 000000007ef20d82 .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[2424] C:\Windows\syswow64\ADVAPI32.dll!ChangeServiceConfigA 0000000076c633a4 5 bytes JMP 000000007ef20c72 .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[2424] C:\Windows\syswow64\ADVAPI32.dll!ChangeServiceConfigW 0000000076c633b4 5 bytes JMP 000000007ef20c94 .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[2424] C:\Windows\syswow64\ADVAPI32.dll!ControlServiceExA 0000000076c633c4 5 bytes JMP 000000007ef20bea .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[2424] C:\Windows\syswow64\ADVAPI32.dll!ControlServiceExW 0000000076c633d4 5 bytes JMP 000000007ef20c0c .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[2424] C:\Windows\syswow64\ADVAPI32.dll!CreateServiceA 0000000076c63414 5 bytes JMP 000000007ef20cd8 .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[2424] C:\Windows\syswow64\SHELL32.dll!Shell_NotifyIconW 0000000075370179 5 bytes JMP 000000007ef21206 .text C:\Program Files (x86)\MSI\NetworkGenie\NetworkGenie.exe[2468] C:\Windows\SysWOW64\ntdll.dll!NtClose 00000000774df9f0 5 bytes JMP 000000007ef20700 .text C:\Program Files (x86)\MSI\NetworkGenie\NetworkGenie.exe[2468] C:\Windows\SysWOW64\ntdll.dll!NtAllocateVirtualMemory 00000000774dfad0 5 bytes JMP 000000007ef208ba .text C:\Program Files (x86)\MSI\NetworkGenie\NetworkGenie.exe[2468] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationProcess 00000000774dfb38 1 byte JMP 000000007ef20656 .text C:\Program Files (x86)\MSI\NetworkGenie\NetworkGenie.exe[2468] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationProcess + 2 00000000774dfb3a 3 bytes {JMP 0x7a40b1e} .text C:\Program Files (x86)\MSI\NetworkGenie\NetworkGenie.exe[2468] C:\Windows\SysWOW64\ntdll.dll!NtQueryInformationToken 00000000774dfbb8 5 bytes JMP 000000007ef209ca .text C:\Program Files (x86)\MSI\NetworkGenie\NetworkGenie.exe[2468] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess 00000000774dfc30 5 bytes JMP 000000007ef203f2 .text C:\Program Files (x86)\MSI\NetworkGenie\NetworkGenie.exe[2468] C:\Windows\SysWOW64\ntdll.dll!NtMapViewOfSection 00000000774dfc60 5 bytes JMP 000000007ef20018 .text C:\Program Files (x86)\MSI\NetworkGenie\NetworkGenie.exe[2468] C:\Windows\SysWOW64\ntdll.dll!NtUnmapViewOfSection 00000000774dfc90 5 bytes JMP 000000007ef2003a .text C:\Program Files (x86)\MSI\NetworkGenie\NetworkGenie.exe[2468] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 00000000774dfcc0 5 bytes JMP 000000007ef20634 .text C:\Program Files (x86)\MSI\NetworkGenie\NetworkGenie.exe[2468] C:\Windows\SysWOW64\ntdll.dll!NtOpenSection 00000000774dfdd8 5 bytes JMP 000000007ef20a0e .text C:\Program Files (x86)\MSI\NetworkGenie\NetworkGenie.exe[2468] C:\Windows\SysWOW64\ntdll.dll!NtWriteVirtualMemory 00000000774dfe24 5 bytes JMP 000000007ef203ae .text C:\Program Files (x86)\MSI\NetworkGenie\NetworkGenie.exe[2468] C:\Windows\SysWOW64\ntdll.dll!NtDuplicateObject 00000000774dfe54 5 bytes JMP 000000007ef20436 .text C:\Program Files (x86)\MSI\NetworkGenie\NetworkGenie.exe[2468] C:\Windows\SysWOW64\ntdll.dll!NtOpenEvent 00000000774dfeb8 5 bytes JMP 000000007ef20876 .text C:\Program Files (x86)\MSI\NetworkGenie\NetworkGenie.exe[2468] C:\Windows\SysWOW64\ntdll.dll!NtAdjustPrivilegesToken 00000000774dfed0 5 bytes JMP 000000007ef20810 .text C:\Program Files (x86)\MSI\NetworkGenie\NetworkGenie.exe[2468] C:\Windows\SysWOW64\ntdll.dll!NtQueueApcThread 00000000774dff34 5 bytes JMP 000000007ef20414 .text C:\Program Files (x86)\MSI\NetworkGenie\NetworkGenie.exe[2468] C:\Windows\SysWOW64\ntdll.dll!NtCreateProcessEx 00000000774dfffc 5 bytes JMP 000000007ef2036a .text C:\Program Files (x86)\MSI\NetworkGenie\NetworkGenie.exe[2468] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread 00000000774e0014 5 bytes JMP 000000007ef20326 .text C:\Program Files (x86)\MSI\NetworkGenie\NetworkGenie.exe[2468] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory 00000000774e0048 5 bytes JMP 000000007ef208dc .text C:\Program Files (x86)\MSI\NetworkGenie\NetworkGenie.exe[2468] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile 00000000774e00c4 2 bytes JMP 000000007ef20128 .text C:\Program Files (x86)\MSI\NetworkGenie\NetworkGenie.exe[2468] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile + 3 00000000774e00c7 2 bytes [A4, 07] .text C:\Program Files (x86)\MSI\NetworkGenie\NetworkGenie.exe[2468] C:\Windows\SysWOW64\ntdll.dll!NtSetValueKey 00000000774e01d4 5 bytes JMP 000000007ef201b0 .text C:\Program Files (x86)\MSI\NetworkGenie\NetworkGenie.exe[2468] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant 00000000774e07ac 2 bytes JMP 000000007ef20898 .text C:\Program Files (x86)\MSI\NetworkGenie\NetworkGenie.exe[2468] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant + 3 00000000774e07af 2 bytes [A4, 07] .text C:\Program Files (x86)\MSI\NetworkGenie\NetworkGenie.exe[2468] C:\Windows\SysWOW64\ntdll.dll!NtCreateProcess 00000000774e0824 5 bytes JMP 000000007ef20348 .text C:\Program Files (x86)\MSI\NetworkGenie\NetworkGenie.exe[2468] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx 00000000774e08b4 5 bytes JMP 000000007ef20304 .text C:\Program Files (x86)\MSI\NetworkGenie\NetworkGenie.exe[2468] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver 00000000774e0e04 5 bytes JMP 000000007ef20722 .text C:\Program Files (x86)\MSI\NetworkGenie\NetworkGenie.exe[2468] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessToken 00000000774e10d0 5 bytes JMP 000000007ef209a8 .text C:\Program Files (x86)\MSI\NetworkGenie\NetworkGenie.exe[2468] C:\Windows\SysWOW64\ntdll.dll!NtRaiseHardError 00000000774e1614 5 bytes JMP 000000007ef205f0 .text C:\Program Files (x86)\MSI\NetworkGenie\NetworkGenie.exe[2468] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread 00000000774e1930 5 bytes JMP 000000007ef203d0 .text C:\Program Files (x86)\MSI\NetworkGenie\NetworkGenie.exe[2468] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation 00000000774e1bf4 5 bytes JMP 000000007ef20744 .text C:\Program Files (x86)\MSI\NetworkGenie\NetworkGenie.exe[2468] C:\Windows\SysWOW64\ntdll.dll!NtSuspendProcess 00000000774e1d64 5 bytes JMP 000000007ef2047a .text C:\Program Files (x86)\MSI\NetworkGenie\NetworkGenie.exe[2468] C:\Windows\SysWOW64\ntdll.dll!NtSuspendThread 00000000774e1d80 5 bytes JMP 000000007ef20458 .text C:\Program Files (x86)\MSI\NetworkGenie\NetworkGenie.exe[2468] C:\Windows\SysWOW64\ntdll.dll!NtSystemDebugControl 00000000774e1d9c 5 bytes JMP 000000007ef20a30 .text C:\Program Files (x86)\MSI\NetworkGenie\NetworkGenie.exe[2468] C:\Windows\SysWOW64\ntdll.dll!RtlQueryPerformanceCounter 00000000774f2954 5 bytes JMP 000000007ef200c2 .text C:\Program Files (x86)\MSI\NetworkGenie\NetworkGenie.exe[2468] C:\Windows\SysWOW64\ntdll.dll!RtlEqualSid 00000000774f8ee1 5 bytes JMP 000000007ef209ec .text C:\Program Files (x86)\MSI\NetworkGenie\NetworkGenie.exe[2468] C:\Windows\SysWOW64\ntdll.dll!RtlCreateProcessParametersEx 000000007752005b 5 bytes JMP 000000007ef2016c .text C:\Program Files (x86)\MSI\NetworkGenie\NetworkGenie.exe[2468] C:\Windows\SysWOW64\ntdll.dll!RtlReportException 0000000077568757 5 bytes JMP 000000007ef20612 .text C:\Program Files (x86)\MSI\NetworkGenie\NetworkGenie.exe[2468] C:\Windows\SysWOW64\ntdll.dll!RtlCreateProcessParameters 000000007756e9f7 5 bytes JMP 000000007ef2014a .text C:\Program Files (x86)\MSI\NetworkGenie\NetworkGenie.exe[2468] C:\Windows\syswow64\kernel32.dll!GetStartupInfoA 0000000076310e00 5 bytes JMP 000000007ef200e4 .text C:\Program Files (x86)\MSI\NetworkGenie\NetworkGenie.exe[2468] C:\Windows\syswow64\kernel32.dll!CreateProcessA 0000000076311072 5 bytes JMP 000000007ef202c0 .text C:\Program Files (x86)\MSI\NetworkGenie\NetworkGenie.exe[2468] C:\Windows\syswow64\kernel32.dll!LoadLibraryA 0000000076314977 5 bytes JMP 000000007ef20238 .text C:\Program Files (x86)\MSI\NetworkGenie\NetworkGenie.exe[2468] C:\Windows\syswow64\kernel32.dll!CreateProcessInternalW 0000000076323bbb 5 bytes JMP 000000007ef2038c .text C:\Program Files (x86)\MSI\NetworkGenie\NetworkGenie.exe[2468] C:\Windows\syswow64\kernel32.dll!MoveFileWithProgressW 0000000076329abc 5 bytes JMP 000000007ef207ee .text C:\Program Files (x86)\MSI\NetworkGenie\NetworkGenie.exe[2468] C:\Windows\syswow64\kernel32.dll!MoveFileExW 0000000076329b1d 5 bytes JMP 000000007ef207aa .text C:\Program Files (x86)\MSI\NetworkGenie\NetworkGenie.exe[2468] C:\Windows\syswow64\kernel32.dll!CreateToolhelp32Snapshot 000000007633733f 5 bytes JMP 000000007ef2025a .text C:\Program Files (x86)\MSI\NetworkGenie\NetworkGenie.exe[2468] C:\Windows\syswow64\kernel32.dll!Process32NextW 00000000763388f2 5 bytes JMP 000000007ef206de .text C:\Program Files (x86)\MSI\NetworkGenie\NetworkGenie.exe[2468] C:\Windows\syswow64\kernel32.dll!MoveFileExA 000000007633ccf1 5 bytes JMP 000000007ef20788 .text C:\Program Files (x86)\MSI\NetworkGenie\NetworkGenie.exe[2468] C:\Windows\syswow64\kernel32.dll!MoveFileWithProgressA 000000007633cd11 5 bytes JMP 000000007ef207cc .text C:\Program Files (x86)\MSI\NetworkGenie\NetworkGenie.exe[2468] C:\Windows\syswow64\kernel32.dll!WinExec 0000000076393231 5 bytes JMP 000000007ef2029e .text C:\Program Files (x86)\MSI\NetworkGenie\NetworkGenie.exe[2468] C:\Windows\syswow64\kernel32.dll!ReadConsoleInputA 00000000763b773b 5 bytes JMP 000000007ef20568 .text C:\Program Files (x86)\MSI\NetworkGenie\NetworkGenie.exe[2468] C:\Windows\syswow64\kernel32.dll!ReadConsoleInputW 00000000763b775e 5 bytes JMP 000000007ef2058a .text C:\Program Files (x86)\MSI\NetworkGenie\NetworkGenie.exe[2468] C:\Windows\syswow64\kernel32.dll!ReadConsoleA 00000000763b7b09 5 bytes JMP 000000007ef205ac .text C:\Program Files (x86)\MSI\NetworkGenie\NetworkGenie.exe[2468] C:\Windows\syswow64\kernel32.dll!ReadConsoleW 00000000763b7b82 5 bytes JMP 000000007ef205ce .text C:\Program Files (x86)\MSI\NetworkGenie\NetworkGenie.exe[2468] C:\Windows\syswow64\USER32.dll!GetWindowLongW 0000000076ef6ffe 5 bytes JMP 000000007ef2117e .text C:\Program Files (x86)\MSI\NetworkGenie\NetworkGenie.exe[2468] C:\Windows\syswow64\USER32.dll!GetMessageW 0000000076ef78e2 5 bytes JMP 000000007ef20ef8 .text C:\Program Files (x86)\MSI\NetworkGenie\NetworkGenie.exe[2468] C:\Windows\syswow64\USER32.dll!GetMessageA 0000000076ef7bd3 5 bytes JMP 000000007ef20ed6 .text C:\Program Files (x86)\MSI\NetworkGenie\NetworkGenie.exe[2468] C:\Windows\syswow64\USER32.dll!SetWindowLongW 0000000076ef8332 5 bytes JMP 000000007ef211c2 .text C:\Program Files (x86)\MSI\NetworkGenie\NetworkGenie.exe[2468] C:\Windows\syswow64\USER32.dll!CreateWindowExW 0000000076ef8a29 5 bytes JMP 000000007ef20fa2 .text C:\Program Files (x86)\MSI\NetworkGenie\NetworkGenie.exe[2468] C:\Windows\syswow64\USER32.dll!FindWindowW 0000000076ef98fd 5 bytes JMP 000000007ef21118 .text C:\Program Files (x86)\MSI\NetworkGenie\NetworkGenie.exe[2468] C:\Windows\syswow64\USER32.dll!UserClientDllInitialize 0000000076efb6fa 5 bytes JMP 000000007ef20a52 .text C:\Program Files (x86)\MSI\NetworkGenie\NetworkGenie.exe[2468] C:\Windows\syswow64\USER32.dll!GetWindowLongA 0000000076efd166 5 bytes JMP 000000007ef2115c .text C:\Program Files (x86)\MSI\NetworkGenie\NetworkGenie.exe[2468] C:\Windows\syswow64\USER32.dll!CreateWindowExA 0000000076efd23e 5 bytes JMP 000000007ef20fc4 .text C:\Program Files (x86)\MSI\NetworkGenie\NetworkGenie.exe[2468] C:\Windows\syswow64\USER32.dll!SetWinEventHook 0000000076efee21 5 bytes JMP 000000007ef20eb4 .text C:\Program Files (x86)\MSI\NetworkGenie\NetworkGenie.exe[2468] C:\Windows\syswow64\USER32.dll!FindWindowA 0000000076effffe 5 bytes JMP 000000007ef210d4 .text C:\Program Files (x86)\MSI\NetworkGenie\NetworkGenie.exe[2468] C:\Windows\syswow64\USER32.dll!FindWindowExA 0000000076f000f1 5 bytes JMP 000000007ef210f6 .text C:\Program Files (x86)\MSI\NetworkGenie\NetworkGenie.exe[2468] C:\Windows\syswow64\USER32.dll!PeekMessageW 0000000076f005d2 5 bytes JMP 000000007ef20f3c .text C:\Program Files (x86)\MSI\NetworkGenie\NetworkGenie.exe[2468] C:\Windows\syswow64\USER32.dll!ShowWindow 0000000076f00e13 5 bytes JMP 000000007ef20fe6 .text C:\Program Files (x86)\MSI\NetworkGenie\NetworkGenie.exe[2468] C:\Windows\syswow64\USER32.dll!SetWindowTextW 0000000076f01f14 5 bytes JMP 000000007ef210b2 .text C:\Program Files (x86)\MSI\NetworkGenie\NetworkGenie.exe[2468] C:\Windows\syswow64\USER32.dll!UnhookWindowsHookEx 0000000076f0392d 5 bytes JMP 000000007ef20f80 .text C:\Program Files (x86)\MSI\NetworkGenie\NetworkGenie.exe[2468] C:\Windows\syswow64\USER32.dll!FindWindowExW 0000000076f0398a 5 bytes JMP 000000007ef2113a .text C:\Program Files (x86)\MSI\NetworkGenie\NetworkGenie.exe[2468] C:\Windows\syswow64\USER32.dll!PeekMessageA 0000000076f07044 5 bytes JMP 000000007ef20f1a .text C:\Program Files (x86)\MSI\NetworkGenie\NetworkGenie.exe[2468] C:\Windows\syswow64\USER32.dll!SetWindowLongA 0000000076f071e0 5 bytes JMP 000000007ef211a0 .text C:\Program Files (x86)\MSI\NetworkGenie\NetworkGenie.exe[2468] C:\Windows\syswow64\USER32.dll!CallNextHookEx 0000000076f07355 5 bytes JMP 000000007ef20f5e .text C:\Program Files (x86)\MSI\NetworkGenie\NetworkGenie.exe[2468] C:\Windows\syswow64\USER32.dll!SetWindowsHookExW 0000000076f081f5 5 bytes JMP 000000007ef20e92 .text C:\Program Files (x86)\MSI\NetworkGenie\NetworkGenie.exe[2468] C:\Windows\syswow64\USER32.dll!SendNotifyMessageW 0000000076f0825a 5 bytes JMP 000000007ef21206 .text C:\Program Files (x86)\MSI\NetworkGenie\NetworkGenie.exe[2468] C:\Windows\syswow64\USER32.dll!SetWindowTextA 0000000076f086de 5 bytes JMP 000000007ef21090 .text C:\Program Files (x86)\MSI\NetworkGenie\NetworkGenie.exe[2468] C:\Windows\syswow64\USER32.dll!SetWindowsHookExA 0000000076f08f4c 5 bytes JMP 000000007ef20e70 .text C:\Program Files (x86)\MSI\NetworkGenie\NetworkGenie.exe[2468] C:\Windows\syswow64\USER32.dll!DialogBoxIndirectParamAorW 0000000076f1d954 5 bytes JMP 000000007ef2102a .text C:\Program Files (x86)\MSI\NetworkGenie\NetworkGenie.exe[2468] C:\Windows\syswow64\USER32.dll!CreateDialogIndirectParamAorW 0000000076f21080 5 bytes JMP 000000007ef21008 .text C:\Program Files (x86)\MSI\NetworkGenie\NetworkGenie.exe[2468] C:\Windows\syswow64\USER32.dll!MessageBoxExA 0000000076f4fd66 5 bytes JMP 000000007ef2104c .text C:\Program Files (x86)\MSI\NetworkGenie\NetworkGenie.exe[2468] C:\Windows\syswow64\USER32.dll!MessageBoxExW 0000000076f4fd8a 5 bytes JMP 000000007ef2106e .text C:\Program Files (x86)\MSI\NetworkGenie\NetworkGenie.exe[2468] C:\Windows\syswow64\USER32.dll!SendNotifyMessageA 0000000076f56df5 5 bytes JMP 000000007ef211e4 .text C:\Program Files (x86)\MSI\NetworkGenie\NetworkGenie.exe[2468] C:\Windows\syswow64\msvcrt.dll!_lock + 41 000000007652a472 5 bytes JMP 000000007ef20a96 .text C:\Program Files (x86)\MSI\NetworkGenie\NetworkGenie.exe[2468] C:\Windows\syswow64\msvcrt.dll!__p__fmode 00000000765327ce 5 bytes JMP 000000007ef20b40 .text C:\Program Files (x86)\MSI\NetworkGenie\NetworkGenie.exe[2468] C:\Windows\syswow64\msvcrt.dll!__p__environ 000000007653e6cf 5 bytes JMP 000000007ef20b1e .text C:\Program Files (x86)\MSI\NetworkGenie\NetworkGenie.exe[2468] C:\Windows\syswow64\ADVAPI32.dll!CryptGenKey 0000000076c28e69 5 bytes JMP 000000007ef20d82 .text C:\Program Files (x86)\MSI\NetworkGenie\NetworkGenie.exe[2468] C:\Windows\syswow64\ADVAPI32.dll!CryptAcquireContextA 0000000076c29159 5 bytes JMP 000000007ef20d3e .text C:\Program Files (x86)\MSI\NetworkGenie\NetworkGenie.exe[2468] C:\Windows\syswow64\ADVAPI32.dll!CryptExportKey 0000000076c29166 5 bytes JMP 000000007ef20de8 .text C:\Program Files (x86)\MSI\NetworkGenie\NetworkGenie.exe[2468] C:\Windows\syswow64\ADVAPI32.dll!CryptImportKey 0000000076c2c4b2 5 bytes JMP 000000007ef20e4e .text C:\Program Files (x86)\MSI\NetworkGenie\NetworkGenie.exe[2468] C:\Windows\syswow64\ADVAPI32.dll!OpenServiceW 0000000076c2c9cc 5 bytes JMP 000000007ef20bea .text C:\Program Files (x86)\MSI\NetworkGenie\NetworkGenie.exe[2468] C:\Windows\syswow64\ADVAPI32.dll!CryptAcquireContextW 0000000076c2de94 5 bytes JMP 000000007ef20d60 .text C:\Program Files (x86)\MSI\NetworkGenie\NetworkGenie.exe[2468] C:\Windows\syswow64\ADVAPI32.dll!CryptHashData 0000000076c2deb6 5 bytes JMP 000000007ef20e2c .text C:\Program Files (x86)\MSI\NetworkGenie\NetworkGenie.exe[2468] C:\Windows\syswow64\ADVAPI32.dll!CryptCreateHash 0000000076c2dece 5 bytes JMP 000000007ef20dc6 .text C:\Program Files (x86)\MSI\NetworkGenie\NetworkGenie.exe[2468] C:\Windows\syswow64\ADVAPI32.dll!CryptGetHashParam 0000000076c2defe 5 bytes JMP 000000007ef20e0a .text C:\Program Files (x86)\MSI\NetworkGenie\NetworkGenie.exe[2468] C:\Windows\syswow64\ADVAPI32.dll!OpenServiceA 0000000076c32b38 5 bytes JMP 000000007ef20bc8 .text C:\Program Files (x86)\MSI\NetworkGenie\NetworkGenie.exe[2468] C:\Windows\syswow64\ADVAPI32.dll!CloseServiceHandle 0000000076c335e4 5 bytes JMP 000000007ef20cd8 .text C:\Program Files (x86)\MSI\NetworkGenie\NetworkGenie.exe[2468] C:\Windows\syswow64\ADVAPI32.dll!RegOpenKeyExA + 222 0000000076c34939 5 bytes JMP 000000007ef20ab8 .text C:\Program Files (x86)\MSI\NetworkGenie\NetworkGenie.exe[2468] C:\Windows\syswow64\ADVAPI32.dll!CreateServiceW 0000000076c470a4 5 bytes JMP 000000007ef20d1c .text C:\Program Files (x86)\MSI\NetworkGenie\NetworkGenie.exe[2468] C:\Windows\syswow64\ADVAPI32.dll!ControlService 0000000076c470bc 5 bytes JMP 000000007ef20c50 .text C:\Program Files (x86)\MSI\NetworkGenie\NetworkGenie.exe[2468] C:\Windows\syswow64\ADVAPI32.dll!DeleteService 0000000076c470d4 5 bytes JMP 000000007ef20c72 .text C:\Program Files (x86)\MSI\NetworkGenie\NetworkGenie.exe[2468] C:\Windows\syswow64\ADVAPI32.dll!CryptEncrypt 0000000076c4771b 5 bytes JMP 000000007ef20da4 .text C:\Program Files (x86)\MSI\NetworkGenie\NetworkGenie.exe[2468] C:\Windows\syswow64\ADVAPI32.dll!ChangeServiceConfigA 0000000076c633a4 5 bytes JMP 000000007ef20c94 .text C:\Program Files (x86)\MSI\NetworkGenie\NetworkGenie.exe[2468] C:\Windows\syswow64\ADVAPI32.dll!ChangeServiceConfigW 0000000076c633b4 5 bytes JMP 000000007ef20cb6 .text C:\Program Files (x86)\MSI\NetworkGenie\NetworkGenie.exe[2468] C:\Windows\syswow64\ADVAPI32.dll!ControlServiceExA 0000000076c633c4 5 bytes JMP 000000007ef20c0c .text C:\Program Files (x86)\MSI\NetworkGenie\NetworkGenie.exe[2468] C:\Windows\syswow64\ADVAPI32.dll!ControlServiceExW 0000000076c633d4 5 bytes JMP 000000007ef20c2e .text C:\Program Files (x86)\MSI\NetworkGenie\NetworkGenie.exe[2468] C:\Windows\syswow64\ADVAPI32.dll!CreateServiceA 0000000076c63414 5 bytes JMP 000000007ef20cfa .text C:\Windows\system32\taskeng.exe[2524] C:\Windows\SYSTEM32\ntdll.dll!RtlEqualSid + 1 00000000773076b1 11 bytes [B8, 7C, 22, F2, FF, FF, 07, ...] .text C:\Windows\system32\taskeng.exe[2524] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateProcessParametersEx + 1 0000000077315121 7 bytes [B8, 64, 0D, F2, FF, FF, 07] .text C:\Windows\system32\taskeng.exe[2524] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateProcessParametersEx + 10 000000007731512a 2 bytes [50, C3] .text C:\Windows\system32\taskeng.exe[2524] C:\Windows\SYSTEM32\ntdll.dll!NtClose 000000007732be20 12 bytes [48, B8, 98, 15, F2, FF, FF, ...] .text C:\Windows\system32\taskeng.exe[2524] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory 000000007732beb0 12 bytes [48, B8, 36, 1D, F2, FF, FF, ...] .text C:\Windows\system32\taskeng.exe[2524] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess 000000007732bef0 12 bytes [48, B8, 14, 12, F2, FF, FF, ...] .text C:\Windows\system32\taskeng.exe[2524] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationToken 000000007732bf40 12 bytes [48, B8, E6, 21, F2, FF, FF, ...] .text C:\Windows\system32\taskeng.exe[2524] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 000000007732bf90 12 bytes [48, B8, 5C, 06, F2, FF, FF, ...] .text C:\Windows\system32\taskeng.exe[2524] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 000000007732bfb0 12 bytes [48, B8, 80, 00, F2, FF, FF, ...] .text C:\Windows\system32\taskeng.exe[2524] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection 000000007732bfd0 12 bytes [48, B8, 16, 01, F2, FF, FF, ...] .text C:\Windows\system32\taskeng.exe[2524] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000000007732bff0 12 bytes [48, B8, 7E, 11, F2, FF, FF, ...] .text C:\Windows\system32\taskeng.exe[2524] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 000000007732c0a0 12 bytes [48, B8, A8, 23, F2, FF, FF, ...] .text C:\Windows\system32\taskeng.exe[2524] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000000007732c0d0 12 bytes [48, B8, 30, 05, F2, FF, FF, ...] .text C:\Windows\system32\taskeng.exe[2524] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 000000007732c0f0 12 bytes [48, B8, 88, 07, F2, FF, FF, ...] .text C:\Windows\system32\taskeng.exe[2524] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 000000007732c130 12 bytes [48, B8, 0A, 1C, F2, FF, FF, ...] .text C:\Windows\system32\taskeng.exe[2524] C:\Windows\SYSTEM32\ntdll.dll!NtAdjustPrivilegesToken 000000007732c140 12 bytes [48, B8, 48, 1A, F2, FF, FF, ...] .text C:\Windows\system32\taskeng.exe[2524] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 000000007732c180 12 bytes [48, B8, F2, 06, F2, FF, FF, ...] .text C:\Windows\system32\taskeng.exe[2524] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcessEx 000000007732c200 12 bytes [48, B8, 04, 04, F2, FF, FF, ...] .text C:\Windows\system32\taskeng.exe[2524] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 000000007732c210 12 bytes [48, B8, D8, 02, F2, FF, FF, ...] .text C:\Windows\system32\taskeng.exe[2524] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory 000000007732c230 12 bytes [48, B8, CC, 1D, F2, FF, FF, ...] .text C:\Windows\system32\taskeng.exe[2524] C:\Windows\SYSTEM32\ntdll.dll!NtSetValueKey 000000007732c330 12 bytes [48, B8, D4, 24, F2, FF, FF, ...] .text C:\Windows\system32\taskeng.exe[2524] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 000000007732c700 12 bytes [48, B8, A0, 1C, F2, FF, FF, ...] .text C:\Windows\system32\taskeng.exe[2524] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcess 000000007732c750 12 bytes [48, B8, 6E, 03, F2, FF, FF, ...] .text C:\Windows\system32\taskeng.exe[2524] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 000000007732c7b0 12 bytes [48, B8, 42, 02, F2, FF, FF, ...] .text C:\Windows\system32\taskeng.exe[2524] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 000000007732cb20 12 bytes [48, B8, 2E, 16, F2, FF, FF, ...] .text C:\Windows\system32\taskeng.exe[2524] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcessToken 000000007732ccf0 12 bytes [48, B8, 50, 21, F2, FF, FF, ...] .text C:\Windows\system32\taskeng.exe[2524] C:\Windows\SYSTEM32\ntdll.dll!NtRaiseHardError 000000007732d060 12 bytes [48, B8, 52, 10, F2, FF, FF, ...] .text C:\Windows\system32\taskeng.exe[2524] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 000000007732d260 12 bytes [48, B8, C6, 05, F2, FF, FF, ...] .text C:\Windows\system32\taskeng.exe[2524] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 000000007732d420 12 bytes [48, B8, C4, 16, F2, FF, FF, ...] .text C:\Windows\system32\taskeng.exe[2524] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 000000007732d500 12 bytes [48, B8, 4A, 09, F2, FF, FF, ...] .text C:\Windows\system32\taskeng.exe[2524] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 000000007732d510 12 bytes [48, B8, B4, 08, F2, FF, FF, ...] .text C:\Windows\system32\taskeng.exe[2524] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 000000007732d520 12 bytes [48, B8, 3E, 24, F2, FF, FF, ...] .text C:\Windows\system32\taskeng.exe[2524] C:\Windows\SYSTEM32\ntdll.dll!RtlReportException + 1 000000007739e391 11 bytes [B8, E8, 10, F2, FF, FF, 07, ...] .text C:\Windows\system32\taskeng.exe[2524] C:\Windows\system32\kernel32.dll!Process32NextW + 1 00000000770c1b21 11 bytes [B8, 02, 15, F2, FF, FF, 07, ...] .text C:\Windows\system32\taskeng.exe[2524] C:\Windows\system32\kernel32.dll!CreateToolhelp32Snapshot 00000000770c1c10 12 bytes [48, B8, 1E, 08, F2, FF, FF, ...] .text C:\Windows\system32\taskeng.exe[2524] C:\Windows\system32\kernel32.dll!MoveFileExW + 1 00000000770c2b61 8 bytes [B8, 86, 18, F2, FF, FF, 07, ...] .text C:\Windows\system32\taskeng.exe[2524] C:\Windows\system32\kernel32.dll!MoveFileExW + 10 00000000770c2b6a 2 bytes [50, C3] .text C:\Windows\system32\taskeng.exe[2524] C:\Windows\system32\kernel32.dll!CreateProcessInternalW 00000000770ddd20 12 bytes [48, B8, 9A, 04, F2, FF, FF, ...] .text C:\Windows\system32\taskeng.exe[2524] C:\Windows\system32\kernel32.dll!GetStartupInfoA + 1 00000000770e08c1 11 bytes [B8, 12, 23, F2, FF, FF, 07, ...] .text C:\Windows\system32\taskeng.exe[2524] C:\Windows\system32\kernel32.dll!ReadConsoleInputW + 1 00000000771154f1 11 bytes [B8, 90, 0E, F2, FF, FF, 07, ...] .text C:\Windows\system32\taskeng.exe[2524] C:\Windows\system32\kernel32.dll!ReadConsoleInputA + 1 0000000077115511 11 bytes [B8, FA, 0D, F2, FF, FF, 07, ...] .text C:\Windows\system32\taskeng.exe[2524] C:\Windows\system32\kernel32.dll!ReadConsoleW 000000007712a830 12 bytes [48, B8, BC, 0F, F2, FF, FF, ...] .text C:\Windows\system32\taskeng.exe[2524] C:\Windows\system32\kernel32.dll!ReadConsoleA 000000007712a940 12 bytes [48, B8, 26, 0F, F2, FF, FF, ...] .text C:\Windows\system32\taskeng.exe[2524] C:\Windows\system32\kernel32.dll!MoveFileWithProgressW + 1 000000007714f6e1 11 bytes [B8, B2, 19, F2, FF, FF, 07, ...] .text C:\Windows\system32\taskeng.exe[2524] C:\Windows\system32\kernel32.dll!MoveFileWithProgressA + 1 000000007714f8e1 11 bytes [B8, 1C, 19, F2, FF, FF, 07, ...] .text C:\Windows\system32\taskeng.exe[2524] C:\Windows\system32\kernel32.dll!MoveFileExA + 1 000000007714f911 8 bytes [B8, F0, 17, F2, FF, FF, 07, ...] .text C:\Windows\system32\taskeng.exe[2524] C:\Windows\system32\kernel32.dll!MoveFileExA + 10 000000007714f91a 2 bytes [50, C3] .text C:\Windows\system32\taskeng.exe[2524] C:\Windows\system32\KERNELBASE.dll!CloseHandle + 1 000007fefd251861 11 bytes [B8, CE, 0C, F2, FF, FF, 07, ...] .text C:\Windows\system32\taskeng.exe[2524] C:\Windows\system32\KERNELBASE.dll!GetProcAddress + 1 000007fefd253371 11 bytes [B8, 6C, 14, F2, FF, FF, 07, ...] .text C:\Windows\system32\taskeng.exe[2524] C:\Windows\system32\KERNELBASE.dll!FindClose + 1 000007fefd256401 11 bytes [B8, 24, 20, F2, FF, FF, 07, ...] .text C:\Windows\system32\taskeng.exe[2524] C:\Windows\system32\KERNELBASE.dll!FindFirstFileExW 000007fefd256620 12 bytes [48, B8, F8, 1E, F2, FF, FF, ...] .text C:\Windows\system32\taskeng.exe[2524] C:\Windows\system32\KERNELBASE.dll!FindNextFileW + 1 000007fefd257901 11 bytes [B8, 8E, 1F, F2, FF, FF, 07, ...] .text C:\Windows\system32\taskeng.exe[2524] C:\Windows\system32\KERNELBASE.dll!CreateMutexW 000007fefd258750 9 bytes [48, B8, 38, 0C, F2, FF, FF, ...] .text C:\Windows\system32\taskeng.exe[2524] C:\Windows\system32\KERNELBASE.dll!CreateMutexW + 10 000007fefd25875a 2 bytes [50, C3] .text C:\Windows\system32\taskeng.exe[2524] C:\Windows\system32\KERNELBASE.dll!CreateWellKnownSid + 1 000007fefd25a5c1 11 bytes [B8, BA, 20, F2, FF, FF, 07, ...] .text C:\Windows\system32\taskeng.exe[2524] C:\Windows\system32\KERNELBASE.dll!FreeLibrary + 1 000007fefd25aa61 11 bytes [B8, D6, 13, F2, FF, FF, 07, ...] .text C:\Windows\system32\taskeng.exe[2524] C:\Windows\system32\KERNELBASE.dll!CreateRemoteThreadEx 000007fefd25acb0 12 bytes [48, B8, 62, 1E, F2, FF, FF, ...] .text C:\Windows\system32\taskeng.exe[2524] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExA + 1 000007fefd25c751 11 bytes [B8, AA, 12, F2, FF, FF, 07, ...] .text C:\Windows\system32\taskeng.exe[2524] C:\Windows\system32\KERNELBASE.dll!OpenThread + 1 000007fefd25ef51 11 bytes [B8, E0, 09, F2, FF, FF, 07, ...] .text C:\Windows\system32\taskeng.exe[2524] C:\Windows\system32\KERNELBASE.dll!OpenMutexW + 1 000007fefd261c41 11 bytes [B8, A2, 0B, F2, FF, FF, 07, ...] .text C:\Windows\system32\taskeng.exe[2524] C:\Windows\system32\KERNELBASE.dll!DeleteFileW + 1 000007fefd263291 11 bytes [B8, DE, 1A, F2, FF, FF, 07, ...] .text C:\Windows\system32\taskeng.exe[2524] C:\Windows\system32\KERNELBASE.dll!DeleteFileA + 1 000007fefd2635a1 11 bytes [B8, 74, 1B, F2, FF, FF, 07, ...] .text C:\Windows\system32\taskeng.exe[2524] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd269ac0 12 bytes [48, B8, 40, 13, F2, FF, FF, ...] .text C:\Windows\system32\taskeng.exe[2524] C:\Windows\system32\KERNELBASE.dll!WriteProcessMemory 000007fefd2838a0 12 bytes [48, B8, 0C, 0B, F2, FF, FF, ...] .text C:\Windows\system32\taskeng.exe[2524] C:\Windows\system32\KERNELBASE.dll!DefineDosDeviceW + 1 000007fefd28ff01 11 bytes [B8, 5A, 17, F2, FF, FF, 07, ...] .text C:\Windows\system32\taskeng.exe[2524] C:\Windows\system32\KERNELBASE.dll!CreateRemoteThread + 1 000007fefd2922c1 8 bytes [B8, AC, 01, F2, FF, FF, 07, ...] .text C:\Windows\system32\taskeng.exe[2524] C:\Windows\system32\KERNELBASE.dll!CreateRemoteThread + 10 000007fefd2922ca 2 bytes [50, C3] .text C:\Windows\system32\taskeng.exe[2524] C:\Windows\system32\KERNELBASE.dll!CreateThread + 1 000007fefd292301 11 bytes [B8, 76, 0A, F2, FF, FF, 07, ...] .text C:\Windows\system32\taskeng.exe[2524] C:\Windows\system32\GDI32.dll!GdiDllInitialize + 353 000007feff3caf11 11 bytes [B8, 00, 26, F2, FF, FF, 07, ...] .text C:\Windows\system32\taskeng.exe[2524] C:\Windows\system32\GDI32.dll!SetBrushAttributes + 1 000007feff3e49a9 11 bytes [B8, 96, 26, F2, FF, FF, 07, ...] .text C:\Windows\system32\taskeng.exe[2524] C:\Windows\system32\GDI32.dll!ClearBrushAttributes + 1 000007feff3e49c9 11 bytes [B8, 2C, 27, F2, FF, FF, 07, ...] .text C:\Windows\system32\taskeng.exe[2524] C:\Windows\system32\GDI32.dll!NamedEscape + 1 000007feff3f9271 11 bytes [B8, C2, 27, F2, FF, FF, 07, ...] .text C:\Windows\system32\taskeng.exe[2524] C:\Windows\system32\ADVAPI32.dll!CryptExportKey + 1 000007fefeb7ac21 11 bytes [B8, A0, 44, F2, FF, FF, 07, ...] .text C:\Windows\system32\taskeng.exe[2524] C:\Windows\system32\ADVAPI32.dll!CryptAcquireContextA + 1 000007fefeb7ac7d 11 bytes [B8, C8, 41, F2, FF, FF, 07, ...] .text C:\Windows\system32\taskeng.exe[2524] C:\Windows\system32\ADVAPI32.dll!CryptImportKey + 1 000007fefeb7e415 11 bytes [B8, 4C, 46, F2, FF, FF, 07, ...] .text C:\Windows\system32\taskeng.exe[2524] C:\Windows\system32\ADVAPI32.dll!OpenServiceW 000007fefeb7e514 12 bytes [48, B8, 18, 3C, F2, FF, FF, ...] .text C:\Windows\system32\taskeng.exe[2524] C:\Windows\system32\ADVAPI32.dll!CryptAcquireContextW + 1 000007fefeb801bd 11 bytes [B8, 5E, 42, F2, FF, FF, 07, ...] .text C:\Windows\system32\taskeng.exe[2524] C:\Windows\system32\ADVAPI32.dll!CryptCreateHash + 1 000007fefeb80291 11 bytes [B8, 0A, 44, F2, FF, FF, 07, ...] .text C:\Windows\system32\taskeng.exe[2524] C:\Windows\system32\ADVAPI32.dll!CryptGetHashParam + 1 000007fefeb802bd 11 bytes [B8, 36, 45, F2, FF, FF, 07, ...] .text C:\Windows\system32\taskeng.exe[2524] C:\Windows\system32\ADVAPI32.dll!CloseServiceHandle 000007fefeb8a830 12 bytes [48, B8, 06, 40, F2, FF, FF, ...] .text C:\Windows\system32\taskeng.exe[2524] C:\Windows\system32\ADVAPI32.dll!IsTextUnicode + 49 000007fefeb94291 11 bytes [B8, 02, 3B, F2, FF, FF, 07, ...] .text C:\Windows\system32\taskeng.exe[2524] C:\Windows\system32\ADVAPI32.dll!CreateServiceW 000007fefeb949b0 12 bytes [48, B8, 32, 41, F2, FF, FF, ...] .text C:\Windows\system32\taskeng.exe[2524] C:\Windows\system32\ADVAPI32.dll!CryptEncrypt + 1 000007fefebaa409 7 bytes [B8, 74, 43, F2, FF, FF, 07] .text C:\Windows\system32\taskeng.exe[2524] C:\Windows\system32\ADVAPI32.dll!CryptEncrypt + 10 000007fefebaa412 2 bytes [50, C3] .text C:\Windows\system32\taskeng.exe[2524] C:\Windows\system32\ADVAPI32.dll!CreateServiceA 000007fefebaa490 12 bytes [48, B8, 9C, 40, F2, FF, FF, ...] .text C:\Windows\system32\taskeng.exe[2524] C:\Windows\system32\ADVAPI32.dll!ControlServiceExW 000007fefebaa5e8 36 bytes [48, B8, 44, 3D, F2, FF, FF, ...] .text C:\Windows\system32\taskeng.exe[2524] C:\Windows\system32\ADVAPI32.dll!ChangeServiceConfigA 000007fefebaa66c 12 bytes [48, B8, DA, 3E, F2, FF, FF, ...] .text C:\Windows\System32\svchost.exe[2624] C:\Windows\SYSTEM32\ntdll.dll!RtlEqualSid + 1 00000000773076b1 11 bytes [B8, E6, 21, F2, FF, FF, 07, ...] .text C:\Windows\System32\svchost.exe[2624] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateProcessParametersEx + 1 0000000077315121 7 bytes [B8, 64, 0D, F2, FF, FF, 07] .text C:\Windows\System32\svchost.exe[2624] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateProcessParametersEx + 10 000000007731512a 2 bytes [50, C3] .text C:\Windows\System32\svchost.exe[2624] C:\Windows\SYSTEM32\ntdll.dll!NtClose 000000007732be20 12 bytes [48, B8, 98, 15, F2, FF, FF, ...] .text C:\Windows\System32\svchost.exe[2624] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory 000000007732beb0 12 bytes [48, B8, A0, 1C, F2, FF, FF, ...] .text C:\Windows\System32\svchost.exe[2624] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess 000000007732bef0 12 bytes [48, B8, 14, 12, F2, FF, FF, ...] .text C:\Windows\System32\svchost.exe[2624] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationToken 000000007732bf40 12 bytes [48, B8, 50, 21, F2, FF, FF, ...] .text C:\Windows\System32\svchost.exe[2624] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 000000007732bf90 12 bytes [48, B8, 5C, 06, F2, FF, FF, ...] .text C:\Windows\System32\svchost.exe[2624] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 000000007732bfb0 12 bytes [48, B8, 80, 00, F2, FF, FF, ...] .text C:\Windows\System32\svchost.exe[2624] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection 000000007732bfd0 12 bytes [48, B8, 16, 01, F2, FF, FF, ...] .text C:\Windows\System32\svchost.exe[2624] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000000007732bff0 12 bytes [48, B8, 7E, 11, F2, FF, FF, ...] .text C:\Windows\System32\svchost.exe[2624] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 000000007732c0a0 12 bytes [48, B8, 12, 23, F2, FF, FF, ...] .text C:\Windows\System32\svchost.exe[2624] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000000007732c0d0 12 bytes [48, B8, 30, 05, F2, FF, FF, ...] .text C:\Windows\System32\svchost.exe[2624] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 000000007732c0f0 12 bytes [48, B8, 88, 07, F2, FF, FF, ...] .text C:\Windows\System32\svchost.exe[2624] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 000000007732c130 12 bytes [48, B8, 74, 1B, F2, FF, FF, ...] .text C:\Windows\System32\svchost.exe[2624] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 000000007732c180 12 bytes [48, B8, F2, 06, F2, FF, FF, ...] .text C:\Windows\System32\svchost.exe[2624] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcessEx 000000007732c200 12 bytes [48, B8, 04, 04, F2, FF, FF, ...] .text C:\Windows\System32\svchost.exe[2624] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 000000007732c210 12 bytes [48, B8, D8, 02, F2, FF, FF, ...] .text C:\Windows\System32\svchost.exe[2624] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory 000000007732c230 12 bytes [48, B8, 36, 1D, F2, FF, FF, ...] .text C:\Windows\System32\svchost.exe[2624] C:\Windows\SYSTEM32\ntdll.dll!NtSetValueKey 000000007732c330 12 bytes [48, B8, 3E, 24, F2, FF, FF, ...] .text C:\Windows\System32\svchost.exe[2624] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 000000007732c700 12 bytes [48, B8, 0A, 1C, F2, FF, FF, ...] .text C:\Windows\System32\svchost.exe[2624] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcess 000000007732c750 12 bytes [48, B8, 6E, 03, F2, FF, FF, ...] .text C:\Windows\System32\svchost.exe[2624] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 000000007732c7b0 12 bytes [48, B8, 42, 02, F2, FF, FF, ...] .text C:\Windows\System32\svchost.exe[2624] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 000000007732cb20 12 bytes [48, B8, 2E, 16, F2, FF, FF, ...] .text C:\Windows\System32\svchost.exe[2624] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcessToken 000000007732ccf0 12 bytes [48, B8, BA, 20, F2, FF, FF, ...] .text C:\Windows\System32\svchost.exe[2624] C:\Windows\SYSTEM32\ntdll.dll!NtRaiseHardError 000000007732d060 12 bytes [48, B8, 52, 10, F2, FF, FF, ...] .text C:\Windows\System32\svchost.exe[2624] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 000000007732d260 12 bytes [48, B8, C6, 05, F2, FF, FF, ...] .text C:\Windows\System32\svchost.exe[2624] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 000000007732d420 12 bytes [48, B8, C4, 16, F2, FF, FF, ...] .text C:\Windows\System32\svchost.exe[2624] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 000000007732d500 12 bytes [48, B8, 4A, 09, F2, FF, FF, ...] .text C:\Windows\System32\svchost.exe[2624] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 000000007732d510 12 bytes [48, B8, B4, 08, F2, FF, FF, ...] .text C:\Windows\System32\svchost.exe[2624] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 000000007732d520 12 bytes [48, B8, A8, 23, F2, FF, FF, ...] .text C:\Windows\System32\svchost.exe[2624] C:\Windows\SYSTEM32\ntdll.dll!RtlReportException + 1 000000007739e391 11 bytes [B8, E8, 10, F2, FF, FF, 07, ...] .text C:\Windows\System32\svchost.exe[2624] C:\Windows\system32\kernel32.dll!Process32NextW + 1 00000000770c1b21 11 bytes [B8, 02, 15, F2, FF, FF, 07, ...] .text C:\Windows\System32\svchost.exe[2624] C:\Windows\system32\kernel32.dll!CreateToolhelp32Snapshot 00000000770c1c10 12 bytes [48, B8, 1E, 08, F2, FF, FF, ...] .text C:\Windows\System32\svchost.exe[2624] C:\Windows\system32\kernel32.dll!MoveFileExW + 1 00000000770c2b61 8 bytes [B8, 86, 18, F2, FF, FF, 07, ...] .text C:\Windows\System32\svchost.exe[2624] C:\Windows\system32\kernel32.dll!MoveFileExW + 10 00000000770c2b6a 2 bytes [50, C3] .text C:\Windows\System32\svchost.exe[2624] C:\Windows\system32\kernel32.dll!CreateProcessInternalW 00000000770ddd20 12 bytes [48, B8, 9A, 04, F2, FF, FF, ...] .text C:\Windows\System32\svchost.exe[2624] C:\Windows\system32\kernel32.dll!GetStartupInfoA + 1 00000000770e08c1 11 bytes [B8, 7C, 22, F2, FF, FF, 07, ...] .text C:\Windows\System32\svchost.exe[2624] C:\Windows\system32\kernel32.dll!ReadConsoleInputW + 1 00000000771154f1 11 bytes [B8, 90, 0E, F2, FF, FF, 07, ...] .text C:\Windows\System32\svchost.exe[2624] C:\Windows\system32\kernel32.dll!ReadConsoleInputA + 1 0000000077115511 11 bytes [B8, FA, 0D, F2, FF, FF, 07, ...] .text C:\Windows\System32\svchost.exe[2624] C:\Windows\system32\kernel32.dll!ReadConsoleW 000000007712a830 12 bytes [48, B8, BC, 0F, F2, FF, FF, ...] .text C:\Windows\System32\svchost.exe[2624] C:\Windows\system32\kernel32.dll!ReadConsoleA 000000007712a940 12 bytes [48, B8, 26, 0F, F2, FF, FF, ...] .text C:\Windows\System32\svchost.exe[2624] C:\Windows\system32\kernel32.dll!MoveFileWithProgressW + 1 000000007714f6e1 11 bytes [B8, B2, 19, F2, FF, FF, 07, ...] .text C:\Windows\System32\svchost.exe[2624] C:\Windows\system32\kernel32.dll!MoveFileWithProgressA + 1 000000007714f8e1 11 bytes [B8, 1C, 19, F2, FF, FF, 07, ...] .text C:\Windows\System32\svchost.exe[2624] C:\Windows\system32\kernel32.dll!MoveFileExA + 1 000000007714f911 8 bytes [B8, F0, 17, F2, FF, FF, 07, ...] .text C:\Windows\System32\svchost.exe[2624] C:\Windows\system32\kernel32.dll!MoveFileExA + 10 000000007714f91a 2 bytes [50, C3] .text C:\Windows\System32\svchost.exe[2624] C:\Windows\system32\KERNELBASE.dll!CloseHandle + 1 000007fefd251861 11 bytes [B8, CE, 0C, F2, FF, FF, 07, ...] .text C:\Windows\System32\svchost.exe[2624] C:\Windows\system32\KERNELBASE.dll!GetProcAddress + 1 000007fefd253371 11 bytes [B8, 6C, 14, F2, FF, FF, 07, ...] .text C:\Windows\System32\svchost.exe[2624] C:\Windows\system32\KERNELBASE.dll!FindClose + 1 000007fefd256401 11 bytes [B8, 8E, 1F, F2, FF, FF, 07, ...] .text C:\Windows\System32\svchost.exe[2624] C:\Windows\system32\KERNELBASE.dll!FindFirstFileExW 000007fefd256620 12 bytes [48, B8, 62, 1E, F2, FF, FF, ...] .text C:\Windows\System32\svchost.exe[2624] C:\Windows\system32\KERNELBASE.dll!FindNextFileW + 1 000007fefd257901 11 bytes [B8, F8, 1E, F2, FF, FF, 07, ...] .text C:\Windows\System32\svchost.exe[2624] C:\Windows\system32\KERNELBASE.dll!CreateMutexW 000007fefd258750 9 bytes [48, B8, 38, 0C, F2, FF, FF, ...] .text C:\Windows\System32\svchost.exe[2624] C:\Windows\system32\KERNELBASE.dll!CreateMutexW + 10 000007fefd25875a 2 bytes [50, C3] .text C:\Windows\System32\svchost.exe[2624] C:\Windows\system32\KERNELBASE.dll!CreateWellKnownSid + 1 000007fefd25a5c1 11 bytes [B8, 24, 20, F2, FF, FF, 07, ...] .text C:\Windows\System32\svchost.exe[2624] C:\Windows\system32\KERNELBASE.dll!FreeLibrary + 1 000007fefd25aa61 11 bytes [B8, D6, 13, F2, FF, FF, 07, ...] .text C:\Windows\System32\svchost.exe[2624] C:\Windows\system32\KERNELBASE.dll!CreateRemoteThreadEx 000007fefd25acb0 12 bytes [48, B8, CC, 1D, F2, FF, FF, ...] .text C:\Windows\System32\svchost.exe[2624] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExA + 1 000007fefd25c751 11 bytes [B8, AA, 12, F2, FF, FF, 07, ...] .text C:\Windows\System32\svchost.exe[2624] C:\Windows\system32\KERNELBASE.dll!OpenThread + 1 000007fefd25ef51 11 bytes [B8, E0, 09, F2, FF, FF, 07, ...] .text C:\Windows\System32\svchost.exe[2624] C:\Windows\system32\KERNELBASE.dll!OpenMutexW + 1 000007fefd261c41 11 bytes [B8, A2, 0B, F2, FF, FF, 07, ...] .text C:\Windows\System32\svchost.exe[2624] C:\Windows\system32\KERNELBASE.dll!DeleteFileW + 1 000007fefd263291 11 bytes [B8, 48, 1A, F2, FF, FF, 07, ...] .text C:\Windows\System32\svchost.exe[2624] C:\Windows\system32\KERNELBASE.dll!DeleteFileA + 1 000007fefd2635a1 11 bytes [B8, DE, 1A, F2, FF, FF, 07, ...] .text C:\Windows\System32\svchost.exe[2624] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd269ac0 12 bytes [48, B8, 40, 13, F2, FF, FF, ...] .text C:\Windows\System32\svchost.exe[2624] C:\Windows\system32\KERNELBASE.dll!WriteProcessMemory 000007fefd2838a0 12 bytes [48, B8, 0C, 0B, F2, FF, FF, ...] .text C:\Windows\System32\svchost.exe[2624] C:\Windows\system32\KERNELBASE.dll!DefineDosDeviceW + 1 000007fefd28ff01 11 bytes [B8, 5A, 17, F2, FF, FF, 07, ...] .text C:\Windows\System32\svchost.exe[2624] C:\Windows\system32\KERNELBASE.dll!CreateRemoteThread + 1 000007fefd2922c1 8 bytes [B8, AC, 01, F2, FF, FF, 07, ...] .text C:\Windows\System32\svchost.exe[2624] C:\Windows\system32\KERNELBASE.dll!CreateRemoteThread + 10 000007fefd2922ca 2 bytes [50, C3] .text C:\Windows\System32\svchost.exe[2624] C:\Windows\system32\KERNELBASE.dll!CreateThread + 1 000007fefd292301 11 bytes [B8, 76, 0A, F2, FF, FF, 07, ...] .text C:\Windows\System32\svchost.exe[2624] C:\Windows\system32\GDI32.dll!GdiDllInitialize + 353 000007feff3caf11 11 bytes [B8, D4, 24, F2, FF, FF, 07, ...] .text C:\Windows\System32\svchost.exe[2624] C:\Windows\system32\GDI32.dll!SetBrushAttributes + 1 000007feff3e49a9 11 bytes [B8, AA, 38, F2, FF, FF, 07, ...] .text C:\Windows\System32\svchost.exe[2624] C:\Windows\system32\GDI32.dll!ClearBrushAttributes + 1 000007feff3e49c9 11 bytes [B8, 40, 39, F2, FF, FF, 07, ...] .text C:\Windows\System32\svchost.exe[2624] C:\Windows\system32\GDI32.dll!NamedEscape + 1 000007feff3f9271 11 bytes [B8, D6, 39, F2, FF, FF, 07, ...] .text C:\Windows\System32\svchost.exe[2624] C:\Windows\system32\ADVAPI32.dll!CryptExportKey + 1 000007fefeb7ac21 11 bytes [B8, 0A, 44, F2, FF, FF, 07, ...] .text C:\Windows\System32\svchost.exe[2624] C:\Windows\system32\ADVAPI32.dll!CryptAcquireContextA + 1 000007fefeb7ac7d 11 bytes [B8, 32, 41, F2, FF, FF, 07, ...] .text C:\Windows\System32\svchost.exe[2624] C:\Windows\system32\ADVAPI32.dll!CryptImportKey + 1 000007fefeb7e415 11 bytes [B8, B6, 45, F2, FF, FF, 07, ...] .text C:\Windows\System32\svchost.exe[2624] C:\Windows\system32\ADVAPI32.dll!OpenServiceW 000007fefeb7e514 12 bytes [48, B8, 82, 3B, F2, FF, FF, ...] .text C:\Windows\System32\svchost.exe[2624] C:\Windows\system32\ADVAPI32.dll!CryptAcquireContextW + 1 000007fefeb801bd 11 bytes [B8, C8, 41, F2, FF, FF, 07, ...] .text C:\Windows\System32\svchost.exe[2624] C:\Windows\system32\ADVAPI32.dll!CryptCreateHash + 1 000007fefeb80291 11 bytes [B8, 74, 43, F2, FF, FF, 07, ...] .text C:\Windows\System32\svchost.exe[2624] C:\Windows\system32\ADVAPI32.dll!CryptGetHashParam + 1 000007fefeb802bd 11 bytes [B8, A0, 44, F2, FF, FF, 07, ...] .text C:\Windows\System32\svchost.exe[2624] C:\Windows\system32\ADVAPI32.dll!CloseServiceHandle 000007fefeb8a830 12 bytes [48, B8, 70, 3F, F2, FF, FF, ...] .text C:\Windows\System32\svchost.exe[2624] C:\Windows\system32\ADVAPI32.dll!IsTextUnicode + 49 000007fefeb94291 11 bytes [B8, 6C, 3A, F2, FF, FF, 07, ...] .text C:\Windows\System32\svchost.exe[2624] C:\Windows\system32\ADVAPI32.dll!CreateServiceW 000007fefeb949b0 12 bytes [48, B8, 9C, 40, F2, FF, FF, ...] .text C:\Windows\System32\svchost.exe[2624] C:\Windows\system32\ADVAPI32.dll!CryptEncrypt + 1 000007fefebaa409 7 bytes [B8, DE, 42, F2, FF, FF, 07] .text C:\Windows\System32\svchost.exe[2624] C:\Windows\system32\ADVAPI32.dll!CryptEncrypt + 10 000007fefebaa412 2 bytes [50, C3] .text C:\Windows\System32\svchost.exe[2624] C:\Windows\system32\ADVAPI32.dll!CreateServiceA 000007fefebaa490 12 bytes [48, B8, 06, 40, F2, FF, FF, ...] .text C:\Windows\System32\svchost.exe[2624] C:\Windows\system32\ADVAPI32.dll!ControlServiceExW 000007fefebaa5e8 36 bytes [48, B8, AE, 3C, F2, FF, FF, ...] .text C:\Windows\System32\svchost.exe[2624] C:\Windows\system32\ADVAPI32.dll!ChangeServiceConfigA 000007fefebaa66c 12 bytes [48, B8, 44, 3E, F2, FF, FF, ...] .text C:\Windows\System32\svchost.exe[2624] c:\windows\system32\WINHTTP.dll!WinHttpCloseHandle 000007fef67e22d0 12 bytes [48, B8, 78, 47, F2, FF, FF, ...] .text C:\Windows\System32\svchost.exe[2624] c:\windows\system32\WINHTTP.dll!WinHttpOpenRequest 000007fef67e45f0 12 bytes [48, B8, E2, 46, F2, FF, FF, ...] .text C:\Windows\System32\svchost.exe[2624] c:\windows\system32\WINHTTP.dll!WinHttpConnect 000007fef67f3e68 12 bytes [48, B8, 0E, 48, F2, FF, FF, ...] .text C:\Windows\System32\svchost.exe[2624] C:\Windows\system32\WS2_32.dll!WSASend + 1 000007fefea813b1 11 bytes [B8, 54, 4D, F2, FF, FF, 07, ...] .text C:\Windows\System32\svchost.exe[2624] C:\Windows\system32\WS2_32.dll!closesocket 000007fefea818e0 12 bytes [48, B8, BE, 4C, F2, FF, FF, ...] .text C:\Windows\System32\svchost.exe[2624] C:\Windows\system32\WS2_32.dll!WSASocketW + 1 000007fefea81bd1 11 bytes [B8, 28, 4C, F2, FF, FF, 07, ...] .text C:\Windows\System32\svchost.exe[2624] C:\Windows\system32\WS2_32.dll!WSARecv + 1 000007fefea82201 11 bytes [B8, AC, 4F, F2, FF, FF, 07, ...] .text C:\Windows\System32\svchost.exe[2624] C:\Windows\system32\WS2_32.dll!GetAddrInfoW 000007fefea823c0 12 bytes [48, B8, D0, 49, F2, FF, FF, ...] .text C:\Windows\System32\svchost.exe[2624] C:\Windows\system32\WS2_32.dll!connect 000007fefea842f0 12 bytes [48, B8, 3A, 49, F2, FF, FF, ...] .text C:\Windows\System32\svchost.exe[2624] C:\Windows\system32\WS2_32.dll!send + 1 000007fefea87cd1 11 bytes [B8, 92, 4B, F2, FF, FF, 07, ...] .text C:\Windows\System32\svchost.exe[2624] C:\Windows\system32\WS2_32.dll!gethostbyname 000007fefea88ac0 8 bytes [48, B8, FC, 4A, F2, FF, FF, ...] .text C:\Windows\System32\svchost.exe[2624] C:\Windows\system32\WS2_32.dll!gethostbyname + 9 000007fefea88ac9 3 bytes [00, 50, C3] .text C:\Windows\System32\svchost.exe[2624] C:\Windows\system32\WS2_32.dll!GetAddrInfoExW 000007fefea8be40 12 bytes [48, B8, 66, 4A, F2, FF, FF, ...] .text C:\Windows\System32\svchost.exe[2624] C:\Windows\system32\WS2_32.dll!socket + 1 000007fefea8d911 11 bytes [B8, EA, 4D, F2, FF, FF, 07, ...] .text C:\Windows\System32\svchost.exe[2624] C:\Windows\system32\WS2_32.dll!recv + 1 000007fefea8d9c1 11 bytes [B8, 16, 4F, F2, FF, FF, 07, ...] .text C:\Windows\System32\svchost.exe[2624] C:\Windows\system32\WS2_32.dll!WSAConnect + 1 000007fefeaae081 11 bytes [B8, 80, 4E, F2, FF, FF, 07, ...] .text C:\Windows\System32\svchost.exe[2624] C:\Windows\System32\DNSAPI.dll!DnsQuery_UTF8 000007fefc5e56e0 12 bytes [48, B8, 04, 52, F2, FF, FF, ...] .text C:\Windows\System32\svchost.exe[2624] C:\Windows\System32\DNSAPI.dll!DnsQuery_W 000007fefc5f010c 12 bytes [48, B8, 6E, 51, F2, FF, FF, ...] .text C:\Windows\System32\svchost.exe[2624] C:\Windows\System32\DNSAPI.dll!DnsQuery_A 000007fefc60daa0 12 bytes [48, B8, D8, 50, F2, FF, FF, ...] .text C:\Windows\SysWOW64\svchost.exe[2676] C:\Windows\SysWOW64\ntdll.dll!NtWriteFile 00000000774df938 5 bytes JMP 000000007ef20a0e .text C:\Windows\SysWOW64\svchost.exe[2676] C:\Windows\SysWOW64\ntdll.dll!NtClose 00000000774df9f0 5 bytes JMP 000000007ef20700 .text C:\Windows\SysWOW64\svchost.exe[2676] C:\Windows\SysWOW64\ntdll.dll!NtAllocateVirtualMemory 00000000774dfad0 5 bytes JMP 000000007ef20898 .text C:\Windows\SysWOW64\svchost.exe[2676] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationProcess 00000000774dfb38 1 byte JMP 000000007ef20656 .text C:\Windows\SysWOW64\svchost.exe[2676] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationProcess + 2 00000000774dfb3a 3 bytes {JMP 0x7a40b1e} .text C:\Windows\SysWOW64\svchost.exe[2676] C:\Windows\SysWOW64\ntdll.dll!NtQueryInformationToken 00000000774dfbb8 5 bytes JMP 000000007ef209a8 .text C:\Windows\SysWOW64\svchost.exe[2676] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess 00000000774dfc30 5 bytes JMP 000000007ef203f2 .text C:\Windows\SysWOW64\svchost.exe[2676] C:\Windows\SysWOW64\ntdll.dll!NtMapViewOfSection 00000000774dfc60 5 bytes JMP 000000007ef20018 .text C:\Windows\SysWOW64\svchost.exe[2676] C:\Windows\SysWOW64\ntdll.dll!NtUnmapViewOfSection 00000000774dfc90 5 bytes JMP 000000007ef2003a .text C:\Windows\SysWOW64\svchost.exe[2676] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 00000000774dfcc0 5 bytes JMP 000000007ef20634 .text C:\Windows\SysWOW64\svchost.exe[2676] C:\Windows\SysWOW64\ntdll.dll!NtOpenSection 00000000774dfdd8 5 bytes JMP 000000007ef209ec .text C:\Windows\SysWOW64\svchost.exe[2676] C:\Windows\SysWOW64\ntdll.dll!NtWriteVirtualMemory 00000000774dfe24 5 bytes JMP 000000007ef203ae .text C:\Windows\SysWOW64\svchost.exe[2676] C:\Windows\SysWOW64\ntdll.dll!NtDuplicateObject 00000000774dfe54 5 bytes JMP 000000007ef20436 .text C:\Windows\SysWOW64\svchost.exe[2676] C:\Windows\SysWOW64\ntdll.dll!NtOpenEvent 00000000774dfeb8 5 bytes JMP 000000007ef20854 .text C:\Windows\SysWOW64\svchost.exe[2676] C:\Windows\SysWOW64\ntdll.dll!NtQueueApcThread 00000000774dff34 5 bytes JMP 000000007ef20414 .text C:\Windows\SysWOW64\svchost.exe[2676] C:\Windows\SysWOW64\ntdll.dll!NtCreateProcessEx 00000000774dfffc 5 bytes JMP 000000007ef2036a .text C:\Windows\SysWOW64\svchost.exe[2676] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread 00000000774e0014 5 bytes JMP 000000007ef20326 .text C:\Windows\SysWOW64\svchost.exe[2676] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory 00000000774e0048 5 bytes JMP 000000007ef208ba .text C:\Windows\SysWOW64\svchost.exe[2676] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile 00000000774e00c4 2 bytes JMP 000000007ef20128 .text C:\Windows\SysWOW64\svchost.exe[2676] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile + 3 00000000774e00c7 2 bytes [A4, 07] .text C:\Windows\SysWOW64\svchost.exe[2676] C:\Windows\SysWOW64\ntdll.dll!NtSetValueKey 00000000774e01d4 5 bytes JMP 000000007ef201b0 .text C:\Windows\SysWOW64\svchost.exe[2676] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant 00000000774e07ac 2 bytes JMP 000000007ef20876 .text C:\Windows\SysWOW64\svchost.exe[2676] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant + 3 00000000774e07af 2 bytes [A4, 07] .text C:\Windows\SysWOW64\svchost.exe[2676] C:\Windows\SysWOW64\ntdll.dll!NtCreateProcess 00000000774e0824 5 bytes JMP 000000007ef20348 .text C:\Windows\SysWOW64\svchost.exe[2676] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx 00000000774e08b4 5 bytes JMP 000000007ef20304 .text C:\Windows\SysWOW64\svchost.exe[2676] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver 00000000774e0e04 5 bytes JMP 000000007ef20722 .text C:\Windows\SysWOW64\svchost.exe[2676] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessToken 00000000774e10d0 5 bytes JMP 000000007ef20986 .text C:\Windows\SysWOW64\svchost.exe[2676] C:\Windows\SysWOW64\ntdll.dll!NtRaiseHardError 00000000774e1614 5 bytes JMP 000000007ef205f0 .text C:\Windows\SysWOW64\svchost.exe[2676] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread 00000000774e1930 5 bytes JMP 000000007ef203d0 .text C:\Windows\SysWOW64\svchost.exe[2676] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation 00000000774e1bf4 5 bytes JMP 000000007ef20744 .text C:\Windows\SysWOW64\svchost.exe[2676] C:\Windows\SysWOW64\ntdll.dll!NtSuspendProcess 00000000774e1d64 5 bytes JMP 000000007ef2047a .text C:\Windows\SysWOW64\svchost.exe[2676] C:\Windows\SysWOW64\ntdll.dll!NtSuspendThread 00000000774e1d80 5 bytes JMP 000000007ef20458 .text C:\Windows\SysWOW64\svchost.exe[2676] C:\Windows\SysWOW64\ntdll.dll!NtSystemDebugControl 00000000774e1d9c 5 bytes JMP 000000007ef20a30 .text C:\Windows\SysWOW64\svchost.exe[2676] C:\Windows\SysWOW64\ntdll.dll!RtlQueryPerformanceCounter 00000000774f2954 5 bytes JMP 000000007ef200c2 .text C:\Windows\SysWOW64\svchost.exe[2676] C:\Windows\SysWOW64\ntdll.dll!RtlEqualSid 00000000774f8ee1 5 bytes JMP 000000007ef209ca .text C:\Windows\SysWOW64\svchost.exe[2676] C:\Windows\SysWOW64\ntdll.dll!RtlCreateProcessParametersEx 000000007752005b 5 bytes JMP 000000007ef2016c .text C:\Windows\SysWOW64\svchost.exe[2676] C:\Windows\SysWOW64\ntdll.dll!RtlReportException 0000000077568757 5 bytes JMP 000000007ef20612 .text C:\Windows\SysWOW64\svchost.exe[2676] C:\Windows\SysWOW64\ntdll.dll!RtlCreateProcessParameters 000000007756e9f7 5 bytes JMP 000000007ef2014a .text C:\Windows\SysWOW64\svchost.exe[2676] C:\Windows\syswow64\kernel32.dll!GetStartupInfoA 0000000076310e00 5 bytes JMP 000000007ef200e4 .text C:\Windows\SysWOW64\svchost.exe[2676] C:\Windows\syswow64\kernel32.dll!CreateProcessA 0000000076311072 5 bytes JMP 000000007ef202c0 .text C:\Windows\SysWOW64\svchost.exe[2676] C:\Windows\syswow64\kernel32.dll!LoadLibraryA 0000000076314977 5 bytes JMP 000000007ef20238 .text C:\Windows\SysWOW64\svchost.exe[2676] C:\Windows\syswow64\kernel32.dll!CreateProcessInternalW 0000000076323bbb 5 bytes JMP 000000007ef2038c .text C:\Windows\SysWOW64\svchost.exe[2676] C:\Windows\syswow64\kernel32.dll!MoveFileWithProgressW 0000000076329abc 5 bytes JMP 000000007ef207ee .text C:\Windows\SysWOW64\svchost.exe[2676] C:\Windows\syswow64\kernel32.dll!MoveFileExW 0000000076329b1d 5 bytes JMP 000000007ef207aa .text C:\Windows\SysWOW64\svchost.exe[2676] C:\Windows\syswow64\kernel32.dll!CreateToolhelp32Snapshot 000000007633733f 5 bytes JMP 000000007ef2025a .text C:\Windows\SysWOW64\svchost.exe[2676] C:\Windows\syswow64\kernel32.dll!Process32NextW 00000000763388f2 5 bytes JMP 000000007ef206de .text C:\Windows\SysWOW64\svchost.exe[2676] C:\Windows\syswow64\kernel32.dll!MoveFileExA 000000007633ccf1 5 bytes JMP 000000007ef20788 .text C:\Windows\SysWOW64\svchost.exe[2676] C:\Windows\syswow64\kernel32.dll!MoveFileWithProgressA 000000007633cd11 5 bytes JMP 000000007ef207cc .text C:\Windows\SysWOW64\svchost.exe[2676] C:\Windows\syswow64\kernel32.dll!WinExec 0000000076393231 5 bytes JMP 000000007ef2029e .text C:\Windows\SysWOW64\svchost.exe[2676] C:\Windows\syswow64\kernel32.dll!ReadConsoleInputA 00000000763b773b 5 bytes JMP 000000007ef20568 .text C:\Windows\SysWOW64\svchost.exe[2676] C:\Windows\syswow64\kernel32.dll!ReadConsoleInputW 00000000763b775e 5 bytes JMP 000000007ef2058a .text C:\Windows\SysWOW64\svchost.exe[2676] C:\Windows\syswow64\kernel32.dll!ReadConsoleA 00000000763b7b09 5 bytes JMP 000000007ef205ac .text C:\Windows\SysWOW64\svchost.exe[2676] C:\Windows\syswow64\kernel32.dll!ReadConsoleW 00000000763b7b82 5 bytes JMP 000000007ef205ce .text C:\Windows\SysWOW64\svchost.exe[2676] C:\Windows\syswow64\KERNELBASE.dll!GetSystemTimeAsFileTime 0000000077078fa5 5 bytes JMP 000000007ef200a0 .text C:\Windows\SysWOW64\svchost.exe[2676] C:\Windows\syswow64\KERNELBASE.dll!CloseHandle 000000007707c558 5 bytes JMP 000000007ef20546 .text C:\Windows\SysWOW64\svchost.exe[2676] C:\Windows\syswow64\KERNELBASE.dll!WriteProcessMemory 000000007707edc6 5 bytes JMP 000000007ef204e0 .text C:\Windows\SysWOW64\svchost.exe[2676] C:\Windows\syswow64\KERNELBASE.dll!ExitProcess 000000007707f329 5 bytes JMP 000000007ef201d2 .text C:\Windows\SysWOW64\svchost.exe[2676] C:\Windows\syswow64\KERNELBASE.dll!GetStartupInfoW 000000007707fbac 5 bytes JMP 000000007ef20106 .text C:\Windows\SysWOW64\svchost.exe[2676] C:\Windows\syswow64\KERNELBASE.dll!DefineDosDeviceW 000000007707fcda 5 bytes JMP 000000007ef20766 .text C:\Windows\SysWOW64\svchost.exe[2676] C:\Windows\syswow64\KERNELBASE.dll!CreateMutexW 000000007708147b 5 bytes JMP 000000007ef20524 .text C:\Windows\SysWOW64\svchost.exe[2676] C:\Windows\syswow64\KERNELBASE.dll!OpenMutexW 00000000770814a2 5 bytes JMP 000000007ef20502 .text C:\Windows\SysWOW64\svchost.exe[2676] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000077081e4c 5 bytes JMP 000000007ef2007e .text C:\Windows\SysWOW64\svchost.exe[2676] C:\Windows\syswow64\KERNELBASE.dll!GetProcAddress 0000000077081f38 5 bytes JMP 000000007ef20216 .text C:\Windows\SysWOW64\svchost.exe[2676] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000077082bdc 5 bytes JMP 000000007ef2069a .text C:\Windows\SysWOW64\svchost.exe[2676] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExA 0000000077082e40 5 bytes JMP 000000007ef20678 .text C:\Windows\SysWOW64\svchost.exe[2676] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000077082e7e 5 bytes JMP 000000007ef206bc .text C:\Windows\SysWOW64\svchost.exe[2676] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleA 0000000077082fe1 5 bytes JMP 000000007ef2005c .text C:\Windows\SysWOW64\svchost.exe[2676] C:\Windows\syswow64\KERNELBASE.dll!OpenThread 000000007708396a 5 bytes JMP 000000007ef2049c .text C:\Windows\SysWOW64\svchost.exe[2676] C:\Windows\syswow64\KERNELBASE.dll!SleepEx 0000000077083cd7 5 bytes JMP 000000007ef2018e .text C:\Windows\SysWOW64\svchost.exe[2676] C:\Windows\syswow64\KERNELBASE.dll!CreateRemoteThreadEx 0000000077083fdf 5 bytes JMP 000000007ef208dc .text C:\Windows\SysWOW64\svchost.exe[2676] C:\Windows\syswow64\KERNELBASE.dll!Sleep 00000000770845fd 5 bytes JMP 000000007ef201f4 .text C:\Windows\SysWOW64\svchost.exe[2676] C:\Windows\syswow64\KERNELBASE.dll!CreateThread 000000007708476f 5 bytes JMP 000000007ef204be .text C:\Windows\SysWOW64\svchost.exe[2676] C:\Windows\syswow64\KERNELBASE.dll!CreateRemoteThread 0000000077084798 5 bytes JMP 000000007ef202e2 .text C:\Windows\SysWOW64\svchost.exe[2676] C:\Windows\syswow64\KERNELBASE.dll!DeleteFileW 0000000077089dcf 5 bytes JMP 000000007ef20810 .text C:\Windows\SysWOW64\svchost.exe[2676] C:\Windows\syswow64\KERNELBASE.dll!DeleteFileA 000000007708a11c 5 bytes JMP 000000007ef20832 .text C:\Windows\SysWOW64\svchost.exe[2676] C:\Windows\syswow64\KERNELBASE.dll!FindNextFileW 000000007708a37a 5 bytes JMP 000000007ef20920 .text C:\Windows\SysWOW64\svchost.exe[2676] C:\Windows\syswow64\KERNELBASE.dll!FindClose 000000007708a589 5 bytes JMP 000000007ef20942 .text C:\Windows\SysWOW64\svchost.exe[2676] C:\Windows\syswow64\KERNELBASE.dll!FindFirstFileExW 000000007708a663 5 bytes JMP 000000007ef208fe .text C:\Windows\SysWOW64\svchost.exe[2676] C:\Windows\syswow64\KERNELBASE.dll!CreateFileA 000000007708c8a8 5 bytes JMP 000000007ef2027c .text C:\Windows\SysWOW64\svchost.exe[2676] C:\Windows\syswow64\KERNELBASE.dll!CreateWellKnownSid 000000007708e414 5 bytes JMP 000000007ef20964 .text C:\Windows\SysWOW64\svchost.exe[2676] C:\Windows\syswow64\msvcrt.dll!_lock + 41 000000007652a472 5 bytes JMP 000000007ef20a52 .text C:\Windows\SysWOW64\svchost.exe[2676] C:\Windows\syswow64\msvcrt.dll!__p__fmode 00000000765327ce 5 bytes JMP 000000007ef20a96 .text C:\Windows\SysWOW64\svchost.exe[2676] C:\Windows\syswow64\msvcrt.dll!__p__environ 000000007653e6cf 5 bytes JMP 000000007ef20a74 .text C:\Windows\SysWOW64\svchost.exe[2676] C:\Windows\syswow64\ADVAPI32.dll!CryptGenKey 0000000076c28e69 5 bytes JMP 000000007ef20cfa .text C:\Windows\SysWOW64\svchost.exe[2676] C:\Windows\syswow64\ADVAPI32.dll!CryptAcquireContextA 0000000076c29159 5 bytes JMP 000000007ef20cb6 .text C:\Windows\SysWOW64\svchost.exe[2676] C:\Windows\syswow64\ADVAPI32.dll!CryptExportKey 0000000076c29166 5 bytes JMP 000000007ef20d60 .text C:\Windows\SysWOW64\svchost.exe[2676] C:\Windows\syswow64\ADVAPI32.dll!CryptImportKey 0000000076c2c4b2 5 bytes JMP 000000007ef20dc6 .text C:\Windows\SysWOW64\svchost.exe[2676] C:\Windows\syswow64\ADVAPI32.dll!OpenServiceW 0000000076c2c9cc 5 bytes JMP 000000007ef20b62 .text C:\Windows\SysWOW64\svchost.exe[2676] C:\Windows\syswow64\ADVAPI32.dll!CryptAcquireContextW 0000000076c2de94 5 bytes JMP 000000007ef20cd8 .text C:\Windows\SysWOW64\svchost.exe[2676] C:\Windows\syswow64\ADVAPI32.dll!CryptHashData 0000000076c2deb6 5 bytes JMP 000000007ef20da4 .text C:\Windows\SysWOW64\svchost.exe[2676] C:\Windows\syswow64\ADVAPI32.dll!CryptCreateHash 0000000076c2dece 5 bytes JMP 000000007ef20d3e .text C:\Windows\SysWOW64\svchost.exe[2676] C:\Windows\syswow64\ADVAPI32.dll!CryptGetHashParam 0000000076c2defe 5 bytes JMP 000000007ef20d82 .text C:\Windows\SysWOW64\svchost.exe[2676] C:\Windows\syswow64\ADVAPI32.dll!OpenServiceA 0000000076c32b38 5 bytes JMP 000000007ef20b40 .text C:\Windows\SysWOW64\svchost.exe[2676] C:\Windows\syswow64\ADVAPI32.dll!CloseServiceHandle 0000000076c335e4 5 bytes JMP 000000007ef20c50 .text C:\Windows\SysWOW64\svchost.exe[2676] C:\Windows\syswow64\ADVAPI32.dll!RegOpenKeyExA + 222 0000000076c34939 5 bytes JMP 000000007ef20ab8 .text C:\Windows\SysWOW64\svchost.exe[2676] C:\Windows\syswow64\ADVAPI32.dll!CreateServiceW 0000000076c470a4 5 bytes JMP 000000007ef20c94 .text C:\Windows\SysWOW64\svchost.exe[2676] C:\Windows\syswow64\ADVAPI32.dll!ControlService 0000000076c470bc 5 bytes JMP 000000007ef20bc8 .text C:\Windows\SysWOW64\svchost.exe[2676] C:\Windows\syswow64\ADVAPI32.dll!DeleteService 0000000076c470d4 5 bytes JMP 000000007ef20bea .text C:\Windows\SysWOW64\svchost.exe[2676] C:\Windows\syswow64\ADVAPI32.dll!CryptEncrypt 0000000076c4771b 5 bytes JMP 000000007ef20d1c .text C:\Windows\SysWOW64\svchost.exe[2676] C:\Windows\syswow64\ADVAPI32.dll!ChangeServiceConfigA 0000000076c633a4 5 bytes JMP 000000007ef20c0c .text C:\Windows\SysWOW64\svchost.exe[2676] C:\Windows\syswow64\ADVAPI32.dll!ChangeServiceConfigW 0000000076c633b4 5 bytes JMP 000000007ef20c2e .text C:\Windows\SysWOW64\svchost.exe[2676] C:\Windows\syswow64\ADVAPI32.dll!ControlServiceExA 0000000076c633c4 5 bytes JMP 000000007ef20b84 .text C:\Windows\SysWOW64\svchost.exe[2676] C:\Windows\syswow64\ADVAPI32.dll!ControlServiceExW 0000000076c633d4 5 bytes JMP 000000007ef20ba6 .text C:\Windows\SysWOW64\svchost.exe[2676] C:\Windows\syswow64\ADVAPI32.dll!CreateServiceA 0000000076c63414 5 bytes JMP 000000007ef20c72 .text C:\Windows\SysWOW64\svchost.exe[2676] C:\Windows\syswow64\GDI32.dll!TranslateCharsetInfo + 505 0000000076d1633b 5 bytes JMP 000000007ef20ada .text C:\Windows\SysWOW64\svchost.exe[2676] C:\Windows\syswow64\GDI32.dll!SetBrushAttributes 0000000076d385fd 5 bytes JMP 000000007ef211a0 .text C:\Windows\SysWOW64\svchost.exe[2676] C:\Windows\syswow64\GDI32.dll!ClearBrushAttributes 0000000076d3861c 5 bytes JMP 000000007ef211c2 .text C:\Windows\SysWOW64\svchost.exe[2676] C:\Windows\syswow64\GDI32.dll!NamedEscape 0000000076d4421d 5 bytes JMP 000000007ef211e4 .text C:\Windows\SysWOW64\svchost.exe[2676] C:\Windows\syswow64\USER32.dll!GetWindowLongW 0000000076ef6ffe 5 bytes JMP 000000007ef210f6 .text C:\Windows\SysWOW64\svchost.exe[2676] C:\Windows\syswow64\USER32.dll!GetMessageW 0000000076ef78e2 5 bytes JMP 000000007ef20e70 .text C:\Windows\SysWOW64\svchost.exe[2676] C:\Windows\syswow64\USER32.dll!GetMessageA 0000000076ef7bd3 5 bytes JMP 000000007ef20e4e .text C:\Windows\SysWOW64\svchost.exe[2676] C:\Windows\syswow64\USER32.dll!SetWindowLongW 0000000076ef8332 5 bytes JMP 000000007ef2113a .text C:\Windows\SysWOW64\svchost.exe[2676] C:\Windows\syswow64\USER32.dll!CreateWindowExW 0000000076ef8a29 5 bytes JMP 000000007ef20f1a .text C:\Windows\SysWOW64\svchost.exe[2676] C:\Windows\syswow64\USER32.dll!FindWindowW 0000000076ef98fd 5 bytes JMP 000000007ef21090 .text C:\Windows\SysWOW64\svchost.exe[2676] C:\Windows\syswow64\USER32.dll!UserClientDllInitialize 0000000076efb6fa 5 bytes JMP 000000007ef20afc .text C:\Windows\SysWOW64\svchost.exe[2676] C:\Windows\syswow64\USER32.dll!GetWindowLongA 0000000076efd166 5 bytes JMP 000000007ef210d4 .text C:\Windows\SysWOW64\svchost.exe[2676] C:\Windows\syswow64\USER32.dll!CreateWindowExA 0000000076efd23e 5 bytes JMP 000000007ef20f3c .text C:\Windows\SysWOW64\svchost.exe[2676] C:\Windows\syswow64\USER32.dll!SetWinEventHook 0000000076efee21 5 bytes JMP 000000007ef20e2c .text C:\Windows\SysWOW64\svchost.exe[2676] C:\Windows\syswow64\USER32.dll!FindWindowA 0000000076effffe 5 bytes JMP 000000007ef2104c .text C:\Windows\SysWOW64\svchost.exe[2676] C:\Windows\syswow64\USER32.dll!FindWindowExA 0000000076f000f1 5 bytes JMP 000000007ef2106e .text C:\Windows\SysWOW64\svchost.exe[2676] C:\Windows\syswow64\USER32.dll!PeekMessageW 0000000076f005d2 5 bytes JMP 000000007ef20eb4 .text C:\Windows\SysWOW64\svchost.exe[2676] C:\Windows\syswow64\USER32.dll!ShowWindow 0000000076f00e13 5 bytes JMP 000000007ef20f5e .text C:\Windows\SysWOW64\svchost.exe[2676] C:\Windows\syswow64\USER32.dll!SetWindowTextW 0000000076f01f14 5 bytes JMP 000000007ef2102a .text C:\Windows\SysWOW64\svchost.exe[2676] C:\Windows\syswow64\USER32.dll!UnhookWindowsHookEx 0000000076f0392d 5 bytes JMP 000000007ef20ef8 .text C:\Windows\SysWOW64\svchost.exe[2676] C:\Windows\syswow64\USER32.dll!FindWindowExW 0000000076f0398a 5 bytes JMP 000000007ef210b2 .text C:\Windows\SysWOW64\svchost.exe[2676] C:\Windows\syswow64\USER32.dll!PeekMessageA 0000000076f07044 5 bytes JMP 000000007ef20e92 .text C:\Windows\SysWOW64\svchost.exe[2676] C:\Windows\syswow64\USER32.dll!SetWindowLongA 0000000076f071e0 5 bytes JMP 000000007ef21118 .text C:\Windows\SysWOW64\svchost.exe[2676] C:\Windows\syswow64\USER32.dll!CallNextHookEx 0000000076f07355 5 bytes JMP 000000007ef20ed6 .text C:\Windows\SysWOW64\svchost.exe[2676] C:\Windows\syswow64\USER32.dll!SetWindowsHookExW 0000000076f081f5 5 bytes JMP 000000007ef20e0a .text C:\Windows\SysWOW64\svchost.exe[2676] C:\Windows\syswow64\USER32.dll!SendNotifyMessageW 0000000076f0825a 5 bytes JMP 000000007ef2117e .text C:\Windows\SysWOW64\svchost.exe[2676] C:\Windows\syswow64\USER32.dll!SetWindowTextA 0000000076f086de 5 bytes JMP 000000007ef21008 .text C:\Windows\SysWOW64\svchost.exe[2676] C:\Windows\syswow64\USER32.dll!SetWindowsHookExA 0000000076f08f4c 5 bytes JMP 000000007ef20de8 .text C:\Windows\SysWOW64\svchost.exe[2676] C:\Windows\syswow64\USER32.dll!DialogBoxIndirectParamAorW 0000000076f1d954 5 bytes JMP 000000007ef20fa2 .text C:\Windows\SysWOW64\svchost.exe[2676] C:\Windows\syswow64\USER32.dll!CreateDialogIndirectParamAorW 0000000076f21080 5 bytes JMP 000000007ef20f80 .text C:\Windows\SysWOW64\svchost.exe[2676] C:\Windows\syswow64\USER32.dll!MessageBoxExA 0000000076f4fd66 5 bytes JMP 000000007ef20fc4 .text C:\Windows\SysWOW64\svchost.exe[2676] C:\Windows\syswow64\USER32.dll!MessageBoxExW 0000000076f4fd8a 5 bytes JMP 000000007ef20fe6 .text C:\Windows\SysWOW64\svchost.exe[2676] C:\Windows\syswow64\USER32.dll!SendNotifyMessageA 0000000076f56df5 5 bytes JMP 000000007ef2115c .text C:\Windows\SysWOW64\svchost.exe[2676] C:\Windows\syswow64\SHELL32.dll!Shell_NotifyIconW 0000000075370179 5 bytes JMP 000000007ef21206 .text C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe[2748] C:\Windows\SYSTEM32\ntdll.dll!RtlEqualSid + 1 00000000773076b1 11 bytes [B8, 7C, 22, F2, FF, FF, 07, ...] .text C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe[2748] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateProcessParametersEx + 1 0000000077315121 7 bytes [B8, 64, 0D, F2, FF, FF, 07] .text C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe[2748] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateProcessParametersEx + 10 000000007731512a 2 bytes [50, C3] .text C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe[2748] C:\Windows\SYSTEM32\ntdll.dll!NtClose 000000007732be20 12 bytes [48, B8, 98, 15, F2, FF, FF, ...] .text C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe[2748] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory 000000007732beb0 12 bytes [48, B8, 36, 1D, F2, FF, FF, ...] .text C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe[2748] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess 000000007732bef0 12 bytes [48, B8, 14, 12, F2, FF, FF, ...] .text C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe[2748] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationToken 000000007732bf40 12 bytes [48, B8, E6, 21, F2, FF, FF, ...] .text C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe[2748] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 000000007732bf90 12 bytes [48, B8, 5C, 06, F2, FF, FF, ...] .text C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe[2748] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 000000007732bfb0 12 bytes [48, B8, 80, 00, F2, FF, FF, ...] .text C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe[2748] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection 000000007732bfd0 12 bytes [48, B8, 16, 01, F2, FF, FF, ...] .text C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe[2748] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000000007732bff0 12 bytes [48, B8, 7E, 11, F2, FF, FF, ...] .text C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe[2748] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 000000007732c0a0 12 bytes [48, B8, A8, 23, F2, FF, FF, ...] .text C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe[2748] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000000007732c0d0 12 bytes [48, B8, 30, 05, F2, FF, FF, ...] .text C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe[2748] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 000000007732c0f0 12 bytes [48, B8, 88, 07, F2, FF, FF, ...] .text C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe[2748] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 000000007732c130 12 bytes [48, B8, 0A, 1C, F2, FF, FF, ...] .text C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe[2748] C:\Windows\SYSTEM32\ntdll.dll!NtAdjustPrivilegesToken 000000007732c140 12 bytes [48, B8, 48, 1A, F2, FF, FF, ...] .text C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe[2748] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 000000007732c180 12 bytes [48, B8, F2, 06, F2, FF, FF, ...] .text C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe[2748] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcessEx 000000007732c200 12 bytes [48, B8, 04, 04, F2, FF, FF, ...] .text C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe[2748] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 000000007732c210 12 bytes [48, B8, D8, 02, F2, FF, FF, ...] .text C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe[2748] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory 000000007732c230 12 bytes [48, B8, CC, 1D, F2, FF, FF, ...] .text C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe[2748] C:\Windows\SYSTEM32\ntdll.dll!NtSetValueKey 000000007732c330 12 bytes [48, B8, D4, 24, F2, FF, FF, ...] .text C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe[2748] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 000000007732c700 12 bytes [48, B8, A0, 1C, F2, FF, FF, ...] .text C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe[2748] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcess 000000007732c750 12 bytes [48, B8, 6E, 03, F2, FF, FF, ...] .text C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe[2748] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 000000007732c7b0 12 bytes [48, B8, 42, 02, F2, FF, FF, ...] .text C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe[2748] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 000000007732cb20 12 bytes [48, B8, 2E, 16, F2, FF, FF, ...] .text C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe[2748] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcessToken 000000007732ccf0 12 bytes [48, B8, 50, 21, F2, FF, FF, ...] .text C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe[2748] C:\Windows\SYSTEM32\ntdll.dll!NtRaiseHardError 000000007732d060 12 bytes [48, B8, 52, 10, F2, FF, FF, ...] .text C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe[2748] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 000000007732d260 12 bytes [48, B8, C6, 05, F2, FF, FF, ...] .text C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe[2748] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 000000007732d420 12 bytes [48, B8, C4, 16, F2, FF, FF, ...] .text C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe[2748] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 000000007732d500 12 bytes [48, B8, 4A, 09, F2, FF, FF, ...] .text C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe[2748] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 000000007732d510 12 bytes [48, B8, B4, 08, F2, FF, FF, ...] .text C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe[2748] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 000000007732d520 12 bytes [48, B8, 3E, 24, F2, FF, FF, ...] .text C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe[2748] C:\Windows\SYSTEM32\ntdll.dll!RtlReportException + 1 000000007739e391 11 bytes [B8, E8, 10, F2, FF, FF, 07, ...] .text C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe[2748] C:\Windows\system32\kernel32.dll!Process32NextW + 1 00000000770c1b21 11 bytes [B8, 02, 15, F2, FF, FF, 07, ...] .text C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe[2748] C:\Windows\system32\kernel32.dll!CreateToolhelp32Snapshot 00000000770c1c10 12 bytes [48, B8, 1E, 08, F2, FF, FF, ...] .text C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe[2748] C:\Windows\system32\kernel32.dll!MoveFileExW + 1 00000000770c2b61 8 bytes [B8, 86, 18, F2, FF, FF, 07, ...] .text C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe[2748] C:\Windows\system32\kernel32.dll!MoveFileExW + 10 00000000770c2b6a 2 bytes [50, C3] .text C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe[2748] C:\Windows\system32\kernel32.dll!CreateProcessInternalW 00000000770ddd20 12 bytes [48, B8, 9A, 04, F2, FF, FF, ...] .text C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe[2748] C:\Windows\system32\kernel32.dll!GetStartupInfoA + 1 00000000770e08c1 11 bytes [B8, 12, 23, F2, FF, FF, 07, ...] .text C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe[2748] C:\Windows\system32\kernel32.dll!ReadConsoleInputW + 1 00000000771154f1 11 bytes [B8, 90, 0E, F2, FF, FF, 07, ...] .text C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe[2748] C:\Windows\system32\kernel32.dll!ReadConsoleInputA + 1 0000000077115511 11 bytes [B8, FA, 0D, F2, FF, FF, 07, ...] .text C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe[2748] C:\Windows\system32\kernel32.dll!ReadConsoleW 000000007712a830 12 bytes [48, B8, BC, 0F, F2, FF, FF, ...] .text C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe[2748] C:\Windows\system32\kernel32.dll!ReadConsoleA 000000007712a940 12 bytes [48, B8, 26, 0F, F2, FF, FF, ...] .text C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe[2748] C:\Windows\system32\kernel32.dll!MoveFileWithProgressW + 1 000000007714f6e1 11 bytes [B8, B2, 19, F2, FF, FF, 07, ...] .text C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe[2748] C:\Windows\system32\kernel32.dll!MoveFileWithProgressA + 1 000000007714f8e1 11 bytes [B8, 1C, 19, F2, FF, FF, 07, ...] .text C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe[2748] C:\Windows\system32\kernel32.dll!MoveFileExA + 1 000000007714f911 8 bytes [B8, F0, 17, F2, FF, FF, 07, ...] .text C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe[2748] C:\Windows\system32\kernel32.dll!MoveFileExA + 10 000000007714f91a 2 bytes [50, C3] .text C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe[2748] C:\Windows\system32\KERNELBASE.dll!CloseHandle + 1 000007fefd251861 11 bytes [B8, CE, 0C, F2, FF, FF, 07, ...] .text C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe[2748] C:\Windows\system32\KERNELBASE.dll!GetProcAddress + 1 000007fefd253371 11 bytes [B8, 6C, 14, F2, FF, FF, 07, ...] .text C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe[2748] C:\Windows\system32\KERNELBASE.dll!FindClose + 1 000007fefd256401 11 bytes [B8, 24, 20, F2, FF, FF, 07, ...] .text C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe[2748] C:\Windows\system32\KERNELBASE.dll!FindFirstFileExW 000007fefd256620 12 bytes [48, B8, F8, 1E, F2, FF, FF, ...] .text C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe[2748] C:\Windows\system32\KERNELBASE.dll!FindNextFileW + 1 000007fefd257901 11 bytes [B8, 8E, 1F, F2, FF, FF, 07, ...] .text C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe[2748] C:\Windows\system32\KERNELBASE.dll!CreateMutexW 000007fefd258750 9 bytes [48, B8, 38, 0C, F2, FF, FF, ...] .text C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe[2748] C:\Windows\system32\KERNELBASE.dll!CreateMutexW + 10 000007fefd25875a 2 bytes [50, C3] .text C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe[2748] C:\Windows\system32\KERNELBASE.dll!CreateWellKnownSid + 1 000007fefd25a5c1 11 bytes [B8, BA, 20, F2, FF, FF, 07, ...] .text C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe[2748] C:\Windows\system32\KERNELBASE.dll!FreeLibrary + 1 000007fefd25aa61 11 bytes [B8, D6, 13, F2, FF, FF, 07, ...] .text C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe[2748] C:\Windows\system32\KERNELBASE.dll!CreateRemoteThreadEx 000007fefd25acb0 12 bytes [48, B8, 62, 1E, F2, FF, FF, ...] .text C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe[2748] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExA + 1 000007fefd25c751 11 bytes [B8, AA, 12, F2, FF, FF, 07, ...] .text C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe[2748] C:\Windows\system32\KERNELBASE.dll!OpenThread + 1 000007fefd25ef51 11 bytes [B8, E0, 09, F2, FF, FF, 07, ...] .text C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe[2748] C:\Windows\system32\KERNELBASE.dll!OpenMutexW + 1 000007fefd261c41 11 bytes [B8, A2, 0B, F2, FF, FF, 07, ...] .text C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe[2748] C:\Windows\system32\KERNELBASE.dll!DeleteFileW + 1 000007fefd263291 11 bytes [B8, DE, 1A, F2, FF, FF, 07, ...] .text C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe[2748] C:\Windows\system32\KERNELBASE.dll!DeleteFileA + 1 000007fefd2635a1 11 bytes [B8, 74, 1B, F2, FF, FF, 07, ...] .text C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe[2748] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd269ac0 12 bytes [48, B8, 40, 13, F2, FF, FF, ...] .text C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe[2748] C:\Windows\system32\KERNELBASE.dll!WriteProcessMemory 000007fefd2838a0 12 bytes [48, B8, 0C, 0B, F2, FF, FF, ...] .text C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe[2748] C:\Windows\system32\KERNELBASE.dll!DefineDosDeviceW + 1 000007fefd28ff01 11 bytes [B8, 5A, 17, F2, FF, FF, 07, ...] .text C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe[2748] C:\Windows\system32\KERNELBASE.dll!CreateRemoteThread + 1 000007fefd2922c1 8 bytes [B8, AC, 01, F2, FF, FF, 07, ...] .text C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe[2748] C:\Windows\system32\KERNELBASE.dll!CreateRemoteThread + 10 000007fefd2922ca 2 bytes [50, C3] .text C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe[2748] C:\Windows\system32\KERNELBASE.dll!CreateThread + 1 000007fefd292301 11 bytes [B8, 76, 0A, F2, FF, FF, 07, ...] .text C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe[2748] C:\Windows\system32\ADVAPI32.dll!CryptExportKey + 1 000007fefeb7ac21 11 bytes [B8, F6, 31, F2, FF, FF, 07, ...] .text C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe[2748] C:\Windows\system32\ADVAPI32.dll!CryptAcquireContextA + 1 000007fefeb7ac7d 11 bytes [B8, 1E, 2F, F2, FF, FF, 07, ...] .text C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe[2748] C:\Windows\system32\ADVAPI32.dll!CryptImportKey + 1 000007fefeb7e415 11 bytes [B8, A2, 33, F2, FF, FF, 07, ...] .text C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe[2748] C:\Windows\system32\ADVAPI32.dll!OpenServiceW 000007fefeb7e514 12 bytes [48, B8, 6E, 29, F2, FF, FF, ...] .text C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe[2748] C:\Windows\system32\ADVAPI32.dll!CryptAcquireContextW + 1 000007fefeb801bd 11 bytes [B8, B4, 2F, F2, FF, FF, 07, ...] .text C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe[2748] C:\Windows\system32\ADVAPI32.dll!CryptCreateHash + 1 000007fefeb80291 11 bytes [B8, 60, 31, F2, FF, FF, 07, ...] .text C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe[2748] C:\Windows\system32\ADVAPI32.dll!CryptGetHashParam + 1 000007fefeb802bd 11 bytes [B8, 8C, 32, F2, FF, FF, 07, ...] .text C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe[2748] C:\Windows\system32\ADVAPI32.dll!CloseServiceHandle 000007fefeb8a830 12 bytes [48, B8, 5C, 2D, F2, FF, FF, ...] .text C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe[2748] C:\Windows\system32\ADVAPI32.dll!IsTextUnicode + 49 000007fefeb94291 11 bytes [B8, 6A, 25, F2, FF, FF, 07, ...] .text C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe[2748] C:\Windows\system32\ADVAPI32.dll!CreateServiceW 000007fefeb949b0 12 bytes [48, B8, 88, 2E, F2, FF, FF, ...] .text C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe[2748] C:\Windows\system32\ADVAPI32.dll!CryptEncrypt + 1 000007fefebaa409 7 bytes [B8, CA, 30, F2, FF, FF, 07] .text C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe[2748] C:\Windows\system32\ADVAPI32.dll!CryptEncrypt + 10 000007fefebaa412 2 bytes [50, C3] .text C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe[2748] C:\Windows\system32\ADVAPI32.dll!CreateServiceA 000007fefebaa490 12 bytes [48, B8, F2, 2D, F2, FF, FF, ...] .text C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe[2748] C:\Windows\system32\ADVAPI32.dll!ControlServiceExW 000007fefebaa5e8 36 bytes [48, B8, 9A, 2A, F2, FF, FF, ...] .text C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe[2748] C:\Windows\system32\ADVAPI32.dll!ChangeServiceConfigA 000007fefebaa66c 12 bytes [48, B8, 30, 2C, F2, FF, FF, ...] .text C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe[2748] C:\Windows\system32\GDI32.dll!GdiDllInitialize + 353 000007feff3caf11 11 bytes [B8, 00, 26, F2, FF, FF, 07, ...] .text C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe[2748] C:\Windows\system32\GDI32.dll!SetBrushAttributes + 1 000007feff3e49a9 11 bytes [B8, E2, 46, F2, FF, FF, 07, ...] .text C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe[2748] C:\Windows\system32\GDI32.dll!ClearBrushAttributes + 1 000007feff3e49c9 11 bytes [B8, 78, 47, F2, FF, FF, 07, ...] .text C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe[2748] C:\Windows\system32\GDI32.dll!NamedEscape + 1 000007feff3f9271 11 bytes [B8, 0E, 48, F2, FF, FF, 07, ...] .text C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe[2748] C:\Windows\system32\WS2_32.dll!WSASend + 1 000007fefea813b1 11 bytes [B8, 54, 4D, F2, FF, FF, 07, ...] .text C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe[2748] C:\Windows\system32\WS2_32.dll!closesocket 000007fefea818e0 12 bytes [48, B8, BE, 4C, F2, FF, FF, ...] .text C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe[2748] C:\Windows\system32\WS2_32.dll!WSASocketW + 1 000007fefea81bd1 11 bytes [B8, 28, 4C, F2, FF, FF, 07, ...] .text C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe[2748] C:\Windows\system32\WS2_32.dll!WSARecv + 1 000007fefea82201 11 bytes [B8, AC, 4F, F2, FF, FF, 07, ...] .text C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe[2748] C:\Windows\system32\WS2_32.dll!GetAddrInfoW 000007fefea823c0 12 bytes [48, B8, D0, 49, F2, FF, FF, ...] .text C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe[2748] C:\Windows\system32\WS2_32.dll!connect 000007fefea842f0 12 bytes [48, B8, 3A, 49, F2, FF, FF, ...] .text C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe[2748] C:\Windows\system32\WS2_32.dll!send + 1 000007fefea87cd1 11 bytes [B8, 92, 4B, F2, FF, FF, 07, ...] .text C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe[2748] C:\Windows\system32\WS2_32.dll!gethostbyname 000007fefea88ac0 8 bytes [48, B8, FC, 4A, F2, FF, FF, ...] .text C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe[2748] C:\Windows\system32\WS2_32.dll!gethostbyname + 9 000007fefea88ac9 3 bytes [00, 50, C3] .text C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe[2748] C:\Windows\system32\WS2_32.dll!GetAddrInfoExW 000007fefea8be40 12 bytes [48, B8, 66, 4A, F2, FF, FF, ...] .text C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe[2748] C:\Windows\system32\WS2_32.dll!socket + 1 000007fefea8d911 11 bytes [B8, EA, 4D, F2, FF, FF, 07, ...] .text C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe[2748] C:\Windows\system32\WS2_32.dll!recv + 1 000007fefea8d9c1 11 bytes [B8, 16, 4F, F2, FF, FF, 07, ...] .text C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe[2748] C:\Windows\system32\WS2_32.dll!WSAConnect + 1 000007fefeaae081 11 bytes [B8, 80, 4E, F2, FF, FF, 07, ...] .text C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe[2748] C:\Windows\system32\WINHTTP.dll!WinHttpCloseHandle 000007fef67e22d0 12 bytes [48, B8, D8, 50, F2, FF, FF, ...] .text C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe[2748] C:\Windows\system32\WINHTTP.dll!WinHttpOpenRequest 000007fef67e45f0 12 bytes [48, B8, 42, 50, F2, FF, FF, ...] .text C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe[2748] C:\Windows\system32\WINHTTP.dll!WinHttpConnect 000007fef67f3e68 12 bytes [48, B8, 6E, 51, F2, FF, FF, ...] .text C:\Program Files (x86)\MSI\Command Center\MSIControlService.exe[2940] C:\Windows\SysWOW64\ntdll.dll!NtClose 00000000774df9f0 5 bytes JMP 000000007ef20700 .text C:\Program Files (x86)\MSI\Command Center\MSIControlService.exe[2940] C:\Windows\SysWOW64\ntdll.dll!NtAllocateVirtualMemory 00000000774dfad0 5 bytes JMP 000000007ef208ba .text C:\Program Files (x86)\MSI\Command Center\MSIControlService.exe[2940] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationProcess 00000000774dfb38 1 byte JMP 000000007ef20656 .text C:\Program Files (x86)\MSI\Command Center\MSIControlService.exe[2940] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationProcess + 2 00000000774dfb3a 3 bytes {JMP 0x7a40b1e} .text C:\Program Files (x86)\MSI\Command Center\MSIControlService.exe[2940] C:\Windows\SysWOW64\ntdll.dll!NtQueryInformationToken 00000000774dfbb8 5 bytes JMP 000000007ef209ca .text C:\Program Files (x86)\MSI\Command Center\MSIControlService.exe[2940] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess 00000000774dfc30 5 bytes JMP 000000007ef203f2 .text C:\Program Files (x86)\MSI\Command Center\MSIControlService.exe[2940] C:\Windows\SysWOW64\ntdll.dll!NtMapViewOfSection 00000000774dfc60 5 bytes JMP 000000007ef20018 .text C:\Program Files (x86)\MSI\Command Center\MSIControlService.exe[2940] C:\Windows\SysWOW64\ntdll.dll!NtUnmapViewOfSection 00000000774dfc90 5 bytes JMP 000000007ef2003a .text C:\Program Files (x86)\MSI\Command Center\MSIControlService.exe[2940] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 00000000774dfcc0 5 bytes JMP 000000007ef20634 .text C:\Program Files (x86)\MSI\Command Center\MSIControlService.exe[2940] C:\Windows\SysWOW64\ntdll.dll!NtOpenSection 00000000774dfdd8 5 bytes JMP 000000007ef20a0e .text C:\Program Files (x86)\MSI\Command Center\MSIControlService.exe[2940] C:\Windows\SysWOW64\ntdll.dll!NtWriteVirtualMemory 00000000774dfe24 5 bytes JMP 000000007ef203ae .text C:\Program Files (x86)\MSI\Command Center\MSIControlService.exe[2940] C:\Windows\SysWOW64\ntdll.dll!NtDuplicateObject 00000000774dfe54 5 bytes JMP 000000007ef20436 .text C:\Program Files (x86)\MSI\Command Center\MSIControlService.exe[2940] C:\Windows\SysWOW64\ntdll.dll!NtOpenEvent 00000000774dfeb8 5 bytes JMP 000000007ef20876 .text C:\Program Files (x86)\MSI\Command Center\MSIControlService.exe[2940] C:\Windows\SysWOW64\ntdll.dll!NtAdjustPrivilegesToken 00000000774dfed0 5 bytes JMP 000000007ef20810 .text C:\Program Files (x86)\MSI\Command Center\MSIControlService.exe[2940] C:\Windows\SysWOW64\ntdll.dll!NtQueueApcThread 00000000774dff34 5 bytes JMP 000000007ef20414 .text C:\Program Files (x86)\MSI\Command Center\MSIControlService.exe[2940] C:\Windows\SysWOW64\ntdll.dll!NtCreateProcessEx 00000000774dfffc 5 bytes JMP 000000007ef2036a .text C:\Program Files (x86)\MSI\Command Center\MSIControlService.exe[2940] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread 00000000774e0014 5 bytes JMP 000000007ef20326 .text C:\Program Files (x86)\MSI\Command Center\MSIControlService.exe[2940] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory 00000000774e0048 5 bytes JMP 000000007ef208dc .text C:\Program Files (x86)\MSI\Command Center\MSIControlService.exe[2940] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile 00000000774e00c4 2 bytes JMP 000000007ef20128 .text C:\Program Files (x86)\MSI\Command Center\MSIControlService.exe[2940] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile + 3 00000000774e00c7 2 bytes [A4, 07] .text C:\Program Files (x86)\MSI\Command Center\MSIControlService.exe[2940] C:\Windows\SysWOW64\ntdll.dll!NtSetValueKey 00000000774e01d4 5 bytes JMP 000000007ef201b0 .text C:\Program Files (x86)\MSI\Command Center\MSIControlService.exe[2940] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant 00000000774e07ac 2 bytes JMP 000000007ef20898 .text C:\Program Files (x86)\MSI\Command Center\MSIControlService.exe[2940] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant + 3 00000000774e07af 2 bytes [A4, 07] .text C:\Program Files (x86)\MSI\Command Center\MSIControlService.exe[2940] C:\Windows\SysWOW64\ntdll.dll!NtCreateProcess 00000000774e0824 5 bytes JMP 000000007ef20348 .text C:\Program Files (x86)\MSI\Command Center\MSIControlService.exe[2940] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx 00000000774e08b4 5 bytes JMP 000000007ef20304 .text C:\Program Files (x86)\MSI\Command Center\MSIControlService.exe[2940] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver 00000000774e0e04 5 bytes JMP 000000007ef20722 .text C:\Program Files (x86)\MSI\Command Center\MSIControlService.exe[2940] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessToken 00000000774e10d0 5 bytes JMP 000000007ef209a8 .text C:\Program Files (x86)\MSI\Command Center\MSIControlService.exe[2940] C:\Windows\SysWOW64\ntdll.dll!NtRaiseHardError 00000000774e1614 5 bytes JMP 000000007ef205f0 .text C:\Program Files (x86)\MSI\Command Center\MSIControlService.exe[2940] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread 00000000774e1930 5 bytes JMP 000000007ef203d0 .text C:\Program Files (x86)\MSI\Command Center\MSIControlService.exe[2940] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation 00000000774e1bf4 5 bytes JMP 000000007ef20744 .text C:\Program Files (x86)\MSI\Command Center\MSIControlService.exe[2940] C:\Windows\SysWOW64\ntdll.dll!NtSuspendProcess 00000000774e1d64 5 bytes JMP 000000007ef2047a .text C:\Program Files (x86)\MSI\Command Center\MSIControlService.exe[2940] C:\Windows\SysWOW64\ntdll.dll!NtSuspendThread 00000000774e1d80 5 bytes JMP 000000007ef20458 .text C:\Program Files (x86)\MSI\Command Center\MSIControlService.exe[2940] C:\Windows\SysWOW64\ntdll.dll!NtSystemDebugControl 00000000774e1d9c 5 bytes JMP 000000007ef20a30 .text C:\Program Files (x86)\MSI\Command Center\MSIControlService.exe[2940] C:\Windows\SysWOW64\ntdll.dll!RtlQueryPerformanceCounter 00000000774f2954 5 bytes JMP 000000007ef200c2 .text C:\Program Files (x86)\MSI\Command Center\MSIControlService.exe[2940] C:\Windows\SysWOW64\ntdll.dll!RtlEqualSid 00000000774f8ee1 5 bytes JMP 000000007ef209ec .text C:\Program Files (x86)\MSI\Command Center\MSIControlService.exe[2940] C:\Windows\SysWOW64\ntdll.dll!RtlCreateProcessParametersEx 000000007752005b 5 bytes JMP 000000007ef2016c .text C:\Program Files (x86)\MSI\Command Center\MSIControlService.exe[2940] C:\Windows\SysWOW64\ntdll.dll!RtlReportException 0000000077568757 5 bytes JMP 000000007ef20612 .text C:\Program Files (x86)\MSI\Command Center\MSIControlService.exe[2940] C:\Windows\SysWOW64\ntdll.dll!RtlCreateProcessParameters 000000007756e9f7 5 bytes JMP 000000007ef2014a .text C:\Program Files (x86)\MSI\Command Center\MSIControlService.exe[2940] C:\Windows\syswow64\kernel32.dll!GetStartupInfoA 0000000076310e00 5 bytes JMP 000000007ef200e4 .text C:\Program Files (x86)\MSI\Command Center\MSIControlService.exe[2940] C:\Windows\syswow64\kernel32.dll!CreateProcessA 0000000076311072 5 bytes JMP 000000007ef202c0 .text C:\Program Files (x86)\MSI\Command Center\MSIControlService.exe[2940] C:\Windows\syswow64\kernel32.dll!LoadLibraryA 0000000076314977 5 bytes JMP 000000007ef20238 .text C:\Program Files (x86)\MSI\Command Center\MSIControlService.exe[2940] C:\Windows\syswow64\kernel32.dll!CreateProcessInternalW 0000000076323bbb 5 bytes JMP 000000007ef2038c .text C:\Program Files (x86)\MSI\Command Center\MSIControlService.exe[2940] C:\Windows\syswow64\kernel32.dll!MoveFileWithProgressW 0000000076329abc 5 bytes JMP 000000007ef207ee .text C:\Program Files (x86)\MSI\Command Center\MSIControlService.exe[2940] C:\Windows\syswow64\kernel32.dll!MoveFileExW 0000000076329b1d 5 bytes JMP 000000007ef207aa .text C:\Program Files (x86)\MSI\Command Center\MSIControlService.exe[2940] C:\Windows\syswow64\kernel32.dll!CreateToolhelp32Snapshot 000000007633733f 5 bytes JMP 000000007ef2025a .text C:\Program Files (x86)\MSI\Command Center\MSIControlService.exe[2940] C:\Windows\syswow64\kernel32.dll!Process32NextW 00000000763388f2 5 bytes JMP 000000007ef206de .text C:\Program Files (x86)\MSI\Command Center\MSIControlService.exe[2940] C:\Windows\syswow64\kernel32.dll!MoveFileExA 000000007633ccf1 5 bytes JMP 000000007ef20788 .text C:\Program Files (x86)\MSI\Command Center\MSIControlService.exe[2940] C:\Windows\syswow64\kernel32.dll!MoveFileWithProgressA 000000007633cd11 5 bytes JMP 000000007ef207cc .text C:\Program Files (x86)\MSI\Command Center\MSIControlService.exe[2940] C:\Windows\syswow64\kernel32.dll!WinExec 0000000076393231 5 bytes JMP 000000007ef2029e .text C:\Program Files (x86)\MSI\Command Center\MSIControlService.exe[2940] C:\Windows\syswow64\kernel32.dll!ReadConsoleInputA 00000000763b773b 5 bytes JMP 000000007ef20568 .text C:\Program Files (x86)\MSI\Command Center\MSIControlService.exe[2940] C:\Windows\syswow64\kernel32.dll!ReadConsoleInputW 00000000763b775e 5 bytes JMP 000000007ef2058a .text C:\Program Files (x86)\MSI\Command Center\MSIControlService.exe[2940] C:\Windows\syswow64\kernel32.dll!ReadConsoleA 00000000763b7b09 5 bytes JMP 000000007ef205ac .text C:\Program Files (x86)\MSI\Command Center\MSIControlService.exe[2940] C:\Windows\syswow64\kernel32.dll!ReadConsoleW 00000000763b7b82 5 bytes JMP 000000007ef205ce .text C:\Program Files (x86)\MSI\Command Center\MSIControlService.exe[2940] C:\Windows\syswow64\KERNELBASE.dll!GetSystemTimeAsFileTime 0000000077078fa5 5 bytes JMP 000000007ef200a0 .text C:\Program Files (x86)\MSI\Command Center\MSIControlService.exe[2940] C:\Windows\syswow64\KERNELBASE.dll!CloseHandle 000000007707c558 5 bytes JMP 000000007ef20546 .text C:\Program Files (x86)\MSI\Command Center\MSIControlService.exe[2940] C:\Windows\syswow64\KERNELBASE.dll!WriteProcessMemory 000000007707edc6 5 bytes JMP 000000007ef204e0 .text C:\Program Files (x86)\MSI\Command Center\MSIControlService.exe[2940] C:\Windows\syswow64\KERNELBASE.dll!ExitProcess 000000007707f329 5 bytes JMP 000000007ef201d2 .text C:\Program Files (x86)\MSI\Command Center\MSIControlService.exe[2940] C:\Windows\syswow64\KERNELBASE.dll!GetStartupInfoW 000000007707fbac 5 bytes JMP 000000007ef20106 .text C:\Program Files (x86)\MSI\Command Center\MSIControlService.exe[2940] C:\Windows\syswow64\KERNELBASE.dll!DefineDosDeviceW 000000007707fcda 5 bytes JMP 000000007ef20766 .text C:\Program Files (x86)\MSI\Command Center\MSIControlService.exe[2940] C:\Windows\syswow64\KERNELBASE.dll!CreateMutexW 000000007708147b 5 bytes JMP 000000007ef20524 .text C:\Program Files (x86)\MSI\Command Center\MSIControlService.exe[2940] C:\Windows\syswow64\KERNELBASE.dll!OpenMutexW 00000000770814a2 5 bytes JMP 000000007ef20502 .text C:\Program Files (x86)\MSI\Command Center\MSIControlService.exe[2940] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000077081e4c 5 bytes JMP 000000007ef2007e .text C:\Program Files (x86)\MSI\Command Center\MSIControlService.exe[2940] C:\Windows\syswow64\KERNELBASE.dll!GetProcAddress 0000000077081f38 5 bytes JMP 000000007ef20216 .text C:\Program Files (x86)\MSI\Command Center\MSIControlService.exe[2940] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000077082bdc 5 bytes JMP 000000007ef2069a .text C:\Program Files (x86)\MSI\Command Center\MSIControlService.exe[2940] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExA 0000000077082e40 5 bytes JMP 000000007ef20678 .text C:\Program Files (x86)\MSI\Command Center\MSIControlService.exe[2940] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000077082e7e 5 bytes JMP 000000007ef206bc .text C:\Program Files (x86)\MSI\Command Center\MSIControlService.exe[2940] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleA 0000000077082fe1 5 bytes JMP 000000007ef2005c .text C:\Program Files (x86)\MSI\Command Center\MSIControlService.exe[2940] C:\Windows\syswow64\KERNELBASE.dll!OpenThread 000000007708396a 5 bytes JMP 000000007ef2049c .text C:\Program Files (x86)\MSI\Command Center\MSIControlService.exe[2940] C:\Windows\syswow64\KERNELBASE.dll!SleepEx 0000000077083cd7 5 bytes JMP 000000007ef2018e .text C:\Program Files (x86)\MSI\Command Center\MSIControlService.exe[2940] C:\Windows\syswow64\KERNELBASE.dll!CreateRemoteThreadEx 0000000077083fdf 5 bytes JMP 000000007ef208fe .text C:\Program Files (x86)\MSI\Command Center\MSIControlService.exe[2940] C:\Windows\syswow64\KERNELBASE.dll!Sleep 00000000770845fd 5 bytes JMP 000000007ef201f4 .text C:\Program Files (x86)\MSI\Command Center\MSIControlService.exe[2940] C:\Windows\syswow64\KERNELBASE.dll!CreateThread 000000007708476f 5 bytes JMP 000000007ef204be .text C:\Program Files (x86)\MSI\Command Center\MSIControlService.exe[2940] C:\Windows\syswow64\KERNELBASE.dll!CreateRemoteThread 0000000077084798 5 bytes JMP 000000007ef202e2 .text C:\Program Files (x86)\MSI\Command Center\MSIControlService.exe[2940] C:\Windows\syswow64\KERNELBASE.dll!DeleteFileW 0000000077089dcf 5 bytes JMP 000000007ef20832 .text C:\Program Files (x86)\MSI\Command Center\MSIControlService.exe[2940] C:\Windows\syswow64\KERNELBASE.dll!DeleteFileA 000000007708a11c 5 bytes JMP 000000007ef20854 .text C:\Program Files (x86)\MSI\Command Center\MSIControlService.exe[2940] C:\Windows\syswow64\KERNELBASE.dll!FindNextFileW 000000007708a37a 5 bytes JMP 000000007ef20942 .text C:\Program Files (x86)\MSI\Command Center\MSIControlService.exe[2940] C:\Windows\syswow64\KERNELBASE.dll!FindClose 000000007708a589 5 bytes JMP 000000007ef20964 .text C:\Program Files (x86)\MSI\Command Center\MSIControlService.exe[2940] C:\Windows\syswow64\KERNELBASE.dll!FindFirstFileExW 000000007708a663 5 bytes JMP 000000007ef20920 .text C:\Program Files (x86)\MSI\Command Center\MSIControlService.exe[2940] C:\Windows\syswow64\KERNELBASE.dll!CreateFileA 000000007708c8a8 5 bytes JMP 000000007ef2027c .text C:\Program Files (x86)\MSI\Command Center\MSIControlService.exe[2940] C:\Windows\syswow64\KERNELBASE.dll!CreateWellKnownSid 000000007708e414 5 bytes JMP 000000007ef20986 .text C:\Program Files (x86)\MSI\Command Center\MSIControlService.exe[2940] C:\Windows\syswow64\USER32.dll!GetWindowLongW 0000000076ef6ffe 5 bytes JMP 000000007ef2115c .text C:\Program Files (x86)\MSI\Command Center\MSIControlService.exe[2940] C:\Windows\syswow64\USER32.dll!GetMessageW 0000000076ef78e2 5 bytes JMP 000000007ef20ed6 .text C:\Program Files (x86)\MSI\Command Center\MSIControlService.exe[2940] C:\Windows\syswow64\USER32.dll!GetMessageA 0000000076ef7bd3 5 bytes JMP 000000007ef20eb4 .text C:\Program Files (x86)\MSI\Command Center\MSIControlService.exe[2940] C:\Windows\syswow64\USER32.dll!SetWindowLongW 0000000076ef8332 5 bytes JMP 000000007ef211a0 .text C:\Program Files (x86)\MSI\Command Center\MSIControlService.exe[2940] C:\Windows\syswow64\USER32.dll!CreateWindowExW 0000000076ef8a29 5 bytes JMP 000000007ef20f80 .text C:\Program Files (x86)\MSI\Command Center\MSIControlService.exe[2940] C:\Windows\syswow64\USER32.dll!FindWindowW 0000000076ef98fd 5 bytes JMP 000000007ef210f6 .text C:\Program Files (x86)\MSI\Command Center\MSIControlService.exe[2940] C:\Windows\syswow64\USER32.dll!UserClientDllInitialize 0000000076efb6fa 5 bytes JMP 000000007ef20a52 .text C:\Program Files (x86)\MSI\Command Center\MSIControlService.exe[2940] C:\Windows\syswow64\USER32.dll!GetWindowLongA 0000000076efd166 5 bytes JMP 000000007ef2113a .text C:\Program Files (x86)\MSI\Command Center\MSIControlService.exe[2940] C:\Windows\syswow64\USER32.dll!CreateWindowExA 0000000076efd23e 5 bytes JMP 000000007ef20fa2 .text C:\Program Files (x86)\MSI\Command Center\MSIControlService.exe[2940] C:\Windows\syswow64\USER32.dll!SetWinEventHook 0000000076efee21 5 bytes JMP 000000007ef20e92 .text C:\Program Files (x86)\MSI\Command Center\MSIControlService.exe[2940] C:\Windows\syswow64\USER32.dll!FindWindowA 0000000076effffe 5 bytes JMP 000000007ef210b2 .text C:\Program Files (x86)\MSI\Command Center\MSIControlService.exe[2940] C:\Windows\syswow64\USER32.dll!FindWindowExA 0000000076f000f1 5 bytes JMP 000000007ef210d4 .text C:\Program Files (x86)\MSI\Command Center\MSIControlService.exe[2940] C:\Windows\syswow64\USER32.dll!PeekMessageW 0000000076f005d2 5 bytes JMP 000000007ef20f1a .text C:\Program Files (x86)\MSI\Command Center\MSIControlService.exe[2940] C:\Windows\syswow64\USER32.dll!ShowWindow 0000000076f00e13 5 bytes JMP 000000007ef20fc4 .text C:\Program Files (x86)\MSI\Command Center\MSIControlService.exe[2940] C:\Windows\syswow64\USER32.dll!SetWindowTextW 0000000076f01f14 5 bytes JMP 000000007ef21090 .text C:\Program Files (x86)\MSI\Command Center\MSIControlService.exe[2940] C:\Windows\syswow64\USER32.dll!UnhookWindowsHookEx 0000000076f0392d 5 bytes JMP 000000007ef20f5e .text C:\Program Files (x86)\MSI\Command Center\MSIControlService.exe[2940] C:\Windows\syswow64\USER32.dll!FindWindowExW 0000000076f0398a 5 bytes JMP 000000007ef21118 .text C:\Program Files (x86)\MSI\Command Center\MSIControlService.exe[2940] C:\Windows\syswow64\USER32.dll!PeekMessageA 0000000076f07044 5 bytes JMP 000000007ef20ef8 .text C:\Program Files (x86)\MSI\Command Center\MSIControlService.exe[2940] C:\Windows\syswow64\USER32.dll!SetWindowLongA 0000000076f071e0 5 bytes JMP 000000007ef2117e .text C:\Program Files (x86)\MSI\Command Center\MSIControlService.exe[2940] C:\Windows\syswow64\USER32.dll!CallNextHookEx 0000000076f07355 5 bytes JMP 000000007ef20f3c .text C:\Program Files (x86)\MSI\Command Center\MSIControlService.exe[2940] C:\Windows\syswow64\USER32.dll!SetWindowsHookExW 0000000076f081f5 5 bytes JMP 000000007ef20e70 .text C:\Program Files (x86)\MSI\Command Center\MSIControlService.exe[2940] C:\Windows\syswow64\USER32.dll!SendNotifyMessageW 0000000076f0825a 5 bytes JMP 000000007ef211e4 .text C:\Program Files (x86)\MSI\Command Center\MSIControlService.exe[2940] C:\Windows\syswow64\USER32.dll!SetWindowTextA 0000000076f086de 5 bytes JMP 000000007ef2106e .text C:\Program Files (x86)\MSI\Command Center\MSIControlService.exe[2940] C:\Windows\syswow64\USER32.dll!SetWindowsHookExA 0000000076f08f4c 5 bytes JMP 000000007ef20e4e .text C:\Program Files (x86)\MSI\Command Center\MSIControlService.exe[2940] C:\Windows\syswow64\USER32.dll!DialogBoxIndirectParamAorW 0000000076f1d954 5 bytes JMP 000000007ef21008 .text C:\Program Files (x86)\MSI\Command Center\MSIControlService.exe[2940] C:\Windows\syswow64\USER32.dll!CreateDialogIndirectParamAorW 0000000076f21080 5 bytes JMP 000000007ef20fe6 .text C:\Program Files (x86)\MSI\Command Center\MSIControlService.exe[2940] C:\Windows\syswow64\USER32.dll!MessageBoxExA 0000000076f4fd66 5 bytes JMP 000000007ef2102a .text C:\Program Files (x86)\MSI\Command Center\MSIControlService.exe[2940] C:\Windows\syswow64\USER32.dll!MessageBoxExW 0000000076f4fd8a 5 bytes JMP 000000007ef2104c .text C:\Program Files (x86)\MSI\Command Center\MSIControlService.exe[2940] C:\Windows\syswow64\USER32.dll!SendNotifyMessageA 0000000076f56df5 5 bytes JMP 000000007ef211c2 .text C:\Program Files (x86)\MSI\Command Center\MSIControlService.exe[2940] C:\Windows\syswow64\GDI32.dll!TranslateCharsetInfo + 505 0000000076d1633b 5 bytes JMP 000000007ef20a74 .text C:\Program Files (x86)\MSI\Command Center\MSIControlService.exe[2940] C:\Windows\syswow64\GDI32.dll!SetBrushAttributes 0000000076d385fd 5 bytes JMP 000000007ef20b40 .text C:\Program Files (x86)\MSI\Command Center\MSIControlService.exe[2940] C:\Windows\syswow64\GDI32.dll!ClearBrushAttributes 0000000076d3861c 5 bytes JMP 000000007ef20b62 .text C:\Program Files (x86)\MSI\Command Center\MSIControlService.exe[2940] C:\Windows\syswow64\GDI32.dll!NamedEscape 0000000076d4421d 5 bytes JMP 000000007ef20b84 .text C:\Program Files (x86)\MSI\Command Center\MSIControlService.exe[2940] C:\Windows\syswow64\msvcrt.dll!_lock + 41 000000007652a472 5 bytes JMP 000000007ef20a96 .text C:\Program Files (x86)\MSI\Command Center\MSIControlService.exe[2940] C:\Windows\syswow64\msvcrt.dll!__p__fmode 00000000765327ce 5 bytes JMP 000000007ef20b1e .text C:\Program Files (x86)\MSI\Command Center\MSIControlService.exe[2940] C:\Windows\syswow64\msvcrt.dll!__p__environ 000000007653e6cf 5 bytes JMP 000000007ef20afc .text C:\Program Files (x86)\MSI\Command Center\MSIControlService.exe[2940] C:\Windows\syswow64\ADVAPI32.dll!CryptGenKey 0000000076c28e69 5 bytes JMP 000000007ef20d60 .text C:\Program Files (x86)\MSI\Command Center\MSIControlService.exe[2940] C:\Windows\syswow64\ADVAPI32.dll!CryptAcquireContextA 0000000076c29159 5 bytes JMP 000000007ef20d1c .text C:\Program Files (x86)\MSI\Command Center\MSIControlService.exe[2940] C:\Windows\syswow64\ADVAPI32.dll!CryptExportKey 0000000076c29166 5 bytes JMP 000000007ef20dc6 .text C:\Program Files (x86)\MSI\Command Center\MSIControlService.exe[2940] C:\Windows\syswow64\ADVAPI32.dll!CryptImportKey 0000000076c2c4b2 5 bytes JMP 000000007ef20e2c .text C:\Program Files (x86)\MSI\Command Center\MSIControlService.exe[2940] C:\Windows\syswow64\ADVAPI32.dll!OpenServiceW 0000000076c2c9cc 5 bytes JMP 000000007ef20bc8 .text C:\Program Files (x86)\MSI\Command Center\MSIControlService.exe[2940] C:\Windows\syswow64\ADVAPI32.dll!CryptAcquireContextW 0000000076c2de94 5 bytes JMP 000000007ef20d3e .text C:\Program Files (x86)\MSI\Command Center\MSIControlService.exe[2940] C:\Windows\syswow64\ADVAPI32.dll!CryptHashData 0000000076c2deb6 5 bytes JMP 000000007ef20e0a .text C:\Program Files (x86)\MSI\Command Center\MSIControlService.exe[2940] C:\Windows\syswow64\ADVAPI32.dll!CryptCreateHash 0000000076c2dece 5 bytes JMP 000000007ef20da4 .text C:\Program Files (x86)\MSI\Command Center\MSIControlService.exe[2940] C:\Windows\syswow64\ADVAPI32.dll!CryptGetHashParam 0000000076c2defe 5 bytes JMP 000000007ef20de8 .text C:\Program Files (x86)\MSI\Command Center\MSIControlService.exe[2940] C:\Windows\syswow64\ADVAPI32.dll!OpenServiceA 0000000076c32b38 5 bytes JMP 000000007ef20ba6 .text C:\Program Files (x86)\MSI\Command Center\MSIControlService.exe[2940] C:\Windows\syswow64\ADVAPI32.dll!CloseServiceHandle 0000000076c335e4 5 bytes JMP 000000007ef20cb6 .text C:\Program Files (x86)\MSI\Command Center\MSIControlService.exe[2940] C:\Windows\syswow64\ADVAPI32.dll!RegOpenKeyExA + 222 0000000076c34939 5 bytes JMP 000000007ef20ab8 .text C:\Program Files (x86)\MSI\Command Center\MSIControlService.exe[2940] C:\Windows\syswow64\ADVAPI32.dll!CreateServiceW 0000000076c470a4 5 bytes JMP 000000007ef20cfa .text C:\Program Files (x86)\MSI\Command Center\MSIControlService.exe[2940] C:\Windows\syswow64\ADVAPI32.dll!ControlService 0000000076c470bc 5 bytes JMP 000000007ef20c2e .text C:\Program Files (x86)\MSI\Command Center\MSIControlService.exe[2940] C:\Windows\syswow64\ADVAPI32.dll!DeleteService 0000000076c470d4 5 bytes JMP 000000007ef20c50 .text C:\Program Files (x86)\MSI\Command Center\MSIControlService.exe[2940] C:\Windows\syswow64\ADVAPI32.dll!CryptEncrypt 0000000076c4771b 5 bytes JMP 000000007ef20d82 .text C:\Program Files (x86)\MSI\Command Center\MSIControlService.exe[2940] C:\Windows\syswow64\ADVAPI32.dll!ChangeServiceConfigA 0000000076c633a4 5 bytes JMP 000000007ef20c72 .text C:\Program Files (x86)\MSI\Command Center\MSIControlService.exe[2940] C:\Windows\syswow64\ADVAPI32.dll!ChangeServiceConfigW 0000000076c633b4 5 bytes JMP 000000007ef20c94 .text C:\Program Files (x86)\MSI\Command Center\MSIControlService.exe[2940] C:\Windows\syswow64\ADVAPI32.dll!ControlServiceExA 0000000076c633c4 5 bytes JMP 000000007ef20bea .text C:\Program Files (x86)\MSI\Command Center\MSIControlService.exe[2940] C:\Windows\syswow64\ADVAPI32.dll!ControlServiceExW 0000000076c633d4 5 bytes JMP 000000007ef20c0c .text C:\Program Files (x86)\MSI\Command Center\MSIControlService.exe[2940] C:\Windows\syswow64\ADVAPI32.dll!CreateServiceA 0000000076c63414 5 bytes JMP 000000007ef20cd8 .text C:\Program Files (x86)\MSI\Command Center\MSIControlService.exe[2940] C:\Windows\syswow64\SHELL32.dll!Shell_NotifyIconW 0000000075370179 5 bytes JMP 000000007ef21206 .text C:\Program Files (x86)\MSI\Command Center\DDR\MSIDDRService.exe[3004] C:\Windows\SysWOW64\ntdll.dll!NtClose 00000000774df9f0 5 bytes JMP 000000007ef20700 .text C:\Program Files (x86)\MSI\Command Center\DDR\MSIDDRService.exe[3004] C:\Windows\SysWOW64\ntdll.dll!NtAllocateVirtualMemory 00000000774dfad0 5 bytes JMP 000000007ef208ba .text C:\Program Files (x86)\MSI\Command Center\DDR\MSIDDRService.exe[3004] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationProcess 00000000774dfb38 1 byte JMP 000000007ef20656 .text C:\Program Files (x86)\MSI\Command Center\DDR\MSIDDRService.exe[3004] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationProcess + 2 00000000774dfb3a 3 bytes {JMP 0x7a40b1e} .text C:\Program Files (x86)\MSI\Command Center\DDR\MSIDDRService.exe[3004] C:\Windows\SysWOW64\ntdll.dll!NtQueryInformationToken 00000000774dfbb8 5 bytes JMP 000000007ef209ca .text C:\Program Files (x86)\MSI\Command Center\DDR\MSIDDRService.exe[3004] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess 00000000774dfc30 5 bytes JMP 000000007ef203f2 .text C:\Program Files (x86)\MSI\Command Center\DDR\MSIDDRService.exe[3004] C:\Windows\SysWOW64\ntdll.dll!NtMapViewOfSection 00000000774dfc60 5 bytes JMP 000000007ef20018 .text C:\Program Files (x86)\MSI\Command Center\DDR\MSIDDRService.exe[3004] C:\Windows\SysWOW64\ntdll.dll!NtUnmapViewOfSection 00000000774dfc90 5 bytes JMP 000000007ef2003a .text C:\Program Files (x86)\MSI\Command Center\DDR\MSIDDRService.exe[3004] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 00000000774dfcc0 5 bytes JMP 000000007ef20634 .text C:\Program Files (x86)\MSI\Command Center\DDR\MSIDDRService.exe[3004] C:\Windows\SysWOW64\ntdll.dll!NtOpenSection 00000000774dfdd8 5 bytes JMP 000000007ef20a0e .text C:\Program Files (x86)\MSI\Command Center\DDR\MSIDDRService.exe[3004] C:\Windows\SysWOW64\ntdll.dll!NtWriteVirtualMemory 00000000774dfe24 5 bytes JMP 000000007ef203ae .text C:\Program Files (x86)\MSI\Command Center\DDR\MSIDDRService.exe[3004] C:\Windows\SysWOW64\ntdll.dll!NtDuplicateObject 00000000774dfe54 5 bytes JMP 000000007ef20436 .text C:\Program Files (x86)\MSI\Command Center\DDR\MSIDDRService.exe[3004] C:\Windows\SysWOW64\ntdll.dll!NtOpenEvent 00000000774dfeb8 5 bytes JMP 000000007ef20876 .text C:\Program Files (x86)\MSI\Command Center\DDR\MSIDDRService.exe[3004] C:\Windows\SysWOW64\ntdll.dll!NtAdjustPrivilegesToken 00000000774dfed0 5 bytes JMP 000000007ef20810 .text C:\Program Files (x86)\MSI\Command Center\DDR\MSIDDRService.exe[3004] C:\Windows\SysWOW64\ntdll.dll!NtQueueApcThread 00000000774dff34 5 bytes JMP 000000007ef20414 .text C:\Program Files (x86)\MSI\Command Center\DDR\MSIDDRService.exe[3004] C:\Windows\SysWOW64\ntdll.dll!NtCreateProcessEx 00000000774dfffc 5 bytes JMP 000000007ef2036a .text C:\Program Files (x86)\MSI\Command Center\DDR\MSIDDRService.exe[3004] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread 00000000774e0014 5 bytes JMP 000000007ef20326 .text C:\Program Files (x86)\MSI\Command Center\DDR\MSIDDRService.exe[3004] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory 00000000774e0048 5 bytes JMP 000000007ef208dc .text C:\Program Files (x86)\MSI\Command Center\DDR\MSIDDRService.exe[3004] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile 00000000774e00c4 2 bytes JMP 000000007ef20128 .text C:\Program Files (x86)\MSI\Command Center\DDR\MSIDDRService.exe[3004] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile + 3 00000000774e00c7 2 bytes [A4, 07] .text C:\Program Files (x86)\MSI\Command Center\DDR\MSIDDRService.exe[3004] C:\Windows\SysWOW64\ntdll.dll!NtSetValueKey 00000000774e01d4 5 bytes JMP 000000007ef201b0 .text C:\Program Files (x86)\MSI\Command Center\DDR\MSIDDRService.exe[3004] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant 00000000774e07ac 2 bytes JMP 000000007ef20898 .text C:\Program Files (x86)\MSI\Command Center\DDR\MSIDDRService.exe[3004] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant + 3 00000000774e07af 2 bytes [A4, 07] .text C:\Program Files (x86)\MSI\Command Center\DDR\MSIDDRService.exe[3004] C:\Windows\SysWOW64\ntdll.dll!NtCreateProcess 00000000774e0824 5 bytes JMP 000000007ef20348 .text C:\Program Files (x86)\MSI\Command Center\DDR\MSIDDRService.exe[3004] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx 00000000774e08b4 5 bytes JMP 000000007ef20304 .text C:\Program Files (x86)\MSI\Command Center\DDR\MSIDDRService.exe[3004] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver 00000000774e0e04 5 bytes JMP 000000007ef20722 .text C:\Program Files (x86)\MSI\Command Center\DDR\MSIDDRService.exe[3004] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessToken 00000000774e10d0 5 bytes JMP 000000007ef209a8 .text C:\Program Files (x86)\MSI\Command Center\DDR\MSIDDRService.exe[3004] C:\Windows\SysWOW64\ntdll.dll!NtRaiseHardError 00000000774e1614 5 bytes JMP 000000007ef205f0 .text C:\Program Files (x86)\MSI\Command Center\DDR\MSIDDRService.exe[3004] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread 00000000774e1930 5 bytes JMP 000000007ef203d0 .text C:\Program Files (x86)\MSI\Command Center\DDR\MSIDDRService.exe[3004] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation 00000000774e1bf4 5 bytes JMP 000000007ef20744 .text C:\Program Files (x86)\MSI\Command Center\DDR\MSIDDRService.exe[3004] C:\Windows\SysWOW64\ntdll.dll!NtSuspendProcess 00000000774e1d64 5 bytes JMP 000000007ef2047a .text C:\Program Files (x86)\MSI\Command Center\DDR\MSIDDRService.exe[3004] C:\Windows\SysWOW64\ntdll.dll!NtSuspendThread 00000000774e1d80 5 bytes JMP 000000007ef20458 .text C:\Program Files (x86)\MSI\Command Center\DDR\MSIDDRService.exe[3004] C:\Windows\SysWOW64\ntdll.dll!NtSystemDebugControl 00000000774e1d9c 5 bytes JMP 000000007ef20a30 .text C:\Program Files (x86)\MSI\Command Center\DDR\MSIDDRService.exe[3004] C:\Windows\SysWOW64\ntdll.dll!RtlQueryPerformanceCounter 00000000774f2954 5 bytes JMP 000000007ef200c2 .text C:\Program Files (x86)\MSI\Command Center\DDR\MSIDDRService.exe[3004] C:\Windows\SysWOW64\ntdll.dll!RtlEqualSid 00000000774f8ee1 5 bytes JMP 000000007ef209ec .text C:\Program Files (x86)\MSI\Command Center\DDR\MSIDDRService.exe[3004] C:\Windows\SysWOW64\ntdll.dll!RtlCreateProcessParametersEx 000000007752005b 5 bytes JMP 000000007ef2016c .text C:\Program Files (x86)\MSI\Command Center\DDR\MSIDDRService.exe[3004] C:\Windows\SysWOW64\ntdll.dll!RtlReportException 0000000077568757 5 bytes JMP 000000007ef20612 .text C:\Program Files (x86)\MSI\Command Center\DDR\MSIDDRService.exe[3004] C:\Windows\SysWOW64\ntdll.dll!RtlCreateProcessParameters 000000007756e9f7 5 bytes JMP 000000007ef2014a .text C:\Program Files (x86)\MSI\Command Center\DDR\MSIDDRService.exe[3004] C:\Windows\syswow64\kernel32.dll!GetStartupInfoA 0000000076310e00 5 bytes JMP 000000007ef200e4 .text C:\Program Files (x86)\MSI\Command Center\DDR\MSIDDRService.exe[3004] C:\Windows\syswow64\kernel32.dll!CreateProcessA 0000000076311072 5 bytes JMP 000000007ef202c0 .text C:\Program Files (x86)\MSI\Command Center\DDR\MSIDDRService.exe[3004] C:\Windows\syswow64\kernel32.dll!LoadLibraryA 0000000076314977 5 bytes JMP 000000007ef20238 .text C:\Program Files (x86)\MSI\Command Center\DDR\MSIDDRService.exe[3004] C:\Windows\syswow64\kernel32.dll!CreateProcessInternalW 0000000076323bbb 5 bytes JMP 000000007ef2038c .text C:\Program Files (x86)\MSI\Command Center\DDR\MSIDDRService.exe[3004] C:\Windows\syswow64\kernel32.dll!MoveFileWithProgressW 0000000076329abc 5 bytes JMP 000000007ef207ee .text C:\Program Files (x86)\MSI\Command Center\DDR\MSIDDRService.exe[3004] C:\Windows\syswow64\kernel32.dll!MoveFileExW 0000000076329b1d 5 bytes JMP 000000007ef207aa .text C:\Program Files (x86)\MSI\Command Center\DDR\MSIDDRService.exe[3004] C:\Windows\syswow64\kernel32.dll!CreateToolhelp32Snapshot 000000007633733f 5 bytes JMP 000000007ef2025a .text C:\Program Files (x86)\MSI\Command Center\DDR\MSIDDRService.exe[3004] C:\Windows\syswow64\kernel32.dll!Process32NextW 00000000763388f2 5 bytes JMP 000000007ef206de .text C:\Program Files (x86)\MSI\Command Center\DDR\MSIDDRService.exe[3004] C:\Windows\syswow64\kernel32.dll!MoveFileExA 000000007633ccf1 5 bytes JMP 000000007ef20788 .text C:\Program Files (x86)\MSI\Command Center\DDR\MSIDDRService.exe[3004] C:\Windows\syswow64\kernel32.dll!MoveFileWithProgressA 000000007633cd11 5 bytes JMP 000000007ef207cc .text C:\Program Files (x86)\MSI\Command Center\DDR\MSIDDRService.exe[3004] C:\Windows\syswow64\kernel32.dll!WinExec 0000000076393231 5 bytes JMP 000000007ef2029e .text C:\Program Files (x86)\MSI\Command Center\DDR\MSIDDRService.exe[3004] C:\Windows\syswow64\kernel32.dll!ReadConsoleInputA 00000000763b773b 5 bytes JMP 000000007ef20568 .text C:\Program Files (x86)\MSI\Command Center\DDR\MSIDDRService.exe[3004] C:\Windows\syswow64\kernel32.dll!ReadConsoleInputW 00000000763b775e 5 bytes JMP 000000007ef2058a .text C:\Program Files (x86)\MSI\Command Center\DDR\MSIDDRService.exe[3004] C:\Windows\syswow64\kernel32.dll!ReadConsoleA 00000000763b7b09 5 bytes JMP 000000007ef205ac .text C:\Program Files (x86)\MSI\Command Center\DDR\MSIDDRService.exe[3004] C:\Windows\syswow64\kernel32.dll!ReadConsoleW 00000000763b7b82 5 bytes JMP 000000007ef205ce .text C:\Program Files (x86)\MSI\Command Center\DDR\MSIDDRService.exe[3004] C:\Windows\syswow64\KERNELBASE.dll!GetSystemTimeAsFileTime 0000000077078fa5 5 bytes JMP 000000007ef200a0 .text C:\Program Files (x86)\MSI\Command Center\DDR\MSIDDRService.exe[3004] C:\Windows\syswow64\KERNELBASE.dll!CloseHandle 000000007707c558 5 bytes JMP 000000007ef20546 .text C:\Program Files (x86)\MSI\Command Center\DDR\MSIDDRService.exe[3004] C:\Windows\syswow64\KERNELBASE.dll!WriteProcessMemory 000000007707edc6 5 bytes JMP 000000007ef204e0 .text C:\Program Files (x86)\MSI\Command Center\DDR\MSIDDRService.exe[3004] C:\Windows\syswow64\KERNELBASE.dll!ExitProcess 000000007707f329 5 bytes JMP 000000007ef201d2 .text C:\Program Files (x86)\MSI\Command Center\DDR\MSIDDRService.exe[3004] C:\Windows\syswow64\KERNELBASE.dll!GetStartupInfoW 000000007707fbac 5 bytes JMP 000000007ef20106 .text C:\Program Files (x86)\MSI\Command Center\DDR\MSIDDRService.exe[3004] C:\Windows\syswow64\KERNELBASE.dll!DefineDosDeviceW 000000007707fcda 5 bytes JMP 000000007ef20766 .text C:\Program Files (x86)\MSI\Command Center\DDR\MSIDDRService.exe[3004] C:\Windows\syswow64\KERNELBASE.dll!CreateMutexW 000000007708147b 5 bytes JMP 000000007ef20524 .text C:\Program Files (x86)\MSI\Command Center\DDR\MSIDDRService.exe[3004] C:\Windows\syswow64\KERNELBASE.dll!OpenMutexW 00000000770814a2 5 bytes JMP 000000007ef20502 .text C:\Program Files (x86)\MSI\Command Center\DDR\MSIDDRService.exe[3004] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000077081e4c 5 bytes JMP 000000007ef2007e .text C:\Program Files (x86)\MSI\Command Center\DDR\MSIDDRService.exe[3004] C:\Windows\syswow64\KERNELBASE.dll!GetProcAddress 0000000077081f38 5 bytes JMP 000000007ef20216 .text C:\Program Files (x86)\MSI\Command Center\DDR\MSIDDRService.exe[3004] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000077082bdc 5 bytes JMP 000000007ef2069a .text C:\Program Files (x86)\MSI\Command Center\DDR\MSIDDRService.exe[3004] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExA 0000000077082e40 5 bytes JMP 000000007ef20678 .text C:\Program Files (x86)\MSI\Command Center\DDR\MSIDDRService.exe[3004] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000077082e7e 5 bytes JMP 000000007ef206bc .text C:\Program Files (x86)\MSI\Command Center\DDR\MSIDDRService.exe[3004] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleA 0000000077082fe1 5 bytes JMP 000000007ef2005c .text C:\Program Files (x86)\MSI\Command Center\DDR\MSIDDRService.exe[3004] C:\Windows\syswow64\KERNELBASE.dll!OpenThread 000000007708396a 5 bytes JMP 000000007ef2049c .text C:\Program Files (x86)\MSI\Command Center\DDR\MSIDDRService.exe[3004] C:\Windows\syswow64\KERNELBASE.dll!SleepEx 0000000077083cd7 5 bytes JMP 000000007ef2018e .text C:\Program Files (x86)\MSI\Command Center\DDR\MSIDDRService.exe[3004] C:\Windows\syswow64\KERNELBASE.dll!CreateRemoteThreadEx 0000000077083fdf 5 bytes JMP 000000007ef208fe .text C:\Program Files (x86)\MSI\Command Center\DDR\MSIDDRService.exe[3004] C:\Windows\syswow64\KERNELBASE.dll!Sleep 00000000770845fd 5 bytes JMP 000000007ef201f4 .text C:\Program Files (x86)\MSI\Command Center\DDR\MSIDDRService.exe[3004] C:\Windows\syswow64\KERNELBASE.dll!CreateThread 000000007708476f 5 bytes JMP 000000007ef204be .text C:\Program Files (x86)\MSI\Command Center\DDR\MSIDDRService.exe[3004] C:\Windows\syswow64\KERNELBASE.dll!CreateRemoteThread 0000000077084798 5 bytes JMP 000000007ef202e2 .text C:\Program Files (x86)\MSI\Command Center\DDR\MSIDDRService.exe[3004] C:\Windows\syswow64\KERNELBASE.dll!DeleteFileW 0000000077089dcf 5 bytes JMP 000000007ef20832 .text C:\Program Files (x86)\MSI\Command Center\DDR\MSIDDRService.exe[3004] C:\Windows\syswow64\KERNELBASE.dll!DeleteFileA 000000007708a11c 5 bytes JMP 000000007ef20854 .text C:\Program Files (x86)\MSI\Command Center\DDR\MSIDDRService.exe[3004] C:\Windows\syswow64\KERNELBASE.dll!FindNextFileW 000000007708a37a 5 bytes JMP 000000007ef20942 .text C:\Program Files (x86)\MSI\Command Center\DDR\MSIDDRService.exe[3004] C:\Windows\syswow64\KERNELBASE.dll!FindClose 000000007708a589 5 bytes JMP 000000007ef20964 .text C:\Program Files (x86)\MSI\Command Center\DDR\MSIDDRService.exe[3004] C:\Windows\syswow64\KERNELBASE.dll!FindFirstFileExW 000000007708a663 5 bytes JMP 000000007ef20920 .text C:\Program Files (x86)\MSI\Command Center\DDR\MSIDDRService.exe[3004] C:\Windows\syswow64\KERNELBASE.dll!CreateFileA 000000007708c8a8 5 bytes JMP 000000007ef2027c .text C:\Program Files (x86)\MSI\Command Center\DDR\MSIDDRService.exe[3004] C:\Windows\syswow64\KERNELBASE.dll!CreateWellKnownSid 000000007708e414 5 bytes JMP 000000007ef20986 .text C:\Program Files (x86)\MSI\Command Center\DDR\MSIDDRService.exe[3004] C:\Windows\syswow64\USER32.dll!GetWindowLongW 0000000076ef6ffe 5 bytes JMP 000000007ef2115c .text C:\Program Files (x86)\MSI\Command Center\DDR\MSIDDRService.exe[3004] C:\Windows\syswow64\USER32.dll!GetMessageW 0000000076ef78e2 5 bytes JMP 000000007ef20ed6 .text C:\Program Files (x86)\MSI\Command Center\DDR\MSIDDRService.exe[3004] C:\Windows\syswow64\USER32.dll!GetMessageA 0000000076ef7bd3 5 bytes JMP 000000007ef20eb4 .text C:\Program Files (x86)\MSI\Command Center\DDR\MSIDDRService.exe[3004] C:\Windows\syswow64\USER32.dll!SetWindowLongW 0000000076ef8332 5 bytes JMP 000000007ef211a0 .text C:\Program Files (x86)\MSI\Command Center\DDR\MSIDDRService.exe[3004] C:\Windows\syswow64\USER32.dll!CreateWindowExW 0000000076ef8a29 5 bytes JMP 000000007ef20f80 .text C:\Program Files (x86)\MSI\Command Center\DDR\MSIDDRService.exe[3004] C:\Windows\syswow64\USER32.dll!FindWindowW 0000000076ef98fd 5 bytes JMP 000000007ef210f6 .text C:\Program Files (x86)\MSI\Command Center\DDR\MSIDDRService.exe[3004] C:\Windows\syswow64\USER32.dll!UserClientDllInitialize 0000000076efb6fa 5 bytes JMP 000000007ef20a52 .text C:\Program Files (x86)\MSI\Command Center\DDR\MSIDDRService.exe[3004] C:\Windows\syswow64\USER32.dll!GetWindowLongA 0000000076efd166 5 bytes JMP 000000007ef2113a .text C:\Program Files (x86)\MSI\Command Center\DDR\MSIDDRService.exe[3004] C:\Windows\syswow64\USER32.dll!CreateWindowExA 0000000076efd23e 5 bytes JMP 000000007ef20fa2 .text C:\Program Files (x86)\MSI\Command Center\DDR\MSIDDRService.exe[3004] C:\Windows\syswow64\USER32.dll!SetWinEventHook 0000000076efee21 5 bytes JMP 000000007ef20e92 .text C:\Program Files (x86)\MSI\Command Center\DDR\MSIDDRService.exe[3004] C:\Windows\syswow64\USER32.dll!FindWindowA 0000000076effffe 5 bytes JMP 000000007ef210b2 .text C:\Program Files (x86)\MSI\Command Center\DDR\MSIDDRService.exe[3004] C:\Windows\syswow64\USER32.dll!FindWindowExA 0000000076f000f1 5 bytes JMP 000000007ef210d4 .text C:\Program Files (x86)\MSI\Command Center\DDR\MSIDDRService.exe[3004] C:\Windows\syswow64\USER32.dll!PeekMessageW 0000000076f005d2 5 bytes JMP 000000007ef20f1a .text C:\Program Files (x86)\MSI\Command Center\DDR\MSIDDRService.exe[3004] C:\Windows\syswow64\USER32.dll!ShowWindow 0000000076f00e13 5 bytes JMP 000000007ef20fc4 .text C:\Program Files (x86)\MSI\Command Center\DDR\MSIDDRService.exe[3004] C:\Windows\syswow64\USER32.dll!SetWindowTextW 0000000076f01f14 5 bytes JMP 000000007ef21090 .text C:\Program Files (x86)\MSI\Command Center\DDR\MSIDDRService.exe[3004] C:\Windows\syswow64\USER32.dll!UnhookWindowsHookEx 0000000076f0392d 5 bytes JMP 000000007ef20f5e .text C:\Program Files (x86)\MSI\Command Center\DDR\MSIDDRService.exe[3004] C:\Windows\syswow64\USER32.dll!FindWindowExW 0000000076f0398a 5 bytes JMP 000000007ef21118 .text C:\Program Files (x86)\MSI\Command Center\DDR\MSIDDRService.exe[3004] C:\Windows\syswow64\USER32.dll!PeekMessageA 0000000076f07044 5 bytes JMP 000000007ef20ef8 .text C:\Program Files (x86)\MSI\Command Center\DDR\MSIDDRService.exe[3004] C:\Windows\syswow64\USER32.dll!SetWindowLongA 0000000076f071e0 5 bytes JMP 000000007ef2117e .text C:\Program Files (x86)\MSI\Command Center\DDR\MSIDDRService.exe[3004] C:\Windows\syswow64\USER32.dll!CallNextHookEx 0000000076f07355 5 bytes JMP 000000007ef20f3c .text C:\Program Files (x86)\MSI\Command Center\DDR\MSIDDRService.exe[3004] C:\Windows\syswow64\USER32.dll!SetWindowsHookExW 0000000076f081f5 5 bytes JMP 000000007ef20e70 .text C:\Program Files (x86)\MSI\Command Center\DDR\MSIDDRService.exe[3004] C:\Windows\syswow64\USER32.dll!SendNotifyMessageW 0000000076f0825a 5 bytes JMP 000000007ef211e4 .text C:\Program Files (x86)\MSI\Command Center\DDR\MSIDDRService.exe[3004] C:\Windows\syswow64\USER32.dll!SetWindowTextA 0000000076f086de 5 bytes JMP 000000007ef2106e .text C:\Program Files (x86)\MSI\Command Center\DDR\MSIDDRService.exe[3004] C:\Windows\syswow64\USER32.dll!SetWindowsHookExA 0000000076f08f4c 5 bytes JMP 000000007ef20e4e .text C:\Program Files (x86)\MSI\Command Center\DDR\MSIDDRService.exe[3004] C:\Windows\syswow64\USER32.dll!DialogBoxIndirectParamAorW 0000000076f1d954 5 bytes JMP 000000007ef21008 .text C:\Program Files (x86)\MSI\Command Center\DDR\MSIDDRService.exe[3004] C:\Windows\syswow64\USER32.dll!CreateDialogIndirectParamAorW 0000000076f21080 5 bytes JMP 000000007ef20fe6 .text C:\Program Files (x86)\MSI\Command Center\DDR\MSIDDRService.exe[3004] C:\Windows\syswow64\USER32.dll!MessageBoxExA 0000000076f4fd66 5 bytes JMP 000000007ef2102a .text C:\Program Files (x86)\MSI\Command Center\DDR\MSIDDRService.exe[3004] C:\Windows\syswow64\USER32.dll!MessageBoxExW 0000000076f4fd8a 5 bytes JMP 000000007ef2104c .text C:\Program Files (x86)\MSI\Command Center\DDR\MSIDDRService.exe[3004] C:\Windows\syswow64\USER32.dll!SendNotifyMessageA 0000000076f56df5 5 bytes JMP 000000007ef211c2 .text C:\Program Files (x86)\MSI\Command Center\DDR\MSIDDRService.exe[3004] C:\Windows\syswow64\GDI32.dll!TranslateCharsetInfo + 505 0000000076d1633b 5 bytes JMP 000000007ef20a74 .text C:\Program Files (x86)\MSI\Command Center\DDR\MSIDDRService.exe[3004] C:\Windows\syswow64\GDI32.dll!SetBrushAttributes 0000000076d385fd 5 bytes JMP 000000007ef20b40 .text C:\Program Files (x86)\MSI\Command Center\DDR\MSIDDRService.exe[3004] C:\Windows\syswow64\GDI32.dll!ClearBrushAttributes 0000000076d3861c 5 bytes JMP 000000007ef20b62 .text C:\Program Files (x86)\MSI\Command Center\DDR\MSIDDRService.exe[3004] C:\Windows\syswow64\GDI32.dll!NamedEscape 0000000076d4421d 5 bytes JMP 000000007ef20b84 .text C:\Program Files (x86)\MSI\Command Center\DDR\MSIDDRService.exe[3004] C:\Windows\syswow64\msvcrt.dll!_lock + 41 000000007652a472 5 bytes JMP 000000007ef20a96 .text C:\Program Files (x86)\MSI\Command Center\DDR\MSIDDRService.exe[3004] C:\Windows\syswow64\msvcrt.dll!__p__fmode 00000000765327ce 5 bytes JMP 000000007ef20b1e .text C:\Program Files (x86)\MSI\Command Center\DDR\MSIDDRService.exe[3004] C:\Windows\syswow64\msvcrt.dll!__p__environ 000000007653e6cf 5 bytes JMP 000000007ef20afc .text C:\Program Files (x86)\MSI\Command Center\DDR\MSIDDRService.exe[3004] C:\Windows\syswow64\ADVAPI32.dll!CryptGenKey 0000000076c28e69 5 bytes JMP 000000007ef20d60 .text C:\Program Files (x86)\MSI\Command Center\DDR\MSIDDRService.exe[3004] C:\Windows\syswow64\ADVAPI32.dll!CryptAcquireContextA 0000000076c29159 5 bytes JMP 000000007ef20d1c .text C:\Program Files (x86)\MSI\Command Center\DDR\MSIDDRService.exe[3004] C:\Windows\syswow64\ADVAPI32.dll!CryptExportKey 0000000076c29166 5 bytes JMP 000000007ef20dc6 .text C:\Program Files (x86)\MSI\Command Center\DDR\MSIDDRService.exe[3004] C:\Windows\syswow64\ADVAPI32.dll!CryptImportKey 0000000076c2c4b2 5 bytes JMP 000000007ef20e2c .text C:\Program Files (x86)\MSI\Command Center\DDR\MSIDDRService.exe[3004] C:\Windows\syswow64\ADVAPI32.dll!OpenServiceW 0000000076c2c9cc 5 bytes JMP 000000007ef20bc8 .text C:\Program Files (x86)\MSI\Command Center\DDR\MSIDDRService.exe[3004] C:\Windows\syswow64\ADVAPI32.dll!CryptAcquireContextW 0000000076c2de94 5 bytes JMP 000000007ef20d3e .text C:\Program Files (x86)\MSI\Command Center\DDR\MSIDDRService.exe[3004] C:\Windows\syswow64\ADVAPI32.dll!CryptHashData 0000000076c2deb6 5 bytes JMP 000000007ef20e0a .text C:\Program Files (x86)\MSI\Command Center\DDR\MSIDDRService.exe[3004] C:\Windows\syswow64\ADVAPI32.dll!CryptCreateHash 0000000076c2dece 5 bytes JMP 000000007ef20da4 .text C:\Program Files (x86)\MSI\Command Center\DDR\MSIDDRService.exe[3004] C:\Windows\syswow64\ADVAPI32.dll!CryptGetHashParam 0000000076c2defe 5 bytes JMP 000000007ef20de8 .text C:\Program Files (x86)\MSI\Command Center\DDR\MSIDDRService.exe[3004] C:\Windows\syswow64\ADVAPI32.dll!OpenServiceA 0000000076c32b38 5 bytes JMP 000000007ef20ba6 .text C:\Program Files (x86)\MSI\Command Center\DDR\MSIDDRService.exe[3004] C:\Windows\syswow64\ADVAPI32.dll!CloseServiceHandle 0000000076c335e4 5 bytes JMP 000000007ef20cb6 .text C:\Program Files (x86)\MSI\Command Center\DDR\MSIDDRService.exe[3004] C:\Windows\syswow64\ADVAPI32.dll!RegOpenKeyExA + 222 0000000076c34939 5 bytes JMP 000000007ef20ab8 .text C:\Program Files (x86)\MSI\Command Center\DDR\MSIDDRService.exe[3004] C:\Windows\syswow64\ADVAPI32.dll!CreateServiceW 0000000076c470a4 5 bytes JMP 000000007ef20cfa .text C:\Program Files (x86)\MSI\Command Center\DDR\MSIDDRService.exe[3004] C:\Windows\syswow64\ADVAPI32.dll!ControlService 0000000076c470bc 5 bytes JMP 000000007ef20c2e .text C:\Program Files (x86)\MSI\Command Center\DDR\MSIDDRService.exe[3004] C:\Windows\syswow64\ADVAPI32.dll!DeleteService 0000000076c470d4 5 bytes JMP 000000007ef20c50 .text C:\Program Files (x86)\MSI\Command Center\DDR\MSIDDRService.exe[3004] C:\Windows\syswow64\ADVAPI32.dll!CryptEncrypt 0000000076c4771b 5 bytes JMP 000000007ef20d82 .text C:\Program Files (x86)\MSI\Command Center\DDR\MSIDDRService.exe[3004] C:\Windows\syswow64\ADVAPI32.dll!ChangeServiceConfigA 0000000076c633a4 5 bytes JMP 000000007ef20c72 .text C:\Program Files (x86)\MSI\Command Center\DDR\MSIDDRService.exe[3004] C:\Windows\syswow64\ADVAPI32.dll!ChangeServiceConfigW 0000000076c633b4 5 bytes JMP 000000007ef20c94 .text C:\Program Files (x86)\MSI\Command Center\DDR\MSIDDRService.exe[3004] C:\Windows\syswow64\ADVAPI32.dll!ControlServiceExA 0000000076c633c4 5 bytes JMP 000000007ef20bea .text C:\Program Files (x86)\MSI\Command Center\DDR\MSIDDRService.exe[3004] C:\Windows\syswow64\ADVAPI32.dll!ControlServiceExW 0000000076c633d4 5 bytes JMP 000000007ef20c0c .text C:\Program Files (x86)\MSI\Command Center\DDR\MSIDDRService.exe[3004] C:\Windows\syswow64\ADVAPI32.dll!CreateServiceA 0000000076c63414 5 bytes JMP 000000007ef20cd8 .text C:\Program Files (x86)\MSI\Command Center\DDR\MSIDDRService.exe[3004] C:\Windows\syswow64\SHELL32.dll!Shell_NotifyIconW 0000000075370179 5 bytes JMP 000000007ef21206 .text C:\Program Files (x86)\MSI\Command Center\DDR\MSIDDRService.exe[3004] C:\Windows\syswow64\WS2_32.dll!closesocket 0000000076633918 5 bytes JMP 000000007ef213c0 .text C:\Program Files (x86)\MSI\Command Center\DDR\MSIDDRService.exe[3004] C:\Windows\syswow64\WS2_32.dll!WSASocketW 0000000076633cd3 5 bytes JMP 000000007ef2139e .text C:\Program Files (x86)\MSI\Command Center\DDR\MSIDDRService.exe[3004] C:\Windows\syswow64\WS2_32.dll!socket 0000000076633eb8 5 bytes JMP 000000007ef213e2 .text C:\Program Files (x86)\MSI\Command Center\DDR\MSIDDRService.exe[3004] C:\Windows\syswow64\WS2_32.dll!WSASend 0000000076634406 5 bytes JMP 000000007ef212f4 .text C:\Program Files (x86)\MSI\Command Center\DDR\MSIDDRService.exe[3004] C:\Windows\syswow64\WS2_32.dll!GetAddrInfoW 0000000076634889 5 bytes JMP 000000007ef21338 .text C:\Program Files (x86)\MSI\Command Center\DDR\MSIDDRService.exe[3004] C:\Windows\syswow64\WS2_32.dll!recv 0000000076636826 5 bytes JMP 000000007ef21426 .text C:\Program Files (x86)\MSI\Command Center\DDR\MSIDDRService.exe[3004] C:\Windows\syswow64\WS2_32.dll!connect 00000000766368f5 5 bytes JMP 000000007ef21316 .text C:\Program Files (x86)\MSI\Command Center\DDR\MSIDDRService.exe[3004] C:\Windows\syswow64\WS2_32.dll!send 0000000076636c19 5 bytes JMP 000000007ef212d2 .text C:\Program Files (x86)\MSI\Command Center\DDR\MSIDDRService.exe[3004] C:\Windows\syswow64\WS2_32.dll!WSARecv 0000000076636da1 5 bytes JMP 000000007ef21448 .text C:\Program Files (x86)\MSI\Command Center\DDR\MSIDDRService.exe[3004] C:\Windows\syswow64\WS2_32.dll!GetAddrInfoExW 000000007663a6db 5 bytes JMP 000000007ef2135a .text C:\Program Files (x86)\MSI\Command Center\DDR\MSIDDRService.exe[3004] C:\Windows\syswow64\WS2_32.dll!WSAConnect 000000007663bcd5 5 bytes JMP 000000007ef21404 .text C:\Program Files (x86)\MSI\Command Center\DDR\MSIDDRService.exe[3004] C:\Windows\syswow64\WS2_32.dll!gethostbyname 000000007664771b 5 bytes JMP 000000007ef2137c .text C:\MSI\MSI SUITE\MSIMonitor\MSIFileSyncMonitor.exe[2416] C:\Windows\SysWOW64\ntdll.dll!NtReadFile 00000000774df900 5 bytes JMP 000000007ef20942 .text C:\MSI\MSI SUITE\MSIMonitor\MSIFileSyncMonitor.exe[2416] C:\Windows\SysWOW64\ntdll.dll!NtWriteFile 00000000774df938 5 bytes JMP 000000007ef20a74 .text C:\MSI\MSI SUITE\MSIMonitor\MSIFileSyncMonitor.exe[2416] C:\Windows\SysWOW64\ntdll.dll!NtClose 00000000774df9f0 5 bytes JMP 000000007ef20722 .text C:\MSI\MSI SUITE\MSIMonitor\MSIFileSyncMonitor.exe[2416] C:\Windows\SysWOW64\ntdll.dll!NtAllocateVirtualMemory 00000000774dfad0 5 bytes JMP 000000007ef208dc .text C:\MSI\MSI SUITE\MSIMonitor\MSIFileSyncMonitor.exe[2416] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationProcess 00000000774dfb38 5 bytes JMP 000000007ef20678 .text C:\MSI\MSI SUITE\MSIMonitor\MSIFileSyncMonitor.exe[2416] C:\Windows\SysWOW64\ntdll.dll!NtQueryInformationToken 00000000774dfbb8 5 bytes JMP 000000007ef20a0e .text C:\MSI\MSI SUITE\MSIMonitor\MSIFileSyncMonitor.exe[2416] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess 00000000774dfc30 5 bytes JMP 000000007ef20414 .text C:\MSI\MSI SUITE\MSIMonitor\MSIFileSyncMonitor.exe[2416] C:\Windows\SysWOW64\ntdll.dll!NtMapViewOfSection 00000000774dfc60 5 bytes JMP 000000007ef20018 .text C:\MSI\MSI SUITE\MSIMonitor\MSIFileSyncMonitor.exe[2416] C:\Windows\SysWOW64\ntdll.dll!NtUnmapViewOfSection 00000000774dfc90 5 bytes JMP 000000007ef2003a .text C:\MSI\MSI SUITE\MSIMonitor\MSIFileSyncMonitor.exe[2416] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 00000000774dfcc0 5 bytes JMP 000000007ef20656 .text C:\MSI\MSI SUITE\MSIMonitor\MSIFileSyncMonitor.exe[2416] C:\Windows\SysWOW64\ntdll.dll!NtOpenSection 00000000774dfdd8 5 bytes JMP 000000007ef20a52 .text C:\MSI\MSI SUITE\MSIMonitor\MSIFileSyncMonitor.exe[2416] C:\Windows\SysWOW64\ntdll.dll!NtWriteVirtualMemory 00000000774dfe24 5 bytes JMP 000000007ef203d0 .text C:\MSI\MSI SUITE\MSIMonitor\MSIFileSyncMonitor.exe[2416] C:\Windows\SysWOW64\ntdll.dll!NtDuplicateObject 00000000774dfe54 5 bytes JMP 000000007ef20458 .text C:\MSI\MSI SUITE\MSIMonitor\MSIFileSyncMonitor.exe[2416] C:\Windows\SysWOW64\ntdll.dll!NtOpenEvent 00000000774dfeb8 5 bytes JMP 000000007ef20898 .text C:\MSI\MSI SUITE\MSIMonitor\MSIFileSyncMonitor.exe[2416] C:\Windows\SysWOW64\ntdll.dll!NtAdjustPrivilegesToken 00000000774dfed0 5 bytes JMP 000000007ef20832 .text C:\MSI\MSI SUITE\MSIMonitor\MSIFileSyncMonitor.exe[2416] C:\Windows\SysWOW64\ntdll.dll!NtQueueApcThread 00000000774dff34 5 bytes JMP 000000007ef20436 .text C:\MSI\MSI SUITE\MSIMonitor\MSIFileSyncMonitor.exe[2416] C:\Windows\SysWOW64\ntdll.dll!NtCreateProcessEx 00000000774dfffc 5 bytes JMP 000000007ef2038c .text C:\MSI\MSI SUITE\MSIMonitor\MSIFileSyncMonitor.exe[2416] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread 00000000774e0014 5 bytes JMP 000000007ef20348 .text C:\MSI\MSI SUITE\MSIMonitor\MSIFileSyncMonitor.exe[2416] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory 00000000774e0048 5 bytes JMP 000000007ef208fe .text C:\MSI\MSI SUITE\MSIMonitor\MSIFileSyncMonitor.exe[2416] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile 00000000774e00c4 2 bytes JMP 000000007ef2014a .text C:\MSI\MSI SUITE\MSIMonitor\MSIFileSyncMonitor.exe[2416] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile + 3 00000000774e00c7 2 bytes [A4, 07] .text C:\MSI\MSI SUITE\MSIMonitor\MSIFileSyncMonitor.exe[2416] C:\Windows\SysWOW64\ntdll.dll!NtSetValueKey 00000000774e01d4 5 bytes JMP 000000007ef201d2 .text C:\MSI\MSI SUITE\MSIMonitor\MSIFileSyncMonitor.exe[2416] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant 00000000774e07ac 5 bytes JMP 000000007ef208ba .text C:\MSI\MSI SUITE\MSIMonitor\MSIFileSyncMonitor.exe[2416] C:\Windows\SysWOW64\ntdll.dll!NtCreateProcess 00000000774e0824 5 bytes JMP 000000007ef2036a .text C:\MSI\MSI SUITE\MSIMonitor\MSIFileSyncMonitor.exe[2416] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx 00000000774e08b4 5 bytes JMP 000000007ef20326 .text C:\MSI\MSI SUITE\MSIMonitor\MSIFileSyncMonitor.exe[2416] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver 00000000774e0e04 5 bytes JMP 000000007ef20744 .text C:\MSI\MSI SUITE\MSIMonitor\MSIFileSyncMonitor.exe[2416] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessToken 00000000774e10d0 5 bytes JMP 000000007ef209ec .text C:\MSI\MSI SUITE\MSIMonitor\MSIFileSyncMonitor.exe[2416] C:\Windows\SysWOW64\ntdll.dll!NtRaiseHardError 00000000774e1614 5 bytes JMP 000000007ef20612 .text C:\MSI\MSI SUITE\MSIMonitor\MSIFileSyncMonitor.exe[2416] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread 00000000774e1930 5 bytes JMP 000000007ef203f2 .text C:\MSI\MSI SUITE\MSIMonitor\MSIFileSyncMonitor.exe[2416] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation 00000000774e1bf4 5 bytes JMP 000000007ef20766 .text C:\MSI\MSI SUITE\MSIMonitor\MSIFileSyncMonitor.exe[2416] C:\Windows\SysWOW64\ntdll.dll!NtSuspendProcess 00000000774e1d64 5 bytes JMP 000000007ef2049c .text C:\MSI\MSI SUITE\MSIMonitor\MSIFileSyncMonitor.exe[2416] C:\Windows\SysWOW64\ntdll.dll!NtSuspendThread 00000000774e1d80 5 bytes JMP 000000007ef2047a .text C:\MSI\MSI SUITE\MSIMonitor\MSIFileSyncMonitor.exe[2416] C:\Windows\SysWOW64\ntdll.dll!NtSystemDebugControl 00000000774e1d9c 5 bytes JMP 000000007ef20a96 .text C:\MSI\MSI SUITE\MSIMonitor\MSIFileSyncMonitor.exe[2416] C:\Windows\SysWOW64\ntdll.dll!RtlQueryPerformanceCounter 00000000774f2954 5 bytes JMP 000000007ef200e4 .text C:\MSI\MSI SUITE\MSIMonitor\MSIFileSyncMonitor.exe[2416] C:\Windows\SysWOW64\ntdll.dll!RtlEqualSid 00000000774f8ee1 5 bytes JMP 000000007ef20a30 .text C:\MSI\MSI SUITE\MSIMonitor\MSIFileSyncMonitor.exe[2416] C:\Windows\SysWOW64\ntdll.dll!RtlCreateProcessParametersEx 000000007752005b 5 bytes JMP 000000007ef2018e .text C:\MSI\MSI SUITE\MSIMonitor\MSIFileSyncMonitor.exe[2416] C:\Windows\SysWOW64\ntdll.dll!RtlReportException 0000000077568757 5 bytes JMP 000000007ef20634 .text C:\MSI\MSI SUITE\MSIMonitor\MSIFileSyncMonitor.exe[2416] C:\Windows\SysWOW64\ntdll.dll!RtlCreateProcessParameters 000000007756e9f7 5 bytes JMP 000000007ef2016c .text C:\MSI\MSI SUITE\MSIMonitor\MSIFileSyncMonitor.exe[2416] C:\Windows\syswow64\KERNEL32.dll!GetStartupInfoA 0000000076310e00 5 bytes JMP 000000007ef20106 .text C:\MSI\MSI SUITE\MSIMonitor\MSIFileSyncMonitor.exe[2416] C:\Windows\syswow64\KERNEL32.dll!CreateProcessA 0000000076311072 5 bytes JMP 000000007ef202e2 .text C:\MSI\MSI SUITE\MSIMonitor\MSIFileSyncMonitor.exe[2416] C:\Windows\syswow64\KERNEL32.dll!LoadLibraryA 0000000076314977 5 bytes JMP 000000007ef2025a .text C:\MSI\MSI SUITE\MSIMonitor\MSIFileSyncMonitor.exe[2416] C:\Windows\syswow64\KERNEL32.dll!CreateProcessInternalW 0000000076323bbb 5 bytes JMP 000000007ef203ae .text C:\MSI\MSI SUITE\MSIMonitor\MSIFileSyncMonitor.exe[2416] C:\Windows\syswow64\KERNEL32.dll!MoveFileWithProgressW 0000000076329abc 5 bytes JMP 000000007ef20810 .text C:\MSI\MSI SUITE\MSIMonitor\MSIFileSyncMonitor.exe[2416] C:\Windows\syswow64\KERNEL32.dll!MoveFileExW 0000000076329b1d 5 bytes JMP 000000007ef207cc .text C:\MSI\MSI SUITE\MSIMonitor\MSIFileSyncMonitor.exe[2416] C:\Windows\syswow64\KERNEL32.dll!CreateToolhelp32Snapshot 000000007633733f 5 bytes JMP 000000007ef2027c .text C:\MSI\MSI SUITE\MSIMonitor\MSIFileSyncMonitor.exe[2416] C:\Windows\syswow64\KERNEL32.dll!Process32NextW 00000000763388f2 5 bytes JMP 000000007ef20700 .text C:\MSI\MSI SUITE\MSIMonitor\MSIFileSyncMonitor.exe[2416] C:\Windows\syswow64\KERNEL32.dll!MoveFileExA 000000007633ccf1 5 bytes JMP 000000007ef207aa .text C:\MSI\MSI SUITE\MSIMonitor\MSIFileSyncMonitor.exe[2416] C:\Windows\syswow64\KERNEL32.dll!MoveFileWithProgressA 000000007633cd11 5 bytes JMP 000000007ef207ee .text C:\MSI\MSI SUITE\MSIMonitor\MSIFileSyncMonitor.exe[2416] C:\Windows\syswow64\KERNEL32.dll!WinExec 0000000076393231 5 bytes JMP 000000007ef202c0 .text C:\MSI\MSI SUITE\MSIMonitor\MSIFileSyncMonitor.exe[2416] C:\Windows\syswow64\KERNEL32.dll!ReadConsoleInputA 00000000763b773b 5 bytes JMP 000000007ef2058a .text C:\MSI\MSI SUITE\MSIMonitor\MSIFileSyncMonitor.exe[2416] C:\Windows\syswow64\KERNEL32.dll!ReadConsoleInputW 00000000763b775e 5 bytes JMP 000000007ef205ac .text C:\MSI\MSI SUITE\MSIMonitor\MSIFileSyncMonitor.exe[2416] C:\Windows\syswow64\KERNEL32.dll!ReadConsoleA 00000000763b7b09 5 bytes JMP 000000007ef205ce .text C:\MSI\MSI SUITE\MSIMonitor\MSIFileSyncMonitor.exe[2416] C:\Windows\syswow64\KERNEL32.dll!ReadConsoleW 00000000763b7b82 5 bytes JMP 000000007ef205f0 .text C:\MSI\MSI SUITE\MSIMonitor\MSIFileSyncMonitor.exe[2416] C:\Windows\syswow64\KERNELBASE.dll!GetSystemTimeAsFileTime 0000000077078fa5 5 bytes JMP 000000007ef200c2 .text C:\MSI\MSI SUITE\MSIMonitor\MSIFileSyncMonitor.exe[2416] C:\Windows\syswow64\KERNELBASE.dll!CloseHandle 000000007707c558 5 bytes JMP 000000007ef20568 .text C:\MSI\MSI SUITE\MSIMonitor\MSIFileSyncMonitor.exe[2416] C:\Windows\syswow64\KERNELBASE.dll!WriteProcessMemory 000000007707edc6 5 bytes JMP 000000007ef20502 .text C:\MSI\MSI SUITE\MSIMonitor\MSIFileSyncMonitor.exe[2416] C:\Windows\syswow64\KERNELBASE.dll!ExitProcess 000000007707f329 5 bytes JMP 000000007ef201f4 .text C:\MSI\MSI SUITE\MSIMonitor\MSIFileSyncMonitor.exe[2416] C:\Windows\syswow64\KERNELBASE.dll!GetStartupInfoW 000000007707fbac 5 bytes JMP 000000007ef20128 .text C:\MSI\MSI SUITE\MSIMonitor\MSIFileSyncMonitor.exe[2416] C:\Windows\syswow64\KERNELBASE.dll!DefineDosDeviceW 000000007707fcda 5 bytes JMP 000000007ef20788 .text C:\MSI\MSI SUITE\MSIMonitor\MSIFileSyncMonitor.exe[2416] C:\Windows\syswow64\KERNELBASE.dll!CreateMutexW 000000007708147b 5 bytes JMP 000000007ef20546 .text C:\MSI\MSI SUITE\MSIMonitor\MSIFileSyncMonitor.exe[2416] C:\Windows\syswow64\KERNELBASE.dll!OpenMutexW 00000000770814a2 5 bytes JMP 000000007ef20524 .text C:\MSI\MSI SUITE\MSIMonitor\MSIFileSyncMonitor.exe[2416] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000077081e4c 5 bytes JMP 000000007ef200a0 .text C:\MSI\MSI SUITE\MSIMonitor\MSIFileSyncMonitor.exe[2416] C:\Windows\syswow64\KERNELBASE.dll!GetProcAddress 0000000077081f38 5 bytes JMP 000000007ef20238 .text C:\MSI\MSI SUITE\MSIMonitor\MSIFileSyncMonitor.exe[2416] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000077082bdc 5 bytes JMP 000000007ef206bc .text C:\MSI\MSI SUITE\MSIMonitor\MSIFileSyncMonitor.exe[2416] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExA 0000000077082e40 5 bytes JMP 000000007ef2069a .text C:\MSI\MSI SUITE\MSIMonitor\MSIFileSyncMonitor.exe[2416] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000077082e7e 5 bytes JMP 000000007ef206de .text C:\MSI\MSI SUITE\MSIMonitor\MSIFileSyncMonitor.exe[2416] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleA 0000000077082fe1 5 bytes JMP 000000007ef2007e .text C:\MSI\MSI SUITE\MSIMonitor\MSIFileSyncMonitor.exe[2416] C:\Windows\syswow64\KERNELBASE.dll!OpenThread 000000007708396a 5 bytes JMP 000000007ef204be .text C:\MSI\MSI SUITE\MSIMonitor\MSIFileSyncMonitor.exe[2416] C:\Windows\syswow64\KERNELBASE.dll!SleepEx 0000000077083cd7 5 bytes JMP 000000007ef201b0 .text C:\MSI\MSI SUITE\MSIMonitor\MSIFileSyncMonitor.exe[2416] C:\Windows\syswow64\KERNELBASE.dll!CreateRemoteThreadEx 0000000077083fdf 5 bytes JMP 000000007ef20920 .text C:\MSI\MSI SUITE\MSIMonitor\MSIFileSyncMonitor.exe[2416] C:\Windows\syswow64\KERNELBASE.dll!Sleep 00000000770845fd 5 bytes JMP 000000007ef20216 .text C:\MSI\MSI SUITE\MSIMonitor\MSIFileSyncMonitor.exe[2416] C:\Windows\syswow64\KERNELBASE.dll!CreateThread 000000007708476f 5 bytes JMP 000000007ef204e0 .text C:\MSI\MSI SUITE\MSIMonitor\MSIFileSyncMonitor.exe[2416] C:\Windows\syswow64\KERNELBASE.dll!CreateRemoteThread 0000000077084798 5 bytes JMP 000000007ef20304 .text C:\MSI\MSI SUITE\MSIMonitor\MSIFileSyncMonitor.exe[2416] C:\Windows\syswow64\KERNELBASE.dll!DeleteFileW 0000000077089dcf 5 bytes JMP 000000007ef20854 .text C:\MSI\MSI SUITE\MSIMonitor\MSIFileSyncMonitor.exe[2416] C:\Windows\syswow64\KERNELBASE.dll!DeleteFileA 000000007708a11c 5 bytes JMP 000000007ef20876 .text C:\MSI\MSI SUITE\MSIMonitor\MSIFileSyncMonitor.exe[2416] C:\Windows\syswow64\KERNELBASE.dll!FindNextFileW 000000007708a37a 5 bytes JMP 000000007ef20986 .text C:\MSI\MSI SUITE\MSIMonitor\MSIFileSyncMonitor.exe[2416] C:\Windows\syswow64\KERNELBASE.dll!FindClose 000000007708a589 5 bytes JMP 000000007ef209a8 .text C:\MSI\MSI SUITE\MSIMonitor\MSIFileSyncMonitor.exe[2416] C:\Windows\syswow64\KERNELBASE.dll!FindFirstFileExW 000000007708a663 5 bytes JMP 000000007ef20964 .text C:\MSI\MSI SUITE\MSIMonitor\MSIFileSyncMonitor.exe[2416] C:\Windows\syswow64\KERNELBASE.dll!CreateFileA 000000007708c8a8 5 bytes JMP 000000007ef2029e .text C:\MSI\MSI SUITE\MSIMonitor\MSIFileSyncMonitor.exe[2416] C:\Windows\syswow64\KERNELBASE.dll!CreateWellKnownSid 000000007708e414 5 bytes JMP 000000007ef209ca .text C:\MSI\MSI SUITE\MSIMonitor\MSIFileSyncMonitor.exe[2416] C:\Windows\syswow64\ADVAPI32.dll!CryptGenKey 0000000076c28e69 5 bytes JMP 000000007ef20cfa .text C:\MSI\MSI SUITE\MSIMonitor\MSIFileSyncMonitor.exe[2416] C:\Windows\syswow64\ADVAPI32.dll!CryptAcquireContextA 0000000076c29159 5 bytes JMP 000000007ef20cb6 .text C:\MSI\MSI SUITE\MSIMonitor\MSIFileSyncMonitor.exe[2416] C:\Windows\syswow64\ADVAPI32.dll!CryptExportKey 0000000076c29166 5 bytes JMP 000000007ef20d60 .text C:\MSI\MSI SUITE\MSIMonitor\MSIFileSyncMonitor.exe[2416] C:\Windows\syswow64\ADVAPI32.dll!CryptImportKey 0000000076c2c4b2 5 bytes JMP 000000007ef20dc6 .text C:\MSI\MSI SUITE\MSIMonitor\MSIFileSyncMonitor.exe[2416] C:\Windows\syswow64\ADVAPI32.dll!OpenServiceW 0000000076c2c9cc 5 bytes JMP 000000007ef20b62 .text C:\MSI\MSI SUITE\MSIMonitor\MSIFileSyncMonitor.exe[2416] C:\Windows\syswow64\ADVAPI32.dll!CryptAcquireContextW 0000000076c2de94 5 bytes JMP 000000007ef20cd8 .text C:\MSI\MSI SUITE\MSIMonitor\MSIFileSyncMonitor.exe[2416] C:\Windows\syswow64\ADVAPI32.dll!CryptHashData 0000000076c2deb6 5 bytes JMP 000000007ef20da4 .text C:\MSI\MSI SUITE\MSIMonitor\MSIFileSyncMonitor.exe[2416] C:\Windows\syswow64\ADVAPI32.dll!CryptCreateHash 0000000076c2dece 5 bytes JMP 000000007ef20d3e .text C:\MSI\MSI SUITE\MSIMonitor\MSIFileSyncMonitor.exe[2416] C:\Windows\syswow64\ADVAPI32.dll!CryptGetHashParam 0000000076c2defe 5 bytes JMP 000000007ef20d82 .text C:\MSI\MSI SUITE\MSIMonitor\MSIFileSyncMonitor.exe[2416] C:\Windows\syswow64\ADVAPI32.dll!OpenServiceA 0000000076c32b38 5 bytes JMP 000000007ef20b40 .text C:\MSI\MSI SUITE\MSIMonitor\MSIFileSyncMonitor.exe[2416] C:\Windows\syswow64\ADVAPI32.dll!CloseServiceHandle 0000000076c335e4 5 bytes JMP 000000007ef20c50 .text C:\MSI\MSI SUITE\MSIMonitor\MSIFileSyncMonitor.exe[2416] C:\Windows\syswow64\ADVAPI32.dll!RegOpenKeyExA + 222 0000000076c34939 5 bytes JMP 000000007ef20ab8 .text C:\MSI\MSI SUITE\MSIMonitor\MSIFileSyncMonitor.exe[2416] C:\Windows\syswow64\ADVAPI32.dll!CreateServiceW 0000000076c470a4 5 bytes JMP 000000007ef20c94 .text C:\MSI\MSI SUITE\MSIMonitor\MSIFileSyncMonitor.exe[2416] C:\Windows\syswow64\ADVAPI32.dll!ControlService 0000000076c470bc 5 bytes JMP 000000007ef20bc8 .text C:\MSI\MSI SUITE\MSIMonitor\MSIFileSyncMonitor.exe[2416] C:\Windows\syswow64\ADVAPI32.dll!DeleteService 0000000076c470d4 5 bytes JMP 000000007ef20bea .text C:\MSI\MSI SUITE\MSIMonitor\MSIFileSyncMonitor.exe[2416] C:\Windows\syswow64\ADVAPI32.dll!CryptEncrypt 0000000076c4771b 5 bytes JMP 000000007ef20d1c .text C:\MSI\MSI SUITE\MSIMonitor\MSIFileSyncMonitor.exe[2416] C:\Windows\syswow64\ADVAPI32.dll!ChangeServiceConfigA 0000000076c633a4 5 bytes JMP 000000007ef20c0c .text C:\MSI\MSI SUITE\MSIMonitor\MSIFileSyncMonitor.exe[2416] C:\Windows\syswow64\ADVAPI32.dll!ChangeServiceConfigW 0000000076c633b4 5 bytes JMP 000000007ef20c2e .text C:\MSI\MSI SUITE\MSIMonitor\MSIFileSyncMonitor.exe[2416] C:\Windows\syswow64\ADVAPI32.dll!ControlServiceExA 0000000076c633c4 5 bytes JMP 000000007ef20b84 .text C:\MSI\MSI SUITE\MSIMonitor\MSIFileSyncMonitor.exe[2416] C:\Windows\syswow64\ADVAPI32.dll!ControlServiceExW 0000000076c633d4 5 bytes JMP 000000007ef20ba6 .text C:\MSI\MSI SUITE\MSIMonitor\MSIFileSyncMonitor.exe[2416] C:\Windows\syswow64\ADVAPI32.dll!CreateServiceA 0000000076c63414 5 bytes JMP 000000007ef20c72 .text C:\MSI\MSI SUITE\MSIMonitor\MSIFileSyncMonitor.exe[2416] C:\Windows\syswow64\msvcrt.dll!_lock + 41 000000007652a472 5 bytes JMP 000000007ef20ada .text C:\MSI\MSI SUITE\MSIMonitor\MSIFileSyncMonitor.exe[2416] C:\Windows\syswow64\msvcrt.dll!__p__fmode 00000000765327ce 5 bytes JMP 000000007ef20b1e .text C:\MSI\MSI SUITE\MSIMonitor\MSIFileSyncMonitor.exe[2416] C:\Windows\syswow64\msvcrt.dll!__p__environ 000000007653e6cf 5 bytes JMP 000000007ef20afc .text C:\MSI\MSI SUITE\MSIMonitor\MSIFileSyncMonitor.exe[2416] C:\Windows\syswow64\GDI32.dll!TranslateCharsetInfo + 505 0000000076d1633b 5 bytes JMP 000000007ef20de8 .text C:\MSI\MSI SUITE\MSIMonitor\MSIFileSyncMonitor.exe[2416] C:\Windows\syswow64\GDI32.dll!SetBrushAttributes 0000000076d385fd 5 bytes JMP 000000007ef211e4 .text C:\MSI\MSI SUITE\MSIMonitor\MSIFileSyncMonitor.exe[2416] C:\Windows\syswow64\GDI32.dll!ClearBrushAttributes 0000000076d3861c 5 bytes JMP 000000007ef21206 .text C:\MSI\MSI SUITE\MSIMonitor\MSIFileSyncMonitor.exe[2416] C:\Windows\syswow64\GDI32.dll!NamedEscape 0000000076d4421d 5 bytes JMP 000000007ef21228 .text C:\MSI\MSI SUITE\MSIMonitor\MSIFileSyncMonitor.exe[2416] C:\Windows\syswow64\USER32.dll!GetWindowLongW 0000000076ef6ffe 5 bytes JMP 000000007ef2113a .text C:\MSI\MSI SUITE\MSIMonitor\MSIFileSyncMonitor.exe[2416] C:\Windows\syswow64\USER32.dll!GetMessageW 0000000076ef78e2 5 bytes JMP 000000007ef20eb4 .text C:\MSI\MSI SUITE\MSIMonitor\MSIFileSyncMonitor.exe[2416] C:\Windows\syswow64\USER32.dll!GetMessageA 0000000076ef7bd3 5 bytes JMP 000000007ef20e92 .text C:\MSI\MSI SUITE\MSIMonitor\MSIFileSyncMonitor.exe[2416] C:\Windows\syswow64\USER32.dll!SetWindowLongW 0000000076ef8332 5 bytes JMP 000000007ef2117e .text C:\MSI\MSI SUITE\MSIMonitor\MSIFileSyncMonitor.exe[2416] C:\Windows\syswow64\USER32.dll!CreateWindowExW 0000000076ef8a29 5 bytes JMP 000000007ef20f5e .text C:\MSI\MSI SUITE\MSIMonitor\MSIFileSyncMonitor.exe[2416] C:\Windows\syswow64\USER32.dll!FindWindowW 0000000076ef98fd 5 bytes JMP 000000007ef210d4 .text C:\MSI\MSI SUITE\MSIMonitor\MSIFileSyncMonitor.exe[2416] C:\Windows\syswow64\USER32.dll!UserClientDllInitialize 0000000076efb6fa 5 bytes JMP 000000007ef20e0a .text C:\MSI\MSI SUITE\MSIMonitor\MSIFileSyncMonitor.exe[2416] C:\Windows\syswow64\USER32.dll!GetWindowLongA 0000000076efd166 5 bytes JMP 000000007ef21118 .text C:\MSI\MSI SUITE\MSIMonitor\MSIFileSyncMonitor.exe[2416] C:\Windows\syswow64\USER32.dll!CreateWindowExA 0000000076efd23e 5 bytes JMP 000000007ef20f80 .text C:\MSI\MSI SUITE\MSIMonitor\MSIFileSyncMonitor.exe[2416] C:\Windows\syswow64\USER32.dll!SetWinEventHook 0000000076efee21 5 bytes JMP 000000007ef20e70 .text C:\MSI\MSI SUITE\MSIMonitor\MSIFileSyncMonitor.exe[2416] C:\Windows\syswow64\USER32.dll!FindWindowA 0000000076effffe 5 bytes JMP 000000007ef21090 .text C:\MSI\MSI SUITE\MSIMonitor\MSIFileSyncMonitor.exe[2416] C:\Windows\syswow64\USER32.dll!FindWindowExA 0000000076f000f1 5 bytes JMP 000000007ef210b2 .text C:\MSI\MSI SUITE\MSIMonitor\MSIFileSyncMonitor.exe[2416] C:\Windows\syswow64\USER32.dll!PeekMessageW 0000000076f005d2 5 bytes JMP 000000007ef20ef8 .text C:\MSI\MSI SUITE\MSIMonitor\MSIFileSyncMonitor.exe[2416] C:\Windows\syswow64\USER32.dll!ShowWindow 0000000076f00e13 5 bytes JMP 000000007ef20fa2 .text C:\MSI\MSI SUITE\MSIMonitor\MSIFileSyncMonitor.exe[2416] C:\Windows\syswow64\USER32.dll!SetWindowTextW 0000000076f01f14 5 bytes JMP 000000007ef2106e .text C:\MSI\MSI SUITE\MSIMonitor\MSIFileSyncMonitor.exe[2416] C:\Windows\syswow64\USER32.dll!UnhookWindowsHookEx 0000000076f0392d 5 bytes JMP 000000007ef20f3c .text C:\MSI\MSI SUITE\MSIMonitor\MSIFileSyncMonitor.exe[2416] C:\Windows\syswow64\USER32.dll!FindWindowExW 0000000076f0398a 5 bytes JMP 000000007ef210f6 .text C:\MSI\MSI SUITE\MSIMonitor\MSIFileSyncMonitor.exe[2416] C:\Windows\syswow64\USER32.dll!PeekMessageA 0000000076f07044 5 bytes JMP 000000007ef20ed6 .text C:\MSI\MSI SUITE\MSIMonitor\MSIFileSyncMonitor.exe[2416] C:\Windows\syswow64\USER32.dll!SetWindowLongA 0000000076f071e0 5 bytes JMP 000000007ef2115c .text C:\MSI\MSI SUITE\MSIMonitor\MSIFileSyncMonitor.exe[2416] C:\Windows\syswow64\USER32.dll!CallNextHookEx 0000000076f07355 5 bytes JMP 000000007ef20f1a .text C:\MSI\MSI SUITE\MSIMonitor\MSIFileSyncMonitor.exe[2416] C:\Windows\syswow64\USER32.dll!SetWindowsHookExW 0000000076f081f5 5 bytes JMP 000000007ef20e4e .text C:\MSI\MSI SUITE\MSIMonitor\MSIFileSyncMonitor.exe[2416] C:\Windows\syswow64\USER32.dll!SendNotifyMessageW 0000000076f0825a 5 bytes JMP 000000007ef211c2 .text C:\MSI\MSI SUITE\MSIMonitor\MSIFileSyncMonitor.exe[2416] C:\Windows\syswow64\USER32.dll!SetWindowTextA 0000000076f086de 5 bytes JMP 000000007ef2104c .text C:\MSI\MSI SUITE\MSIMonitor\MSIFileSyncMonitor.exe[2416] C:\Windows\syswow64\USER32.dll!SetWindowsHookExA 0000000076f08f4c 5 bytes JMP 000000007ef20e2c .text C:\MSI\MSI SUITE\MSIMonitor\MSIFileSyncMonitor.exe[2416] C:\Windows\syswow64\USER32.dll!DialogBoxIndirectParamAorW 0000000076f1d954 5 bytes JMP 000000007ef20fe6 .text C:\MSI\MSI SUITE\MSIMonitor\MSIFileSyncMonitor.exe[2416] C:\Windows\syswow64\USER32.dll!CreateDialogIndirectParamAorW 0000000076f21080 5 bytes JMP 000000007ef20fc4 .text C:\MSI\MSI SUITE\MSIMonitor\MSIFileSyncMonitor.exe[2416] C:\Windows\syswow64\USER32.dll!MessageBoxExA 0000000076f4fd66 5 bytes JMP 000000007ef21008 .text C:\MSI\MSI SUITE\MSIMonitor\MSIFileSyncMonitor.exe[2416] C:\Windows\syswow64\USER32.dll!MessageBoxExW 0000000076f4fd8a 5 bytes JMP 000000007ef2102a .text C:\MSI\MSI SUITE\MSIMonitor\MSIFileSyncMonitor.exe[2416] C:\Windows\syswow64\USER32.dll!SendNotifyMessageA 0000000076f56df5 5 bytes JMP 000000007ef211a0 .text C:\MSI\MSI SUITE\MSIMonitor\MSIFileSyncMonitor.exe[2416] C:\Windows\syswow64\shell32.dll!Shell_NotifyIconW 0000000075370179 5 bytes JMP 000000007ef2126c .text C:\MSI\MSIRegister\MSIRegisterService.exe[2804] C:\Windows\SysWOW64\ntdll.dll!NtReadFile 00000000774df900 5 bytes JMP 000000007ef20920 .text C:\MSI\MSIRegister\MSIRegisterService.exe[2804] C:\Windows\SysWOW64\ntdll.dll!NtWriteFile 00000000774df938 5 bytes JMP 000000007ef20a52 .text C:\MSI\MSIRegister\MSIRegisterService.exe[2804] C:\Windows\SysWOW64\ntdll.dll!NtClose 00000000774df9f0 5 bytes JMP 000000007ef20700 .text C:\MSI\MSIRegister\MSIRegisterService.exe[2804] C:\Windows\SysWOW64\ntdll.dll!NtAllocateVirtualMemory 00000000774dfad0 5 bytes JMP 000000007ef208ba .text C:\MSI\MSIRegister\MSIRegisterService.exe[2804] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationProcess 00000000774dfb38 1 byte JMP 000000007ef20656 .text C:\MSI\MSIRegister\MSIRegisterService.exe[2804] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationProcess + 2 00000000774dfb3a 3 bytes {JMP 0x7a40b1e} .text C:\MSI\MSIRegister\MSIRegisterService.exe[2804] C:\Windows\SysWOW64\ntdll.dll!NtQueryInformationToken 00000000774dfbb8 5 bytes JMP 000000007ef209ec .text C:\MSI\MSIRegister\MSIRegisterService.exe[2804] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess 00000000774dfc30 5 bytes JMP 000000007ef203f2 .text C:\MSI\MSIRegister\MSIRegisterService.exe[2804] C:\Windows\SysWOW64\ntdll.dll!NtMapViewOfSection 00000000774dfc60 5 bytes JMP 000000007ef20018 .text C:\MSI\MSIRegister\MSIRegisterService.exe[2804] C:\Windows\SysWOW64\ntdll.dll!NtUnmapViewOfSection 00000000774dfc90 5 bytes JMP 000000007ef2003a .text C:\MSI\MSIRegister\MSIRegisterService.exe[2804] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 00000000774dfcc0 5 bytes JMP 000000007ef20634 .text C:\MSI\MSIRegister\MSIRegisterService.exe[2804] C:\Windows\SysWOW64\ntdll.dll!NtOpenSection 00000000774dfdd8 5 bytes JMP 000000007ef20a30 .text C:\MSI\MSIRegister\MSIRegisterService.exe[2804] C:\Windows\SysWOW64\ntdll.dll!NtWriteVirtualMemory 00000000774dfe24 5 bytes JMP 000000007ef203ae .text C:\MSI\MSIRegister\MSIRegisterService.exe[2804] C:\Windows\SysWOW64\ntdll.dll!NtDuplicateObject 00000000774dfe54 5 bytes JMP 000000007ef20436 .text C:\MSI\MSIRegister\MSIRegisterService.exe[2804] C:\Windows\SysWOW64\ntdll.dll!NtOpenEvent 00000000774dfeb8 5 bytes JMP 000000007ef20876 .text C:\MSI\MSIRegister\MSIRegisterService.exe[2804] C:\Windows\SysWOW64\ntdll.dll!NtAdjustPrivilegesToken 00000000774dfed0 5 bytes JMP 000000007ef20810 .text C:\MSI\MSIRegister\MSIRegisterService.exe[2804] C:\Windows\SysWOW64\ntdll.dll!NtQueueApcThread 00000000774dff34 5 bytes JMP 000000007ef20414 .text C:\MSI\MSIRegister\MSIRegisterService.exe[2804] C:\Windows\SysWOW64\ntdll.dll!NtCreateProcessEx 00000000774dfffc 5 bytes JMP 000000007ef2036a .text C:\MSI\MSIRegister\MSIRegisterService.exe[2804] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread 00000000774e0014 5 bytes JMP 000000007ef20326 .text C:\MSI\MSIRegister\MSIRegisterService.exe[2804] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory 00000000774e0048 5 bytes JMP 000000007ef208dc .text C:\MSI\MSIRegister\MSIRegisterService.exe[2804] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile 00000000774e00c4 2 bytes JMP 000000007ef20128 .text C:\MSI\MSIRegister\MSIRegisterService.exe[2804] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile + 3 00000000774e00c7 2 bytes [A4, 07] .text C:\MSI\MSIRegister\MSIRegisterService.exe[2804] C:\Windows\SysWOW64\ntdll.dll!NtSetValueKey 00000000774e01d4 5 bytes JMP 000000007ef201b0 .text C:\MSI\MSIRegister\MSIRegisterService.exe[2804] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant 00000000774e07ac 2 bytes JMP 000000007ef20898 .text C:\MSI\MSIRegister\MSIRegisterService.exe[2804] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant + 3 00000000774e07af 2 bytes [A4, 07] .text C:\MSI\MSIRegister\MSIRegisterService.exe[2804] C:\Windows\SysWOW64\ntdll.dll!NtCreateProcess 00000000774e0824 5 bytes JMP 000000007ef20348 .text C:\MSI\MSIRegister\MSIRegisterService.exe[2804] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx 00000000774e08b4 5 bytes JMP 000000007ef20304 .text C:\MSI\MSIRegister\MSIRegisterService.exe[2804] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver 00000000774e0e04 5 bytes JMP 000000007ef20722 .text C:\MSI\MSIRegister\MSIRegisterService.exe[2804] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessToken 00000000774e10d0 5 bytes JMP 000000007ef209ca .text C:\MSI\MSIRegister\MSIRegisterService.exe[2804] C:\Windows\SysWOW64\ntdll.dll!NtRaiseHardError 00000000774e1614 5 bytes JMP 000000007ef205f0 .text C:\MSI\MSIRegister\MSIRegisterService.exe[2804] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread 00000000774e1930 5 bytes JMP 000000007ef203d0 .text C:\MSI\MSIRegister\MSIRegisterService.exe[2804] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation 00000000774e1bf4 5 bytes JMP 000000007ef20744 .text C:\MSI\MSIRegister\MSIRegisterService.exe[2804] C:\Windows\SysWOW64\ntdll.dll!NtSuspendProcess 00000000774e1d64 5 bytes JMP 000000007ef2047a .text C:\MSI\MSIRegister\MSIRegisterService.exe[2804] C:\Windows\SysWOW64\ntdll.dll!NtSuspendThread 00000000774e1d80 5 bytes JMP 000000007ef20458 .text C:\MSI\MSIRegister\MSIRegisterService.exe[2804] C:\Windows\SysWOW64\ntdll.dll!NtSystemDebugControl 00000000774e1d9c 5 bytes JMP 000000007ef20a74 .text C:\MSI\MSIRegister\MSIRegisterService.exe[2804] C:\Windows\SysWOW64\ntdll.dll!RtlQueryPerformanceCounter 00000000774f2954 5 bytes JMP 000000007ef200c2 .text C:\MSI\MSIRegister\MSIRegisterService.exe[2804] C:\Windows\SysWOW64\ntdll.dll!RtlEqualSid 00000000774f8ee1 5 bytes JMP 000000007ef20a0e .text C:\MSI\MSIRegister\MSIRegisterService.exe[2804] C:\Windows\SysWOW64\ntdll.dll!RtlCreateProcessParametersEx 000000007752005b 5 bytes JMP 000000007ef2016c .text C:\MSI\MSIRegister\MSIRegisterService.exe[2804] C:\Windows\SysWOW64\ntdll.dll!RtlReportException 0000000077568757 5 bytes JMP 000000007ef20612 .text C:\MSI\MSIRegister\MSIRegisterService.exe[2804] C:\Windows\SysWOW64\ntdll.dll!RtlCreateProcessParameters 000000007756e9f7 5 bytes JMP 000000007ef2014a .text C:\MSI\MSIRegister\MSIRegisterService.exe[2804] C:\Windows\syswow64\kernel32.dll!GetStartupInfoA 0000000076310e00 5 bytes JMP 000000007ef200e4 .text C:\MSI\MSIRegister\MSIRegisterService.exe[2804] C:\Windows\syswow64\kernel32.dll!CreateProcessA 0000000076311072 5 bytes JMP 000000007ef202c0 .text C:\MSI\MSIRegister\MSIRegisterService.exe[2804] C:\Windows\syswow64\kernel32.dll!LoadLibraryA 0000000076314977 5 bytes JMP 000000007ef20238 .text C:\MSI\MSIRegister\MSIRegisterService.exe[2804] C:\Windows\syswow64\kernel32.dll!CreateProcessInternalW 0000000076323bbb 5 bytes JMP 000000007ef2038c .text C:\MSI\MSIRegister\MSIRegisterService.exe[2804] C:\Windows\syswow64\kernel32.dll!MoveFileWithProgressW 0000000076329abc 5 bytes JMP 000000007ef207ee .text C:\MSI\MSIRegister\MSIRegisterService.exe[2804] C:\Windows\syswow64\kernel32.dll!MoveFileExW 0000000076329b1d 5 bytes JMP 000000007ef207aa .text C:\MSI\MSIRegister\MSIRegisterService.exe[2804] C:\Windows\syswow64\kernel32.dll!CreateToolhelp32Snapshot 000000007633733f 5 bytes JMP 000000007ef2025a .text C:\MSI\MSIRegister\MSIRegisterService.exe[2804] C:\Windows\syswow64\kernel32.dll!Process32NextW 00000000763388f2 5 bytes JMP 000000007ef206de .text C:\MSI\MSIRegister\MSIRegisterService.exe[2804] C:\Windows\syswow64\kernel32.dll!MoveFileExA 000000007633ccf1 5 bytes JMP 000000007ef20788 .text C:\MSI\MSIRegister\MSIRegisterService.exe[2804] C:\Windows\syswow64\kernel32.dll!MoveFileWithProgressA 000000007633cd11 5 bytes JMP 000000007ef207cc .text C:\MSI\MSIRegister\MSIRegisterService.exe[2804] C:\Windows\syswow64\kernel32.dll!WinExec 0000000076393231 5 bytes JMP 000000007ef2029e .text C:\MSI\MSIRegister\MSIRegisterService.exe[2804] C:\Windows\syswow64\kernel32.dll!ReadConsoleInputA 00000000763b773b 5 bytes JMP 000000007ef20568 .text C:\MSI\MSIRegister\MSIRegisterService.exe[2804] C:\Windows\syswow64\kernel32.dll!ReadConsoleInputW 00000000763b775e 5 bytes JMP 000000007ef2058a .text C:\MSI\MSIRegister\MSIRegisterService.exe[2804] C:\Windows\syswow64\kernel32.dll!ReadConsoleA 00000000763b7b09 5 bytes JMP 000000007ef205ac .text C:\MSI\MSIRegister\MSIRegisterService.exe[2804] C:\Windows\syswow64\kernel32.dll!ReadConsoleW 00000000763b7b82 5 bytes JMP 000000007ef205ce .text C:\MSI\MSIRegister\MSIRegisterService.exe[2804] C:\Windows\syswow64\KERNELBASE.dll!GetSystemTimeAsFileTime 0000000077078fa5 5 bytes JMP 000000007ef200a0 .text C:\MSI\MSIRegister\MSIRegisterService.exe[2804] C:\Windows\syswow64\KERNELBASE.dll!CloseHandle 000000007707c558 5 bytes JMP 000000007ef20546 .text C:\MSI\MSIRegister\MSIRegisterService.exe[2804] C:\Windows\syswow64\KERNELBASE.dll!WriteProcessMemory 000000007707edc6 5 bytes JMP 000000007ef204e0 .text C:\MSI\MSIRegister\MSIRegisterService.exe[2804] C:\Windows\syswow64\KERNELBASE.dll!ExitProcess 000000007707f329 5 bytes JMP 000000007ef201d2 .text C:\MSI\MSIRegister\MSIRegisterService.exe[2804] C:\Windows\syswow64\KERNELBASE.dll!GetStartupInfoW 000000007707fbac 5 bytes JMP 000000007ef20106 .text C:\MSI\MSIRegister\MSIRegisterService.exe[2804] C:\Windows\syswow64\KERNELBASE.dll!DefineDosDeviceW 000000007707fcda 5 bytes JMP 000000007ef20766 .text C:\MSI\MSIRegister\MSIRegisterService.exe[2804] C:\Windows\syswow64\KERNELBASE.dll!CreateMutexW 000000007708147b 5 bytes JMP 000000007ef20524 .text C:\MSI\MSIRegister\MSIRegisterService.exe[2804] C:\Windows\syswow64\KERNELBASE.dll!OpenMutexW 00000000770814a2 5 bytes JMP 000000007ef20502 .text C:\MSI\MSIRegister\MSIRegisterService.exe[2804] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000077081e4c 5 bytes JMP 000000007ef2007e .text C:\MSI\MSIRegister\MSIRegisterService.exe[2804] C:\Windows\syswow64\KERNELBASE.dll!GetProcAddress 0000000077081f38 5 bytes JMP 000000007ef20216 .text C:\MSI\MSIRegister\MSIRegisterService.exe[2804] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000077082bdc 5 bytes JMP 000000007ef2069a .text C:\MSI\MSIRegister\MSIRegisterService.exe[2804] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExA 0000000077082e40 5 bytes JMP 000000007ef20678 .text C:\MSI\MSIRegister\MSIRegisterService.exe[2804] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000077082e7e 5 bytes JMP 000000007ef206bc .text C:\MSI\MSIRegister\MSIRegisterService.exe[2804] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleA 0000000077082fe1 5 bytes JMP 000000007ef2005c .text C:\MSI\MSIRegister\MSIRegisterService.exe[2804] C:\Windows\syswow64\KERNELBASE.dll!OpenThread 000000007708396a 5 bytes JMP 000000007ef2049c .text C:\MSI\MSIRegister\MSIRegisterService.exe[2804] C:\Windows\syswow64\KERNELBASE.dll!SleepEx 0000000077083cd7 5 bytes JMP 000000007ef2018e .text C:\MSI\MSIRegister\MSIRegisterService.exe[2804] C:\Windows\syswow64\KERNELBASE.dll!CreateRemoteThreadEx 0000000077083fdf 5 bytes JMP 000000007ef208fe .text C:\MSI\MSIRegister\MSIRegisterService.exe[2804] C:\Windows\syswow64\KERNELBASE.dll!Sleep 00000000770845fd 5 bytes JMP 000000007ef201f4 .text C:\MSI\MSIRegister\MSIRegisterService.exe[2804] C:\Windows\syswow64\KERNELBASE.dll!CreateThread 000000007708476f 5 bytes JMP 000000007ef204be .text C:\MSI\MSIRegister\MSIRegisterService.exe[2804] C:\Windows\syswow64\KERNELBASE.dll!CreateRemoteThread 0000000077084798 5 bytes JMP 000000007ef202e2 .text C:\MSI\MSIRegister\MSIRegisterService.exe[2804] C:\Windows\syswow64\KERNELBASE.dll!DeleteFileW 0000000077089dcf 5 bytes JMP 000000007ef20832 .text C:\MSI\MSIRegister\MSIRegisterService.exe[2804] C:\Windows\syswow64\KERNELBASE.dll!DeleteFileA 000000007708a11c 5 bytes JMP 000000007ef20854 .text C:\MSI\MSIRegister\MSIRegisterService.exe[2804] C:\Windows\syswow64\KERNELBASE.dll!FindNextFileW 000000007708a37a 5 bytes JMP 000000007ef20964 .text C:\MSI\MSIRegister\MSIRegisterService.exe[2804] C:\Windows\syswow64\KERNELBASE.dll!FindClose 000000007708a589 5 bytes JMP 000000007ef20986 .text C:\MSI\MSIRegister\MSIRegisterService.exe[2804] C:\Windows\syswow64\KERNELBASE.dll!FindFirstFileExW 000000007708a663 5 bytes JMP 000000007ef20942 .text C:\MSI\MSIRegister\MSIRegisterService.exe[2804] C:\Windows\syswow64\KERNELBASE.dll!CreateFileA 000000007708c8a8 5 bytes JMP 000000007ef2027c .text C:\MSI\MSIRegister\MSIRegisterService.exe[2804] C:\Windows\syswow64\KERNELBASE.dll!CreateWellKnownSid 000000007708e414 5 bytes JMP 000000007ef209a8 .text C:\MSI\MSIRegister\MSIRegisterService.exe[2804] C:\Windows\syswow64\USER32.dll!GetWindowLongW 0000000076ef6ffe 5 bytes JMP 000000007ef211a0 .text C:\MSI\MSIRegister\MSIRegisterService.exe[2804] C:\Windows\syswow64\USER32.dll!GetMessageW 0000000076ef78e2 5 bytes JMP 000000007ef20f1a .text C:\MSI\MSIRegister\MSIRegisterService.exe[2804] C:\Windows\syswow64\USER32.dll!GetMessageA 0000000076ef7bd3 5 bytes JMP 000000007ef20ef8 .text C:\MSI\MSIRegister\MSIRegisterService.exe[2804] C:\Windows\syswow64\USER32.dll!SetWindowLongW 0000000076ef8332 5 bytes JMP 000000007ef211e4 .text C:\MSI\MSIRegister\MSIRegisterService.exe[2804] C:\Windows\syswow64\USER32.dll!CreateWindowExW 0000000076ef8a29 5 bytes JMP 000000007ef20fc4 .text C:\MSI\MSIRegister\MSIRegisterService.exe[2804] C:\Windows\syswow64\USER32.dll!FindWindowW 0000000076ef98fd 5 bytes JMP 000000007ef2113a .text C:\MSI\MSIRegister\MSIRegisterService.exe[2804] C:\Windows\syswow64\USER32.dll!UserClientDllInitialize 0000000076efb6fa 5 bytes JMP 000000007ef20a96 .text C:\MSI\MSIRegister\MSIRegisterService.exe[2804] C:\Windows\syswow64\USER32.dll!GetWindowLongA 0000000076efd166 5 bytes JMP 000000007ef2117e .text C:\MSI\MSIRegister\MSIRegisterService.exe[2804] C:\Windows\syswow64\USER32.dll!CreateWindowExA 0000000076efd23e 5 bytes JMP 000000007ef20fe6 .text C:\MSI\MSIRegister\MSIRegisterService.exe[2804] C:\Windows\syswow64\USER32.dll!SetWinEventHook 0000000076efee21 5 bytes JMP 000000007ef20ed6 .text C:\MSI\MSIRegister\MSIRegisterService.exe[2804] C:\Windows\syswow64\USER32.dll!FindWindowA 0000000076effffe 5 bytes JMP 000000007ef210f6 .text C:\MSI\MSIRegister\MSIRegisterService.exe[2804] C:\Windows\syswow64\USER32.dll!FindWindowExA 0000000076f000f1 5 bytes JMP 000000007ef21118 .text C:\MSI\MSIRegister\MSIRegisterService.exe[2804] C:\Windows\syswow64\USER32.dll!PeekMessageW 0000000076f005d2 5 bytes JMP 000000007ef20f5e .text C:\MSI\MSIRegister\MSIRegisterService.exe[2804] C:\Windows\syswow64\USER32.dll!ShowWindow 0000000076f00e13 5 bytes JMP 000000007ef21008 .text C:\MSI\MSIRegister\MSIRegisterService.exe[2804] C:\Windows\syswow64\USER32.dll!SetWindowTextW 0000000076f01f14 5 bytes JMP 000000007ef210d4 .text C:\MSI\MSIRegister\MSIRegisterService.exe[2804] C:\Windows\syswow64\USER32.dll!UnhookWindowsHookEx 0000000076f0392d 1 byte JMP 000000007ef20fa2 .text C:\MSI\MSIRegister\MSIRegisterService.exe[2804] C:\Windows\syswow64\USER32.dll!UnhookWindowsHookEx + 2 0000000076f0392f 3 bytes {JMP 0x801d675} .text C:\MSI\MSIRegister\MSIRegisterService.exe[2804] C:\Windows\syswow64\USER32.dll!FindWindowExW 0000000076f0398a 5 bytes JMP 000000007ef2115c .text C:\MSI\MSIRegister\MSIRegisterService.exe[2804] C:\Windows\syswow64\USER32.dll!PeekMessageA 0000000076f07044 5 bytes JMP 000000007ef20f3c .text C:\MSI\MSIRegister\MSIRegisterService.exe[2804] C:\Windows\syswow64\USER32.dll!SetWindowLongA 0000000076f071e0 5 bytes JMP 000000007ef211c2 .text C:\MSI\MSIRegister\MSIRegisterService.exe[2804] C:\Windows\syswow64\USER32.dll!CallNextHookEx 0000000076f07355 5 bytes JMP 000000007ef20f80 .text C:\MSI\MSIRegister\MSIRegisterService.exe[2804] C:\Windows\syswow64\USER32.dll!SetWindowsHookExW 0000000076f081f5 5 bytes JMP 000000007ef20eb4 .text C:\MSI\MSIRegister\MSIRegisterService.exe[2804] C:\Windows\syswow64\USER32.dll!SendNotifyMessageW 0000000076f0825a 5 bytes JMP 000000007ef21228 .text C:\MSI\MSIRegister\MSIRegisterService.exe[2804] C:\Windows\syswow64\USER32.dll!SetWindowTextA 0000000076f086de 5 bytes JMP 000000007ef210b2 .text C:\MSI\MSIRegister\MSIRegisterService.exe[2804] C:\Windows\syswow64\USER32.dll!SetWindowsHookExA 0000000076f08f4c 5 bytes JMP 000000007ef20e92 .text C:\MSI\MSIRegister\MSIRegisterService.exe[2804] C:\Windows\syswow64\USER32.dll!DialogBoxIndirectParamAorW 0000000076f1d954 5 bytes JMP 000000007ef2104c .text C:\MSI\MSIRegister\MSIRegisterService.exe[2804] C:\Windows\syswow64\USER32.dll!CreateDialogIndirectParamAorW 0000000076f21080 5 bytes JMP 000000007ef2102a .text C:\MSI\MSIRegister\MSIRegisterService.exe[2804] C:\Windows\syswow64\USER32.dll!MessageBoxExA 0000000076f4fd66 5 bytes JMP 000000007ef2106e .text C:\MSI\MSIRegister\MSIRegisterService.exe[2804] C:\Windows\syswow64\USER32.dll!MessageBoxExW 0000000076f4fd8a 5 bytes JMP 000000007ef21090 .text C:\MSI\MSIRegister\MSIRegisterService.exe[2804] C:\Windows\syswow64\USER32.dll!SendNotifyMessageA 0000000076f56df5 5 bytes JMP 000000007ef21206 .text C:\MSI\MSIRegister\MSIRegisterService.exe[2804] C:\Windows\syswow64\GDI32.dll!TranslateCharsetInfo + 505 0000000076d1633b 5 bytes JMP 000000007ef20ab8 .text C:\MSI\MSIRegister\MSIRegisterService.exe[2804] C:\Windows\syswow64\GDI32.dll!SetBrushAttributes 0000000076d385fd 5 bytes JMP 000000007ef20b84 .text C:\MSI\MSIRegister\MSIRegisterService.exe[2804] C:\Windows\syswow64\GDI32.dll!ClearBrushAttributes 0000000076d3861c 5 bytes JMP 000000007ef20ba6 .text C:\MSI\MSIRegister\MSIRegisterService.exe[2804] C:\Windows\syswow64\GDI32.dll!NamedEscape 0000000076d4421d 5 bytes JMP 000000007ef20bc8 .text C:\MSI\MSIRegister\MSIRegisterService.exe[2804] C:\Windows\syswow64\msvcrt.dll!_lock + 41 000000007652a472 5 bytes JMP 000000007ef20ada .text C:\MSI\MSIRegister\MSIRegisterService.exe[2804] C:\Windows\syswow64\msvcrt.dll!__p__fmode 00000000765327ce 5 bytes JMP 000000007ef20b62 .text C:\MSI\MSIRegister\MSIRegisterService.exe[2804] C:\Windows\syswow64\msvcrt.dll!__p__environ 000000007653e6cf 5 bytes JMP 000000007ef20b40 .text C:\MSI\MSIRegister\MSIRegisterService.exe[2804] C:\Windows\syswow64\ADVAPI32.dll!CryptGenKey 0000000076c28e69 5 bytes JMP 000000007ef20da4 .text C:\MSI\MSIRegister\MSIRegisterService.exe[2804] C:\Windows\syswow64\ADVAPI32.dll!CryptAcquireContextA 0000000076c29159 5 bytes JMP 000000007ef20d60 .text C:\MSI\MSIRegister\MSIRegisterService.exe[2804] C:\Windows\syswow64\ADVAPI32.dll!CryptExportKey 0000000076c29166 5 bytes JMP 000000007ef20e0a .text C:\MSI\MSIRegister\MSIRegisterService.exe[2804] C:\Windows\syswow64\ADVAPI32.dll!CryptImportKey 0000000076c2c4b2 5 bytes JMP 000000007ef20e70 .text C:\MSI\MSIRegister\MSIRegisterService.exe[2804] C:\Windows\syswow64\ADVAPI32.dll!OpenServiceW 0000000076c2c9cc 5 bytes JMP 000000007ef20c0c .text C:\MSI\MSIRegister\MSIRegisterService.exe[2804] C:\Windows\syswow64\ADVAPI32.dll!CryptAcquireContextW 0000000076c2de94 5 bytes JMP 000000007ef20d82 .text C:\MSI\MSIRegister\MSIRegisterService.exe[2804] C:\Windows\syswow64\ADVAPI32.dll!CryptHashData 0000000076c2deb6 5 bytes JMP 000000007ef20e4e .text C:\MSI\MSIRegister\MSIRegisterService.exe[2804] C:\Windows\syswow64\ADVAPI32.dll!CryptCreateHash 0000000076c2dece 5 bytes JMP 000000007ef20de8 .text C:\MSI\MSIRegister\MSIRegisterService.exe[2804] C:\Windows\syswow64\ADVAPI32.dll!CryptGetHashParam 0000000076c2defe 5 bytes JMP 000000007ef20e2c .text C:\MSI\MSIRegister\MSIRegisterService.exe[2804] C:\Windows\syswow64\ADVAPI32.dll!OpenServiceA 0000000076c32b38 5 bytes JMP 000000007ef20bea .text C:\MSI\MSIRegister\MSIRegisterService.exe[2804] C:\Windows\syswow64\ADVAPI32.dll!CloseServiceHandle 0000000076c335e4 5 bytes JMP 000000007ef20cfa .text C:\MSI\MSIRegister\MSIRegisterService.exe[2804] C:\Windows\syswow64\ADVAPI32.dll!RegOpenKeyExA + 222 0000000076c34939 5 bytes JMP 000000007ef20afc .text C:\MSI\MSIRegister\MSIRegisterService.exe[2804] C:\Windows\syswow64\ADVAPI32.dll!CreateServiceW 0000000076c470a4 5 bytes JMP 000000007ef20d3e .text C:\MSI\MSIRegister\MSIRegisterService.exe[2804] C:\Windows\syswow64\ADVAPI32.dll!ControlService 0000000076c470bc 5 bytes JMP 000000007ef20c72 .text C:\MSI\MSIRegister\MSIRegisterService.exe[2804] C:\Windows\syswow64\ADVAPI32.dll!DeleteService 0000000076c470d4 5 bytes JMP 000000007ef20c94 .text C:\MSI\MSIRegister\MSIRegisterService.exe[2804] C:\Windows\syswow64\ADVAPI32.dll!CryptEncrypt 0000000076c4771b 5 bytes JMP 000000007ef20dc6 .text C:\MSI\MSIRegister\MSIRegisterService.exe[2804] C:\Windows\syswow64\ADVAPI32.dll!ChangeServiceConfigA 0000000076c633a4 5 bytes JMP 000000007ef20cb6 .text C:\MSI\MSIRegister\MSIRegisterService.exe[2804] C:\Windows\syswow64\ADVAPI32.dll!ChangeServiceConfigW 0000000076c633b4 5 bytes JMP 000000007ef20cd8 .text C:\MSI\MSIRegister\MSIRegisterService.exe[2804] C:\Windows\syswow64\ADVAPI32.dll!ControlServiceExA 0000000076c633c4 5 bytes JMP 000000007ef20c2e .text C:\MSI\MSIRegister\MSIRegisterService.exe[2804] C:\Windows\syswow64\ADVAPI32.dll!ControlServiceExW 0000000076c633d4 5 bytes JMP 000000007ef20c50 .text C:\MSI\MSIRegister\MSIRegisterService.exe[2804] C:\Windows\syswow64\ADVAPI32.dll!CreateServiceA 0000000076c63414 5 bytes JMP 000000007ef20d1c .text C:\MSI\MSIRegister\MSIRegisterService.exe[2804] C:\Windows\syswow64\SHELL32.dll!Shell_NotifyIconW 0000000075370179 5 bytes JMP 000000007ef2124a .text C:\MSI\MSIRegister\MSIRegisterService.exe[2804] C:\Windows\syswow64\WS2_32.dll!closesocket 0000000076633918 5 bytes JMP 000000007ef2137c .text C:\MSI\MSIRegister\MSIRegisterService.exe[2804] C:\Windows\syswow64\WS2_32.dll!WSASocketW 0000000076633cd3 5 bytes JMP 000000007ef2135a .text C:\MSI\MSIRegister\MSIRegisterService.exe[2804] C:\Windows\syswow64\WS2_32.dll!socket 0000000076633eb8 5 bytes JMP 000000007ef2139e .text C:\MSI\MSIRegister\MSIRegisterService.exe[2804] C:\Windows\syswow64\WS2_32.dll!WSASend 0000000076634406 5 bytes JMP 000000007ef212b0 .text C:\MSI\MSIRegister\MSIRegisterService.exe[2804] C:\Windows\syswow64\WS2_32.dll!GetAddrInfoW 0000000076634889 5 bytes JMP 000000007ef212f4 .text C:\MSI\MSIRegister\MSIRegisterService.exe[2804] C:\Windows\syswow64\WS2_32.dll!recv 0000000076636826 5 bytes JMP 000000007ef213e2 .text C:\MSI\MSIRegister\MSIRegisterService.exe[2804] C:\Windows\syswow64\WS2_32.dll!connect 00000000766368f5 5 bytes JMP 000000007ef212d2 .text C:\MSI\MSIRegister\MSIRegisterService.exe[2804] C:\Windows\syswow64\WS2_32.dll!send 0000000076636c19 5 bytes JMP 000000007ef2128e .text C:\MSI\MSIRegister\MSIRegisterService.exe[2804] C:\Windows\syswow64\WS2_32.dll!WSARecv 0000000076636da1 5 bytes JMP 000000007ef21404 .text C:\MSI\MSIRegister\MSIRegisterService.exe[2804] C:\Windows\syswow64\WS2_32.dll!GetAddrInfoExW 000000007663a6db 5 bytes JMP 000000007ef21316 .text C:\MSI\MSIRegister\MSIRegisterService.exe[2804] C:\Windows\syswow64\WS2_32.dll!WSAConnect 000000007663bcd5 5 bytes JMP 000000007ef213c0 .text C:\MSI\MSIRegister\MSIRegisterService.exe[2804] C:\Windows\syswow64\WS2_32.dll!gethostbyname 000000007664771b 5 bytes JMP 000000007ef21338 .text C:\Program Files (x86)\MSI\Fast Boot\FastBootService.exe[2560] C:\Windows\SysWOW64\ntdll.dll!NtClose 00000000774df9f0 5 bytes JMP 000000007ef20700 .text C:\Program Files (x86)\MSI\Fast Boot\FastBootService.exe[2560] C:\Windows\SysWOW64\ntdll.dll!NtAllocateVirtualMemory 00000000774dfad0 5 bytes JMP 000000007ef208ba .text C:\Program Files (x86)\MSI\Fast Boot\FastBootService.exe[2560] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationProcess 00000000774dfb38 1 byte JMP 000000007ef20656 .text C:\Program Files (x86)\MSI\Fast Boot\FastBootService.exe[2560] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationProcess + 2 00000000774dfb3a 3 bytes {JMP 0x7a40b1e} .text C:\Program Files (x86)\MSI\Fast Boot\FastBootService.exe[2560] C:\Windows\SysWOW64\ntdll.dll!NtQueryInformationToken 00000000774dfbb8 5 bytes JMP 000000007ef209ca .text C:\Program Files (x86)\MSI\Fast Boot\FastBootService.exe[2560] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess 00000000774dfc30 5 bytes JMP 000000007ef203f2 .text C:\Program Files (x86)\MSI\Fast Boot\FastBootService.exe[2560] C:\Windows\SysWOW64\ntdll.dll!NtMapViewOfSection 00000000774dfc60 5 bytes JMP 000000007ef20018 .text C:\Program Files (x86)\MSI\Fast Boot\FastBootService.exe[2560] C:\Windows\SysWOW64\ntdll.dll!NtUnmapViewOfSection 00000000774dfc90 5 bytes JMP 000000007ef2003a .text C:\Program Files (x86)\MSI\Fast Boot\FastBootService.exe[2560] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 00000000774dfcc0 5 bytes JMP 000000007ef20634 .text C:\Program Files (x86)\MSI\Fast Boot\FastBootService.exe[2560] C:\Windows\SysWOW64\ntdll.dll!NtOpenSection 00000000774dfdd8 5 bytes JMP 000000007ef20a0e .text C:\Program Files (x86)\MSI\Fast Boot\FastBootService.exe[2560] C:\Windows\SysWOW64\ntdll.dll!NtWriteVirtualMemory 00000000774dfe24 5 bytes JMP 000000007ef203ae .text C:\Program Files (x86)\MSI\Fast Boot\FastBootService.exe[2560] C:\Windows\SysWOW64\ntdll.dll!NtDuplicateObject 00000000774dfe54 5 bytes JMP 000000007ef20436 .text C:\Program Files (x86)\MSI\Fast Boot\FastBootService.exe[2560] C:\Windows\SysWOW64\ntdll.dll!NtOpenEvent 00000000774dfeb8 5 bytes JMP 000000007ef20876 .text C:\Program Files (x86)\MSI\Fast Boot\FastBootService.exe[2560] C:\Windows\SysWOW64\ntdll.dll!NtAdjustPrivilegesToken 00000000774dfed0 5 bytes JMP 000000007ef20810 .text C:\Program Files (x86)\MSI\Fast Boot\FastBootService.exe[2560] C:\Windows\SysWOW64\ntdll.dll!NtQueueApcThread 00000000774dff34 5 bytes JMP 000000007ef20414 .text C:\Program Files (x86)\MSI\Fast Boot\FastBootService.exe[2560] C:\Windows\SysWOW64\ntdll.dll!NtCreateProcessEx 00000000774dfffc 5 bytes JMP 000000007ef2036a .text C:\Program Files (x86)\MSI\Fast Boot\FastBootService.exe[2560] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread 00000000774e0014 5 bytes JMP 000000007ef20326 .text C:\Program Files (x86)\MSI\Fast Boot\FastBootService.exe[2560] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory 00000000774e0048 5 bytes JMP 000000007ef208dc .text C:\Program Files (x86)\MSI\Fast Boot\FastBootService.exe[2560] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile 00000000774e00c4 2 bytes JMP 000000007ef20128 .text C:\Program Files (x86)\MSI\Fast Boot\FastBootService.exe[2560] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile + 3 00000000774e00c7 2 bytes [A4, 07] .text C:\Program Files (x86)\MSI\Fast Boot\FastBootService.exe[2560] C:\Windows\SysWOW64\ntdll.dll!NtSetValueKey 00000000774e01d4 5 bytes JMP 000000007ef201b0 .text C:\Program Files (x86)\MSI\Fast Boot\FastBootService.exe[2560] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant 00000000774e07ac 2 bytes JMP 000000007ef20898 .text C:\Program Files (x86)\MSI\Fast Boot\FastBootService.exe[2560] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant + 3 00000000774e07af 2 bytes [A4, 07] .text C:\Program Files (x86)\MSI\Fast Boot\FastBootService.exe[2560] C:\Windows\SysWOW64\ntdll.dll!NtCreateProcess 00000000774e0824 5 bytes JMP 000000007ef20348 .text C:\Program Files (x86)\MSI\Fast Boot\FastBootService.exe[2560] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx 00000000774e08b4 5 bytes JMP 000000007ef20304 .text C:\Program Files (x86)\MSI\Fast Boot\FastBootService.exe[2560] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver 00000000774e0e04 5 bytes JMP 000000007ef20722 .text C:\Program Files (x86)\MSI\Fast Boot\FastBootService.exe[2560] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessToken 00000000774e10d0 5 bytes JMP 000000007ef209a8 .text C:\Program Files (x86)\MSI\Fast Boot\FastBootService.exe[2560] C:\Windows\SysWOW64\ntdll.dll!NtRaiseHardError 00000000774e1614 5 bytes JMP 000000007ef205f0 .text C:\Program Files (x86)\MSI\Fast Boot\FastBootService.exe[2560] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread 00000000774e1930 5 bytes JMP 000000007ef203d0 .text C:\Program Files (x86)\MSI\Fast Boot\FastBootService.exe[2560] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation 00000000774e1bf4 5 bytes JMP 000000007ef20744 .text C:\Program Files (x86)\MSI\Fast Boot\FastBootService.exe[2560] C:\Windows\SysWOW64\ntdll.dll!NtSuspendProcess 00000000774e1d64 5 bytes JMP 000000007ef2047a .text C:\Program Files (x86)\MSI\Fast Boot\FastBootService.exe[2560] C:\Windows\SysWOW64\ntdll.dll!NtSuspendThread 00000000774e1d80 5 bytes JMP 000000007ef20458 .text C:\Program Files (x86)\MSI\Fast Boot\FastBootService.exe[2560] C:\Windows\SysWOW64\ntdll.dll!NtSystemDebugControl 00000000774e1d9c 5 bytes JMP 000000007ef20a30 .text C:\Program Files (x86)\MSI\Fast Boot\FastBootService.exe[2560] C:\Windows\SysWOW64\ntdll.dll!RtlQueryPerformanceCounter 00000000774f2954 5 bytes JMP 000000007ef200c2 .text C:\Program Files (x86)\MSI\Fast Boot\FastBootService.exe[2560] C:\Windows\SysWOW64\ntdll.dll!RtlEqualSid 00000000774f8ee1 5 bytes JMP 000000007ef209ec .text C:\Program Files (x86)\MSI\Fast Boot\FastBootService.exe[2560] C:\Windows\SysWOW64\ntdll.dll!RtlCreateProcessParametersEx 000000007752005b 5 bytes JMP 000000007ef2016c .text C:\Program Files (x86)\MSI\Fast Boot\FastBootService.exe[2560] C:\Windows\SysWOW64\ntdll.dll!RtlReportException 0000000077568757 5 bytes JMP 000000007ef20612 .text C:\Program Files (x86)\MSI\Fast Boot\FastBootService.exe[2560] C:\Windows\SysWOW64\ntdll.dll!RtlCreateProcessParameters 000000007756e9f7 5 bytes JMP 000000007ef2014a .text C:\Program Files (x86)\MSI\Fast Boot\FastBootService.exe[2560] C:\Windows\syswow64\kernel32.dll!GetStartupInfoA 0000000076310e00 5 bytes JMP 000000007ef200e4 .text C:\Program Files (x86)\MSI\Fast Boot\FastBootService.exe[2560] C:\Windows\syswow64\kernel32.dll!CreateProcessA 0000000076311072 5 bytes JMP 000000007ef202c0 .text C:\Program Files (x86)\MSI\Fast Boot\FastBootService.exe[2560] C:\Windows\syswow64\kernel32.dll!LoadLibraryA 0000000076314977 5 bytes JMP 000000007ef20238 .text C:\Program Files (x86)\MSI\Fast Boot\FastBootService.exe[2560] C:\Windows\syswow64\kernel32.dll!CreateProcessInternalW 0000000076323bbb 5 bytes JMP 000000007ef2038c .text C:\Program Files (x86)\MSI\Fast Boot\FastBootService.exe[2560] C:\Windows\syswow64\kernel32.dll!MoveFileWithProgressW 0000000076329abc 5 bytes JMP 000000007ef207ee .text C:\Program Files (x86)\MSI\Fast Boot\FastBootService.exe[2560] C:\Windows\syswow64\kernel32.dll!MoveFileExW 0000000076329b1d 5 bytes JMP 000000007ef207aa .text C:\Program Files (x86)\MSI\Fast Boot\FastBootService.exe[2560] C:\Windows\syswow64\kernel32.dll!CreateToolhelp32Snapshot 000000007633733f 5 bytes JMP 000000007ef2025a .text C:\Program Files (x86)\MSI\Fast Boot\FastBootService.exe[2560] C:\Windows\syswow64\kernel32.dll!Process32NextW 00000000763388f2 5 bytes JMP 000000007ef206de .text C:\Program Files (x86)\MSI\Fast Boot\FastBootService.exe[2560] C:\Windows\syswow64\kernel32.dll!MoveFileExA 000000007633ccf1 5 bytes JMP 000000007ef20788 .text C:\Program Files (x86)\MSI\Fast Boot\FastBootService.exe[2560] C:\Windows\syswow64\kernel32.dll!MoveFileWithProgressA 000000007633cd11 5 bytes JMP 000000007ef207cc .text C:\Program Files (x86)\MSI\Fast Boot\FastBootService.exe[2560] C:\Windows\syswow64\kernel32.dll!WinExec 0000000076393231 5 bytes JMP 000000007ef2029e .text C:\Program Files (x86)\MSI\Fast Boot\FastBootService.exe[2560] C:\Windows\syswow64\kernel32.dll!ReadConsoleInputA 00000000763b773b 5 bytes JMP 000000007ef20568 .text C:\Program Files (x86)\MSI\Fast Boot\FastBootService.exe[2560] C:\Windows\syswow64\kernel32.dll!ReadConsoleInputW 00000000763b775e 5 bytes JMP 000000007ef2058a .text C:\Program Files (x86)\MSI\Fast Boot\FastBootService.exe[2560] C:\Windows\syswow64\kernel32.dll!ReadConsoleA 00000000763b7b09 5 bytes JMP 000000007ef205ac .text C:\Program Files (x86)\MSI\Fast Boot\FastBootService.exe[2560] C:\Windows\syswow64\kernel32.dll!ReadConsoleW 00000000763b7b82 5 bytes JMP 000000007ef205ce .text C:\Program Files (x86)\MSI\Fast Boot\FastBootService.exe[2560] C:\Windows\syswow64\KERNELBASE.dll!GetSystemTimeAsFileTime 0000000077078fa5 5 bytes JMP 000000007ef200a0 .text C:\Program Files (x86)\MSI\Fast Boot\FastBootService.exe[2560] C:\Windows\syswow64\KERNELBASE.dll!CloseHandle 000000007707c558 5 bytes JMP 000000007ef20546 .text C:\Program Files (x86)\MSI\Fast Boot\FastBootService.exe[2560] C:\Windows\syswow64\KERNELBASE.dll!WriteProcessMemory 000000007707edc6 5 bytes JMP 000000007ef204e0 .text C:\Program Files (x86)\MSI\Fast Boot\FastBootService.exe[2560] C:\Windows\syswow64\KERNELBASE.dll!ExitProcess 000000007707f329 5 bytes JMP 000000007ef201d2 .text C:\Program Files (x86)\MSI\Fast Boot\FastBootService.exe[2560] C:\Windows\syswow64\KERNELBASE.dll!GetStartupInfoW 000000007707fbac 5 bytes JMP 000000007ef20106 .text C:\Program Files (x86)\MSI\Fast Boot\FastBootService.exe[2560] C:\Windows\syswow64\KERNELBASE.dll!DefineDosDeviceW 000000007707fcda 5 bytes JMP 000000007ef20766 .text C:\Program Files (x86)\MSI\Fast Boot\FastBootService.exe[2560] C:\Windows\syswow64\KERNELBASE.dll!CreateMutexW 000000007708147b 5 bytes JMP 000000007ef20524 .text C:\Program Files (x86)\MSI\Fast Boot\FastBootService.exe[2560] C:\Windows\syswow64\KERNELBASE.dll!OpenMutexW 00000000770814a2 5 bytes JMP 000000007ef20502 .text C:\Program Files (x86)\MSI\Fast Boot\FastBootService.exe[2560] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000077081e4c 5 bytes JMP 000000007ef2007e .text C:\Program Files (x86)\MSI\Fast Boot\FastBootService.exe[2560] C:\Windows\syswow64\KERNELBASE.dll!GetProcAddress 0000000077081f38 5 bytes JMP 000000007ef20216 .text C:\Program Files (x86)\MSI\Fast Boot\FastBootService.exe[2560] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000077082bdc 5 bytes JMP 000000007ef2069a .text C:\Program Files (x86)\MSI\Fast Boot\FastBootService.exe[2560] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExA 0000000077082e40 5 bytes JMP 000000007ef20678 .text C:\Program Files (x86)\MSI\Fast Boot\FastBootService.exe[2560] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000077082e7e 5 bytes JMP 000000007ef206bc .text C:\Program Files (x86)\MSI\Fast Boot\FastBootService.exe[2560] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleA 0000000077082fe1 5 bytes JMP 000000007ef2005c .text C:\Program Files (x86)\MSI\Fast Boot\FastBootService.exe[2560] C:\Windows\syswow64\KERNELBASE.dll!OpenThread 000000007708396a 5 bytes JMP 000000007ef2049c .text C:\Program Files (x86)\MSI\Fast Boot\FastBootService.exe[2560] C:\Windows\syswow64\KERNELBASE.dll!SleepEx 0000000077083cd7 5 bytes JMP 000000007ef2018e .text C:\Program Files (x86)\MSI\Fast Boot\FastBootService.exe[2560] C:\Windows\syswow64\KERNELBASE.dll!CreateRemoteThreadEx 0000000077083fdf 5 bytes JMP 000000007ef208fe .text C:\Program Files (x86)\MSI\Fast Boot\FastBootService.exe[2560] C:\Windows\syswow64\KERNELBASE.dll!Sleep 00000000770845fd 5 bytes JMP 000000007ef201f4 .text C:\Program Files (x86)\MSI\Fast Boot\FastBootService.exe[2560] C:\Windows\syswow64\KERNELBASE.dll!CreateThread 000000007708476f 5 bytes JMP 000000007ef204be .text C:\Program Files (x86)\MSI\Fast Boot\FastBootService.exe[2560] C:\Windows\syswow64\KERNELBASE.dll!CreateRemoteThread 0000000077084798 5 bytes JMP 000000007ef202e2 .text C:\Program Files (x86)\MSI\Fast Boot\FastBootService.exe[2560] C:\Windows\syswow64\KERNELBASE.dll!DeleteFileW 0000000077089dcf 5 bytes JMP 000000007ef20832 .text C:\Program Files (x86)\MSI\Fast Boot\FastBootService.exe[2560] C:\Windows\syswow64\KERNELBASE.dll!DeleteFileA 000000007708a11c 5 bytes JMP 000000007ef20854 .text C:\Program Files (x86)\MSI\Fast Boot\FastBootService.exe[2560] C:\Windows\syswow64\KERNELBASE.dll!FindNextFileW 000000007708a37a 5 bytes JMP 000000007ef20942 .text C:\Program Files (x86)\MSI\Fast Boot\FastBootService.exe[2560] C:\Windows\syswow64\KERNELBASE.dll!FindClose 000000007708a589 5 bytes JMP 000000007ef20964 .text C:\Program Files (x86)\MSI\Fast Boot\FastBootService.exe[2560] C:\Windows\syswow64\KERNELBASE.dll!FindFirstFileExW 000000007708a663 5 bytes JMP 000000007ef20920 .text C:\Program Files (x86)\MSI\Fast Boot\FastBootService.exe[2560] C:\Windows\syswow64\KERNELBASE.dll!CreateFileA 000000007708c8a8 5 bytes JMP 000000007ef2027c .text C:\Program Files (x86)\MSI\Fast Boot\FastBootService.exe[2560] C:\Windows\syswow64\KERNELBASE.dll!CreateWellKnownSid 000000007708e414 5 bytes JMP 000000007ef20986 .text C:\Program Files (x86)\MSI\Fast Boot\FastBootService.exe[2560] C:\Windows\syswow64\ADVAPI32.dll!CryptGenKey 0000000076c28e69 5 bytes JMP 000000007ef20cd8 .text C:\Program Files (x86)\MSI\Fast Boot\FastBootService.exe[2560] C:\Windows\syswow64\ADVAPI32.dll!CryptAcquireContextA 0000000076c29159 5 bytes JMP 000000007ef20c94 .text C:\Program Files (x86)\MSI\Fast Boot\FastBootService.exe[2560] C:\Windows\syswow64\ADVAPI32.dll!CryptExportKey 0000000076c29166 5 bytes JMP 000000007ef20d3e .text C:\Program Files (x86)\MSI\Fast Boot\FastBootService.exe[2560] C:\Windows\syswow64\ADVAPI32.dll!CryptImportKey 0000000076c2c4b2 5 bytes JMP 000000007ef20da4 .text C:\Program Files (x86)\MSI\Fast Boot\FastBootService.exe[2560] C:\Windows\syswow64\ADVAPI32.dll!OpenServiceW 0000000076c2c9cc 5 bytes JMP 000000007ef20b40 .text C:\Program Files (x86)\MSI\Fast Boot\FastBootService.exe[2560] C:\Windows\syswow64\ADVAPI32.dll!CryptAcquireContextW 0000000076c2de94 5 bytes JMP 000000007ef20cb6 .text C:\Program Files (x86)\MSI\Fast Boot\FastBootService.exe[2560] C:\Windows\syswow64\ADVAPI32.dll!CryptHashData 0000000076c2deb6 5 bytes JMP 000000007ef20d82 .text C:\Program Files (x86)\MSI\Fast Boot\FastBootService.exe[2560] C:\Windows\syswow64\ADVAPI32.dll!CryptCreateHash 0000000076c2dece 5 bytes JMP 000000007ef20d1c .text C:\Program Files (x86)\MSI\Fast Boot\FastBootService.exe[2560] C:\Windows\syswow64\ADVAPI32.dll!CryptGetHashParam 0000000076c2defe 5 bytes JMP 000000007ef20d60 .text C:\Program Files (x86)\MSI\Fast Boot\FastBootService.exe[2560] C:\Windows\syswow64\ADVAPI32.dll!OpenServiceA 0000000076c32b38 5 bytes JMP 000000007ef20b1e .text C:\Program Files (x86)\MSI\Fast Boot\FastBootService.exe[2560] C:\Windows\syswow64\ADVAPI32.dll!CloseServiceHandle 0000000076c335e4 5 bytes JMP 000000007ef20c2e .text C:\Program Files (x86)\MSI\Fast Boot\FastBootService.exe[2560] C:\Windows\syswow64\ADVAPI32.dll!RegOpenKeyExA + 222 0000000076c34939 5 bytes JMP 000000007ef20a52 .text C:\Program Files (x86)\MSI\Fast Boot\FastBootService.exe[2560] C:\Windows\syswow64\ADVAPI32.dll!CreateServiceW 0000000076c470a4 5 bytes JMP 000000007ef20c72 .text C:\Program Files (x86)\MSI\Fast Boot\FastBootService.exe[2560] C:\Windows\syswow64\ADVAPI32.dll!ControlService 0000000076c470bc 5 bytes JMP 000000007ef20ba6 .text C:\Program Files (x86)\MSI\Fast Boot\FastBootService.exe[2560] C:\Windows\syswow64\ADVAPI32.dll!DeleteService 0000000076c470d4 5 bytes JMP 000000007ef20bc8 .text C:\Program Files (x86)\MSI\Fast Boot\FastBootService.exe[2560] C:\Windows\syswow64\ADVAPI32.dll!CryptEncrypt 0000000076c4771b 5 bytes JMP 000000007ef20cfa .text C:\Program Files (x86)\MSI\Fast Boot\FastBootService.exe[2560] C:\Windows\syswow64\ADVAPI32.dll!ChangeServiceConfigA 0000000076c633a4 5 bytes JMP 000000007ef20bea .text C:\Program Files (x86)\MSI\Fast Boot\FastBootService.exe[2560] C:\Windows\syswow64\ADVAPI32.dll!ChangeServiceConfigW 0000000076c633b4 5 bytes JMP 000000007ef20c0c .text C:\Program Files (x86)\MSI\Fast Boot\FastBootService.exe[2560] C:\Windows\syswow64\ADVAPI32.dll!ControlServiceExA 0000000076c633c4 5 bytes JMP 000000007ef20b62 .text C:\Program Files (x86)\MSI\Fast Boot\FastBootService.exe[2560] C:\Windows\syswow64\ADVAPI32.dll!ControlServiceExW 0000000076c633d4 5 bytes JMP 000000007ef20b84 .text C:\Program Files (x86)\MSI\Fast Boot\FastBootService.exe[2560] C:\Windows\syswow64\ADVAPI32.dll!CreateServiceA 0000000076c63414 5 bytes JMP 000000007ef20c50 .text C:\Program Files (x86)\MSI\Fast Boot\FastBootService.exe[2560] C:\Windows\syswow64\msvcrt.dll!_lock + 41 000000007652a472 5 bytes JMP 000000007ef20a74 .text C:\Program Files (x86)\MSI\Fast Boot\FastBootService.exe[2560] C:\Windows\syswow64\msvcrt.dll!__p__fmode 00000000765327ce 5 bytes JMP 000000007ef20afc .text C:\Program Files (x86)\MSI\Fast Boot\FastBootService.exe[2560] C:\Windows\syswow64\msvcrt.dll!__p__environ 000000007653e6cf 5 bytes JMP 000000007ef20ada .text C:\Program Files (x86)\MSI\Fast Boot\FastBootService.exe[2560] C:\Windows\syswow64\USER32.dll!GetWindowLongW 0000000076ef6ffe 5 bytes JMP 000000007ef2113a .text C:\Program Files (x86)\MSI\Fast Boot\FastBootService.exe[2560] C:\Windows\syswow64\USER32.dll!GetMessageW 0000000076ef78e2 5 bytes JMP 000000007ef20eb4 .text C:\Program Files (x86)\MSI\Fast Boot\FastBootService.exe[2560] C:\Windows\syswow64\USER32.dll!GetMessageA 0000000076ef7bd3 5 bytes JMP 000000007ef20e92 .text C:\Program Files (x86)\MSI\Fast Boot\FastBootService.exe[2560] C:\Windows\syswow64\USER32.dll!SetWindowLongW 0000000076ef8332 5 bytes JMP 000000007ef2117e .text C:\Program Files (x86)\MSI\Fast Boot\FastBootService.exe[2560] C:\Windows\syswow64\USER32.dll!CreateWindowExW 0000000076ef8a29 5 bytes JMP 000000007ef20f5e .text C:\Program Files (x86)\MSI\Fast Boot\FastBootService.exe[2560] C:\Windows\syswow64\USER32.dll!FindWindowW 0000000076ef98fd 5 bytes JMP 000000007ef210d4 .text C:\Program Files (x86)\MSI\Fast Boot\FastBootService.exe[2560] C:\Windows\syswow64\USER32.dll!UserClientDllInitialize 0000000076efb6fa 5 bytes JMP 000000007ef20a96 .text C:\Program Files (x86)\MSI\Fast Boot\FastBootService.exe[2560] C:\Windows\syswow64\USER32.dll!GetWindowLongA 0000000076efd166 5 bytes JMP 000000007ef21118 .text C:\Program Files (x86)\MSI\Fast Boot\FastBootService.exe[2560] C:\Windows\syswow64\USER32.dll!CreateWindowExA 0000000076efd23e 5 bytes JMP 000000007ef20f80 .text C:\Program Files (x86)\MSI\Fast Boot\FastBootService.exe[2560] C:\Windows\syswow64\USER32.dll!SetWinEventHook 0000000076efee21 5 bytes JMP 000000007ef20e70 .text C:\Program Files (x86)\MSI\Fast Boot\FastBootService.exe[2560] C:\Windows\syswow64\USER32.dll!FindWindowA 0000000076effffe 5 bytes JMP 000000007ef21090 .text C:\Program Files (x86)\MSI\Fast Boot\FastBootService.exe[2560] C:\Windows\syswow64\USER32.dll!FindWindowExA 0000000076f000f1 5 bytes JMP 000000007ef210b2 .text C:\Program Files (x86)\MSI\Fast Boot\FastBootService.exe[2560] C:\Windows\syswow64\USER32.dll!PeekMessageW 0000000076f005d2 5 bytes JMP 000000007ef20ef8 .text C:\Program Files (x86)\MSI\Fast Boot\FastBootService.exe[2560] C:\Windows\syswow64\USER32.dll!ShowWindow 0000000076f00e13 5 bytes JMP 000000007ef20fa2 .text C:\Program Files (x86)\MSI\Fast Boot\FastBootService.exe[2560] C:\Windows\syswow64\USER32.dll!SetWindowTextW 0000000076f01f14 5 bytes JMP 000000007ef2106e .text C:\Program Files (x86)\MSI\Fast Boot\FastBootService.exe[2560] C:\Windows\syswow64\USER32.dll!UnhookWindowsHookEx 0000000076f0392d 5 bytes JMP 000000007ef20f3c .text C:\Program Files (x86)\MSI\Fast Boot\FastBootService.exe[2560] C:\Windows\syswow64\USER32.dll!FindWindowExW 0000000076f0398a 5 bytes JMP 000000007ef210f6 .text C:\Program Files (x86)\MSI\Fast Boot\FastBootService.exe[2560] C:\Windows\syswow64\USER32.dll!PeekMessageA 0000000076f07044 5 bytes JMP 000000007ef20ed6 .text C:\Program Files (x86)\MSI\Fast Boot\FastBootService.exe[2560] C:\Windows\syswow64\USER32.dll!SetWindowLongA 0000000076f071e0 5 bytes JMP 000000007ef2115c .text C:\Program Files (x86)\MSI\Fast Boot\FastBootService.exe[2560] C:\Windows\syswow64\USER32.dll!CallNextHookEx 0000000076f07355 5 bytes JMP 000000007ef20f1a .text C:\Program Files (x86)\MSI\Fast Boot\FastBootService.exe[2560] C:\Windows\syswow64\USER32.dll!SetWindowsHookExW 0000000076f081f5 5 bytes JMP 000000007ef20e4e .text C:\Program Files (x86)\MSI\Fast Boot\FastBootService.exe[2560] C:\Windows\syswow64\USER32.dll!SendNotifyMessageW 0000000076f0825a 5 bytes JMP 000000007ef211c2 .text C:\Program Files (x86)\MSI\Fast Boot\FastBootService.exe[2560] C:\Windows\syswow64\USER32.dll!SetWindowTextA 0000000076f086de 5 bytes JMP 000000007ef2104c .text C:\Program Files (x86)\MSI\Fast Boot\FastBootService.exe[2560] C:\Windows\syswow64\USER32.dll!SetWindowsHookExA 0000000076f08f4c 5 bytes JMP 000000007ef20e2c .text C:\Program Files (x86)\MSI\Fast Boot\FastBootService.exe[2560] C:\Windows\syswow64\USER32.dll!DialogBoxIndirectParamAorW 0000000076f1d954 5 bytes JMP 000000007ef20fe6 .text C:\Program Files (x86)\MSI\Fast Boot\FastBootService.exe[2560] C:\Windows\syswow64\USER32.dll!CreateDialogIndirectParamAorW 0000000076f21080 5 bytes JMP 000000007ef20fc4 .text C:\Program Files (x86)\MSI\Fast Boot\FastBootService.exe[2560] C:\Windows\syswow64\USER32.dll!MessageBoxExA 0000000076f4fd66 5 bytes JMP 000000007ef21008 .text C:\Program Files (x86)\MSI\Fast Boot\FastBootService.exe[2560] C:\Windows\syswow64\USER32.dll!MessageBoxExW 0000000076f4fd8a 5 bytes JMP 000000007ef2102a .text C:\Program Files (x86)\MSI\Fast Boot\FastBootService.exe[2560] C:\Windows\syswow64\USER32.dll!SendNotifyMessageA 0000000076f56df5 5 bytes JMP 000000007ef211a0 .text C:\Program Files (x86)\MSI\Fast Boot\FastBootService.exe[2560] C:\Windows\syswow64\GDI32.dll!TranslateCharsetInfo + 505 0000000076d1633b 5 bytes JMP 000000007ef20ab8 .text C:\Program Files (x86)\MSI\Fast Boot\FastBootService.exe[2560] C:\Windows\syswow64\GDI32.dll!SetBrushAttributes 0000000076d385fd 5 bytes JMP 000000007ef20dc6 .text C:\Program Files (x86)\MSI\Fast Boot\FastBootService.exe[2560] C:\Windows\syswow64\GDI32.dll!ClearBrushAttributes 0000000076d3861c 5 bytes JMP 000000007ef20de8 .text C:\Program Files (x86)\MSI\Fast Boot\FastBootService.exe[2560] C:\Windows\syswow64\GDI32.dll!NamedEscape 0000000076d4421d 5 bytes JMP 000000007ef20e0a .text C:\Program Files (x86)\MSI\Live Update\MSI_LiveUpdate_Service.exe[3100] C:\Windows\SysWOW64\ntdll.dll!NtClose 00000000774df9f0 5 bytes JMP 000000007ef20700 .text C:\Program Files (x86)\MSI\Live Update\MSI_LiveUpdate_Service.exe[3100] C:\Windows\SysWOW64\ntdll.dll!NtAllocateVirtualMemory 00000000774dfad0 5 bytes JMP 000000007ef208ba .text C:\Program Files (x86)\MSI\Live Update\MSI_LiveUpdate_Service.exe[3100] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationProcess 00000000774dfb38 1 byte JMP 000000007ef20656 .text C:\Program Files (x86)\MSI\Live Update\MSI_LiveUpdate_Service.exe[3100] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationProcess + 2 00000000774dfb3a 3 bytes {JMP 0x7a40b1e} .text C:\Program Files (x86)\MSI\Live Update\MSI_LiveUpdate_Service.exe[3100] C:\Windows\SysWOW64\ntdll.dll!NtQueryInformationToken 00000000774dfbb8 5 bytes JMP 000000007ef209ca .text C:\Program Files (x86)\MSI\Live Update\MSI_LiveUpdate_Service.exe[3100] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess 00000000774dfc30 5 bytes JMP 000000007ef203f2 .text C:\Program Files (x86)\MSI\Live Update\MSI_LiveUpdate_Service.exe[3100] C:\Windows\SysWOW64\ntdll.dll!NtMapViewOfSection 00000000774dfc60 5 bytes JMP 000000007ef20018 .text C:\Program Files (x86)\MSI\Live Update\MSI_LiveUpdate_Service.exe[3100] C:\Windows\SysWOW64\ntdll.dll!NtUnmapViewOfSection 00000000774dfc90 5 bytes JMP 000000007ef2003a .text C:\Program Files (x86)\MSI\Live Update\MSI_LiveUpdate_Service.exe[3100] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 00000000774dfcc0 5 bytes JMP 000000007ef20634 .text C:\Program Files (x86)\MSI\Live Update\MSI_LiveUpdate_Service.exe[3100] C:\Windows\SysWOW64\ntdll.dll!NtOpenSection 00000000774dfdd8 5 bytes JMP 000000007ef20a0e .text C:\Program Files (x86)\MSI\Live Update\MSI_LiveUpdate_Service.exe[3100] C:\Windows\SysWOW64\ntdll.dll!NtWriteVirtualMemory 00000000774dfe24 5 bytes JMP 000000007ef203ae .text C:\Program Files (x86)\MSI\Live Update\MSI_LiveUpdate_Service.exe[3100] C:\Windows\SysWOW64\ntdll.dll!NtDuplicateObject 00000000774dfe54 5 bytes JMP 000000007ef20436 .text C:\Program Files (x86)\MSI\Live Update\MSI_LiveUpdate_Service.exe[3100] C:\Windows\SysWOW64\ntdll.dll!NtOpenEvent 00000000774dfeb8 5 bytes JMP 000000007ef20876 .text C:\Program Files (x86)\MSI\Live Update\MSI_LiveUpdate_Service.exe[3100] C:\Windows\SysWOW64\ntdll.dll!NtAdjustPrivilegesToken 00000000774dfed0 5 bytes JMP 000000007ef20810 .text C:\Program Files (x86)\MSI\Live Update\MSI_LiveUpdate_Service.exe[3100] C:\Windows\SysWOW64\ntdll.dll!NtQueueApcThread 00000000774dff34 5 bytes JMP 000000007ef20414 .text C:\Program Files (x86)\MSI\Live Update\MSI_LiveUpdate_Service.exe[3100] C:\Windows\SysWOW64\ntdll.dll!NtCreateProcessEx 00000000774dfffc 5 bytes JMP 000000007ef2036a .text C:\Program Files (x86)\MSI\Live Update\MSI_LiveUpdate_Service.exe[3100] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread 00000000774e0014 5 bytes JMP 000000007ef20326 .text C:\Program Files (x86)\MSI\Live Update\MSI_LiveUpdate_Service.exe[3100] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory 00000000774e0048 5 bytes JMP 000000007ef208dc .text C:\Program Files (x86)\MSI\Live Update\MSI_LiveUpdate_Service.exe[3100] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile 00000000774e00c4 2 bytes JMP 000000007ef20128 .text C:\Program Files (x86)\MSI\Live Update\MSI_LiveUpdate_Service.exe[3100] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile + 3 00000000774e00c7 2 bytes [A4, 07] .text C:\Program Files (x86)\MSI\Live Update\MSI_LiveUpdate_Service.exe[3100] C:\Windows\SysWOW64\ntdll.dll!NtSetValueKey 00000000774e01d4 5 bytes JMP 000000007ef201b0 .text C:\Program Files (x86)\MSI\Live Update\MSI_LiveUpdate_Service.exe[3100] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant 00000000774e07ac 2 bytes JMP 000000007ef20898 .text C:\Program Files (x86)\MSI\Live Update\MSI_LiveUpdate_Service.exe[3100] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant + 3 00000000774e07af 2 bytes [A4, 07] .text C:\Program Files (x86)\MSI\Live Update\MSI_LiveUpdate_Service.exe[3100] C:\Windows\SysWOW64\ntdll.dll!NtCreateProcess 00000000774e0824 5 bytes JMP 000000007ef20348 .text C:\Program Files (x86)\MSI\Live Update\MSI_LiveUpdate_Service.exe[3100] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx 00000000774e08b4 5 bytes JMP 000000007ef20304 .text C:\Program Files (x86)\MSI\Live Update\MSI_LiveUpdate_Service.exe[3100] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver 00000000774e0e04 5 bytes JMP 000000007ef20722 .text C:\Program Files (x86)\MSI\Live Update\MSI_LiveUpdate_Service.exe[3100] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessToken 00000000774e10d0 5 bytes JMP 000000007ef209a8 .text C:\Program Files (x86)\MSI\Live Update\MSI_LiveUpdate_Service.exe[3100] C:\Windows\SysWOW64\ntdll.dll!NtRaiseHardError 00000000774e1614 5 bytes JMP 000000007ef205f0 .text C:\Program Files (x86)\MSI\Live Update\MSI_LiveUpdate_Service.exe[3100] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread 00000000774e1930 5 bytes JMP 000000007ef203d0 .text C:\Program Files (x86)\MSI\Live Update\MSI_LiveUpdate_Service.exe[3100] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation 00000000774e1bf4 5 bytes JMP 000000007ef20744 .text C:\Program Files (x86)\MSI\Live Update\MSI_LiveUpdate_Service.exe[3100] C:\Windows\SysWOW64\ntdll.dll!NtSuspendProcess 00000000774e1d64 5 bytes JMP 000000007ef2047a .text C:\Program Files (x86)\MSI\Live Update\MSI_LiveUpdate_Service.exe[3100] C:\Windows\SysWOW64\ntdll.dll!NtSuspendThread 00000000774e1d80 5 bytes JMP 000000007ef20458 .text C:\Program Files (x86)\MSI\Live Update\MSI_LiveUpdate_Service.exe[3100] C:\Windows\SysWOW64\ntdll.dll!NtSystemDebugControl 00000000774e1d9c 5 bytes JMP 000000007ef20a30 .text C:\Program Files (x86)\MSI\Live Update\MSI_LiveUpdate_Service.exe[3100] C:\Windows\SysWOW64\ntdll.dll!RtlQueryPerformanceCounter 00000000774f2954 5 bytes JMP 000000007ef200c2 .text C:\Program Files (x86)\MSI\Live Update\MSI_LiveUpdate_Service.exe[3100] C:\Windows\SysWOW64\ntdll.dll!RtlEqualSid 00000000774f8ee1 5 bytes JMP 000000007ef209ec .text C:\Program Files (x86)\MSI\Live Update\MSI_LiveUpdate_Service.exe[3100] C:\Windows\SysWOW64\ntdll.dll!RtlCreateProcessParametersEx 000000007752005b 5 bytes JMP 000000007ef2016c .text C:\Program Files (x86)\MSI\Live Update\MSI_LiveUpdate_Service.exe[3100] C:\Windows\SysWOW64\ntdll.dll!RtlReportException 0000000077568757 5 bytes JMP 000000007ef20612 .text C:\Program Files (x86)\MSI\Live Update\MSI_LiveUpdate_Service.exe[3100] C:\Windows\SysWOW64\ntdll.dll!RtlCreateProcessParameters 000000007756e9f7 5 bytes JMP 000000007ef2014a .text C:\Program Files (x86)\MSI\Live Update\MSI_LiveUpdate_Service.exe[3100] C:\Windows\syswow64\kernel32.dll!GetStartupInfoA 0000000076310e00 5 bytes JMP 000000007ef200e4 .text C:\Program Files (x86)\MSI\Live Update\MSI_LiveUpdate_Service.exe[3100] C:\Windows\syswow64\kernel32.dll!CreateProcessA 0000000076311072 5 bytes JMP 000000007ef202c0 .text C:\Program Files (x86)\MSI\Live Update\MSI_LiveUpdate_Service.exe[3100] C:\Windows\syswow64\kernel32.dll!LoadLibraryA 0000000076314977 5 bytes JMP 000000007ef20238 .text C:\Program Files (x86)\MSI\Live Update\MSI_LiveUpdate_Service.exe[3100] C:\Windows\syswow64\kernel32.dll!CreateProcessInternalW 0000000076323bbb 5 bytes JMP 000000007ef2038c .text C:\Program Files (x86)\MSI\Live Update\MSI_LiveUpdate_Service.exe[3100] C:\Windows\syswow64\kernel32.dll!MoveFileWithProgressW 0000000076329abc 5 bytes JMP 000000007ef207ee .text C:\Program Files (x86)\MSI\Live Update\MSI_LiveUpdate_Service.exe[3100] C:\Windows\syswow64\kernel32.dll!MoveFileExW 0000000076329b1d 5 bytes JMP 000000007ef207aa .text C:\Program Files (x86)\MSI\Live Update\MSI_LiveUpdate_Service.exe[3100] C:\Windows\syswow64\kernel32.dll!CreateToolhelp32Snapshot 000000007633733f 5 bytes JMP 000000007ef2025a .text C:\Program Files (x86)\MSI\Live Update\MSI_LiveUpdate_Service.exe[3100] C:\Windows\syswow64\kernel32.dll!Process32NextW 00000000763388f2 5 bytes JMP 000000007ef206de .text C:\Program Files (x86)\MSI\Live Update\MSI_LiveUpdate_Service.exe[3100] C:\Windows\syswow64\kernel32.dll!MoveFileExA 000000007633ccf1 5 bytes JMP 000000007ef20788 .text C:\Program Files (x86)\MSI\Live Update\MSI_LiveUpdate_Service.exe[3100] C:\Windows\syswow64\kernel32.dll!MoveFileWithProgressA 000000007633cd11 5 bytes JMP 000000007ef207cc .text C:\Program Files (x86)\MSI\Live Update\MSI_LiveUpdate_Service.exe[3100] C:\Windows\syswow64\kernel32.dll!WinExec 0000000076393231 5 bytes JMP 000000007ef2029e .text C:\Program Files (x86)\MSI\Live Update\MSI_LiveUpdate_Service.exe[3100] C:\Windows\syswow64\kernel32.dll!ReadConsoleInputA 00000000763b773b 5 bytes JMP 000000007ef20568 .text C:\Program Files (x86)\MSI\Live Update\MSI_LiveUpdate_Service.exe[3100] C:\Windows\syswow64\kernel32.dll!ReadConsoleInputW 00000000763b775e 5 bytes JMP 000000007ef2058a .text C:\Program Files (x86)\MSI\Live Update\MSI_LiveUpdate_Service.exe[3100] C:\Windows\syswow64\kernel32.dll!ReadConsoleA 00000000763b7b09 5 bytes JMP 000000007ef205ac .text C:\Program Files (x86)\MSI\Live Update\MSI_LiveUpdate_Service.exe[3100] C:\Windows\syswow64\kernel32.dll!ReadConsoleW 00000000763b7b82 5 bytes JMP 000000007ef205ce .text C:\Program Files (x86)\MSI\Live Update\MSI_LiveUpdate_Service.exe[3100] C:\Windows\syswow64\KERNELBASE.dll!GetSystemTimeAsFileTime 0000000077078fa5 5 bytes JMP 000000007ef200a0 .text C:\Program Files (x86)\MSI\Live Update\MSI_LiveUpdate_Service.exe[3100] C:\Windows\syswow64\KERNELBASE.dll!CloseHandle 000000007707c558 5 bytes JMP 000000007ef20546 .text C:\Program Files (x86)\MSI\Live Update\MSI_LiveUpdate_Service.exe[3100] C:\Windows\syswow64\KERNELBASE.dll!WriteProcessMemory 000000007707edc6 5 bytes JMP 000000007ef204e0 .text C:\Program Files (x86)\MSI\Live Update\MSI_LiveUpdate_Service.exe[3100] C:\Windows\syswow64\KERNELBASE.dll!ExitProcess 000000007707f329 5 bytes JMP 000000007ef201d2 .text C:\Program Files (x86)\MSI\Live Update\MSI_LiveUpdate_Service.exe[3100] C:\Windows\syswow64\KERNELBASE.dll!GetStartupInfoW 000000007707fbac 5 bytes JMP 000000007ef20106 .text C:\Program Files (x86)\MSI\Live Update\MSI_LiveUpdate_Service.exe[3100] C:\Windows\syswow64\KERNELBASE.dll!DefineDosDeviceW 000000007707fcda 5 bytes JMP 000000007ef20766 .text C:\Program Files (x86)\MSI\Live Update\MSI_LiveUpdate_Service.exe[3100] C:\Windows\syswow64\KERNELBASE.dll!CreateMutexW 000000007708147b 5 bytes JMP 000000007ef20524 .text C:\Program Files (x86)\MSI\Live Update\MSI_LiveUpdate_Service.exe[3100] C:\Windows\syswow64\KERNELBASE.dll!OpenMutexW 00000000770814a2 5 bytes JMP 000000007ef20502 .text C:\Program Files (x86)\MSI\Live Update\MSI_LiveUpdate_Service.exe[3100] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000077081e4c 5 bytes JMP 000000007ef2007e .text C:\Program Files (x86)\MSI\Live Update\MSI_LiveUpdate_Service.exe[3100] C:\Windows\syswow64\KERNELBASE.dll!GetProcAddress 0000000077081f38 5 bytes JMP 000000007ef20216 .text C:\Program Files (x86)\MSI\Live Update\MSI_LiveUpdate_Service.exe[3100] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000077082bdc 5 bytes JMP 000000007ef2069a .text C:\Program Files (x86)\MSI\Live Update\MSI_LiveUpdate_Service.exe[3100] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExA 0000000077082e40 5 bytes JMP 000000007ef20678 .text C:\Program Files (x86)\MSI\Live Update\MSI_LiveUpdate_Service.exe[3100] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000077082e7e 5 bytes JMP 000000007ef206bc .text C:\Program Files (x86)\MSI\Live Update\MSI_LiveUpdate_Service.exe[3100] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleA 0000000077082fe1 5 bytes JMP 000000007ef2005c .text C:\Program Files (x86)\MSI\Live Update\MSI_LiveUpdate_Service.exe[3100] C:\Windows\syswow64\KERNELBASE.dll!OpenThread 000000007708396a 5 bytes JMP 000000007ef2049c .text C:\Program Files (x86)\MSI\Live Update\MSI_LiveUpdate_Service.exe[3100] C:\Windows\syswow64\KERNELBASE.dll!SleepEx 0000000077083cd7 5 bytes JMP 000000007ef2018e .text C:\Program Files (x86)\MSI\Live Update\MSI_LiveUpdate_Service.exe[3100] C:\Windows\syswow64\KERNELBASE.dll!CreateRemoteThreadEx 0000000077083fdf 5 bytes JMP 000000007ef208fe .text C:\Program Files (x86)\MSI\Live Update\MSI_LiveUpdate_Service.exe[3100] C:\Windows\syswow64\KERNELBASE.dll!Sleep 00000000770845fd 5 bytes JMP 000000007ef201f4 .text C:\Program Files (x86)\MSI\Live Update\MSI_LiveUpdate_Service.exe[3100] C:\Windows\syswow64\KERNELBASE.dll!CreateThread 000000007708476f 5 bytes JMP 000000007ef204be .text C:\Program Files (x86)\MSI\Live Update\MSI_LiveUpdate_Service.exe[3100] C:\Windows\syswow64\KERNELBASE.dll!CreateRemoteThread 0000000077084798 5 bytes JMP 000000007ef202e2 .text C:\Program Files (x86)\MSI\Live Update\MSI_LiveUpdate_Service.exe[3100] C:\Windows\syswow64\KERNELBASE.dll!DeleteFileW 0000000077089dcf 5 bytes JMP 000000007ef20832 .text C:\Program Files (x86)\MSI\Live Update\MSI_LiveUpdate_Service.exe[3100] C:\Windows\syswow64\KERNELBASE.dll!DeleteFileA 000000007708a11c 5 bytes JMP 000000007ef20854 .text C:\Program Files (x86)\MSI\Live Update\MSI_LiveUpdate_Service.exe[3100] C:\Windows\syswow64\KERNELBASE.dll!FindNextFileW 000000007708a37a 5 bytes JMP 000000007ef20942 .text C:\Program Files (x86)\MSI\Live Update\MSI_LiveUpdate_Service.exe[3100] C:\Windows\syswow64\KERNELBASE.dll!FindClose 000000007708a589 5 bytes JMP 000000007ef20964 .text C:\Program Files (x86)\MSI\Live Update\MSI_LiveUpdate_Service.exe[3100] C:\Windows\syswow64\KERNELBASE.dll!FindFirstFileExW 000000007708a663 5 bytes JMP 000000007ef20920 .text C:\Program Files (x86)\MSI\Live Update\MSI_LiveUpdate_Service.exe[3100] C:\Windows\syswow64\KERNELBASE.dll!CreateFileA 000000007708c8a8 5 bytes JMP 000000007ef2027c .text C:\Program Files (x86)\MSI\Live Update\MSI_LiveUpdate_Service.exe[3100] C:\Windows\syswow64\KERNELBASE.dll!CreateWellKnownSid 000000007708e414 5 bytes JMP 000000007ef20986 .text C:\Program Files (x86)\MSI\Live Update\MSI_LiveUpdate_Service.exe[3100] C:\Windows\syswow64\msvcrt.dll!_lock + 41 000000007652a472 5 bytes JMP 000000007ef20a52 .text C:\Program Files (x86)\MSI\Live Update\MSI_LiveUpdate_Service.exe[3100] C:\Windows\syswow64\msvcrt.dll!__p__fmode 00000000765327ce 5 bytes JMP 000000007ef20b1e .text C:\Program Files (x86)\MSI\Live Update\MSI_LiveUpdate_Service.exe[3100] C:\Windows\syswow64\msvcrt.dll!__p__environ 000000007653e6cf 5 bytes JMP 000000007ef20afc .text C:\Program Files (x86)\MSI\Live Update\MSI_LiveUpdate_Service.exe[3100] C:\Windows\syswow64\ADVAPI32.dll!CryptGenKey 0000000076c28e69 5 bytes JMP 000000007ef20cfa .text C:\Program Files (x86)\MSI\Live Update\MSI_LiveUpdate_Service.exe[3100] C:\Windows\syswow64\ADVAPI32.dll!CryptAcquireContextA 0000000076c29159 5 bytes JMP 000000007ef20cb6 .text C:\Program Files (x86)\MSI\Live Update\MSI_LiveUpdate_Service.exe[3100] C:\Windows\syswow64\ADVAPI32.dll!CryptExportKey 0000000076c29166 5 bytes JMP 000000007ef20d60 .text C:\Program Files (x86)\MSI\Live Update\MSI_LiveUpdate_Service.exe[3100] C:\Windows\syswow64\ADVAPI32.dll!CryptImportKey 0000000076c2c4b2 5 bytes JMP 000000007ef20dc6 .text C:\Program Files (x86)\MSI\Live Update\MSI_LiveUpdate_Service.exe[3100] C:\Windows\syswow64\ADVAPI32.dll!OpenServiceW 0000000076c2c9cc 5 bytes JMP 000000007ef20b62 .text C:\Program Files (x86)\MSI\Live Update\MSI_LiveUpdate_Service.exe[3100] C:\Windows\syswow64\ADVAPI32.dll!CryptAcquireContextW 0000000076c2de94 5 bytes JMP 000000007ef20cd8 .text C:\Program Files (x86)\MSI\Live Update\MSI_LiveUpdate_Service.exe[3100] C:\Windows\syswow64\ADVAPI32.dll!CryptHashData 0000000076c2deb6 5 bytes JMP 000000007ef20da4 .text C:\Program Files (x86)\MSI\Live Update\MSI_LiveUpdate_Service.exe[3100] C:\Windows\syswow64\ADVAPI32.dll!CryptCreateHash 0000000076c2dece 5 bytes JMP 000000007ef20d3e .text C:\Program Files (x86)\MSI\Live Update\MSI_LiveUpdate_Service.exe[3100] C:\Windows\syswow64\ADVAPI32.dll!CryptGetHashParam 0000000076c2defe 5 bytes JMP 000000007ef20d82 .text C:\Program Files (x86)\MSI\Live Update\MSI_LiveUpdate_Service.exe[3100] C:\Windows\syswow64\ADVAPI32.dll!OpenServiceA 0000000076c32b38 5 bytes JMP 000000007ef20b40 .text C:\Program Files (x86)\MSI\Live Update\MSI_LiveUpdate_Service.exe[3100] C:\Windows\syswow64\ADVAPI32.dll!CloseServiceHandle 0000000076c335e4 5 bytes JMP 000000007ef20c50 .text C:\Program Files (x86)\MSI\Live Update\MSI_LiveUpdate_Service.exe[3100] C:\Windows\syswow64\ADVAPI32.dll!RegOpenKeyExA + 222 0000000076c34939 5 bytes JMP 000000007ef20a74 .text C:\Program Files (x86)\MSI\Live Update\MSI_LiveUpdate_Service.exe[3100] C:\Windows\syswow64\ADVAPI32.dll!CreateServiceW 0000000076c470a4 5 bytes JMP 000000007ef20c94 .text C:\Program Files (x86)\MSI\Live Update\MSI_LiveUpdate_Service.exe[3100] C:\Windows\syswow64\ADVAPI32.dll!ControlService 0000000076c470bc 5 bytes JMP 000000007ef20bc8 .text C:\Program Files (x86)\MSI\Live Update\MSI_LiveUpdate_Service.exe[3100] C:\Windows\syswow64\ADVAPI32.dll!DeleteService 0000000076c470d4 5 bytes JMP 000000007ef20bea .text C:\Program Files (x86)\MSI\Live Update\MSI_LiveUpdate_Service.exe[3100] C:\Windows\syswow64\ADVAPI32.dll!CryptEncrypt 0000000076c4771b 5 bytes JMP 000000007ef20d1c .text C:\Program Files (x86)\MSI\Live Update\MSI_LiveUpdate_Service.exe[3100] C:\Windows\syswow64\ADVAPI32.dll!ChangeServiceConfigA 0000000076c633a4 5 bytes JMP 000000007ef20c0c .text C:\Program Files (x86)\MSI\Live Update\MSI_LiveUpdate_Service.exe[3100] C:\Windows\syswow64\ADVAPI32.dll!ChangeServiceConfigW 0000000076c633b4 5 bytes JMP 000000007ef20c2e .text C:\Program Files (x86)\MSI\Live Update\MSI_LiveUpdate_Service.exe[3100] C:\Windows\syswow64\ADVAPI32.dll!ControlServiceExA 0000000076c633c4 5 bytes JMP 000000007ef20b84 .text C:\Program Files (x86)\MSI\Live Update\MSI_LiveUpdate_Service.exe[3100] C:\Windows\syswow64\ADVAPI32.dll!ControlServiceExW 0000000076c633d4 5 bytes JMP 000000007ef20ba6 .text C:\Program Files (x86)\MSI\Live Update\MSI_LiveUpdate_Service.exe[3100] C:\Windows\syswow64\ADVAPI32.dll!CreateServiceA 0000000076c63414 5 bytes JMP 000000007ef20c72 .text C:\Program Files (x86)\MSI\Live Update\MSI_LiveUpdate_Service.exe[3100] C:\Windows\syswow64\GDI32.dll!TranslateCharsetInfo + 505 0000000076d1633b 5 bytes JMP 000000007ef20a96 .text C:\Program Files (x86)\MSI\Live Update\MSI_LiveUpdate_Service.exe[3100] C:\Windows\syswow64\GDI32.dll!SetBrushAttributes 0000000076d385fd 5 bytes JMP 000000007ef211a0 .text C:\Program Files (x86)\MSI\Live Update\MSI_LiveUpdate_Service.exe[3100] C:\Windows\syswow64\GDI32.dll!ClearBrushAttributes 0000000076d3861c 5 bytes JMP 000000007ef211c2 .text C:\Program Files (x86)\MSI\Live Update\MSI_LiveUpdate_Service.exe[3100] C:\Windows\syswow64\GDI32.dll!NamedEscape 0000000076d4421d 5 bytes JMP 000000007ef211e4 .text C:\Program Files (x86)\MSI\Live Update\MSI_LiveUpdate_Service.exe[3100] C:\Windows\syswow64\USER32.dll!GetWindowLongW 0000000076ef6ffe 5 bytes JMP 000000007ef210f6 .text C:\Program Files (x86)\MSI\Live Update\MSI_LiveUpdate_Service.exe[3100] C:\Windows\syswow64\USER32.dll!GetMessageW 0000000076ef78e2 5 bytes JMP 000000007ef20e70 .text C:\Program Files (x86)\MSI\Live Update\MSI_LiveUpdate_Service.exe[3100] C:\Windows\syswow64\USER32.dll!GetMessageA 0000000076ef7bd3 5 bytes JMP 000000007ef20e4e .text C:\Program Files (x86)\MSI\Live Update\MSI_LiveUpdate_Service.exe[3100] C:\Windows\syswow64\USER32.dll!SetWindowLongW 0000000076ef8332 5 bytes JMP 000000007ef2113a .text C:\Program Files (x86)\MSI\Live Update\MSI_LiveUpdate_Service.exe[3100] C:\Windows\syswow64\USER32.dll!CreateWindowExW 0000000076ef8a29 5 bytes JMP 000000007ef20f1a .text C:\Program Files (x86)\MSI\Live Update\MSI_LiveUpdate_Service.exe[3100] C:\Windows\syswow64\USER32.dll!FindWindowW 0000000076ef98fd 5 bytes JMP 000000007ef21090 .text C:\Program Files (x86)\MSI\Live Update\MSI_LiveUpdate_Service.exe[3100] C:\Windows\syswow64\USER32.dll!UserClientDllInitialize 0000000076efb6fa 5 bytes JMP 000000007ef20ab8 .text C:\Program Files (x86)\MSI\Live Update\MSI_LiveUpdate_Service.exe[3100] C:\Windows\syswow64\USER32.dll!GetWindowLongA 0000000076efd166 5 bytes JMP 000000007ef210d4 .text C:\Program Files (x86)\MSI\Live Update\MSI_LiveUpdate_Service.exe[3100] C:\Windows\syswow64\USER32.dll!CreateWindowExA 0000000076efd23e 5 bytes JMP 000000007ef20f3c .text C:\Program Files (x86)\MSI\Live Update\MSI_LiveUpdate_Service.exe[3100] C:\Windows\syswow64\USER32.dll!SetWinEventHook 0000000076efee21 5 bytes JMP 000000007ef20e2c .text C:\Program Files (x86)\MSI\Live Update\MSI_LiveUpdate_Service.exe[3100] C:\Windows\syswow64\USER32.dll!FindWindowA 0000000076effffe 5 bytes JMP 000000007ef2104c .text C:\Program Files (x86)\MSI\Live Update\MSI_LiveUpdate_Service.exe[3100] C:\Windows\syswow64\USER32.dll!FindWindowExA 0000000076f000f1 5 bytes JMP 000000007ef2106e .text C:\Program Files (x86)\MSI\Live Update\MSI_LiveUpdate_Service.exe[3100] C:\Windows\syswow64\USER32.dll!PeekMessageW 0000000076f005d2 5 bytes JMP 000000007ef20eb4 .text C:\Program Files (x86)\MSI\Live Update\MSI_LiveUpdate_Service.exe[3100] C:\Windows\syswow64\USER32.dll!ShowWindow 0000000076f00e13 5 bytes JMP 000000007ef20f5e .text C:\Program Files (x86)\MSI\Live Update\MSI_LiveUpdate_Service.exe[3100] C:\Windows\syswow64\USER32.dll!SetWindowTextW 0000000076f01f14 5 bytes JMP 000000007ef2102a .text C:\Program Files (x86)\MSI\Live Update\MSI_LiveUpdate_Service.exe[3100] C:\Windows\syswow64\USER32.dll!UnhookWindowsHookEx 0000000076f0392d 5 bytes JMP 000000007ef20ef8 .text C:\Program Files (x86)\MSI\Live Update\MSI_LiveUpdate_Service.exe[3100] C:\Windows\syswow64\USER32.dll!FindWindowExW 0000000076f0398a 5 bytes JMP 000000007ef210b2 .text C:\Program Files (x86)\MSI\Live Update\MSI_LiveUpdate_Service.exe[3100] C:\Windows\syswow64\USER32.dll!PeekMessageA 0000000076f07044 5 bytes JMP 000000007ef20e92 .text C:\Program Files (x86)\MSI\Live Update\MSI_LiveUpdate_Service.exe[3100] C:\Windows\syswow64\USER32.dll!SetWindowLongA 0000000076f071e0 5 bytes JMP 000000007ef21118 .text C:\Program Files (x86)\MSI\Live Update\MSI_LiveUpdate_Service.exe[3100] C:\Windows\syswow64\USER32.dll!CallNextHookEx 0000000076f07355 5 bytes JMP 000000007ef20ed6 .text C:\Program Files (x86)\MSI\Live Update\MSI_LiveUpdate_Service.exe[3100] C:\Windows\syswow64\USER32.dll!SetWindowsHookExW 0000000076f081f5 5 bytes JMP 000000007ef20e0a .text C:\Program Files (x86)\MSI\Live Update\MSI_LiveUpdate_Service.exe[3100] C:\Windows\syswow64\USER32.dll!SendNotifyMessageW 0000000076f0825a 5 bytes JMP 000000007ef2117e .text C:\Program Files (x86)\MSI\Live Update\MSI_LiveUpdate_Service.exe[3100] C:\Windows\syswow64\USER32.dll!SetWindowTextA 0000000076f086de 5 bytes JMP 000000007ef21008 .text C:\Program Files (x86)\MSI\Live Update\MSI_LiveUpdate_Service.exe[3100] C:\Windows\syswow64\USER32.dll!SetWindowsHookExA 0000000076f08f4c 5 bytes JMP 000000007ef20de8 .text C:\Program Files (x86)\MSI\Live Update\MSI_LiveUpdate_Service.exe[3100] C:\Windows\syswow64\USER32.dll!DialogBoxIndirectParamAorW 0000000076f1d954 5 bytes JMP 000000007ef20fa2 .text C:\Program Files (x86)\MSI\Live Update\MSI_LiveUpdate_Service.exe[3100] C:\Windows\syswow64\USER32.dll!CreateDialogIndirectParamAorW 0000000076f21080 5 bytes JMP 000000007ef20f80 .text C:\Program Files (x86)\MSI\Live Update\MSI_LiveUpdate_Service.exe[3100] C:\Windows\syswow64\USER32.dll!MessageBoxExA 0000000076f4fd66 5 bytes JMP 000000007ef20fc4 .text C:\Program Files (x86)\MSI\Live Update\MSI_LiveUpdate_Service.exe[3100] C:\Windows\syswow64\USER32.dll!MessageBoxExW 0000000076f4fd8a 5 bytes JMP 000000007ef20fe6 .text C:\Program Files (x86)\MSI\Live Update\MSI_LiveUpdate_Service.exe[3100] C:\Windows\syswow64\USER32.dll!SendNotifyMessageA 0000000076f56df5 5 bytes JMP 000000007ef2115c .text C:\Program Files (x86)\MSI\Live Update\MSI_LiveUpdate_Service.exe[3100] C:\Windows\syswow64\SHELL32.dll!Shell_NotifyIconW 0000000075370179 5 bytes JMP 000000007ef21206 .text C:\Program Files (x86)\MSI\Live Update\MSI_LiveUpdate_Service.exe[3100] C:\Windows\syswow64\WS2_32.dll!closesocket 0000000076633918 5 bytes JMP 000000007ef21338 .text C:\Program Files (x86)\MSI\Live Update\MSI_LiveUpdate_Service.exe[3100] C:\Windows\syswow64\WS2_32.dll!WSASocketW 0000000076633cd3 5 bytes JMP 000000007ef21316 .text C:\Program Files (x86)\MSI\Live Update\MSI_LiveUpdate_Service.exe[3100] C:\Windows\syswow64\WS2_32.dll!socket 0000000076633eb8 5 bytes JMP 000000007ef2135a .text C:\Program Files (x86)\MSI\Live Update\MSI_LiveUpdate_Service.exe[3100] C:\Windows\syswow64\WS2_32.dll!WSASend 0000000076634406 5 bytes JMP 000000007ef2126c .text C:\Program Files (x86)\MSI\Live Update\MSI_LiveUpdate_Service.exe[3100] C:\Windows\syswow64\WS2_32.dll!GetAddrInfoW 0000000076634889 5 bytes JMP 000000007ef212b0 .text C:\Program Files (x86)\MSI\Live Update\MSI_LiveUpdate_Service.exe[3100] C:\Windows\syswow64\WS2_32.dll!recv 0000000076636826 5 bytes JMP 000000007ef2139e .text C:\Program Files (x86)\MSI\Live Update\MSI_LiveUpdate_Service.exe[3100] C:\Windows\syswow64\WS2_32.dll!connect 00000000766368f5 5 bytes JMP 000000007ef2128e .text C:\Program Files (x86)\MSI\Live Update\MSI_LiveUpdate_Service.exe[3100] C:\Windows\syswow64\WS2_32.dll!send 0000000076636c19 5 bytes JMP 000000007ef2124a .text C:\Program Files (x86)\MSI\Live Update\MSI_LiveUpdate_Service.exe[3100] C:\Windows\syswow64\WS2_32.dll!WSARecv 0000000076636da1 5 bytes JMP 000000007ef213c0 .text C:\Program Files (x86)\MSI\Live Update\MSI_LiveUpdate_Service.exe[3100] C:\Windows\syswow64\WS2_32.dll!GetAddrInfoExW 000000007663a6db 5 bytes JMP 000000007ef212d2 .text C:\Program Files (x86)\MSI\Live Update\MSI_LiveUpdate_Service.exe[3100] C:\Windows\syswow64\WS2_32.dll!WSAConnect 000000007663bcd5 5 bytes JMP 000000007ef2137c .text C:\Program Files (x86)\MSI\Live Update\MSI_LiveUpdate_Service.exe[3100] C:\Windows\syswow64\WS2_32.dll!gethostbyname 000000007664771b 5 bytes JMP 000000007ef212f4 .text C:\MSI\MSI SUITE\Super-Charger\SuiteChargeService.exe[3148] C:\Windows\SysWOW64\ntdll.dll!NtReadFile 00000000774df900 5 bytes JMP 000000007ef20920 .text C:\MSI\MSI SUITE\Super-Charger\SuiteChargeService.exe[3148] C:\Windows\SysWOW64\ntdll.dll!NtWriteFile 00000000774df938 5 bytes JMP 000000007ef20a52 .text C:\MSI\MSI SUITE\Super-Charger\SuiteChargeService.exe[3148] C:\Windows\SysWOW64\ntdll.dll!NtClose 00000000774df9f0 5 bytes JMP 000000007ef20700 .text C:\MSI\MSI SUITE\Super-Charger\SuiteChargeService.exe[3148] C:\Windows\SysWOW64\ntdll.dll!NtAllocateVirtualMemory 00000000774dfad0 5 bytes JMP 000000007ef208ba .text C:\MSI\MSI SUITE\Super-Charger\SuiteChargeService.exe[3148] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationProcess 00000000774dfb38 1 byte JMP 000000007ef20656 .text C:\MSI\MSI SUITE\Super-Charger\SuiteChargeService.exe[3148] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationProcess + 2 00000000774dfb3a 3 bytes {JMP 0x7a40b1e} .text C:\MSI\MSI SUITE\Super-Charger\SuiteChargeService.exe[3148] C:\Windows\SysWOW64\ntdll.dll!NtQueryInformationToken 00000000774dfbb8 5 bytes JMP 000000007ef209ec .text C:\MSI\MSI SUITE\Super-Charger\SuiteChargeService.exe[3148] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess 00000000774dfc30 5 bytes JMP 000000007ef203f2 .text C:\MSI\MSI SUITE\Super-Charger\SuiteChargeService.exe[3148] C:\Windows\SysWOW64\ntdll.dll!NtMapViewOfSection 00000000774dfc60 5 bytes JMP 000000007ef20018 .text C:\MSI\MSI SUITE\Super-Charger\SuiteChargeService.exe[3148] C:\Windows\SysWOW64\ntdll.dll!NtUnmapViewOfSection 00000000774dfc90 5 bytes JMP 000000007ef2003a .text C:\MSI\MSI SUITE\Super-Charger\SuiteChargeService.exe[3148] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 00000000774dfcc0 5 bytes JMP 000000007ef20634 .text C:\MSI\MSI SUITE\Super-Charger\SuiteChargeService.exe[3148] C:\Windows\SysWOW64\ntdll.dll!NtOpenSection 00000000774dfdd8 5 bytes JMP 000000007ef20a30 .text C:\MSI\MSI SUITE\Super-Charger\SuiteChargeService.exe[3148] C:\Windows\SysWOW64\ntdll.dll!NtWriteVirtualMemory 00000000774dfe24 5 bytes JMP 000000007ef203ae .text C:\MSI\MSI SUITE\Super-Charger\SuiteChargeService.exe[3148] C:\Windows\SysWOW64\ntdll.dll!NtDuplicateObject 00000000774dfe54 5 bytes JMP 000000007ef20436 .text C:\MSI\MSI SUITE\Super-Charger\SuiteChargeService.exe[3148] C:\Windows\SysWOW64\ntdll.dll!NtOpenEvent 00000000774dfeb8 5 bytes JMP 000000007ef20876 .text C:\MSI\MSI SUITE\Super-Charger\SuiteChargeService.exe[3148] C:\Windows\SysWOW64\ntdll.dll!NtAdjustPrivilegesToken 00000000774dfed0 5 bytes JMP 000000007ef20810 .text C:\MSI\MSI SUITE\Super-Charger\SuiteChargeService.exe[3148] C:\Windows\SysWOW64\ntdll.dll!NtQueueApcThread 00000000774dff34 5 bytes JMP 000000007ef20414 .text C:\MSI\MSI SUITE\Super-Charger\SuiteChargeService.exe[3148] C:\Windows\SysWOW64\ntdll.dll!NtCreateProcessEx 00000000774dfffc 5 bytes JMP 000000007ef2036a .text C:\MSI\MSI SUITE\Super-Charger\SuiteChargeService.exe[3148] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread 00000000774e0014 5 bytes JMP 000000007ef20326 .text C:\MSI\MSI SUITE\Super-Charger\SuiteChargeService.exe[3148] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory 00000000774e0048 5 bytes JMP 000000007ef208dc .text C:\MSI\MSI SUITE\Super-Charger\SuiteChargeService.exe[3148] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile 00000000774e00c4 2 bytes JMP 000000007ef20128 .text C:\MSI\MSI SUITE\Super-Charger\SuiteChargeService.exe[3148] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile + 3 00000000774e00c7 2 bytes [A4, 07] .text C:\MSI\MSI SUITE\Super-Charger\SuiteChargeService.exe[3148] C:\Windows\SysWOW64\ntdll.dll!NtSetValueKey 00000000774e01d4 5 bytes JMP 000000007ef201b0 .text C:\MSI\MSI SUITE\Super-Charger\SuiteChargeService.exe[3148] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant 00000000774e07ac 2 bytes JMP 000000007ef20898 .text C:\MSI\MSI SUITE\Super-Charger\SuiteChargeService.exe[3148] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant + 3 00000000774e07af 2 bytes [A4, 07] .text C:\MSI\MSI SUITE\Super-Charger\SuiteChargeService.exe[3148] C:\Windows\SysWOW64\ntdll.dll!NtCreateProcess 00000000774e0824 5 bytes JMP 000000007ef20348 .text C:\MSI\MSI SUITE\Super-Charger\SuiteChargeService.exe[3148] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx 00000000774e08b4 5 bytes JMP 000000007ef20304 .text C:\MSI\MSI SUITE\Super-Charger\SuiteChargeService.exe[3148] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver 00000000774e0e04 5 bytes JMP 000000007ef20722 .text C:\MSI\MSI SUITE\Super-Charger\SuiteChargeService.exe[3148] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessToken 00000000774e10d0 5 bytes JMP 000000007ef209ca .text C:\MSI\MSI SUITE\Super-Charger\SuiteChargeService.exe[3148] C:\Windows\SysWOW64\ntdll.dll!NtRaiseHardError 00000000774e1614 5 bytes JMP 000000007ef205f0 .text C:\MSI\MSI SUITE\Super-Charger\SuiteChargeService.exe[3148] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread 00000000774e1930 5 bytes JMP 000000007ef203d0 .text C:\MSI\MSI SUITE\Super-Charger\SuiteChargeService.exe[3148] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation 00000000774e1bf4 5 bytes JMP 000000007ef20744 .text C:\MSI\MSI SUITE\Super-Charger\SuiteChargeService.exe[3148] C:\Windows\SysWOW64\ntdll.dll!NtSuspendProcess 00000000774e1d64 5 bytes JMP 000000007ef2047a .text C:\MSI\MSI SUITE\Super-Charger\SuiteChargeService.exe[3148] C:\Windows\SysWOW64\ntdll.dll!NtSuspendThread 00000000774e1d80 5 bytes JMP 000000007ef20458 .text C:\MSI\MSI SUITE\Super-Charger\SuiteChargeService.exe[3148] C:\Windows\SysWOW64\ntdll.dll!NtSystemDebugControl 00000000774e1d9c 5 bytes JMP 000000007ef20a74 .text C:\MSI\MSI SUITE\Super-Charger\SuiteChargeService.exe[3148] C:\Windows\SysWOW64\ntdll.dll!RtlQueryPerformanceCounter 00000000774f2954 5 bytes JMP 000000007ef200c2 .text C:\MSI\MSI SUITE\Super-Charger\SuiteChargeService.exe[3148] C:\Windows\SysWOW64\ntdll.dll!RtlEqualSid 00000000774f8ee1 5 bytes JMP 000000007ef20a0e .text C:\MSI\MSI SUITE\Super-Charger\SuiteChargeService.exe[3148] C:\Windows\SysWOW64\ntdll.dll!RtlCreateProcessParametersEx 000000007752005b 5 bytes JMP 000000007ef2016c .text C:\MSI\MSI SUITE\Super-Charger\SuiteChargeService.exe[3148] C:\Windows\SysWOW64\ntdll.dll!RtlReportException 0000000077568757 5 bytes JMP 000000007ef20612 .text C:\MSI\MSI SUITE\Super-Charger\SuiteChargeService.exe[3148] C:\Windows\SysWOW64\ntdll.dll!RtlCreateProcessParameters 000000007756e9f7 5 bytes JMP 000000007ef2014a .text C:\MSI\MSI SUITE\Super-Charger\SuiteChargeService.exe[3148] C:\Windows\syswow64\kernel32.dll!GetStartupInfoA 0000000076310e00 5 bytes JMP 000000007ef200e4 .text C:\MSI\MSI SUITE\Super-Charger\SuiteChargeService.exe[3148] C:\Windows\syswow64\kernel32.dll!CreateProcessA 0000000076311072 5 bytes JMP 000000007ef202c0 .text C:\MSI\MSI SUITE\Super-Charger\SuiteChargeService.exe[3148] C:\Windows\syswow64\kernel32.dll!LoadLibraryA 0000000076314977 5 bytes JMP 000000007ef20238 .text C:\MSI\MSI SUITE\Super-Charger\SuiteChargeService.exe[3148] C:\Windows\syswow64\kernel32.dll!CreateProcessInternalW 0000000076323bbb 5 bytes JMP 000000007ef2038c .text C:\MSI\MSI SUITE\Super-Charger\SuiteChargeService.exe[3148] C:\Windows\syswow64\kernel32.dll!MoveFileWithProgressW 0000000076329abc 5 bytes JMP 000000007ef207ee .text C:\MSI\MSI SUITE\Super-Charger\SuiteChargeService.exe[3148] C:\Windows\syswow64\kernel32.dll!MoveFileExW 0000000076329b1d 5 bytes JMP 000000007ef207aa .text C:\MSI\MSI SUITE\Super-Charger\SuiteChargeService.exe[3148] C:\Windows\syswow64\kernel32.dll!CreateToolhelp32Snapshot 000000007633733f 5 bytes JMP 000000007ef2025a .text C:\MSI\MSI SUITE\Super-Charger\SuiteChargeService.exe[3148] C:\Windows\syswow64\kernel32.dll!Process32NextW 00000000763388f2 5 bytes JMP 000000007ef206de .text C:\MSI\MSI SUITE\Super-Charger\SuiteChargeService.exe[3148] C:\Windows\syswow64\kernel32.dll!MoveFileExA 000000007633ccf1 5 bytes JMP 000000007ef20788 .text C:\MSI\MSI SUITE\Super-Charger\SuiteChargeService.exe[3148] C:\Windows\syswow64\kernel32.dll!MoveFileWithProgressA 000000007633cd11 5 bytes JMP 000000007ef207cc .text C:\MSI\MSI SUITE\Super-Charger\SuiteChargeService.exe[3148] C:\Windows\syswow64\kernel32.dll!WinExec 0000000076393231 5 bytes JMP 000000007ef2029e .text C:\MSI\MSI SUITE\Super-Charger\SuiteChargeService.exe[3148] C:\Windows\syswow64\kernel32.dll!ReadConsoleInputA 00000000763b773b 5 bytes JMP 000000007ef20568 .text C:\MSI\MSI SUITE\Super-Charger\SuiteChargeService.exe[3148] C:\Windows\syswow64\kernel32.dll!ReadConsoleInputW 00000000763b775e 5 bytes JMP 000000007ef2058a .text C:\MSI\MSI SUITE\Super-Charger\SuiteChargeService.exe[3148] C:\Windows\syswow64\kernel32.dll!ReadConsoleA 00000000763b7b09 5 bytes JMP 000000007ef205ac .text C:\MSI\MSI SUITE\Super-Charger\SuiteChargeService.exe[3148] C:\Windows\syswow64\kernel32.dll!ReadConsoleW 00000000763b7b82 5 bytes JMP 000000007ef205ce .text C:\MSI\MSI SUITE\Super-Charger\SuiteChargeService.exe[3148] C:\Windows\syswow64\KERNELBASE.dll!GetSystemTimeAsFileTime 0000000077078fa5 5 bytes JMP 000000007ef200a0 .text C:\MSI\MSI SUITE\Super-Charger\SuiteChargeService.exe[3148] C:\Windows\syswow64\KERNELBASE.dll!CloseHandle 000000007707c558 5 bytes JMP 000000007ef20546 .text C:\MSI\MSI SUITE\Super-Charger\SuiteChargeService.exe[3148] C:\Windows\syswow64\KERNELBASE.dll!WriteProcessMemory 000000007707edc6 5 bytes JMP 000000007ef204e0 .text C:\MSI\MSI SUITE\Super-Charger\SuiteChargeService.exe[3148] C:\Windows\syswow64\KERNELBASE.dll!ExitProcess 000000007707f329 5 bytes JMP 000000007ef201d2 .text C:\MSI\MSI SUITE\Super-Charger\SuiteChargeService.exe[3148] C:\Windows\syswow64\KERNELBASE.dll!GetStartupInfoW 000000007707fbac 5 bytes JMP 000000007ef20106 .text C:\MSI\MSI SUITE\Super-Charger\SuiteChargeService.exe[3148] C:\Windows\syswow64\KERNELBASE.dll!DefineDosDeviceW 000000007707fcda 5 bytes JMP 000000007ef20766 .text C:\MSI\MSI SUITE\Super-Charger\SuiteChargeService.exe[3148] C:\Windows\syswow64\KERNELBASE.dll!CreateMutexW 000000007708147b 5 bytes JMP 000000007ef20524 .text C:\MSI\MSI SUITE\Super-Charger\SuiteChargeService.exe[3148] C:\Windows\syswow64\KERNELBASE.dll!OpenMutexW 00000000770814a2 5 bytes JMP 000000007ef20502 .text C:\MSI\MSI SUITE\Super-Charger\SuiteChargeService.exe[3148] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000077081e4c 5 bytes JMP 000000007ef2007e .text C:\MSI\MSI SUITE\Super-Charger\SuiteChargeService.exe[3148] C:\Windows\syswow64\KERNELBASE.dll!GetProcAddress 0000000077081f38 5 bytes JMP 000000007ef20216 .text C:\MSI\MSI SUITE\Super-Charger\SuiteChargeService.exe[3148] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000077082bdc 5 bytes JMP 000000007ef2069a .text C:\MSI\MSI SUITE\Super-Charger\SuiteChargeService.exe[3148] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExA 0000000077082e40 5 bytes JMP 000000007ef20678 .text C:\MSI\MSI SUITE\Super-Charger\SuiteChargeService.exe[3148] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000077082e7e 5 bytes JMP 000000007ef206bc .text C:\MSI\MSI SUITE\Super-Charger\SuiteChargeService.exe[3148] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleA 0000000077082fe1 5 bytes JMP 000000007ef2005c .text C:\MSI\MSI SUITE\Super-Charger\SuiteChargeService.exe[3148] C:\Windows\syswow64\KERNELBASE.dll!OpenThread 000000007708396a 5 bytes JMP 000000007ef2049c .text C:\MSI\MSI SUITE\Super-Charger\SuiteChargeService.exe[3148] C:\Windows\syswow64\KERNELBASE.dll!SleepEx 0000000077083cd7 5 bytes JMP 000000007ef2018e .text C:\MSI\MSI SUITE\Super-Charger\SuiteChargeService.exe[3148] C:\Windows\syswow64\KERNELBASE.dll!CreateRemoteThreadEx 0000000077083fdf 5 bytes JMP 000000007ef208fe .text C:\MSI\MSI SUITE\Super-Charger\SuiteChargeService.exe[3148] C:\Windows\syswow64\KERNELBASE.dll!Sleep 00000000770845fd 5 bytes JMP 000000007ef201f4 .text C:\MSI\MSI SUITE\Super-Charger\SuiteChargeService.exe[3148] C:\Windows\syswow64\KERNELBASE.dll!CreateThread 000000007708476f 5 bytes JMP 000000007ef204be .text C:\MSI\MSI SUITE\Super-Charger\SuiteChargeService.exe[3148] C:\Windows\syswow64\KERNELBASE.dll!CreateRemoteThread 0000000077084798 5 bytes JMP 000000007ef202e2 .text C:\MSI\MSI SUITE\Super-Charger\SuiteChargeService.exe[3148] C:\Windows\syswow64\KERNELBASE.dll!DeleteFileW 0000000077089dcf 5 bytes JMP 000000007ef20832 .text C:\MSI\MSI SUITE\Super-Charger\SuiteChargeService.exe[3148] C:\Windows\syswow64\KERNELBASE.dll!DeleteFileA 000000007708a11c 5 bytes JMP 000000007ef20854 .text C:\MSI\MSI SUITE\Super-Charger\SuiteChargeService.exe[3148] C:\Windows\syswow64\KERNELBASE.dll!FindNextFileW 000000007708a37a 5 bytes JMP 000000007ef20964 .text C:\MSI\MSI SUITE\Super-Charger\SuiteChargeService.exe[3148] C:\Windows\syswow64\KERNELBASE.dll!FindClose 000000007708a589 5 bytes JMP 000000007ef20986 .text C:\MSI\MSI SUITE\Super-Charger\SuiteChargeService.exe[3148] C:\Windows\syswow64\KERNELBASE.dll!FindFirstFileExW 000000007708a663 5 bytes JMP 000000007ef20942 .text C:\MSI\MSI SUITE\Super-Charger\SuiteChargeService.exe[3148] C:\Windows\syswow64\KERNELBASE.dll!CreateFileA 000000007708c8a8 5 bytes JMP 000000007ef2027c .text C:\MSI\MSI SUITE\Super-Charger\SuiteChargeService.exe[3148] C:\Windows\syswow64\KERNELBASE.dll!CreateWellKnownSid 000000007708e414 5 bytes JMP 000000007ef209a8 .text C:\MSI\MSI SUITE\Super-Charger\SuiteChargeService.exe[3148] C:\Windows\syswow64\ADVAPI32.dll!CryptGenKey 0000000076c28e69 5 bytes JMP 000000007ef20d1c .text C:\MSI\MSI SUITE\Super-Charger\SuiteChargeService.exe[3148] C:\Windows\syswow64\ADVAPI32.dll!CryptAcquireContextA 0000000076c29159 5 bytes JMP 000000007ef20cd8 .text C:\MSI\MSI SUITE\Super-Charger\SuiteChargeService.exe[3148] C:\Windows\syswow64\ADVAPI32.dll!CryptExportKey 0000000076c29166 5 bytes JMP 000000007ef20d82 .text C:\MSI\MSI SUITE\Super-Charger\SuiteChargeService.exe[3148] C:\Windows\syswow64\ADVAPI32.dll!CryptImportKey 0000000076c2c4b2 5 bytes JMP 000000007ef20de8 .text C:\MSI\MSI SUITE\Super-Charger\SuiteChargeService.exe[3148] C:\Windows\syswow64\ADVAPI32.dll!OpenServiceW 0000000076c2c9cc 5 bytes JMP 000000007ef20b84 .text C:\MSI\MSI SUITE\Super-Charger\SuiteChargeService.exe[3148] C:\Windows\syswow64\ADVAPI32.dll!CryptAcquireContextW 0000000076c2de94 5 bytes JMP 000000007ef20cfa .text C:\MSI\MSI SUITE\Super-Charger\SuiteChargeService.exe[3148] C:\Windows\syswow64\ADVAPI32.dll!CryptHashData 0000000076c2deb6 5 bytes JMP 000000007ef20dc6 .text C:\MSI\MSI SUITE\Super-Charger\SuiteChargeService.exe[3148] C:\Windows\syswow64\ADVAPI32.dll!CryptCreateHash 0000000076c2dece 5 bytes JMP 000000007ef20d60 .text C:\MSI\MSI SUITE\Super-Charger\SuiteChargeService.exe[3148] C:\Windows\syswow64\ADVAPI32.dll!CryptGetHashParam 0000000076c2defe 5 bytes JMP 000000007ef20da4 .text C:\MSI\MSI SUITE\Super-Charger\SuiteChargeService.exe[3148] C:\Windows\syswow64\ADVAPI32.dll!OpenServiceA 0000000076c32b38 5 bytes JMP 000000007ef20b62 .text C:\MSI\MSI SUITE\Super-Charger\SuiteChargeService.exe[3148] C:\Windows\syswow64\ADVAPI32.dll!CloseServiceHandle 0000000076c335e4 5 bytes JMP 000000007ef20c72 .text C:\MSI\MSI SUITE\Super-Charger\SuiteChargeService.exe[3148] C:\Windows\syswow64\ADVAPI32.dll!RegOpenKeyExA + 222 0000000076c34939 5 bytes JMP 000000007ef20a96 .text C:\MSI\MSI SUITE\Super-Charger\SuiteChargeService.exe[3148] C:\Windows\syswow64\ADVAPI32.dll!CreateServiceW 0000000076c470a4 5 bytes JMP 000000007ef20cb6 .text C:\MSI\MSI SUITE\Super-Charger\SuiteChargeService.exe[3148] C:\Windows\syswow64\ADVAPI32.dll!ControlService 0000000076c470bc 5 bytes JMP 000000007ef20bea .text C:\MSI\MSI SUITE\Super-Charger\SuiteChargeService.exe[3148] C:\Windows\syswow64\ADVAPI32.dll!DeleteService 0000000076c470d4 5 bytes JMP 000000007ef20c0c .text C:\MSI\MSI SUITE\Super-Charger\SuiteChargeService.exe[3148] C:\Windows\syswow64\ADVAPI32.dll!CryptEncrypt 0000000076c4771b 5 bytes JMP 000000007ef20d3e .text C:\MSI\MSI SUITE\Super-Charger\SuiteChargeService.exe[3148] C:\Windows\syswow64\ADVAPI32.dll!ChangeServiceConfigA 0000000076c633a4 5 bytes JMP 000000007ef20c2e .text C:\MSI\MSI SUITE\Super-Charger\SuiteChargeService.exe[3148] C:\Windows\syswow64\ADVAPI32.dll!ChangeServiceConfigW 0000000076c633b4 5 bytes JMP 000000007ef20c50 .text C:\MSI\MSI SUITE\Super-Charger\SuiteChargeService.exe[3148] C:\Windows\syswow64\ADVAPI32.dll!ControlServiceExA 0000000076c633c4 5 bytes JMP 000000007ef20ba6 .text C:\MSI\MSI SUITE\Super-Charger\SuiteChargeService.exe[3148] C:\Windows\syswow64\ADVAPI32.dll!ControlServiceExW 0000000076c633d4 5 bytes JMP 000000007ef20bc8 .text C:\MSI\MSI SUITE\Super-Charger\SuiteChargeService.exe[3148] C:\Windows\syswow64\ADVAPI32.dll!CreateServiceA 0000000076c63414 5 bytes JMP 000000007ef20c94 .text C:\MSI\MSI SUITE\Super-Charger\SuiteChargeService.exe[3148] C:\Windows\syswow64\msvcrt.dll!_lock + 41 000000007652a472 5 bytes JMP 000000007ef20ab8 .text C:\MSI\MSI SUITE\Super-Charger\SuiteChargeService.exe[3148] C:\Windows\syswow64\msvcrt.dll!__p__fmode 00000000765327ce 5 bytes JMP 000000007ef20b40 .text C:\MSI\MSI SUITE\Super-Charger\SuiteChargeService.exe[3148] C:\Windows\syswow64\msvcrt.dll!__p__environ 000000007653e6cf 5 bytes JMP 000000007ef20b1e .text C:\MSI\MSI SUITE\Super-Charger\SuiteChargeService.exe[3148] C:\Windows\syswow64\USER32.dll!GetWindowLongW 0000000076ef6ffe 5 bytes JMP 000000007ef2117e .text C:\MSI\MSI SUITE\Super-Charger\SuiteChargeService.exe[3148] C:\Windows\syswow64\USER32.dll!GetMessageW 0000000076ef78e2 5 bytes JMP 000000007ef20ef8 .text C:\MSI\MSI SUITE\Super-Charger\SuiteChargeService.exe[3148] C:\Windows\syswow64\USER32.dll!GetMessageA 0000000076ef7bd3 5 bytes JMP 000000007ef20ed6 .text C:\MSI\MSI SUITE\Super-Charger\SuiteChargeService.exe[3148] C:\Windows\syswow64\USER32.dll!SetWindowLongW 0000000076ef8332 5 bytes JMP 000000007ef211c2 .text C:\MSI\MSI SUITE\Super-Charger\SuiteChargeService.exe[3148] C:\Windows\syswow64\USER32.dll!CreateWindowExW 0000000076ef8a29 5 bytes JMP 000000007ef20fa2 .text C:\MSI\MSI SUITE\Super-Charger\SuiteChargeService.exe[3148] C:\Windows\syswow64\USER32.dll!FindWindowW 0000000076ef98fd 5 bytes JMP 000000007ef21118 .text C:\MSI\MSI SUITE\Super-Charger\SuiteChargeService.exe[3148] C:\Windows\syswow64\USER32.dll!UserClientDllInitialize 0000000076efb6fa 5 bytes JMP 000000007ef20ada .text C:\MSI\MSI SUITE\Super-Charger\SuiteChargeService.exe[3148] C:\Windows\syswow64\USER32.dll!GetWindowLongA 0000000076efd166 5 bytes JMP 000000007ef2115c .text C:\MSI\MSI SUITE\Super-Charger\SuiteChargeService.exe[3148] C:\Windows\syswow64\USER32.dll!CreateWindowExA 0000000076efd23e 5 bytes JMP 000000007ef20fc4 .text C:\MSI\MSI SUITE\Super-Charger\SuiteChargeService.exe[3148] C:\Windows\syswow64\USER32.dll!SetWinEventHook 0000000076efee21 5 bytes JMP 000000007ef20eb4 .text C:\MSI\MSI SUITE\Super-Charger\SuiteChargeService.exe[3148] C:\Windows\syswow64\USER32.dll!FindWindowA 0000000076effffe 5 bytes JMP 000000007ef210d4 .text C:\MSI\MSI SUITE\Super-Charger\SuiteChargeService.exe[3148] C:\Windows\syswow64\USER32.dll!FindWindowExA 0000000076f000f1 5 bytes JMP 000000007ef210f6 .text C:\MSI\MSI SUITE\Super-Charger\SuiteChargeService.exe[3148] C:\Windows\syswow64\USER32.dll!PeekMessageW 0000000076f005d2 5 bytes JMP 000000007ef20f3c .text C:\MSI\MSI SUITE\Super-Charger\SuiteChargeService.exe[3148] C:\Windows\syswow64\USER32.dll!ShowWindow 0000000076f00e13 5 bytes JMP 000000007ef20fe6 .text C:\MSI\MSI SUITE\Super-Charger\SuiteChargeService.exe[3148] C:\Windows\syswow64\USER32.dll!SetWindowTextW 0000000076f01f14 5 bytes JMP 000000007ef210b2 .text C:\MSI\MSI SUITE\Super-Charger\SuiteChargeService.exe[3148] C:\Windows\syswow64\USER32.dll!UnhookWindowsHookEx 0000000076f0392d 5 bytes JMP 000000007ef20f80 .text C:\MSI\MSI SUITE\Super-Charger\SuiteChargeService.exe[3148] C:\Windows\syswow64\USER32.dll!FindWindowExW 0000000076f0398a 5 bytes JMP 000000007ef2113a .text C:\MSI\MSI SUITE\Super-Charger\SuiteChargeService.exe[3148] C:\Windows\syswow64\USER32.dll!PeekMessageA 0000000076f07044 5 bytes JMP 000000007ef20f1a .text C:\MSI\MSI SUITE\Super-Charger\SuiteChargeService.exe[3148] C:\Windows\syswow64\USER32.dll!SetWindowLongA 0000000076f071e0 5 bytes JMP 000000007ef211a0 .text C:\MSI\MSI SUITE\Super-Charger\SuiteChargeService.exe[3148] C:\Windows\syswow64\USER32.dll!CallNextHookEx 0000000076f07355 5 bytes JMP 000000007ef20f5e .text C:\MSI\MSI SUITE\Super-Charger\SuiteChargeService.exe[3148] C:\Windows\syswow64\USER32.dll!SetWindowsHookExW 0000000076f081f5 5 bytes JMP 000000007ef20e92 .text C:\MSI\MSI SUITE\Super-Charger\SuiteChargeService.exe[3148] C:\Windows\syswow64\USER32.dll!SendNotifyMessageW 0000000076f0825a 5 bytes JMP 000000007ef21206 .text C:\MSI\MSI SUITE\Super-Charger\SuiteChargeService.exe[3148] C:\Windows\syswow64\USER32.dll!SetWindowTextA 0000000076f086de 5 bytes JMP 000000007ef21090 .text C:\MSI\MSI SUITE\Super-Charger\SuiteChargeService.exe[3148] C:\Windows\syswow64\USER32.dll!SetWindowsHookExA 0000000076f08f4c 5 bytes JMP 000000007ef20e70 .text C:\MSI\MSI SUITE\Super-Charger\SuiteChargeService.exe[3148] C:\Windows\syswow64\USER32.dll!DialogBoxIndirectParamAorW 0000000076f1d954 5 bytes JMP 000000007ef2102a .text C:\MSI\MSI SUITE\Super-Charger\SuiteChargeService.exe[3148] C:\Windows\syswow64\USER32.dll!CreateDialogIndirectParamAorW 0000000076f21080 5 bytes JMP 000000007ef21008 .text C:\MSI\MSI SUITE\Super-Charger\SuiteChargeService.exe[3148] C:\Windows\syswow64\USER32.dll!MessageBoxExA 0000000076f4fd66 5 bytes JMP 000000007ef2104c .text C:\MSI\MSI SUITE\Super-Charger\SuiteChargeService.exe[3148] C:\Windows\syswow64\USER32.dll!MessageBoxExW 0000000076f4fd8a 5 bytes JMP 000000007ef2106e .text C:\MSI\MSI SUITE\Super-Charger\SuiteChargeService.exe[3148] C:\Windows\syswow64\USER32.dll!SendNotifyMessageA 0000000076f56df5 5 bytes JMP 000000007ef211e4 .text C:\MSI\MSI SUITE\Super-Charger\SuiteChargeService.exe[3148] C:\Windows\syswow64\GDI32.dll!TranslateCharsetInfo + 505 0000000076d1633b 5 bytes JMP 000000007ef20afc .text C:\MSI\MSI SUITE\Super-Charger\SuiteChargeService.exe[3148] C:\Windows\syswow64\GDI32.dll!SetBrushAttributes 0000000076d385fd 5 bytes JMP 000000007ef20e0a .text C:\MSI\MSI SUITE\Super-Charger\SuiteChargeService.exe[3148] C:\Windows\syswow64\GDI32.dll!ClearBrushAttributes 0000000076d3861c 5 bytes JMP 000000007ef20e2c .text C:\MSI\MSI SUITE\Super-Charger\SuiteChargeService.exe[3148] C:\Windows\syswow64\GDI32.dll!NamedEscape 0000000076d4421d 5 bytes JMP 000000007ef20e4e .text C:\MSI\MSI SUITE\ControlCenter\ComCenService.exe[3188] C:\Windows\SysWOW64\ntdll.dll!NtReadFile 00000000774df900 5 bytes JMP 000000007ef20920 .text C:\MSI\MSI SUITE\ControlCenter\ComCenService.exe[3188] C:\Windows\SysWOW64\ntdll.dll!NtWriteFile 00000000774df938 5 bytes JMP 000000007ef20a52 .text C:\MSI\MSI SUITE\ControlCenter\ComCenService.exe[3188] C:\Windows\SysWOW64\ntdll.dll!NtClose 00000000774df9f0 5 bytes JMP 000000007ef20700 .text C:\MSI\MSI SUITE\ControlCenter\ComCenService.exe[3188] C:\Windows\SysWOW64\ntdll.dll!NtAllocateVirtualMemory 00000000774dfad0 5 bytes JMP 000000007ef208ba .text C:\MSI\MSI SUITE\ControlCenter\ComCenService.exe[3188] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationProcess 00000000774dfb38 1 byte JMP 000000007ef20656 .text C:\MSI\MSI SUITE\ControlCenter\ComCenService.exe[3188] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationProcess + 2 00000000774dfb3a 3 bytes {JMP 0x7a40b1e} .text C:\MSI\MSI SUITE\ControlCenter\ComCenService.exe[3188] C:\Windows\SysWOW64\ntdll.dll!NtQueryInformationToken 00000000774dfbb8 5 bytes JMP 000000007ef209ec .text C:\MSI\MSI SUITE\ControlCenter\ComCenService.exe[3188] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess 00000000774dfc30 5 bytes JMP 000000007ef203f2 .text C:\MSI\MSI SUITE\ControlCenter\ComCenService.exe[3188] C:\Windows\SysWOW64\ntdll.dll!NtMapViewOfSection 00000000774dfc60 5 bytes JMP 000000007ef20018 .text C:\MSI\MSI SUITE\ControlCenter\ComCenService.exe[3188] C:\Windows\SysWOW64\ntdll.dll!NtUnmapViewOfSection 00000000774dfc90 5 bytes JMP 000000007ef2003a .text C:\MSI\MSI SUITE\ControlCenter\ComCenService.exe[3188] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 00000000774dfcc0 5 bytes JMP 000000007ef20634 .text C:\MSI\MSI SUITE\ControlCenter\ComCenService.exe[3188] C:\Windows\SysWOW64\ntdll.dll!NtOpenSection 00000000774dfdd8 5 bytes JMP 000000007ef20a30 .text C:\MSI\MSI SUITE\ControlCenter\ComCenService.exe[3188] C:\Windows\SysWOW64\ntdll.dll!NtWriteVirtualMemory 00000000774dfe24 5 bytes JMP 000000007ef203ae .text C:\MSI\MSI SUITE\ControlCenter\ComCenService.exe[3188] C:\Windows\SysWOW64\ntdll.dll!NtDuplicateObject 00000000774dfe54 5 bytes JMP 000000007ef20436 .text C:\MSI\MSI SUITE\ControlCenter\ComCenService.exe[3188] C:\Windows\SysWOW64\ntdll.dll!NtOpenEvent 00000000774dfeb8 5 bytes JMP 000000007ef20876 .text C:\MSI\MSI SUITE\ControlCenter\ComCenService.exe[3188] C:\Windows\SysWOW64\ntdll.dll!NtAdjustPrivilegesToken 00000000774dfed0 5 bytes JMP 000000007ef20810 .text C:\MSI\MSI SUITE\ControlCenter\ComCenService.exe[3188] C:\Windows\SysWOW64\ntdll.dll!NtQueueApcThread 00000000774dff34 5 bytes JMP 000000007ef20414 .text C:\MSI\MSI SUITE\ControlCenter\ComCenService.exe[3188] C:\Windows\SysWOW64\ntdll.dll!NtCreateProcessEx 00000000774dfffc 5 bytes JMP 000000007ef2036a .text C:\MSI\MSI SUITE\ControlCenter\ComCenService.exe[3188] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread 00000000774e0014 5 bytes JMP 000000007ef20326 .text C:\MSI\MSI SUITE\ControlCenter\ComCenService.exe[3188] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory 00000000774e0048 5 bytes JMP 000000007ef208dc .text C:\MSI\MSI SUITE\ControlCenter\ComCenService.exe[3188] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile 00000000774e00c4 2 bytes JMP 000000007ef20128 .text C:\MSI\MSI SUITE\ControlCenter\ComCenService.exe[3188] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile + 3 00000000774e00c7 2 bytes [A4, 07] .text C:\MSI\MSI SUITE\ControlCenter\ComCenService.exe[3188] C:\Windows\SysWOW64\ntdll.dll!NtSetValueKey 00000000774e01d4 5 bytes JMP 000000007ef201b0 .text C:\MSI\MSI SUITE\ControlCenter\ComCenService.exe[3188] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant 00000000774e07ac 2 bytes JMP 000000007ef20898 .text C:\MSI\MSI SUITE\ControlCenter\ComCenService.exe[3188] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant + 3 00000000774e07af 2 bytes [A4, 07] .text C:\MSI\MSI SUITE\ControlCenter\ComCenService.exe[3188] C:\Windows\SysWOW64\ntdll.dll!NtCreateProcess 00000000774e0824 5 bytes JMP 000000007ef20348 .text C:\MSI\MSI SUITE\ControlCenter\ComCenService.exe[3188] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx 00000000774e08b4 5 bytes JMP 000000007ef20304 .text C:\MSI\MSI SUITE\ControlCenter\ComCenService.exe[3188] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver 00000000774e0e04 5 bytes JMP 000000007ef20722 .text C:\MSI\MSI SUITE\ControlCenter\ComCenService.exe[3188] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessToken 00000000774e10d0 5 bytes JMP 000000007ef209ca .text C:\MSI\MSI SUITE\ControlCenter\ComCenService.exe[3188] C:\Windows\SysWOW64\ntdll.dll!NtRaiseHardError 00000000774e1614 5 bytes JMP 000000007ef205f0 .text C:\MSI\MSI SUITE\ControlCenter\ComCenService.exe[3188] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread 00000000774e1930 5 bytes JMP 000000007ef203d0 .text C:\MSI\MSI SUITE\ControlCenter\ComCenService.exe[3188] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation 00000000774e1bf4 5 bytes JMP 000000007ef20744 .text C:\MSI\MSI SUITE\ControlCenter\ComCenService.exe[3188] C:\Windows\SysWOW64\ntdll.dll!NtSuspendProcess 00000000774e1d64 5 bytes JMP 000000007ef2047a .text C:\MSI\MSI SUITE\ControlCenter\ComCenService.exe[3188] C:\Windows\SysWOW64\ntdll.dll!NtSuspendThread 00000000774e1d80 5 bytes JMP 000000007ef20458 .text C:\MSI\MSI SUITE\ControlCenter\ComCenService.exe[3188] C:\Windows\SysWOW64\ntdll.dll!NtSystemDebugControl 00000000774e1d9c 5 bytes JMP 000000007ef20a74 .text C:\MSI\MSI SUITE\ControlCenter\ComCenService.exe[3188] C:\Windows\SysWOW64\ntdll.dll!RtlQueryPerformanceCounter 00000000774f2954 5 bytes JMP 000000007ef200c2 .text C:\MSI\MSI SUITE\ControlCenter\ComCenService.exe[3188] C:\Windows\SysWOW64\ntdll.dll!RtlEqualSid 00000000774f8ee1 5 bytes JMP 000000007ef20a0e .text C:\MSI\MSI SUITE\ControlCenter\ComCenService.exe[3188] C:\Windows\SysWOW64\ntdll.dll!RtlCreateProcessParametersEx 000000007752005b 5 bytes JMP 000000007ef2016c .text C:\MSI\MSI SUITE\ControlCenter\ComCenService.exe[3188] C:\Windows\SysWOW64\ntdll.dll!RtlReportException 0000000077568757 5 bytes JMP 000000007ef20612 .text C:\MSI\MSI SUITE\ControlCenter\ComCenService.exe[3188] C:\Windows\SysWOW64\ntdll.dll!RtlCreateProcessParameters 000000007756e9f7 5 bytes JMP 000000007ef2014a .text C:\MSI\MSI SUITE\ControlCenter\ComCenService.exe[3188] C:\Windows\syswow64\kernel32.dll!GetStartupInfoA 0000000076310e00 5 bytes JMP 000000007ef200e4 .text C:\MSI\MSI SUITE\ControlCenter\ComCenService.exe[3188] C:\Windows\syswow64\kernel32.dll!CreateProcessA 0000000076311072 5 bytes JMP 000000007ef202c0 .text C:\MSI\MSI SUITE\ControlCenter\ComCenService.exe[3188] C:\Windows\syswow64\kernel32.dll!LoadLibraryA 0000000076314977 5 bytes JMP 000000007ef20238 .text C:\MSI\MSI SUITE\ControlCenter\ComCenService.exe[3188] C:\Windows\syswow64\kernel32.dll!CreateProcessInternalW 0000000076323bbb 5 bytes JMP 000000007ef2038c .text C:\MSI\MSI SUITE\ControlCenter\ComCenService.exe[3188] C:\Windows\syswow64\kernel32.dll!MoveFileWithProgressW 0000000076329abc 5 bytes JMP 000000007ef207ee .text C:\MSI\MSI SUITE\ControlCenter\ComCenService.exe[3188] C:\Windows\syswow64\kernel32.dll!MoveFileExW 0000000076329b1d 5 bytes JMP 000000007ef207aa .text C:\MSI\MSI SUITE\ControlCenter\ComCenService.exe[3188] C:\Windows\syswow64\kernel32.dll!CreateToolhelp32Snapshot 000000007633733f 5 bytes JMP 000000007ef2025a .text C:\MSI\MSI SUITE\ControlCenter\ComCenService.exe[3188] C:\Windows\syswow64\kernel32.dll!Process32NextW 00000000763388f2 5 bytes JMP 000000007ef206de .text C:\MSI\MSI SUITE\ControlCenter\ComCenService.exe[3188] C:\Windows\syswow64\kernel32.dll!MoveFileExA 000000007633ccf1 5 bytes JMP 000000007ef20788 .text C:\MSI\MSI SUITE\ControlCenter\ComCenService.exe[3188] C:\Windows\syswow64\kernel32.dll!MoveFileWithProgressA 000000007633cd11 5 bytes JMP 000000007ef207cc .text C:\MSI\MSI SUITE\ControlCenter\ComCenService.exe[3188] C:\Windows\syswow64\kernel32.dll!WinExec 0000000076393231 5 bytes JMP 000000007ef2029e .text C:\MSI\MSI SUITE\ControlCenter\ComCenService.exe[3188] C:\Windows\syswow64\kernel32.dll!ReadConsoleInputA 00000000763b773b 5 bytes JMP 000000007ef20568 .text C:\MSI\MSI SUITE\ControlCenter\ComCenService.exe[3188] C:\Windows\syswow64\kernel32.dll!ReadConsoleInputW 00000000763b775e 5 bytes JMP 000000007ef2058a .text C:\MSI\MSI SUITE\ControlCenter\ComCenService.exe[3188] C:\Windows\syswow64\kernel32.dll!ReadConsoleA 00000000763b7b09 5 bytes JMP 000000007ef205ac .text C:\MSI\MSI SUITE\ControlCenter\ComCenService.exe[3188] C:\Windows\syswow64\kernel32.dll!ReadConsoleW 00000000763b7b82 5 bytes JMP 000000007ef205ce .text C:\MSI\MSI SUITE\ControlCenter\ComCenService.exe[3188] C:\Windows\syswow64\KERNELBASE.dll!GetSystemTimeAsFileTime 0000000077078fa5 5 bytes JMP 000000007ef200a0 .text C:\MSI\MSI SUITE\ControlCenter\ComCenService.exe[3188] C:\Windows\syswow64\KERNELBASE.dll!CloseHandle 000000007707c558 5 bytes JMP 000000007ef20546 .text C:\MSI\MSI SUITE\ControlCenter\ComCenService.exe[3188] C:\Windows\syswow64\KERNELBASE.dll!WriteProcessMemory 000000007707edc6 5 bytes JMP 000000007ef204e0 .text C:\MSI\MSI SUITE\ControlCenter\ComCenService.exe[3188] C:\Windows\syswow64\KERNELBASE.dll!ExitProcess 000000007707f329 5 bytes JMP 000000007ef201d2 .text C:\MSI\MSI SUITE\ControlCenter\ComCenService.exe[3188] C:\Windows\syswow64\KERNELBASE.dll!GetStartupInfoW 000000007707fbac 5 bytes JMP 000000007ef20106 .text C:\MSI\MSI SUITE\ControlCenter\ComCenService.exe[3188] C:\Windows\syswow64\KERNELBASE.dll!DefineDosDeviceW 000000007707fcda 5 bytes JMP 000000007ef20766 .text C:\MSI\MSI SUITE\ControlCenter\ComCenService.exe[3188] C:\Windows\syswow64\KERNELBASE.dll!CreateMutexW 000000007708147b 5 bytes JMP 000000007ef20524 .text C:\MSI\MSI SUITE\ControlCenter\ComCenService.exe[3188] C:\Windows\syswow64\KERNELBASE.dll!OpenMutexW 00000000770814a2 5 bytes JMP 000000007ef20502 .text C:\MSI\MSI SUITE\ControlCenter\ComCenService.exe[3188] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000077081e4c 5 bytes JMP 000000007ef2007e .text C:\MSI\MSI SUITE\ControlCenter\ComCenService.exe[3188] C:\Windows\syswow64\KERNELBASE.dll!GetProcAddress 0000000077081f38 5 bytes JMP 000000007ef20216 .text C:\MSI\MSI SUITE\ControlCenter\ComCenService.exe[3188] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000077082bdc 5 bytes JMP 000000007ef2069a .text C:\MSI\MSI SUITE\ControlCenter\ComCenService.exe[3188] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExA 0000000077082e40 5 bytes JMP 000000007ef20678 .text C:\MSI\MSI SUITE\ControlCenter\ComCenService.exe[3188] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000077082e7e 5 bytes JMP 000000007ef206bc .text C:\MSI\MSI SUITE\ControlCenter\ComCenService.exe[3188] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleA 0000000077082fe1 5 bytes JMP 000000007ef2005c .text C:\MSI\MSI SUITE\ControlCenter\ComCenService.exe[3188] C:\Windows\syswow64\KERNELBASE.dll!OpenThread 000000007708396a 5 bytes JMP 000000007ef2049c .text C:\MSI\MSI SUITE\ControlCenter\ComCenService.exe[3188] C:\Windows\syswow64\KERNELBASE.dll!SleepEx 0000000077083cd7 5 bytes JMP 000000007ef2018e .text C:\MSI\MSI SUITE\ControlCenter\ComCenService.exe[3188] C:\Windows\syswow64\KERNELBASE.dll!CreateRemoteThreadEx 0000000077083fdf 5 bytes JMP 000000007ef208fe .text C:\MSI\MSI SUITE\ControlCenter\ComCenService.exe[3188] C:\Windows\syswow64\KERNELBASE.dll!Sleep 00000000770845fd 5 bytes JMP 000000007ef201f4 .text C:\MSI\MSI SUITE\ControlCenter\ComCenService.exe[3188] C:\Windows\syswow64\KERNELBASE.dll!CreateThread 000000007708476f 5 bytes JMP 000000007ef204be .text C:\MSI\MSI SUITE\ControlCenter\ComCenService.exe[3188] C:\Windows\syswow64\KERNELBASE.dll!CreateRemoteThread 0000000077084798 5 bytes JMP 000000007ef202e2 .text C:\MSI\MSI SUITE\ControlCenter\ComCenService.exe[3188] C:\Windows\syswow64\KERNELBASE.dll!DeleteFileW 0000000077089dcf 5 bytes JMP 000000007ef20832 .text C:\MSI\MSI SUITE\ControlCenter\ComCenService.exe[3188] C:\Windows\syswow64\KERNELBASE.dll!DeleteFileA 000000007708a11c 5 bytes JMP 000000007ef20854 .text C:\MSI\MSI SUITE\ControlCenter\ComCenService.exe[3188] C:\Windows\syswow64\KERNELBASE.dll!FindNextFileW 000000007708a37a 5 bytes JMP 000000007ef20964 .text C:\MSI\MSI SUITE\ControlCenter\ComCenService.exe[3188] C:\Windows\syswow64\KERNELBASE.dll!FindClose 000000007708a589 5 bytes JMP 000000007ef20986 .text C:\MSI\MSI SUITE\ControlCenter\ComCenService.exe[3188] C:\Windows\syswow64\KERNELBASE.dll!FindFirstFileExW 000000007708a663 5 bytes JMP 000000007ef20942 .text C:\MSI\MSI SUITE\ControlCenter\ComCenService.exe[3188] C:\Windows\syswow64\KERNELBASE.dll!CreateFileA 000000007708c8a8 5 bytes JMP 000000007ef2027c .text C:\MSI\MSI SUITE\ControlCenter\ComCenService.exe[3188] C:\Windows\syswow64\KERNELBASE.dll!CreateWellKnownSid 000000007708e414 5 bytes JMP 000000007ef209a8 .text C:\MSI\MSI SUITE\ControlCenter\ComCenService.exe[3188] C:\Windows\syswow64\USER32.dll!GetWindowLongW 0000000076ef6ffe 5 bytes JMP 000000007ef211a0 .text C:\MSI\MSI SUITE\ControlCenter\ComCenService.exe[3188] C:\Windows\syswow64\USER32.dll!GetMessageW 0000000076ef78e2 5 bytes JMP 000000007ef20f1a .text C:\MSI\MSI SUITE\ControlCenter\ComCenService.exe[3188] C:\Windows\syswow64\USER32.dll!GetMessageA 0000000076ef7bd3 5 bytes JMP 000000007ef20ef8 .text C:\MSI\MSI SUITE\ControlCenter\ComCenService.exe[3188] C:\Windows\syswow64\USER32.dll!SetWindowLongW 0000000076ef8332 5 bytes JMP 000000007ef211e4 .text C:\MSI\MSI SUITE\ControlCenter\ComCenService.exe[3188] C:\Windows\syswow64\USER32.dll!CreateWindowExW 0000000076ef8a29 5 bytes JMP 000000007ef20fc4 .text C:\MSI\MSI SUITE\ControlCenter\ComCenService.exe[3188] C:\Windows\syswow64\USER32.dll!FindWindowW 0000000076ef98fd 5 bytes JMP 000000007ef2113a .text C:\MSI\MSI SUITE\ControlCenter\ComCenService.exe[3188] C:\Windows\syswow64\USER32.dll!UserClientDllInitialize 0000000076efb6fa 5 bytes JMP 000000007ef20a96 .text C:\MSI\MSI SUITE\ControlCenter\ComCenService.exe[3188] C:\Windows\syswow64\USER32.dll!GetWindowLongA 0000000076efd166 5 bytes JMP 000000007ef2117e .text C:\MSI\MSI SUITE\ControlCenter\ComCenService.exe[3188] C:\Windows\syswow64\USER32.dll!CreateWindowExA 0000000076efd23e 5 bytes JMP 000000007ef20fe6 .text C:\MSI\MSI SUITE\ControlCenter\ComCenService.exe[3188] C:\Windows\syswow64\USER32.dll!SetWinEventHook 0000000076efee21 5 bytes JMP 000000007ef20ed6 .text C:\MSI\MSI SUITE\ControlCenter\ComCenService.exe[3188] C:\Windows\syswow64\USER32.dll!FindWindowA 0000000076effffe 5 bytes JMP 000000007ef210f6 .text C:\MSI\MSI SUITE\ControlCenter\ComCenService.exe[3188] C:\Windows\syswow64\USER32.dll!FindWindowExA 0000000076f000f1 5 bytes JMP 000000007ef21118 .text C:\MSI\MSI SUITE\ControlCenter\ComCenService.exe[3188] C:\Windows\syswow64\USER32.dll!PeekMessageW 0000000076f005d2 5 bytes JMP 000000007ef20f5e .text C:\MSI\MSI SUITE\ControlCenter\ComCenService.exe[3188] C:\Windows\syswow64\USER32.dll!ShowWindow 0000000076f00e13 5 bytes JMP 000000007ef21008 .text C:\MSI\MSI SUITE\ControlCenter\ComCenService.exe[3188] C:\Windows\syswow64\USER32.dll!SetWindowTextW 0000000076f01f14 5 bytes JMP 000000007ef210d4 .text C:\MSI\MSI SUITE\ControlCenter\ComCenService.exe[3188] C:\Windows\syswow64\USER32.dll!UnhookWindowsHookEx 0000000076f0392d 1 byte JMP 000000007ef20fa2 .text C:\MSI\MSI SUITE\ControlCenter\ComCenService.exe[3188] C:\Windows\syswow64\USER32.dll!UnhookWindowsHookEx + 2 0000000076f0392f 3 bytes {JMP 0x801d675} .text C:\MSI\MSI SUITE\ControlCenter\ComCenService.exe[3188] C:\Windows\syswow64\USER32.dll!FindWindowExW 0000000076f0398a 5 bytes JMP 000000007ef2115c .text C:\MSI\MSI SUITE\ControlCenter\ComCenService.exe[3188] C:\Windows\syswow64\USER32.dll!PeekMessageA 0000000076f07044 5 bytes JMP 000000007ef20f3c .text C:\MSI\MSI SUITE\ControlCenter\ComCenService.exe[3188] C:\Windows\syswow64\USER32.dll!SetWindowLongA 0000000076f071e0 5 bytes JMP 000000007ef211c2 .text C:\MSI\MSI SUITE\ControlCenter\ComCenService.exe[3188] C:\Windows\syswow64\USER32.dll!CallNextHookEx 0000000076f07355 5 bytes JMP 000000007ef20f80 .text C:\MSI\MSI SUITE\ControlCenter\ComCenService.exe[3188] C:\Windows\syswow64\USER32.dll!SetWindowsHookExW 0000000076f081f5 5 bytes JMP 000000007ef20eb4 .text C:\MSI\MSI SUITE\ControlCenter\ComCenService.exe[3188] C:\Windows\syswow64\USER32.dll!SendNotifyMessageW 0000000076f0825a 5 bytes JMP 000000007ef21228 .text C:\MSI\MSI SUITE\ControlCenter\ComCenService.exe[3188] C:\Windows\syswow64\USER32.dll!SetWindowTextA 0000000076f086de 5 bytes JMP 000000007ef210b2 .text C:\MSI\MSI SUITE\ControlCenter\ComCenService.exe[3188] C:\Windows\syswow64\USER32.dll!SetWindowsHookExA 0000000076f08f4c 5 bytes JMP 000000007ef20e92 .text C:\MSI\MSI SUITE\ControlCenter\ComCenService.exe[3188] C:\Windows\syswow64\USER32.dll!DialogBoxIndirectParamAorW 0000000076f1d954 5 bytes JMP 000000007ef2104c .text C:\MSI\MSI SUITE\ControlCenter\ComCenService.exe[3188] C:\Windows\syswow64\USER32.dll!CreateDialogIndirectParamAorW 0000000076f21080 5 bytes JMP 000000007ef2102a .text C:\MSI\MSI SUITE\ControlCenter\ComCenService.exe[3188] C:\Windows\syswow64\USER32.dll!MessageBoxExA 0000000076f4fd66 5 bytes JMP 000000007ef2106e .text C:\MSI\MSI SUITE\ControlCenter\ComCenService.exe[3188] C:\Windows\syswow64\USER32.dll!MessageBoxExW 0000000076f4fd8a 5 bytes JMP 000000007ef21090 .text C:\MSI\MSI SUITE\ControlCenter\ComCenService.exe[3188] C:\Windows\syswow64\USER32.dll!SendNotifyMessageA 0000000076f56df5 5 bytes JMP 000000007ef21206 .text C:\MSI\MSI SUITE\ControlCenter\ComCenService.exe[3188] C:\Windows\syswow64\GDI32.dll!TranslateCharsetInfo + 505 0000000076d1633b 5 bytes JMP 000000007ef20ab8 .text C:\MSI\MSI SUITE\ControlCenter\ComCenService.exe[3188] C:\Windows\syswow64\GDI32.dll!SetBrushAttributes 0000000076d385fd 5 bytes JMP 000000007ef20b84 .text C:\MSI\MSI SUITE\ControlCenter\ComCenService.exe[3188] C:\Windows\syswow64\GDI32.dll!ClearBrushAttributes 0000000076d3861c 5 bytes JMP 000000007ef20ba6 .text C:\MSI\MSI SUITE\ControlCenter\ComCenService.exe[3188] C:\Windows\syswow64\GDI32.dll!NamedEscape 0000000076d4421d 5 bytes JMP 000000007ef20bc8 .text C:\MSI\MSI SUITE\ControlCenter\ComCenService.exe[3188] C:\Windows\syswow64\msvcrt.dll!_lock + 41 000000007652a472 5 bytes JMP 000000007ef20ada .text C:\MSI\MSI SUITE\ControlCenter\ComCenService.exe[3188] C:\Windows\syswow64\msvcrt.dll!__p__fmode 00000000765327ce 5 bytes JMP 000000007ef20b62 .text C:\MSI\MSI SUITE\ControlCenter\ComCenService.exe[3188] C:\Windows\syswow64\msvcrt.dll!__p__environ 000000007653e6cf 5 bytes JMP 000000007ef20b40 .text C:\MSI\MSI SUITE\ControlCenter\ComCenService.exe[3188] C:\Windows\syswow64\ADVAPI32.dll!CryptGenKey 0000000076c28e69 5 bytes JMP 000000007ef20da4 .text C:\MSI\MSI SUITE\ControlCenter\ComCenService.exe[3188] C:\Windows\syswow64\ADVAPI32.dll!CryptAcquireContextA 0000000076c29159 5 bytes JMP 000000007ef20d60 .text C:\MSI\MSI SUITE\ControlCenter\ComCenService.exe[3188] C:\Windows\syswow64\ADVAPI32.dll!CryptExportKey 0000000076c29166 5 bytes JMP 000000007ef20e0a .text C:\MSI\MSI SUITE\ControlCenter\ComCenService.exe[3188] C:\Windows\syswow64\ADVAPI32.dll!CryptImportKey 0000000076c2c4b2 5 bytes JMP 000000007ef20e70 .text C:\MSI\MSI SUITE\ControlCenter\ComCenService.exe[3188] C:\Windows\syswow64\ADVAPI32.dll!OpenServiceW 0000000076c2c9cc 5 bytes JMP 000000007ef20c0c .text C:\MSI\MSI SUITE\ControlCenter\ComCenService.exe[3188] C:\Windows\syswow64\ADVAPI32.dll!CryptAcquireContextW 0000000076c2de94 5 bytes JMP 000000007ef20d82 .text C:\MSI\MSI SUITE\ControlCenter\ComCenService.exe[3188] C:\Windows\syswow64\ADVAPI32.dll!CryptHashData 0000000076c2deb6 5 bytes JMP 000000007ef20e4e .text C:\MSI\MSI SUITE\ControlCenter\ComCenService.exe[3188] C:\Windows\syswow64\ADVAPI32.dll!CryptCreateHash 0000000076c2dece 5 bytes JMP 000000007ef20de8 .text C:\MSI\MSI SUITE\ControlCenter\ComCenService.exe[3188] C:\Windows\syswow64\ADVAPI32.dll!CryptGetHashParam 0000000076c2defe 5 bytes JMP 000000007ef20e2c .text C:\MSI\MSI SUITE\ControlCenter\ComCenService.exe[3188] C:\Windows\syswow64\ADVAPI32.dll!OpenServiceA 0000000076c32b38 5 bytes JMP 000000007ef20bea .text C:\MSI\MSI SUITE\ControlCenter\ComCenService.exe[3188] C:\Windows\syswow64\ADVAPI32.dll!CloseServiceHandle 0000000076c335e4 5 bytes JMP 000000007ef20cfa .text C:\MSI\MSI SUITE\ControlCenter\ComCenService.exe[3188] C:\Windows\syswow64\ADVAPI32.dll!RegOpenKeyExA + 222 0000000076c34939 5 bytes JMP 000000007ef20afc .text C:\MSI\MSI SUITE\ControlCenter\ComCenService.exe[3188] C:\Windows\syswow64\ADVAPI32.dll!CreateServiceW 0000000076c470a4 5 bytes JMP 000000007ef20d3e .text C:\MSI\MSI SUITE\ControlCenter\ComCenService.exe[3188] C:\Windows\syswow64\ADVAPI32.dll!ControlService 0000000076c470bc 5 bytes JMP 000000007ef20c72 .text C:\MSI\MSI SUITE\ControlCenter\ComCenService.exe[3188] C:\Windows\syswow64\ADVAPI32.dll!DeleteService 0000000076c470d4 5 bytes JMP 000000007ef20c94 .text C:\MSI\MSI SUITE\ControlCenter\ComCenService.exe[3188] C:\Windows\syswow64\ADVAPI32.dll!CryptEncrypt 0000000076c4771b 5 bytes JMP 000000007ef20dc6 .text C:\MSI\MSI SUITE\ControlCenter\ComCenService.exe[3188] C:\Windows\syswow64\ADVAPI32.dll!ChangeServiceConfigA 0000000076c633a4 5 bytes JMP 000000007ef20cb6 .text C:\MSI\MSI SUITE\ControlCenter\ComCenService.exe[3188] C:\Windows\syswow64\ADVAPI32.dll!ChangeServiceConfigW 0000000076c633b4 5 bytes JMP 000000007ef20cd8 .text C:\MSI\MSI SUITE\ControlCenter\ComCenService.exe[3188] C:\Windows\syswow64\ADVAPI32.dll!ControlServiceExA 0000000076c633c4 5 bytes JMP 000000007ef20c2e .text C:\MSI\MSI SUITE\ControlCenter\ComCenService.exe[3188] C:\Windows\syswow64\ADVAPI32.dll!ControlServiceExW 0000000076c633d4 5 bytes JMP 000000007ef20c50 .text C:\MSI\MSI SUITE\ControlCenter\ComCenService.exe[3188] C:\Windows\syswow64\ADVAPI32.dll!CreateServiceA 0000000076c63414 5 bytes JMP 000000007ef20d1c .text C:\MSI\MSI SUITE\ControlCenter\ComCenService.exe[3188] C:\Windows\syswow64\SHELL32.dll!Shell_NotifyIconW 0000000075370179 5 bytes JMP 000000007ef2124a .text C:\MSI\MSI SUITE\FastBoot\SuiteFastBootService.exe[3232] C:\Windows\SysWOW64\ntdll.dll!NtReadFile 00000000774df900 5 bytes JMP 000000007ef20920 .text C:\MSI\MSI SUITE\FastBoot\SuiteFastBootService.exe[3232] C:\Windows\SysWOW64\ntdll.dll!NtWriteFile 00000000774df938 5 bytes JMP 000000007ef20a52 .text C:\MSI\MSI SUITE\FastBoot\SuiteFastBootService.exe[3232] C:\Windows\SysWOW64\ntdll.dll!NtClose 00000000774df9f0 5 bytes JMP 000000007ef20700 .text C:\MSI\MSI SUITE\FastBoot\SuiteFastBootService.exe[3232] C:\Windows\SysWOW64\ntdll.dll!NtAllocateVirtualMemory 00000000774dfad0 5 bytes JMP 000000007ef208ba .text C:\MSI\MSI SUITE\FastBoot\SuiteFastBootService.exe[3232] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationProcess 00000000774dfb38 1 byte JMP 000000007ef20656 .text C:\MSI\MSI SUITE\FastBoot\SuiteFastBootService.exe[3232] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationProcess + 2 00000000774dfb3a 3 bytes {JMP 0x7a40b1e} .text C:\MSI\MSI SUITE\FastBoot\SuiteFastBootService.exe[3232] C:\Windows\SysWOW64\ntdll.dll!NtQueryInformationToken 00000000774dfbb8 5 bytes JMP 000000007ef209ec .text C:\MSI\MSI SUITE\FastBoot\SuiteFastBootService.exe[3232] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess 00000000774dfc30 5 bytes JMP 000000007ef203f2 .text C:\MSI\MSI SUITE\FastBoot\SuiteFastBootService.exe[3232] C:\Windows\SysWOW64\ntdll.dll!NtMapViewOfSection 00000000774dfc60 5 bytes JMP 000000007ef20018 .text C:\MSI\MSI SUITE\FastBoot\SuiteFastBootService.exe[3232] C:\Windows\SysWOW64\ntdll.dll!NtUnmapViewOfSection 00000000774dfc90 5 bytes JMP 000000007ef2003a .text C:\MSI\MSI SUITE\FastBoot\SuiteFastBootService.exe[3232] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 00000000774dfcc0 5 bytes JMP 000000007ef20634 .text C:\MSI\MSI SUITE\FastBoot\SuiteFastBootService.exe[3232] C:\Windows\SysWOW64\ntdll.dll!NtOpenSection 00000000774dfdd8 5 bytes JMP 000000007ef20a30 .text C:\MSI\MSI SUITE\FastBoot\SuiteFastBootService.exe[3232] C:\Windows\SysWOW64\ntdll.dll!NtWriteVirtualMemory 00000000774dfe24 5 bytes JMP 000000007ef203ae .text C:\MSI\MSI SUITE\FastBoot\SuiteFastBootService.exe[3232] C:\Windows\SysWOW64\ntdll.dll!NtDuplicateObject 00000000774dfe54 5 bytes JMP 000000007ef20436 .text C:\MSI\MSI SUITE\FastBoot\SuiteFastBootService.exe[3232] C:\Windows\SysWOW64\ntdll.dll!NtOpenEvent 00000000774dfeb8 5 bytes JMP 000000007ef20876 .text C:\MSI\MSI SUITE\FastBoot\SuiteFastBootService.exe[3232] C:\Windows\SysWOW64\ntdll.dll!NtAdjustPrivilegesToken 00000000774dfed0 5 bytes JMP 000000007ef20810 .text C:\MSI\MSI SUITE\FastBoot\SuiteFastBootService.exe[3232] C:\Windows\SysWOW64\ntdll.dll!NtQueueApcThread 00000000774dff34 5 bytes JMP 000000007ef20414 .text C:\MSI\MSI SUITE\FastBoot\SuiteFastBootService.exe[3232] C:\Windows\SysWOW64\ntdll.dll!NtCreateProcessEx 00000000774dfffc 5 bytes JMP 000000007ef2036a .text C:\MSI\MSI SUITE\FastBoot\SuiteFastBootService.exe[3232] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread 00000000774e0014 5 bytes JMP 000000007ef20326 .text C:\MSI\MSI SUITE\FastBoot\SuiteFastBootService.exe[3232] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory 00000000774e0048 5 bytes JMP 000000007ef208dc .text C:\MSI\MSI SUITE\FastBoot\SuiteFastBootService.exe[3232] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile 00000000774e00c4 2 bytes JMP 000000007ef20128 .text C:\MSI\MSI SUITE\FastBoot\SuiteFastBootService.exe[3232] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile + 3 00000000774e00c7 2 bytes [A4, 07] .text C:\MSI\MSI SUITE\FastBoot\SuiteFastBootService.exe[3232] C:\Windows\SysWOW64\ntdll.dll!NtSetValueKey 00000000774e01d4 5 bytes JMP 000000007ef201b0 .text C:\MSI\MSI SUITE\FastBoot\SuiteFastBootService.exe[3232] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant 00000000774e07ac 2 bytes JMP 000000007ef20898 .text C:\MSI\MSI SUITE\FastBoot\SuiteFastBootService.exe[3232] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant + 3 00000000774e07af 2 bytes [A4, 07] .text C:\MSI\MSI SUITE\FastBoot\SuiteFastBootService.exe[3232] C:\Windows\SysWOW64\ntdll.dll!NtCreateProcess 00000000774e0824 5 bytes JMP 000000007ef20348 .text C:\MSI\MSI SUITE\FastBoot\SuiteFastBootService.exe[3232] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx 00000000774e08b4 5 bytes JMP 000000007ef20304 .text C:\MSI\MSI SUITE\FastBoot\SuiteFastBootService.exe[3232] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver 00000000774e0e04 5 bytes JMP 000000007ef20722 .text C:\MSI\MSI SUITE\FastBoot\SuiteFastBootService.exe[3232] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessToken 00000000774e10d0 5 bytes JMP 000000007ef209ca .text C:\MSI\MSI SUITE\FastBoot\SuiteFastBootService.exe[3232] C:\Windows\SysWOW64\ntdll.dll!NtRaiseHardError 00000000774e1614 5 bytes JMP 000000007ef205f0 .text C:\MSI\MSI SUITE\FastBoot\SuiteFastBootService.exe[3232] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread 00000000774e1930 5 bytes JMP 000000007ef203d0 .text C:\MSI\MSI SUITE\FastBoot\SuiteFastBootService.exe[3232] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation 00000000774e1bf4 5 bytes JMP 000000007ef20744 .text C:\MSI\MSI SUITE\FastBoot\SuiteFastBootService.exe[3232] C:\Windows\SysWOW64\ntdll.dll!NtSuspendProcess 00000000774e1d64 5 bytes JMP 000000007ef2047a .text C:\MSI\MSI SUITE\FastBoot\SuiteFastBootService.exe[3232] C:\Windows\SysWOW64\ntdll.dll!NtSuspendThread 00000000774e1d80 5 bytes JMP 000000007ef20458 .text C:\MSI\MSI SUITE\FastBoot\SuiteFastBootService.exe[3232] C:\Windows\SysWOW64\ntdll.dll!NtSystemDebugControl 00000000774e1d9c 5 bytes JMP 000000007ef20a74 .text C:\MSI\MSI SUITE\FastBoot\SuiteFastBootService.exe[3232] C:\Windows\SysWOW64\ntdll.dll!RtlQueryPerformanceCounter 00000000774f2954 5 bytes JMP 000000007ef200c2 .text C:\MSI\MSI SUITE\FastBoot\SuiteFastBootService.exe[3232] C:\Windows\SysWOW64\ntdll.dll!RtlEqualSid 00000000774f8ee1 5 bytes JMP 000000007ef20a0e .text C:\MSI\MSI SUITE\FastBoot\SuiteFastBootService.exe[3232] C:\Windows\SysWOW64\ntdll.dll!RtlCreateProcessParametersEx 000000007752005b 5 bytes JMP 000000007ef2016c .text C:\MSI\MSI SUITE\FastBoot\SuiteFastBootService.exe[3232] C:\Windows\SysWOW64\ntdll.dll!RtlReportException 0000000077568757 5 bytes JMP 000000007ef20612 .text C:\MSI\MSI SUITE\FastBoot\SuiteFastBootService.exe[3232] C:\Windows\SysWOW64\ntdll.dll!RtlCreateProcessParameters 000000007756e9f7 5 bytes JMP 000000007ef2014a .text C:\MSI\MSI SUITE\FastBoot\SuiteFastBootService.exe[3232] C:\Windows\syswow64\kernel32.dll!GetStartupInfoA 0000000076310e00 5 bytes JMP 000000007ef200e4 .text C:\MSI\MSI SUITE\FastBoot\SuiteFastBootService.exe[3232] C:\Windows\syswow64\kernel32.dll!CreateProcessA 0000000076311072 5 bytes JMP 000000007ef202c0 .text C:\MSI\MSI SUITE\FastBoot\SuiteFastBootService.exe[3232] C:\Windows\syswow64\kernel32.dll!LoadLibraryA 0000000076314977 5 bytes JMP 000000007ef20238 .text C:\MSI\MSI SUITE\FastBoot\SuiteFastBootService.exe[3232] C:\Windows\syswow64\kernel32.dll!CreateProcessInternalW 0000000076323bbb 5 bytes JMP 000000007ef2038c .text C:\MSI\MSI SUITE\FastBoot\SuiteFastBootService.exe[3232] C:\Windows\syswow64\kernel32.dll!MoveFileWithProgressW 0000000076329abc 5 bytes JMP 000000007ef207ee .text C:\MSI\MSI SUITE\FastBoot\SuiteFastBootService.exe[3232] C:\Windows\syswow64\kernel32.dll!MoveFileExW 0000000076329b1d 5 bytes JMP 000000007ef207aa .text C:\MSI\MSI SUITE\FastBoot\SuiteFastBootService.exe[3232] C:\Windows\syswow64\kernel32.dll!CreateToolhelp32Snapshot 000000007633733f 5 bytes JMP 000000007ef2025a .text C:\MSI\MSI SUITE\FastBoot\SuiteFastBootService.exe[3232] C:\Windows\syswow64\kernel32.dll!Process32NextW 00000000763388f2 5 bytes JMP 000000007ef206de .text C:\MSI\MSI SUITE\FastBoot\SuiteFastBootService.exe[3232] C:\Windows\syswow64\kernel32.dll!MoveFileExA 000000007633ccf1 5 bytes JMP 000000007ef20788 .text C:\MSI\MSI SUITE\FastBoot\SuiteFastBootService.exe[3232] C:\Windows\syswow64\kernel32.dll!MoveFileWithProgressA 000000007633cd11 5 bytes JMP 000000007ef207cc .text C:\MSI\MSI SUITE\FastBoot\SuiteFastBootService.exe[3232] C:\Windows\syswow64\kernel32.dll!WinExec 0000000076393231 5 bytes JMP 000000007ef2029e .text C:\MSI\MSI SUITE\FastBoot\SuiteFastBootService.exe[3232] C:\Windows\syswow64\kernel32.dll!ReadConsoleInputA 00000000763b773b 5 bytes JMP 000000007ef20568 .text C:\MSI\MSI SUITE\FastBoot\SuiteFastBootService.exe[3232] C:\Windows\syswow64\kernel32.dll!ReadConsoleInputW 00000000763b775e 5 bytes JMP 000000007ef2058a .text C:\MSI\MSI SUITE\FastBoot\SuiteFastBootService.exe[3232] C:\Windows\syswow64\kernel32.dll!ReadConsoleA 00000000763b7b09 5 bytes JMP 000000007ef205ac .text C:\MSI\MSI SUITE\FastBoot\SuiteFastBootService.exe[3232] C:\Windows\syswow64\kernel32.dll!ReadConsoleW 00000000763b7b82 5 bytes JMP 000000007ef205ce .text C:\MSI\MSI SUITE\FastBoot\SuiteFastBootService.exe[3232] C:\Windows\syswow64\KERNELBASE.dll!GetSystemTimeAsFileTime 0000000077078fa5 5 bytes JMP 000000007ef200a0 .text C:\MSI\MSI SUITE\FastBoot\SuiteFastBootService.exe[3232] C:\Windows\syswow64\KERNELBASE.dll!CloseHandle 000000007707c558 5 bytes JMP 000000007ef20546 .text C:\MSI\MSI SUITE\FastBoot\SuiteFastBootService.exe[3232] C:\Windows\syswow64\KERNELBASE.dll!WriteProcessMemory 000000007707edc6 5 bytes JMP 000000007ef204e0 .text C:\MSI\MSI SUITE\FastBoot\SuiteFastBootService.exe[3232] C:\Windows\syswow64\KERNELBASE.dll!ExitProcess 000000007707f329 5 bytes JMP 000000007ef201d2 .text C:\MSI\MSI SUITE\FastBoot\SuiteFastBootService.exe[3232] C:\Windows\syswow64\KERNELBASE.dll!GetStartupInfoW 000000007707fbac 5 bytes JMP 000000007ef20106 .text C:\MSI\MSI SUITE\FastBoot\SuiteFastBootService.exe[3232] C:\Windows\syswow64\KERNELBASE.dll!DefineDosDeviceW 000000007707fcda 5 bytes JMP 000000007ef20766 .text C:\MSI\MSI SUITE\FastBoot\SuiteFastBootService.exe[3232] C:\Windows\syswow64\KERNELBASE.dll!CreateMutexW 000000007708147b 5 bytes JMP 000000007ef20524 .text C:\MSI\MSI SUITE\FastBoot\SuiteFastBootService.exe[3232] C:\Windows\syswow64\KERNELBASE.dll!OpenMutexW 00000000770814a2 5 bytes JMP 000000007ef20502 .text C:\MSI\MSI SUITE\FastBoot\SuiteFastBootService.exe[3232] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000077081e4c 5 bytes JMP 000000007ef2007e .text C:\MSI\MSI SUITE\FastBoot\SuiteFastBootService.exe[3232] C:\Windows\syswow64\KERNELBASE.dll!GetProcAddress 0000000077081f38 5 bytes JMP 000000007ef20216 .text C:\MSI\MSI SUITE\FastBoot\SuiteFastBootService.exe[3232] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000077082bdc 5 bytes JMP 000000007ef2069a .text C:\MSI\MSI SUITE\FastBoot\SuiteFastBootService.exe[3232] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExA 0000000077082e40 5 bytes JMP 000000007ef20678 .text C:\MSI\MSI SUITE\FastBoot\SuiteFastBootService.exe[3232] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000077082e7e 5 bytes JMP 000000007ef206bc .text C:\MSI\MSI SUITE\FastBoot\SuiteFastBootService.exe[3232] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleA 0000000077082fe1 5 bytes JMP 000000007ef2005c .text C:\MSI\MSI SUITE\FastBoot\SuiteFastBootService.exe[3232] C:\Windows\syswow64\KERNELBASE.dll!OpenThread 000000007708396a 5 bytes JMP 000000007ef2049c .text C:\MSI\MSI SUITE\FastBoot\SuiteFastBootService.exe[3232] C:\Windows\syswow64\KERNELBASE.dll!SleepEx 0000000077083cd7 5 bytes JMP 000000007ef2018e .text C:\MSI\MSI SUITE\FastBoot\SuiteFastBootService.exe[3232] C:\Windows\syswow64\KERNELBASE.dll!CreateRemoteThreadEx 0000000077083fdf 5 bytes JMP 000000007ef208fe .text C:\MSI\MSI SUITE\FastBoot\SuiteFastBootService.exe[3232] C:\Windows\syswow64\KERNELBASE.dll!Sleep 00000000770845fd 5 bytes JMP 000000007ef201f4 .text C:\MSI\MSI SUITE\FastBoot\SuiteFastBootService.exe[3232] C:\Windows\syswow64\KERNELBASE.dll!CreateThread 000000007708476f 5 bytes JMP 000000007ef204be .text C:\MSI\MSI SUITE\FastBoot\SuiteFastBootService.exe[3232] C:\Windows\syswow64\KERNELBASE.dll!CreateRemoteThread 0000000077084798 5 bytes JMP 000000007ef202e2 .text C:\MSI\MSI SUITE\FastBoot\SuiteFastBootService.exe[3232] C:\Windows\syswow64\KERNELBASE.dll!DeleteFileW 0000000077089dcf 5 bytes JMP 000000007ef20832 .text C:\MSI\MSI SUITE\FastBoot\SuiteFastBootService.exe[3232] C:\Windows\syswow64\KERNELBASE.dll!DeleteFileA 000000007708a11c 5 bytes JMP 000000007ef20854 .text C:\MSI\MSI SUITE\FastBoot\SuiteFastBootService.exe[3232] C:\Windows\syswow64\KERNELBASE.dll!FindNextFileW 000000007708a37a 5 bytes JMP 000000007ef20964 .text C:\MSI\MSI SUITE\FastBoot\SuiteFastBootService.exe[3232] C:\Windows\syswow64\KERNELBASE.dll!FindClose 000000007708a589 5 bytes JMP 000000007ef20986 .text C:\MSI\MSI SUITE\FastBoot\SuiteFastBootService.exe[3232] C:\Windows\syswow64\KERNELBASE.dll!FindFirstFileExW 000000007708a663 5 bytes JMP 000000007ef20942 .text C:\MSI\MSI SUITE\FastBoot\SuiteFastBootService.exe[3232] C:\Windows\syswow64\KERNELBASE.dll!CreateFileA 000000007708c8a8 5 bytes JMP 000000007ef2027c .text C:\MSI\MSI SUITE\FastBoot\SuiteFastBootService.exe[3232] C:\Windows\syswow64\KERNELBASE.dll!CreateWellKnownSid 000000007708e414 5 bytes JMP 000000007ef209a8 .text C:\MSI\MSI SUITE\FastBoot\SuiteFastBootService.exe[3232] C:\Windows\syswow64\ADVAPI32.dll!CryptGenKey 0000000076c28e69 5 bytes JMP 000000007ef20d1c .text C:\MSI\MSI SUITE\FastBoot\SuiteFastBootService.exe[3232] C:\Windows\syswow64\ADVAPI32.dll!CryptAcquireContextA 0000000076c29159 5 bytes JMP 000000007ef20cd8 .text C:\MSI\MSI SUITE\FastBoot\SuiteFastBootService.exe[3232] C:\Windows\syswow64\ADVAPI32.dll!CryptExportKey 0000000076c29166 5 bytes JMP 000000007ef20d82 .text C:\MSI\MSI SUITE\FastBoot\SuiteFastBootService.exe[3232] C:\Windows\syswow64\ADVAPI32.dll!CryptImportKey 0000000076c2c4b2 5 bytes JMP 000000007ef20de8 .text C:\MSI\MSI SUITE\FastBoot\SuiteFastBootService.exe[3232] C:\Windows\syswow64\ADVAPI32.dll!OpenServiceW 0000000076c2c9cc 5 bytes JMP 000000007ef20b84 .text C:\MSI\MSI SUITE\FastBoot\SuiteFastBootService.exe[3232] C:\Windows\syswow64\ADVAPI32.dll!CryptAcquireContextW 0000000076c2de94 5 bytes JMP 000000007ef20cfa .text C:\MSI\MSI SUITE\FastBoot\SuiteFastBootService.exe[3232] C:\Windows\syswow64\ADVAPI32.dll!CryptHashData 0000000076c2deb6 5 bytes JMP 000000007ef20dc6 .text C:\MSI\MSI SUITE\FastBoot\SuiteFastBootService.exe[3232] C:\Windows\syswow64\ADVAPI32.dll!CryptCreateHash 0000000076c2dece 5 bytes JMP 000000007ef20d60 .text C:\MSI\MSI SUITE\FastBoot\SuiteFastBootService.exe[3232] C:\Windows\syswow64\ADVAPI32.dll!CryptGetHashParam 0000000076c2defe 5 bytes JMP 000000007ef20da4 .text C:\MSI\MSI SUITE\FastBoot\SuiteFastBootService.exe[3232] C:\Windows\syswow64\ADVAPI32.dll!OpenServiceA 0000000076c32b38 5 bytes JMP 000000007ef20b62 .text C:\MSI\MSI SUITE\FastBoot\SuiteFastBootService.exe[3232] C:\Windows\syswow64\ADVAPI32.dll!CloseServiceHandle 0000000076c335e4 5 bytes JMP 000000007ef20c72 .text C:\MSI\MSI SUITE\FastBoot\SuiteFastBootService.exe[3232] C:\Windows\syswow64\ADVAPI32.dll!RegOpenKeyExA + 222 0000000076c34939 5 bytes JMP 000000007ef20a96 .text C:\MSI\MSI SUITE\FastBoot\SuiteFastBootService.exe[3232] C:\Windows\syswow64\ADVAPI32.dll!CreateServiceW 0000000076c470a4 5 bytes JMP 000000007ef20cb6 .text C:\MSI\MSI SUITE\FastBoot\SuiteFastBootService.exe[3232] C:\Windows\syswow64\ADVAPI32.dll!ControlService 0000000076c470bc 5 bytes JMP 000000007ef20bea .text C:\MSI\MSI SUITE\FastBoot\SuiteFastBootService.exe[3232] C:\Windows\syswow64\ADVAPI32.dll!DeleteService 0000000076c470d4 5 bytes JMP 000000007ef20c0c .text C:\MSI\MSI SUITE\FastBoot\SuiteFastBootService.exe[3232] C:\Windows\syswow64\ADVAPI32.dll!CryptEncrypt 0000000076c4771b 5 bytes JMP 000000007ef20d3e .text C:\MSI\MSI SUITE\FastBoot\SuiteFastBootService.exe[3232] C:\Windows\syswow64\ADVAPI32.dll!ChangeServiceConfigA 0000000076c633a4 5 bytes JMP 000000007ef20c2e .text C:\MSI\MSI SUITE\FastBoot\SuiteFastBootService.exe[3232] C:\Windows\syswow64\ADVAPI32.dll!ChangeServiceConfigW 0000000076c633b4 5 bytes JMP 000000007ef20c50 .text C:\MSI\MSI SUITE\FastBoot\SuiteFastBootService.exe[3232] C:\Windows\syswow64\ADVAPI32.dll!ControlServiceExA 0000000076c633c4 5 bytes JMP 000000007ef20ba6 .text C:\MSI\MSI SUITE\FastBoot\SuiteFastBootService.exe[3232] C:\Windows\syswow64\ADVAPI32.dll!ControlServiceExW 0000000076c633d4 5 bytes JMP 000000007ef20bc8 .text C:\MSI\MSI SUITE\FastBoot\SuiteFastBootService.exe[3232] C:\Windows\syswow64\ADVAPI32.dll!CreateServiceA 0000000076c63414 5 bytes JMP 000000007ef20c94 .text C:\MSI\MSI SUITE\FastBoot\SuiteFastBootService.exe[3232] C:\Windows\syswow64\msvcrt.dll!_lock + 41 000000007652a472 5 bytes JMP 000000007ef20ab8 .text C:\MSI\MSI SUITE\FastBoot\SuiteFastBootService.exe[3232] C:\Windows\syswow64\msvcrt.dll!__p__fmode 00000000765327ce 5 bytes JMP 000000007ef20b40 .text C:\MSI\MSI SUITE\FastBoot\SuiteFastBootService.exe[3232] C:\Windows\syswow64\msvcrt.dll!__p__environ 000000007653e6cf 5 bytes JMP 000000007ef20b1e .text C:\MSI\MSI SUITE\FastBoot\SuiteFastBootService.exe[3232] C:\Windows\syswow64\USER32.dll!GetWindowLongW 0000000076ef6ffe 5 bytes JMP 000000007ef2117e .text C:\MSI\MSI SUITE\FastBoot\SuiteFastBootService.exe[3232] C:\Windows\syswow64\USER32.dll!GetMessageW 0000000076ef78e2 5 bytes JMP 000000007ef20ef8 .text C:\MSI\MSI SUITE\FastBoot\SuiteFastBootService.exe[3232] C:\Windows\syswow64\USER32.dll!GetMessageA 0000000076ef7bd3 5 bytes JMP 000000007ef20ed6 .text C:\MSI\MSI SUITE\FastBoot\SuiteFastBootService.exe[3232] C:\Windows\syswow64\USER32.dll!SetWindowLongW 0000000076ef8332 5 bytes JMP 000000007ef211c2 .text C:\MSI\MSI SUITE\FastBoot\SuiteFastBootService.exe[3232] C:\Windows\syswow64\USER32.dll!CreateWindowExW 0000000076ef8a29 5 bytes JMP 000000007ef20fa2 .text C:\MSI\MSI SUITE\FastBoot\SuiteFastBootService.exe[3232] C:\Windows\syswow64\USER32.dll!FindWindowW 0000000076ef98fd 5 bytes JMP 000000007ef21118 .text C:\MSI\MSI SUITE\FastBoot\SuiteFastBootService.exe[3232] C:\Windows\syswow64\USER32.dll!UserClientDllInitialize 0000000076efb6fa 5 bytes JMP 000000007ef20ada .text C:\MSI\MSI SUITE\FastBoot\SuiteFastBootService.exe[3232] C:\Windows\syswow64\USER32.dll!GetWindowLongA 0000000076efd166 5 bytes JMP 000000007ef2115c .text C:\MSI\MSI SUITE\FastBoot\SuiteFastBootService.exe[3232] C:\Windows\syswow64\USER32.dll!CreateWindowExA 0000000076efd23e 5 bytes JMP 000000007ef20fc4 .text C:\MSI\MSI SUITE\FastBoot\SuiteFastBootService.exe[3232] C:\Windows\syswow64\USER32.dll!SetWinEventHook 0000000076efee21 5 bytes JMP 000000007ef20eb4 .text C:\MSI\MSI SUITE\FastBoot\SuiteFastBootService.exe[3232] C:\Windows\syswow64\USER32.dll!FindWindowA 0000000076effffe 5 bytes JMP 000000007ef210d4 .text C:\MSI\MSI SUITE\FastBoot\SuiteFastBootService.exe[3232] C:\Windows\syswow64\USER32.dll!FindWindowExA 0000000076f000f1 5 bytes JMP 000000007ef210f6 .text C:\MSI\MSI SUITE\FastBoot\SuiteFastBootService.exe[3232] C:\Windows\syswow64\USER32.dll!PeekMessageW 0000000076f005d2 5 bytes JMP 000000007ef20f3c .text C:\MSI\MSI SUITE\FastBoot\SuiteFastBootService.exe[3232] C:\Windows\syswow64\USER32.dll!ShowWindow 0000000076f00e13 5 bytes JMP 000000007ef20fe6 .text C:\MSI\MSI SUITE\FastBoot\SuiteFastBootService.exe[3232] C:\Windows\syswow64\USER32.dll!SetWindowTextW 0000000076f01f14 5 bytes JMP 000000007ef210b2 .text C:\MSI\MSI SUITE\FastBoot\SuiteFastBootService.exe[3232] C:\Windows\syswow64\USER32.dll!UnhookWindowsHookEx 0000000076f0392d 5 bytes JMP 000000007ef20f80 .text C:\MSI\MSI SUITE\FastBoot\SuiteFastBootService.exe[3232] C:\Windows\syswow64\USER32.dll!FindWindowExW 0000000076f0398a 5 bytes JMP 000000007ef2113a .text C:\MSI\MSI SUITE\FastBoot\SuiteFastBootService.exe[3232] C:\Windows\syswow64\USER32.dll!PeekMessageA 0000000076f07044 5 bytes JMP 000000007ef20f1a .text C:\MSI\MSI SUITE\FastBoot\SuiteFastBootService.exe[3232] C:\Windows\syswow64\USER32.dll!SetWindowLongA 0000000076f071e0 5 bytes JMP 000000007ef211a0 .text C:\MSI\MSI SUITE\FastBoot\SuiteFastBootService.exe[3232] C:\Windows\syswow64\USER32.dll!CallNextHookEx 0000000076f07355 5 bytes JMP 000000007ef20f5e .text C:\MSI\MSI SUITE\FastBoot\SuiteFastBootService.exe[3232] C:\Windows\syswow64\USER32.dll!SetWindowsHookExW 0000000076f081f5 5 bytes JMP 000000007ef20e92 .text C:\MSI\MSI SUITE\FastBoot\SuiteFastBootService.exe[3232] C:\Windows\syswow64\USER32.dll!SendNotifyMessageW 0000000076f0825a 5 bytes JMP 000000007ef21206 .text C:\MSI\MSI SUITE\FastBoot\SuiteFastBootService.exe[3232] C:\Windows\syswow64\USER32.dll!SetWindowTextA 0000000076f086de 5 bytes JMP 000000007ef21090 .text C:\MSI\MSI SUITE\FastBoot\SuiteFastBootService.exe[3232] C:\Windows\syswow64\USER32.dll!SetWindowsHookExA 0000000076f08f4c 5 bytes JMP 000000007ef20e70 .text C:\MSI\MSI SUITE\FastBoot\SuiteFastBootService.exe[3232] C:\Windows\syswow64\USER32.dll!DialogBoxIndirectParamAorW 0000000076f1d954 5 bytes JMP 000000007ef2102a .text C:\MSI\MSI SUITE\FastBoot\SuiteFastBootService.exe[3232] C:\Windows\syswow64\USER32.dll!CreateDialogIndirectParamAorW 0000000076f21080 5 bytes JMP 000000007ef21008 .text C:\MSI\MSI SUITE\FastBoot\SuiteFastBootService.exe[3232] C:\Windows\syswow64\USER32.dll!MessageBoxExA 0000000076f4fd66 5 bytes JMP 000000007ef2104c .text C:\MSI\MSI SUITE\FastBoot\SuiteFastBootService.exe[3232] C:\Windows\syswow64\USER32.dll!MessageBoxExW 0000000076f4fd8a 5 bytes JMP 000000007ef2106e .text C:\MSI\MSI SUITE\FastBoot\SuiteFastBootService.exe[3232] C:\Windows\syswow64\USER32.dll!SendNotifyMessageA 0000000076f56df5 5 bytes JMP 000000007ef211e4 .text C:\MSI\MSI SUITE\FastBoot\SuiteFastBootService.exe[3232] C:\Windows\syswow64\GDI32.dll!TranslateCharsetInfo + 505 0000000076d1633b 5 bytes JMP 000000007ef20afc .text C:\MSI\MSI SUITE\FastBoot\SuiteFastBootService.exe[3232] C:\Windows\syswow64\GDI32.dll!SetBrushAttributes 0000000076d385fd 5 bytes JMP 000000007ef20e0a .text C:\MSI\MSI SUITE\FastBoot\SuiteFastBootService.exe[3232] C:\Windows\syswow64\GDI32.dll!ClearBrushAttributes 0000000076d3861c 5 bytes JMP 000000007ef20e2c .text C:\MSI\MSI SUITE\FastBoot\SuiteFastBootService.exe[3232] C:\Windows\syswow64\GDI32.dll!NamedEscape 0000000076d4421d 5 bytes JMP 000000007ef20e4e .text C:\Program Files (x86)\MSI\Super Charger\ChargeService.exe[3264] C:\Windows\SysWOW64\ntdll.dll!NtClose 00000000774df9f0 5 bytes JMP 000000007ef20700 .text C:\Program Files (x86)\MSI\Super Charger\ChargeService.exe[3264] C:\Windows\SysWOW64\ntdll.dll!NtAllocateVirtualMemory 00000000774dfad0 5 bytes JMP 000000007ef208ba .text C:\Program Files (x86)\MSI\Super Charger\ChargeService.exe[3264] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationProcess 00000000774dfb38 1 byte JMP 000000007ef20656 .text C:\Program Files (x86)\MSI\Super Charger\ChargeService.exe[3264] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationProcess + 2 00000000774dfb3a 3 bytes {JMP 0x7a40b1e} .text C:\Program Files (x86)\MSI\Super Charger\ChargeService.exe[3264] C:\Windows\SysWOW64\ntdll.dll!NtQueryInformationToken 00000000774dfbb8 5 bytes JMP 000000007ef209ca .text C:\Program Files (x86)\MSI\Super Charger\ChargeService.exe[3264] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess 00000000774dfc30 5 bytes JMP 000000007ef203f2 .text C:\Program Files (x86)\MSI\Super Charger\ChargeService.exe[3264] C:\Windows\SysWOW64\ntdll.dll!NtMapViewOfSection 00000000774dfc60 5 bytes JMP 000000007ef20018 .text C:\Program Files (x86)\MSI\Super Charger\ChargeService.exe[3264] C:\Windows\SysWOW64\ntdll.dll!NtUnmapViewOfSection 00000000774dfc90 5 bytes JMP 000000007ef2003a .text C:\Program Files (x86)\MSI\Super Charger\ChargeService.exe[3264] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 00000000774dfcc0 5 bytes JMP 000000007ef20634 .text C:\Program Files (x86)\MSI\Super Charger\ChargeService.exe[3264] C:\Windows\SysWOW64\ntdll.dll!NtOpenSection 00000000774dfdd8 5 bytes JMP 000000007ef20a0e .text C:\Program Files (x86)\MSI\Super Charger\ChargeService.exe[3264] C:\Windows\SysWOW64\ntdll.dll!NtWriteVirtualMemory 00000000774dfe24 5 bytes JMP 000000007ef203ae .text C:\Program Files (x86)\MSI\Super Charger\ChargeService.exe[3264] C:\Windows\SysWOW64\ntdll.dll!NtDuplicateObject 00000000774dfe54 5 bytes JMP 000000007ef20436 .text C:\Program Files (x86)\MSI\Super Charger\ChargeService.exe[3264] C:\Windows\SysWOW64\ntdll.dll!NtOpenEvent 00000000774dfeb8 5 bytes JMP 000000007ef20876 .text C:\Program Files (x86)\MSI\Super Charger\ChargeService.exe[3264] C:\Windows\SysWOW64\ntdll.dll!NtAdjustPrivilegesToken 00000000774dfed0 5 bytes JMP 000000007ef20810 .text C:\Program Files (x86)\MSI\Super Charger\ChargeService.exe[3264] C:\Windows\SysWOW64\ntdll.dll!NtQueueApcThread 00000000774dff34 5 bytes JMP 000000007ef20414 .text C:\Program Files (x86)\MSI\Super Charger\ChargeService.exe[3264] C:\Windows\SysWOW64\ntdll.dll!NtCreateProcessEx 00000000774dfffc 5 bytes JMP 000000007ef2036a .text C:\Program Files (x86)\MSI\Super Charger\ChargeService.exe[3264] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread 00000000774e0014 5 bytes JMP 000000007ef20326 .text C:\Program Files (x86)\MSI\Super Charger\ChargeService.exe[3264] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory 00000000774e0048 5 bytes JMP 000000007ef208dc .text C:\Program Files (x86)\MSI\Super Charger\ChargeService.exe[3264] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile 00000000774e00c4 2 bytes JMP 000000007ef20128 .text C:\Program Files (x86)\MSI\Super Charger\ChargeService.exe[3264] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile + 3 00000000774e00c7 2 bytes [A4, 07] .text C:\Program Files (x86)\MSI\Super Charger\ChargeService.exe[3264] C:\Windows\SysWOW64\ntdll.dll!NtSetValueKey 00000000774e01d4 5 bytes JMP 000000007ef201b0 .text C:\Program Files (x86)\MSI\Super Charger\ChargeService.exe[3264] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant 00000000774e07ac 2 bytes JMP 000000007ef20898 .text C:\Program Files (x86)\MSI\Super Charger\ChargeService.exe[3264] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant + 3 00000000774e07af 2 bytes [A4, 07] .text C:\Program Files (x86)\MSI\Super Charger\ChargeService.exe[3264] C:\Windows\SysWOW64\ntdll.dll!NtCreateProcess 00000000774e0824 5 bytes JMP 000000007ef20348 .text C:\Program Files (x86)\MSI\Super Charger\ChargeService.exe[3264] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx 00000000774e08b4 5 bytes JMP 000000007ef20304 .text C:\Program Files (x86)\MSI\Super Charger\ChargeService.exe[3264] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver 00000000774e0e04 5 bytes JMP 000000007ef20722 .text C:\Program Files (x86)\MSI\Super Charger\ChargeService.exe[3264] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessToken 00000000774e10d0 5 bytes JMP 000000007ef209a8 .text C:\Program Files (x86)\MSI\Super Charger\ChargeService.exe[3264] C:\Windows\SysWOW64\ntdll.dll!NtRaiseHardError 00000000774e1614 5 bytes JMP 000000007ef205f0 .text C:\Program Files (x86)\MSI\Super Charger\ChargeService.exe[3264] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread 00000000774e1930 5 bytes JMP 000000007ef203d0 .text C:\Program Files (x86)\MSI\Super Charger\ChargeService.exe[3264] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation 00000000774e1bf4 5 bytes JMP 000000007ef20744 .text C:\Program Files (x86)\MSI\Super Charger\ChargeService.exe[3264] C:\Windows\SysWOW64\ntdll.dll!NtSuspendProcess 00000000774e1d64 5 bytes JMP 000000007ef2047a .text C:\Program Files (x86)\MSI\Super Charger\ChargeService.exe[3264] C:\Windows\SysWOW64\ntdll.dll!NtSuspendThread 00000000774e1d80 5 bytes JMP 000000007ef20458 .text C:\Program Files (x86)\MSI\Super Charger\ChargeService.exe[3264] C:\Windows\SysWOW64\ntdll.dll!NtSystemDebugControl 00000000774e1d9c 5 bytes JMP 000000007ef20a30 .text C:\Program Files (x86)\MSI\Super Charger\ChargeService.exe[3264] C:\Windows\SysWOW64\ntdll.dll!RtlQueryPerformanceCounter 00000000774f2954 5 bytes JMP 000000007ef200c2 .text C:\Program Files (x86)\MSI\Super Charger\ChargeService.exe[3264] C:\Windows\SysWOW64\ntdll.dll!RtlEqualSid 00000000774f8ee1 5 bytes JMP 000000007ef209ec .text C:\Program Files (x86)\MSI\Super Charger\ChargeService.exe[3264] C:\Windows\SysWOW64\ntdll.dll!RtlCreateProcessParametersEx 000000007752005b 5 bytes JMP 000000007ef2016c .text C:\Program Files (x86)\MSI\Super Charger\ChargeService.exe[3264] C:\Windows\SysWOW64\ntdll.dll!RtlReportException 0000000077568757 5 bytes JMP 000000007ef20612 .text C:\Program Files (x86)\MSI\Super Charger\ChargeService.exe[3264] C:\Windows\SysWOW64\ntdll.dll!RtlCreateProcessParameters 000000007756e9f7 5 bytes JMP 000000007ef2014a .text C:\Program Files (x86)\MSI\Super Charger\ChargeService.exe[3264] C:\Windows\syswow64\kernel32.dll!GetStartupInfoA 0000000076310e00 5 bytes JMP 000000007ef200e4 .text C:\Program Files (x86)\MSI\Super Charger\ChargeService.exe[3264] C:\Windows\syswow64\kernel32.dll!CreateProcessA 0000000076311072 5 bytes JMP 000000007ef202c0 .text C:\Program Files (x86)\MSI\Super Charger\ChargeService.exe[3264] C:\Windows\syswow64\kernel32.dll!LoadLibraryA 0000000076314977 5 bytes JMP 000000007ef20238 .text C:\Program Files (x86)\MSI\Super Charger\ChargeService.exe[3264] C:\Windows\syswow64\kernel32.dll!CreateProcessInternalW 0000000076323bbb 5 bytes JMP 000000007ef2038c .text C:\Program Files (x86)\MSI\Super Charger\ChargeService.exe[3264] C:\Windows\syswow64\kernel32.dll!MoveFileWithProgressW 0000000076329abc 5 bytes JMP 000000007ef207ee .text C:\Program Files (x86)\MSI\Super Charger\ChargeService.exe[3264] C:\Windows\syswow64\kernel32.dll!MoveFileExW 0000000076329b1d 5 bytes JMP 000000007ef207aa .text C:\Program Files (x86)\MSI\Super Charger\ChargeService.exe[3264] C:\Windows\syswow64\kernel32.dll!CreateToolhelp32Snapshot 000000007633733f 5 bytes JMP 000000007ef2025a .text C:\Program Files (x86)\MSI\Super Charger\ChargeService.exe[3264] C:\Windows\syswow64\kernel32.dll!Process32NextW 00000000763388f2 5 bytes JMP 000000007ef206de .text C:\Program Files (x86)\MSI\Super Charger\ChargeService.exe[3264] C:\Windows\syswow64\kernel32.dll!MoveFileExA 000000007633ccf1 5 bytes JMP 000000007ef20788 .text C:\Program Files (x86)\MSI\Super Charger\ChargeService.exe[3264] C:\Windows\syswow64\kernel32.dll!MoveFileWithProgressA 000000007633cd11 5 bytes JMP 000000007ef207cc .text C:\Program Files (x86)\MSI\Super Charger\ChargeService.exe[3264] C:\Windows\syswow64\kernel32.dll!WinExec 0000000076393231 5 bytes JMP 000000007ef2029e .text C:\Program Files (x86)\MSI\Super Charger\ChargeService.exe[3264] C:\Windows\syswow64\kernel32.dll!ReadConsoleInputA 00000000763b773b 5 bytes JMP 000000007ef20568 .text C:\Program Files (x86)\MSI\Super Charger\ChargeService.exe[3264] C:\Windows\syswow64\kernel32.dll!ReadConsoleInputW 00000000763b775e 5 bytes JMP 000000007ef2058a .text C:\Program Files (x86)\MSI\Super Charger\ChargeService.exe[3264] C:\Windows\syswow64\kernel32.dll!ReadConsoleA 00000000763b7b09 5 bytes JMP 000000007ef205ac .text C:\Program Files (x86)\MSI\Super Charger\ChargeService.exe[3264] C:\Windows\syswow64\kernel32.dll!ReadConsoleW 00000000763b7b82 5 bytes JMP 000000007ef205ce .text C:\Program Files (x86)\MSI\Super Charger\ChargeService.exe[3264] C:\Windows\syswow64\KERNELBASE.dll!GetSystemTimeAsFileTime 0000000077078fa5 5 bytes JMP 000000007ef200a0 .text C:\Program Files (x86)\MSI\Super Charger\ChargeService.exe[3264] C:\Windows\syswow64\KERNELBASE.dll!CloseHandle 000000007707c558 5 bytes JMP 000000007ef20546 .text C:\Program Files (x86)\MSI\Super Charger\ChargeService.exe[3264] C:\Windows\syswow64\KERNELBASE.dll!WriteProcessMemory 000000007707edc6 5 bytes JMP 000000007ef204e0 .text C:\Program Files (x86)\MSI\Super Charger\ChargeService.exe[3264] C:\Windows\syswow64\KERNELBASE.dll!ExitProcess 000000007707f329 5 bytes JMP 000000007ef201d2 .text C:\Program Files (x86)\MSI\Super Charger\ChargeService.exe[3264] C:\Windows\syswow64\KERNELBASE.dll!GetStartupInfoW 000000007707fbac 5 bytes JMP 000000007ef20106 .text C:\Program Files (x86)\MSI\Super Charger\ChargeService.exe[3264] C:\Windows\syswow64\KERNELBASE.dll!DefineDosDeviceW 000000007707fcda 5 bytes JMP 000000007ef20766 .text C:\Program Files (x86)\MSI\Super Charger\ChargeService.exe[3264] C:\Windows\syswow64\KERNELBASE.dll!CreateMutexW 000000007708147b 5 bytes JMP 000000007ef20524 .text C:\Program Files (x86)\MSI\Super Charger\ChargeService.exe[3264] C:\Windows\syswow64\KERNELBASE.dll!OpenMutexW 00000000770814a2 5 bytes JMP 000000007ef20502 .text C:\Program Files (x86)\MSI\Super Charger\ChargeService.exe[3264] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000077081e4c 5 bytes JMP 000000007ef2007e .text C:\Program Files (x86)\MSI\Super Charger\ChargeService.exe[3264] C:\Windows\syswow64\KERNELBASE.dll!GetProcAddress 0000000077081f38 5 bytes JMP 000000007ef20216 .text C:\Program Files (x86)\MSI\Super Charger\ChargeService.exe[3264] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000077082bdc 5 bytes JMP 000000007ef2069a .text C:\Program Files (x86)\MSI\Super Charger\ChargeService.exe[3264] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExA 0000000077082e40 5 bytes JMP 000000007ef20678 .text C:\Program Files (x86)\MSI\Super Charger\ChargeService.exe[3264] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000077082e7e 5 bytes JMP 000000007ef206bc .text C:\Program Files (x86)\MSI\Super Charger\ChargeService.exe[3264] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleA 0000000077082fe1 5 bytes JMP 000000007ef2005c .text C:\Program Files (x86)\MSI\Super Charger\ChargeService.exe[3264] C:\Windows\syswow64\KERNELBASE.dll!OpenThread 000000007708396a 5 bytes JMP 000000007ef2049c .text C:\Program Files (x86)\MSI\Super Charger\ChargeService.exe[3264] C:\Windows\syswow64\KERNELBASE.dll!SleepEx 0000000077083cd7 5 bytes JMP 000000007ef2018e .text C:\Program Files (x86)\MSI\Super Charger\ChargeService.exe[3264] C:\Windows\syswow64\KERNELBASE.dll!CreateRemoteThreadEx 0000000077083fdf 5 bytes JMP 000000007ef208fe .text C:\Program Files (x86)\MSI\Super Charger\ChargeService.exe[3264] C:\Windows\syswow64\KERNELBASE.dll!Sleep 00000000770845fd 5 bytes JMP 000000007ef201f4 .text C:\Program Files (x86)\MSI\Super Charger\ChargeService.exe[3264] C:\Windows\syswow64\KERNELBASE.dll!CreateThread 000000007708476f 5 bytes JMP 000000007ef204be .text C:\Program Files (x86)\MSI\Super Charger\ChargeService.exe[3264] C:\Windows\syswow64\KERNELBASE.dll!CreateRemoteThread 0000000077084798 5 bytes JMP 000000007ef202e2 .text C:\Program Files (x86)\MSI\Super Charger\ChargeService.exe[3264] C:\Windows\syswow64\KERNELBASE.dll!DeleteFileW 0000000077089dcf 5 bytes JMP 000000007ef20832 .text C:\Program Files (x86)\MSI\Super Charger\ChargeService.exe[3264] C:\Windows\syswow64\KERNELBASE.dll!DeleteFileA 000000007708a11c 5 bytes JMP 000000007ef20854 .text C:\Program Files (x86)\MSI\Super Charger\ChargeService.exe[3264] C:\Windows\syswow64\KERNELBASE.dll!FindNextFileW 000000007708a37a 5 bytes JMP 000000007ef20942 .text C:\Program Files (x86)\MSI\Super Charger\ChargeService.exe[3264] C:\Windows\syswow64\KERNELBASE.dll!FindClose 000000007708a589 5 bytes JMP 000000007ef20964 .text C:\Program Files (x86)\MSI\Super Charger\ChargeService.exe[3264] C:\Windows\syswow64\KERNELBASE.dll!FindFirstFileExW 000000007708a663 5 bytes JMP 000000007ef20920 .text C:\Program Files (x86)\MSI\Super Charger\ChargeService.exe[3264] C:\Windows\syswow64\KERNELBASE.dll!CreateFileA 000000007708c8a8 5 bytes JMP 000000007ef2027c .text C:\Program Files (x86)\MSI\Super Charger\ChargeService.exe[3264] C:\Windows\syswow64\KERNELBASE.dll!CreateWellKnownSid 000000007708e414 5 bytes JMP 000000007ef20986 .text C:\Program Files (x86)\MSI\Super Charger\ChargeService.exe[3264] C:\Windows\syswow64\ADVAPI32.dll!CryptGenKey 0000000076c28e69 5 bytes JMP 000000007ef20cd8 .text C:\Program Files (x86)\MSI\Super Charger\ChargeService.exe[3264] C:\Windows\syswow64\ADVAPI32.dll!CryptAcquireContextA 0000000076c29159 5 bytes JMP 000000007ef20c94 .text C:\Program Files (x86)\MSI\Super Charger\ChargeService.exe[3264] C:\Windows\syswow64\ADVAPI32.dll!CryptExportKey 0000000076c29166 5 bytes JMP 000000007ef20d3e .text C:\Program Files (x86)\MSI\Super Charger\ChargeService.exe[3264] C:\Windows\syswow64\ADVAPI32.dll!CryptImportKey 0000000076c2c4b2 5 bytes JMP 000000007ef20da4 .text C:\Program Files (x86)\MSI\Super Charger\ChargeService.exe[3264] C:\Windows\syswow64\ADVAPI32.dll!OpenServiceW 0000000076c2c9cc 5 bytes JMP 000000007ef20b40 .text C:\Program Files (x86)\MSI\Super Charger\ChargeService.exe[3264] C:\Windows\syswow64\ADVAPI32.dll!CryptAcquireContextW 0000000076c2de94 5 bytes JMP 000000007ef20cb6 .text C:\Program Files (x86)\MSI\Super Charger\ChargeService.exe[3264] C:\Windows\syswow64\ADVAPI32.dll!CryptHashData 0000000076c2deb6 5 bytes JMP 000000007ef20d82 .text C:\Program Files (x86)\MSI\Super Charger\ChargeService.exe[3264] C:\Windows\syswow64\ADVAPI32.dll!CryptCreateHash 0000000076c2dece 5 bytes JMP 000000007ef20d1c .text C:\Program Files (x86)\MSI\Super Charger\ChargeService.exe[3264] C:\Windows\syswow64\ADVAPI32.dll!CryptGetHashParam 0000000076c2defe 5 bytes JMP 000000007ef20d60 .text C:\Program Files (x86)\MSI\Super Charger\ChargeService.exe[3264] C:\Windows\syswow64\ADVAPI32.dll!OpenServiceA 0000000076c32b38 5 bytes JMP 000000007ef20b1e .text C:\Program Files (x86)\MSI\Super Charger\ChargeService.exe[3264] C:\Windows\syswow64\ADVAPI32.dll!CloseServiceHandle 0000000076c335e4 5 bytes JMP 000000007ef20c2e .text C:\Program Files (x86)\MSI\Super Charger\ChargeService.exe[3264] C:\Windows\syswow64\ADVAPI32.dll!RegOpenKeyExA + 222 0000000076c34939 5 bytes JMP 000000007ef20a52 .text C:\Program Files (x86)\MSI\Super Charger\ChargeService.exe[3264] C:\Windows\syswow64\ADVAPI32.dll!CreateServiceW 0000000076c470a4 5 bytes JMP 000000007ef20c72 .text C:\Program Files (x86)\MSI\Super Charger\ChargeService.exe[3264] C:\Windows\syswow64\ADVAPI32.dll!ControlService 0000000076c470bc 5 bytes JMP 000000007ef20ba6 .text C:\Program Files (x86)\MSI\Super Charger\ChargeService.exe[3264] C:\Windows\syswow64\ADVAPI32.dll!DeleteService 0000000076c470d4 5 bytes JMP 000000007ef20bc8 .text C:\Program Files (x86)\MSI\Super Charger\ChargeService.exe[3264] C:\Windows\syswow64\ADVAPI32.dll!CryptEncrypt 0000000076c4771b 5 bytes JMP 000000007ef20cfa .text C:\Program Files (x86)\MSI\Super Charger\ChargeService.exe[3264] C:\Windows\syswow64\ADVAPI32.dll!ChangeServiceConfigA 0000000076c633a4 5 bytes JMP 000000007ef20bea .text C:\Program Files (x86)\MSI\Super Charger\ChargeService.exe[3264] C:\Windows\syswow64\ADVAPI32.dll!ChangeServiceConfigW 0000000076c633b4 5 bytes JMP 000000007ef20c0c .text C:\Program Files (x86)\MSI\Super Charger\ChargeService.exe[3264] C:\Windows\syswow64\ADVAPI32.dll!ControlServiceExA 0000000076c633c4 5 bytes JMP 000000007ef20b62 .text C:\Program Files (x86)\MSI\Super Charger\ChargeService.exe[3264] C:\Windows\syswow64\ADVAPI32.dll!ControlServiceExW 0000000076c633d4 5 bytes JMP 000000007ef20b84 .text C:\Program Files (x86)\MSI\Super Charger\ChargeService.exe[3264] C:\Windows\syswow64\ADVAPI32.dll!CreateServiceA 0000000076c63414 5 bytes JMP 000000007ef20c50 .text C:\Program Files (x86)\MSI\Super Charger\ChargeService.exe[3264] C:\Windows\syswow64\msvcrt.dll!_lock + 41 000000007652a472 5 bytes JMP 000000007ef20a74 .text C:\Program Files (x86)\MSI\Super Charger\ChargeService.exe[3264] C:\Windows\syswow64\msvcrt.dll!__p__fmode 00000000765327ce 5 bytes JMP 000000007ef20afc .text C:\Program Files (x86)\MSI\Super Charger\ChargeService.exe[3264] C:\Windows\syswow64\msvcrt.dll!__p__environ 000000007653e6cf 5 bytes JMP 000000007ef20ada .text C:\Program Files (x86)\MSI\Super Charger\ChargeService.exe[3264] C:\Windows\syswow64\USER32.dll!GetWindowLongW 0000000076ef6ffe 5 bytes JMP 000000007ef2113a .text C:\Program Files (x86)\MSI\Super Charger\ChargeService.exe[3264] C:\Windows\syswow64\USER32.dll!GetMessageW 0000000076ef78e2 5 bytes JMP 000000007ef20eb4 .text C:\Program Files (x86)\MSI\Super Charger\ChargeService.exe[3264] C:\Windows\syswow64\USER32.dll!GetMessageA 0000000076ef7bd3 5 bytes JMP 000000007ef20e92 .text C:\Program Files (x86)\MSI\Super Charger\ChargeService.exe[3264] C:\Windows\syswow64\USER32.dll!SetWindowLongW 0000000076ef8332 5 bytes JMP 000000007ef2117e .text C:\Program Files (x86)\MSI\Super Charger\ChargeService.exe[3264] C:\Windows\syswow64\USER32.dll!CreateWindowExW 0000000076ef8a29 5 bytes JMP 000000007ef20f5e .text C:\Program Files (x86)\MSI\Super Charger\ChargeService.exe[3264] C:\Windows\syswow64\USER32.dll!FindWindowW 0000000076ef98fd 5 bytes JMP 000000007ef210d4 .text C:\Program Files (x86)\MSI\Super Charger\ChargeService.exe[3264] C:\Windows\syswow64\USER32.dll!UserClientDllInitialize 0000000076efb6fa 5 bytes JMP 000000007ef20a96 .text C:\Program Files (x86)\MSI\Super Charger\ChargeService.exe[3264] C:\Windows\syswow64\USER32.dll!GetWindowLongA 0000000076efd166 5 bytes JMP 000000007ef21118 .text C:\Program Files (x86)\MSI\Super Charger\ChargeService.exe[3264] C:\Windows\syswow64\USER32.dll!CreateWindowExA 0000000076efd23e 5 bytes JMP 000000007ef20f80 .text C:\Program Files (x86)\MSI\Super Charger\ChargeService.exe[3264] C:\Windows\syswow64\USER32.dll!SetWinEventHook 0000000076efee21 5 bytes JMP 000000007ef20e70 .text C:\Program Files (x86)\MSI\Super Charger\ChargeService.exe[3264] C:\Windows\syswow64\USER32.dll!FindWindowA 0000000076effffe 5 bytes JMP 000000007ef21090 .text C:\Program Files (x86)\MSI\Super Charger\ChargeService.exe[3264] C:\Windows\syswow64\USER32.dll!FindWindowExA 0000000076f000f1 5 bytes JMP 000000007ef210b2 .text C:\Program Files (x86)\MSI\Super Charger\ChargeService.exe[3264] C:\Windows\syswow64\USER32.dll!PeekMessageW 0000000076f005d2 5 bytes JMP 000000007ef20ef8 .text C:\Program Files (x86)\MSI\Super Charger\ChargeService.exe[3264] C:\Windows\syswow64\USER32.dll!ShowWindow 0000000076f00e13 5 bytes JMP 000000007ef20fa2 .text C:\Program Files (x86)\MSI\Super Charger\ChargeService.exe[3264] C:\Windows\syswow64\USER32.dll!SetWindowTextW 0000000076f01f14 5 bytes JMP 000000007ef2106e .text C:\Program Files (x86)\MSI\Super Charger\ChargeService.exe[3264] C:\Windows\syswow64\USER32.dll!UnhookWindowsHookEx 0000000076f0392d 5 bytes JMP 000000007ef20f3c .text C:\Program Files (x86)\MSI\Super Charger\ChargeService.exe[3264] C:\Windows\syswow64\USER32.dll!FindWindowExW 0000000076f0398a 5 bytes JMP 000000007ef210f6 .text C:\Program Files (x86)\MSI\Super Charger\ChargeService.exe[3264] C:\Windows\syswow64\USER32.dll!PeekMessageA 0000000076f07044 5 bytes JMP 000000007ef20ed6 .text C:\Program Files (x86)\MSI\Super Charger\ChargeService.exe[3264] C:\Windows\syswow64\USER32.dll!SetWindowLongA 0000000076f071e0 5 bytes JMP 000000007ef2115c .text C:\Program Files (x86)\MSI\Super Charger\ChargeService.exe[3264] C:\Windows\syswow64\USER32.dll!CallNextHookEx 0000000076f07355 5 bytes JMP 000000007ef20f1a .text C:\Program Files (x86)\MSI\Super Charger\ChargeService.exe[3264] C:\Windows\syswow64\USER32.dll!SetWindowsHookExW 0000000076f081f5 5 bytes JMP 000000007ef20e4e .text C:\Program Files (x86)\MSI\Super Charger\ChargeService.exe[3264] C:\Windows\syswow64\USER32.dll!SendNotifyMessageW 0000000076f0825a 5 bytes JMP 000000007ef211c2 .text C:\Program Files (x86)\MSI\Super Charger\ChargeService.exe[3264] C:\Windows\syswow64\USER32.dll!SetWindowTextA 0000000076f086de 5 bytes JMP 000000007ef2104c .text C:\Program Files (x86)\MSI\Super Charger\ChargeService.exe[3264] C:\Windows\syswow64\USER32.dll!SetWindowsHookExA 0000000076f08f4c 5 bytes JMP 000000007ef20e2c .text C:\Program Files (x86)\MSI\Super Charger\ChargeService.exe[3264] C:\Windows\syswow64\USER32.dll!DialogBoxIndirectParamAorW 0000000076f1d954 5 bytes JMP 000000007ef20fe6 .text C:\Program Files (x86)\MSI\Super Charger\ChargeService.exe[3264] C:\Windows\syswow64\USER32.dll!CreateDialogIndirectParamAorW 0000000076f21080 5 bytes JMP 000000007ef20fc4 .text C:\Program Files (x86)\MSI\Super Charger\ChargeService.exe[3264] C:\Windows\syswow64\USER32.dll!MessageBoxExA 0000000076f4fd66 5 bytes JMP 000000007ef21008 .text C:\Program Files (x86)\MSI\Super Charger\ChargeService.exe[3264] C:\Windows\syswow64\USER32.dll!MessageBoxExW 0000000076f4fd8a 5 bytes JMP 000000007ef2102a .text C:\Program Files (x86)\MSI\Super Charger\ChargeService.exe[3264] C:\Windows\syswow64\USER32.dll!SendNotifyMessageA 0000000076f56df5 5 bytes JMP 000000007ef211a0 .text C:\Program Files (x86)\MSI\Super Charger\ChargeService.exe[3264] C:\Windows\syswow64\GDI32.dll!TranslateCharsetInfo + 505 0000000076d1633b 5 bytes JMP 000000007ef20ab8 .text C:\Program Files (x86)\MSI\Super Charger\ChargeService.exe[3264] C:\Windows\syswow64\GDI32.dll!SetBrushAttributes 0000000076d385fd 5 bytes JMP 000000007ef20dc6 .text C:\Program Files (x86)\MSI\Super Charger\ChargeService.exe[3264] C:\Windows\syswow64\GDI32.dll!ClearBrushAttributes 0000000076d3861c 5 bytes JMP 000000007ef20de8 .text C:\Program Files (x86)\MSI\Super Charger\ChargeService.exe[3264] C:\Windows\syswow64\GDI32.dll!NamedEscape 0000000076d4421d 5 bytes JMP 000000007ef20e0a .text C:\Program Files (x86)\MSI\MSITrigger\MSI_Trigger_Service.exe[3296] C:\Windows\SysWOW64\ntdll.dll!NtClose 00000000774df9f0 5 bytes JMP 000000007ef20722 .text C:\Program Files (x86)\MSI\MSITrigger\MSI_Trigger_Service.exe[3296] C:\Windows\SysWOW64\ntdll.dll!NtAllocateVirtualMemory 00000000774dfad0 5 bytes JMP 000000007ef208dc .text C:\Program Files (x86)\MSI\MSITrigger\MSI_Trigger_Service.exe[3296] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationProcess 00000000774dfb38 5 bytes JMP 000000007ef20678 .text C:\Program Files (x86)\MSI\MSITrigger\MSI_Trigger_Service.exe[3296] C:\Windows\SysWOW64\ntdll.dll!NtQueryInformationToken 00000000774dfbb8 5 bytes JMP 000000007ef209ec .text C:\Program Files (x86)\MSI\MSITrigger\MSI_Trigger_Service.exe[3296] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess 00000000774dfc30 5 bytes JMP 000000007ef20414 .text C:\Program Files (x86)\MSI\MSITrigger\MSI_Trigger_Service.exe[3296] C:\Windows\SysWOW64\ntdll.dll!NtMapViewOfSection 00000000774dfc60 5 bytes JMP 000000007ef20018 .text C:\Program Files (x86)\MSI\MSITrigger\MSI_Trigger_Service.exe[3296] C:\Windows\SysWOW64\ntdll.dll!NtUnmapViewOfSection 00000000774dfc90 5 bytes JMP 000000007ef2003a .text C:\Program Files (x86)\MSI\MSITrigger\MSI_Trigger_Service.exe[3296] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 00000000774dfcc0 5 bytes JMP 000000007ef20656 .text C:\Program Files (x86)\MSI\MSITrigger\MSI_Trigger_Service.exe[3296] C:\Windows\SysWOW64\ntdll.dll!NtOpenSection 00000000774dfdd8 5 bytes JMP 000000007ef20a30 .text C:\Program Files (x86)\MSI\MSITrigger\MSI_Trigger_Service.exe[3296] C:\Windows\SysWOW64\ntdll.dll!NtWriteVirtualMemory 00000000774dfe24 5 bytes JMP 000000007ef203d0 .text C:\Program Files (x86)\MSI\MSITrigger\MSI_Trigger_Service.exe[3296] C:\Windows\SysWOW64\ntdll.dll!NtDuplicateObject 00000000774dfe54 5 bytes JMP 000000007ef20458 .text C:\Program Files (x86)\MSI\MSITrigger\MSI_Trigger_Service.exe[3296] C:\Windows\SysWOW64\ntdll.dll!NtOpenEvent 00000000774dfeb8 5 bytes JMP 000000007ef20898 .text C:\Program Files (x86)\MSI\MSITrigger\MSI_Trigger_Service.exe[3296] C:\Windows\SysWOW64\ntdll.dll!NtAdjustPrivilegesToken 00000000774dfed0 5 bytes JMP 000000007ef20832 .text C:\Program Files (x86)\MSI\MSITrigger\MSI_Trigger_Service.exe[3296] C:\Windows\SysWOW64\ntdll.dll!NtQueueApcThread 00000000774dff34 5 bytes JMP 000000007ef20436 .text C:\Program Files (x86)\MSI\MSITrigger\MSI_Trigger_Service.exe[3296] C:\Windows\SysWOW64\ntdll.dll!NtCreateProcessEx 00000000774dfffc 5 bytes JMP 000000007ef2038c .text C:\Program Files (x86)\MSI\MSITrigger\MSI_Trigger_Service.exe[3296] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread 00000000774e0014 5 bytes JMP 000000007ef20348 .text C:\Program Files (x86)\MSI\MSITrigger\MSI_Trigger_Service.exe[3296] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory 00000000774e0048 5 bytes JMP 000000007ef208fe .text C:\Program Files (x86)\MSI\MSITrigger\MSI_Trigger_Service.exe[3296] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile 00000000774e00c4 2 bytes JMP 000000007ef2014a .text C:\Program Files (x86)\MSI\MSITrigger\MSI_Trigger_Service.exe[3296] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile + 3 00000000774e00c7 2 bytes [A4, 07] .text C:\Program Files (x86)\MSI\MSITrigger\MSI_Trigger_Service.exe[3296] C:\Windows\SysWOW64\ntdll.dll!NtSetValueKey 00000000774e01d4 5 bytes JMP 000000007ef201d2 .text C:\Program Files (x86)\MSI\MSITrigger\MSI_Trigger_Service.exe[3296] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant 00000000774e07ac 5 bytes JMP 000000007ef208ba .text C:\Program Files (x86)\MSI\MSITrigger\MSI_Trigger_Service.exe[3296] C:\Windows\SysWOW64\ntdll.dll!NtCreateProcess 00000000774e0824 5 bytes JMP 000000007ef2036a .text C:\Program Files (x86)\MSI\MSITrigger\MSI_Trigger_Service.exe[3296] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx 00000000774e08b4 5 bytes JMP 000000007ef20326 .text C:\Program Files (x86)\MSI\MSITrigger\MSI_Trigger_Service.exe[3296] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver 00000000774e0e04 5 bytes JMP 000000007ef20744 .text C:\Program Files (x86)\MSI\MSITrigger\MSI_Trigger_Service.exe[3296] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessToken 00000000774e10d0 5 bytes JMP 000000007ef209ca .text C:\Program Files (x86)\MSI\MSITrigger\MSI_Trigger_Service.exe[3296] C:\Windows\SysWOW64\ntdll.dll!NtRaiseHardError 00000000774e1614 5 bytes JMP 000000007ef20612 .text C:\Program Files (x86)\MSI\MSITrigger\MSI_Trigger_Service.exe[3296] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread 00000000774e1930 5 bytes JMP 000000007ef203f2 .text C:\Program Files (x86)\MSI\MSITrigger\MSI_Trigger_Service.exe[3296] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation 00000000774e1bf4 5 bytes JMP 000000007ef20766 .text C:\Program Files (x86)\MSI\MSITrigger\MSI_Trigger_Service.exe[3296] C:\Windows\SysWOW64\ntdll.dll!NtSuspendProcess 00000000774e1d64 5 bytes JMP 000000007ef2049c .text C:\Program Files (x86)\MSI\MSITrigger\MSI_Trigger_Service.exe[3296] C:\Windows\SysWOW64\ntdll.dll!NtSuspendThread 00000000774e1d80 5 bytes JMP 000000007ef2047a .text C:\Program Files (x86)\MSI\MSITrigger\MSI_Trigger_Service.exe[3296] C:\Windows\SysWOW64\ntdll.dll!NtSystemDebugControl 00000000774e1d9c 5 bytes JMP 000000007ef20a52 .text C:\Program Files (x86)\MSI\MSITrigger\MSI_Trigger_Service.exe[3296] C:\Windows\SysWOW64\ntdll.dll!RtlQueryPerformanceCounter 00000000774f2954 5 bytes JMP 000000007ef200e4 .text C:\Program Files (x86)\MSI\MSITrigger\MSI_Trigger_Service.exe[3296] C:\Windows\SysWOW64\ntdll.dll!RtlEqualSid 00000000774f8ee1 5 bytes JMP 000000007ef20a0e .text C:\Program Files (x86)\MSI\MSITrigger\MSI_Trigger_Service.exe[3296] C:\Windows\SysWOW64\ntdll.dll!RtlCreateProcessParametersEx 000000007752005b 5 bytes JMP 000000007ef2018e .text C:\Program Files (x86)\MSI\MSITrigger\MSI_Trigger_Service.exe[3296] C:\Windows\SysWOW64\ntdll.dll!RtlReportException 0000000077568757 5 bytes JMP 000000007ef20634 .text C:\Program Files (x86)\MSI\MSITrigger\MSI_Trigger_Service.exe[3296] C:\Windows\SysWOW64\ntdll.dll!RtlCreateProcessParameters 000000007756e9f7 5 bytes JMP 000000007ef2016c .text C:\Program Files (x86)\MSI\MSITrigger\MSI_Trigger_Service.exe[3296] C:\Windows\syswow64\KERNEL32.dll!GetStartupInfoA 0000000076310e00 5 bytes JMP 000000007ef20106 .text C:\Program Files (x86)\MSI\MSITrigger\MSI_Trigger_Service.exe[3296] C:\Windows\syswow64\KERNEL32.dll!CreateProcessA 0000000076311072 5 bytes JMP 000000007ef202e2 .text C:\Program Files (x86)\MSI\MSITrigger\MSI_Trigger_Service.exe[3296] C:\Windows\syswow64\KERNEL32.dll!LoadLibraryA 0000000076314977 5 bytes JMP 000000007ef2025a .text C:\Program Files (x86)\MSI\MSITrigger\MSI_Trigger_Service.exe[3296] C:\Windows\syswow64\KERNEL32.dll!CreateProcessInternalW 0000000076323bbb 5 bytes JMP 000000007ef203ae .text C:\Program Files (x86)\MSI\MSITrigger\MSI_Trigger_Service.exe[3296] C:\Windows\syswow64\KERNEL32.dll!MoveFileWithProgressW 0000000076329abc 5 bytes JMP 000000007ef20810 .text C:\Program Files (x86)\MSI\MSITrigger\MSI_Trigger_Service.exe[3296] C:\Windows\syswow64\KERNEL32.dll!MoveFileExW 0000000076329b1d 5 bytes JMP 000000007ef207cc .text C:\Program Files (x86)\MSI\MSITrigger\MSI_Trigger_Service.exe[3296] C:\Windows\syswow64\KERNEL32.dll!CreateToolhelp32Snapshot 000000007633733f 5 bytes JMP 000000007ef2027c .text C:\Program Files (x86)\MSI\MSITrigger\MSI_Trigger_Service.exe[3296] C:\Windows\syswow64\KERNEL32.dll!Process32NextW 00000000763388f2 5 bytes JMP 000000007ef20700 .text C:\Program Files (x86)\MSI\MSITrigger\MSI_Trigger_Service.exe[3296] C:\Windows\syswow64\KERNEL32.dll!MoveFileExA 000000007633ccf1 5 bytes JMP 000000007ef207aa .text C:\Program Files (x86)\MSI\MSITrigger\MSI_Trigger_Service.exe[3296] C:\Windows\syswow64\KERNEL32.dll!MoveFileWithProgressA 000000007633cd11 5 bytes JMP 000000007ef207ee .text C:\Program Files (x86)\MSI\MSITrigger\MSI_Trigger_Service.exe[3296] C:\Windows\syswow64\KERNEL32.dll!WinExec 0000000076393231 5 bytes JMP 000000007ef202c0 .text C:\Program Files (x86)\MSI\MSITrigger\MSI_Trigger_Service.exe[3296] C:\Windows\syswow64\KERNEL32.dll!ReadConsoleInputA 00000000763b773b 5 bytes JMP 000000007ef2058a .text C:\Program Files (x86)\MSI\MSITrigger\MSI_Trigger_Service.exe[3296] C:\Windows\syswow64\KERNEL32.dll!ReadConsoleInputW 00000000763b775e 5 bytes JMP 000000007ef205ac .text C:\Program Files (x86)\MSI\MSITrigger\MSI_Trigger_Service.exe[3296] C:\Windows\syswow64\KERNEL32.dll!ReadConsoleA 00000000763b7b09 5 bytes JMP 000000007ef205ce .text C:\Program Files (x86)\MSI\MSITrigger\MSI_Trigger_Service.exe[3296] C:\Windows\syswow64\KERNEL32.dll!ReadConsoleW 00000000763b7b82 5 bytes JMP 000000007ef205f0 .text C:\Program Files (x86)\MSI\MSITrigger\MSI_Trigger_Service.exe[3296] C:\Windows\syswow64\KERNELBASE.dll!GetSystemTimeAsFileTime 0000000077078fa5 5 bytes JMP 000000007ef200c2 .text C:\Program Files (x86)\MSI\MSITrigger\MSI_Trigger_Service.exe[3296] C:\Windows\syswow64\KERNELBASE.dll!CloseHandle 000000007707c558 5 bytes JMP 000000007ef20568 .text C:\Program Files (x86)\MSI\MSITrigger\MSI_Trigger_Service.exe[3296] C:\Windows\syswow64\KERNELBASE.dll!WriteProcessMemory 000000007707edc6 5 bytes JMP 000000007ef20502 .text C:\Program Files (x86)\MSI\MSITrigger\MSI_Trigger_Service.exe[3296] C:\Windows\syswow64\KERNELBASE.dll!ExitProcess 000000007707f329 5 bytes JMP 000000007ef201f4 .text C:\Program Files (x86)\MSI\MSITrigger\MSI_Trigger_Service.exe[3296] C:\Windows\syswow64\KERNELBASE.dll!GetStartupInfoW 000000007707fbac 5 bytes JMP 000000007ef20128 .text C:\Program Files (x86)\MSI\MSITrigger\MSI_Trigger_Service.exe[3296] C:\Windows\syswow64\KERNELBASE.dll!DefineDosDeviceW 000000007707fcda 5 bytes JMP 000000007ef20788 .text C:\Program Files (x86)\MSI\MSITrigger\MSI_Trigger_Service.exe[3296] C:\Windows\syswow64\KERNELBASE.dll!CreateMutexW 000000007708147b 5 bytes JMP 000000007ef20546 .text C:\Program Files (x86)\MSI\MSITrigger\MSI_Trigger_Service.exe[3296] C:\Windows\syswow64\KERNELBASE.dll!OpenMutexW 00000000770814a2 5 bytes JMP 000000007ef20524 .text C:\Program Files (x86)\MSI\MSITrigger\MSI_Trigger_Service.exe[3296] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000077081e4c 5 bytes JMP 000000007ef200a0 .text C:\Program Files (x86)\MSI\MSITrigger\MSI_Trigger_Service.exe[3296] C:\Windows\syswow64\KERNELBASE.dll!GetProcAddress 0000000077081f38 5 bytes JMP 000000007ef20238 .text C:\Program Files (x86)\MSI\MSITrigger\MSI_Trigger_Service.exe[3296] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000077082bdc 5 bytes JMP 000000007ef206bc .text C:\Program Files (x86)\MSI\MSITrigger\MSI_Trigger_Service.exe[3296] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExA 0000000077082e40 5 bytes JMP 000000007ef2069a .text C:\Program Files (x86)\MSI\MSITrigger\MSI_Trigger_Service.exe[3296] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000077082e7e 5 bytes JMP 000000007ef206de .text C:\Program Files (x86)\MSI\MSITrigger\MSI_Trigger_Service.exe[3296] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleA 0000000077082fe1 5 bytes JMP 000000007ef2007e .text C:\Program Files (x86)\MSI\MSITrigger\MSI_Trigger_Service.exe[3296] C:\Windows\syswow64\KERNELBASE.dll!OpenThread 000000007708396a 5 bytes JMP 000000007ef204be .text C:\Program Files (x86)\MSI\MSITrigger\MSI_Trigger_Service.exe[3296] C:\Windows\syswow64\KERNELBASE.dll!SleepEx 0000000077083cd7 5 bytes JMP 000000007ef201b0 .text C:\Program Files (x86)\MSI\MSITrigger\MSI_Trigger_Service.exe[3296] C:\Windows\syswow64\KERNELBASE.dll!CreateRemoteThreadEx 0000000077083fdf 5 bytes JMP 000000007ef20920 .text C:\Program Files (x86)\MSI\MSITrigger\MSI_Trigger_Service.exe[3296] C:\Windows\syswow64\KERNELBASE.dll!Sleep 00000000770845fd 5 bytes JMP 000000007ef20216 .text C:\Program Files (x86)\MSI\MSITrigger\MSI_Trigger_Service.exe[3296] C:\Windows\syswow64\KERNELBASE.dll!CreateThread 000000007708476f 5 bytes JMP 000000007ef204e0 .text C:\Program Files (x86)\MSI\MSITrigger\MSI_Trigger_Service.exe[3296] C:\Windows\syswow64\KERNELBASE.dll!CreateRemoteThread 0000000077084798 5 bytes JMP 000000007ef20304 .text C:\Program Files (x86)\MSI\MSITrigger\MSI_Trigger_Service.exe[3296] C:\Windows\syswow64\KERNELBASE.dll!DeleteFileW 0000000077089dcf 5 bytes JMP 000000007ef20854 .text C:\Program Files (x86)\MSI\MSITrigger\MSI_Trigger_Service.exe[3296] C:\Windows\syswow64\KERNELBASE.dll!DeleteFileA 000000007708a11c 5 bytes JMP 000000007ef20876 .text C:\Program Files (x86)\MSI\MSITrigger\MSI_Trigger_Service.exe[3296] C:\Windows\syswow64\KERNELBASE.dll!FindNextFileW 000000007708a37a 5 bytes JMP 000000007ef20964 .text C:\Program Files (x86)\MSI\MSITrigger\MSI_Trigger_Service.exe[3296] C:\Windows\syswow64\KERNELBASE.dll!FindClose 000000007708a589 5 bytes JMP 000000007ef20986 .text C:\Program Files (x86)\MSI\MSITrigger\MSI_Trigger_Service.exe[3296] C:\Windows\syswow64\KERNELBASE.dll!FindFirstFileExW 000000007708a663 5 bytes JMP 000000007ef20942 .text C:\Program Files (x86)\MSI\MSITrigger\MSI_Trigger_Service.exe[3296] C:\Windows\syswow64\KERNELBASE.dll!CreateFileA 000000007708c8a8 5 bytes JMP 000000007ef2029e .text C:\Program Files (x86)\MSI\MSITrigger\MSI_Trigger_Service.exe[3296] C:\Windows\syswow64\KERNELBASE.dll!CreateWellKnownSid 000000007708e414 5 bytes JMP 000000007ef209a8 .text C:\Program Files (x86)\MSI\MSITrigger\MSI_Trigger_Service.exe[3296] C:\Windows\syswow64\ADVAPI32.dll!CryptGenKey 0000000076c28e69 5 bytes JMP 000000007ef20cb6 .text C:\Program Files (x86)\MSI\MSITrigger\MSI_Trigger_Service.exe[3296] C:\Windows\syswow64\ADVAPI32.dll!CryptAcquireContextA 0000000076c29159 5 bytes JMP 000000007ef20c72 .text C:\Program Files (x86)\MSI\MSITrigger\MSI_Trigger_Service.exe[3296] C:\Windows\syswow64\ADVAPI32.dll!CryptExportKey 0000000076c29166 5 bytes JMP 000000007ef20d1c .text C:\Program Files (x86)\MSI\MSITrigger\MSI_Trigger_Service.exe[3296] C:\Windows\syswow64\ADVAPI32.dll!CryptImportKey 0000000076c2c4b2 5 bytes JMP 000000007ef20d82 .text C:\Program Files (x86)\MSI\MSITrigger\MSI_Trigger_Service.exe[3296] C:\Windows\syswow64\ADVAPI32.dll!OpenServiceW 0000000076c2c9cc 5 bytes JMP 000000007ef20b1e .text C:\Program Files (x86)\MSI\MSITrigger\MSI_Trigger_Service.exe[3296] C:\Windows\syswow64\ADVAPI32.dll!CryptAcquireContextW 0000000076c2de94 5 bytes JMP 000000007ef20c94 .text C:\Program Files (x86)\MSI\MSITrigger\MSI_Trigger_Service.exe[3296] C:\Windows\syswow64\ADVAPI32.dll!CryptHashData 0000000076c2deb6 5 bytes JMP 000000007ef20d60 .text C:\Program Files (x86)\MSI\MSITrigger\MSI_Trigger_Service.exe[3296] C:\Windows\syswow64\ADVAPI32.dll!CryptCreateHash 0000000076c2dece 5 bytes JMP 000000007ef20cfa .text C:\Program Files (x86)\MSI\MSITrigger\MSI_Trigger_Service.exe[3296] C:\Windows\syswow64\ADVAPI32.dll!CryptGetHashParam 0000000076c2defe 5 bytes JMP 000000007ef20d3e .text C:\Program Files (x86)\MSI\MSITrigger\MSI_Trigger_Service.exe[3296] C:\Windows\syswow64\ADVAPI32.dll!OpenServiceA 0000000076c32b38 5 bytes JMP 000000007ef20afc .text C:\Program Files (x86)\MSI\MSITrigger\MSI_Trigger_Service.exe[3296] C:\Windows\syswow64\ADVAPI32.dll!CloseServiceHandle 0000000076c335e4 5 bytes JMP 000000007ef20c0c .text C:\Program Files (x86)\MSI\MSITrigger\MSI_Trigger_Service.exe[3296] C:\Windows\syswow64\ADVAPI32.dll!RegOpenKeyExA + 222 0000000076c34939 5 bytes JMP 000000007ef20a74 .text C:\Program Files (x86)\MSI\MSITrigger\MSI_Trigger_Service.exe[3296] C:\Windows\syswow64\ADVAPI32.dll!CreateServiceW 0000000076c470a4 5 bytes JMP 000000007ef20c50 .text C:\Program Files (x86)\MSI\MSITrigger\MSI_Trigger_Service.exe[3296] C:\Windows\syswow64\ADVAPI32.dll!ControlService 0000000076c470bc 5 bytes JMP 000000007ef20b84 .text C:\Program Files (x86)\MSI\MSITrigger\MSI_Trigger_Service.exe[3296] C:\Windows\syswow64\ADVAPI32.dll!DeleteService 0000000076c470d4 5 bytes JMP 000000007ef20ba6 .text C:\Program Files (x86)\MSI\MSITrigger\MSI_Trigger_Service.exe[3296] C:\Windows\syswow64\ADVAPI32.dll!CryptEncrypt 0000000076c4771b 5 bytes JMP 000000007ef20cd8 .text C:\Program Files (x86)\MSI\MSITrigger\MSI_Trigger_Service.exe[3296] C:\Windows\syswow64\ADVAPI32.dll!ChangeServiceConfigA 0000000076c633a4 5 bytes JMP 000000007ef20bc8 .text C:\Program Files (x86)\MSI\MSITrigger\MSI_Trigger_Service.exe[3296] C:\Windows\syswow64\ADVAPI32.dll!ChangeServiceConfigW 0000000076c633b4 5 bytes JMP 000000007ef20bea .text C:\Program Files (x86)\MSI\MSITrigger\MSI_Trigger_Service.exe[3296] C:\Windows\syswow64\ADVAPI32.dll!ControlServiceExA 0000000076c633c4 5 bytes JMP 000000007ef20b40 .text C:\Program Files (x86)\MSI\MSITrigger\MSI_Trigger_Service.exe[3296] C:\Windows\syswow64\ADVAPI32.dll!ControlServiceExW 0000000076c633d4 5 bytes JMP 000000007ef20b62 .text C:\Program Files (x86)\MSI\MSITrigger\MSI_Trigger_Service.exe[3296] C:\Windows\syswow64\ADVAPI32.dll!CreateServiceA 0000000076c63414 5 bytes JMP 000000007ef20c2e .text C:\Program Files (x86)\MSI\MSITrigger\MSI_Trigger_Service.exe[3296] C:\Windows\syswow64\msvcrt.dll!_lock + 41 000000007652a472 5 bytes JMP 000000007ef20a96 .text C:\Program Files (x86)\MSI\MSITrigger\MSI_Trigger_Service.exe[3296] C:\Windows\syswow64\msvcrt.dll!__p__fmode 00000000765327ce 5 bytes JMP 000000007ef20ada .text C:\Program Files (x86)\MSI\MSITrigger\MSI_Trigger_Service.exe[3296] C:\Windows\syswow64\msvcrt.dll!__p__environ 000000007653e6cf 1 byte JMP 000000007ef20ab8 .text C:\Program Files (x86)\MSI\MSITrigger\MSI_Trigger_Service.exe[3296] C:\Windows\syswow64\msvcrt.dll!__p__environ + 2 000000007653e6d1 3 bytes {JMP 0x89e23e9} .text C:\Program Files (x86)\MSI\MSITrigger\MSI_Trigger_Service.exe[3296] C:\Windows\syswow64\GDI32.dll!TranslateCharsetInfo + 505 0000000076d1633b 5 bytes JMP 000000007ef20da4 .text C:\Program Files (x86)\MSI\MSITrigger\MSI_Trigger_Service.exe[3296] C:\Windows\syswow64\GDI32.dll!SetBrushAttributes 0000000076d385fd 5 bytes JMP 000000007ef211a0 .text C:\Program Files (x86)\MSI\MSITrigger\MSI_Trigger_Service.exe[3296] C:\Windows\syswow64\GDI32.dll!ClearBrushAttributes 0000000076d3861c 5 bytes JMP 000000007ef211c2 .text C:\Program Files (x86)\MSI\MSITrigger\MSI_Trigger_Service.exe[3296] C:\Windows\syswow64\GDI32.dll!NamedEscape 0000000076d4421d 5 bytes JMP 000000007ef211e4 .text C:\Program Files (x86)\MSI\MSITrigger\MSI_Trigger_Service.exe[3296] C:\Windows\syswow64\USER32.dll!GetWindowLongW 0000000076ef6ffe 5 bytes JMP 000000007ef210f6 .text C:\Program Files (x86)\MSI\MSITrigger\MSI_Trigger_Service.exe[3296] C:\Windows\syswow64\USER32.dll!GetMessageW 0000000076ef78e2 5 bytes JMP 000000007ef20e70 .text C:\Program Files (x86)\MSI\MSITrigger\MSI_Trigger_Service.exe[3296] C:\Windows\syswow64\USER32.dll!GetMessageA 0000000076ef7bd3 5 bytes JMP 000000007ef20e4e .text C:\Program Files (x86)\MSI\MSITrigger\MSI_Trigger_Service.exe[3296] C:\Windows\syswow64\USER32.dll!SetWindowLongW 0000000076ef8332 5 bytes JMP 000000007ef2113a .text C:\Program Files (x86)\MSI\MSITrigger\MSI_Trigger_Service.exe[3296] C:\Windows\syswow64\USER32.dll!CreateWindowExW 0000000076ef8a29 5 bytes JMP 000000007ef20f1a .text C:\Program Files (x86)\MSI\MSITrigger\MSI_Trigger_Service.exe[3296] C:\Windows\syswow64\USER32.dll!FindWindowW 0000000076ef98fd 5 bytes JMP 000000007ef21090 .text C:\Program Files (x86)\MSI\MSITrigger\MSI_Trigger_Service.exe[3296] C:\Windows\syswow64\USER32.dll!UserClientDllInitialize 0000000076efb6fa 5 bytes JMP 000000007ef20dc6 .text C:\Program Files (x86)\MSI\MSITrigger\MSI_Trigger_Service.exe[3296] C:\Windows\syswow64\USER32.dll!GetWindowLongA 0000000076efd166 5 bytes JMP 000000007ef210d4 .text C:\Program Files (x86)\MSI\MSITrigger\MSI_Trigger_Service.exe[3296] C:\Windows\syswow64\USER32.dll!CreateWindowExA 0000000076efd23e 5 bytes JMP 000000007ef20f3c .text C:\Program Files (x86)\MSI\MSITrigger\MSI_Trigger_Service.exe[3296] C:\Windows\syswow64\USER32.dll!SetWinEventHook 0000000076efee21 5 bytes JMP 000000007ef20e2c .text C:\Program Files (x86)\MSI\MSITrigger\MSI_Trigger_Service.exe[3296] C:\Windows\syswow64\USER32.dll!FindWindowA 0000000076effffe 5 bytes JMP 000000007ef2104c .text C:\Program Files (x86)\MSI\MSITrigger\MSI_Trigger_Service.exe[3296] C:\Windows\syswow64\USER32.dll!FindWindowExA 0000000076f000f1 5 bytes JMP 000000007ef2106e .text C:\Program Files (x86)\MSI\MSITrigger\MSI_Trigger_Service.exe[3296] C:\Windows\syswow64\USER32.dll!PeekMessageW 0000000076f005d2 5 bytes JMP 000000007ef20eb4 .text C:\Program Files (x86)\MSI\MSITrigger\MSI_Trigger_Service.exe[3296] C:\Windows\syswow64\USER32.dll!ShowWindow 0000000076f00e13 5 bytes JMP 000000007ef20f5e .text C:\Program Files (x86)\MSI\MSITrigger\MSI_Trigger_Service.exe[3296] C:\Windows\syswow64\USER32.dll!SetWindowTextW 0000000076f01f14 5 bytes JMP 000000007ef2102a .text C:\Program Files (x86)\MSI\MSITrigger\MSI_Trigger_Service.exe[3296] C:\Windows\syswow64\USER32.dll!UnhookWindowsHookEx 0000000076f0392d 5 bytes JMP 000000007ef20ef8 .text C:\Program Files (x86)\MSI\MSITrigger\MSI_Trigger_Service.exe[3296] C:\Windows\syswow64\USER32.dll!FindWindowExW 0000000076f0398a 5 bytes JMP 000000007ef210b2 .text C:\Program Files (x86)\MSI\MSITrigger\MSI_Trigger_Service.exe[3296] C:\Windows\syswow64\USER32.dll!PeekMessageA 0000000076f07044 5 bytes JMP 000000007ef20e92 .text C:\Program Files (x86)\MSI\MSITrigger\MSI_Trigger_Service.exe[3296] C:\Windows\syswow64\USER32.dll!SetWindowLongA 0000000076f071e0 5 bytes JMP 000000007ef21118 .text C:\Program Files (x86)\MSI\MSITrigger\MSI_Trigger_Service.exe[3296] C:\Windows\syswow64\USER32.dll!CallNextHookEx 0000000076f07355 5 bytes JMP 000000007ef20ed6 .text C:\Program Files (x86)\MSI\MSITrigger\MSI_Trigger_Service.exe[3296] C:\Windows\syswow64\USER32.dll!SetWindowsHookExW 0000000076f081f5 5 bytes JMP 000000007ef20e0a .text C:\Program Files (x86)\MSI\MSITrigger\MSI_Trigger_Service.exe[3296] C:\Windows\syswow64\USER32.dll!SendNotifyMessageW 0000000076f0825a 5 bytes JMP 000000007ef2117e .text C:\Program Files (x86)\MSI\MSITrigger\MSI_Trigger_Service.exe[3296] C:\Windows\syswow64\USER32.dll!SetWindowTextA 0000000076f086de 5 bytes JMP 000000007ef21008 .text C:\Program Files (x86)\MSI\MSITrigger\MSI_Trigger_Service.exe[3296] C:\Windows\syswow64\USER32.dll!SetWindowsHookExA 0000000076f08f4c 5 bytes JMP 000000007ef20de8 .text C:\Program Files (x86)\MSI\MSITrigger\MSI_Trigger_Service.exe[3296] C:\Windows\syswow64\USER32.dll!DialogBoxIndirectParamAorW 0000000076f1d954 5 bytes JMP 000000007ef20fa2 .text C:\Program Files (x86)\MSI\MSITrigger\MSI_Trigger_Service.exe[3296] C:\Windows\syswow64\USER32.dll!CreateDialogIndirectParamAorW 0000000076f21080 5 bytes JMP 000000007ef20f80 .text C:\Program Files (x86)\MSI\MSITrigger\MSI_Trigger_Service.exe[3296] C:\Windows\syswow64\USER32.dll!MessageBoxExA 0000000076f4fd66 5 bytes JMP 000000007ef20fc4 .text C:\Program Files (x86)\MSI\MSITrigger\MSI_Trigger_Service.exe[3296] C:\Windows\syswow64\USER32.dll!MessageBoxExW 0000000076f4fd8a 5 bytes JMP 000000007ef20fe6 .text C:\Program Files (x86)\MSI\MSITrigger\MSI_Trigger_Service.exe[3296] C:\Windows\syswow64\USER32.dll!SendNotifyMessageA 0000000076f56df5 5 bytes JMP 000000007ef2115c .text C:\Program Files (x86)\MSI\MSITrigger\MSI_Trigger_Service.exe[3296] C:\Windows\syswow64\shell32.dll!Shell_NotifyIconW 0000000075370179 5 bytes JMP 000000007ef21228 .text C:\Program Files (x86)\MSI\MSITrigger\MSI_Trigger_Service.exe[3296] C:\Windows\syswow64\WS2_32.dll!closesocket 0000000076633918 5 bytes JMP 000000007ef2135a .text C:\Program Files (x86)\MSI\MSITrigger\MSI_Trigger_Service.exe[3296] C:\Windows\syswow64\WS2_32.dll!WSASocketW 0000000076633cd3 5 bytes JMP 000000007ef21338 .text C:\Program Files (x86)\MSI\MSITrigger\MSI_Trigger_Service.exe[3296] C:\Windows\syswow64\WS2_32.dll!socket 0000000076633eb8 5 bytes JMP 000000007ef2137c .text C:\Program Files (x86)\MSI\MSITrigger\MSI_Trigger_Service.exe[3296] C:\Windows\syswow64\WS2_32.dll!WSASend 0000000076634406 5 bytes JMP 000000007ef2128e .text C:\Program Files (x86)\MSI\MSITrigger\MSI_Trigger_Service.exe[3296] C:\Windows\syswow64\WS2_32.dll!GetAddrInfoW 0000000076634889 5 bytes JMP 000000007ef212d2 .text C:\Program Files (x86)\MSI\MSITrigger\MSI_Trigger_Service.exe[3296] C:\Windows\syswow64\WS2_32.dll!recv 0000000076636826 5 bytes JMP 000000007ef213c0 .text C:\Program Files (x86)\MSI\MSITrigger\MSI_Trigger_Service.exe[3296] C:\Windows\syswow64\WS2_32.dll!connect 00000000766368f5 5 bytes JMP 000000007ef212b0 .text C:\Program Files (x86)\MSI\MSITrigger\MSI_Trigger_Service.exe[3296] C:\Windows\syswow64\WS2_32.dll!send 0000000076636c19 5 bytes JMP 000000007ef2126c .text C:\Program Files (x86)\MSI\MSITrigger\MSI_Trigger_Service.exe[3296] C:\Windows\syswow64\WS2_32.dll!WSARecv 0000000076636da1 5 bytes JMP 000000007ef213e2 .text C:\Program Files (x86)\MSI\MSITrigger\MSI_Trigger_Service.exe[3296] C:\Windows\syswow64\WS2_32.dll!GetAddrInfoExW 000000007663a6db 5 bytes JMP 000000007ef212f4 .text C:\Program Files (x86)\MSI\MSITrigger\MSI_Trigger_Service.exe[3296] C:\Windows\syswow64\WS2_32.dll!WSAConnect 000000007663bcd5 5 bytes JMP 000000007ef2139e .text C:\Program Files (x86)\MSI\MSITrigger\MSI_Trigger_Service.exe[3296] C:\Windows\syswow64\WS2_32.dll!gethostbyname 000000007664771b 5 bytes JMP 000000007ef21316 .text C:\Windows\System32\svchost.exe[3364] C:\Windows\SYSTEM32\ntdll.dll!RtlEqualSid + 1 00000000773076b1 11 bytes [B8, E6, 21, F2, FF, FF, 07, ...] .text C:\Windows\System32\svchost.exe[3364] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateProcessParametersEx + 1 0000000077315121 7 bytes [B8, 64, 0D, F2, FF, FF, 07] .text C:\Windows\System32\svchost.exe[3364] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateProcessParametersEx + 10 000000007731512a 2 bytes [50, C3] .text C:\Windows\System32\svchost.exe[3364] C:\Windows\SYSTEM32\ntdll.dll!NtClose 000000007732be20 12 bytes [48, B8, 98, 15, F2, FF, FF, ...] .text C:\Windows\System32\svchost.exe[3364] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory 000000007732beb0 12 bytes [48, B8, A0, 1C, F2, FF, FF, ...] .text C:\Windows\System32\svchost.exe[3364] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess 000000007732bef0 12 bytes [48, B8, 14, 12, F2, FF, FF, ...] .text C:\Windows\System32\svchost.exe[3364] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationToken 000000007732bf40 12 bytes [48, B8, 50, 21, F2, FF, FF, ...] .text C:\Windows\System32\svchost.exe[3364] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 000000007732bf90 12 bytes [48, B8, 5C, 06, F2, FF, FF, ...] .text C:\Windows\System32\svchost.exe[3364] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 000000007732bfb0 12 bytes [48, B8, 80, 00, F2, FF, FF, ...] .text C:\Windows\System32\svchost.exe[3364] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection 000000007732bfd0 12 bytes [48, B8, 16, 01, F2, FF, FF, ...] .text C:\Windows\System32\svchost.exe[3364] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000000007732bff0 12 bytes [48, B8, 7E, 11, F2, FF, FF, ...] .text C:\Windows\System32\svchost.exe[3364] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 000000007732c0a0 12 bytes [48, B8, 12, 23, F2, FF, FF, ...] .text C:\Windows\System32\svchost.exe[3364] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000000007732c0d0 12 bytes [48, B8, 30, 05, F2, FF, FF, ...] .text C:\Windows\System32\svchost.exe[3364] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 000000007732c0f0 12 bytes [48, B8, 88, 07, F2, FF, FF, ...] .text C:\Windows\System32\svchost.exe[3364] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 000000007732c130 12 bytes [48, B8, 74, 1B, F2, FF, FF, ...] .text C:\Windows\System32\svchost.exe[3364] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 000000007732c180 12 bytes [48, B8, F2, 06, F2, FF, FF, ...] .text C:\Windows\System32\svchost.exe[3364] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcessEx 000000007732c200 12 bytes [48, B8, 04, 04, F2, FF, FF, ...] .text C:\Windows\System32\svchost.exe[3364] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 000000007732c210 12 bytes [48, B8, D8, 02, F2, FF, FF, ...] .text C:\Windows\System32\svchost.exe[3364] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory 000000007732c230 12 bytes [48, B8, 36, 1D, F2, FF, FF, ...] .text C:\Windows\System32\svchost.exe[3364] C:\Windows\SYSTEM32\ntdll.dll!NtSetValueKey 000000007732c330 12 bytes [48, B8, 3E, 24, F2, FF, FF, ...] .text C:\Windows\System32\svchost.exe[3364] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 000000007732c700 12 bytes [48, B8, 0A, 1C, F2, FF, FF, ...] .text C:\Windows\System32\svchost.exe[3364] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcess 000000007732c750 12 bytes [48, B8, 6E, 03, F2, FF, FF, ...] .text C:\Windows\System32\svchost.exe[3364] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 000000007732c7b0 12 bytes [48, B8, 42, 02, F2, FF, FF, ...] .text C:\Windows\System32\svchost.exe[3364] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 000000007732cb20 12 bytes [48, B8, 2E, 16, F2, FF, FF, ...] .text C:\Windows\System32\svchost.exe[3364] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcessToken 000000007732ccf0 12 bytes [48, B8, BA, 20, F2, FF, FF, ...] .text C:\Windows\System32\svchost.exe[3364] C:\Windows\SYSTEM32\ntdll.dll!NtRaiseHardError 000000007732d060 12 bytes [48, B8, 52, 10, F2, FF, FF, ...] .text C:\Windows\System32\svchost.exe[3364] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 000000007732d260 12 bytes [48, B8, C6, 05, F2, FF, FF, ...] .text C:\Windows\System32\svchost.exe[3364] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 000000007732d420 12 bytes [48, B8, C4, 16, F2, FF, FF, ...] .text C:\Windows\System32\svchost.exe[3364] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 000000007732d500 12 bytes [48, B8, 4A, 09, F2, FF, FF, ...] .text C:\Windows\System32\svchost.exe[3364] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 000000007732d510 12 bytes [48, B8, B4, 08, F2, FF, FF, ...] .text C:\Windows\System32\svchost.exe[3364] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 000000007732d520 12 bytes [48, B8, A8, 23, F2, FF, FF, ...] .text C:\Windows\System32\svchost.exe[3364] C:\Windows\SYSTEM32\ntdll.dll!RtlReportException + 1 000000007739e391 11 bytes [B8, E8, 10, F2, FF, FF, 07, ...] .text C:\Windows\System32\svchost.exe[3364] C:\Windows\system32\kernel32.dll!Process32NextW + 1 00000000770c1b21 11 bytes [B8, 02, 15, F2, FF, FF, 07, ...] .text C:\Windows\System32\svchost.exe[3364] C:\Windows\system32\kernel32.dll!CreateToolhelp32Snapshot 00000000770c1c10 12 bytes [48, B8, 1E, 08, F2, FF, FF, ...] .text C:\Windows\System32\svchost.exe[3364] C:\Windows\system32\kernel32.dll!MoveFileExW + 1 00000000770c2b61 8 bytes [B8, 86, 18, F2, FF, FF, 07, ...] .text C:\Windows\System32\svchost.exe[3364] C:\Windows\system32\kernel32.dll!MoveFileExW + 10 00000000770c2b6a 2 bytes [50, C3] .text C:\Windows\System32\svchost.exe[3364] C:\Windows\system32\kernel32.dll!CreateProcessInternalW 00000000770ddd20 12 bytes [48, B8, 9A, 04, F2, FF, FF, ...] .text C:\Windows\System32\svchost.exe[3364] C:\Windows\system32\kernel32.dll!GetStartupInfoA + 1 00000000770e08c1 11 bytes [B8, 7C, 22, F2, FF, FF, 07, ...] .text C:\Windows\System32\svchost.exe[3364] C:\Windows\system32\kernel32.dll!ReadConsoleInputW + 1 00000000771154f1 11 bytes [B8, 90, 0E, F2, FF, FF, 07, ...] .text C:\Windows\System32\svchost.exe[3364] C:\Windows\system32\kernel32.dll!ReadConsoleInputA + 1 0000000077115511 11 bytes [B8, FA, 0D, F2, FF, FF, 07, ...] .text C:\Windows\System32\svchost.exe[3364] C:\Windows\system32\kernel32.dll!ReadConsoleW 000000007712a830 12 bytes [48, B8, BC, 0F, F2, FF, FF, ...] .text C:\Windows\System32\svchost.exe[3364] C:\Windows\system32\kernel32.dll!ReadConsoleA 000000007712a940 12 bytes [48, B8, 26, 0F, F2, FF, FF, ...] .text C:\Windows\System32\svchost.exe[3364] C:\Windows\system32\kernel32.dll!MoveFileWithProgressW + 1 000000007714f6e1 11 bytes [B8, B2, 19, F2, FF, FF, 07, ...] .text C:\Windows\System32\svchost.exe[3364] C:\Windows\system32\kernel32.dll!MoveFileWithProgressA + 1 000000007714f8e1 11 bytes [B8, 1C, 19, F2, FF, FF, 07, ...] .text C:\Windows\System32\svchost.exe[3364] C:\Windows\system32\kernel32.dll!MoveFileExA + 1 000000007714f911 8 bytes [B8, F0, 17, F2, FF, FF, 07, ...] .text C:\Windows\System32\svchost.exe[3364] C:\Windows\system32\kernel32.dll!MoveFileExA + 10 000000007714f91a 2 bytes [50, C3] .text C:\Windows\System32\svchost.exe[3364] C:\Windows\system32\KERNELBASE.dll!CloseHandle + 1 000007fefd251861 11 bytes [B8, CE, 0C, F2, FF, FF, 07, ...] .text C:\Windows\System32\svchost.exe[3364] C:\Windows\system32\KERNELBASE.dll!GetProcAddress + 1 000007fefd253371 11 bytes [B8, 6C, 14, F2, FF, FF, 07, ...] .text C:\Windows\System32\svchost.exe[3364] C:\Windows\system32\KERNELBASE.dll!FindClose + 1 000007fefd256401 11 bytes [B8, 8E, 1F, F2, FF, FF, 07, ...] .text C:\Windows\System32\svchost.exe[3364] C:\Windows\system32\KERNELBASE.dll!FindFirstFileExW 000007fefd256620 12 bytes [48, B8, 62, 1E, F2, FF, FF, ...] .text C:\Windows\System32\svchost.exe[3364] C:\Windows\system32\KERNELBASE.dll!FindNextFileW + 1 000007fefd257901 11 bytes [B8, F8, 1E, F2, FF, FF, 07, ...] .text C:\Windows\System32\svchost.exe[3364] C:\Windows\system32\KERNELBASE.dll!CreateMutexW 000007fefd258750 9 bytes [48, B8, 38, 0C, F2, FF, FF, ...] .text C:\Windows\System32\svchost.exe[3364] C:\Windows\system32\KERNELBASE.dll!CreateMutexW + 10 000007fefd25875a 2 bytes [50, C3] .text C:\Windows\System32\svchost.exe[3364] C:\Windows\system32\KERNELBASE.dll!CreateWellKnownSid + 1 000007fefd25a5c1 11 bytes [B8, 24, 20, F2, FF, FF, 07, ...] .text C:\Windows\System32\svchost.exe[3364] C:\Windows\system32\KERNELBASE.dll!FreeLibrary + 1 000007fefd25aa61 11 bytes [B8, D6, 13, F2, FF, FF, 07, ...] .text C:\Windows\System32\svchost.exe[3364] C:\Windows\system32\KERNELBASE.dll!CreateRemoteThreadEx 000007fefd25acb0 12 bytes [48, B8, CC, 1D, F2, FF, FF, ...] .text C:\Windows\System32\svchost.exe[3364] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExA + 1 000007fefd25c751 11 bytes [B8, AA, 12, F2, FF, FF, 07, ...] .text C:\Windows\System32\svchost.exe[3364] C:\Windows\system32\KERNELBASE.dll!OpenThread + 1 000007fefd25ef51 11 bytes [B8, E0, 09, F2, FF, FF, 07, ...] .text C:\Windows\System32\svchost.exe[3364] C:\Windows\system32\KERNELBASE.dll!OpenMutexW + 1 000007fefd261c41 11 bytes [B8, A2, 0B, F2, FF, FF, 07, ...] .text C:\Windows\System32\svchost.exe[3364] C:\Windows\system32\KERNELBASE.dll!DeleteFileW + 1 000007fefd263291 11 bytes [B8, 48, 1A, F2, FF, FF, 07, ...] .text C:\Windows\System32\svchost.exe[3364] C:\Windows\system32\KERNELBASE.dll!DeleteFileA + 1 000007fefd2635a1 11 bytes [B8, DE, 1A, F2, FF, FF, 07, ...] .text C:\Windows\System32\svchost.exe[3364] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd269ac0 12 bytes [48, B8, 40, 13, F2, FF, FF, ...] .text C:\Windows\System32\svchost.exe[3364] C:\Windows\system32\KERNELBASE.dll!WriteProcessMemory 000007fefd2838a0 12 bytes [48, B8, 0C, 0B, F2, FF, FF, ...] .text C:\Windows\System32\svchost.exe[3364] C:\Windows\system32\KERNELBASE.dll!DefineDosDeviceW + 1 000007fefd28ff01 11 bytes [B8, 5A, 17, F2, FF, FF, 07, ...] .text C:\Windows\System32\svchost.exe[3364] C:\Windows\system32\KERNELBASE.dll!CreateRemoteThread + 1 000007fefd2922c1 8 bytes [B8, AC, 01, F2, FF, FF, 07, ...] .text C:\Windows\System32\svchost.exe[3364] C:\Windows\system32\KERNELBASE.dll!CreateRemoteThread + 10 000007fefd2922ca 2 bytes [50, C3] .text C:\Windows\System32\svchost.exe[3364] C:\Windows\system32\KERNELBASE.dll!CreateThread + 1 000007fefd292301 11 bytes [B8, 76, 0A, F2, FF, FF, 07, ...] .text C:\Windows\System32\svchost.exe[3364] C:\Windows\system32\GDI32.dll!GdiDllInitialize + 353 000007feff3caf11 11 bytes [B8, 6A, 25, F2, FF, FF, 07, ...] .text C:\Windows\System32\svchost.exe[3364] C:\Windows\system32\GDI32.dll!SetBrushAttributes + 1 000007feff3e49a9 11 bytes [B8, 2C, 27, F2, FF, FF, 07, ...] .text C:\Windows\System32\svchost.exe[3364] C:\Windows\system32\GDI32.dll!ClearBrushAttributes + 1 000007feff3e49c9 11 bytes [B8, C2, 27, F2, FF, FF, 07, ...] .text C:\Windows\System32\svchost.exe[3364] C:\Windows\system32\GDI32.dll!NamedEscape + 1 000007feff3f9271 11 bytes [B8, 58, 28, F2, FF, FF, 07, ...] .text C:\Windows\System32\svchost.exe[3364] C:\Windows\system32\ADVAPI32.dll!CryptExportKey + 1 000007fefeb7ac21 11 bytes [B8, A0, 44, F2, FF, FF, 07, ...] .text C:\Windows\System32\svchost.exe[3364] C:\Windows\system32\ADVAPI32.dll!CryptAcquireContextA + 1 000007fefeb7ac7d 11 bytes [B8, C8, 41, F2, FF, FF, 07, ...] .text C:\Windows\System32\svchost.exe[3364] C:\Windows\system32\ADVAPI32.dll!CryptImportKey + 1 000007fefeb7e415 11 bytes [B8, 4C, 46, F2, FF, FF, 07, ...] .text C:\Windows\System32\svchost.exe[3364] C:\Windows\system32\ADVAPI32.dll!OpenServiceW 000007fefeb7e514 12 bytes [48, B8, 18, 3C, F2, FF, FF, ...] .text C:\Windows\System32\svchost.exe[3364] C:\Windows\system32\ADVAPI32.dll!CryptAcquireContextW + 1 000007fefeb801bd 11 bytes [B8, 5E, 42, F2, FF, FF, 07, ...] .text C:\Windows\System32\svchost.exe[3364] C:\Windows\system32\ADVAPI32.dll!CryptCreateHash + 1 000007fefeb80291 11 bytes [B8, 0A, 44, F2, FF, FF, 07, ...] .text C:\Windows\System32\svchost.exe[3364] C:\Windows\system32\ADVAPI32.dll!CryptGetHashParam + 1 000007fefeb802bd 11 bytes [B8, 36, 45, F2, FF, FF, 07, ...] .text C:\Windows\System32\svchost.exe[3364] C:\Windows\system32\ADVAPI32.dll!CloseServiceHandle 000007fefeb8a830 12 bytes [48, B8, 06, 40, F2, FF, FF, ...] .text C:\Windows\System32\svchost.exe[3364] C:\Windows\system32\ADVAPI32.dll!IsTextUnicode + 49 000007fefeb94291 11 bytes [B8, 00, 26, F2, FF, FF, 07, ...] .text C:\Windows\System32\svchost.exe[3364] C:\Windows\system32\ADVAPI32.dll!CreateServiceW 000007fefeb949b0 12 bytes [48, B8, 32, 41, F2, FF, FF, ...] .text C:\Windows\System32\svchost.exe[3364] C:\Windows\system32\ADVAPI32.dll!CryptEncrypt + 1 000007fefebaa409 7 bytes [B8, 74, 43, F2, FF, FF, 07] .text C:\Windows\System32\svchost.exe[3364] C:\Windows\system32\ADVAPI32.dll!CryptEncrypt + 10 000007fefebaa412 2 bytes [50, C3] .text C:\Windows\System32\svchost.exe[3364] C:\Windows\system32\ADVAPI32.dll!CreateServiceA 000007fefebaa490 12 bytes [48, B8, 9C, 40, F2, FF, FF, ...] .text C:\Windows\System32\svchost.exe[3364] C:\Windows\system32\ADVAPI32.dll!ControlServiceExW 000007fefebaa5e8 36 bytes [48, B8, 44, 3D, F2, FF, FF, ...] .text C:\Windows\System32\svchost.exe[3364] C:\Windows\system32\ADVAPI32.dll!ChangeServiceConfigA 000007fefebaa66c 12 bytes [48, B8, DA, 3E, F2, FF, FF, ...] .text C:\Windows\System32\svchost.exe[3364] C:\Windows\system32\WS2_32.dll!WSASend + 1 000007fefea813b1 11 bytes [B8, FC, 4A, F2, FF, FF, 07, ...] .text C:\Windows\System32\svchost.exe[3364] C:\Windows\system32\WS2_32.dll!closesocket 000007fefea818e0 12 bytes [48, B8, 66, 4A, F2, FF, FF, ...] .text C:\Windows\System32\svchost.exe[3364] C:\Windows\system32\WS2_32.dll!WSASocketW + 1 000007fefea81bd1 11 bytes [B8, D0, 49, F2, FF, FF, 07, ...] .text C:\Windows\System32\svchost.exe[3364] C:\Windows\system32\WS2_32.dll!WSARecv + 1 000007fefea82201 11 bytes [B8, 54, 4D, F2, FF, FF, 07, ...] .text C:\Windows\System32\svchost.exe[3364] C:\Windows\system32\WS2_32.dll!GetAddrInfoW 000007fefea823c0 12 bytes [48, B8, 78, 47, F2, FF, FF, ...] .text C:\Windows\System32\svchost.exe[3364] C:\Windows\system32\WS2_32.dll!connect 000007fefea842f0 12 bytes [48, B8, E2, 46, F2, FF, FF, ...] .text C:\Windows\System32\svchost.exe[3364] C:\Windows\system32\WS2_32.dll!send + 1 000007fefea87cd1 11 bytes [B8, 3A, 49, F2, FF, FF, 07, ...] .text C:\Windows\System32\svchost.exe[3364] C:\Windows\system32\WS2_32.dll!gethostbyname 000007fefea88ac0 8 bytes [48, B8, A4, 48, F2, FF, FF, ...] .text C:\Windows\System32\svchost.exe[3364] C:\Windows\system32\WS2_32.dll!gethostbyname + 9 000007fefea88ac9 3 bytes [00, 50, C3] .text C:\Windows\System32\svchost.exe[3364] C:\Windows\system32\WS2_32.dll!GetAddrInfoExW 000007fefea8be40 12 bytes [48, B8, 0E, 48, F2, FF, FF, ...] .text C:\Windows\System32\svchost.exe[3364] C:\Windows\system32\WS2_32.dll!socket + 1 000007fefea8d911 11 bytes [B8, 92, 4B, F2, FF, FF, 07, ...] .text C:\Windows\System32\svchost.exe[3364] C:\Windows\system32\WS2_32.dll!recv + 1 000007fefea8d9c1 11 bytes [B8, BE, 4C, F2, FF, FF, 07, ...] .text C:\Windows\System32\svchost.exe[3364] C:\Windows\system32\WS2_32.dll!WSAConnect + 1 000007fefeaae081 11 bytes [B8, 28, 4C, F2, FF, FF, 07, ...] .text C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe[3400] C:\Windows\SYSTEM32\ntdll.dll!RtlEqualSid + 1 00000000773076b1 11 bytes [B8, 7C, 22, F2, FF, FF, 07, ...] .text C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe[3400] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateProcessParametersEx + 1 0000000077315121 7 bytes [B8, 64, 0D, F2, FF, FF, 07] .text C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe[3400] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateProcessParametersEx + 10 000000007731512a 2 bytes [50, C3] .text C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe[3400] C:\Windows\SYSTEM32\ntdll.dll!NtClose 000000007732be20 12 bytes [48, B8, 98, 15, F2, FF, FF, ...] .text C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe[3400] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory 000000007732beb0 12 bytes [48, B8, 36, 1D, F2, FF, FF, ...] .text C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe[3400] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess 000000007732bef0 12 bytes [48, B8, 14, 12, F2, FF, FF, ...] .text C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe[3400] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationToken 000000007732bf40 12 bytes [48, B8, E6, 21, F2, FF, FF, ...] .text C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe[3400] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 000000007732bf90 12 bytes [48, B8, 5C, 06, F2, FF, FF, ...] .text C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe[3400] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 000000007732bfb0 12 bytes [48, B8, 80, 00, F2, FF, FF, ...] .text C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe[3400] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection 000000007732bfd0 12 bytes [48, B8, 16, 01, F2, FF, FF, ...] .text C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe[3400] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000000007732bff0 12 bytes [48, B8, 7E, 11, F2, FF, FF, ...] .text C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe[3400] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 000000007732c0a0 12 bytes [48, B8, A8, 23, F2, FF, FF, ...] .text C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe[3400] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000000007732c0d0 12 bytes [48, B8, 30, 05, F2, FF, FF, ...] .text C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe[3400] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 000000007732c0f0 12 bytes [48, B8, 88, 07, F2, FF, FF, ...] .text C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe[3400] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 000000007732c130 12 bytes [48, B8, 0A, 1C, F2, FF, FF, ...] .text C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe[3400] C:\Windows\SYSTEM32\ntdll.dll!NtAdjustPrivilegesToken 000000007732c140 12 bytes [48, B8, 48, 1A, F2, FF, FF, ...] .text C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe[3400] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 000000007732c180 12 bytes [48, B8, F2, 06, F2, FF, FF, ...] .text C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe[3400] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcessEx 000000007732c200 12 bytes [48, B8, 04, 04, F2, FF, FF, ...] .text C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe[3400] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 000000007732c210 12 bytes [48, B8, D8, 02, F2, FF, FF, ...] .text C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe[3400] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory 000000007732c230 12 bytes [48, B8, CC, 1D, F2, FF, FF, ...] .text C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe[3400] C:\Windows\SYSTEM32\ntdll.dll!NtSetValueKey 000000007732c330 12 bytes [48, B8, D4, 24, F2, FF, FF, ...] .text C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe[3400] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 000000007732c700 12 bytes [48, B8, A0, 1C, F2, FF, FF, ...] .text C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe[3400] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcess 000000007732c750 12 bytes [48, B8, 6E, 03, F2, FF, FF, ...] .text C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe[3400] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 000000007732c7b0 12 bytes [48, B8, 42, 02, F2, FF, FF, ...] .text C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe[3400] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 000000007732cb20 12 bytes [48, B8, 2E, 16, F2, FF, FF, ...] .text C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe[3400] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcessToken 000000007732ccf0 12 bytes [48, B8, 50, 21, F2, FF, FF, ...] .text C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe[3400] C:\Windows\SYSTEM32\ntdll.dll!NtRaiseHardError 000000007732d060 12 bytes [48, B8, 52, 10, F2, FF, FF, ...] .text C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe[3400] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 000000007732d260 12 bytes [48, B8, C6, 05, F2, FF, FF, ...] .text C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe[3400] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 000000007732d420 12 bytes [48, B8, C4, 16, F2, FF, FF, ...] .text C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe[3400] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 000000007732d500 12 bytes [48, B8, 4A, 09, F2, FF, FF, ...] .text C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe[3400] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 000000007732d510 12 bytes [48, B8, B4, 08, F2, FF, FF, ...] .text C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe[3400] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 000000007732d520 12 bytes [48, B8, 3E, 24, F2, FF, FF, ...] .text C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe[3400] C:\Windows\SYSTEM32\ntdll.dll!RtlReportException + 1 000000007739e391 11 bytes [B8, E8, 10, F2, FF, FF, 07, ...] .text C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe[3400] C:\Windows\system32\kernel32.dll!Process32NextW + 1 00000000770c1b21 11 bytes [B8, 02, 15, F2, FF, FF, 07, ...] .text C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe[3400] C:\Windows\system32\kernel32.dll!CreateToolhelp32Snapshot 00000000770c1c10 12 bytes [48, B8, 1E, 08, F2, FF, FF, ...] .text C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe[3400] C:\Windows\system32\kernel32.dll!MoveFileExW + 1 00000000770c2b61 8 bytes [B8, 86, 18, F2, FF, FF, 07, ...] .text C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe[3400] C:\Windows\system32\kernel32.dll!MoveFileExW + 10 00000000770c2b6a 2 bytes [50, C3] .text C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe[3400] C:\Windows\system32\kernel32.dll!CreateProcessInternalW 00000000770ddd20 12 bytes [48, B8, 9A, 04, F2, FF, FF, ...] .text C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe[3400] C:\Windows\system32\kernel32.dll!GetStartupInfoA + 1 00000000770e08c1 11 bytes [B8, 12, 23, F2, FF, FF, 07, ...] .text C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe[3400] C:\Windows\system32\kernel32.dll!ReadConsoleInputW + 1 00000000771154f1 11 bytes [B8, 90, 0E, F2, FF, FF, 07, ...] .text C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe[3400] C:\Windows\system32\kernel32.dll!ReadConsoleInputA + 1 0000000077115511 11 bytes [B8, FA, 0D, F2, FF, FF, 07, ...] .text C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe[3400] C:\Windows\system32\kernel32.dll!ReadConsoleW 000000007712a830 12 bytes [48, B8, BC, 0F, F2, FF, FF, ...] .text C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe[3400] C:\Windows\system32\kernel32.dll!ReadConsoleA 000000007712a940 12 bytes [48, B8, 26, 0F, F2, FF, FF, ...] .text C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe[3400] C:\Windows\system32\kernel32.dll!MoveFileWithProgressW + 1 000000007714f6e1 11 bytes [B8, B2, 19, F2, FF, FF, 07, ...] .text C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe[3400] C:\Windows\system32\kernel32.dll!MoveFileWithProgressA + 1 000000007714f8e1 11 bytes [B8, 1C, 19, F2, FF, FF, 07, ...] .text C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe[3400] C:\Windows\system32\kernel32.dll!MoveFileExA + 1 000000007714f911 8 bytes [B8, F0, 17, F2, FF, FF, 07, ...] .text C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe[3400] C:\Windows\system32\kernel32.dll!MoveFileExA + 10 000000007714f91a 2 bytes [50, C3] .text C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe[3400] C:\Windows\system32\KERNELBASE.dll!CloseHandle + 1 000007fefd251861 11 bytes [B8, CE, 0C, F2, FF, FF, 07, ...] .text C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe[3400] C:\Windows\system32\KERNELBASE.dll!GetProcAddress + 1 000007fefd253371 11 bytes [B8, 6C, 14, F2, FF, FF, 07, ...] .text C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe[3400] C:\Windows\system32\KERNELBASE.dll!FindClose + 1 000007fefd256401 11 bytes [B8, 24, 20, F2, FF, FF, 07, ...] .text C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe[3400] C:\Windows\system32\KERNELBASE.dll!FindFirstFileExW 000007fefd256620 12 bytes [48, B8, F8, 1E, F2, FF, FF, ...] .text C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe[3400] C:\Windows\system32\KERNELBASE.dll!FindNextFileW + 1 000007fefd257901 11 bytes [B8, 8E, 1F, F2, FF, FF, 07, ...] .text C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe[3400] C:\Windows\system32\KERNELBASE.dll!CreateMutexW 000007fefd258750 9 bytes [48, B8, 38, 0C, F2, FF, FF, ...] .text C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe[3400] C:\Windows\system32\KERNELBASE.dll!CreateMutexW + 10 000007fefd25875a 2 bytes [50, C3] .text C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe[3400] C:\Windows\system32\KERNELBASE.dll!CreateWellKnownSid + 1 000007fefd25a5c1 11 bytes [B8, BA, 20, F2, FF, FF, 07, ...] .text C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe[3400] C:\Windows\system32\KERNELBASE.dll!FreeLibrary + 1 000007fefd25aa61 11 bytes [B8, D6, 13, F2, FF, FF, 07, ...] .text C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe[3400] C:\Windows\system32\KERNELBASE.dll!CreateRemoteThreadEx 000007fefd25acb0 12 bytes [48, B8, 62, 1E, F2, FF, FF, ...] .text C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe[3400] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExA + 1 000007fefd25c751 11 bytes [B8, AA, 12, F2, FF, FF, 07, ...] .text C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe[3400] C:\Windows\system32\KERNELBASE.dll!OpenThread + 1 000007fefd25ef51 11 bytes [B8, E0, 09, F2, FF, FF, 07, ...] .text C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe[3400] C:\Windows\system32\KERNELBASE.dll!OpenMutexW + 1 000007fefd261c41 11 bytes [B8, A2, 0B, F2, FF, FF, 07, ...] .text C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe[3400] C:\Windows\system32\KERNELBASE.dll!DeleteFileW + 1 000007fefd263291 11 bytes [B8, DE, 1A, F2, FF, FF, 07, ...] .text C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe[3400] C:\Windows\system32\KERNELBASE.dll!DeleteFileA + 1 000007fefd2635a1 11 bytes [B8, 74, 1B, F2, FF, FF, 07, ...] .text C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe[3400] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd269ac0 12 bytes [48, B8, 40, 13, F2, FF, FF, ...] .text C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe[3400] C:\Windows\system32\KERNELBASE.dll!WriteProcessMemory 000007fefd2838a0 12 bytes [48, B8, 0C, 0B, F2, FF, FF, ...] .text C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe[3400] C:\Windows\system32\KERNELBASE.dll!DefineDosDeviceW + 1 000007fefd28ff01 11 bytes [B8, 5A, 17, F2, FF, FF, 07, ...] .text C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe[3400] C:\Windows\system32\KERNELBASE.dll!CreateRemoteThread + 1 000007fefd2922c1 8 bytes [B8, AC, 01, F2, FF, FF, 07, ...] .text C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe[3400] C:\Windows\system32\KERNELBASE.dll!CreateRemoteThread + 10 000007fefd2922ca 2 bytes [50, C3] .text C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe[3400] C:\Windows\system32\KERNELBASE.dll!CreateThread + 1 000007fefd292301 11 bytes [B8, 76, 0A, F2, FF, FF, 07, ...] .text C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe[3400] C:\Windows\system32\GDI32.dll!GdiDllInitialize + 353 000007feff3caf11 11 bytes [B8, 00, 26, F2, FF, FF, 07, ...] .text C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe[3400] C:\Windows\system32\GDI32.dll!SetBrushAttributes + 1 000007feff3e49a9 11 bytes [B8, C2, 27, F2, FF, FF, 07, ...] .text C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe[3400] C:\Windows\system32\GDI32.dll!ClearBrushAttributes + 1 000007feff3e49c9 2 bytes [B8, 58] .text C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe[3400] C:\Windows\system32\GDI32.dll!ClearBrushAttributes + 4 000007feff3e49cc 8 bytes [F2, FF, FF, 07, 00, 00, 50, ...] .text C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe[3400] C:\Windows\system32\GDI32.dll!NamedEscape + 1 000007feff3f9271 11 bytes [B8, EE, 28, F2, FF, FF, 07, ...] .text C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe[3400] C:\Windows\system32\ADVAPI32.dll!CryptExportKey + 1 000007fefeb7ac21 11 bytes [B8, CC, 45, F2, FF, FF, 07, ...] .text C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe[3400] C:\Windows\system32\ADVAPI32.dll!CryptAcquireContextA + 1 000007fefeb7ac7d 11 bytes [B8, F4, 42, F2, FF, FF, 07, ...] .text C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe[3400] C:\Windows\system32\ADVAPI32.dll!CryptImportKey + 1 000007fefeb7e415 11 bytes [B8, 78, 47, F2, FF, FF, 07, ...] .text C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe[3400] C:\Windows\system32\ADVAPI32.dll!OpenServiceW 000007fefeb7e514 12 bytes [48, B8, 44, 3D, F2, FF, FF, ...] .text C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe[3400] C:\Windows\system32\ADVAPI32.dll!CryptAcquireContextW + 1 000007fefeb801bd 11 bytes [B8, 8A, 43, F2, FF, FF, 07, ...] .text C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe[3400] C:\Windows\system32\ADVAPI32.dll!CryptCreateHash + 1 000007fefeb80291 11 bytes [B8, 36, 45, F2, FF, FF, 07, ...] .text C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe[3400] C:\Windows\system32\ADVAPI32.dll!CryptGetHashParam + 1 000007fefeb802bd 11 bytes [B8, 62, 46, F2, FF, FF, 07, ...] .text C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe[3400] C:\Windows\system32\ADVAPI32.dll!CloseServiceHandle 000007fefeb8a830 12 bytes [48, B8, 32, 41, F2, FF, FF, ...] .text C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe[3400] C:\Windows\system32\ADVAPI32.dll!IsTextUnicode + 49 000007fefeb94291 11 bytes [B8, 2C, 27, F2, FF, FF, 07, ...] .text C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe[3400] C:\Windows\system32\ADVAPI32.dll!CreateServiceW 000007fefeb949b0 12 bytes [48, B8, 5E, 42, F2, FF, FF, ...] .text C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe[3400] C:\Windows\system32\ADVAPI32.dll!CryptEncrypt + 1 000007fefebaa409 7 bytes [B8, A0, 44, F2, FF, FF, 07] .text C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe[3400] C:\Windows\system32\ADVAPI32.dll!CryptEncrypt + 10 000007fefebaa412 2 bytes [50, C3] .text C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe[3400] C:\Windows\system32\ADVAPI32.dll!CreateServiceA 000007fefebaa490 12 bytes [48, B8, C8, 41, F2, FF, FF, ...] .text C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe[3400] C:\Windows\system32\ADVAPI32.dll!ControlServiceExW 000007fefebaa5e8 36 bytes [48, B8, 70, 3E, F2, FF, FF, ...] .text C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe[3400] C:\Windows\system32\ADVAPI32.dll!ChangeServiceConfigA 000007fefebaa66c 12 bytes [48, B8, 06, 40, F2, FF, FF, ...] .text C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe[3400] C:\Windows\system32\WS2_32.dll!WSASend + 1 000007fefea813b1 11 bytes [B8, BE, 4C, F2, FF, FF, 07, ...] .text C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe[3400] C:\Windows\system32\WS2_32.dll!closesocket 000007fefea818e0 12 bytes [48, B8, 28, 4C, F2, FF, FF, ...] .text C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe[3400] C:\Windows\system32\WS2_32.dll!WSASocketW + 1 000007fefea81bd1 11 bytes [B8, 92, 4B, F2, FF, FF, 07, ...] .text C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe[3400] C:\Windows\system32\WS2_32.dll!WSARecv + 1 000007fefea82201 11 bytes [B8, 16, 4F, F2, FF, FF, 07, ...] .text C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe[3400] C:\Windows\system32\WS2_32.dll!GetAddrInfoW 000007fefea823c0 12 bytes [48, B8, 3A, 49, F2, FF, FF, ...] .text C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe[3400] C:\Windows\system32\WS2_32.dll!connect 000007fefea842f0 12 bytes [48, B8, A4, 48, F2, FF, FF, ...] .text C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe[3400] C:\Windows\system32\WS2_32.dll!send + 1 000007fefea87cd1 11 bytes [B8, FC, 4A, F2, FF, FF, 07, ...] .text C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe[3400] C:\Windows\system32\WS2_32.dll!gethostbyname 000007fefea88ac0 8 bytes [48, B8, 66, 4A, F2, FF, FF, ...] .text C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe[3400] C:\Windows\system32\WS2_32.dll!gethostbyname + 9 000007fefea88ac9 3 bytes [00, 50, C3] .text C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe[3400] C:\Windows\system32\WS2_32.dll!GetAddrInfoExW 000007fefea8be40 12 bytes [48, B8, D0, 49, F2, FF, FF, ...] .text C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe[3400] C:\Windows\system32\WS2_32.dll!socket + 1 000007fefea8d911 11 bytes [B8, 54, 4D, F2, FF, FF, 07, ...] .text C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe[3400] C:\Windows\system32\WS2_32.dll!recv + 1 000007fefea8d9c1 11 bytes [B8, 80, 4E, F2, FF, FF, 07, ...] .text C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe[3400] C:\Windows\system32\WS2_32.dll!WSAConnect + 1 000007fefeaae081 11 bytes [B8, EA, 4D, F2, FF, FF, 07, ...] .text C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe[3400] C:\Windows\system32\WINHTTP.dll!WinHttpCloseHandle 000007fef67e22d0 12 bytes [48, B8, D8, 50, F2, FF, FF, ...] .text C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe[3400] C:\Windows\system32\WINHTTP.dll!WinHttpOpenRequest 000007fef67e45f0 12 bytes [48, B8, 42, 50, F2, FF, FF, ...] .text C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe[3400] C:\Windows\system32\WINHTTP.dll!WinHttpConnect 000007fef67f3e68 12 bytes [48, B8, 6E, 51, F2, FF, FF, ...] .text C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe[3400] C:\Windows\system32\DNSAPI.dll!DnsQuery_UTF8 000007fefc5e56e0 12 bytes [48, B8, C6, 53, F2, FF, FF, ...] .text C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe[3400] C:\Windows\system32\DNSAPI.dll!DnsQuery_W 000007fefc5f010c 12 bytes [48, B8, 30, 53, F2, FF, FF, ...] .text C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe[3400] C:\Windows\system32\DNSAPI.dll!DnsQuery_A 000007fefc60daa0 12 bytes [48, B8, 9A, 52, F2, FF, FF, ...] .text C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe[3452] C:\Windows\SYSTEM32\ntdll.dll!RtlEqualSid + 1 00000000773076b1 11 bytes [B8, 7C, 22, F2, FF, FF, 07, ...] .text C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe[3452] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateProcessParametersEx + 1 0000000077315121 7 bytes [B8, 64, 0D, F2, FF, FF, 07] .text C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe[3452] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateProcessParametersEx + 10 000000007731512a 2 bytes [50, C3] .text C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe[3452] C:\Windows\SYSTEM32\ntdll.dll!NtClose 000000007732be20 12 bytes [48, B8, 98, 15, F2, FF, FF, ...] .text C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe[3452] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory 000000007732beb0 12 bytes [48, B8, 36, 1D, F2, FF, FF, ...] .text C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe[3452] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess 000000007732bef0 12 bytes [48, B8, 14, 12, F2, FF, FF, ...] .text C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe[3452] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationToken 000000007732bf40 12 bytes [48, B8, E6, 21, F2, FF, FF, ...] .text C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe[3452] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 000000007732bf90 12 bytes [48, B8, 5C, 06, F2, FF, FF, ...] .text C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe[3452] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 000000007732bfb0 12 bytes [48, B8, 80, 00, F2, FF, FF, ...] .text C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe[3452] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection 000000007732bfd0 12 bytes [48, B8, 16, 01, F2, FF, FF, ...] .text C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe[3452] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000000007732bff0 12 bytes [48, B8, 7E, 11, F2, FF, FF, ...] .text C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe[3452] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 000000007732c0a0 12 bytes [48, B8, A8, 23, F2, FF, FF, ...] .text C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe[3452] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000000007732c0d0 12 bytes [48, B8, 30, 05, F2, FF, FF, ...] .text C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe[3452] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 000000007732c0f0 12 bytes [48, B8, 88, 07, F2, FF, FF, ...] .text C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe[3452] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 000000007732c130 12 bytes [48, B8, 0A, 1C, F2, FF, FF, ...] .text C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe[3452] C:\Windows\SYSTEM32\ntdll.dll!NtAdjustPrivilegesToken 000000007732c140 12 bytes [48, B8, 48, 1A, F2, FF, FF, ...] .text C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe[3452] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 000000007732c180 12 bytes [48, B8, F2, 06, F2, FF, FF, ...] .text C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe[3452] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcessEx 000000007732c200 12 bytes [48, B8, 04, 04, F2, FF, FF, ...] .text C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe[3452] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 000000007732c210 12 bytes [48, B8, D8, 02, F2, FF, FF, ...] .text C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe[3452] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory 000000007732c230 12 bytes [48, B8, CC, 1D, F2, FF, FF, ...] .text C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe[3452] C:\Windows\SYSTEM32\ntdll.dll!NtSetValueKey 000000007732c330 12 bytes [48, B8, D4, 24, F2, FF, FF, ...] .text C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe[3452] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 000000007732c700 12 bytes [48, B8, A0, 1C, F2, FF, FF, ...] .text C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe[3452] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcess 000000007732c750 12 bytes [48, B8, 6E, 03, F2, FF, FF, ...] .text C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe[3452] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 000000007732c7b0 12 bytes [48, B8, 42, 02, F2, FF, FF, ...] .text C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe[3452] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 000000007732cb20 12 bytes [48, B8, 2E, 16, F2, FF, FF, ...] .text C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe[3452] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcessToken 000000007732ccf0 12 bytes [48, B8, 50, 21, F2, FF, FF, ...] .text C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe[3452] C:\Windows\SYSTEM32\ntdll.dll!NtRaiseHardError 000000007732d060 12 bytes [48, B8, 52, 10, F2, FF, FF, ...] .text C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe[3452] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 000000007732d260 12 bytes [48, B8, C6, 05, F2, FF, FF, ...] .text C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe[3452] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 000000007732d420 12 bytes [48, B8, C4, 16, F2, FF, FF, ...] .text C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe[3452] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 000000007732d500 12 bytes [48, B8, 4A, 09, F2, FF, FF, ...] .text C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe[3452] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 000000007732d510 12 bytes [48, B8, B4, 08, F2, FF, FF, ...] .text C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe[3452] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 000000007732d520 12 bytes [48, B8, 3E, 24, F2, FF, FF, ...] .text C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe[3452] C:\Windows\SYSTEM32\ntdll.dll!RtlReportException + 1 000000007739e391 11 bytes [B8, E8, 10, F2, FF, FF, 07, ...] .text C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe[3452] C:\Windows\system32\kernel32.dll!Process32NextW + 1 00000000770c1b21 11 bytes [B8, 02, 15, F2, FF, FF, 07, ...] .text C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe[3452] C:\Windows\system32\kernel32.dll!CreateToolhelp32Snapshot 00000000770c1c10 12 bytes [48, B8, 1E, 08, F2, FF, FF, ...] .text C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe[3452] C:\Windows\system32\kernel32.dll!MoveFileExW + 1 00000000770c2b61 8 bytes [B8, 86, 18, F2, FF, FF, 07, ...] .text C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe[3452] C:\Windows\system32\kernel32.dll!MoveFileExW + 10 00000000770c2b6a 2 bytes [50, C3] .text C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe[3452] C:\Windows\system32\kernel32.dll!CreateProcessInternalW 00000000770ddd20 12 bytes [48, B8, 9A, 04, F2, FF, FF, ...] .text C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe[3452] C:\Windows\system32\kernel32.dll!GetStartupInfoA + 1 00000000770e08c1 11 bytes [B8, 12, 23, F2, FF, FF, 07, ...] .text C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe[3452] C:\Windows\system32\kernel32.dll!ReadConsoleInputW + 1 00000000771154f1 11 bytes [B8, 90, 0E, F2, FF, FF, 07, ...] .text C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe[3452] C:\Windows\system32\kernel32.dll!ReadConsoleInputA + 1 0000000077115511 11 bytes [B8, FA, 0D, F2, FF, FF, 07, ...] .text C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe[3452] C:\Windows\system32\kernel32.dll!ReadConsoleW 000000007712a830 12 bytes [48, B8, BC, 0F, F2, FF, FF, ...] .text C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe[3452] C:\Windows\system32\kernel32.dll!ReadConsoleA 000000007712a940 12 bytes [48, B8, 26, 0F, F2, FF, FF, ...] .text C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe[3452] C:\Windows\system32\kernel32.dll!MoveFileWithProgressW + 1 000000007714f6e1 11 bytes [B8, B2, 19, F2, FF, FF, 07, ...] .text C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe[3452] C:\Windows\system32\kernel32.dll!MoveFileWithProgressA + 1 000000007714f8e1 11 bytes [B8, 1C, 19, F2, FF, FF, 07, ...] .text C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe[3452] C:\Windows\system32\kernel32.dll!MoveFileExA + 1 000000007714f911 8 bytes [B8, F0, 17, F2, FF, FF, 07, ...] .text C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe[3452] C:\Windows\system32\kernel32.dll!MoveFileExA + 10 000000007714f91a 2 bytes [50, C3] .text C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe[3452] C:\Windows\system32\KERNELBASE.dll!CloseHandle + 1 000007fefd251861 11 bytes [B8, CE, 0C, F2, FF, FF, 07, ...] .text C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe[3452] C:\Windows\system32\KERNELBASE.dll!GetProcAddress + 1 000007fefd253371 11 bytes [B8, 6C, 14, F2, FF, FF, 07, ...] .text C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe[3452] C:\Windows\system32\KERNELBASE.dll!FindClose + 1 000007fefd256401 11 bytes [B8, 24, 20, F2, FF, FF, 07, ...] .text C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe[3452] C:\Windows\system32\KERNELBASE.dll!FindFirstFileExW 000007fefd256620 12 bytes [48, B8, F8, 1E, F2, FF, FF, ...] .text C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe[3452] C:\Windows\system32\KERNELBASE.dll!FindNextFileW + 1 000007fefd257901 11 bytes [B8, 8E, 1F, F2, FF, FF, 07, ...] .text C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe[3452] C:\Windows\system32\KERNELBASE.dll!CreateMutexW 000007fefd258750 9 bytes [48, B8, 38, 0C, F2, FF, FF, ...] .text C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe[3452] C:\Windows\system32\KERNELBASE.dll!CreateMutexW + 10 000007fefd25875a 2 bytes [50, C3] .text C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe[3452] C:\Windows\system32\KERNELBASE.dll!CreateWellKnownSid + 1 000007fefd25a5c1 11 bytes [B8, BA, 20, F2, FF, FF, 07, ...] .text C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe[3452] C:\Windows\system32\KERNELBASE.dll!FreeLibrary + 1 000007fefd25aa61 11 bytes [B8, D6, 13, F2, FF, FF, 07, ...] .text C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe[3452] C:\Windows\system32\KERNELBASE.dll!CreateRemoteThreadEx 000007fefd25acb0 12 bytes [48, B8, 62, 1E, F2, FF, FF, ...] .text C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe[3452] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExA + 1 000007fefd25c751 11 bytes [B8, AA, 12, F2, FF, FF, 07, ...] .text C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe[3452] C:\Windows\system32\KERNELBASE.dll!OpenThread + 1 000007fefd25ef51 11 bytes [B8, E0, 09, F2, FF, FF, 07, ...] .text C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe[3452] C:\Windows\system32\KERNELBASE.dll!OpenMutexW + 1 000007fefd261c41 11 bytes [B8, A2, 0B, F2, FF, FF, 07, ...] .text C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe[3452] C:\Windows\system32\KERNELBASE.dll!DeleteFileW + 1 000007fefd263291 11 bytes [B8, DE, 1A, F2, FF, FF, 07, ...] .text C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe[3452] C:\Windows\system32\KERNELBASE.dll!DeleteFileA + 1 000007fefd2635a1 11 bytes [B8, 74, 1B, F2, FF, FF, 07, ...] .text C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe[3452] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd269ac0 12 bytes [48, B8, 40, 13, F2, FF, FF, ...] .text C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe[3452] C:\Windows\system32\KERNELBASE.dll!WriteProcessMemory 000007fefd2838a0 12 bytes [48, B8, 0C, 0B, F2, FF, FF, ...] .text C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe[3452] C:\Windows\system32\KERNELBASE.dll!DefineDosDeviceW + 1 000007fefd28ff01 11 bytes [B8, 5A, 17, F2, FF, FF, 07, ...] .text C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe[3452] C:\Windows\system32\KERNELBASE.dll!CreateRemoteThread + 1 000007fefd2922c1 8 bytes [B8, AC, 01, F2, FF, FF, 07, ...] .text C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe[3452] C:\Windows\system32\KERNELBASE.dll!CreateRemoteThread + 10 000007fefd2922ca 2 bytes [50, C3] .text C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe[3452] C:\Windows\system32\KERNELBASE.dll!CreateThread + 1 000007fefd292301 11 bytes [B8, 76, 0A, F2, FF, FF, 07, ...] .text C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe[3452] C:\Windows\system32\GDI32.dll!GdiDllInitialize + 353 000007feff3caf11 11 bytes [B8, 00, 26, F2, FF, FF, 07, ...] .text C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe[3452] C:\Windows\system32\GDI32.dll!SetBrushAttributes + 1 000007feff3e49a9 11 bytes [B8, C2, 27, F2, FF, FF, 07, ...] .text C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe[3452] C:\Windows\system32\GDI32.dll!ClearBrushAttributes + 1 000007feff3e49c9 2 bytes [B8, 58] .text C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe[3452] C:\Windows\system32\GDI32.dll!ClearBrushAttributes + 4 000007feff3e49cc 8 bytes [F2, FF, FF, 07, 00, 00, 50, ...] .text C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe[3452] C:\Windows\system32\GDI32.dll!NamedEscape + 1 000007feff3f9271 11 bytes [B8, EE, 28, F2, FF, FF, 07, ...] .text C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe[3452] C:\Windows\system32\ADVAPI32.dll!CryptExportKey + 1 000007fefeb7ac21 11 bytes [B8, CC, 45, F2, FF, FF, 07, ...] .text C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe[3452] C:\Windows\system32\ADVAPI32.dll!CryptAcquireContextA + 1 000007fefeb7ac7d 11 bytes [B8, F4, 42, F2, FF, FF, 07, ...] .text C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe[3452] C:\Windows\system32\ADVAPI32.dll!CryptImportKey + 1 000007fefeb7e415 11 bytes [B8, 78, 47, F2, FF, FF, 07, ...] .text C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe[3452] C:\Windows\system32\ADVAPI32.dll!OpenServiceW 000007fefeb7e514 12 bytes [48, B8, 44, 3D, F2, FF, FF, ...] .text C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe[3452] C:\Windows\system32\ADVAPI32.dll!CryptAcquireContextW + 1 000007fefeb801bd 11 bytes [B8, 8A, 43, F2, FF, FF, 07, ...] .text C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe[3452] C:\Windows\system32\ADVAPI32.dll!CryptCreateHash + 1 000007fefeb80291 11 bytes [B8, 36, 45, F2, FF, FF, 07, ...] .text C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe[3452] C:\Windows\system32\ADVAPI32.dll!CryptGetHashParam + 1 000007fefeb802bd 11 bytes [B8, 62, 46, F2, FF, FF, 07, ...] .text C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe[3452] C:\Windows\system32\ADVAPI32.dll!CloseServiceHandle 000007fefeb8a830 12 bytes [48, B8, 32, 41, F2, FF, FF, ...] .text C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe[3452] C:\Windows\system32\ADVAPI32.dll!IsTextUnicode + 49 000007fefeb94291 11 bytes [B8, 2C, 27, F2, FF, FF, 07, ...] .text C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe[3452] C:\Windows\system32\ADVAPI32.dll!CreateServiceW 000007fefeb949b0 12 bytes [48, B8, 5E, 42, F2, FF, FF, ...] .text C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe[3452] C:\Windows\system32\ADVAPI32.dll!CryptEncrypt + 1 000007fefebaa409 7 bytes [B8, A0, 44, F2, FF, FF, 07] .text C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe[3452] C:\Windows\system32\ADVAPI32.dll!CryptEncrypt + 10 000007fefebaa412 2 bytes [50, C3] .text C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe[3452] C:\Windows\system32\ADVAPI32.dll!CreateServiceA 000007fefebaa490 12 bytes [48, B8, C8, 41, F2, FF, FF, ...] .text C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe[3452] C:\Windows\system32\ADVAPI32.dll!ControlServiceExW 000007fefebaa5e8 36 bytes [48, B8, 70, 3E, F2, FF, FF, ...] .text C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe[3452] C:\Windows\system32\ADVAPI32.dll!ChangeServiceConfigA 000007fefebaa66c 12 bytes [48, B8, 06, 40, F2, FF, FF, ...] .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\nvwirelesscontroller.exe[3476] C:\Windows\SYSTEM32\ntdll.dll!RtlEqualSid + 1 00000000773076b1 11 bytes [B8, 7C, 22, F2, FF, FF, 07, ...] .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\nvwirelesscontroller.exe[3476] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateProcessParametersEx + 1 0000000077315121 7 bytes [B8, 64, 0D, F2, FF, FF, 07] .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\nvwirelesscontroller.exe[3476] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateProcessParametersEx + 10 000000007731512a 2 bytes [50, C3] .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\nvwirelesscontroller.exe[3476] C:\Windows\SYSTEM32\ntdll.dll!NtClose 000000007732be20 12 bytes [48, B8, 98, 15, F2, FF, FF, ...] .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\nvwirelesscontroller.exe[3476] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory 000000007732beb0 12 bytes [48, B8, 36, 1D, F2, FF, FF, ...] .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\nvwirelesscontroller.exe[3476] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess 000000007732bef0 12 bytes [48, B8, 14, 12, F2, FF, FF, ...] .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\nvwirelesscontroller.exe[3476] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationToken 000000007732bf40 12 bytes [48, B8, E6, 21, F2, FF, FF, ...] .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\nvwirelesscontroller.exe[3476] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 000000007732bf90 12 bytes [48, B8, 5C, 06, F2, FF, FF, ...] .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\nvwirelesscontroller.exe[3476] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 000000007732bfb0 12 bytes [48, B8, 80, 00, F2, FF, FF, ...] .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\nvwirelesscontroller.exe[3476] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection 000000007732bfd0 12 bytes [48, B8, 16, 01, F2, FF, FF, ...] .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\nvwirelesscontroller.exe[3476] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000000007732bff0 12 bytes [48, B8, 7E, 11, F2, FF, FF, ...] .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\nvwirelesscontroller.exe[3476] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 000000007732c0a0 12 bytes [48, B8, A8, 23, F2, FF, FF, ...] .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\nvwirelesscontroller.exe[3476] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000000007732c0d0 12 bytes [48, B8, 30, 05, F2, FF, FF, ...] .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\nvwirelesscontroller.exe[3476] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 000000007732c0f0 12 bytes [48, B8, 88, 07, F2, FF, FF, ...] .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\nvwirelesscontroller.exe[3476] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 000000007732c130 12 bytes [48, B8, 0A, 1C, F2, FF, FF, ...] .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\nvwirelesscontroller.exe[3476] C:\Windows\SYSTEM32\ntdll.dll!NtAdjustPrivilegesToken 000000007732c140 12 bytes [48, B8, 48, 1A, F2, FF, FF, ...] .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\nvwirelesscontroller.exe[3476] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 000000007732c180 12 bytes [48, B8, F2, 06, F2, FF, FF, ...] .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\nvwirelesscontroller.exe[3476] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcessEx 000000007732c200 12 bytes [48, B8, 04, 04, F2, FF, FF, ...] .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\nvwirelesscontroller.exe[3476] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 000000007732c210 12 bytes [48, B8, D8, 02, F2, FF, FF, ...] .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\nvwirelesscontroller.exe[3476] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory 000000007732c230 12 bytes [48, B8, CC, 1D, F2, FF, FF, ...] .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\nvwirelesscontroller.exe[3476] C:\Windows\SYSTEM32\ntdll.dll!NtSetValueKey 000000007732c330 12 bytes [48, B8, D4, 24, F2, FF, FF, ...] .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\nvwirelesscontroller.exe[3476] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 000000007732c700 12 bytes [48, B8, A0, 1C, F2, FF, FF, ...] .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\nvwirelesscontroller.exe[3476] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcess 000000007732c750 12 bytes [48, B8, 6E, 03, F2, FF, FF, ...] .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\nvwirelesscontroller.exe[3476] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 000000007732c7b0 12 bytes [48, B8, 42, 02, F2, FF, FF, ...] .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\nvwirelesscontroller.exe[3476] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 000000007732cb20 12 bytes [48, B8, 2E, 16, F2, FF, FF, ...] .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\nvwirelesscontroller.exe[3476] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcessToken 000000007732ccf0 12 bytes [48, B8, 50, 21, F2, FF, FF, ...] .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\nvwirelesscontroller.exe[3476] C:\Windows\SYSTEM32\ntdll.dll!NtRaiseHardError 000000007732d060 12 bytes [48, B8, 52, 10, F2, FF, FF, ...] .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\nvwirelesscontroller.exe[3476] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 000000007732d260 12 bytes [48, B8, C6, 05, F2, FF, FF, ...] .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\nvwirelesscontroller.exe[3476] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 000000007732d420 12 bytes [48, B8, C4, 16, F2, FF, FF, ...] .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\nvwirelesscontroller.exe[3476] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 000000007732d500 12 bytes [48, B8, 4A, 09, F2, FF, FF, ...] .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\nvwirelesscontroller.exe[3476] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 000000007732d510 12 bytes [48, B8, B4, 08, F2, FF, FF, ...] .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\nvwirelesscontroller.exe[3476] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 000000007732d520 12 bytes [48, B8, 3E, 24, F2, FF, FF, ...] .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\nvwirelesscontroller.exe[3476] C:\Windows\SYSTEM32\ntdll.dll!RtlReportException + 1 000000007739e391 11 bytes [B8, E8, 10, F2, FF, FF, 07, ...] .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\nvwirelesscontroller.exe[3476] C:\Windows\system32\kernel32.dll!Process32NextW + 1 00000000770c1b21 11 bytes [B8, 02, 15, F2, FF, FF, 07, ...] .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\nvwirelesscontroller.exe[3476] C:\Windows\system32\kernel32.dll!CreateToolhelp32Snapshot 00000000770c1c10 12 bytes [48, B8, 1E, 08, F2, FF, FF, ...] .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\nvwirelesscontroller.exe[3476] C:\Windows\system32\kernel32.dll!MoveFileExW + 1 00000000770c2b61 8 bytes [B8, 86, 18, F2, FF, FF, 07, ...] .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\nvwirelesscontroller.exe[3476] C:\Windows\system32\kernel32.dll!MoveFileExW + 10 00000000770c2b6a 2 bytes [50, C3] .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\nvwirelesscontroller.exe[3476] C:\Windows\system32\kernel32.dll!CreateProcessInternalW 00000000770ddd20 12 bytes [48, B8, 9A, 04, F2, FF, FF, ...] .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\nvwirelesscontroller.exe[3476] C:\Windows\system32\kernel32.dll!GetStartupInfoA + 1 00000000770e08c1 11 bytes [B8, 12, 23, F2, FF, FF, 07, ...] .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\nvwirelesscontroller.exe[3476] C:\Windows\system32\kernel32.dll!ReadConsoleInputW + 1 00000000771154f1 11 bytes [B8, 90, 0E, F2, FF, FF, 07, ...] .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\nvwirelesscontroller.exe[3476] C:\Windows\system32\kernel32.dll!ReadConsoleInputA + 1 0000000077115511 11 bytes [B8, FA, 0D, F2, FF, FF, 07, ...] .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\nvwirelesscontroller.exe[3476] C:\Windows\system32\kernel32.dll!ReadConsoleW 000000007712a830 12 bytes [48, B8, BC, 0F, F2, FF, FF, ...] .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\nvwirelesscontroller.exe[3476] C:\Windows\system32\kernel32.dll!ReadConsoleA 000000007712a940 12 bytes [48, B8, 26, 0F, F2, FF, FF, ...] .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\nvwirelesscontroller.exe[3476] C:\Windows\system32\kernel32.dll!MoveFileWithProgressW + 1 000000007714f6e1 11 bytes [B8, B2, 19, F2, FF, FF, 07, ...] .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\nvwirelesscontroller.exe[3476] C:\Windows\system32\kernel32.dll!MoveFileWithProgressA + 1 000000007714f8e1 11 bytes [B8, 1C, 19, F2, FF, FF, 07, ...] .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\nvwirelesscontroller.exe[3476] C:\Windows\system32\kernel32.dll!MoveFileExA + 1 000000007714f911 8 bytes [B8, F0, 17, F2, FF, FF, 07, ...] .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\nvwirelesscontroller.exe[3476] C:\Windows\system32\kernel32.dll!MoveFileExA + 10 000000007714f91a 2 bytes [50, C3] .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\nvwirelesscontroller.exe[3476] C:\Windows\system32\KERNELBASE.dll!CloseHandle + 1 000007fefd251861 11 bytes [B8, CE, 0C, F2, FF, FF, 07, ...] .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\nvwirelesscontroller.exe[3476] C:\Windows\system32\KERNELBASE.dll!GetProcAddress + 1 000007fefd253371 11 bytes [B8, 6C, 14, F2, FF, FF, 07, ...] .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\nvwirelesscontroller.exe[3476] C:\Windows\system32\KERNELBASE.dll!FindClose + 1 000007fefd256401 11 bytes [B8, 24, 20, F2, FF, FF, 07, ...] .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\nvwirelesscontroller.exe[3476] C:\Windows\system32\KERNELBASE.dll!FindFirstFileExW 000007fefd256620 12 bytes [48, B8, F8, 1E, F2, FF, FF, ...] .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\nvwirelesscontroller.exe[3476] C:\Windows\system32\KERNELBASE.dll!FindNextFileW + 1 000007fefd257901 11 bytes [B8, 8E, 1F, F2, FF, FF, 07, ...] .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\nvwirelesscontroller.exe[3476] C:\Windows\system32\KERNELBASE.dll!CreateMutexW 000007fefd258750 9 bytes [48, B8, 38, 0C, F2, FF, FF, ...] .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\nvwirelesscontroller.exe[3476] C:\Windows\system32\KERNELBASE.dll!CreateMutexW + 10 000007fefd25875a 2 bytes [50, C3] .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\nvwirelesscontroller.exe[3476] C:\Windows\system32\KERNELBASE.dll!CreateWellKnownSid + 1 000007fefd25a5c1 11 bytes [B8, BA, 20, F2, FF, FF, 07, ...] .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\nvwirelesscontroller.exe[3476] C:\Windows\system32\KERNELBASE.dll!FreeLibrary + 1 000007fefd25aa61 11 bytes [B8, D6, 13, F2, FF, FF, 07, ...] .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\nvwirelesscontroller.exe[3476] C:\Windows\system32\KERNELBASE.dll!CreateRemoteThreadEx 000007fefd25acb0 12 bytes [48, B8, 62, 1E, F2, FF, FF, ...] .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\nvwirelesscontroller.exe[3476] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExA + 1 000007fefd25c751 11 bytes [B8, AA, 12, F2, FF, FF, 07, ...] .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\nvwirelesscontroller.exe[3476] C:\Windows\system32\KERNELBASE.dll!OpenThread + 1 000007fefd25ef51 11 bytes [B8, E0, 09, F2, FF, FF, 07, ...] .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\nvwirelesscontroller.exe[3476] C:\Windows\system32\KERNELBASE.dll!OpenMutexW + 1 000007fefd261c41 11 bytes [B8, A2, 0B, F2, FF, FF, 07, ...] .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\nvwirelesscontroller.exe[3476] C:\Windows\system32\KERNELBASE.dll!DeleteFileW + 1 000007fefd263291 11 bytes [B8, DE, 1A, F2, FF, FF, 07, ...] .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\nvwirelesscontroller.exe[3476] C:\Windows\system32\KERNELBASE.dll!DeleteFileA + 1 000007fefd2635a1 11 bytes [B8, 74, 1B, F2, FF, FF, 07, ...] .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\nvwirelesscontroller.exe[3476] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd269ac0 12 bytes [48, B8, 40, 13, F2, FF, FF, ...] .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\nvwirelesscontroller.exe[3476] C:\Windows\system32\KERNELBASE.dll!WriteProcessMemory 000007fefd2838a0 12 bytes [48, B8, 0C, 0B, F2, FF, FF, ...] .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\nvwirelesscontroller.exe[3476] C:\Windows\system32\KERNELBASE.dll!DefineDosDeviceW + 1 000007fefd28ff01 11 bytes [B8, 5A, 17, F2, FF, FF, 07, ...] .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\nvwirelesscontroller.exe[3476] C:\Windows\system32\KERNELBASE.dll!CreateRemoteThread + 1 000007fefd2922c1 8 bytes [B8, AC, 01, F2, FF, FF, 07, ...] .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\nvwirelesscontroller.exe[3476] C:\Windows\system32\KERNELBASE.dll!CreateRemoteThread + 10 000007fefd2922ca 2 bytes [50, C3] .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\nvwirelesscontroller.exe[3476] C:\Windows\system32\KERNELBASE.dll!CreateThread + 1 000007fefd292301 11 bytes [B8, 76, 0A, F2, FF, FF, 07, ...] .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\nvwirelesscontroller.exe[3476] C:\Windows\system32\GDI32.dll!GdiDllInitialize + 353 000007feff3caf11 11 bytes [B8, 00, 26, F2, FF, FF, 07, ...] .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\nvwirelesscontroller.exe[3476] C:\Windows\system32\GDI32.dll!SetBrushAttributes + 1 000007feff3e49a9 11 bytes [B8, 2C, 27, F2, FF, FF, 07, ...] .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\nvwirelesscontroller.exe[3476] C:\Windows\system32\GDI32.dll!ClearBrushAttributes + 1 000007feff3e49c9 11 bytes [B8, C2, 27, F2, FF, FF, 07, ...] .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\nvwirelesscontroller.exe[3476] C:\Windows\system32\GDI32.dll!NamedEscape + 1 000007feff3f9271 11 bytes [B8, 58, 28, F2, FF, FF, 07, ...] .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\nvwirelesscontroller.exe[3476] C:\Windows\system32\ADVAPI32.dll!CryptExportKey + 1 000007fefeb7ac21 11 bytes [B8, A0, 44, F2, FF, FF, 07, ...] .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\nvwirelesscontroller.exe[3476] C:\Windows\system32\ADVAPI32.dll!CryptAcquireContextA + 1 000007fefeb7ac7d 11 bytes [B8, C8, 41, F2, FF, FF, 07, ...] .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\nvwirelesscontroller.exe[3476] C:\Windows\system32\ADVAPI32.dll!CryptImportKey + 1 000007fefeb7e415 11 bytes [B8, 4C, 46, F2, FF, FF, 07, ...] .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\nvwirelesscontroller.exe[3476] C:\Windows\system32\ADVAPI32.dll!OpenServiceW 000007fefeb7e514 12 bytes [48, B8, 18, 3C, F2, FF, FF, ...] .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\nvwirelesscontroller.exe[3476] C:\Windows\system32\ADVAPI32.dll!CryptAcquireContextW + 1 000007fefeb801bd 11 bytes [B8, 5E, 42, F2, FF, FF, 07, ...] .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\nvwirelesscontroller.exe[3476] C:\Windows\system32\ADVAPI32.dll!CryptCreateHash + 1 000007fefeb80291 11 bytes [B8, 0A, 44, F2, FF, FF, 07, ...] .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\nvwirelesscontroller.exe[3476] C:\Windows\system32\ADVAPI32.dll!CryptGetHashParam + 1 000007fefeb802bd 11 bytes [B8, 36, 45, F2, FF, FF, 07, ...] .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\nvwirelesscontroller.exe[3476] C:\Windows\system32\ADVAPI32.dll!CloseServiceHandle 000007fefeb8a830 12 bytes [48, B8, 06, 40, F2, FF, FF, ...] .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\nvwirelesscontroller.exe[3476] C:\Windows\system32\ADVAPI32.dll!IsTextUnicode + 49 000007fefeb94291 11 bytes [B8, 96, 26, F2, FF, FF, 07, ...] .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\nvwirelesscontroller.exe[3476] C:\Windows\system32\ADVAPI32.dll!CreateServiceW 000007fefeb949b0 12 bytes [48, B8, 32, 41, F2, FF, FF, ...] .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\nvwirelesscontroller.exe[3476] C:\Windows\system32\ADVAPI32.dll!CryptEncrypt + 1 000007fefebaa409 7 bytes [B8, 74, 43, F2, FF, FF, 07] .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\nvwirelesscontroller.exe[3476] C:\Windows\system32\ADVAPI32.dll!CryptEncrypt + 10 000007fefebaa412 2 bytes [50, C3] .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\nvwirelesscontroller.exe[3476] C:\Windows\system32\ADVAPI32.dll!CreateServiceA 000007fefebaa490 12 bytes [48, B8, 9C, 40, F2, FF, FF, ...] .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\nvwirelesscontroller.exe[3476] C:\Windows\system32\ADVAPI32.dll!ControlServiceExW 000007fefebaa5e8 36 bytes [48, B8, 44, 3D, F2, FF, FF, ...] .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\nvwirelesscontroller.exe[3476] C:\Windows\system32\ADVAPI32.dll!ChangeServiceConfigA 000007fefebaa66c 12 bytes [48, B8, DA, 3E, F2, FF, FF, ...] .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[3636] C:\Windows\SYSTEM32\ntdll.dll!RtlEqualSid + 1 00000000773076b1 11 bytes [B8, 7C, 22, F2, FF, FF, 07, ...] .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[3636] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateProcessParametersEx + 1 0000000077315121 7 bytes [B8, 64, 0D, F2, FF, FF, 07] .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[3636] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateProcessParametersEx + 10 000000007731512a 2 bytes [50, C3] .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[3636] C:\Windows\SYSTEM32\ntdll.dll!NtClose 000000007732be20 12 bytes [48, B8, 98, 15, F2, FF, FF, ...] .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[3636] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory 000000007732beb0 12 bytes [48, B8, 36, 1D, F2, FF, FF, ...] .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[3636] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess 000000007732bef0 12 bytes [48, B8, 14, 12, F2, FF, FF, ...] .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[3636] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationToken 000000007732bf40 12 bytes [48, B8, E6, 21, F2, FF, FF, ...] .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[3636] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 000000007732bf90 12 bytes [48, B8, 5C, 06, F2, FF, FF, ...] .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[3636] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 000000007732bfb0 12 bytes [48, B8, 80, 00, F2, FF, FF, ...] .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[3636] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection 000000007732bfd0 12 bytes [48, B8, 16, 01, F2, FF, FF, ...] .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[3636] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000000007732bff0 12 bytes [48, B8, 7E, 11, F2, FF, FF, ...] .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[3636] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 000000007732c0a0 12 bytes [48, B8, A8, 23, F2, FF, FF, ...] .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[3636] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000000007732c0d0 12 bytes [48, B8, 30, 05, F2, FF, FF, ...] .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[3636] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 000000007732c0f0 12 bytes [48, B8, 88, 07, F2, FF, FF, ...] .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[3636] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 000000007732c130 12 bytes [48, B8, 0A, 1C, F2, FF, FF, ...] .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[3636] C:\Windows\SYSTEM32\ntdll.dll!NtAdjustPrivilegesToken 000000007732c140 12 bytes [48, B8, 48, 1A, F2, FF, FF, ...] .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[3636] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 000000007732c180 12 bytes [48, B8, F2, 06, F2, FF, FF, ...] .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[3636] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcessEx 000000007732c200 12 bytes [48, B8, 04, 04, F2, FF, FF, ...] .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[3636] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 000000007732c210 12 bytes [48, B8, D8, 02, F2, FF, FF, ...] .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[3636] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory 000000007732c230 12 bytes [48, B8, CC, 1D, F2, FF, FF, ...] .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[3636] C:\Windows\SYSTEM32\ntdll.dll!NtSetValueKey 000000007732c330 12 bytes [48, B8, D4, 24, F2, FF, FF, ...] .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[3636] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 000000007732c700 12 bytes [48, B8, A0, 1C, F2, FF, FF, ...] .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[3636] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcess 000000007732c750 12 bytes [48, B8, 6E, 03, F2, FF, FF, ...] .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[3636] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 000000007732c7b0 12 bytes [48, B8, 42, 02, F2, FF, FF, ...] .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[3636] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 000000007732cb20 12 bytes [48, B8, 2E, 16, F2, FF, FF, ...] .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[3636] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcessToken 000000007732ccf0 12 bytes [48, B8, 50, 21, F2, FF, FF, ...] .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[3636] C:\Windows\SYSTEM32\ntdll.dll!NtRaiseHardError 000000007732d060 12 bytes [48, B8, 52, 10, F2, FF, FF, ...] .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[3636] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 000000007732d260 12 bytes [48, B8, C6, 05, F2, FF, FF, ...] .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[3636] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 000000007732d420 12 bytes [48, B8, C4, 16, F2, FF, FF, ...] .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[3636] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 000000007732d500 12 bytes [48, B8, 4A, 09, F2, FF, FF, ...] .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[3636] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 000000007732d510 12 bytes [48, B8, B4, 08, F2, FF, FF, ...] .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[3636] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 000000007732d520 12 bytes [48, B8, 3E, 24, F2, FF, FF, ...] .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[3636] C:\Windows\SYSTEM32\ntdll.dll!RtlReportException + 1 000000007739e391 11 bytes [B8, E8, 10, F2, FF, FF, 07, ...] .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[3636] C:\Windows\system32\kernel32.dll!Process32NextW + 1 00000000770c1b21 11 bytes [B8, 02, 15, F2, FF, FF, 07, ...] .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[3636] C:\Windows\system32\kernel32.dll!CreateToolhelp32Snapshot 00000000770c1c10 12 bytes [48, B8, 1E, 08, F2, FF, FF, ...] .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[3636] C:\Windows\system32\kernel32.dll!MoveFileExW + 1 00000000770c2b61 8 bytes [B8, 86, 18, F2, FF, FF, 07, ...] .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[3636] C:\Windows\system32\kernel32.dll!MoveFileExW + 10 00000000770c2b6a 2 bytes [50, C3] .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[3636] C:\Windows\system32\kernel32.dll!CreateProcessInternalW 00000000770ddd20 12 bytes [48, B8, 9A, 04, F2, FF, FF, ...] .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[3636] C:\Windows\system32\kernel32.dll!GetStartupInfoA + 1 00000000770e08c1 11 bytes [B8, 12, 23, F2, FF, FF, 07, ...] .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[3636] C:\Windows\system32\kernel32.dll!ReadConsoleInputW + 1 00000000771154f1 11 bytes [B8, 90, 0E, F2, FF, FF, 07, ...] .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[3636] C:\Windows\system32\kernel32.dll!ReadConsoleInputA + 1 0000000077115511 11 bytes [B8, FA, 0D, F2, FF, FF, 07, ...] .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[3636] C:\Windows\system32\kernel32.dll!ReadConsoleW 000000007712a830 12 bytes [48, B8, BC, 0F, F2, FF, FF, ...] .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[3636] C:\Windows\system32\kernel32.dll!ReadConsoleA 000000007712a940 12 bytes [48, B8, 26, 0F, F2, FF, FF, ...] .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[3636] C:\Windows\system32\kernel32.dll!MoveFileWithProgressW + 1 000000007714f6e1 11 bytes [B8, B2, 19, F2, FF, FF, 07, ...] .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[3636] C:\Windows\system32\kernel32.dll!MoveFileWithProgressA + 1 000000007714f8e1 11 bytes [B8, 1C, 19, F2, FF, FF, 07, ...] .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[3636] C:\Windows\system32\kernel32.dll!MoveFileExA + 1 000000007714f911 8 bytes [B8, F0, 17, F2, FF, FF, 07, ...] .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[3636] C:\Windows\system32\kernel32.dll!MoveFileExA + 10 000000007714f91a 2 bytes [50, C3] .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[3636] C:\Windows\system32\KERNELBASE.dll!CloseHandle + 1 000007fefd251861 11 bytes [B8, CE, 0C, F2, FF, FF, 07, ...] .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[3636] C:\Windows\system32\KERNELBASE.dll!GetProcAddress + 1 000007fefd253371 11 bytes [B8, 6C, 14, F2, FF, FF, 07, ...] .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[3636] C:\Windows\system32\KERNELBASE.dll!FindClose + 1 000007fefd256401 11 bytes [B8, 24, 20, F2, FF, FF, 07, ...] .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[3636] C:\Windows\system32\KERNELBASE.dll!FindFirstFileExW 000007fefd256620 12 bytes [48, B8, F8, 1E, F2, FF, FF, ...] .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[3636] C:\Windows\system32\KERNELBASE.dll!FindNextFileW + 1 000007fefd257901 11 bytes [B8, 8E, 1F, F2, FF, FF, 07, ...] .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[3636] C:\Windows\system32\KERNELBASE.dll!CreateMutexW 000007fefd258750 9 bytes [48, B8, 38, 0C, F2, FF, FF, ...] .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[3636] C:\Windows\system32\KERNELBASE.dll!CreateMutexW + 10 000007fefd25875a 2 bytes [50, C3] .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[3636] C:\Windows\system32\KERNELBASE.dll!CreateWellKnownSid + 1 000007fefd25a5c1 11 bytes [B8, BA, 20, F2, FF, FF, 07, ...] .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[3636] C:\Windows\system32\KERNELBASE.dll!FreeLibrary + 1 000007fefd25aa61 11 bytes [B8, D6, 13, F2, FF, FF, 07, ...] .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[3636] C:\Windows\system32\KERNELBASE.dll!CreateRemoteThreadEx 000007fefd25acb0 12 bytes [48, B8, 62, 1E, F2, FF, FF, ...] .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[3636] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExA + 1 000007fefd25c751 11 bytes [B8, AA, 12, F2, FF, FF, 07, ...] .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[3636] C:\Windows\system32\KERNELBASE.dll!OpenThread + 1 000007fefd25ef51 11 bytes [B8, E0, 09, F2, FF, FF, 07, ...] .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[3636] C:\Windows\system32\KERNELBASE.dll!OpenMutexW + 1 000007fefd261c41 11 bytes [B8, A2, 0B, F2, FF, FF, 07, ...] .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[3636] C:\Windows\system32\KERNELBASE.dll!DeleteFileW + 1 000007fefd263291 11 bytes [B8, DE, 1A, F2, FF, FF, 07, ...] .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[3636] C:\Windows\system32\KERNELBASE.dll!DeleteFileA + 1 000007fefd2635a1 11 bytes [B8, 74, 1B, F2, FF, FF, 07, ...] .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[3636] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd269ac0 12 bytes [48, B8, 40, 13, F2, FF, FF, ...] .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[3636] C:\Windows\system32\KERNELBASE.dll!WriteProcessMemory 000007fefd2838a0 12 bytes [48, B8, 0C, 0B, F2, FF, FF, ...] .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[3636] C:\Windows\system32\KERNELBASE.dll!DefineDosDeviceW + 1 000007fefd28ff01 11 bytes [B8, 5A, 17, F2, FF, FF, 07, ...] .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[3636] C:\Windows\system32\KERNELBASE.dll!CreateRemoteThread + 1 000007fefd2922c1 8 bytes [B8, AC, 01, F2, FF, FF, 07, ...] .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[3636] C:\Windows\system32\KERNELBASE.dll!CreateRemoteThread + 10 000007fefd2922ca 2 bytes [50, C3] .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[3636] C:\Windows\system32\KERNELBASE.dll!CreateThread + 1 000007fefd292301 11 bytes [B8, 76, 0A, F2, FF, FF, 07, ...] .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[3636] C:\Windows\system32\GDI32.dll!GdiDllInitialize + 353 000007feff3caf11 11 bytes [B8, 6A, 25, F2, FF, FF, 07, ...] .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[3636] C:\Windows\system32\GDI32.dll!SetBrushAttributes + 1 000007feff3e49a9 11 bytes [B8, D6, 39, F2, FF, FF, 07, ...] .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[3636] C:\Windows\system32\GDI32.dll!ClearBrushAttributes + 1 000007feff3e49c9 11 bytes [B8, 6C, 3A, F2, FF, FF, 07, ...] .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[3636] C:\Windows\system32\GDI32.dll!NamedEscape + 1 000007feff3f9271 11 bytes [B8, 02, 3B, F2, FF, FF, 07, ...] .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[3636] C:\Windows\system32\ADVAPI32.dll!CryptExportKey + 1 000007fefeb7ac21 11 bytes [B8, A0, 44, F2, FF, FF, 07, ...] .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[3636] C:\Windows\system32\ADVAPI32.dll!CryptAcquireContextA + 1 000007fefeb7ac7d 11 bytes [B8, C8, 41, F2, FF, FF, 07, ...] .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[3636] C:\Windows\system32\ADVAPI32.dll!CryptImportKey + 1 000007fefeb7e415 11 bytes [B8, 4C, 46, F2, FF, FF, 07, ...] .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[3636] C:\Windows\system32\ADVAPI32.dll!OpenServiceW 000007fefeb7e514 12 bytes [48, B8, 18, 3C, F2, FF, FF, ...] .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[3636] C:\Windows\system32\ADVAPI32.dll!CryptAcquireContextW + 1 000007fefeb801bd 11 bytes [B8, 5E, 42, F2, FF, FF, 07, ...] .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[3636] C:\Windows\system32\ADVAPI32.dll!CryptCreateHash + 1 000007fefeb80291 11 bytes [B8, 0A, 44, F2, FF, FF, 07, ...] .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[3636] C:\Windows\system32\ADVAPI32.dll!CryptGetHashParam + 1 000007fefeb802bd 11 bytes [B8, 36, 45, F2, FF, FF, 07, ...] .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[3636] C:\Windows\system32\ADVAPI32.dll!CloseServiceHandle 000007fefeb8a830 12 bytes [48, B8, 06, 40, F2, FF, FF, ...] .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[3636] C:\Windows\system32\ADVAPI32.dll!IsTextUnicode + 49 000007fefeb94291 11 bytes [B8, 96, 26, F2, FF, FF, 07, ...] .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[3636] C:\Windows\system32\ADVAPI32.dll!CreateServiceW 000007fefeb949b0 12 bytes [48, B8, 32, 41, F2, FF, FF, ...] .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[3636] C:\Windows\system32\ADVAPI32.dll!CryptEncrypt + 1 000007fefebaa409 7 bytes [B8, 74, 43, F2, FF, FF, 07] .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[3636] C:\Windows\system32\ADVAPI32.dll!CryptEncrypt + 10 000007fefebaa412 2 bytes [50, C3] .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[3636] C:\Windows\system32\ADVAPI32.dll!CreateServiceA 000007fefebaa490 12 bytes [48, B8, 9C, 40, F2, FF, FF, ...] .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[3636] C:\Windows\system32\ADVAPI32.dll!ControlServiceExW 000007fefebaa5e8 36 bytes [48, B8, 44, 3D, F2, FF, FF, ...] .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[3636] C:\Windows\system32\ADVAPI32.dll!ChangeServiceConfigA 000007fefebaa66c 12 bytes [48, B8, DA, 3E, F2, FF, FF, ...] .text C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe[3716] C:\Windows\SysWOW64\ntdll.dll!NtClose 00000000774df9f0 5 bytes JMP 000000007ef20700 .text C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe[3716] C:\Windows\SysWOW64\ntdll.dll!NtAllocateVirtualMemory 00000000774dfad0 5 bytes JMP 000000007ef208ba .text C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe[3716] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationProcess 00000000774dfb38 1 byte JMP 000000007ef20656 .text C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe[3716] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationProcess + 2 00000000774dfb3a 3 bytes {JMP 0x7a40b1e} .text C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe[3716] C:\Windows\SysWOW64\ntdll.dll!NtQueryInformationToken 00000000774dfbb8 5 bytes JMP 000000007ef209ca .text C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe[3716] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess 00000000774dfc30 5 bytes JMP 000000007ef203f2 .text C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe[3716] C:\Windows\SysWOW64\ntdll.dll!NtMapViewOfSection 00000000774dfc60 5 bytes JMP 000000007ef20018 .text C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe[3716] C:\Windows\SysWOW64\ntdll.dll!NtUnmapViewOfSection 00000000774dfc90 5 bytes JMP 000000007ef2003a .text C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe[3716] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 00000000774dfcc0 5 bytes JMP 000000007ef20634 .text C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe[3716] C:\Windows\SysWOW64\ntdll.dll!NtOpenSection 00000000774dfdd8 5 bytes JMP 000000007ef20a0e .text C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe[3716] C:\Windows\SysWOW64\ntdll.dll!NtWriteVirtualMemory 00000000774dfe24 5 bytes JMP 000000007ef203ae .text C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe[3716] C:\Windows\SysWOW64\ntdll.dll!NtDuplicateObject 00000000774dfe54 5 bytes JMP 000000007ef20436 .text C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe[3716] C:\Windows\SysWOW64\ntdll.dll!NtOpenEvent 00000000774dfeb8 5 bytes JMP 000000007ef20876 .text C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe[3716] C:\Windows\SysWOW64\ntdll.dll!NtAdjustPrivilegesToken 00000000774dfed0 5 bytes JMP 000000007ef20810 .text C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe[3716] C:\Windows\SysWOW64\ntdll.dll!NtQueueApcThread 00000000774dff34 5 bytes JMP 000000007ef20414 .text C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe[3716] C:\Windows\SysWOW64\ntdll.dll!NtCreateProcessEx 00000000774dfffc 5 bytes JMP 000000007ef2036a .text C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe[3716] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread 00000000774e0014 5 bytes JMP 000000007ef20326 .text C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe[3716] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory 00000000774e0048 5 bytes JMP 000000007ef208dc .text C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe[3716] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile 00000000774e00c4 2 bytes JMP 000000007ef20128 .text C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe[3716] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile + 3 00000000774e00c7 2 bytes [A4, 07] .text C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe[3716] C:\Windows\SysWOW64\ntdll.dll!NtSetValueKey 00000000774e01d4 5 bytes JMP 000000007ef201b0 .text C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe[3716] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant 00000000774e07ac 2 bytes JMP 000000007ef20898 .text C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe[3716] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant + 3 00000000774e07af 2 bytes [A4, 07] .text C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe[3716] C:\Windows\SysWOW64\ntdll.dll!NtCreateProcess 00000000774e0824 5 bytes JMP 000000007ef20348 .text C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe[3716] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx 00000000774e08b4 5 bytes JMP 000000007ef20304 .text C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe[3716] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver 00000000774e0e04 5 bytes JMP 000000007ef20722 .text C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe[3716] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessToken 00000000774e10d0 5 bytes JMP 000000007ef209a8 .text C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe[3716] C:\Windows\SysWOW64\ntdll.dll!NtRaiseHardError 00000000774e1614 5 bytes JMP 000000007ef205f0 .text C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe[3716] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread 00000000774e1930 5 bytes JMP 000000007ef203d0 .text C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe[3716] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation 00000000774e1bf4 5 bytes JMP 000000007ef20744 .text C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe[3716] C:\Windows\SysWOW64\ntdll.dll!NtSuspendProcess 00000000774e1d64 5 bytes JMP 000000007ef2047a .text C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe[3716] C:\Windows\SysWOW64\ntdll.dll!NtSuspendThread 00000000774e1d80 5 bytes JMP 000000007ef20458 .text C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe[3716] C:\Windows\SysWOW64\ntdll.dll!NtSystemDebugControl 00000000774e1d9c 5 bytes JMP 000000007ef20a30 .text C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe[3716] C:\Windows\SysWOW64\ntdll.dll!RtlQueryPerformanceCounter 00000000774f2954 5 bytes JMP 000000007ef200c2 .text C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe[3716] C:\Windows\SysWOW64\ntdll.dll!RtlEqualSid 00000000774f8ee1 5 bytes JMP 000000007ef209ec .text C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe[3716] C:\Windows\SysWOW64\ntdll.dll!RtlCreateProcessParametersEx 000000007752005b 5 bytes JMP 000000007ef2016c .text C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe[3716] C:\Windows\SysWOW64\ntdll.dll!RtlReportException 0000000077568757 5 bytes JMP 000000007ef20612 .text C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe[3716] C:\Windows\SysWOW64\ntdll.dll!RtlCreateProcessParameters 000000007756e9f7 5 bytes JMP 000000007ef2014a .text C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe[3716] C:\Windows\syswow64\kernel32.dll!GetStartupInfoA 0000000076310e00 5 bytes JMP 000000007ef200e4 .text C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe[3716] C:\Windows\syswow64\kernel32.dll!CreateProcessA 0000000076311072 5 bytes JMP 000000007ef202c0 .text C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe[3716] C:\Windows\syswow64\kernel32.dll!LoadLibraryA 0000000076314977 5 bytes JMP 000000007ef20238 .text C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe[3716] C:\Windows\syswow64\kernel32.dll!CreateProcessInternalW 0000000076323bbb 5 bytes JMP 000000007ef2038c .text C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe[3716] C:\Windows\syswow64\kernel32.dll!MoveFileWithProgressW 0000000076329abc 5 bytes JMP 000000007ef207ee .text C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe[3716] C:\Windows\syswow64\kernel32.dll!MoveFileExW 0000000076329b1d 5 bytes JMP 000000007ef207aa .text C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe[3716] C:\Windows\syswow64\kernel32.dll!CreateToolhelp32Snapshot 000000007633733f 5 bytes JMP 000000007ef2025a .text C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe[3716] C:\Windows\syswow64\kernel32.dll!Process32NextW 00000000763388f2 5 bytes JMP 000000007ef206de .text C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe[3716] C:\Windows\syswow64\kernel32.dll!MoveFileExA 000000007633ccf1 5 bytes JMP 000000007ef20788 .text C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe[3716] C:\Windows\syswow64\kernel32.dll!MoveFileWithProgressA 000000007633cd11 5 bytes JMP 000000007ef207cc .text C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe[3716] C:\Windows\syswow64\kernel32.dll!WinExec 0000000076393231 5 bytes JMP 000000007ef2029e .text C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe[3716] C:\Windows\syswow64\kernel32.dll!ReadConsoleInputA 00000000763b773b 5 bytes JMP 000000007ef20568 .text C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe[3716] C:\Windows\syswow64\kernel32.dll!ReadConsoleInputW 00000000763b775e 5 bytes JMP 000000007ef2058a .text C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe[3716] C:\Windows\syswow64\kernel32.dll!ReadConsoleA 00000000763b7b09 5 bytes JMP 000000007ef205ac .text C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe[3716] C:\Windows\syswow64\kernel32.dll!ReadConsoleW 00000000763b7b82 5 bytes JMP 000000007ef205ce .text C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe[3716] C:\Windows\syswow64\KERNELBASE.dll!GetSystemTimeAsFileTime 0000000077078fa5 5 bytes JMP 000000007ef200a0 .text C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe[3716] C:\Windows\syswow64\KERNELBASE.dll!CloseHandle 000000007707c558 5 bytes JMP 000000007ef20546 .text C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe[3716] C:\Windows\syswow64\KERNELBASE.dll!WriteProcessMemory 000000007707edc6 5 bytes JMP 000000007ef204e0 .text C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe[3716] C:\Windows\syswow64\KERNELBASE.dll!ExitProcess 000000007707f329 5 bytes JMP 000000007ef201d2 .text C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe[3716] C:\Windows\syswow64\KERNELBASE.dll!GetStartupInfoW 000000007707fbac 5 bytes JMP 000000007ef20106 .text C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe[3716] C:\Windows\syswow64\KERNELBASE.dll!DefineDosDeviceW 000000007707fcda 5 bytes JMP 000000007ef20766 .text C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe[3716] C:\Windows\syswow64\KERNELBASE.dll!CreateMutexW 000000007708147b 5 bytes JMP 000000007ef20524 .text C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe[3716] C:\Windows\syswow64\KERNELBASE.dll!OpenMutexW 00000000770814a2 5 bytes JMP 000000007ef20502 .text C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe[3716] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000077081e4c 5 bytes JMP 000000007ef2007e .text C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe[3716] C:\Windows\syswow64\KERNELBASE.dll!GetProcAddress 0000000077081f38 5 bytes JMP 000000007ef20216 .text C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe[3716] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000077082bdc 5 bytes JMP 000000006ca2b9fb .text C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe[3716] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExA 0000000077082e40 5 bytes JMP 000000007ef20678 .text C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe[3716] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000077082e7e 5 bytes JMP 000000006ca2ba65 .text C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe[3716] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleA 0000000077082fe1 5 bytes JMP 000000007ef2005c .text C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe[3716] C:\Windows\syswow64\KERNELBASE.dll!OpenThread 000000007708396a 5 bytes JMP 000000007ef2049c .text C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe[3716] C:\Windows\syswow64\KERNELBASE.dll!SleepEx 0000000077083cd7 5 bytes JMP 000000007ef2018e .text C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe[3716] C:\Windows\syswow64\KERNELBASE.dll!CreateRemoteThreadEx 0000000077083fdf 5 bytes JMP 000000007ef208fe .text C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe[3716] C:\Windows\syswow64\KERNELBASE.dll!Sleep 00000000770845fd 5 bytes JMP 000000007ef201f4 .text C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe[3716] C:\Windows\syswow64\KERNELBASE.dll!CreateThread 000000007708476f 5 bytes JMP 000000007ef204be .text C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe[3716] C:\Windows\syswow64\KERNELBASE.dll!CreateRemoteThread 0000000077084798 5 bytes JMP 000000007ef202e2 .text C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe[3716] C:\Windows\syswow64\KERNELBASE.dll!DeleteFileW 0000000077089dcf 5 bytes JMP 000000007ef20832 .text C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe[3716] C:\Windows\syswow64\KERNELBASE.dll!DeleteFileA 000000007708a11c 5 bytes JMP 000000007ef20854 .text C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe[3716] C:\Windows\syswow64\KERNELBASE.dll!FindNextFileW 000000007708a37a 5 bytes JMP 000000007ef20942 .text C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe[3716] C:\Windows\syswow64\KERNELBASE.dll!FindClose 000000007708a589 5 bytes JMP 000000007ef20964 .text C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe[3716] C:\Windows\syswow64\KERNELBASE.dll!FindFirstFileExW 000000007708a663 5 bytes JMP 000000007ef20920 .text C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe[3716] C:\Windows\syswow64\KERNELBASE.dll!CreateFileA 000000007708c8a8 5 bytes JMP 000000007ef2027c .text C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe[3716] C:\Windows\syswow64\KERNELBASE.dll!CreateWellKnownSid 000000007708e414 5 bytes JMP 000000007ef20986 .text C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe[3716] C:\Windows\syswow64\USER32.dll!GetWindowLongW 0000000076ef6ffe 5 bytes JMP 000000007ef2115c .text C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe[3716] C:\Windows\syswow64\USER32.dll!GetMessageW 0000000076ef78e2 5 bytes JMP 000000007ef20ed6 .text C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe[3716] C:\Windows\syswow64\USER32.dll!GetMessageA 0000000076ef7bd3 5 bytes JMP 000000007ef20eb4 .text C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe[3716] C:\Windows\syswow64\USER32.dll!SetWindowLongW 0000000076ef8332 5 bytes JMP 000000007ef211a0 .text C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe[3716] C:\Windows\syswow64\USER32.dll!CreateWindowExW 0000000076ef8a29 5 bytes JMP 000000007ef20f80 .text C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe[3716] C:\Windows\syswow64\USER32.dll!FindWindowW 0000000076ef98fd 5 bytes JMP 000000007ef210f6 .text C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe[3716] C:\Windows\syswow64\USER32.dll!UserClientDllInitialize 0000000076efb6fa 5 bytes JMP 000000007ef20a52 .text C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe[3716] C:\Windows\syswow64\USER32.dll!GetWindowLongA 0000000076efd166 5 bytes JMP 000000007ef2113a .text C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe[3716] C:\Windows\syswow64\USER32.dll!CreateWindowExA 0000000076efd23e 5 bytes JMP 000000007ef20fa2 .text C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe[3716] C:\Windows\syswow64\USER32.dll!SetWinEventHook 0000000076efee21 5 bytes JMP 000000007ef20e92 .text C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe[3716] C:\Windows\syswow64\USER32.dll!FindWindowA 0000000076effffe 5 bytes JMP 000000007ef210b2 .text C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe[3716] C:\Windows\syswow64\USER32.dll!FindWindowExA 0000000076f000f1 5 bytes JMP 000000007ef210d4 .text C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe[3716] C:\Windows\syswow64\USER32.dll!PeekMessageW 0000000076f005d2 5 bytes JMP 000000007ef20f1a .text C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe[3716] C:\Windows\syswow64\USER32.dll!ShowWindow 0000000076f00e13 5 bytes JMP 000000007ef20fc4 .text C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe[3716] C:\Windows\syswow64\USER32.dll!SetWindowTextW 0000000076f01f14 5 bytes JMP 000000007ef21090 .text C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe[3716] C:\Windows\syswow64\USER32.dll!UnhookWindowsHookEx 0000000076f0392d 5 bytes JMP 000000007ef20f5e .text C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe[3716] C:\Windows\syswow64\USER32.dll!FindWindowExW 0000000076f0398a 5 bytes JMP 000000007ef21118 .text C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe[3716] C:\Windows\syswow64\USER32.dll!PeekMessageA 0000000076f07044 5 bytes JMP 000000007ef20ef8 .text C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe[3716] C:\Windows\syswow64\USER32.dll!SetWindowLongA 0000000076f071e0 5 bytes JMP 000000007ef2117e .text C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe[3716] C:\Windows\syswow64\USER32.dll!CallNextHookEx 0000000076f07355 5 bytes JMP 000000007ef20f3c .text C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe[3716] C:\Windows\syswow64\USER32.dll!SetWindowsHookExW 0000000076f081f5 5 bytes JMP 000000007ef20e70 .text C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe[3716] C:\Windows\syswow64\USER32.dll!SendNotifyMessageW 0000000076f0825a 5 bytes JMP 000000007ef211e4 .text C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe[3716] C:\Windows\syswow64\USER32.dll!SetWindowTextA 0000000076f086de 5 bytes JMP 000000007ef2106e .text C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe[3716] C:\Windows\syswow64\USER32.dll!SetWindowsHookExA 0000000076f08f4c 5 bytes JMP 000000007ef20e4e .text C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe[3716] C:\Windows\syswow64\USER32.dll!DialogBoxIndirectParamAorW 0000000076f1d954 5 bytes JMP 000000007ef21008 .text C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe[3716] C:\Windows\syswow64\USER32.dll!CreateDialogIndirectParamAorW 0000000076f21080 5 bytes JMP 000000007ef20fe6 .text C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe[3716] C:\Windows\syswow64\USER32.dll!MessageBoxExA 0000000076f4fd66 5 bytes JMP 000000007ef2102a .text C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe[3716] C:\Windows\syswow64\USER32.dll!MessageBoxExW 0000000076f4fd8a 5 bytes JMP 000000007ef2104c .text C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe[3716] C:\Windows\syswow64\USER32.dll!SendNotifyMessageA 0000000076f56df5 5 bytes JMP 000000007ef211c2 .text C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe[3716] C:\Windows\syswow64\GDI32.dll!TranslateCharsetInfo + 505 0000000076d1633b 5 bytes JMP 000000007ef20a74 .text C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe[3716] C:\Windows\syswow64\GDI32.dll!SetBrushAttributes 0000000076d385fd 5 bytes JMP 000000007ef20b40 .text C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe[3716] C:\Windows\syswow64\GDI32.dll!ClearBrushAttributes 0000000076d3861c 5 bytes JMP 000000007ef20b62 .text C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe[3716] C:\Windows\syswow64\GDI32.dll!NamedEscape 0000000076d4421d 5 bytes JMP 000000007ef20b84 .text C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe[3716] C:\Windows\syswow64\msvcrt.dll!_lock + 41 000000007652a472 5 bytes JMP 000000007ef20a96 .text C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe[3716] C:\Windows\syswow64\msvcrt.dll!__p__fmode 00000000765327ce 5 bytes JMP 000000007ef20b1e .text C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe[3716] C:\Windows\syswow64\msvcrt.dll!__p__environ 000000007653e6cf 5 bytes JMP 000000007ef20afc .text C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe[3716] C:\Windows\syswow64\ADVAPI32.dll!CryptGenKey 0000000076c28e69 5 bytes JMP 000000007ef20d60 .text C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe[3716] C:\Windows\syswow64\ADVAPI32.dll!CryptAcquireContextA 0000000076c29159 5 bytes JMP 000000007ef20d1c .text C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe[3716] C:\Windows\syswow64\ADVAPI32.dll!CryptExportKey 0000000076c29166 5 bytes JMP 000000007ef20dc6 .text C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe[3716] C:\Windows\syswow64\ADVAPI32.dll!CryptImportKey 0000000076c2c4b2 5 bytes JMP 000000007ef20e2c .text C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe[3716] C:\Windows\syswow64\ADVAPI32.dll!OpenServiceW 0000000076c2c9cc 5 bytes JMP 000000007ef20bc8 .text C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe[3716] C:\Windows\syswow64\ADVAPI32.dll!CryptAcquireContextW 0000000076c2de94 5 bytes JMP 000000007ef20d3e .text C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe[3716] C:\Windows\syswow64\ADVAPI32.dll!CryptHashData 0000000076c2deb6 5 bytes JMP 000000007ef20e0a .text C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe[3716] C:\Windows\syswow64\ADVAPI32.dll!CryptCreateHash 0000000076c2dece 5 bytes JMP 000000007ef20da4 .text C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe[3716] C:\Windows\syswow64\ADVAPI32.dll!CryptGetHashParam 0000000076c2defe 5 bytes JMP 000000007ef20de8 .text C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe[3716] C:\Windows\syswow64\ADVAPI32.dll!OpenServiceA 0000000076c32b38 5 bytes JMP 000000007ef20ba6 .text C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe[3716] C:\Windows\syswow64\ADVAPI32.dll!CloseServiceHandle 0000000076c335e4 5 bytes JMP 000000007ef20cb6 .text C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe[3716] C:\Windows\syswow64\ADVAPI32.dll!RegOpenKeyExA + 222 0000000076c34939 5 bytes JMP 000000007ef20ab8 .text C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe[3716] C:\Windows\syswow64\ADVAPI32.dll!CreateServiceW 0000000076c470a4 5 bytes JMP 000000007ef20cfa .text C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe[3716] C:\Windows\syswow64\ADVAPI32.dll!ControlService 0000000076c470bc 5 bytes JMP 000000007ef20c2e .text C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe[3716] C:\Windows\syswow64\ADVAPI32.dll!DeleteService 0000000076c470d4 5 bytes JMP 000000007ef20c50 .text C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe[3716] C:\Windows\syswow64\ADVAPI32.dll!CryptEncrypt 0000000076c4771b 5 bytes JMP 000000007ef20d82 .text C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe[3716] C:\Windows\syswow64\ADVAPI32.dll!ChangeServiceConfigA 0000000076c633a4 5 bytes JMP 000000007ef20c72 .text C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe[3716] C:\Windows\syswow64\ADVAPI32.dll!ChangeServiceConfigW 0000000076c633b4 5 bytes JMP 000000007ef20c94 .text C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe[3716] C:\Windows\syswow64\ADVAPI32.dll!ControlServiceExA 0000000076c633c4 5 bytes JMP 000000007ef20bea .text C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe[3716] C:\Windows\syswow64\ADVAPI32.dll!ControlServiceExW 0000000076c633d4 5 bytes JMP 000000007ef20c0c .text C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe[3716] C:\Windows\syswow64\ADVAPI32.dll!CreateServiceA 0000000076c63414 5 bytes JMP 000000007ef20cd8 .text C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe[3716] C:\Windows\syswow64\SHELL32.dll!Shell_NotifyIconW 0000000075370179 5 bytes JMP 000000007ef21206 .text C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe[3716] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000074e61401 2 bytes JMP 7633b233 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe[3716] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000074e61419 2 bytes JMP 7633b35e C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe[3716] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000074e61431 2 bytes JMP 763b9149 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe[3716] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000074e6144a 2 bytes CALL 76314885 C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe[3716] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000074e614dd 2 bytes JMP 763b8a42 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe[3716] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000074e614f5 2 bytes JMP 763b8c18 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe[3716] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000074e6150d 2 bytes JMP 763b8938 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe[3716] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000074e61525 2 bytes JMP 763b8d02 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe[3716] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000074e6153d 2 bytes JMP 7632fcc0 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe[3716] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000074e61555 2 bytes JMP 76336907 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe[3716] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000074e6156d 2 bytes JMP 763b9201 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe[3716] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000074e61585 2 bytes JMP 763b8d62 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe[3716] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000074e6159d 2 bytes JMP 763b88fc C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe[3716] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000074e615b5 2 bytes JMP 7632fd59 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe[3716] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000074e615cd 2 bytes JMP 7633b2f4 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe[3716] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000074e616b2 2 bytes JMP 763b90c4 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe[3716] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000074e616bd 2 bytes JMP 763b8891 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe[3716] C:\Windows\syswow64\WS2_32.dll!closesocket 0000000076633918 5 bytes JMP 000000007ef2135a .text C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe[3716] C:\Windows\syswow64\WS2_32.dll!WSASocketW 0000000076633cd3 5 bytes JMP 000000007ef21338 .text C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe[3716] C:\Windows\syswow64\WS2_32.dll!socket 0000000076633eb8 5 bytes JMP 000000007ef2137c .text C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe[3716] C:\Windows\syswow64\WS2_32.dll!WSASend 0000000076634406 5 bytes JMP 000000007ef2128e .text C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe[3716] C:\Windows\syswow64\WS2_32.dll!GetAddrInfoW 0000000076634889 5 bytes JMP 000000007ef212d2 .text C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe[3716] C:\Windows\syswow64\WS2_32.dll!recv 0000000076636826 5 bytes JMP 000000007ef213c0 .text C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe[3716] C:\Windows\syswow64\WS2_32.dll!connect 00000000766368f5 5 bytes JMP 000000007ef212b0 .text C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe[3716] C:\Windows\syswow64\WS2_32.dll!send 0000000076636c19 5 bytes JMP 000000007ef2126c .text C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe[3716] C:\Windows\syswow64\WS2_32.dll!WSARecv 0000000076636da1 5 bytes JMP 000000007ef213e2 .text C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe[3716] C:\Windows\syswow64\WS2_32.dll!GetAddrInfoExW 000000007663a6db 5 bytes JMP 000000007ef212f4 .text C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe[3716] C:\Windows\syswow64\WS2_32.dll!WSAConnect 000000007663bcd5 5 bytes JMP 000000007ef2139e .text C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe[3716] C:\Windows\syswow64\WS2_32.dll!gethostbyname 000000007664771b 5 bytes JMP 000000007ef21316 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3840] C:\Windows\SYSTEM32\ntdll.dll!RtlEqualSid + 1 00000000773076b1 11 bytes [B8, 7C, 22, F2, FF, FF, 07, ...] .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3840] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateProcessParametersEx + 1 0000000077315121 7 bytes [B8, 64, 0D, F2, FF, FF, 07] .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3840] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateProcessParametersEx + 10 000000007731512a 2 bytes [50, C3] .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3840] C:\Windows\SYSTEM32\ntdll.dll!NtClose 000000007732be20 12 bytes [48, B8, 98, 15, F2, FF, FF, ...] .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3840] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory 000000007732beb0 12 bytes [48, B8, 36, 1D, F2, FF, FF, ...] .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3840] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess 000000007732bef0 12 bytes [48, B8, 14, 12, F2, FF, FF, ...] .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3840] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationToken 000000007732bf40 12 bytes [48, B8, E6, 21, F2, FF, FF, ...] .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3840] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 000000007732bf90 12 bytes [48, B8, 5C, 06, F2, FF, FF, ...] .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3840] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 000000007732bfb0 12 bytes [48, B8, 80, 00, F2, FF, FF, ...] .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3840] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection 000000007732bfd0 12 bytes [48, B8, 16, 01, F2, FF, FF, ...] .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3840] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000000007732bff0 12 bytes [48, B8, 7E, 11, F2, FF, FF, ...] .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3840] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 000000007732c0a0 12 bytes [48, B8, A8, 23, F2, FF, FF, ...] .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3840] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000000007732c0d0 12 bytes [48, B8, 30, 05, F2, FF, FF, ...] .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3840] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 000000007732c0f0 12 bytes [48, B8, 88, 07, F2, FF, FF, ...] .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3840] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 000000007732c130 12 bytes [48, B8, 0A, 1C, F2, FF, FF, ...] .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3840] C:\Windows\SYSTEM32\ntdll.dll!NtAdjustPrivilegesToken 000000007732c140 12 bytes [48, B8, 48, 1A, F2, FF, FF, ...] .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3840] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 000000007732c180 12 bytes [48, B8, F2, 06, F2, FF, FF, ...] .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3840] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcessEx 000000007732c200 12 bytes [48, B8, 04, 04, F2, FF, FF, ...] .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3840] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 000000007732c210 12 bytes [48, B8, D8, 02, F2, FF, FF, ...] .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3840] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory 000000007732c230 12 bytes [48, B8, CC, 1D, F2, FF, FF, ...] .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3840] C:\Windows\SYSTEM32\ntdll.dll!NtSetValueKey 000000007732c330 12 bytes [48, B8, D4, 24, F2, FF, FF, ...] .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3840] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 000000007732c700 12 bytes [48, B8, A0, 1C, F2, FF, FF, ...] .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3840] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcess 000000007732c750 12 bytes [48, B8, 6E, 03, F2, FF, FF, ...] .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3840] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 000000007732c7b0 12 bytes [48, B8, 42, 02, F2, FF, FF, ...] .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3840] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 000000007732cb20 12 bytes [48, B8, 2E, 16, F2, FF, FF, ...] .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3840] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcessToken 000000007732ccf0 12 bytes [48, B8, 50, 21, F2, FF, FF, ...] .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3840] C:\Windows\SYSTEM32\ntdll.dll!NtRaiseHardError 000000007732d060 12 bytes [48, B8, 52, 10, F2, FF, FF, ...] .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3840] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 000000007732d260 12 bytes [48, B8, C6, 05, F2, FF, FF, ...] .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3840] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 000000007732d420 12 bytes [48, B8, C4, 16, F2, FF, FF, ...] .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3840] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 000000007732d500 12 bytes [48, B8, 4A, 09, F2, FF, FF, ...] .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3840] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 000000007732d510 12 bytes [48, B8, B4, 08, F2, FF, FF, ...] .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3840] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 000000007732d520 12 bytes [48, B8, 3E, 24, F2, FF, FF, ...] .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3840] C:\Windows\SYSTEM32\ntdll.dll!RtlReportException + 1 000000007739e391 11 bytes [B8, E8, 10, F2, FF, FF, 07, ...] .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3840] C:\Windows\system32\kernel32.dll!Process32NextW + 1 00000000770c1b21 11 bytes [B8, 02, 15, F2, FF, FF, 07, ...] .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3840] C:\Windows\system32\kernel32.dll!CreateToolhelp32Snapshot 00000000770c1c10 12 bytes [48, B8, 1E, 08, F2, FF, FF, ...] .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3840] C:\Windows\system32\kernel32.dll!MoveFileExW + 1 00000000770c2b61 8 bytes [B8, 86, 18, F2, FF, FF, 07, ...] .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3840] C:\Windows\system32\kernel32.dll!MoveFileExW + 10 00000000770c2b6a 2 bytes [50, C3] .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3840] C:\Windows\system32\kernel32.dll!CreateProcessInternalW 00000000770ddd20 12 bytes [48, B8, 9A, 04, F2, FF, FF, ...] .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3840] C:\Windows\system32\kernel32.dll!GetStartupInfoA + 1 00000000770e08c1 11 bytes [B8, 12, 23, F2, FF, FF, 07, ...] .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3840] C:\Windows\system32\kernel32.dll!ReadConsoleInputW + 1 00000000771154f1 11 bytes [B8, 90, 0E, F2, FF, FF, 07, ...] .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3840] C:\Windows\system32\kernel32.dll!ReadConsoleInputA + 1 0000000077115511 11 bytes [B8, FA, 0D, F2, FF, FF, 07, ...] .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3840] C:\Windows\system32\kernel32.dll!ReadConsoleW 000000007712a830 12 bytes [48, B8, BC, 0F, F2, FF, FF, ...] .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3840] C:\Windows\system32\kernel32.dll!ReadConsoleA 000000007712a940 12 bytes [48, B8, 26, 0F, F2, FF, FF, ...] .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3840] C:\Windows\system32\kernel32.dll!MoveFileWithProgressW + 1 000000007714f6e1 11 bytes [B8, B2, 19, F2, FF, FF, 07, ...] .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3840] C:\Windows\system32\kernel32.dll!MoveFileWithProgressA + 1 000000007714f8e1 11 bytes [B8, 1C, 19, F2, FF, FF, 07, ...] .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3840] C:\Windows\system32\kernel32.dll!MoveFileExA + 1 000000007714f911 8 bytes [B8, F0, 17, F2, FF, FF, 07, ...] .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3840] C:\Windows\system32\kernel32.dll!MoveFileExA + 10 000000007714f91a 2 bytes [50, C3] .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3840] C:\Windows\system32\KERNELBASE.dll!CloseHandle + 1 000007fefd251861 11 bytes [B8, CE, 0C, F2, FF, FF, 07, ...] .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3840] C:\Windows\system32\KERNELBASE.dll!GetProcAddress + 1 000007fefd253371 11 bytes [B8, 6C, 14, F2, FF, FF, 07, ...] .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3840] C:\Windows\system32\KERNELBASE.dll!FindClose + 1 000007fefd256401 11 bytes [B8, 24, 20, F2, FF, FF, 07, ...] .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3840] C:\Windows\system32\KERNELBASE.dll!FindFirstFileExW 000007fefd256620 12 bytes [48, B8, F8, 1E, F2, FF, FF, ...] .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3840] C:\Windows\system32\KERNELBASE.dll!FindNextFileW + 1 000007fefd257901 11 bytes [B8, 8E, 1F, F2, FF, FF, 07, ...] .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3840] C:\Windows\system32\KERNELBASE.dll!CreateMutexW 000007fefd258750 9 bytes [48, B8, 38, 0C, F2, FF, FF, ...] .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3840] C:\Windows\system32\KERNELBASE.dll!CreateMutexW + 10 000007fefd25875a 2 bytes [50, C3] .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3840] C:\Windows\system32\KERNELBASE.dll!CreateWellKnownSid + 1 000007fefd25a5c1 11 bytes [B8, BA, 20, F2, FF, FF, 07, ...] .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3840] C:\Windows\system32\KERNELBASE.dll!FreeLibrary + 1 000007fefd25aa61 11 bytes [B8, D6, 13, F2, FF, FF, 07, ...] .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3840] C:\Windows\system32\KERNELBASE.dll!CreateRemoteThreadEx 000007fefd25acb0 12 bytes [48, B8, 62, 1E, F2, FF, FF, ...] .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3840] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExA + 1 000007fefd25c751 11 bytes [B8, AA, 12, F2, FF, FF, 07, ...] .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3840] C:\Windows\system32\KERNELBASE.dll!OpenThread + 1 000007fefd25ef51 11 bytes [B8, E0, 09, F2, FF, FF, 07, ...] .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3840] C:\Windows\system32\KERNELBASE.dll!OpenMutexW + 1 000007fefd261c41 11 bytes [B8, A2, 0B, F2, FF, FF, 07, ...] .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3840] C:\Windows\system32\KERNELBASE.dll!DeleteFileW + 1 000007fefd263291 11 bytes [B8, DE, 1A, F2, FF, FF, 07, ...] .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3840] C:\Windows\system32\KERNELBASE.dll!DeleteFileA + 1 000007fefd2635a1 11 bytes [B8, 74, 1B, F2, FF, FF, 07, ...] .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3840] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd269ac0 12 bytes [48, B8, 40, 13, F2, FF, FF, ...] .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3840] C:\Windows\system32\KERNELBASE.dll!WriteProcessMemory 000007fefd2838a0 12 bytes [48, B8, 0C, 0B, F2, FF, FF, ...] .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3840] C:\Windows\system32\KERNELBASE.dll!DefineDosDeviceW + 1 000007fefd28ff01 11 bytes [B8, 5A, 17, F2, FF, FF, 07, ...] .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3840] C:\Windows\system32\KERNELBASE.dll!CreateRemoteThread + 1 000007fefd2922c1 8 bytes [B8, AC, 01, F2, FF, FF, 07, ...] .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3840] C:\Windows\system32\KERNELBASE.dll!CreateRemoteThread + 10 000007fefd2922ca 2 bytes [50, C3] .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3840] C:\Windows\system32\KERNELBASE.dll!CreateThread + 1 000007fefd292301 11 bytes [B8, 76, 0A, F2, FF, FF, 07, ...] .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3840] C:\Windows\system32\ADVAPI32.dll!CryptExportKey + 1 000007fefeb7ac21 11 bytes [B8, CA, 30, F2, FF, FF, 07, ...] .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3840] C:\Windows\system32\ADVAPI32.dll!CryptAcquireContextA + 1 000007fefeb7ac7d 11 bytes [B8, F2, 2D, F2, FF, FF, 07, ...] .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3840] C:\Windows\system32\ADVAPI32.dll!CryptImportKey + 1 000007fefeb7e415 11 bytes [B8, 76, 32, F2, FF, FF, 07, ...] .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3840] C:\Windows\system32\ADVAPI32.dll!OpenServiceW 000007fefeb7e514 12 bytes [48, B8, 42, 28, F2, FF, FF, ...] .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3840] C:\Windows\system32\ADVAPI32.dll!CryptAcquireContextW + 1 000007fefeb801bd 11 bytes [B8, 88, 2E, F2, FF, FF, 07, ...] .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3840] C:\Windows\system32\ADVAPI32.dll!CryptCreateHash + 1 000007fefeb80291 11 bytes [B8, 34, 30, F2, FF, FF, 07, ...] .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3840] C:\Windows\system32\ADVAPI32.dll!CryptGetHashParam + 1 000007fefeb802bd 11 bytes [B8, 60, 31, F2, FF, FF, 07, ...] .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3840] C:\Windows\system32\ADVAPI32.dll!CloseServiceHandle 000007fefeb8a830 12 bytes [48, B8, 30, 2C, F2, FF, FF, ...] .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3840] C:\Windows\system32\ADVAPI32.dll!IsTextUnicode + 49 000007fefeb94291 11 bytes [B8, 6A, 25, F2, FF, FF, 07, ...] .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3840] C:\Windows\system32\ADVAPI32.dll!CreateServiceW 000007fefeb949b0 12 bytes [48, B8, 5C, 2D, F2, FF, FF, ...] .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3840] C:\Windows\system32\ADVAPI32.dll!CryptEncrypt + 1 000007fefebaa409 7 bytes [B8, 9E, 2F, F2, FF, FF, 07] .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3840] C:\Windows\system32\ADVAPI32.dll!CryptEncrypt + 10 000007fefebaa412 2 bytes [50, C3] .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3840] C:\Windows\system32\ADVAPI32.dll!CreateServiceA 000007fefebaa490 12 bytes [48, B8, C6, 2C, F2, FF, FF, ...] .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3840] C:\Windows\system32\ADVAPI32.dll!ControlServiceExW 000007fefebaa5e8 36 bytes [48, B8, 6E, 29, F2, FF, FF, ...] .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3840] C:\Windows\system32\ADVAPI32.dll!ChangeServiceConfigA 000007fefebaa66c 12 bytes [48, B8, 04, 2B, F2, FF, FF, ...] .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3840] C:\Windows\system32\GDI32.dll!GdiDllInitialize + 353 000007feff3caf11 11 bytes [B8, 00, 26, F2, FF, FF, 07, ...] .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3840] C:\Windows\system32\GDI32.dll!SetBrushAttributes + 1 000007feff3e49a9 11 bytes [B8, B6, 45, F2, FF, FF, 07, ...] .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3840] C:\Windows\system32\GDI32.dll!ClearBrushAttributes + 1 000007feff3e49c9 11 bytes [B8, 4C, 46, F2, FF, FF, 07, ...] .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3840] C:\Windows\system32\GDI32.dll!NamedEscape + 1 000007feff3f9271 11 bytes [B8, E2, 46, F2, FF, FF, 07, ...] .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3840] C:\Windows\system32\WS2_32.dll!WSASend + 1 000007fefea813b1 11 bytes [B8, BE, 4C, F2, FF, FF, 07, ...] .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3840] C:\Windows\system32\WS2_32.dll!closesocket 000007fefea818e0 12 bytes [48, B8, 28, 4C, F2, FF, FF, ...] .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3840] C:\Windows\system32\WS2_32.dll!WSASocketW + 1 000007fefea81bd1 11 bytes [B8, 92, 4B, F2, FF, FF, 07, ...] .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3840] C:\Windows\system32\WS2_32.dll!WSARecv + 1 000007fefea82201 11 bytes [B8, 16, 4F, F2, FF, FF, 07, ...] .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3840] C:\Windows\system32\WS2_32.dll!GetAddrInfoW 000007fefea823c0 12 bytes [48, B8, 3A, 49, F2, FF, FF, ...] .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3840] C:\Windows\system32\WS2_32.dll!connect 000007fefea842f0 12 bytes [48, B8, A4, 48, F2, FF, FF, ...] .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3840] C:\Windows\system32\WS2_32.dll!send + 1 000007fefea87cd1 11 bytes [B8, FC, 4A, F2, FF, FF, 07, ...] .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3840] C:\Windows\system32\WS2_32.dll!gethostbyname 000007fefea88ac0 8 bytes [48, B8, 66, 4A, F2, FF, FF, ...] .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3840] C:\Windows\system32\WS2_32.dll!gethostbyname + 9 000007fefea88ac9 3 bytes [00, 50, C3] .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3840] C:\Windows\system32\WS2_32.dll!GetAddrInfoExW 000007fefea8be40 12 bytes [48, B8, D0, 49, F2, FF, FF, ...] .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3840] C:\Windows\system32\WS2_32.dll!socket + 1 000007fefea8d911 11 bytes [B8, 54, 4D, F2, FF, FF, 07, ...] .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3840] C:\Windows\system32\WS2_32.dll!recv + 1 000007fefea8d9c1 11 bytes [B8, 80, 4E, F2, FF, FF, 07, ...] .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3840] C:\Windows\system32\WS2_32.dll!WSAConnect + 1 000007fefeaae081 11 bytes [B8, EA, 4D, F2, FF, FF, 07, ...] .text C:\Windows\System32\svchost.exe[3568] C:\Windows\SYSTEM32\ntdll.dll!RtlEqualSid + 1 00000000773076b1 11 bytes [B8, E6, 21, F2, FF, FF, 07, ...] .text C:\Windows\System32\svchost.exe[3568] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateProcessParametersEx + 1 0000000077315121 7 bytes [B8, 64, 0D, F2, FF, FF, 07] .text C:\Windows\System32\svchost.exe[3568] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateProcessParametersEx + 10 000000007731512a 2 bytes [50, C3] .text C:\Windows\System32\svchost.exe[3568] C:\Windows\SYSTEM32\ntdll.dll!NtClose 000000007732be20 12 bytes [48, B8, 98, 15, F2, FF, FF, ...] .text C:\Windows\System32\svchost.exe[3568] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory 000000007732beb0 12 bytes [48, B8, A0, 1C, F2, FF, FF, ...] .text C:\Windows\System32\svchost.exe[3568] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess 000000007732bef0 12 bytes [48, B8, 14, 12, F2, FF, FF, ...] .text C:\Windows\System32\svchost.exe[3568] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationToken 000000007732bf40 12 bytes [48, B8, 50, 21, F2, FF, FF, ...] .text C:\Windows\System32\svchost.exe[3568] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 000000007732bf90 12 bytes [48, B8, 5C, 06, F2, FF, FF, ...] .text C:\Windows\System32\svchost.exe[3568] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 000000007732bfb0 12 bytes [48, B8, 80, 00, F2, FF, FF, ...] .text C:\Windows\System32\svchost.exe[3568] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection 000000007732bfd0 12 bytes [48, B8, 16, 01, F2, FF, FF, ...] .text C:\Windows\System32\svchost.exe[3568] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000000007732bff0 12 bytes [48, B8, 7E, 11, F2, FF, FF, ...] .text C:\Windows\System32\svchost.exe[3568] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 000000007732c0a0 12 bytes [48, B8, 12, 23, F2, FF, FF, ...] .text C:\Windows\System32\svchost.exe[3568] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000000007732c0d0 12 bytes [48, B8, 30, 05, F2, FF, FF, ...] .text C:\Windows\System32\svchost.exe[3568] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 000000007732c0f0 12 bytes [48, B8, 88, 07, F2, FF, FF, ...] .text C:\Windows\System32\svchost.exe[3568] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 000000007732c130 12 bytes [48, B8, 74, 1B, F2, FF, FF, ...] .text C:\Windows\System32\svchost.exe[3568] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 000000007732c180 12 bytes [48, B8, F2, 06, F2, FF, FF, ...] .text C:\Windows\System32\svchost.exe[3568] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcessEx 000000007732c200 12 bytes [48, B8, 04, 04, F2, FF, FF, ...] .text C:\Windows\System32\svchost.exe[3568] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 000000007732c210 12 bytes [48, B8, D8, 02, F2, FF, FF, ...] .text C:\Windows\System32\svchost.exe[3568] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory 000000007732c230 12 bytes [48, B8, 36, 1D, F2, FF, FF, ...] .text C:\Windows\System32\svchost.exe[3568] C:\Windows\SYSTEM32\ntdll.dll!NtSetValueKey 000000007732c330 12 bytes [48, B8, 3E, 24, F2, FF, FF, ...] .text C:\Windows\System32\svchost.exe[3568] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 000000007732c700 12 bytes [48, B8, 0A, 1C, F2, FF, FF, ...] .text C:\Windows\System32\svchost.exe[3568] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcess 000000007732c750 12 bytes [48, B8, 6E, 03, F2, FF, FF, ...] .text C:\Windows\System32\svchost.exe[3568] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 000000007732c7b0 12 bytes [48, B8, 42, 02, F2, FF, FF, ...] .text C:\Windows\System32\svchost.exe[3568] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 000000007732cb20 12 bytes [48, B8, 2E, 16, F2, FF, FF, ...] .text C:\Windows\System32\svchost.exe[3568] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcessToken 000000007732ccf0 12 bytes [48, B8, BA, 20, F2, FF, FF, ...] .text C:\Windows\System32\svchost.exe[3568] C:\Windows\SYSTEM32\ntdll.dll!NtRaiseHardError 000000007732d060 12 bytes [48, B8, 52, 10, F2, FF, FF, ...] .text C:\Windows\System32\svchost.exe[3568] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 000000007732d260 12 bytes [48, B8, C6, 05, F2, FF, FF, ...] .text C:\Windows\System32\svchost.exe[3568] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 000000007732d420 12 bytes [48, B8, C4, 16, F2, FF, FF, ...] .text C:\Windows\System32\svchost.exe[3568] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 000000007732d500 12 bytes [48, B8, 4A, 09, F2, FF, FF, ...] .text C:\Windows\System32\svchost.exe[3568] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 000000007732d510 12 bytes [48, B8, B4, 08, F2, FF, FF, ...] .text C:\Windows\System32\svchost.exe[3568] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 000000007732d520 12 bytes [48, B8, A8, 23, F2, FF, FF, ...] .text C:\Windows\System32\svchost.exe[3568] C:\Windows\SYSTEM32\ntdll.dll!RtlReportException + 1 000000007739e391 11 bytes [B8, E8, 10, F2, FF, FF, 07, ...] .text C:\Windows\System32\svchost.exe[3568] C:\Windows\system32\kernel32.dll!Process32NextW + 1 00000000770c1b21 11 bytes [B8, 02, 15, F2, FF, FF, 07, ...] .text C:\Windows\System32\svchost.exe[3568] C:\Windows\system32\kernel32.dll!CreateToolhelp32Snapshot 00000000770c1c10 12 bytes [48, B8, 1E, 08, F2, FF, FF, ...] .text C:\Windows\System32\svchost.exe[3568] C:\Windows\system32\kernel32.dll!MoveFileExW + 1 00000000770c2b61 8 bytes [B8, 86, 18, F2, FF, FF, 07, ...] .text C:\Windows\System32\svchost.exe[3568] C:\Windows\system32\kernel32.dll!MoveFileExW + 10 00000000770c2b6a 2 bytes [50, C3] .text C:\Windows\System32\svchost.exe[3568] C:\Windows\system32\kernel32.dll!CreateProcessInternalW 00000000770ddd20 12 bytes [48, B8, 9A, 04, F2, FF, FF, ...] .text C:\Windows\System32\svchost.exe[3568] C:\Windows\system32\kernel32.dll!GetStartupInfoA + 1 00000000770e08c1 11 bytes [B8, 7C, 22, F2, FF, FF, 07, ...] .text C:\Windows\System32\svchost.exe[3568] C:\Windows\system32\kernel32.dll!ReadConsoleInputW + 1 00000000771154f1 11 bytes [B8, 90, 0E, F2, FF, FF, 07, ...] .text C:\Windows\System32\svchost.exe[3568] C:\Windows\system32\kernel32.dll!ReadConsoleInputA + 1 0000000077115511 11 bytes [B8, FA, 0D, F2, FF, FF, 07, ...] .text C:\Windows\System32\svchost.exe[3568] C:\Windows\system32\kernel32.dll!ReadConsoleW 000000007712a830 12 bytes [48, B8, BC, 0F, F2, FF, FF, ...] .text C:\Windows\System32\svchost.exe[3568] C:\Windows\system32\kernel32.dll!ReadConsoleA 000000007712a940 12 bytes [48, B8, 26, 0F, F2, FF, FF, ...] .text C:\Windows\System32\svchost.exe[3568] C:\Windows\system32\kernel32.dll!MoveFileWithProgressW + 1 000000007714f6e1 11 bytes [B8, B2, 19, F2, FF, FF, 07, ...] .text C:\Windows\System32\svchost.exe[3568] C:\Windows\system32\kernel32.dll!MoveFileWithProgressA + 1 000000007714f8e1 11 bytes [B8, 1C, 19, F2, FF, FF, 07, ...] .text C:\Windows\System32\svchost.exe[3568] C:\Windows\system32\kernel32.dll!MoveFileExA + 1 000000007714f911 8 bytes [B8, F0, 17, F2, FF, FF, 07, ...] .text C:\Windows\System32\svchost.exe[3568] C:\Windows\system32\kernel32.dll!MoveFileExA + 10 000000007714f91a 2 bytes [50, C3] .text C:\Windows\System32\svchost.exe[3568] C:\Windows\system32\KERNELBASE.dll!CloseHandle + 1 000007fefd251861 11 bytes [B8, CE, 0C, F2, FF, FF, 07, ...] .text C:\Windows\System32\svchost.exe[3568] C:\Windows\system32\KERNELBASE.dll!GetProcAddress + 1 000007fefd253371 11 bytes [B8, 6C, 14, F2, FF, FF, 07, ...] .text C:\Windows\System32\svchost.exe[3568] C:\Windows\system32\KERNELBASE.dll!FindClose + 1 000007fefd256401 11 bytes [B8, 8E, 1F, F2, FF, FF, 07, ...] .text C:\Windows\System32\svchost.exe[3568] C:\Windows\system32\KERNELBASE.dll!FindFirstFileExW 000007fefd256620 12 bytes [48, B8, 62, 1E, F2, FF, FF, ...] .text C:\Windows\System32\svchost.exe[3568] C:\Windows\system32\KERNELBASE.dll!FindNextFileW + 1 000007fefd257901 11 bytes [B8, F8, 1E, F2, FF, FF, 07, ...] .text C:\Windows\System32\svchost.exe[3568] C:\Windows\system32\KERNELBASE.dll!CreateMutexW 000007fefd258750 9 bytes [48, B8, 38, 0C, F2, FF, FF, ...] .text C:\Windows\System32\svchost.exe[3568] C:\Windows\system32\KERNELBASE.dll!CreateMutexW + 10 000007fefd25875a 2 bytes [50, C3] .text C:\Windows\System32\svchost.exe[3568] C:\Windows\system32\KERNELBASE.dll!CreateWellKnownSid + 1 000007fefd25a5c1 11 bytes [B8, 24, 20, F2, FF, FF, 07, ...] .text C:\Windows\System32\svchost.exe[3568] C:\Windows\system32\KERNELBASE.dll!FreeLibrary + 1 000007fefd25aa61 11 bytes [B8, D6, 13, F2, FF, FF, 07, ...] .text C:\Windows\System32\svchost.exe[3568] C:\Windows\system32\KERNELBASE.dll!CreateRemoteThreadEx 000007fefd25acb0 12 bytes [48, B8, CC, 1D, F2, FF, FF, ...] .text C:\Windows\System32\svchost.exe[3568] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExA + 1 000007fefd25c751 11 bytes [B8, AA, 12, F2, FF, FF, 07, ...] .text C:\Windows\System32\svchost.exe[3568] C:\Windows\system32\KERNELBASE.dll!OpenThread + 1 000007fefd25ef51 11 bytes [B8, E0, 09, F2, FF, FF, 07, ...] .text C:\Windows\System32\svchost.exe[3568] C:\Windows\system32\KERNELBASE.dll!OpenMutexW + 1 000007fefd261c41 11 bytes [B8, A2, 0B, F2, FF, FF, 07, ...] .text C:\Windows\System32\svchost.exe[3568] C:\Windows\system32\KERNELBASE.dll!DeleteFileW + 1 000007fefd263291 11 bytes [B8, 48, 1A, F2, FF, FF, 07, ...] .text C:\Windows\System32\svchost.exe[3568] C:\Windows\system32\KERNELBASE.dll!DeleteFileA + 1 000007fefd2635a1 11 bytes [B8, DE, 1A, F2, FF, FF, 07, ...] .text C:\Windows\System32\svchost.exe[3568] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd269ac0 12 bytes [48, B8, 40, 13, F2, FF, FF, ...] .text C:\Windows\System32\svchost.exe[3568] C:\Windows\system32\KERNELBASE.dll!WriteProcessMemory 000007fefd2838a0 12 bytes [48, B8, 0C, 0B, F2, FF, FF, ...] .text C:\Windows\System32\svchost.exe[3568] C:\Windows\system32\KERNELBASE.dll!DefineDosDeviceW + 1 000007fefd28ff01 11 bytes [B8, 5A, 17, F2, FF, FF, 07, ...] .text C:\Windows\System32\svchost.exe[3568] C:\Windows\system32\KERNELBASE.dll!CreateRemoteThread + 1 000007fefd2922c1 8 bytes [B8, AC, 01, F2, FF, FF, 07, ...] .text C:\Windows\System32\svchost.exe[3568] C:\Windows\system32\KERNELBASE.dll!CreateRemoteThread + 10 000007fefd2922ca 2 bytes [50, C3] .text C:\Windows\System32\svchost.exe[3568] C:\Windows\system32\KERNELBASE.dll!CreateThread + 1 000007fefd292301 11 bytes [B8, 76, 0A, F2, FF, FF, 07, ...] .text C:\Windows\System32\svchost.exe[3568] C:\Windows\system32\GDI32.dll!GdiDllInitialize + 353 000007feff3caf11 11 bytes [B8, 6A, 25, F2, FF, FF, 07, ...] .text C:\Windows\System32\svchost.exe[3568] C:\Windows\system32\GDI32.dll!SetBrushAttributes + 1 000007feff3e49a9 11 bytes [B8, 2C, 27, F2, FF, FF, 07, ...] .text C:\Windows\System32\svchost.exe[3568] C:\Windows\system32\GDI32.dll!ClearBrushAttributes + 1 000007feff3e49c9 11 bytes [B8, C2, 27, F2, FF, FF, 07, ...] .text C:\Windows\System32\svchost.exe[3568] C:\Windows\system32\GDI32.dll!NamedEscape + 1 000007feff3f9271 11 bytes [B8, 58, 28, F2, FF, FF, 07, ...] .text C:\Windows\System32\svchost.exe[3568] C:\Windows\system32\ADVAPI32.dll!CryptExportKey + 1 000007fefeb7ac21 11 bytes [B8, A0, 44, F2, FF, FF, 07, ...] .text C:\Windows\System32\svchost.exe[3568] C:\Windows\system32\ADVAPI32.dll!CryptAcquireContextA + 1 000007fefeb7ac7d 11 bytes [B8, C8, 41, F2, FF, FF, 07, ...] .text C:\Windows\System32\svchost.exe[3568] C:\Windows\system32\ADVAPI32.dll!CryptImportKey + 1 000007fefeb7e415 11 bytes [B8, 4C, 46, F2, FF, FF, 07, ...] .text C:\Windows\System32\svchost.exe[3568] C:\Windows\system32\ADVAPI32.dll!OpenServiceW 000007fefeb7e514 12 bytes [48, B8, 18, 3C, F2, FF, FF, ...] .text C:\Windows\System32\svchost.exe[3568] C:\Windows\system32\ADVAPI32.dll!CryptAcquireContextW + 1 000007fefeb801bd 11 bytes [B8, 5E, 42, F2, FF, FF, 07, ...] .text C:\Windows\System32\svchost.exe[3568] C:\Windows\system32\ADVAPI32.dll!CryptCreateHash + 1 000007fefeb80291 11 bytes [B8, 0A, 44, F2, FF, FF, 07, ...] .text C:\Windows\System32\svchost.exe[3568] C:\Windows\system32\ADVAPI32.dll!CryptGetHashParam + 1 000007fefeb802bd 11 bytes [B8, 36, 45, F2, FF, FF, 07, ...] .text C:\Windows\System32\svchost.exe[3568] C:\Windows\system32\ADVAPI32.dll!CloseServiceHandle 000007fefeb8a830 12 bytes [48, B8, 06, 40, F2, FF, FF, ...] .text C:\Windows\System32\svchost.exe[3568] C:\Windows\system32\ADVAPI32.dll!IsTextUnicode + 49 000007fefeb94291 11 bytes [B8, 00, 26, F2, FF, FF, 07, ...] .text C:\Windows\System32\svchost.exe[3568] C:\Windows\system32\ADVAPI32.dll!CreateServiceW 000007fefeb949b0 12 bytes [48, B8, 32, 41, F2, FF, FF, ...] .text C:\Windows\System32\svchost.exe[3568] C:\Windows\system32\ADVAPI32.dll!CryptEncrypt + 1 000007fefebaa409 7 bytes [B8, 74, 43, F2, FF, FF, 07] .text C:\Windows\System32\svchost.exe[3568] C:\Windows\system32\ADVAPI32.dll!CryptEncrypt + 10 000007fefebaa412 2 bytes [50, C3] .text C:\Windows\System32\svchost.exe[3568] C:\Windows\system32\ADVAPI32.dll!CreateServiceA 000007fefebaa490 12 bytes [48, B8, 9C, 40, F2, FF, FF, ...] .text C:\Windows\System32\svchost.exe[3568] C:\Windows\system32\ADVAPI32.dll!ControlServiceExW 000007fefebaa5e8 36 bytes [48, B8, 44, 3D, F2, FF, FF, ...] .text C:\Windows\System32\svchost.exe[3568] C:\Windows\system32\ADVAPI32.dll!ChangeServiceConfigA 000007fefebaa66c 12 bytes [48, B8, DA, 3E, F2, FF, FF, ...] .text C:\Windows\System32\svchost.exe[3568] C:\Windows\system32\WS2_32.dll!WSASend + 1 000007fefea813b1 11 bytes [B8, FC, 4A, F2, FF, FF, 07, ...] .text C:\Windows\System32\svchost.exe[3568] C:\Windows\system32\WS2_32.dll!closesocket 000007fefea818e0 12 bytes [48, B8, 66, 4A, F2, FF, FF, ...] .text C:\Windows\System32\svchost.exe[3568] C:\Windows\system32\WS2_32.dll!WSASocketW + 1 000007fefea81bd1 11 bytes [B8, D0, 49, F2, FF, FF, 07, ...] .text C:\Windows\System32\svchost.exe[3568] C:\Windows\system32\WS2_32.dll!WSARecv + 1 000007fefea82201 11 bytes [B8, 54, 4D, F2, FF, FF, 07, ...] .text C:\Windows\System32\svchost.exe[3568] C:\Windows\system32\WS2_32.dll!GetAddrInfoW 000007fefea823c0 12 bytes [48, B8, 78, 47, F2, FF, FF, ...] .text C:\Windows\System32\svchost.exe[3568] C:\Windows\system32\WS2_32.dll!connect 000007fefea842f0 12 bytes [48, B8, E2, 46, F2, FF, FF, ...] .text C:\Windows\System32\svchost.exe[3568] C:\Windows\system32\WS2_32.dll!send + 1 000007fefea87cd1 11 bytes [B8, 3A, 49, F2, FF, FF, 07, ...] .text C:\Windows\System32\svchost.exe[3568] C:\Windows\system32\WS2_32.dll!gethostbyname 000007fefea88ac0 8 bytes [48, B8, A4, 48, F2, FF, FF, ...] .text C:\Windows\System32\svchost.exe[3568] C:\Windows\system32\WS2_32.dll!gethostbyname + 9 000007fefea88ac9 3 bytes [00, 50, C3] .text C:\Windows\System32\svchost.exe[3568] C:\Windows\system32\WS2_32.dll!GetAddrInfoExW 000007fefea8be40 12 bytes [48, B8, 0E, 48, F2, FF, FF, ...] .text C:\Windows\System32\svchost.exe[3568] C:\Windows\system32\WS2_32.dll!socket + 1 000007fefea8d911 11 bytes [B8, 92, 4B, F2, FF, FF, 07, ...] .text C:\Windows\System32\svchost.exe[3568] C:\Windows\system32\WS2_32.dll!recv + 1 000007fefea8d9c1 11 bytes [B8, BE, 4C, F2, FF, FF, 07, ...] .text C:\Windows\System32\svchost.exe[3568] C:\Windows\system32\WS2_32.dll!WSAConnect + 1 000007fefeaae081 11 bytes [B8, 28, 4C, F2, FF, FF, 07, ...] .text C:\Program Files\Bitdefender Agent\ProductAgentService.exe[3540] C:\Windows\SysWOW64\ntdll.dll!NtClose 00000000774df9f0 5 bytes JMP 000000007ef20700 .text C:\Program Files\Bitdefender Agent\ProductAgentService.exe[3540] C:\Windows\SysWOW64\ntdll.dll!NtAllocateVirtualMemory 00000000774dfad0 5 bytes JMP 000000007ef208ba .text C:\Program Files\Bitdefender Agent\ProductAgentService.exe[3540] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationProcess 00000000774dfb38 1 byte JMP 000000007ef20656 .text C:\Program Files\Bitdefender Agent\ProductAgentService.exe[3540] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationProcess + 2 00000000774dfb3a 3 bytes {JMP 0x7a40b1e} .text C:\Program Files\Bitdefender Agent\ProductAgentService.exe[3540] C:\Windows\SysWOW64\ntdll.dll!NtQueryInformationToken 00000000774dfbb8 5 bytes JMP 000000007ef209ca .text C:\Program Files\Bitdefender Agent\ProductAgentService.exe[3540] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess 00000000774dfc30 5 bytes JMP 000000007ef203f2 .text C:\Program Files\Bitdefender Agent\ProductAgentService.exe[3540] C:\Windows\SysWOW64\ntdll.dll!NtMapViewOfSection 00000000774dfc60 5 bytes JMP 000000007ef20018 .text C:\Program Files\Bitdefender Agent\ProductAgentService.exe[3540] C:\Windows\SysWOW64\ntdll.dll!NtUnmapViewOfSection 00000000774dfc90 5 bytes JMP 000000007ef2003a .text C:\Program Files\Bitdefender Agent\ProductAgentService.exe[3540] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 00000000774dfcc0 5 bytes JMP 000000007ef20634 .text C:\Program Files\Bitdefender Agent\ProductAgentService.exe[3540] C:\Windows\SysWOW64\ntdll.dll!NtOpenSection 00000000774dfdd8 5 bytes JMP 000000007ef20a0e .text C:\Program Files\Bitdefender Agent\ProductAgentService.exe[3540] C:\Windows\SysWOW64\ntdll.dll!NtWriteVirtualMemory 00000000774dfe24 5 bytes JMP 000000007ef203ae .text C:\Program Files\Bitdefender Agent\ProductAgentService.exe[3540] C:\Windows\SysWOW64\ntdll.dll!NtDuplicateObject 00000000774dfe54 5 bytes JMP 000000007ef20436 .text C:\Program Files\Bitdefender Agent\ProductAgentService.exe[3540] C:\Windows\SysWOW64\ntdll.dll!NtOpenEvent 00000000774dfeb8 5 bytes JMP 000000007ef20876 .text C:\Program Files\Bitdefender Agent\ProductAgentService.exe[3540] C:\Windows\SysWOW64\ntdll.dll!NtAdjustPrivilegesToken 00000000774dfed0 5 bytes JMP 000000007ef20810 .text C:\Program Files\Bitdefender Agent\ProductAgentService.exe[3540] C:\Windows\SysWOW64\ntdll.dll!NtQueueApcThread 00000000774dff34 5 bytes JMP 000000007ef20414 .text C:\Program Files\Bitdefender Agent\ProductAgentService.exe[3540] C:\Windows\SysWOW64\ntdll.dll!NtCreateProcessEx 00000000774dfffc 5 bytes JMP 000000007ef2036a .text C:\Program Files\Bitdefender Agent\ProductAgentService.exe[3540] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread 00000000774e0014 5 bytes JMP 000000007ef20326 .text C:\Program Files\Bitdefender Agent\ProductAgentService.exe[3540] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory 00000000774e0048 5 bytes JMP 000000007ef208dc .text C:\Program Files\Bitdefender Agent\ProductAgentService.exe[3540] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile 00000000774e00c4 2 bytes JMP 000000007ef20128 .text C:\Program Files\Bitdefender Agent\ProductAgentService.exe[3540] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile + 3 00000000774e00c7 2 bytes [A4, 07] .text C:\Program Files\Bitdefender Agent\ProductAgentService.exe[3540] C:\Windows\SysWOW64\ntdll.dll!NtSetValueKey 00000000774e01d4 5 bytes JMP 000000007ef201b0 .text C:\Program Files\Bitdefender Agent\ProductAgentService.exe[3540] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant 00000000774e07ac 2 bytes JMP 000000007ef20898 .text C:\Program Files\Bitdefender Agent\ProductAgentService.exe[3540] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant + 3 00000000774e07af 2 bytes [A4, 07] .text C:\Program Files\Bitdefender Agent\ProductAgentService.exe[3540] C:\Windows\SysWOW64\ntdll.dll!NtCreateProcess 00000000774e0824 5 bytes JMP 000000007ef20348 .text C:\Program Files\Bitdefender Agent\ProductAgentService.exe[3540] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx 00000000774e08b4 5 bytes JMP 000000007ef20304 .text C:\Program Files\Bitdefender Agent\ProductAgentService.exe[3540] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver 00000000774e0e04 5 bytes JMP 000000007ef20722 .text C:\Program Files\Bitdefender Agent\ProductAgentService.exe[3540] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessToken 00000000774e10d0 5 bytes JMP 000000007ef209a8 .text C:\Program Files\Bitdefender Agent\ProductAgentService.exe[3540] C:\Windows\SysWOW64\ntdll.dll!NtRaiseHardError 00000000774e1614 5 bytes JMP 000000007ef205f0 .text C:\Program Files\Bitdefender Agent\ProductAgentService.exe[3540] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread 00000000774e1930 5 bytes JMP 000000007ef203d0 .text C:\Program Files\Bitdefender Agent\ProductAgentService.exe[3540] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation 00000000774e1bf4 5 bytes JMP 000000007ef20744 .text C:\Program Files\Bitdefender Agent\ProductAgentService.exe[3540] C:\Windows\SysWOW64\ntdll.dll!NtSuspendProcess 00000000774e1d64 5 bytes JMP 000000007ef2047a .text C:\Program Files\Bitdefender Agent\ProductAgentService.exe[3540] C:\Windows\SysWOW64\ntdll.dll!NtSuspendThread 00000000774e1d80 5 bytes JMP 000000007ef20458 .text C:\Program Files\Bitdefender Agent\ProductAgentService.exe[3540] C:\Windows\SysWOW64\ntdll.dll!NtSystemDebugControl 00000000774e1d9c 5 bytes JMP 000000007ef20a30 .text C:\Program Files\Bitdefender Agent\ProductAgentService.exe[3540] C:\Windows\SysWOW64\ntdll.dll!RtlQueryPerformanceCounter 00000000774f2954 5 bytes JMP 000000007ef200c2 .text C:\Program Files\Bitdefender Agent\ProductAgentService.exe[3540] C:\Windows\SysWOW64\ntdll.dll!RtlEqualSid 00000000774f8ee1 5 bytes JMP 000000007ef209ec .text C:\Program Files\Bitdefender Agent\ProductAgentService.exe[3540] C:\Windows\SysWOW64\ntdll.dll!RtlCreateProcessParametersEx 000000007752005b 5 bytes JMP 000000007ef2016c .text C:\Program Files\Bitdefender Agent\ProductAgentService.exe[3540] C:\Windows\SysWOW64\ntdll.dll!RtlReportException 0000000077568757 5 bytes JMP 000000007ef20612 .text C:\Program Files\Bitdefender Agent\ProductAgentService.exe[3540] C:\Windows\SysWOW64\ntdll.dll!RtlCreateProcessParameters 000000007756e9f7 5 bytes JMP 000000007ef2014a .text C:\Program Files\Bitdefender Agent\ProductAgentService.exe[3540] C:\Windows\syswow64\kernel32.dll!GetStartupInfoA 0000000076310e00 5 bytes JMP 000000007ef200e4 .text C:\Program Files\Bitdefender Agent\ProductAgentService.exe[3540] C:\Windows\syswow64\kernel32.dll!CreateProcessA 0000000076311072 5 bytes JMP 000000007ef202c0 .text C:\Program Files\Bitdefender Agent\ProductAgentService.exe[3540] C:\Windows\syswow64\kernel32.dll!LoadLibraryA 0000000076314977 5 bytes JMP 000000007ef20238 .text C:\Program Files\Bitdefender Agent\ProductAgentService.exe[3540] C:\Windows\syswow64\kernel32.dll!CreateProcessInternalW 0000000076323bbb 5 bytes JMP 000000007ef2038c .text C:\Program Files\Bitdefender Agent\ProductAgentService.exe[3540] C:\Windows\syswow64\kernel32.dll!MoveFileWithProgressW 0000000076329abc 5 bytes JMP 000000007ef207ee .text C:\Program Files\Bitdefender Agent\ProductAgentService.exe[3540] C:\Windows\syswow64\kernel32.dll!MoveFileExW 0000000076329b1d 5 bytes JMP 000000007ef207aa .text C:\Program Files\Bitdefender Agent\ProductAgentService.exe[3540] C:\Windows\syswow64\kernel32.dll!CreateToolhelp32Snapshot 000000007633733f 5 bytes JMP 000000007ef2025a .text C:\Program Files\Bitdefender Agent\ProductAgentService.exe[3540] C:\Windows\syswow64\kernel32.dll!UnhandledExceptionFilter 000000007633770f 5 bytes JMP 00000000017407d0 .text C:\Program Files\Bitdefender Agent\ProductAgentService.exe[3540] C:\Windows\syswow64\kernel32.dll!Process32NextW 00000000763388f2 5 bytes JMP 000000007ef206de .text C:\Program Files\Bitdefender Agent\ProductAgentService.exe[3540] C:\Windows\syswow64\kernel32.dll!MoveFileExA 000000007633ccf1 5 bytes JMP 000000007ef20788 .text C:\Program Files\Bitdefender Agent\ProductAgentService.exe[3540] C:\Windows\syswow64\kernel32.dll!MoveFileWithProgressA 000000007633cd11 5 bytes JMP 000000007ef207cc .text C:\Program Files\Bitdefender Agent\ProductAgentService.exe[3540] C:\Windows\syswow64\kernel32.dll!WinExec 0000000076393231 5 bytes JMP 000000007ef2029e .text C:\Program Files\Bitdefender Agent\ProductAgentService.exe[3540] C:\Windows\syswow64\kernel32.dll!ReadConsoleInputA 00000000763b773b 5 bytes JMP 000000007ef20568 .text C:\Program Files\Bitdefender Agent\ProductAgentService.exe[3540] C:\Windows\syswow64\kernel32.dll!ReadConsoleInputW 00000000763b775e 5 bytes JMP 000000007ef2058a .text C:\Program Files\Bitdefender Agent\ProductAgentService.exe[3540] C:\Windows\syswow64\kernel32.dll!ReadConsoleA 00000000763b7b09 5 bytes JMP 000000007ef205ac .text C:\Program Files\Bitdefender Agent\ProductAgentService.exe[3540] C:\Windows\syswow64\kernel32.dll!ReadConsoleW 00000000763b7b82 5 bytes JMP 000000007ef205ce .text C:\Program Files\Bitdefender Agent\ProductAgentService.exe[3540] C:\Windows\syswow64\KERNELBASE.dll!GetSystemTimeAsFileTime 0000000077078fa5 5 bytes JMP 000000007ef200a0 .text C:\Program Files\Bitdefender Agent\ProductAgentService.exe[3540] C:\Windows\syswow64\KERNELBASE.dll!CloseHandle 000000007707c558 5 bytes JMP 000000007ef20546 .text C:\Program Files\Bitdefender Agent\ProductAgentService.exe[3540] C:\Windows\syswow64\KERNELBASE.dll!WriteProcessMemory 000000007707edc6 5 bytes JMP 000000007ef204e0 .text C:\Program Files\Bitdefender Agent\ProductAgentService.exe[3540] C:\Windows\syswow64\KERNELBASE.dll!ExitProcess 000000007707f329 5 bytes JMP 000000007ef201d2 .text C:\Program Files\Bitdefender Agent\ProductAgentService.exe[3540] C:\Windows\syswow64\KERNELBASE.dll!GetStartupInfoW 000000007707fbac 5 bytes JMP 000000007ef20106 .text C:\Program Files\Bitdefender Agent\ProductAgentService.exe[3540] C:\Windows\syswow64\KERNELBASE.dll!DefineDosDeviceW 000000007707fcda 5 bytes JMP 000000007ef20766 .text C:\Program Files\Bitdefender Agent\ProductAgentService.exe[3540] C:\Windows\syswow64\KERNELBASE.dll!CreateMutexW 000000007708147b 5 bytes JMP 000000007ef20524 .text C:\Program Files\Bitdefender Agent\ProductAgentService.exe[3540] C:\Windows\syswow64\KERNELBASE.dll!OpenMutexW 00000000770814a2 5 bytes JMP 000000007ef20502 .text C:\Program Files\Bitdefender Agent\ProductAgentService.exe[3540] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000077081e4c 5 bytes JMP 000000007ef2007e .text C:\Program Files\Bitdefender Agent\ProductAgentService.exe[3540] C:\Windows\syswow64\KERNELBASE.dll!GetProcAddress 0000000077081f38 5 bytes JMP 000000007ef20216 .text C:\Program Files\Bitdefender Agent\ProductAgentService.exe[3540] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000077082bdc 5 bytes JMP 000000007ef2069a .text C:\Program Files\Bitdefender Agent\ProductAgentService.exe[3540] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExA 0000000077082e40 5 bytes JMP 000000007ef20678 .text C:\Program Files\Bitdefender Agent\ProductAgentService.exe[3540] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000077082e7e 5 bytes JMP 000000007ef206bc .text C:\Program Files\Bitdefender Agent\ProductAgentService.exe[3540] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleA 0000000077082fe1 5 bytes JMP 000000007ef2005c .text C:\Program Files\Bitdefender Agent\ProductAgentService.exe[3540] C:\Windows\syswow64\KERNELBASE.dll!OpenThread 000000007708396a 5 bytes JMP 000000007ef2049c .text C:\Program Files\Bitdefender Agent\ProductAgentService.exe[3540] C:\Windows\syswow64\KERNELBASE.dll!SleepEx 0000000077083cd7 5 bytes JMP 000000007ef2018e .text C:\Program Files\Bitdefender Agent\ProductAgentService.exe[3540] C:\Windows\syswow64\KERNELBASE.dll!CreateRemoteThreadEx 0000000077083fdf 5 bytes JMP 000000007ef208fe .text C:\Program Files\Bitdefender Agent\ProductAgentService.exe[3540] C:\Windows\syswow64\KERNELBASE.dll!Sleep 00000000770845fd 5 bytes JMP 000000007ef201f4 .text C:\Program Files\Bitdefender Agent\ProductAgentService.exe[3540] C:\Windows\syswow64\KERNELBASE.dll!CreateThread 000000007708476f 5 bytes JMP 000000007ef204be .text C:\Program Files\Bitdefender Agent\ProductAgentService.exe[3540] C:\Windows\syswow64\KERNELBASE.dll!CreateRemoteThread 0000000077084798 5 bytes JMP 000000007ef202e2 .text C:\Program Files\Bitdefender Agent\ProductAgentService.exe[3540] C:\Windows\syswow64\KERNELBASE.dll!DeleteFileW 0000000077089dcf 5 bytes JMP 000000007ef20832 .text C:\Program Files\Bitdefender Agent\ProductAgentService.exe[3540] C:\Windows\syswow64\KERNELBASE.dll!DeleteFileA 000000007708a11c 5 bytes JMP 000000007ef20854 .text C:\Program Files\Bitdefender Agent\ProductAgentService.exe[3540] C:\Windows\syswow64\KERNELBASE.dll!FindNextFileW 000000007708a37a 5 bytes JMP 000000007ef20942 .text C:\Program Files\Bitdefender Agent\ProductAgentService.exe[3540] C:\Windows\syswow64\KERNELBASE.dll!FindClose 000000007708a589 5 bytes JMP 000000007ef20964 .text C:\Program Files\Bitdefender Agent\ProductAgentService.exe[3540] C:\Windows\syswow64\KERNELBASE.dll!FindFirstFileExW 000000007708a663 5 bytes JMP 000000007ef20920 .text C:\Program Files\Bitdefender Agent\ProductAgentService.exe[3540] C:\Windows\syswow64\KERNELBASE.dll!CreateFileA 000000007708c8a8 5 bytes JMP 000000007ef2027c .text C:\Program Files\Bitdefender Agent\ProductAgentService.exe[3540] C:\Windows\syswow64\KERNELBASE.dll!CreateWellKnownSid 000000007708e414 5 bytes JMP 000000007ef20986 .text C:\Program Files\Bitdefender Agent\ProductAgentService.exe[3540] C:\Windows\syswow64\msvcrt.dll!_lock + 41 000000007652a472 5 bytes JMP 000000007ef20a52 .text C:\Program Files\Bitdefender Agent\ProductAgentService.exe[3540] C:\Windows\syswow64\msvcrt.dll!__p__fmode 00000000765327ce 5 bytes JMP 000000007ef20b40 .text C:\Program Files\Bitdefender Agent\ProductAgentService.exe[3540] C:\Windows\syswow64\msvcrt.dll!__p__environ 000000007653e6cf 5 bytes JMP 000000007ef20b1e .text C:\Program Files\Bitdefender Agent\ProductAgentService.exe[3540] C:\Windows\syswow64\USER32.dll!GetWindowLongW 0000000076ef6ffe 5 bytes JMP 000000007ef2117e .text C:\Program Files\Bitdefender Agent\ProductAgentService.exe[3540] C:\Windows\syswow64\USER32.dll!GetMessageW 0000000076ef78e2 5 bytes JMP 000000007ef20ef8 .text C:\Program Files\Bitdefender Agent\ProductAgentService.exe[3540] C:\Windows\syswow64\USER32.dll!GetMessageA 0000000076ef7bd3 5 bytes JMP 000000007ef20ed6 .text C:\Program Files\Bitdefender Agent\ProductAgentService.exe[3540] C:\Windows\syswow64\USER32.dll!SetWindowLongW 0000000076ef8332 5 bytes JMP 000000007ef211c2 .text C:\Program Files\Bitdefender Agent\ProductAgentService.exe[3540] C:\Windows\syswow64\USER32.dll!CreateWindowExW 0000000076ef8a29 5 bytes JMP 000000007ef20fa2 .text C:\Program Files\Bitdefender Agent\ProductAgentService.exe[3540] C:\Windows\syswow64\USER32.dll!FindWindowW 0000000076ef98fd 5 bytes JMP 000000007ef21118 .text C:\Program Files\Bitdefender Agent\ProductAgentService.exe[3540] C:\Windows\syswow64\USER32.dll!UserClientDllInitialize 0000000076efb6fa 5 bytes JMP 000000007ef20a74 .text C:\Program Files\Bitdefender Agent\ProductAgentService.exe[3540] C:\Windows\syswow64\USER32.dll!GetWindowLongA 0000000076efd166 5 bytes JMP 000000007ef2115c .text C:\Program Files\Bitdefender Agent\ProductAgentService.exe[3540] C:\Windows\syswow64\USER32.dll!CreateWindowExA 0000000076efd23e 5 bytes JMP 000000007ef20fc4 .text C:\Program Files\Bitdefender Agent\ProductAgentService.exe[3540] C:\Windows\syswow64\USER32.dll!SetWinEventHook 0000000076efee21 5 bytes JMP 000000007ef20eb4 .text C:\Program Files\Bitdefender Agent\ProductAgentService.exe[3540] C:\Windows\syswow64\USER32.dll!FindWindowA 0000000076effffe 5 bytes JMP 000000007ef210d4 .text C:\Program Files\Bitdefender Agent\ProductAgentService.exe[3540] C:\Windows\syswow64\USER32.dll!FindWindowExA 0000000076f000f1 5 bytes JMP 000000007ef210f6 .text C:\Program Files\Bitdefender Agent\ProductAgentService.exe[3540] C:\Windows\syswow64\USER32.dll!PeekMessageW 0000000076f005d2 5 bytes JMP 000000007ef20f3c .text C:\Program Files\Bitdefender Agent\ProductAgentService.exe[3540] C:\Windows\syswow64\USER32.dll!ShowWindow 0000000076f00e13 5 bytes JMP 000000007ef20fe6 .text C:\Program Files\Bitdefender Agent\ProductAgentService.exe[3540] C:\Windows\syswow64\USER32.dll!SetWindowTextW 0000000076f01f14 5 bytes JMP 000000007ef210b2 .text C:\Program Files\Bitdefender Agent\ProductAgentService.exe[3540] C:\Windows\syswow64\USER32.dll!UnhookWindowsHookEx 0000000076f0392d 5 bytes JMP 000000007ef20f80 .text C:\Program Files\Bitdefender Agent\ProductAgentService.exe[3540] C:\Windows\syswow64\USER32.dll!FindWindowExW 0000000076f0398a 5 bytes JMP 000000007ef2113a .text C:\Program Files\Bitdefender Agent\ProductAgentService.exe[3540] C:\Windows\syswow64\USER32.dll!PeekMessageA 0000000076f07044 5 bytes JMP 000000007ef20f1a .text C:\Program Files\Bitdefender Agent\ProductAgentService.exe[3540] C:\Windows\syswow64\USER32.dll!SetWindowLongA 0000000076f071e0 5 bytes JMP 000000007ef211a0 .text C:\Program Files\Bitdefender Agent\ProductAgentService.exe[3540] C:\Windows\syswow64\USER32.dll!CallNextHookEx 0000000076f07355 5 bytes JMP 000000007ef20f5e .text C:\Program Files\Bitdefender Agent\ProductAgentService.exe[3540] C:\Windows\syswow64\USER32.dll!SetWindowsHookExW 0000000076f081f5 5 bytes JMP 000000007ef20e92 .text C:\Program Files\Bitdefender Agent\ProductAgentService.exe[3540] C:\Windows\syswow64\USER32.dll!SendNotifyMessageW 0000000076f0825a 5 bytes JMP 000000007ef21206 .text C:\Program Files\Bitdefender Agent\ProductAgentService.exe[3540] C:\Windows\syswow64\USER32.dll!SetWindowTextA 0000000076f086de 5 bytes JMP 000000007ef21090 .text C:\Program Files\Bitdefender Agent\ProductAgentService.exe[3540] C:\Windows\syswow64\USER32.dll!SetWindowsHookExA 0000000076f08f4c 5 bytes JMP 000000007ef20e70 .text C:\Program Files\Bitdefender Agent\ProductAgentService.exe[3540] C:\Windows\syswow64\USER32.dll!DialogBoxIndirectParamAorW 0000000076f1d954 5 bytes JMP 000000007ef2102a .text C:\Program Files\Bitdefender Agent\ProductAgentService.exe[3540] C:\Windows\syswow64\USER32.dll!CreateDialogIndirectParamAorW 0000000076f21080 5 bytes JMP 000000007ef21008 .text C:\Program Files\Bitdefender Agent\ProductAgentService.exe[3540] C:\Windows\syswow64\USER32.dll!MessageBoxExA 0000000076f4fd66 5 bytes JMP 000000007ef2104c .text C:\Program Files\Bitdefender Agent\ProductAgentService.exe[3540] C:\Windows\syswow64\USER32.dll!MessageBoxExW 0000000076f4fd8a 5 bytes JMP 000000007ef2106e .text C:\Program Files\Bitdefender Agent\ProductAgentService.exe[3540] C:\Windows\syswow64\USER32.dll!SendNotifyMessageA 0000000076f56df5 5 bytes JMP 000000007ef211e4 .text C:\Program Files\Bitdefender Agent\ProductAgentService.exe[3540] C:\Windows\syswow64\GDI32.dll!TranslateCharsetInfo + 505 0000000076d1633b 5 bytes JMP 000000007ef20a96 .text C:\Program Files\Bitdefender Agent\ProductAgentService.exe[3540] C:\Windows\syswow64\GDI32.dll!SetBrushAttributes 0000000076d385fd 5 bytes JMP 000000007ef20b62 .text C:\Program Files\Bitdefender Agent\ProductAgentService.exe[3540] C:\Windows\syswow64\GDI32.dll!ClearBrushAttributes 0000000076d3861c 5 bytes JMP 000000007ef20b84 .text C:\Program Files\Bitdefender Agent\ProductAgentService.exe[3540] C:\Windows\syswow64\GDI32.dll!NamedEscape 0000000076d4421d 5 bytes JMP 000000007ef20ba6 .text C:\Program Files\Bitdefender Agent\ProductAgentService.exe[3540] C:\Windows\syswow64\ADVAPI32.dll!CryptGenKey 0000000076c28e69 5 bytes JMP 000000007ef20d82 .text C:\Program Files\Bitdefender Agent\ProductAgentService.exe[3540] C:\Windows\syswow64\ADVAPI32.dll!CryptAcquireContextA 0000000076c29159 5 bytes JMP 000000007ef20d3e .text C:\Program Files\Bitdefender Agent\ProductAgentService.exe[3540] C:\Windows\syswow64\ADVAPI32.dll!CryptExportKey 0000000076c29166 5 bytes JMP 000000007ef20de8 .text C:\Program Files\Bitdefender Agent\ProductAgentService.exe[3540] C:\Windows\syswow64\ADVAPI32.dll!CryptImportKey 0000000076c2c4b2 5 bytes JMP 000000007ef20e4e .text C:\Program Files\Bitdefender Agent\ProductAgentService.exe[3540] C:\Windows\syswow64\ADVAPI32.dll!OpenServiceW 0000000076c2c9cc 5 bytes JMP 000000007ef20bea .text C:\Program Files\Bitdefender Agent\ProductAgentService.exe[3540] C:\Windows\syswow64\ADVAPI32.dll!CryptAcquireContextW 0000000076c2de94 5 bytes JMP 000000007ef20d60 .text C:\Program Files\Bitdefender Agent\ProductAgentService.exe[3540] C:\Windows\syswow64\ADVAPI32.dll!CryptHashData 0000000076c2deb6 5 bytes JMP 000000007ef20e2c .text C:\Program Files\Bitdefender Agent\ProductAgentService.exe[3540] C:\Windows\syswow64\ADVAPI32.dll!CryptCreateHash 0000000076c2dece 5 bytes JMP 000000007ef20dc6 .text C:\Program Files\Bitdefender Agent\ProductAgentService.exe[3540] C:\Windows\syswow64\ADVAPI32.dll!CryptGetHashParam 0000000076c2defe 5 bytes JMP 000000007ef20e0a .text C:\Program Files\Bitdefender Agent\ProductAgentService.exe[3540] C:\Windows\syswow64\ADVAPI32.dll!OpenServiceA 0000000076c32b38 5 bytes JMP 000000007ef20bc8 .text C:\Program Files\Bitdefender Agent\ProductAgentService.exe[3540] C:\Windows\syswow64\ADVAPI32.dll!CloseServiceHandle 0000000076c335e4 5 bytes JMP 000000007ef20cd8 .text C:\Program Files\Bitdefender Agent\ProductAgentService.exe[3540] C:\Windows\syswow64\ADVAPI32.dll!RegOpenKeyExA + 222 0000000076c34939 5 bytes JMP 000000007ef20ab8 .text C:\Program Files\Bitdefender Agent\ProductAgentService.exe[3540] C:\Windows\syswow64\ADVAPI32.dll!CreateServiceW 0000000076c470a4 5 bytes JMP 000000007ef20d1c .text C:\Program Files\Bitdefender Agent\ProductAgentService.exe[3540] C:\Windows\syswow64\ADVAPI32.dll!ControlService 0000000076c470bc 5 bytes JMP 000000007ef20c50 .text C:\Program Files\Bitdefender Agent\ProductAgentService.exe[3540] C:\Windows\syswow64\ADVAPI32.dll!DeleteService 0000000076c470d4 5 bytes JMP 000000007ef20c72 .text C:\Program Files\Bitdefender Agent\ProductAgentService.exe[3540] C:\Windows\syswow64\ADVAPI32.dll!CryptEncrypt 0000000076c4771b 5 bytes JMP 000000007ef20da4 .text C:\Program Files\Bitdefender Agent\ProductAgentService.exe[3540] C:\Windows\syswow64\ADVAPI32.dll!ChangeServiceConfigA 0000000076c633a4 5 bytes JMP 000000007ef20c94 .text C:\Program Files\Bitdefender Agent\ProductAgentService.exe[3540] C:\Windows\syswow64\ADVAPI32.dll!ChangeServiceConfigW 0000000076c633b4 5 bytes JMP 000000007ef20cb6 .text C:\Program Files\Bitdefender Agent\ProductAgentService.exe[3540] C:\Windows\syswow64\ADVAPI32.dll!ControlServiceExA 0000000076c633c4 5 bytes JMP 000000007ef20c0c .text C:\Program Files\Bitdefender Agent\ProductAgentService.exe[3540] C:\Windows\syswow64\ADVAPI32.dll!ControlServiceExW 0000000076c633d4 5 bytes JMP 000000007ef20c2e .text C:\Program Files\Bitdefender Agent\ProductAgentService.exe[3540] C:\Windows\syswow64\ADVAPI32.dll!CreateServiceA 0000000076c63414 5 bytes JMP 000000007ef20cfa .text C:\Program Files\Bitdefender Agent\ProductAgentService.exe[3540] C:\Windows\syswow64\SHELL32.dll!Shell_NotifyIconW 0000000075370179 5 bytes JMP 000000007ef2128e .text C:\Program Files\Bitdefender Agent\ProductAgentService.exe[3540] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000074e61401 2 bytes JMP 7633b233 C:\Windows\syswow64\kernel32.dll .text C:\Program Files\Bitdefender Agent\ProductAgentService.exe[3540] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000074e61419 2 bytes JMP 7633b35e C:\Windows\syswow64\kernel32.dll .text C:\Program Files\Bitdefender Agent\ProductAgentService.exe[3540] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000074e61431 2 bytes JMP 763b9149 C:\Windows\syswow64\kernel32.dll .text C:\Program Files\Bitdefender Agent\ProductAgentService.exe[3540] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000074e6144a 2 bytes CALL 76314885 C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files\Bitdefender Agent\ProductAgentService.exe[3540] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000074e614dd 2 bytes JMP 763b8a42 C:\Windows\syswow64\kernel32.dll .text C:\Program Files\Bitdefender Agent\ProductAgentService.exe[3540] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000074e614f5 2 bytes JMP 763b8c18 C:\Windows\syswow64\kernel32.dll .text C:\Program Files\Bitdefender Agent\ProductAgentService.exe[3540] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000074e6150d 2 bytes JMP 763b8938 C:\Windows\syswow64\kernel32.dll .text C:\Program Files\Bitdefender Agent\ProductAgentService.exe[3540] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000074e61525 2 bytes JMP 763b8d02 C:\Windows\syswow64\kernel32.dll .text C:\Program Files\Bitdefender Agent\ProductAgentService.exe[3540] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000074e6153d 2 bytes JMP 7632fcc0 C:\Windows\syswow64\kernel32.dll .text C:\Program Files\Bitdefender Agent\ProductAgentService.exe[3540] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000074e61555 2 bytes JMP 76336907 C:\Windows\syswow64\kernel32.dll .text C:\Program Files\Bitdefender Agent\ProductAgentService.exe[3540] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000074e6156d 2 bytes JMP 763b9201 C:\Windows\syswow64\kernel32.dll .text C:\Program Files\Bitdefender Agent\ProductAgentService.exe[3540] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000074e61585 2 bytes JMP 763b8d62 C:\Windows\syswow64\kernel32.dll .text C:\Program Files\Bitdefender Agent\ProductAgentService.exe[3540] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000074e6159d 2 bytes JMP 763b88fc C:\Windows\syswow64\kernel32.dll .text C:\Program Files\Bitdefender Agent\ProductAgentService.exe[3540] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000074e615b5 2 bytes JMP 7632fd59 C:\Windows\syswow64\kernel32.dll .text C:\Program Files\Bitdefender Agent\ProductAgentService.exe[3540] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000074e615cd 2 bytes JMP 7633b2f4 C:\Windows\syswow64\kernel32.dll .text C:\Program Files\Bitdefender Agent\ProductAgentService.exe[3540] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000074e616b2 2 bytes JMP 763b90c4 C:\Windows\syswow64\kernel32.dll .text C:\Program Files\Bitdefender Agent\ProductAgentService.exe[3540] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000074e616bd 2 bytes JMP 763b8891 C:\Windows\syswow64\kernel32.dll .text C:\Program Files\Bitdefender Agent\ProductAgentService.exe[3540] C:\Windows\syswow64\WS2_32.dll!closesocket 0000000076633918 5 bytes JMP 000000007ef213c0 .text C:\Program Files\Bitdefender Agent\ProductAgentService.exe[3540] C:\Windows\syswow64\WS2_32.dll!WSASocketW 0000000076633cd3 5 bytes JMP 000000007ef2139e .text C:\Program Files\Bitdefender Agent\ProductAgentService.exe[3540] C:\Windows\syswow64\WS2_32.dll!socket 0000000076633eb8 5 bytes JMP 000000007ef213e2 .text C:\Program Files\Bitdefender Agent\ProductAgentService.exe[3540] C:\Windows\syswow64\WS2_32.dll!WSASend 0000000076634406 5 bytes JMP 000000007ef212f4 .text C:\Program Files\Bitdefender Agent\ProductAgentService.exe[3540] C:\Windows\syswow64\WS2_32.dll!GetAddrInfoW 0000000076634889 5 bytes JMP 000000007ef21338 .text C:\Program Files\Bitdefender Agent\ProductAgentService.exe[3540] C:\Windows\syswow64\WS2_32.dll!recv 0000000076636826 5 bytes JMP 000000007ef21426 .text C:\Program Files\Bitdefender Agent\ProductAgentService.exe[3540] C:\Windows\syswow64\WS2_32.dll!connect 00000000766368f5 5 bytes JMP 000000007ef21316 .text C:\Program Files\Bitdefender Agent\ProductAgentService.exe[3540] C:\Windows\syswow64\WS2_32.dll!send 0000000076636c19 5 bytes JMP 000000007ef212d2 .text C:\Program Files\Bitdefender Agent\ProductAgentService.exe[3540] C:\Windows\syswow64\WS2_32.dll!WSARecv 0000000076636da1 5 bytes JMP 000000007ef21448 .text C:\Program Files\Bitdefender Agent\ProductAgentService.exe[3540] C:\Windows\syswow64\WS2_32.dll!GetAddrInfoExW 000000007663a6db 5 bytes JMP 000000007ef2135a .text C:\Program Files\Bitdefender Agent\ProductAgentService.exe[3540] C:\Windows\syswow64\WS2_32.dll!WSAConnect 000000007663bcd5 5 bytes JMP 000000007ef21404 .text C:\Program Files\Bitdefender Agent\ProductAgentService.exe[3540] C:\Windows\syswow64\WS2_32.dll!gethostbyname 000000007664771b 5 bytes JMP 000000007ef2137c .text C:\Windows\system32\svchost.exe[1620] C:\Windows\SYSTEM32\ntdll.dll!RtlEqualSid + 1 00000000773076b1 11 bytes [B8, E6, 21, F2, FF, FF, 07, ...] .text C:\Windows\system32\svchost.exe[1620] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateProcessParametersEx + 1 0000000077315121 7 bytes [B8, 64, 0D, F2, FF, FF, 07] .text C:\Windows\system32\svchost.exe[1620] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateProcessParametersEx + 10 000000007731512a 2 bytes [50, C3] .text C:\Windows\system32\svchost.exe[1620] C:\Windows\SYSTEM32\ntdll.dll!NtClose 000000007732be20 12 bytes [48, B8, 98, 15, F2, FF, FF, ...] .text C:\Windows\system32\svchost.exe[1620] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory 000000007732beb0 12 bytes [48, B8, A0, 1C, F2, FF, FF, ...] .text C:\Windows\system32\svchost.exe[1620] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess 000000007732bef0 12 bytes [48, B8, 14, 12, F2, FF, FF, ...] .text C:\Windows\system32\svchost.exe[1620] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationToken 000000007732bf40 12 bytes [48, B8, 50, 21, F2, FF, FF, ...] .text C:\Windows\system32\svchost.exe[1620] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 000000007732bf90 12 bytes [48, B8, 5C, 06, F2, FF, FF, ...] .text C:\Windows\system32\svchost.exe[1620] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 000000007732bfb0 12 bytes [48, B8, 80, 00, F2, FF, FF, ...] .text C:\Windows\system32\svchost.exe[1620] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection 000000007732bfd0 12 bytes [48, B8, 16, 01, F2, FF, FF, ...] .text C:\Windows\system32\svchost.exe[1620] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000000007732bff0 12 bytes [48, B8, 7E, 11, F2, FF, FF, ...] .text C:\Windows\system32\svchost.exe[1620] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 000000007732c0a0 12 bytes [48, B8, 12, 23, F2, FF, FF, ...] .text C:\Windows\system32\svchost.exe[1620] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000000007732c0d0 12 bytes [48, B8, 30, 05, F2, FF, FF, ...] .text C:\Windows\system32\svchost.exe[1620] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 000000007732c0f0 12 bytes [48, B8, 88, 07, F2, FF, FF, ...] .text C:\Windows\system32\svchost.exe[1620] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 000000007732c130 12 bytes [48, B8, 74, 1B, F2, FF, FF, ...] .text C:\Windows\system32\svchost.exe[1620] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 000000007732c180 12 bytes [48, B8, F2, 06, F2, FF, FF, ...] .text C:\Windows\system32\svchost.exe[1620] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcessEx 000000007732c200 12 bytes [48, B8, 04, 04, F2, FF, FF, ...] .text C:\Windows\system32\svchost.exe[1620] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 000000007732c210 12 bytes [48, B8, D8, 02, F2, FF, FF, ...] .text C:\Windows\system32\svchost.exe[1620] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory 000000007732c230 12 bytes [48, B8, 36, 1D, F2, FF, FF, ...] .text C:\Windows\system32\svchost.exe[1620] C:\Windows\SYSTEM32\ntdll.dll!NtSetValueKey 000000007732c330 12 bytes [48, B8, 3E, 24, F2, FF, FF, ...] .text C:\Windows\system32\svchost.exe[1620] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 000000007732c700 12 bytes [48, B8, 0A, 1C, F2, FF, FF, ...] .text C:\Windows\system32\svchost.exe[1620] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcess 000000007732c750 12 bytes [48, B8, 6E, 03, F2, FF, FF, ...] .text C:\Windows\system32\svchost.exe[1620] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 000000007732c7b0 12 bytes [48, B8, 42, 02, F2, FF, FF, ...] .text C:\Windows\system32\svchost.exe[1620] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 000000007732cb20 12 bytes [48, B8, 2E, 16, F2, FF, FF, ...] .text C:\Windows\system32\svchost.exe[1620] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcessToken 000000007732ccf0 12 bytes [48, B8, BA, 20, F2, FF, FF, ...] .text C:\Windows\system32\svchost.exe[1620] C:\Windows\SYSTEM32\ntdll.dll!NtRaiseHardError 000000007732d060 12 bytes [48, B8, 52, 10, F2, FF, FF, ...] .text C:\Windows\system32\svchost.exe[1620] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 000000007732d260 12 bytes [48, B8, C6, 05, F2, FF, FF, ...] .text C:\Windows\system32\svchost.exe[1620] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 000000007732d420 12 bytes [48, B8, C4, 16, F2, FF, FF, ...] .text C:\Windows\system32\svchost.exe[1620] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 000000007732d500 12 bytes [48, B8, 4A, 09, F2, FF, FF, ...] .text C:\Windows\system32\svchost.exe[1620] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 000000007732d510 12 bytes [48, B8, B4, 08, F2, FF, FF, ...] .text C:\Windows\system32\svchost.exe[1620] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 000000007732d520 12 bytes [48, B8, A8, 23, F2, FF, FF, ...] .text C:\Windows\system32\svchost.exe[1620] C:\Windows\SYSTEM32\ntdll.dll!RtlReportException + 1 000000007739e391 11 bytes [B8, E8, 10, F2, FF, FF, 07, ...] .text C:\Windows\system32\svchost.exe[1620] C:\Windows\system32\kernel32.dll!Process32NextW + 1 00000000770c1b21 11 bytes [B8, 02, 15, F2, FF, FF, 07, ...] .text C:\Windows\system32\svchost.exe[1620] C:\Windows\system32\kernel32.dll!CreateToolhelp32Snapshot 00000000770c1c10 12 bytes [48, B8, 1E, 08, F2, FF, FF, ...] .text C:\Windows\system32\svchost.exe[1620] C:\Windows\system32\kernel32.dll!MoveFileExW + 1 00000000770c2b61 8 bytes [B8, 86, 18, F2, FF, FF, 07, ...] .text C:\Windows\system32\svchost.exe[1620] C:\Windows\system32\kernel32.dll!MoveFileExW + 10 00000000770c2b6a 2 bytes [50, C3] .text C:\Windows\system32\svchost.exe[1620] C:\Windows\system32\kernel32.dll!CreateProcessInternalW 00000000770ddd20 12 bytes [48, B8, 9A, 04, F2, FF, FF, ...] .text C:\Windows\system32\svchost.exe[1620] C:\Windows\system32\kernel32.dll!GetStartupInfoA + 1 00000000770e08c1 11 bytes [B8, 7C, 22, F2, FF, FF, 07, ...] .text C:\Windows\system32\svchost.exe[1620] C:\Windows\system32\kernel32.dll!ReadConsoleInputW + 1 00000000771154f1 11 bytes [B8, 90, 0E, F2, FF, FF, 07, ...] .text C:\Windows\system32\svchost.exe[1620] C:\Windows\system32\kernel32.dll!ReadConsoleInputA + 1 0000000077115511 11 bytes [B8, FA, 0D, F2, FF, FF, 07, ...] .text C:\Windows\system32\svchost.exe[1620] C:\Windows\system32\kernel32.dll!ReadConsoleW 000000007712a830 12 bytes [48, B8, BC, 0F, F2, FF, FF, ...] .text C:\Windows\system32\svchost.exe[1620] C:\Windows\system32\kernel32.dll!ReadConsoleA 000000007712a940 12 bytes [48, B8, 26, 0F, F2, FF, FF, ...] .text C:\Windows\system32\svchost.exe[1620] C:\Windows\system32\kernel32.dll!MoveFileWithProgressW + 1 000000007714f6e1 11 bytes [B8, B2, 19, F2, FF, FF, 07, ...] .text C:\Windows\system32\svchost.exe[1620] C:\Windows\system32\kernel32.dll!MoveFileWithProgressA + 1 000000007714f8e1 11 bytes [B8, 1C, 19, F2, FF, FF, 07, ...] .text C:\Windows\system32\svchost.exe[1620] C:\Windows\system32\kernel32.dll!MoveFileExA + 1 000000007714f911 8 bytes [B8, F0, 17, F2, FF, FF, 07, ...] .text C:\Windows\system32\svchost.exe[1620] C:\Windows\system32\kernel32.dll!MoveFileExA + 10 000000007714f91a 2 bytes [50, C3] .text C:\Windows\system32\svchost.exe[1620] C:\Windows\system32\KERNELBASE.dll!CloseHandle + 1 000007fefd251861 11 bytes [B8, CE, 0C, F2, FF, FF, 07, ...] .text C:\Windows\system32\svchost.exe[1620] C:\Windows\system32\KERNELBASE.dll!GetProcAddress + 1 000007fefd253371 11 bytes [B8, 6C, 14, F2, FF, FF, 07, ...] .text C:\Windows\system32\svchost.exe[1620] C:\Windows\system32\KERNELBASE.dll!FindClose + 1 000007fefd256401 11 bytes [B8, 8E, 1F, F2, FF, FF, 07, ...] .text C:\Windows\system32\svchost.exe[1620] C:\Windows\system32\KERNELBASE.dll!FindFirstFileExW 000007fefd256620 12 bytes [48, B8, 62, 1E, F2, FF, FF, ...] .text C:\Windows\system32\svchost.exe[1620] C:\Windows\system32\KERNELBASE.dll!FindNextFileW + 1 000007fefd257901 11 bytes [B8, F8, 1E, F2, FF, FF, 07, ...] .text C:\Windows\system32\svchost.exe[1620] C:\Windows\system32\KERNELBASE.dll!CreateMutexW 000007fefd258750 9 bytes [48, B8, 38, 0C, F2, FF, FF, ...] .text C:\Windows\system32\svchost.exe[1620] C:\Windows\system32\KERNELBASE.dll!CreateMutexW + 10 000007fefd25875a 2 bytes [50, C3] .text C:\Windows\system32\svchost.exe[1620] C:\Windows\system32\KERNELBASE.dll!CreateWellKnownSid + 1 000007fefd25a5c1 11 bytes [B8, 24, 20, F2, FF, FF, 07, ...] .text C:\Windows\system32\svchost.exe[1620] C:\Windows\system32\KERNELBASE.dll!FreeLibrary + 1 000007fefd25aa61 11 bytes [B8, D6, 13, F2, FF, FF, 07, ...] .text C:\Windows\system32\svchost.exe[1620] C:\Windows\system32\KERNELBASE.dll!CreateRemoteThreadEx 000007fefd25acb0 12 bytes [48, B8, CC, 1D, F2, FF, FF, ...] .text C:\Windows\system32\svchost.exe[1620] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExA + 1 000007fefd25c751 11 bytes [B8, AA, 12, F2, FF, FF, 07, ...] .text C:\Windows\system32\svchost.exe[1620] C:\Windows\system32\KERNELBASE.dll!OpenThread + 1 000007fefd25ef51 11 bytes [B8, E0, 09, F2, FF, FF, 07, ...] .text C:\Windows\system32\svchost.exe[1620] C:\Windows\system32\KERNELBASE.dll!OpenMutexW + 1 000007fefd261c41 11 bytes [B8, A2, 0B, F2, FF, FF, 07, ...] .text C:\Windows\system32\svchost.exe[1620] C:\Windows\system32\KERNELBASE.dll!DeleteFileW + 1 000007fefd263291 11 bytes [B8, 48, 1A, F2, FF, FF, 07, ...] .text C:\Windows\system32\svchost.exe[1620] C:\Windows\system32\KERNELBASE.dll!DeleteFileA + 1 000007fefd2635a1 11 bytes [B8, DE, 1A, F2, FF, FF, 07, ...] .text C:\Windows\system32\svchost.exe[1620] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd269ac0 12 bytes [48, B8, 40, 13, F2, FF, FF, ...] .text C:\Windows\system32\svchost.exe[1620] C:\Windows\system32\KERNELBASE.dll!WriteProcessMemory 000007fefd2838a0 12 bytes [48, B8, 0C, 0B, F2, FF, FF, ...] .text C:\Windows\system32\svchost.exe[1620] C:\Windows\system32\KERNELBASE.dll!DefineDosDeviceW + 1 000007fefd28ff01 11 bytes [B8, 5A, 17, F2, FF, FF, 07, ...] .text C:\Windows\system32\svchost.exe[1620] C:\Windows\system32\KERNELBASE.dll!CreateRemoteThread + 1 000007fefd2922c1 8 bytes [B8, AC, 01, F2, FF, FF, 07, ...] .text C:\Windows\system32\svchost.exe[1620] C:\Windows\system32\KERNELBASE.dll!CreateRemoteThread + 10 000007fefd2922ca 2 bytes [50, C3] .text C:\Windows\system32\svchost.exe[1620] C:\Windows\system32\KERNELBASE.dll!CreateThread + 1 000007fefd292301 11 bytes [B8, 76, 0A, F2, FF, FF, 07, ...] .text C:\Windows\system32\svchost.exe[1620] C:\Windows\system32\ADVAPI32.dll!CryptExportKey + 1 000007fefeb7ac21 11 bytes [B8, 9E, 2F, F2, FF, FF, 07, ...] .text C:\Windows\system32\svchost.exe[1620] C:\Windows\system32\ADVAPI32.dll!CryptAcquireContextA + 1 000007fefeb7ac7d 11 bytes [B8, C6, 2C, F2, FF, FF, 07, ...] .text C:\Windows\system32\svchost.exe[1620] C:\Windows\system32\ADVAPI32.dll!CryptImportKey + 1 000007fefeb7e415 11 bytes [B8, 4A, 31, F2, FF, FF, 07, ...] .text C:\Windows\system32\svchost.exe[1620] C:\Windows\system32\ADVAPI32.dll!OpenServiceW 000007fefeb7e514 12 bytes [48, B8, 16, 27, F2, FF, FF, ...] .text C:\Windows\system32\svchost.exe[1620] C:\Windows\system32\ADVAPI32.dll!CryptAcquireContextW + 1 000007fefeb801bd 11 bytes [B8, 5C, 2D, F2, FF, FF, 07, ...] .text C:\Windows\system32\svchost.exe[1620] C:\Windows\system32\ADVAPI32.dll!CryptCreateHash + 1 000007fefeb80291 11 bytes [B8, 08, 2F, F2, FF, FF, 07, ...] .text C:\Windows\system32\svchost.exe[1620] C:\Windows\system32\ADVAPI32.dll!CryptGetHashParam + 1 000007fefeb802bd 11 bytes [B8, 34, 30, F2, FF, FF, 07, ...] .text C:\Windows\system32\svchost.exe[1620] C:\Windows\system32\ADVAPI32.dll!CloseServiceHandle 000007fefeb8a830 12 bytes [48, B8, 04, 2B, F2, FF, FF, ...] .text C:\Windows\system32\svchost.exe[1620] C:\Windows\system32\ADVAPI32.dll!IsTextUnicode + 49 000007fefeb94291 2 bytes [B8, D4] .text C:\Windows\system32\svchost.exe[1620] C:\Windows\system32\ADVAPI32.dll!IsTextUnicode + 52 000007fefeb94294 8 bytes [F2, FF, FF, 07, 00, 00, 50, ...] .text C:\Windows\system32\svchost.exe[1620] C:\Windows\system32\ADVAPI32.dll!CreateServiceW 000007fefeb949b0 12 bytes [48, B8, 30, 2C, F2, FF, FF, ...] .text C:\Windows\system32\svchost.exe[1620] C:\Windows\system32\ADVAPI32.dll!CryptEncrypt + 1 000007fefebaa409 7 bytes [B8, 72, 2E, F2, FF, FF, 07] .text C:\Windows\system32\svchost.exe[1620] C:\Windows\system32\ADVAPI32.dll!CryptEncrypt + 10 000007fefebaa412 2 bytes [50, C3] .text C:\Windows\system32\svchost.exe[1620] C:\Windows\system32\ADVAPI32.dll!CreateServiceA 000007fefebaa490 12 bytes [48, B8, 9A, 2B, F2, FF, FF, ...] .text C:\Windows\system32\svchost.exe[1620] C:\Windows\system32\ADVAPI32.dll!ControlServiceExW 000007fefebaa5e8 36 bytes [48, B8, 42, 28, F2, FF, FF, ...] .text C:\Windows\system32\svchost.exe[1620] C:\Windows\system32\ADVAPI32.dll!ChangeServiceConfigA 000007fefebaa66c 12 bytes [48, B8, D8, 29, F2, FF, FF, ...] .text C:\Windows\system32\svchost.exe[1620] C:\Windows\system32\GDI32.dll!GdiDllInitialize + 353 000007feff3caf11 11 bytes [B8, 00, 26, F2, FF, FF, 07, ...] .text C:\Windows\system32\svchost.exe[1620] C:\Windows\system32\GDI32.dll!SetBrushAttributes + 1 000007feff3e49a9 11 bytes [B8, E0, 31, F2, FF, FF, 07, ...] .text C:\Windows\system32\svchost.exe[1620] C:\Windows\system32\GDI32.dll!ClearBrushAttributes + 1 000007feff3e49c9 11 bytes [B8, 76, 32, F2, FF, FF, 07, ...] .text C:\Windows\system32\svchost.exe[1620] C:\Windows\system32\GDI32.dll!NamedEscape + 1 000007feff3f9271 11 bytes [B8, 0C, 33, F2, FF, FF, 07, ...] .text C:\MSI\Smart Utilities\SuperRAIDSvc.exe[4052] C:\Windows\SysWOW64\ntdll.dll!NtReadFile 00000000774df900 5 bytes JMP 000000007ef20942 .text C:\MSI\Smart Utilities\SuperRAIDSvc.exe[4052] C:\Windows\SysWOW64\ntdll.dll!NtWriteFile 00000000774df938 5 bytes JMP 000000007ef20a74 .text C:\MSI\Smart Utilities\SuperRAIDSvc.exe[4052] C:\Windows\SysWOW64\ntdll.dll!NtClose 00000000774df9f0 5 bytes JMP 000000007ef20722 .text C:\MSI\Smart Utilities\SuperRAIDSvc.exe[4052] C:\Windows\SysWOW64\ntdll.dll!NtAllocateVirtualMemory 00000000774dfad0 5 bytes JMP 000000007ef208dc .text C:\MSI\Smart Utilities\SuperRAIDSvc.exe[4052] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationProcess 00000000774dfb38 5 bytes JMP 000000007ef20678 .text C:\MSI\Smart Utilities\SuperRAIDSvc.exe[4052] C:\Windows\SysWOW64\ntdll.dll!NtQueryInformationToken 00000000774dfbb8 5 bytes JMP 000000007ef20a0e .text C:\MSI\Smart Utilities\SuperRAIDSvc.exe[4052] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess 00000000774dfc30 5 bytes JMP 000000007ef20414 .text C:\MSI\Smart Utilities\SuperRAIDSvc.exe[4052] C:\Windows\SysWOW64\ntdll.dll!NtMapViewOfSection 00000000774dfc60 5 bytes JMP 000000007ef20018 .text C:\MSI\Smart Utilities\SuperRAIDSvc.exe[4052] C:\Windows\SysWOW64\ntdll.dll!NtUnmapViewOfSection 00000000774dfc90 5 bytes JMP 000000007ef2003a .text C:\MSI\Smart Utilities\SuperRAIDSvc.exe[4052] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 00000000774dfcc0 5 bytes JMP 000000007ef20656 .text C:\MSI\Smart Utilities\SuperRAIDSvc.exe[4052] C:\Windows\SysWOW64\ntdll.dll!NtOpenSection 00000000774dfdd8 5 bytes JMP 000000007ef20a52 .text C:\MSI\Smart Utilities\SuperRAIDSvc.exe[4052] C:\Windows\SysWOW64\ntdll.dll!NtWriteVirtualMemory 00000000774dfe24 5 bytes JMP 000000007ef203d0 .text C:\MSI\Smart Utilities\SuperRAIDSvc.exe[4052] C:\Windows\SysWOW64\ntdll.dll!NtDuplicateObject 00000000774dfe54 5 bytes JMP 000000007ef20458 .text C:\MSI\Smart Utilities\SuperRAIDSvc.exe[4052] C:\Windows\SysWOW64\ntdll.dll!NtOpenEvent 00000000774dfeb8 5 bytes JMP 000000007ef20898 .text C:\MSI\Smart Utilities\SuperRAIDSvc.exe[4052] C:\Windows\SysWOW64\ntdll.dll!NtAdjustPrivilegesToken 00000000774dfed0 5 bytes JMP 000000007ef20832 .text C:\MSI\Smart Utilities\SuperRAIDSvc.exe[4052] C:\Windows\SysWOW64\ntdll.dll!NtQueueApcThread 00000000774dff34 5 bytes JMP 000000007ef20436 .text C:\MSI\Smart Utilities\SuperRAIDSvc.exe[4052] C:\Windows\SysWOW64\ntdll.dll!NtCreateProcessEx 00000000774dfffc 5 bytes JMP 000000007ef2038c .text C:\MSI\Smart Utilities\SuperRAIDSvc.exe[4052] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread 00000000774e0014 5 bytes JMP 000000007ef20348 .text C:\MSI\Smart Utilities\SuperRAIDSvc.exe[4052] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory 00000000774e0048 5 bytes JMP 000000007ef208fe .text C:\MSI\Smart Utilities\SuperRAIDSvc.exe[4052] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile 00000000774e00c4 2 bytes JMP 000000007ef2014a .text C:\MSI\Smart Utilities\SuperRAIDSvc.exe[4052] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile + 3 00000000774e00c7 2 bytes [A4, 07] .text C:\MSI\Smart Utilities\SuperRAIDSvc.exe[4052] C:\Windows\SysWOW64\ntdll.dll!NtSetValueKey 00000000774e01d4 5 bytes JMP 000000007ef201d2 .text C:\MSI\Smart Utilities\SuperRAIDSvc.exe[4052] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant 00000000774e07ac 5 bytes JMP 000000007ef208ba .text C:\MSI\Smart Utilities\SuperRAIDSvc.exe[4052] C:\Windows\SysWOW64\ntdll.dll!NtCreateProcess 00000000774e0824 5 bytes JMP 000000007ef2036a .text C:\MSI\Smart Utilities\SuperRAIDSvc.exe[4052] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx 00000000774e08b4 5 bytes JMP 000000007ef20326 .text C:\MSI\Smart Utilities\SuperRAIDSvc.exe[4052] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver 00000000774e0e04 5 bytes JMP 000000007ef20744 .text C:\MSI\Smart Utilities\SuperRAIDSvc.exe[4052] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessToken 00000000774e10d0 5 bytes JMP 000000007ef209ec .text C:\MSI\Smart Utilities\SuperRAIDSvc.exe[4052] C:\Windows\SysWOW64\ntdll.dll!NtRaiseHardError 00000000774e1614 5 bytes JMP 000000007ef20612 .text C:\MSI\Smart Utilities\SuperRAIDSvc.exe[4052] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread 00000000774e1930 5 bytes JMP 000000007ef203f2 .text C:\MSI\Smart Utilities\SuperRAIDSvc.exe[4052] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation 00000000774e1bf4 5 bytes JMP 000000007ef20766 .text C:\MSI\Smart Utilities\SuperRAIDSvc.exe[4052] C:\Windows\SysWOW64\ntdll.dll!NtSuspendProcess 00000000774e1d64 5 bytes JMP 000000007ef2049c .text C:\MSI\Smart Utilities\SuperRAIDSvc.exe[4052] C:\Windows\SysWOW64\ntdll.dll!NtSuspendThread 00000000774e1d80 5 bytes JMP 000000007ef2047a .text C:\MSI\Smart Utilities\SuperRAIDSvc.exe[4052] C:\Windows\SysWOW64\ntdll.dll!NtSystemDebugControl 00000000774e1d9c 5 bytes JMP 000000007ef20a96 .text C:\MSI\Smart Utilities\SuperRAIDSvc.exe[4052] C:\Windows\SysWOW64\ntdll.dll!RtlQueryPerformanceCounter 00000000774f2954 5 bytes JMP 000000007ef200e4 .text C:\MSI\Smart Utilities\SuperRAIDSvc.exe[4052] C:\Windows\SysWOW64\ntdll.dll!RtlEqualSid 00000000774f8ee1 5 bytes JMP 000000007ef20a30 .text C:\MSI\Smart Utilities\SuperRAIDSvc.exe[4052] C:\Windows\SysWOW64\ntdll.dll!RtlCreateProcessParametersEx 000000007752005b 5 bytes JMP 000000007ef2018e .text C:\MSI\Smart Utilities\SuperRAIDSvc.exe[4052] C:\Windows\SysWOW64\ntdll.dll!RtlReportException 0000000077568757 5 bytes JMP 000000007ef20634 .text C:\MSI\Smart Utilities\SuperRAIDSvc.exe[4052] C:\Windows\SysWOW64\ntdll.dll!RtlCreateProcessParameters 000000007756e9f7 5 bytes JMP 000000007ef2016c .text C:\MSI\Smart Utilities\SuperRAIDSvc.exe[4052] C:\Windows\syswow64\KERNEL32.dll!GetStartupInfoA 0000000076310e00 5 bytes JMP 000000007ef20106 .text C:\MSI\Smart Utilities\SuperRAIDSvc.exe[4052] C:\Windows\syswow64\KERNEL32.dll!CreateProcessA 0000000076311072 5 bytes JMP 000000007ef202e2 .text C:\MSI\Smart Utilities\SuperRAIDSvc.exe[4052] C:\Windows\syswow64\KERNEL32.dll!LoadLibraryA 0000000076314977 5 bytes JMP 000000007ef2025a .text C:\MSI\Smart Utilities\SuperRAIDSvc.exe[4052] C:\Windows\syswow64\KERNEL32.dll!CreateProcessInternalW 0000000076323bbb 5 bytes JMP 000000007ef203ae .text C:\MSI\Smart Utilities\SuperRAIDSvc.exe[4052] C:\Windows\syswow64\KERNEL32.dll!MoveFileWithProgressW 0000000076329abc 5 bytes JMP 000000007ef20810 .text C:\MSI\Smart Utilities\SuperRAIDSvc.exe[4052] C:\Windows\syswow64\KERNEL32.dll!MoveFileExW 0000000076329b1d 5 bytes JMP 000000007ef207cc .text C:\MSI\Smart Utilities\SuperRAIDSvc.exe[4052] C:\Windows\syswow64\KERNEL32.dll!CreateToolhelp32Snapshot 000000007633733f 5 bytes JMP 000000007ef2027c .text C:\MSI\Smart Utilities\SuperRAIDSvc.exe[4052] C:\Windows\syswow64\KERNEL32.dll!Process32NextW 00000000763388f2 5 bytes JMP 000000007ef20700 .text C:\MSI\Smart Utilities\SuperRAIDSvc.exe[4052] C:\Windows\syswow64\KERNEL32.dll!MoveFileExA 000000007633ccf1 5 bytes JMP 000000007ef207aa .text C:\MSI\Smart Utilities\SuperRAIDSvc.exe[4052] C:\Windows\syswow64\KERNEL32.dll!MoveFileWithProgressA 000000007633cd11 5 bytes JMP 000000007ef207ee .text C:\MSI\Smart Utilities\SuperRAIDSvc.exe[4052] C:\Windows\syswow64\KERNEL32.dll!WinExec 0000000076393231 5 bytes JMP 000000007ef202c0 .text C:\MSI\Smart Utilities\SuperRAIDSvc.exe[4052] C:\Windows\syswow64\KERNEL32.dll!ReadConsoleInputA 00000000763b773b 5 bytes JMP 000000007ef2058a .text C:\MSI\Smart Utilities\SuperRAIDSvc.exe[4052] C:\Windows\syswow64\KERNEL32.dll!ReadConsoleInputW 00000000763b775e 5 bytes JMP 000000007ef205ac .text C:\MSI\Smart Utilities\SuperRAIDSvc.exe[4052] C:\Windows\syswow64\KERNEL32.dll!ReadConsoleA 00000000763b7b09 5 bytes JMP 000000007ef205ce .text C:\MSI\Smart Utilities\SuperRAIDSvc.exe[4052] C:\Windows\syswow64\KERNEL32.dll!ReadConsoleW 00000000763b7b82 5 bytes JMP 000000007ef205f0 .text C:\MSI\Smart Utilities\SuperRAIDSvc.exe[4052] C:\Windows\syswow64\KERNELBASE.dll!GetSystemTimeAsFileTime 0000000077078fa5 5 bytes JMP 000000007ef200c2 .text C:\MSI\Smart Utilities\SuperRAIDSvc.exe[4052] C:\Windows\syswow64\KERNELBASE.dll!CloseHandle 000000007707c558 5 bytes JMP 000000007ef20568 .text C:\MSI\Smart Utilities\SuperRAIDSvc.exe[4052] C:\Windows\syswow64\KERNELBASE.dll!WriteProcessMemory 000000007707edc6 5 bytes JMP 000000007ef20502 .text C:\MSI\Smart Utilities\SuperRAIDSvc.exe[4052] C:\Windows\syswow64\KERNELBASE.dll!ExitProcess 000000007707f329 5 bytes JMP 000000007ef201f4 .text C:\MSI\Smart Utilities\SuperRAIDSvc.exe[4052] C:\Windows\syswow64\KERNELBASE.dll!GetStartupInfoW 000000007707fbac 5 bytes JMP 000000007ef20128 .text C:\MSI\Smart Utilities\SuperRAIDSvc.exe[4052] C:\Windows\syswow64\KERNELBASE.dll!DefineDosDeviceW 000000007707fcda 5 bytes JMP 000000007ef20788 .text C:\MSI\Smart Utilities\SuperRAIDSvc.exe[4052] C:\Windows\syswow64\KERNELBASE.dll!CreateMutexW 000000007708147b 5 bytes JMP 000000007ef20546 .text C:\MSI\Smart Utilities\SuperRAIDSvc.exe[4052] C:\Windows\syswow64\KERNELBASE.dll!OpenMutexW 00000000770814a2 5 bytes JMP 000000007ef20524 .text C:\MSI\Smart Utilities\SuperRAIDSvc.exe[4052] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000077081e4c 5 bytes JMP 000000007ef200a0 .text C:\MSI\Smart Utilities\SuperRAIDSvc.exe[4052] C:\Windows\syswow64\KERNELBASE.dll!GetProcAddress 0000000077081f38 5 bytes JMP 000000007ef20238 .text C:\MSI\Smart Utilities\SuperRAIDSvc.exe[4052] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000077082bdc 5 bytes JMP 000000007ef206bc .text C:\MSI\Smart Utilities\SuperRAIDSvc.exe[4052] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExA 0000000077082e40 5 bytes JMP 000000007ef2069a .text C:\MSI\Smart Utilities\SuperRAIDSvc.exe[4052] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000077082e7e 5 bytes JMP 000000007ef206de .text C:\MSI\Smart Utilities\SuperRAIDSvc.exe[4052] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleA 0000000077082fe1 5 bytes JMP 000000007ef2007e .text C:\MSI\Smart Utilities\SuperRAIDSvc.exe[4052] C:\Windows\syswow64\KERNELBASE.dll!OpenThread 000000007708396a 5 bytes JMP 000000007ef204be .text C:\MSI\Smart Utilities\SuperRAIDSvc.exe[4052] C:\Windows\syswow64\KERNELBASE.dll!SleepEx 0000000077083cd7 5 bytes JMP 000000007ef201b0 .text C:\MSI\Smart Utilities\SuperRAIDSvc.exe[4052] C:\Windows\syswow64\KERNELBASE.dll!CreateRemoteThreadEx 0000000077083fdf 5 bytes JMP 000000007ef20920 .text C:\MSI\Smart Utilities\SuperRAIDSvc.exe[4052] C:\Windows\syswow64\KERNELBASE.dll!Sleep 00000000770845fd 5 bytes JMP 000000007ef20216 .text C:\MSI\Smart Utilities\SuperRAIDSvc.exe[4052] C:\Windows\syswow64\KERNELBASE.dll!CreateThread 000000007708476f 5 bytes JMP 000000007ef204e0 .text C:\MSI\Smart Utilities\SuperRAIDSvc.exe[4052] C:\Windows\syswow64\KERNELBASE.dll!CreateRemoteThread 0000000077084798 5 bytes JMP 000000007ef20304 .text C:\MSI\Smart Utilities\SuperRAIDSvc.exe[4052] C:\Windows\syswow64\KERNELBASE.dll!DeleteFileW 0000000077089dcf 5 bytes JMP 000000007ef20854 .text C:\MSI\Smart Utilities\SuperRAIDSvc.exe[4052] C:\Windows\syswow64\KERNELBASE.dll!DeleteFileA 000000007708a11c 5 bytes JMP 000000007ef20876 .text C:\MSI\Smart Utilities\SuperRAIDSvc.exe[4052] C:\Windows\syswow64\KERNELBASE.dll!FindNextFileW 000000007708a37a 5 bytes JMP 000000007ef20986 .text C:\MSI\Smart Utilities\SuperRAIDSvc.exe[4052] C:\Windows\syswow64\KERNELBASE.dll!FindClose 000000007708a589 5 bytes JMP 000000007ef209a8 .text C:\MSI\Smart Utilities\SuperRAIDSvc.exe[4052] C:\Windows\syswow64\KERNELBASE.dll!FindFirstFileExW 000000007708a663 5 bytes JMP 000000007ef20964 .text C:\MSI\Smart Utilities\SuperRAIDSvc.exe[4052] C:\Windows\syswow64\KERNELBASE.dll!CreateFileA 000000007708c8a8 5 bytes JMP 000000007ef2029e .text C:\MSI\Smart Utilities\SuperRAIDSvc.exe[4052] C:\Windows\syswow64\KERNELBASE.dll!CreateWellKnownSid 000000007708e414 5 bytes JMP 000000007ef209ca .text C:\MSI\Smart Utilities\SuperRAIDSvc.exe[4052] C:\Windows\syswow64\ADVAPI32.dll!CryptGenKey 0000000076c28e69 5 bytes JMP 000000007ef20cfa .text C:\MSI\Smart Utilities\SuperRAIDSvc.exe[4052] C:\Windows\syswow64\ADVAPI32.dll!CryptAcquireContextA 0000000076c29159 5 bytes JMP 000000007ef20cb6 .text C:\MSI\Smart Utilities\SuperRAIDSvc.exe[4052] C:\Windows\syswow64\ADVAPI32.dll!CryptExportKey 0000000076c29166 5 bytes JMP 000000007ef20d60 .text C:\MSI\Smart Utilities\SuperRAIDSvc.exe[4052] C:\Windows\syswow64\ADVAPI32.dll!CryptImportKey 0000000076c2c4b2 5 bytes JMP 000000007ef20dc6 .text C:\MSI\Smart Utilities\SuperRAIDSvc.exe[4052] C:\Windows\syswow64\ADVAPI32.dll!OpenServiceW 0000000076c2c9cc 5 bytes JMP 000000007ef20b62 .text C:\MSI\Smart Utilities\SuperRAIDSvc.exe[4052] C:\Windows\syswow64\ADVAPI32.dll!CryptAcquireContextW 0000000076c2de94 5 bytes JMP 000000007ef20cd8 .text C:\MSI\Smart Utilities\SuperRAIDSvc.exe[4052] C:\Windows\syswow64\ADVAPI32.dll!CryptHashData 0000000076c2deb6 5 bytes JMP 000000007ef20da4 .text C:\MSI\Smart Utilities\SuperRAIDSvc.exe[4052] C:\Windows\syswow64\ADVAPI32.dll!CryptCreateHash 0000000076c2dece 5 bytes JMP 000000007ef20d3e .text C:\MSI\Smart Utilities\SuperRAIDSvc.exe[4052] C:\Windows\syswow64\ADVAPI32.dll!CryptGetHashParam 0000000076c2defe 5 bytes JMP 000000007ef20d82 .text C:\MSI\Smart Utilities\SuperRAIDSvc.exe[4052] C:\Windows\syswow64\ADVAPI32.dll!OpenServiceA 0000000076c32b38 5 bytes JMP 000000007ef20b40 .text C:\MSI\Smart Utilities\SuperRAIDSvc.exe[4052] C:\Windows\syswow64\ADVAPI32.dll!CloseServiceHandle 0000000076c335e4 5 bytes JMP 000000007ef20c50 .text C:\MSI\Smart Utilities\SuperRAIDSvc.exe[4052] C:\Windows\syswow64\ADVAPI32.dll!RegOpenKeyExA + 222 0000000076c34939 5 bytes JMP 000000007ef20ab8 .text C:\MSI\Smart Utilities\SuperRAIDSvc.exe[4052] C:\Windows\syswow64\ADVAPI32.dll!CreateServiceW 0000000076c470a4 5 bytes JMP 000000007ef20c94 .text C:\MSI\Smart Utilities\SuperRAIDSvc.exe[4052] C:\Windows\syswow64\ADVAPI32.dll!ControlService 0000000076c470bc 5 bytes JMP 000000007ef20bc8 .text C:\MSI\Smart Utilities\SuperRAIDSvc.exe[4052] C:\Windows\syswow64\ADVAPI32.dll!DeleteService 0000000076c470d4 5 bytes JMP 000000007ef20bea .text C:\MSI\Smart Utilities\SuperRAIDSvc.exe[4052] C:\Windows\syswow64\ADVAPI32.dll!CryptEncrypt 0000000076c4771b 5 bytes JMP 000000007ef20d1c .text C:\MSI\Smart Utilities\SuperRAIDSvc.exe[4052] C:\Windows\syswow64\ADVAPI32.dll!ChangeServiceConfigA 0000000076c633a4 5 bytes JMP 000000007ef20c0c .text C:\MSI\Smart Utilities\SuperRAIDSvc.exe[4052] C:\Windows\syswow64\ADVAPI32.dll!ChangeServiceConfigW 0000000076c633b4 5 bytes JMP 000000007ef20c2e .text C:\MSI\Smart Utilities\SuperRAIDSvc.exe[4052] C:\Windows\syswow64\ADVAPI32.dll!ControlServiceExA 0000000076c633c4 5 bytes JMP 000000007ef20b84 .text C:\MSI\Smart Utilities\SuperRAIDSvc.exe[4052] C:\Windows\syswow64\ADVAPI32.dll!ControlServiceExW 0000000076c633d4 5 bytes JMP 000000007ef20ba6 .text C:\MSI\Smart Utilities\SuperRAIDSvc.exe[4052] C:\Windows\syswow64\ADVAPI32.dll!CreateServiceA 0000000076c63414 5 bytes JMP 000000007ef20c72 .text C:\MSI\Smart Utilities\SuperRAIDSvc.exe[4052] C:\Windows\syswow64\msvcrt.dll!_lock + 41 000000007652a472 5 bytes JMP 000000007ef20ada .text C:\MSI\Smart Utilities\SuperRAIDSvc.exe[4052] C:\Windows\syswow64\msvcrt.dll!__p__fmode 00000000765327ce 5 bytes JMP 000000007ef20b1e .text C:\MSI\Smart Utilities\SuperRAIDSvc.exe[4052] C:\Windows\syswow64\msvcrt.dll!__p__environ 000000007653e6cf 5 bytes JMP 000000007ef20afc .text C:\MSI\Smart Utilities\SuperRAIDSvc.exe[4052] C:\Windows\syswow64\GDI32.dll!TranslateCharsetInfo + 505 0000000076d1633b 5 bytes JMP 000000007ef20de8 .text C:\MSI\Smart Utilities\SuperRAIDSvc.exe[4052] C:\Windows\syswow64\GDI32.dll!SetBrushAttributes 0000000076d385fd 5 bytes JMP 000000007ef211e4 .text C:\MSI\Smart Utilities\SuperRAIDSvc.exe[4052] C:\Windows\syswow64\GDI32.dll!ClearBrushAttributes 0000000076d3861c 5 bytes JMP 000000007ef21206 .text C:\MSI\Smart Utilities\SuperRAIDSvc.exe[4052] C:\Windows\syswow64\GDI32.dll!NamedEscape 0000000076d4421d 5 bytes JMP 000000007ef21228 .text C:\MSI\Smart Utilities\SuperRAIDSvc.exe[4052] C:\Windows\syswow64\USER32.dll!GetWindowLongW 0000000076ef6ffe 5 bytes JMP 000000007ef2113a .text C:\MSI\Smart Utilities\SuperRAIDSvc.exe[4052] C:\Windows\syswow64\USER32.dll!GetMessageW 0000000076ef78e2 5 bytes JMP 000000007ef20eb4 .text C:\MSI\Smart Utilities\SuperRAIDSvc.exe[4052] C:\Windows\syswow64\USER32.dll!GetMessageA 0000000076ef7bd3 5 bytes JMP 000000007ef20e92 .text C:\MSI\Smart Utilities\SuperRAIDSvc.exe[4052] C:\Windows\syswow64\USER32.dll!SetWindowLongW 0000000076ef8332 5 bytes JMP 000000007ef2117e .text C:\MSI\Smart Utilities\SuperRAIDSvc.exe[4052] C:\Windows\syswow64\USER32.dll!CreateWindowExW 0000000076ef8a29 5 bytes JMP 000000007ef20f5e .text C:\MSI\Smart Utilities\SuperRAIDSvc.exe[4052] C:\Windows\syswow64\USER32.dll!FindWindowW 0000000076ef98fd 5 bytes JMP 000000007ef210d4 .text C:\MSI\Smart Utilities\SuperRAIDSvc.exe[4052] C:\Windows\syswow64\USER32.dll!UserClientDllInitialize 0000000076efb6fa 5 bytes JMP 000000007ef20e0a .text C:\MSI\Smart Utilities\SuperRAIDSvc.exe[4052] C:\Windows\syswow64\USER32.dll!GetWindowLongA 0000000076efd166 5 bytes JMP 000000007ef21118 .text C:\MSI\Smart Utilities\SuperRAIDSvc.exe[4052] C:\Windows\syswow64\USER32.dll!CreateWindowExA 0000000076efd23e 5 bytes JMP 000000007ef20f80 .text C:\MSI\Smart Utilities\SuperRAIDSvc.exe[4052] C:\Windows\syswow64\USER32.dll!SetWinEventHook 0000000076efee21 5 bytes JMP 000000007ef20e70 .text C:\MSI\Smart Utilities\SuperRAIDSvc.exe[4052] C:\Windows\syswow64\USER32.dll!FindWindowA 0000000076effffe 5 bytes JMP 000000007ef21090 .text C:\MSI\Smart Utilities\SuperRAIDSvc.exe[4052] C:\Windows\syswow64\USER32.dll!FindWindowExA 0000000076f000f1 5 bytes JMP 000000007ef210b2 .text C:\MSI\Smart Utilities\SuperRAIDSvc.exe[4052] C:\Windows\syswow64\USER32.dll!PeekMessageW 0000000076f005d2 5 bytes JMP 000000007ef20ef8 .text C:\MSI\Smart Utilities\SuperRAIDSvc.exe[4052] C:\Windows\syswow64\USER32.dll!ShowWindow 0000000076f00e13 5 bytes JMP 000000007ef20fa2 .text C:\MSI\Smart Utilities\SuperRAIDSvc.exe[4052] C:\Windows\syswow64\USER32.dll!SetWindowTextW 0000000076f01f14 5 bytes JMP 000000007ef2106e .text C:\MSI\Smart Utilities\SuperRAIDSvc.exe[4052] C:\Windows\syswow64\USER32.dll!UnhookWindowsHookEx 0000000076f0392d 5 bytes JMP 000000007ef20f3c .text C:\MSI\Smart Utilities\SuperRAIDSvc.exe[4052] C:\Windows\syswow64\USER32.dll!FindWindowExW 0000000076f0398a 5 bytes JMP 000000007ef210f6 .text C:\MSI\Smart Utilities\SuperRAIDSvc.exe[4052] C:\Windows\syswow64\USER32.dll!PeekMessageA 0000000076f07044 5 bytes JMP 000000007ef20ed6 .text C:\MSI\Smart Utilities\SuperRAIDSvc.exe[4052] C:\Windows\syswow64\USER32.dll!SetWindowLongA 0000000076f071e0 5 bytes JMP 000000007ef2115c .text C:\MSI\Smart Utilities\SuperRAIDSvc.exe[4052] C:\Windows\syswow64\USER32.dll!CallNextHookEx 0000000076f07355 5 bytes JMP 000000007ef20f1a .text C:\MSI\Smart Utilities\SuperRAIDSvc.exe[4052] C:\Windows\syswow64\USER32.dll!SetWindowsHookExW 0000000076f081f5 5 bytes JMP 000000007ef20e4e .text C:\MSI\Smart Utilities\SuperRAIDSvc.exe[4052] C:\Windows\syswow64\USER32.dll!SendNotifyMessageW 0000000076f0825a 5 bytes JMP 000000007ef211c2 .text C:\MSI\Smart Utilities\SuperRAIDSvc.exe[4052] C:\Windows\syswow64\USER32.dll!SetWindowTextA 0000000076f086de 5 bytes JMP 000000007ef2104c .text C:\MSI\Smart Utilities\SuperRAIDSvc.exe[4052] C:\Windows\syswow64\USER32.dll!SetWindowsHookExA 0000000076f08f4c 5 bytes JMP 000000007ef20e2c .text C:\MSI\Smart Utilities\SuperRAIDSvc.exe[4052] C:\Windows\syswow64\USER32.dll!DialogBoxIndirectParamAorW 0000000076f1d954 5 bytes JMP 000000007ef20fe6 .text C:\MSI\Smart Utilities\SuperRAIDSvc.exe[4052] C:\Windows\syswow64\USER32.dll!CreateDialogIndirectParamAorW 0000000076f21080 5 bytes JMP 000000007ef20fc4 .text C:\MSI\Smart Utilities\SuperRAIDSvc.exe[4052] C:\Windows\syswow64\USER32.dll!MessageBoxExA 0000000076f4fd66 5 bytes JMP 000000007ef21008 .text C:\MSI\Smart Utilities\SuperRAIDSvc.exe[4052] C:\Windows\syswow64\USER32.dll!MessageBoxExW 0000000076f4fd8a 5 bytes JMP 000000007ef2102a .text C:\MSI\Smart Utilities\SuperRAIDSvc.exe[4052] C:\Windows\syswow64\USER32.dll!SendNotifyMessageA 0000000076f56df5 5 bytes JMP 000000007ef211a0 .text C:\MSI\Smart Utilities\SuperRAIDSvc.exe[4052] C:\Windows\syswow64\WS2_32.dll!closesocket 0000000076633918 5 bytes JMP 000000007ef2135a .text C:\MSI\Smart Utilities\SuperRAIDSvc.exe[4052] C:\Windows\syswow64\WS2_32.dll!WSASocketW 0000000076633cd3 5 bytes JMP 000000007ef21338 .text C:\MSI\Smart Utilities\SuperRAIDSvc.exe[4052] C:\Windows\syswow64\WS2_32.dll!socket 0000000076633eb8 5 bytes JMP 000000007ef2137c .text C:\MSI\Smart Utilities\SuperRAIDSvc.exe[4052] C:\Windows\syswow64\WS2_32.dll!WSASend 0000000076634406 5 bytes JMP 000000007ef2128e .text C:\MSI\Smart Utilities\SuperRAIDSvc.exe[4052] C:\Windows\syswow64\WS2_32.dll!GetAddrInfoW 0000000076634889 5 bytes JMP 000000007ef212d2 .text C:\MSI\Smart Utilities\SuperRAIDSvc.exe[4052] C:\Windows\syswow64\WS2_32.dll!recv 0000000076636826 5 bytes JMP 000000007ef213c0 .text C:\MSI\Smart Utilities\SuperRAIDSvc.exe[4052] C:\Windows\syswow64\WS2_32.dll!connect 00000000766368f5 5 bytes JMP 000000007ef212b0 .text C:\MSI\Smart Utilities\SuperRAIDSvc.exe[4052] C:\Windows\syswow64\WS2_32.dll!send 0000000076636c19 5 bytes JMP 000000007ef2126c .text C:\MSI\Smart Utilities\SuperRAIDSvc.exe[4052] C:\Windows\syswow64\WS2_32.dll!WSARecv 0000000076636da1 5 bytes JMP 000000007ef213e2 .text C:\MSI\Smart Utilities\SuperRAIDSvc.exe[4052] C:\Windows\syswow64\WS2_32.dll!GetAddrInfoExW 000000007663a6db 5 bytes JMP 000000007ef212f4 .text C:\MSI\Smart Utilities\SuperRAIDSvc.exe[4052] C:\Windows\syswow64\WS2_32.dll!WSAConnect 000000007663bcd5 5 bytes JMP 000000007ef2139e .text C:\MSI\Smart Utilities\SuperRAIDSvc.exe[4052] C:\Windows\syswow64\WS2_32.dll!gethostbyname 000000007664771b 5 bytes JMP 000000007ef21316 .text C:\MSI\Smart Utilities\SuperRAIDSvc.exe[4052] C:\Windows\syswow64\SHELL32.dll!Shell_NotifyIconW 0000000075370179 5 bytes JMP 000000007ef21426 .text C:\MSI\Smart Utilities\SuperRAIDSvc.exe[4052] C:\Windows\SysWOW64\urlmon.dll!CreateUri + 128 0000000076d92b80 5 bytes JMP 000000007ef21448 .text C:\MSI\Smart Utilities\SuperRAIDSvc.exe[4052] C:\Windows\SysWOW64\urlmon.dll!URLDownloadToCacheFileW 0000000076db95a0 5 bytes JMP 000000007ef214ae .text C:\MSI\Smart Utilities\SuperRAIDSvc.exe[4052] C:\Windows\SysWOW64\urlmon.dll!URLDownloadToFileW 0000000076dc31d0 5 bytes JMP 000000007ef2146a .text C:\MSI\Smart Utilities\SuperRAIDSvc.exe[4052] C:\Windows\SysWOW64\urlmon.dll!URLDownloadToFileA 0000000076e4cd50 5 bytes JMP 000000007ef2148c .text C:\Windows\system32\svchost.exe[2060] C:\Windows\SYSTEM32\ntdll.dll!RtlEqualSid + 1 00000000773076b1 11 bytes [B8, E6, 21, F2, FF, FF, 07, ...] .text C:\Windows\system32\svchost.exe[2060] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateProcessParametersEx + 1 0000000077315121 7 bytes [B8, 64, 0D, F2, FF, FF, 07] .text C:\Windows\system32\svchost.exe[2060] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateProcessParametersEx + 10 000000007731512a 2 bytes [50, C3] .text C:\Windows\system32\svchost.exe[2060] C:\Windows\SYSTEM32\ntdll.dll!NtClose 000000007732be20 12 bytes [48, B8, 98, 15, F2, FF, FF, ...] .text C:\Windows\system32\svchost.exe[2060] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory 000000007732beb0 12 bytes [48, B8, A0, 1C, F2, FF, FF, ...] .text C:\Windows\system32\svchost.exe[2060] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess 000000007732bef0 12 bytes [48, B8, 14, 12, F2, FF, FF, ...] .text C:\Windows\system32\svchost.exe[2060] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationToken 000000007732bf40 12 bytes [48, B8, 50, 21, F2, FF, FF, ...] .text C:\Windows\system32\svchost.exe[2060] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 000000007732bf90 12 bytes [48, B8, 5C, 06, F2, FF, FF, ...] .text C:\Windows\system32\svchost.exe[2060] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 000000007732bfb0 12 bytes [48, B8, 80, 00, F2, FF, FF, ...] .text C:\Windows\system32\svchost.exe[2060] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection 000000007732bfd0 12 bytes [48, B8, 16, 01, F2, FF, FF, ...] .text C:\Windows\system32\svchost.exe[2060] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000000007732bff0 12 bytes [48, B8, 7E, 11, F2, FF, FF, ...] .text C:\Windows\system32\svchost.exe[2060] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 000000007732c0a0 12 bytes [48, B8, 12, 23, F2, FF, FF, ...] .text C:\Windows\system32\svchost.exe[2060] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000000007732c0d0 12 bytes [48, B8, 30, 05, F2, FF, FF, ...] .text C:\Windows\system32\svchost.exe[2060] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 000000007732c0f0 12 bytes [48, B8, 88, 07, F2, FF, FF, ...] .text C:\Windows\system32\svchost.exe[2060] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 000000007732c130 12 bytes [48, B8, 74, 1B, F2, FF, FF, ...] .text C:\Windows\system32\svchost.exe[2060] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 000000007732c180 12 bytes [48, B8, F2, 06, F2, FF, FF, ...] .text C:\Windows\system32\svchost.exe[2060] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcessEx 000000007732c200 12 bytes [48, B8, 04, 04, F2, FF, FF, ...] .text C:\Windows\system32\svchost.exe[2060] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 000000007732c210 12 bytes [48, B8, D8, 02, F2, FF, FF, ...] .text C:\Windows\system32\svchost.exe[2060] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory 000000007732c230 12 bytes [48, B8, 36, 1D, F2, FF, FF, ...] .text C:\Windows\system32\svchost.exe[2060] C:\Windows\SYSTEM32\ntdll.dll!NtSetValueKey 000000007732c330 12 bytes [48, B8, 3E, 24, F2, FF, FF, ...] .text C:\Windows\system32\svchost.exe[2060] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 000000007732c700 12 bytes [48, B8, 0A, 1C, F2, FF, FF, ...] .text C:\Windows\system32\svchost.exe[2060] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcess 000000007732c750 12 bytes [48, B8, 6E, 03, F2, FF, FF, ...] .text C:\Windows\system32\svchost.exe[2060] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 000000007732c7b0 12 bytes [48, B8, 42, 02, F2, FF, FF, ...] .text C:\Windows\system32\svchost.exe[2060] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 000000007732cb20 12 bytes [48, B8, 2E, 16, F2, FF, FF, ...] .text C:\Windows\system32\svchost.exe[2060] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcessToken 000000007732ccf0 12 bytes [48, B8, BA, 20, F2, FF, FF, ...] .text C:\Windows\system32\svchost.exe[2060] C:\Windows\SYSTEM32\ntdll.dll!NtRaiseHardError 000000007732d060 12 bytes [48, B8, 52, 10, F2, FF, FF, ...] .text C:\Windows\system32\svchost.exe[2060] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 000000007732d260 12 bytes [48, B8, C6, 05, F2, FF, FF, ...] .text C:\Windows\system32\svchost.exe[2060] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 000000007732d420 12 bytes [48, B8, C4, 16, F2, FF, FF, ...] .text C:\Windows\system32\svchost.exe[2060] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 000000007732d500 12 bytes [48, B8, 4A, 09, F2, FF, FF, ...] .text C:\Windows\system32\svchost.exe[2060] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 000000007732d510 12 bytes [48, B8, B4, 08, F2, FF, FF, ...] .text C:\Windows\system32\svchost.exe[2060] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 000000007732d520 12 bytes [48, B8, A8, 23, F2, FF, FF, ...] .text C:\Windows\system32\svchost.exe[2060] C:\Windows\SYSTEM32\ntdll.dll!RtlReportException + 1 000000007739e391 11 bytes [B8, E8, 10, F2, FF, FF, 07, ...] .text C:\Windows\system32\svchost.exe[2060] C:\Windows\system32\kernel32.dll!Process32NextW + 1 00000000770c1b21 11 bytes [B8, 02, 15, F2, FF, FF, 07, ...] .text C:\Windows\system32\svchost.exe[2060] C:\Windows\system32\kernel32.dll!CreateToolhelp32Snapshot 00000000770c1c10 12 bytes [48, B8, 1E, 08, F2, FF, FF, ...] .text C:\Windows\system32\svchost.exe[2060] C:\Windows\system32\kernel32.dll!MoveFileExW + 1 00000000770c2b61 8 bytes [B8, 86, 18, F2, FF, FF, 07, ...] .text C:\Windows\system32\svchost.exe[2060] C:\Windows\system32\kernel32.dll!MoveFileExW + 10 00000000770c2b6a 2 bytes [50, C3] .text C:\Windows\system32\svchost.exe[2060] C:\Windows\system32\kernel32.dll!CreateProcessInternalW 00000000770ddd20 12 bytes [48, B8, 9A, 04, F2, FF, FF, ...] .text C:\Windows\system32\svchost.exe[2060] C:\Windows\system32\kernel32.dll!GetStartupInfoA + 1 00000000770e08c1 11 bytes [B8, 7C, 22, F2, FF, FF, 07, ...] .text C:\Windows\system32\svchost.exe[2060] C:\Windows\system32\kernel32.dll!ReadConsoleInputW + 1 00000000771154f1 11 bytes [B8, 90, 0E, F2, FF, FF, 07, ...] .text C:\Windows\system32\svchost.exe[2060] C:\Windows\system32\kernel32.dll!ReadConsoleInputA + 1 0000000077115511 11 bytes [B8, FA, 0D, F2, FF, FF, 07, ...] .text C:\Windows\system32\svchost.exe[2060] C:\Windows\system32\kernel32.dll!ReadConsoleW 000000007712a830 12 bytes [48, B8, BC, 0F, F2, FF, FF, ...] .text C:\Windows\system32\svchost.exe[2060] C:\Windows\system32\kernel32.dll!ReadConsoleA 000000007712a940 12 bytes [48, B8, 26, 0F, F2, FF, FF, ...] .text C:\Windows\system32\svchost.exe[2060] C:\Windows\system32\kernel32.dll!MoveFileWithProgressW + 1 000000007714f6e1 11 bytes [B8, B2, 19, F2, FF, FF, 07, ...] .text C:\Windows\system32\svchost.exe[2060] C:\Windows\system32\kernel32.dll!MoveFileWithProgressA + 1 000000007714f8e1 11 bytes [B8, 1C, 19, F2, FF, FF, 07, ...] .text C:\Windows\system32\svchost.exe[2060] C:\Windows\system32\kernel32.dll!MoveFileExA + 1 000000007714f911 8 bytes [B8, F0, 17, F2, FF, FF, 07, ...] .text C:\Windows\system32\svchost.exe[2060] C:\Windows\system32\kernel32.dll!MoveFileExA + 10 000000007714f91a 2 bytes [50, C3] .text C:\Windows\system32\svchost.exe[2060] C:\Windows\system32\KERNELBASE.dll!CloseHandle + 1 000007fefd251861 11 bytes [B8, CE, 0C, F2, FF, FF, 07, ...] .text C:\Windows\system32\svchost.exe[2060] C:\Windows\system32\KERNELBASE.dll!GetProcAddress + 1 000007fefd253371 11 bytes [B8, 6C, 14, F2, FF, FF, 07, ...] .text C:\Windows\system32\svchost.exe[2060] C:\Windows\system32\KERNELBASE.dll!FindClose + 1 000007fefd256401 11 bytes [B8, 8E, 1F, F2, FF, FF, 07, ...] .text C:\Windows\system32\svchost.exe[2060] C:\Windows\system32\KERNELBASE.dll!FindFirstFileExW 000007fefd256620 12 bytes [48, B8, 62, 1E, F2, FF, FF, ...] .text C:\Windows\system32\svchost.exe[2060] C:\Windows\system32\KERNELBASE.dll!FindNextFileW + 1 000007fefd257901 11 bytes [B8, F8, 1E, F2, FF, FF, 07, ...] .text C:\Windows\system32\svchost.exe[2060] C:\Windows\system32\KERNELBASE.dll!CreateMutexW 000007fefd258750 9 bytes [48, B8, 38, 0C, F2, FF, FF, ...] .text C:\Windows\system32\svchost.exe[2060] C:\Windows\system32\KERNELBASE.dll!CreateMutexW + 10 000007fefd25875a 2 bytes [50, C3] .text C:\Windows\system32\svchost.exe[2060] C:\Windows\system32\KERNELBASE.dll!CreateWellKnownSid + 1 000007fefd25a5c1 11 bytes [B8, 24, 20, F2, FF, FF, 07, ...] .text C:\Windows\system32\svchost.exe[2060] C:\Windows\system32\KERNELBASE.dll!FreeLibrary + 1 000007fefd25aa61 11 bytes [B8, D6, 13, F2, FF, FF, 07, ...] .text C:\Windows\system32\svchost.exe[2060] C:\Windows\system32\KERNELBASE.dll!CreateRemoteThreadEx 000007fefd25acb0 12 bytes [48, B8, CC, 1D, F2, FF, FF, ...] .text C:\Windows\system32\svchost.exe[2060] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExA + 1 000007fefd25c751 11 bytes [B8, AA, 12, F2, FF, FF, 07, ...] .text C:\Windows\system32\svchost.exe[2060] C:\Windows\system32\KERNELBASE.dll!OpenThread + 1 000007fefd25ef51 11 bytes [B8, E0, 09, F2, FF, FF, 07, ...] .text C:\Windows\system32\svchost.exe[2060] C:\Windows\system32\KERNELBASE.dll!OpenMutexW + 1 000007fefd261c41 11 bytes [B8, A2, 0B, F2, FF, FF, 07, ...] .text C:\Windows\system32\svchost.exe[2060] C:\Windows\system32\KERNELBASE.dll!DeleteFileW + 1 000007fefd263291 11 bytes [B8, 48, 1A, F2, FF, FF, 07, ...] .text C:\Windows\system32\svchost.exe[2060] C:\Windows\system32\KERNELBASE.dll!DeleteFileA + 1 000007fefd2635a1 11 bytes [B8, DE, 1A, F2, FF, FF, 07, ...] .text C:\Windows\system32\svchost.exe[2060] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd269ac0 12 bytes [48, B8, 40, 13, F2, FF, FF, ...] .text C:\Windows\system32\svchost.exe[2060] C:\Windows\system32\KERNELBASE.dll!WriteProcessMemory 000007fefd2838a0 12 bytes [48, B8, 0C, 0B, F2, FF, FF, ...] .text C:\Windows\system32\svchost.exe[2060] C:\Windows\system32\KERNELBASE.dll!DefineDosDeviceW + 1 000007fefd28ff01 11 bytes [B8, 5A, 17, F2, FF, FF, 07, ...] .text C:\Windows\system32\svchost.exe[2060] C:\Windows\system32\KERNELBASE.dll!CreateRemoteThread + 1 000007fefd2922c1 8 bytes [B8, AC, 01, F2, FF, FF, 07, ...] .text C:\Windows\system32\svchost.exe[2060] C:\Windows\system32\KERNELBASE.dll!CreateRemoteThread + 10 000007fefd2922ca 2 bytes [50, C3] .text C:\Windows\system32\svchost.exe[2060] C:\Windows\system32\KERNELBASE.dll!CreateThread + 1 000007fefd292301 11 bytes [B8, 76, 0A, F2, FF, FF, 07, ...] .text C:\Windows\system32\svchost.exe[2060] C:\Windows\system32\GDI32.dll!GdiDllInitialize + 353 000007feff3caf11 11 bytes [B8, D4, 24, F2, FF, FF, 07, ...] .text C:\Windows\system32\svchost.exe[2060] C:\Windows\system32\GDI32.dll!SetBrushAttributes + 1 000007feff3e49a9 11 bytes [B8, AA, 38, F2, FF, FF, 07, ...] .text C:\Windows\system32\svchost.exe[2060] C:\Windows\system32\GDI32.dll!ClearBrushAttributes + 1 000007feff3e49c9 11 bytes [B8, 40, 39, F2, FF, FF, 07, ...] .text C:\Windows\system32\svchost.exe[2060] C:\Windows\system32\GDI32.dll!NamedEscape + 1 000007feff3f9271 11 bytes [B8, D6, 39, F2, FF, FF, 07, ...] .text C:\Windows\system32\svchost.exe[2060] C:\Windows\system32\ADVAPI32.dll!CryptExportKey + 1 000007fefeb7ac21 11 bytes [B8, 0A, 44, F2, FF, FF, 07, ...] .text C:\Windows\system32\svchost.exe[2060] C:\Windows\system32\ADVAPI32.dll!CryptAcquireContextA + 1 000007fefeb7ac7d 11 bytes [B8, 32, 41, F2, FF, FF, 07, ...] .text C:\Windows\system32\svchost.exe[2060] C:\Windows\system32\ADVAPI32.dll!CryptImportKey + 1 000007fefeb7e415 11 bytes [B8, B6, 45, F2, FF, FF, 07, ...] .text C:\Windows\system32\svchost.exe[2060] C:\Windows\system32\ADVAPI32.dll!OpenServiceW 000007fefeb7e514 12 bytes [48, B8, 82, 3B, F2, FF, FF, ...] .text C:\Windows\system32\svchost.exe[2060] C:\Windows\system32\ADVAPI32.dll!CryptAcquireContextW + 1 000007fefeb801bd 11 bytes [B8, C8, 41, F2, FF, FF, 07, ...] .text C:\Windows\system32\svchost.exe[2060] C:\Windows\system32\ADVAPI32.dll!CryptCreateHash + 1 000007fefeb80291 11 bytes [B8, 74, 43, F2, FF, FF, 07, ...] .text C:\Windows\system32\svchost.exe[2060] C:\Windows\system32\ADVAPI32.dll!CryptGetHashParam + 1 000007fefeb802bd 11 bytes [B8, A0, 44, F2, FF, FF, 07, ...] .text C:\Windows\system32\svchost.exe[2060] C:\Windows\system32\ADVAPI32.dll!CloseServiceHandle 000007fefeb8a830 12 bytes [48, B8, 70, 3F, F2, FF, FF, ...] .text C:\Windows\system32\svchost.exe[2060] C:\Windows\system32\ADVAPI32.dll!IsTextUnicode + 49 000007fefeb94291 11 bytes [B8, 6C, 3A, F2, FF, FF, 07, ...] .text C:\Windows\system32\svchost.exe[2060] C:\Windows\system32\ADVAPI32.dll!CreateServiceW 000007fefeb949b0 12 bytes [48, B8, 9C, 40, F2, FF, FF, ...] .text C:\Windows\system32\svchost.exe[2060] C:\Windows\system32\ADVAPI32.dll!CryptEncrypt + 1 000007fefebaa409 7 bytes [B8, DE, 42, F2, FF, FF, 07] .text C:\Windows\system32\svchost.exe[2060] C:\Windows\system32\ADVAPI32.dll!CryptEncrypt + 10 000007fefebaa412 2 bytes [50, C3] .text C:\Windows\system32\svchost.exe[2060] C:\Windows\system32\ADVAPI32.dll!CreateServiceA 000007fefebaa490 12 bytes [48, B8, 06, 40, F2, FF, FF, ...] .text C:\Windows\system32\svchost.exe[2060] C:\Windows\system32\ADVAPI32.dll!ControlServiceExW 000007fefebaa5e8 36 bytes [48, B8, AE, 3C, F2, FF, FF, ...] .text C:\Windows\system32\svchost.exe[2060] C:\Windows\system32\ADVAPI32.dll!ChangeServiceConfigA 000007fefebaa66c 12 bytes [48, B8, 44, 3E, F2, FF, FF, ...] .text C:\Program Files\Bitdefender\Bitdefender 2017\updatesrv.exe[3056] C:\Windows\system32\kernel32.dll!UnhandledExceptionFilter + 1 000000007715bab1 11 bytes [B8, F0, 12, 2B, 01, 00, 00, ...] .text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[4396] C:\Windows\SYSTEM32\ntdll.dll!RtlEqualSid + 1 00000000773076b1 11 bytes [B8, 7C, 22, F2, FF, FF, 07, ...] .text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[4396] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateProcessParametersEx + 1 0000000077315121 7 bytes [B8, 64, 0D, F2, FF, FF, 07] .text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[4396] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateProcessParametersEx + 10 000000007731512a 2 bytes [50, C3] .text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[4396] C:\Windows\SYSTEM32\ntdll.dll!NtClose 000000007732be20 12 bytes [48, B8, 98, 15, F2, FF, FF, ...] .text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[4396] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory 000000007732beb0 12 bytes [48, B8, 36, 1D, F2, FF, FF, ...] .text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[4396] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess 000000007732bef0 12 bytes [48, B8, 14, 12, F2, FF, FF, ...] .text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[4396] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationToken 000000007732bf40 12 bytes [48, B8, E6, 21, F2, FF, FF, ...] .text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[4396] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 000000007732bf90 12 bytes [48, B8, 5C, 06, F2, FF, FF, ...] .text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[4396] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 000000007732bfb0 12 bytes [48, B8, 80, 00, F2, FF, FF, ...] .text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[4396] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection 000000007732bfd0 12 bytes [48, B8, 16, 01, F2, FF, FF, ...] .text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[4396] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000000007732bff0 12 bytes [48, B8, 7E, 11, F2, FF, FF, ...] .text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[4396] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 000000007732c0a0 12 bytes [48, B8, A8, 23, F2, FF, FF, ...] .text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[4396] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000000007732c0d0 12 bytes [48, B8, 30, 05, F2, FF, FF, ...] .text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[4396] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 000000007732c0f0 12 bytes [48, B8, 88, 07, F2, FF, FF, ...] .text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[4396] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 000000007732c130 12 bytes [48, B8, 0A, 1C, F2, FF, FF, ...] .text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[4396] C:\Windows\SYSTEM32\ntdll.dll!NtAdjustPrivilegesToken 000000007732c140 12 bytes [48, B8, 48, 1A, F2, FF, FF, ...] .text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[4396] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 000000007732c180 12 bytes [48, B8, F2, 06, F2, FF, FF, ...] .text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[4396] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcessEx 000000007732c200 12 bytes [48, B8, 04, 04, F2, FF, FF, ...] .text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[4396] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 000000007732c210 12 bytes [48, B8, D8, 02, F2, FF, FF, ...] .text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[4396] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory 000000007732c230 12 bytes [48, B8, CC, 1D, F2, FF, FF, ...] .text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[4396] C:\Windows\SYSTEM32\ntdll.dll!NtSetValueKey 000000007732c330 12 bytes [48, B8, D4, 24, F2, FF, FF, ...] .text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[4396] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 000000007732c700 12 bytes [48, B8, A0, 1C, F2, FF, FF, ...] .text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[4396] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcess 000000007732c750 12 bytes [48, B8, 6E, 03, F2, FF, FF, ...] .text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[4396] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 000000007732c7b0 12 bytes [48, B8, 42, 02, F2, FF, FF, ...] .text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[4396] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 000000007732cb20 12 bytes [48, B8, 2E, 16, F2, FF, FF, ...] .text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[4396] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcessToken 000000007732ccf0 12 bytes [48, B8, 50, 21, F2, FF, FF, ...] .text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[4396] C:\Windows\SYSTEM32\ntdll.dll!NtRaiseHardError 000000007732d060 12 bytes [48, B8, 52, 10, F2, FF, FF, ...] .text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[4396] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 000000007732d260 12 bytes [48, B8, C6, 05, F2, FF, FF, ...] .text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[4396] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 000000007732d420 12 bytes [48, B8, C4, 16, F2, FF, FF, ...] .text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[4396] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 000000007732d500 12 bytes [48, B8, 4A, 09, F2, FF, FF, ...] .text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[4396] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 000000007732d510 12 bytes [48, B8, B4, 08, F2, FF, FF, ...] .text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[4396] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 000000007732d520 12 bytes [48, B8, 3E, 24, F2, FF, FF, ...] .text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[4396] C:\Windows\SYSTEM32\ntdll.dll!RtlReportException + 1 000000007739e391 11 bytes [B8, E8, 10, F2, FF, FF, 07, ...] .text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[4396] C:\Windows\system32\KERNEL32.dll!Process32NextW + 1 00000000770c1b21 11 bytes [B8, 02, 15, F2, FF, FF, 07, ...] .text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[4396] C:\Windows\system32\KERNEL32.dll!CreateToolhelp32Snapshot 00000000770c1c10 12 bytes [48, B8, 1E, 08, F2, FF, FF, ...] .text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[4396] C:\Windows\system32\KERNEL32.dll!MoveFileExW + 1 00000000770c2b61 8 bytes [B8, 86, 18, F2, FF, FF, 07, ...] .text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[4396] C:\Windows\system32\KERNEL32.dll!MoveFileExW + 10 00000000770c2b6a 2 bytes [50, C3] .text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[4396] C:\Windows\system32\KERNEL32.dll!CreateProcessInternalW 00000000770ddd20 12 bytes [48, B8, 9A, 04, F2, FF, FF, ...] .text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[4396] C:\Windows\system32\KERNEL32.dll!GetStartupInfoA + 1 00000000770e08c1 11 bytes [B8, 12, 23, F2, FF, FF, 07, ...] .text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[4396] C:\Windows\system32\KERNEL32.dll!ReadConsoleInputW + 1 00000000771154f1 11 bytes [B8, 90, 0E, F2, FF, FF, 07, ...] .text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[4396] C:\Windows\system32\KERNEL32.dll!ReadConsoleInputA + 1 0000000077115511 11 bytes [B8, FA, 0D, F2, FF, FF, 07, ...] .text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[4396] C:\Windows\system32\KERNEL32.dll!ReadConsoleW 000000007712a830 12 bytes [48, B8, BC, 0F, F2, FF, FF, ...] .text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[4396] C:\Windows\system32\KERNEL32.dll!ReadConsoleA 000000007712a940 12 bytes [48, B8, 26, 0F, F2, FF, FF, ...] .text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[4396] C:\Windows\system32\KERNEL32.dll!MoveFileWithProgressW + 1 000000007714f6e1 11 bytes [B8, B2, 19, F2, FF, FF, 07, ...] .text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[4396] C:\Windows\system32\KERNEL32.dll!MoveFileWithProgressA + 1 000000007714f8e1 11 bytes [B8, 1C, 19, F2, FF, FF, 07, ...] .text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[4396] C:\Windows\system32\KERNEL32.dll!MoveFileExA + 1 000000007714f911 8 bytes [B8, F0, 17, F2, FF, FF, 07, ...] .text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[4396] C:\Windows\system32\KERNEL32.dll!MoveFileExA + 10 000000007714f91a 2 bytes [50, C3] .text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[4396] C:\Windows\system32\KERNELBASE.dll!CloseHandle + 1 000007fefd251861 11 bytes [B8, CE, 0C, F2, FF, FF, 07, ...] .text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[4396] C:\Windows\system32\KERNELBASE.dll!GetProcAddress + 1 000007fefd253371 11 bytes [B8, 6C, 14, F2, FF, FF, 07, ...] .text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[4396] C:\Windows\system32\KERNELBASE.dll!FindClose + 1 000007fefd256401 11 bytes [B8, 24, 20, F2, FF, FF, 07, ...] .text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[4396] C:\Windows\system32\KERNELBASE.dll!FindFirstFileExW 000007fefd256620 12 bytes [48, B8, F8, 1E, F2, FF, FF, ...] .text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[4396] C:\Windows\system32\KERNELBASE.dll!FindNextFileW + 1 000007fefd257901 11 bytes [B8, 8E, 1F, F2, FF, FF, 07, ...] .text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[4396] C:\Windows\system32\KERNELBASE.dll!CreateMutexW 000007fefd258750 9 bytes [48, B8, 38, 0C, F2, FF, FF, ...] .text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[4396] C:\Windows\system32\KERNELBASE.dll!CreateMutexW + 10 000007fefd25875a 2 bytes [50, C3] .text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[4396] C:\Windows\system32\KERNELBASE.dll!CreateWellKnownSid + 1 000007fefd25a5c1 11 bytes [B8, BA, 20, F2, FF, FF, 07, ...] .text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[4396] C:\Windows\system32\KERNELBASE.dll!FreeLibrary + 1 000007fefd25aa61 11 bytes [B8, D6, 13, F2, FF, FF, 07, ...] .text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[4396] C:\Windows\system32\KERNELBASE.dll!CreateRemoteThreadEx 000007fefd25acb0 12 bytes [48, B8, 62, 1E, F2, FF, FF, ...] .text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[4396] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExA + 1 000007fefd25c751 11 bytes [B8, AA, 12, F2, FF, FF, 07, ...] .text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[4396] C:\Windows\system32\KERNELBASE.dll!OpenThread + 1 000007fefd25ef51 11 bytes [B8, E0, 09, F2, FF, FF, 07, ...] .text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[4396] C:\Windows\system32\KERNELBASE.dll!OpenMutexW + 1 000007fefd261c41 11 bytes [B8, A2, 0B, F2, FF, FF, 07, ...] .text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[4396] C:\Windows\system32\KERNELBASE.dll!DeleteFileW + 1 000007fefd263291 11 bytes [B8, DE, 1A, F2, FF, FF, 07, ...] .text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[4396] C:\Windows\system32\KERNELBASE.dll!DeleteFileA + 1 000007fefd2635a1 11 bytes [B8, 74, 1B, F2, FF, FF, 07, ...] .text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[4396] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd269ac0 12 bytes [48, B8, 40, 13, F2, FF, FF, ...] .text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[4396] C:\Windows\system32\KERNELBASE.dll!WriteProcessMemory 000007fefd2838a0 12 bytes [48, B8, 0C, 0B, F2, FF, FF, ...] .text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[4396] C:\Windows\system32\KERNELBASE.dll!DefineDosDeviceW + 1 000007fefd28ff01 11 bytes [B8, 5A, 17, F2, FF, FF, 07, ...] .text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[4396] C:\Windows\system32\KERNELBASE.dll!CreateRemoteThread + 1 000007fefd2922c1 8 bytes [B8, AC, 01, F2, FF, FF, 07, ...] .text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[4396] C:\Windows\system32\KERNELBASE.dll!CreateRemoteThread + 10 000007fefd2922ca 2 bytes [50, C3] .text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[4396] C:\Windows\system32\KERNELBASE.dll!CreateThread + 1 000007fefd292301 11 bytes [B8, 76, 0A, F2, FF, FF, 07, ...] .text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[4396] C:\Windows\system32\ADVAPI32.dll!CryptExportKey + 1 000007fefeb7ac21 11 bytes [B8, 08, 2F, F2, FF, FF, 07, ...] .text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[4396] C:\Windows\system32\ADVAPI32.dll!CryptAcquireContextA + 1 000007fefeb7ac7d 11 bytes [B8, 30, 2C, F2, FF, FF, 07, ...] .text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[4396] C:\Windows\system32\ADVAPI32.dll!CryptImportKey + 1 000007fefeb7e415 11 bytes [B8, B4, 30, F2, FF, FF, 07, ...] .text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[4396] C:\Windows\system32\ADVAPI32.dll!OpenServiceW 000007fefeb7e514 12 bytes [48, B8, 80, 26, F2, FF, FF, ...] .text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[4396] C:\Windows\system32\ADVAPI32.dll!CryptAcquireContextW + 1 000007fefeb801bd 11 bytes [B8, C6, 2C, F2, FF, FF, 07, ...] .text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[4396] C:\Windows\system32\ADVAPI32.dll!CryptCreateHash + 1 000007fefeb80291 11 bytes [B8, 72, 2E, F2, FF, FF, 07, ...] .text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[4396] C:\Windows\system32\ADVAPI32.dll!CryptGetHashParam + 1 000007fefeb802bd 11 bytes [B8, 9E, 2F, F2, FF, FF, 07, ...] .text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[4396] C:\Windows\system32\ADVAPI32.dll!CloseServiceHandle 000007fefeb8a830 12 bytes [48, B8, 6E, 2A, F2, FF, FF, ...] .text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[4396] C:\Windows\system32\ADVAPI32.dll!IsTextUnicode + 49 000007fefeb94291 11 bytes [B8, 6A, 25, F2, FF, FF, 07, ...] .text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[4396] C:\Windows\system32\ADVAPI32.dll!CreateServiceW 000007fefeb949b0 12 bytes [48, B8, 9A, 2B, F2, FF, FF, ...] .text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[4396] C:\Windows\system32\ADVAPI32.dll!CryptEncrypt + 1 000007fefebaa409 7 bytes [B8, DC, 2D, F2, FF, FF, 07] .text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[4396] C:\Windows\system32\ADVAPI32.dll!CryptEncrypt + 10 000007fefebaa412 2 bytes [50, C3] .text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[4396] C:\Windows\system32\ADVAPI32.dll!CreateServiceA 000007fefebaa490 12 bytes [48, B8, 04, 2B, F2, FF, FF, ...] .text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[4396] C:\Windows\system32\ADVAPI32.dll!ControlServiceExW 000007fefebaa5e8 36 bytes [48, B8, AC, 27, F2, FF, FF, ...] .text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[4396] C:\Windows\system32\ADVAPI32.dll!ChangeServiceConfigA 000007fefebaa66c 12 bytes [48, B8, 42, 29, F2, FF, FF, ...] .text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[4396] C:\Windows\system32\GDI32.dll!GdiDllInitialize + 353 000007feff3caf11 11 bytes [B8, 4A, 31, F2, FF, FF, 07, ...] .text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[4396] C:\Windows\system32\GDI32.dll!SetBrushAttributes + 1 000007feff3e49a9 11 bytes [B8, 20, 45, F2, FF, FF, 07, ...] .text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[4396] C:\Windows\system32\GDI32.dll!ClearBrushAttributes + 1 000007feff3e49c9 11 bytes [B8, B6, 45, F2, FF, FF, 07, ...] .text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[4396] C:\Windows\system32\GDI32.dll!NamedEscape + 1 000007feff3f9271 11 bytes [B8, 4C, 46, F2, FF, FF, 07, ...] .text C:\Windows\system32\svchost.exe[5504] C:\Windows\SYSTEM32\ntdll.dll!RtlEqualSid + 1 00000000773076b1 11 bytes [B8, E6, 21, F2, FF, FF, 07, ...] .text C:\Windows\system32\svchost.exe[5504] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateProcessParametersEx + 1 0000000077315121 7 bytes [B8, 64, 0D, F2, FF, FF, 07] .text C:\Windows\system32\svchost.exe[5504] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateProcessParametersEx + 10 000000007731512a 2 bytes [50, C3] .text C:\Windows\system32\svchost.exe[5504] C:\Windows\SYSTEM32\ntdll.dll!NtClose 000000007732be20 12 bytes [48, B8, 98, 15, F2, FF, FF, ...] .text C:\Windows\system32\svchost.exe[5504] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory 000000007732beb0 12 bytes [48, B8, A0, 1C, F2, FF, FF, ...] .text C:\Windows\system32\svchost.exe[5504] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess 000000007732bef0 12 bytes [48, B8, 14, 12, F2, FF, FF, ...] .text C:\Windows\system32\svchost.exe[5504] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationToken 000000007732bf40 12 bytes [48, B8, 50, 21, F2, FF, FF, ...] .text C:\Windows\system32\svchost.exe[5504] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 000000007732bf90 12 bytes [48, B8, 5C, 06, F2, FF, FF, ...] .text C:\Windows\system32\svchost.exe[5504] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 000000007732bfb0 12 bytes [48, B8, 80, 00, F2, FF, FF, ...] .text C:\Windows\system32\svchost.exe[5504] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection 000000007732bfd0 12 bytes [48, B8, 16, 01, F2, FF, FF, ...] .text C:\Windows\system32\svchost.exe[5504] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000000007732bff0 12 bytes [48, B8, 7E, 11, F2, FF, FF, ...] .text C:\Windows\system32\svchost.exe[5504] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 000000007732c0a0 12 bytes [48, B8, 12, 23, F2, FF, FF, ...] .text C:\Windows\system32\svchost.exe[5504] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000000007732c0d0 12 bytes [48, B8, 30, 05, F2, FF, FF, ...] .text C:\Windows\system32\svchost.exe[5504] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 000000007732c0f0 12 bytes [48, B8, 88, 07, F2, FF, FF, ...] .text C:\Windows\system32\svchost.exe[5504] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 000000007732c130 12 bytes [48, B8, 74, 1B, F2, FF, FF, ...] .text C:\Windows\system32\svchost.exe[5504] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 000000007732c180 12 bytes [48, B8, F2, 06, F2, FF, FF, ...] .text C:\Windows\system32\svchost.exe[5504] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcessEx 000000007732c200 12 bytes [48, B8, 04, 04, F2, FF, FF, ...] .text C:\Windows\system32\svchost.exe[5504] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 000000007732c210 12 bytes [48, B8, D8, 02, F2, FF, FF, ...] .text C:\Windows\system32\svchost.exe[5504] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory 000000007732c230 12 bytes [48, B8, 36, 1D, F2, FF, FF, ...] .text C:\Windows\system32\svchost.exe[5504] C:\Windows\SYSTEM32\ntdll.dll!NtSetValueKey 000000007732c330 12 bytes [48, B8, 3E, 24, F2, FF, FF, ...] .text C:\Windows\system32\svchost.exe[5504] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 000000007732c700 12 bytes [48, B8, 0A, 1C, F2, FF, FF, ...] .text C:\Windows\system32\svchost.exe[5504] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcess 000000007732c750 12 bytes [48, B8, 6E, 03, F2, FF, FF, ...] .text C:\Windows\system32\svchost.exe[5504] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 000000007732c7b0 12 bytes [48, B8, 42, 02, F2, FF, FF, ...] .text C:\Windows\system32\svchost.exe[5504] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 000000007732cb20 12 bytes [48, B8, 2E, 16, F2, FF, FF, ...] .text C:\Windows\system32\svchost.exe[5504] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcessToken 000000007732ccf0 12 bytes [48, B8, BA, 20, F2, FF, FF, ...] .text C:\Windows\system32\svchost.exe[5504] C:\Windows\SYSTEM32\ntdll.dll!NtRaiseHardError 000000007732d060 12 bytes [48, B8, 52, 10, F2, FF, FF, ...] .text C:\Windows\system32\svchost.exe[5504] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 000000007732d260 12 bytes [48, B8, C6, 05, F2, FF, FF, ...] .text C:\Windows\system32\svchost.exe[5504] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 000000007732d420 12 bytes [48, B8, C4, 16, F2, FF, FF, ...] .text C:\Windows\system32\svchost.exe[5504] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 000000007732d500 12 bytes [48, B8, 4A, 09, F2, FF, FF, ...] .text C:\Windows\system32\svchost.exe[5504] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 000000007732d510 12 bytes [48, B8, B4, 08, F2, FF, FF, ...] .text C:\Windows\system32\svchost.exe[5504] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 000000007732d520 12 bytes [48, B8, A8, 23, F2, FF, FF, ...] .text C:\Windows\system32\svchost.exe[5504] C:\Windows\SYSTEM32\ntdll.dll!RtlReportException + 1 000000007739e391 11 bytes [B8, E8, 10, F2, FF, FF, 07, ...] .text C:\Windows\system32\svchost.exe[5504] C:\Windows\system32\kernel32.dll!Process32NextW + 1 00000000770c1b21 11 bytes [B8, 02, 15, F2, FF, FF, 07, ...] .text C:\Windows\system32\svchost.exe[5504] C:\Windows\system32\kernel32.dll!CreateToolhelp32Snapshot 00000000770c1c10 12 bytes [48, B8, 1E, 08, F2, FF, FF, ...] .text C:\Windows\system32\svchost.exe[5504] C:\Windows\system32\kernel32.dll!MoveFileExW + 1 00000000770c2b61 8 bytes [B8, 86, 18, F2, FF, FF, 07, ...] .text C:\Windows\system32\svchost.exe[5504] C:\Windows\system32\kernel32.dll!MoveFileExW + 10 00000000770c2b6a 2 bytes [50, C3] .text C:\Windows\system32\svchost.exe[5504] C:\Windows\system32\kernel32.dll!CreateProcessInternalW 00000000770ddd20 12 bytes [48, B8, 9A, 04, F2, FF, FF, ...] .text C:\Windows\system32\svchost.exe[5504] C:\Windows\system32\kernel32.dll!GetStartupInfoA + 1 00000000770e08c1 11 bytes [B8, 7C, 22, F2, FF, FF, 07, ...] .text C:\Windows\system32\svchost.exe[5504] C:\Windows\system32\kernel32.dll!ReadConsoleInputW + 1 00000000771154f1 11 bytes [B8, 90, 0E, F2, FF, FF, 07, ...] .text C:\Windows\system32\svchost.exe[5504] C:\Windows\system32\kernel32.dll!ReadConsoleInputA + 1 0000000077115511 11 bytes [B8, FA, 0D, F2, FF, FF, 07, ...] .text C:\Windows\system32\svchost.exe[5504] C:\Windows\system32\kernel32.dll!ReadConsoleW 000000007712a830 12 bytes [48, B8, BC, 0F, F2, FF, FF, ...] .text C:\Windows\system32\svchost.exe[5504] C:\Windows\system32\kernel32.dll!ReadConsoleA 000000007712a940 12 bytes [48, B8, 26, 0F, F2, FF, FF, ...] .text C:\Windows\system32\svchost.exe[5504] C:\Windows\system32\kernel32.dll!MoveFileWithProgressW + 1 000000007714f6e1 11 bytes [B8, B2, 19, F2, FF, FF, 07, ...] .text C:\Windows\system32\svchost.exe[5504] C:\Windows\system32\kernel32.dll!MoveFileWithProgressA + 1 000000007714f8e1 11 bytes [B8, 1C, 19, F2, FF, FF, 07, ...] .text C:\Windows\system32\svchost.exe[5504] C:\Windows\system32\kernel32.dll!MoveFileExA + 1 000000007714f911 8 bytes [B8, F0, 17, F2, FF, FF, 07, ...] .text C:\Windows\system32\svchost.exe[5504] C:\Windows\system32\kernel32.dll!MoveFileExA + 10 000000007714f91a 2 bytes [50, C3] .text C:\Windows\system32\svchost.exe[5504] C:\Windows\system32\KERNELBASE.dll!CloseHandle + 1 000007fefd251861 11 bytes [B8, CE, 0C, F2, FF, FF, 07, ...] .text C:\Windows\system32\svchost.exe[5504] C:\Windows\system32\KERNELBASE.dll!GetProcAddress + 1 000007fefd253371 11 bytes [B8, 6C, 14, F2, FF, FF, 07, ...] .text C:\Windows\system32\svchost.exe[5504] C:\Windows\system32\KERNELBASE.dll!FindClose + 1 000007fefd256401 11 bytes [B8, 8E, 1F, F2, FF, FF, 07, ...] .text C:\Windows\system32\svchost.exe[5504] C:\Windows\system32\KERNELBASE.dll!FindFirstFileExW 000007fefd256620 12 bytes [48, B8, 62, 1E, F2, FF, FF, ...] .text C:\Windows\system32\svchost.exe[5504] C:\Windows\system32\KERNELBASE.dll!FindNextFileW + 1 000007fefd257901 11 bytes [B8, F8, 1E, F2, FF, FF, 07, ...] .text C:\Windows\system32\svchost.exe[5504] C:\Windows\system32\KERNELBASE.dll!CreateMutexW 000007fefd258750 9 bytes [48, B8, 38, 0C, F2, FF, FF, ...] .text C:\Windows\system32\svchost.exe[5504] C:\Windows\system32\KERNELBASE.dll!CreateMutexW + 10 000007fefd25875a 2 bytes [50, C3] .text C:\Windows\system32\svchost.exe[5504] C:\Windows\system32\KERNELBASE.dll!CreateWellKnownSid + 1 000007fefd25a5c1 11 bytes [B8, 24, 20, F2, FF, FF, 07, ...] .text C:\Windows\system32\svchost.exe[5504] C:\Windows\system32\KERNELBASE.dll!FreeLibrary + 1 000007fefd25aa61 11 bytes [B8, D6, 13, F2, FF, FF, 07, ...] .text C:\Windows\system32\svchost.exe[5504] C:\Windows\system32\KERNELBASE.dll!CreateRemoteThreadEx 000007fefd25acb0 12 bytes [48, B8, CC, 1D, F2, FF, FF, ...] .text C:\Windows\system32\svchost.exe[5504] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExA + 1 000007fefd25c751 11 bytes [B8, AA, 12, F2, FF, FF, 07, ...] .text C:\Windows\system32\svchost.exe[5504] C:\Windows\system32\KERNELBASE.dll!OpenThread + 1 000007fefd25ef51 11 bytes [B8, E0, 09, F2, FF, FF, 07, ...] .text C:\Windows\system32\svchost.exe[5504] C:\Windows\system32\KERNELBASE.dll!OpenMutexW + 1 000007fefd261c41 11 bytes [B8, A2, 0B, F2, FF, FF, 07, ...] .text C:\Windows\system32\svchost.exe[5504] C:\Windows\system32\KERNELBASE.dll!DeleteFileW + 1 000007fefd263291 11 bytes [B8, 48, 1A, F2, FF, FF, 07, ...] .text C:\Windows\system32\svchost.exe[5504] C:\Windows\system32\KERNELBASE.dll!DeleteFileA + 1 000007fefd2635a1 11 bytes [B8, DE, 1A, F2, FF, FF, 07, ...] .text C:\Windows\system32\svchost.exe[5504] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd269ac0 12 bytes [48, B8, 40, 13, F2, FF, FF, ...] .text C:\Windows\system32\svchost.exe[5504] C:\Windows\system32\KERNELBASE.dll!WriteProcessMemory 000007fefd2838a0 12 bytes [48, B8, 0C, 0B, F2, FF, FF, ...] .text C:\Windows\system32\svchost.exe[5504] C:\Windows\system32\KERNELBASE.dll!DefineDosDeviceW + 1 000007fefd28ff01 11 bytes [B8, 5A, 17, F2, FF, FF, 07, ...] .text C:\Windows\system32\svchost.exe[5504] C:\Windows\system32\KERNELBASE.dll!CreateRemoteThread + 1 000007fefd2922c1 8 bytes [B8, AC, 01, F2, FF, FF, 07, ...] .text C:\Windows\system32\svchost.exe[5504] C:\Windows\system32\KERNELBASE.dll!CreateRemoteThread + 10 000007fefd2922ca 2 bytes [50, C3] .text C:\Windows\system32\svchost.exe[5504] C:\Windows\system32\KERNELBASE.dll!CreateThread + 1 000007fefd292301 11 bytes [B8, 76, 0A, F2, FF, FF, 07, ...] .text C:\Windows\system32\svchost.exe[5504] C:\Windows\system32\GDI32.dll!GdiDllInitialize + 353 000007feff3caf11 11 bytes [B8, D4, 24, F2, FF, FF, 07, ...] .text C:\Windows\system32\svchost.exe[5504] C:\Windows\system32\GDI32.dll!SetBrushAttributes + 1 000007feff3e49a9 11 bytes [B8, 40, 39, F2, FF, FF, 07, ...] .text C:\Windows\system32\svchost.exe[5504] C:\Windows\system32\GDI32.dll!ClearBrushAttributes + 1 000007feff3e49c9 11 bytes [B8, D6, 39, F2, FF, FF, 07, ...] .text C:\Windows\system32\svchost.exe[5504] C:\Windows\system32\GDI32.dll!NamedEscape + 1 000007feff3f9271 11 bytes [B8, 6C, 3A, F2, FF, FF, 07, ...] .text C:\Windows\system32\svchost.exe[5504] C:\Windows\system32\ADVAPI32.dll!CryptExportKey + 1 000007fefeb7ac21 11 bytes [B8, 0A, 44, F2, FF, FF, 07, ...] .text C:\Windows\system32\svchost.exe[5504] C:\Windows\system32\ADVAPI32.dll!CryptAcquireContextA + 1 000007fefeb7ac7d 11 bytes [B8, 32, 41, F2, FF, FF, 07, ...] .text C:\Windows\system32\svchost.exe[5504] C:\Windows\system32\ADVAPI32.dll!CryptImportKey + 1 000007fefeb7e415 11 bytes [B8, B6, 45, F2, FF, FF, 07, ...] .text C:\Windows\system32\svchost.exe[5504] C:\Windows\system32\ADVAPI32.dll!OpenServiceW 000007fefeb7e514 12 bytes [48, B8, 82, 3B, F2, FF, FF, ...] .text C:\Windows\system32\svchost.exe[5504] C:\Windows\system32\ADVAPI32.dll!CryptAcquireContextW + 1 000007fefeb801bd 11 bytes [B8, C8, 41, F2, FF, FF, 07, ...] .text C:\Windows\system32\svchost.exe[5504] C:\Windows\system32\ADVAPI32.dll!CryptCreateHash + 1 000007fefeb80291 11 bytes [B8, 74, 43, F2, FF, FF, 07, ...] .text C:\Windows\system32\svchost.exe[5504] C:\Windows\system32\ADVAPI32.dll!CryptGetHashParam + 1 000007fefeb802bd 11 bytes [B8, A0, 44, F2, FF, FF, 07, ...] .text C:\Windows\system32\svchost.exe[5504] C:\Windows\system32\ADVAPI32.dll!CloseServiceHandle 000007fefeb8a830 12 bytes [48, B8, 70, 3F, F2, FF, FF, ...] .text C:\Windows\system32\svchost.exe[5504] C:\Windows\system32\ADVAPI32.dll!IsTextUnicode + 49 000007fefeb94291 11 bytes [B8, 00, 26, F2, FF, FF, 07, ...] .text C:\Windows\system32\svchost.exe[5504] C:\Windows\system32\ADVAPI32.dll!CreateServiceW 000007fefeb949b0 12 bytes [48, B8, 9C, 40, F2, FF, FF, ...] .text C:\Windows\system32\svchost.exe[5504] C:\Windows\system32\ADVAPI32.dll!CryptEncrypt + 1 000007fefebaa409 7 bytes [B8, DE, 42, F2, FF, FF, 07] .text C:\Windows\system32\svchost.exe[5504] C:\Windows\system32\ADVAPI32.dll!CryptEncrypt + 10 000007fefebaa412 2 bytes [50, C3] .text C:\Windows\system32\svchost.exe[5504] C:\Windows\system32\ADVAPI32.dll!CreateServiceA 000007fefebaa490 12 bytes [48, B8, 06, 40, F2, FF, FF, ...] .text C:\Windows\system32\svchost.exe[5504] C:\Windows\system32\ADVAPI32.dll!ControlServiceExW 000007fefebaa5e8 36 bytes [48, B8, AE, 3C, F2, FF, FF, ...] .text C:\Windows\system32\svchost.exe[5504] C:\Windows\system32\ADVAPI32.dll!ChangeServiceConfigA 000007fefebaa66c 12 bytes [48, B8, 44, 3E, F2, FF, FF, ...] .text C:\Windows\system32\svchost.exe[5504] C:\Windows\system32\WS2_32.dll!WSASend + 1 000007fefea813b1 11 bytes [B8, FC, 4A, F2, FF, FF, 07, ...] .text C:\Windows\system32\svchost.exe[5504] C:\Windows\system32\WS2_32.dll!closesocket 000007fefea818e0 12 bytes [48, B8, 66, 4A, F2, FF, FF, ...] .text C:\Windows\system32\svchost.exe[5504] C:\Windows\system32\WS2_32.dll!WSASocketW + 1 000007fefea81bd1 11 bytes [B8, D0, 49, F2, FF, FF, 07, ...] .text C:\Windows\system32\svchost.exe[5504] C:\Windows\system32\WS2_32.dll!WSARecv + 1 000007fefea82201 11 bytes [B8, 54, 4D, F2, FF, FF, 07, ...] .text C:\Windows\system32\svchost.exe[5504] C:\Windows\system32\WS2_32.dll!GetAddrInfoW 000007fefea823c0 12 bytes [48, B8, 78, 47, F2, FF, FF, ...] .text C:\Windows\system32\svchost.exe[5504] C:\Windows\system32\WS2_32.dll!connect 000007fefea842f0 12 bytes [48, B8, E2, 46, F2, FF, FF, ...] .text C:\Windows\system32\svchost.exe[5504] C:\Windows\system32\WS2_32.dll!send + 1 000007fefea87cd1 11 bytes [B8, 3A, 49, F2, FF, FF, 07, ...] .text C:\Windows\system32\svchost.exe[5504] C:\Windows\system32\WS2_32.dll!gethostbyname 000007fefea88ac0 8 bytes [48, B8, A4, 48, F2, FF, FF, ...] .text C:\Windows\system32\svchost.exe[5504] C:\Windows\system32\WS2_32.dll!gethostbyname + 9 000007fefea88ac9 3 bytes [00, 50, C3] .text C:\Windows\system32\svchost.exe[5504] C:\Windows\system32\WS2_32.dll!GetAddrInfoExW 000007fefea8be40 12 bytes [48, B8, 0E, 48, F2, FF, FF, ...] .text C:\Windows\system32\svchost.exe[5504] C:\Windows\system32\WS2_32.dll!socket + 1 000007fefea8d911 11 bytes [B8, 92, 4B, F2, FF, FF, 07, ...] .text C:\Windows\system32\svchost.exe[5504] C:\Windows\system32\WS2_32.dll!recv + 1 000007fefea8d9c1 11 bytes [B8, BE, 4C, F2, FF, FF, 07, ...] .text C:\Windows\system32\svchost.exe[5504] C:\Windows\system32\WS2_32.dll!WSAConnect + 1 000007fefeaae081 11 bytes [B8, 28, 4C, F2, FF, FF, 07, ...] .text C:\Windows\system32\svchost.exe[5600] C:\Windows\SYSTEM32\ntdll.dll!RtlEqualSid + 1 00000000773076b1 11 bytes [B8, E6, 21, F2, FF, FF, 07, ...] .text C:\Windows\system32\svchost.exe[5600] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateProcessParametersEx + 1 0000000077315121 7 bytes [B8, 64, 0D, F2, FF, FF, 07] .text C:\Windows\system32\svchost.exe[5600] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateProcessParametersEx + 10 000000007731512a 2 bytes [50, C3] .text C:\Windows\system32\svchost.exe[5600] C:\Windows\SYSTEM32\ntdll.dll!NtClose 000000007732be20 12 bytes [48, B8, 98, 15, F2, FF, FF, ...] .text C:\Windows\system32\svchost.exe[5600] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory 000000007732beb0 12 bytes [48, B8, A0, 1C, F2, FF, FF, ...] .text C:\Windows\system32\svchost.exe[5600] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess 000000007732bef0 12 bytes [48, B8, 14, 12, F2, FF, FF, ...] .text C:\Windows\system32\svchost.exe[5600] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationToken 000000007732bf40 12 bytes [48, B8, 50, 21, F2, FF, FF, ...] .text C:\Windows\system32\svchost.exe[5600] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 000000007732bf90 12 bytes [48, B8, 5C, 06, F2, FF, FF, ...] .text C:\Windows\system32\svchost.exe[5600] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 000000007732bfb0 12 bytes [48, B8, 80, 00, F2, FF, FF, ...] .text C:\Windows\system32\svchost.exe[5600] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection 000000007732bfd0 12 bytes [48, B8, 16, 01, F2, FF, FF, ...] .text C:\Windows\system32\svchost.exe[5600] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000000007732bff0 12 bytes [48, B8, 7E, 11, F2, FF, FF, ...] .text C:\Windows\system32\svchost.exe[5600] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 000000007732c0a0 12 bytes [48, B8, 12, 23, F2, FF, FF, ...] .text C:\Windows\system32\svchost.exe[5600] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000000007732c0d0 12 bytes [48, B8, 30, 05, F2, FF, FF, ...] .text C:\Windows\system32\svchost.exe[5600] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 000000007732c0f0 12 bytes [48, B8, 88, 07, F2, FF, FF, ...] .text C:\Windows\system32\svchost.exe[5600] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 000000007732c130 12 bytes [48, B8, 74, 1B, F2, FF, FF, ...] .text C:\Windows\system32\svchost.exe[5600] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 000000007732c180 12 bytes [48, B8, F2, 06, F2, FF, FF, ...] .text C:\Windows\system32\svchost.exe[5600] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcessEx 000000007732c200 12 bytes [48, B8, 04, 04, F2, FF, FF, ...] .text C:\Windows\system32\svchost.exe[5600] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 000000007732c210 12 bytes [48, B8, D8, 02, F2, FF, FF, ...] .text C:\Windows\system32\svchost.exe[5600] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory 000000007732c230 12 bytes [48, B8, 36, 1D, F2, FF, FF, ...] .text C:\Windows\system32\svchost.exe[5600] C:\Windows\SYSTEM32\ntdll.dll!NtSetValueKey 000000007732c330 12 bytes [48, B8, 3E, 24, F2, FF, FF, ...] .text C:\Windows\system32\svchost.exe[5600] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 000000007732c700 12 bytes [48, B8, 0A, 1C, F2, FF, FF, ...] .text C:\Windows\system32\svchost.exe[5600] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcess 000000007732c750 12 bytes [48, B8, 6E, 03, F2, FF, FF, ...] .text C:\Windows\system32\svchost.exe[5600] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 000000007732c7b0 12 bytes [48, B8, 42, 02, F2, FF, FF, ...] .text C:\Windows\system32\svchost.exe[5600] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 000000007732cb20 12 bytes [48, B8, 2E, 16, F2, FF, FF, ...] .text C:\Windows\system32\svchost.exe[5600] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcessToken 000000007732ccf0 12 bytes [48, B8, BA, 20, F2, FF, FF, ...] .text C:\Windows\system32\svchost.exe[5600] C:\Windows\SYSTEM32\ntdll.dll!NtRaiseHardError 000000007732d060 12 bytes [48, B8, 52, 10, F2, FF, FF, ...] .text C:\Windows\system32\svchost.exe[5600] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 000000007732d260 12 bytes [48, B8, C6, 05, F2, FF, FF, ...] .text C:\Windows\system32\svchost.exe[5600] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 000000007732d420 12 bytes [48, B8, C4, 16, F2, FF, FF, ...] .text C:\Windows\system32\svchost.exe[5600] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 000000007732d500 12 bytes [48, B8, 4A, 09, F2, FF, FF, ...] .text C:\Windows\system32\svchost.exe[5600] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 000000007732d510 12 bytes [48, B8, B4, 08, F2, FF, FF, ...] .text C:\Windows\system32\svchost.exe[5600] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 000000007732d520 12 bytes [48, B8, A8, 23, F2, FF, FF, ...] .text C:\Windows\system32\svchost.exe[5600] C:\Windows\SYSTEM32\ntdll.dll!RtlReportException + 1 000000007739e391 11 bytes [B8, E8, 10, F2, FF, FF, 07, ...] .text C:\Windows\system32\svchost.exe[5600] C:\Windows\system32\kernel32.dll!Process32NextW + 1 00000000770c1b21 11 bytes [B8, 02, 15, F2, FF, FF, 07, ...] .text C:\Windows\system32\svchost.exe[5600] C:\Windows\system32\kernel32.dll!CreateToolhelp32Snapshot 00000000770c1c10 12 bytes [48, B8, 1E, 08, F2, FF, FF, ...] .text C:\Windows\system32\svchost.exe[5600] C:\Windows\system32\kernel32.dll!MoveFileExW + 1 00000000770c2b61 8 bytes [B8, 86, 18, F2, FF, FF, 07, ...] .text C:\Windows\system32\svchost.exe[5600] C:\Windows\system32\kernel32.dll!MoveFileExW + 10 00000000770c2b6a 2 bytes [50, C3] .text C:\Windows\system32\svchost.exe[5600] C:\Windows\system32\kernel32.dll!CreateProcessInternalW 00000000770ddd20 12 bytes [48, B8, 9A, 04, F2, FF, FF, ...] .text C:\Windows\system32\svchost.exe[5600] C:\Windows\system32\kernel32.dll!GetStartupInfoA + 1 00000000770e08c1 11 bytes [B8, 7C, 22, F2, FF, FF, 07, ...] .text C:\Windows\system32\svchost.exe[5600] C:\Windows\system32\kernel32.dll!ReadConsoleInputW + 1 00000000771154f1 11 bytes [B8, 90, 0E, F2, FF, FF, 07, ...] .text C:\Windows\system32\svchost.exe[5600] C:\Windows\system32\kernel32.dll!ReadConsoleInputA + 1 0000000077115511 11 bytes [B8, FA, 0D, F2, FF, FF, 07, ...] .text C:\Windows\system32\svchost.exe[5600] C:\Windows\system32\kernel32.dll!ReadConsoleW 000000007712a830 12 bytes [48, B8, BC, 0F, F2, FF, FF, ...] .text C:\Windows\system32\svchost.exe[5600] C:\Windows\system32\kernel32.dll!ReadConsoleA 000000007712a940 12 bytes [48, B8, 26, 0F, F2, FF, FF, ...] .text C:\Windows\system32\svchost.exe[5600] C:\Windows\system32\kernel32.dll!MoveFileWithProgressW + 1 000000007714f6e1 11 bytes [B8, B2, 19, F2, FF, FF, 07, ...] .text C:\Windows\system32\svchost.exe[5600] C:\Windows\system32\kernel32.dll!MoveFileWithProgressA + 1 000000007714f8e1 11 bytes [B8, 1C, 19, F2, FF, FF, 07, ...] .text C:\Windows\system32\svchost.exe[5600] C:\Windows\system32\kernel32.dll!MoveFileExA + 1 000000007714f911 8 bytes [B8, F0, 17, F2, FF, FF, 07, ...] .text C:\Windows\system32\svchost.exe[5600] C:\Windows\system32\kernel32.dll!MoveFileExA + 10 000000007714f91a 2 bytes [50, C3] .text C:\Windows\system32\svchost.exe[5600] C:\Windows\system32\KERNELBASE.dll!CloseHandle + 1 000007fefd251861 11 bytes [B8, CE, 0C, F2, FF, FF, 07, ...] .text C:\Windows\system32\svchost.exe[5600] C:\Windows\system32\KERNELBASE.dll!GetProcAddress + 1 000007fefd253371 11 bytes [B8, 6C, 14, F2, FF, FF, 07, ...] .text C:\Windows\system32\svchost.exe[5600] C:\Windows\system32\KERNELBASE.dll!FindClose + 1 000007fefd256401 11 bytes [B8, 8E, 1F, F2, FF, FF, 07, ...] .text C:\Windows\system32\svchost.exe[5600] C:\Windows\system32\KERNELBASE.dll!FindFirstFileExW 000007fefd256620 12 bytes [48, B8, 62, 1E, F2, FF, FF, ...] .text C:\Windows\system32\svchost.exe[5600] C:\Windows\system32\KERNELBASE.dll!FindNextFileW + 1 000007fefd257901 11 bytes [B8, F8, 1E, F2, FF, FF, 07, ...] .text C:\Windows\system32\svchost.exe[5600] C:\Windows\system32\KERNELBASE.dll!CreateMutexW 000007fefd258750 9 bytes [48, B8, 38, 0C, F2, FF, FF, ...] .text C:\Windows\system32\svchost.exe[5600] C:\Windows\system32\KERNELBASE.dll!CreateMutexW + 10 000007fefd25875a 2 bytes [50, C3] .text C:\Windows\system32\svchost.exe[5600] C:\Windows\system32\KERNELBASE.dll!CreateWellKnownSid + 1 000007fefd25a5c1 11 bytes [B8, 24, 20, F2, FF, FF, 07, ...] .text C:\Windows\system32\svchost.exe[5600] C:\Windows\system32\KERNELBASE.dll!FreeLibrary + 1 000007fefd25aa61 11 bytes [B8, D6, 13, F2, FF, FF, 07, ...] .text C:\Windows\system32\svchost.exe[5600] C:\Windows\system32\KERNELBASE.dll!CreateRemoteThreadEx 000007fefd25acb0 12 bytes [48, B8, CC, 1D, F2, FF, FF, ...] .text C:\Windows\system32\svchost.exe[5600] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExA + 1 000007fefd25c751 11 bytes [B8, AA, 12, F2, FF, FF, 07, ...] .text C:\Windows\system32\svchost.exe[5600] C:\Windows\system32\KERNELBASE.dll!OpenThread + 1 000007fefd25ef51 11 bytes [B8, E0, 09, F2, FF, FF, 07, ...] .text C:\Windows\system32\svchost.exe[5600] C:\Windows\system32\KERNELBASE.dll!OpenMutexW + 1 000007fefd261c41 11 bytes [B8, A2, 0B, F2, FF, FF, 07, ...] .text C:\Windows\system32\svchost.exe[5600] C:\Windows\system32\KERNELBASE.dll!DeleteFileW + 1 000007fefd263291 11 bytes [B8, 48, 1A, F2, FF, FF, 07, ...] .text C:\Windows\system32\svchost.exe[5600] C:\Windows\system32\KERNELBASE.dll!DeleteFileA + 1 000007fefd2635a1 11 bytes [B8, DE, 1A, F2, FF, FF, 07, ...] .text C:\Windows\system32\svchost.exe[5600] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd269ac0 12 bytes [48, B8, 40, 13, F2, FF, FF, ...] .text C:\Windows\system32\svchost.exe[5600] C:\Windows\system32\KERNELBASE.dll!WriteProcessMemory 000007fefd2838a0 12 bytes [48, B8, 0C, 0B, F2, FF, FF, ...] .text C:\Windows\system32\svchost.exe[5600] C:\Windows\system32\KERNELBASE.dll!DefineDosDeviceW + 1 000007fefd28ff01 11 bytes [B8, 5A, 17, F2, FF, FF, 07, ...] .text C:\Windows\system32\svchost.exe[5600] C:\Windows\system32\KERNELBASE.dll!CreateRemoteThread + 1 000007fefd2922c1 8 bytes [B8, AC, 01, F2, FF, FF, 07, ...] .text C:\Windows\system32\svchost.exe[5600] C:\Windows\system32\KERNELBASE.dll!CreateRemoteThread + 10 000007fefd2922ca 2 bytes [50, C3] .text C:\Windows\system32\svchost.exe[5600] C:\Windows\system32\KERNELBASE.dll!CreateThread + 1 000007fefd292301 11 bytes [B8, 76, 0A, F2, FF, FF, 07, ...] .text C:\Windows\system32\svchost.exe[5600] C:\Windows\system32\ADVAPI32.dll!CryptExportKey + 1 000007fefeb7ac21 11 bytes [B8, 72, 2E, F2, FF, FF, 07, ...] .text C:\Windows\system32\svchost.exe[5600] C:\Windows\system32\ADVAPI32.dll!CryptAcquireContextA + 1 000007fefeb7ac7d 11 bytes [B8, 9A, 2B, F2, FF, FF, 07, ...] .text C:\Windows\system32\svchost.exe[5600] C:\Windows\system32\ADVAPI32.dll!CryptImportKey + 1 000007fefeb7e415 11 bytes [B8, 1E, 30, F2, FF, FF, 07, ...] .text C:\Windows\system32\svchost.exe[5600] C:\Windows\system32\ADVAPI32.dll!OpenServiceW 000007fefeb7e514 12 bytes [48, B8, EA, 25, F2, FF, FF, ...] .text C:\Windows\system32\svchost.exe[5600] C:\Windows\system32\ADVAPI32.dll!CryptAcquireContextW + 1 000007fefeb801bd 11 bytes [B8, 30, 2C, F2, FF, FF, 07, ...] .text C:\Windows\system32\svchost.exe[5600] C:\Windows\system32\ADVAPI32.dll!CryptCreateHash + 1 000007fefeb80291 11 bytes [B8, DC, 2D, F2, FF, FF, 07, ...] .text C:\Windows\system32\svchost.exe[5600] C:\Windows\system32\ADVAPI32.dll!CryptGetHashParam + 1 000007fefeb802bd 11 bytes [B8, 08, 2F, F2, FF, FF, 07, ...] .text C:\Windows\system32\svchost.exe[5600] C:\Windows\system32\ADVAPI32.dll!CloseServiceHandle 000007fefeb8a830 12 bytes [48, B8, D8, 29, F2, FF, FF, ...] .text C:\Windows\system32\svchost.exe[5600] C:\Windows\system32\ADVAPI32.dll!IsTextUnicode + 49 000007fefeb94291 2 bytes [B8, D4] .text C:\Windows\system32\svchost.exe[5600] C:\Windows\system32\ADVAPI32.dll!IsTextUnicode + 52 000007fefeb94294 8 bytes [F2, FF, FF, 07, 00, 00, 50, ...] .text C:\Windows\system32\svchost.exe[5600] C:\Windows\system32\ADVAPI32.dll!CreateServiceW 000007fefeb949b0 12 bytes [48, B8, 04, 2B, F2, FF, FF, ...] .text C:\Windows\system32\svchost.exe[5600] C:\Windows\system32\ADVAPI32.dll!CryptEncrypt + 1 000007fefebaa409 7 bytes [B8, 46, 2D, F2, FF, FF, 07] .text C:\Windows\system32\svchost.exe[5600] C:\Windows\system32\ADVAPI32.dll!CryptEncrypt + 10 000007fefebaa412 2 bytes [50, C3] .text C:\Windows\system32\svchost.exe[5600] C:\Windows\system32\ADVAPI32.dll!CreateServiceA 000007fefebaa490 12 bytes [48, B8, 6E, 2A, F2, FF, FF, ...] .text C:\Windows\system32\svchost.exe[5600] C:\Windows\system32\ADVAPI32.dll!ControlServiceExW 000007fefebaa5e8 36 bytes [48, B8, 16, 27, F2, FF, FF, ...] .text C:\Windows\system32\svchost.exe[5600] C:\Windows\system32\ADVAPI32.dll!ChangeServiceConfigA 000007fefebaa66c 12 bytes [48, B8, AC, 28, F2, FF, FF, ...] .text C:\Windows\system32\svchost.exe[5600] C:\Windows\system32\GDI32.dll!GdiDllInitialize + 353 000007feff3caf11 11 bytes [B8, B4, 30, F2, FF, FF, 07, ...] .text C:\Windows\system32\svchost.exe[5600] C:\Windows\system32\GDI32.dll!SetBrushAttributes + 1 000007feff3e49a9 11 bytes [B8, 8A, 44, F2, FF, FF, 07, ...] .text C:\Windows\system32\svchost.exe[5600] C:\Windows\system32\GDI32.dll!ClearBrushAttributes + 1 000007feff3e49c9 11 bytes [B8, 20, 45, F2, FF, FF, 07, ...] .text C:\Windows\system32\svchost.exe[5600] C:\Windows\system32\GDI32.dll!NamedEscape + 1 000007feff3f9271 11 bytes [B8, B6, 45, F2, FF, FF, 07, ...] .text C:\Windows\system32\svchost.exe[5600] C:\Windows\system32\WS2_32.dll!WSASend + 1 000007fefea813b1 11 bytes [B8, FC, 4A, F2, FF, FF, 07, ...] .text C:\Windows\system32\svchost.exe[5600] C:\Windows\system32\WS2_32.dll!closesocket 000007fefea818e0 12 bytes [48, B8, 66, 4A, F2, FF, FF, ...] .text C:\Windows\system32\svchost.exe[5600] C:\Windows\system32\WS2_32.dll!WSASocketW + 1 000007fefea81bd1 11 bytes [B8, D0, 49, F2, FF, FF, 07, ...] .text C:\Windows\system32\svchost.exe[5600] C:\Windows\system32\WS2_32.dll!WSARecv + 1 000007fefea82201 11 bytes [B8, 54, 4D, F2, FF, FF, 07, ...] .text C:\Windows\system32\svchost.exe[5600] C:\Windows\system32\WS2_32.dll!GetAddrInfoW 000007fefea823c0 12 bytes [48, B8, 78, 47, F2, FF, FF, ...] .text C:\Windows\system32\svchost.exe[5600] C:\Windows\system32\WS2_32.dll!connect 000007fefea842f0 12 bytes [48, B8, E2, 46, F2, FF, FF, ...] .text C:\Windows\system32\svchost.exe[5600] C:\Windows\system32\WS2_32.dll!send + 1 000007fefea87cd1 11 bytes [B8, 3A, 49, F2, FF, FF, 07, ...] .text C:\Windows\system32\svchost.exe[5600] C:\Windows\system32\WS2_32.dll!gethostbyname 000007fefea88ac0 8 bytes [48, B8, A4, 48, F2, FF, FF, ...] .text C:\Windows\system32\svchost.exe[5600] C:\Windows\system32\WS2_32.dll!gethostbyname + 9 000007fefea88ac9 3 bytes [00, 50, C3] .text C:\Windows\system32\svchost.exe[5600] C:\Windows\system32\WS2_32.dll!GetAddrInfoExW 000007fefea8be40 12 bytes [48, B8, 0E, 48, F2, FF, FF, ...] .text C:\Windows\system32\svchost.exe[5600] C:\Windows\system32\WS2_32.dll!socket + 1 000007fefea8d911 11 bytes [B8, 92, 4B, F2, FF, FF, 07, ...] .text C:\Windows\system32\svchost.exe[5600] C:\Windows\system32\WS2_32.dll!recv + 1 000007fefea8d9c1 11 bytes [B8, BE, 4C, F2, FF, FF, 07, ...] .text C:\Windows\system32\svchost.exe[5600] C:\Windows\system32\WS2_32.dll!WSAConnect + 1 000007fefeaae081 11 bytes [B8, 28, 4C, F2, FF, FF, 07, ...] .text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[5992] C:\Windows\SYSTEM32\ntdll.dll!RtlEqualSid + 1 00000000773076b1 11 bytes [B8, 7C, 22, F2, FF, FF, 07, ...] .text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[5992] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateProcessParametersEx + 1 0000000077315121 7 bytes [B8, 64, 0D, F2, FF, FF, 07] .text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[5992] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateProcessParametersEx + 10 000000007731512a 2 bytes [50, C3] .text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[5992] C:\Windows\SYSTEM32\ntdll.dll!NtClose 000000007732be20 12 bytes [48, B8, 98, 15, F2, FF, FF, ...] .text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[5992] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory 000000007732beb0 12 bytes [48, B8, 36, 1D, F2, FF, FF, ...] .text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[5992] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess 000000007732bef0 12 bytes [48, B8, 14, 12, F2, FF, FF, ...] .text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[5992] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationToken 000000007732bf40 12 bytes [48, B8, E6, 21, F2, FF, FF, ...] .text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[5992] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 000000007732bf90 12 bytes [48, B8, 5C, 06, F2, FF, FF, ...] .text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[5992] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 000000007732bfb0 12 bytes [48, B8, 80, 00, F2, FF, FF, ...] .text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[5992] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection 000000007732bfd0 12 bytes [48, B8, 16, 01, F2, FF, FF, ...] .text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[5992] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000000007732bff0 12 bytes [48, B8, 7E, 11, F2, FF, FF, ...] .text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[5992] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 000000007732c0a0 12 bytes [48, B8, A8, 23, F2, FF, FF, ...] .text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[5992] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000000007732c0d0 12 bytes [48, B8, 30, 05, F2, FF, FF, ...] .text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[5992] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 000000007732c0f0 12 bytes [48, B8, 88, 07, F2, FF, FF, ...] .text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[5992] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 000000007732c130 12 bytes [48, B8, 0A, 1C, F2, FF, FF, ...] .text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[5992] C:\Windows\SYSTEM32\ntdll.dll!NtAdjustPrivilegesToken 000000007732c140 12 bytes [48, B8, 48, 1A, F2, FF, FF, ...] .text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[5992] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 000000007732c180 12 bytes [48, B8, F2, 06, F2, FF, FF, ...] .text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[5992] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcessEx 000000007732c200 12 bytes [48, B8, 04, 04, F2, FF, FF, ...] .text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[5992] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 000000007732c210 12 bytes [48, B8, D8, 02, F2, FF, FF, ...] .text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[5992] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory 000000007732c230 12 bytes [48, B8, CC, 1D, F2, FF, FF, ...] .text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[5992] C:\Windows\SYSTEM32\ntdll.dll!NtSetValueKey 000000007732c330 12 bytes [48, B8, D4, 24, F2, FF, FF, ...] .text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[5992] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 000000007732c700 12 bytes [48, B8, A0, 1C, F2, FF, FF, ...] .text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[5992] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcess 000000007732c750 12 bytes [48, B8, 6E, 03, F2, FF, FF, ...] .text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[5992] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 000000007732c7b0 12 bytes [48, B8, 42, 02, F2, FF, FF, ...] .text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[5992] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 000000007732cb20 12 bytes [48, B8, 2E, 16, F2, FF, FF, ...] .text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[5992] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcessToken 000000007732ccf0 12 bytes [48, B8, 50, 21, F2, FF, FF, ...] .text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[5992] C:\Windows\SYSTEM32\ntdll.dll!NtRaiseHardError 000000007732d060 12 bytes [48, B8, 52, 10, F2, FF, FF, ...] .text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[5992] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 000000007732d260 12 bytes [48, B8, C6, 05, F2, FF, FF, ...] .text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[5992] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 000000007732d420 12 bytes [48, B8, C4, 16, F2, FF, FF, ...] .text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[5992] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 000000007732d500 12 bytes [48, B8, 4A, 09, F2, FF, FF, ...] .text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[5992] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 000000007732d510 12 bytes [48, B8, B4, 08, F2, FF, FF, ...] .text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[5992] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 000000007732d520 12 bytes [48, B8, 3E, 24, F2, FF, FF, ...] .text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[5992] C:\Windows\SYSTEM32\ntdll.dll!RtlReportException + 1 000000007739e391 11 bytes [B8, E8, 10, F2, FF, FF, 07, ...] .text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[5992] C:\Windows\system32\kernel32.dll!Process32NextW + 1 00000000770c1b21 11 bytes [B8, 02, 15, F2, FF, FF, 07, ...] .text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[5992] C:\Windows\system32\kernel32.dll!CreateToolhelp32Snapshot 00000000770c1c10 12 bytes [48, B8, 1E, 08, F2, FF, FF, ...] .text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[5992] C:\Windows\system32\kernel32.dll!MoveFileExW + 1 00000000770c2b61 8 bytes [B8, 86, 18, F2, FF, FF, 07, ...] .text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[5992] C:\Windows\system32\kernel32.dll!MoveFileExW + 10 00000000770c2b6a 2 bytes [50, C3] .text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[5992] C:\Windows\system32\kernel32.dll!CreateProcessInternalW 00000000770ddd20 12 bytes [48, B8, 9A, 04, F2, FF, FF, ...] .text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[5992] C:\Windows\system32\kernel32.dll!GetStartupInfoA + 1 00000000770e08c1 11 bytes [B8, 12, 23, F2, FF, FF, 07, ...] .text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[5992] C:\Windows\system32\kernel32.dll!ReadConsoleInputW + 1 00000000771154f1 11 bytes [B8, 90, 0E, F2, FF, FF, 07, ...] .text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[5992] C:\Windows\system32\kernel32.dll!ReadConsoleInputA + 1 0000000077115511 11 bytes [B8, FA, 0D, F2, FF, FF, 07, ...] .text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[5992] C:\Windows\system32\kernel32.dll!ReadConsoleW 000000007712a830 12 bytes [48, B8, BC, 0F, F2, FF, FF, ...] .text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[5992] C:\Windows\system32\kernel32.dll!ReadConsoleA 000000007712a940 12 bytes [48, B8, 26, 0F, F2, FF, FF, ...] .text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[5992] C:\Windows\system32\kernel32.dll!MoveFileWithProgressW + 1 000000007714f6e1 11 bytes [B8, B2, 19, F2, FF, FF, 07, ...] .text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[5992] C:\Windows\system32\kernel32.dll!MoveFileWithProgressA + 1 000000007714f8e1 11 bytes [B8, 1C, 19, F2, FF, FF, 07, ...] .text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[5992] C:\Windows\system32\kernel32.dll!MoveFileExA + 1 000000007714f911 8 bytes [B8, F0, 17, F2, FF, FF, 07, ...] .text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[5992] C:\Windows\system32\kernel32.dll!MoveFileExA + 10 000000007714f91a 2 bytes [50, C3] .text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[5992] C:\Windows\system32\KERNELBASE.dll!CloseHandle + 1 000007fefd251861 11 bytes [B8, CE, 0C, F2, FF, FF, 07, ...] .text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[5992] C:\Windows\system32\KERNELBASE.dll!GetProcAddress + 1 000007fefd253371 11 bytes [B8, 6C, 14, F2, FF, FF, 07, ...] .text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[5992] C:\Windows\system32\KERNELBASE.dll!FindClose + 1 000007fefd256401 11 bytes [B8, 24, 20, F2, FF, FF, 07, ...] .text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[5992] C:\Windows\system32\KERNELBASE.dll!FindFirstFileExW 000007fefd256620 12 bytes [48, B8, F8, 1E, F2, FF, FF, ...] .text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[5992] C:\Windows\system32\KERNELBASE.dll!FindNextFileW + 1 000007fefd257901 11 bytes [B8, 8E, 1F, F2, FF, FF, 07, ...] .text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[5992] C:\Windows\system32\KERNELBASE.dll!CreateMutexW 000007fefd258750 9 bytes [48, B8, 38, 0C, F2, FF, FF, ...] .text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[5992] C:\Windows\system32\KERNELBASE.dll!CreateMutexW + 10 000007fefd25875a 2 bytes [50, C3] .text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[5992] C:\Windows\system32\KERNELBASE.dll!CreateWellKnownSid + 1 000007fefd25a5c1 11 bytes [B8, BA, 20, F2, FF, FF, 07, ...] .text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[5992] C:\Windows\system32\KERNELBASE.dll!FreeLibrary + 1 000007fefd25aa61 11 bytes [B8, D6, 13, F2, FF, FF, 07, ...] .text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[5992] C:\Windows\system32\KERNELBASE.dll!CreateRemoteThreadEx 000007fefd25acb0 12 bytes [48, B8, 62, 1E, F2, FF, FF, ...] .text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[5992] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExA + 1 000007fefd25c751 11 bytes [B8, AA, 12, F2, FF, FF, 07, ...] .text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[5992] C:\Windows\system32\KERNELBASE.dll!OpenThread + 1 000007fefd25ef51 11 bytes [B8, E0, 09, F2, FF, FF, 07, ...] .text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[5992] C:\Windows\system32\KERNELBASE.dll!OpenMutexW + 1 000007fefd261c41 11 bytes [B8, A2, 0B, F2, FF, FF, 07, ...] .text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[5992] C:\Windows\system32\KERNELBASE.dll!DeleteFileW + 1 000007fefd263291 11 bytes [B8, DE, 1A, F2, FF, FF, 07, ...] .text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[5992] C:\Windows\system32\KERNELBASE.dll!DeleteFileA + 1 000007fefd2635a1 11 bytes [B8, 74, 1B, F2, FF, FF, 07, ...] .text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[5992] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd269ac0 12 bytes [48, B8, 40, 13, F2, FF, FF, ...] .text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[5992] C:\Windows\system32\KERNELBASE.dll!WriteProcessMemory 000007fefd2838a0 12 bytes [48, B8, 0C, 0B, F2, FF, FF, ...] .text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[5992] C:\Windows\system32\KERNELBASE.dll!DefineDosDeviceW + 1 000007fefd28ff01 11 bytes [B8, 5A, 17, F2, FF, FF, 07, ...] .text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[5992] C:\Windows\system32\KERNELBASE.dll!CreateRemoteThread + 1 000007fefd2922c1 8 bytes [B8, AC, 01, F2, FF, FF, 07, ...] .text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[5992] C:\Windows\system32\KERNELBASE.dll!CreateRemoteThread + 10 000007fefd2922ca 2 bytes [50, C3] .text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[5992] C:\Windows\system32\KERNELBASE.dll!CreateThread + 1 000007fefd292301 11 bytes [B8, 76, 0A, F2, FF, FF, 07, ...] .text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[5992] C:\Windows\system32\GDI32.dll!GdiDllInitialize + 353 000007feff3caf11 11 bytes [B8, 6A, 25, F2, FF, FF, 07, ...] .text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[5992] C:\Windows\system32\GDI32.dll!SetBrushAttributes + 1 000007feff3e49a9 11 bytes [B8, 6C, 3A, F2, FF, FF, 07, ...] .text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[5992] C:\Windows\system32\GDI32.dll!ClearBrushAttributes + 1 000007feff3e49c9 11 bytes [B8, 02, 3B, F2, FF, FF, 07, ...] .text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[5992] C:\Windows\system32\GDI32.dll!NamedEscape + 1 000007feff3f9271 11 bytes [B8, 98, 3B, F2, FF, FF, 07, ...] .text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[5992] C:\Windows\system32\ADVAPI32.dll!CryptExportKey + 1 000007fefeb7ac21 11 bytes [B8, 36, 45, F2, FF, FF, 07, ...] .text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[5992] C:\Windows\system32\ADVAPI32.dll!CryptAcquireContextA + 1 000007fefeb7ac7d 11 bytes [B8, 5E, 42, F2, FF, FF, 07, ...] .text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[5992] C:\Windows\system32\ADVAPI32.dll!CryptImportKey + 1 000007fefeb7e415 11 bytes [B8, E2, 46, F2, FF, FF, 07, ...] .text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[5992] C:\Windows\system32\ADVAPI32.dll!OpenServiceW 000007fefeb7e514 12 bytes [48, B8, AE, 3C, F2, FF, FF, ...] .text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[5992] C:\Windows\system32\ADVAPI32.dll!CryptAcquireContextW + 1 000007fefeb801bd 11 bytes [B8, F4, 42, F2, FF, FF, 07, ...] .text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[5992] C:\Windows\system32\ADVAPI32.dll!CryptCreateHash + 1 000007fefeb80291 11 bytes [B8, A0, 44, F2, FF, FF, 07, ...] .text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[5992] C:\Windows\system32\ADVAPI32.dll!CryptGetHashParam + 1 000007fefeb802bd 11 bytes [B8, CC, 45, F2, FF, FF, 07, ...] .text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[5992] C:\Windows\system32\ADVAPI32.dll!CloseServiceHandle 000007fefeb8a830 12 bytes [48, B8, 9C, 40, F2, FF, FF, ...] .text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[5992] C:\Windows\system32\ADVAPI32.dll!IsTextUnicode + 49 000007fefeb94291 11 bytes [B8, 96, 26, F2, FF, FF, 07, ...] .text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[5992] C:\Windows\system32\ADVAPI32.dll!CreateServiceW 000007fefeb949b0 12 bytes [48, B8, C8, 41, F2, FF, FF, ...] .text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[5992] C:\Windows\system32\ADVAPI32.dll!CryptEncrypt + 1 000007fefebaa409 7 bytes [B8, 0A, 44, F2, FF, FF, 07] .text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[5992] C:\Windows\system32\ADVAPI32.dll!CryptEncrypt + 10 000007fefebaa412 2 bytes [50, C3] .text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[5992] C:\Windows\system32\ADVAPI32.dll!CreateServiceA 000007fefebaa490 12 bytes [48, B8, 32, 41, F2, FF, FF, ...] .text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[5992] C:\Windows\system32\ADVAPI32.dll!ControlServiceExW 000007fefebaa5e8 36 bytes [48, B8, DA, 3D, F2, FF, FF, ...] .text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[5992] C:\Windows\system32\ADVAPI32.dll!ChangeServiceConfigA 000007fefebaa66c 12 bytes [48, B8, 70, 3F, F2, FF, FF, ...] .text C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTsysTray8.exe[5512] C:\Windows\SysWOW64\ntdll.dll!NtClose 00000000774df9f0 5 bytes JMP 000000007ef20700 .text C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTsysTray8.exe[5512] C:\Windows\SysWOW64\ntdll.dll!NtAllocateVirtualMemory 00000000774dfad0 5 bytes JMP 000000007ef208ba .text C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTsysTray8.exe[5512] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationProcess 00000000774dfb38 1 byte JMP 000000007ef20656 .text C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTsysTray8.exe[5512] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationProcess + 2 00000000774dfb3a 3 bytes {JMP 0x7a40b1e} .text C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTsysTray8.exe[5512] C:\Windows\SysWOW64\ntdll.dll!NtQueryInformationToken 00000000774dfbb8 5 bytes JMP 000000007ef209ca .text C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTsysTray8.exe[5512] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess 00000000774dfc30 5 bytes JMP 000000007ef203f2 .text C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTsysTray8.exe[5512] C:\Windows\SysWOW64\ntdll.dll!NtMapViewOfSection 00000000774dfc60 5 bytes JMP 000000007ef20018 .text C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTsysTray8.exe[5512] C:\Windows\SysWOW64\ntdll.dll!NtUnmapViewOfSection 00000000774dfc90 5 bytes JMP 000000007ef2003a .text C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTsysTray8.exe[5512] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 00000000774dfcc0 5 bytes JMP 000000007ef20634 .text C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTsysTray8.exe[5512] C:\Windows\SysWOW64\ntdll.dll!NtOpenSection 00000000774dfdd8 5 bytes JMP 000000007ef20a0e .text C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTsysTray8.exe[5512] C:\Windows\SysWOW64\ntdll.dll!NtWriteVirtualMemory 00000000774dfe24 5 bytes JMP 000000007ef203ae .text C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTsysTray8.exe[5512] C:\Windows\SysWOW64\ntdll.dll!NtDuplicateObject 00000000774dfe54 5 bytes JMP 000000007ef20436 .text C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTsysTray8.exe[5512] C:\Windows\SysWOW64\ntdll.dll!NtOpenEvent 00000000774dfeb8 5 bytes JMP 000000007ef20876 .text C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTsysTray8.exe[5512] C:\Windows\SysWOW64\ntdll.dll!NtAdjustPrivilegesToken 00000000774dfed0 5 bytes JMP 000000007ef20810 .text C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTsysTray8.exe[5512] C:\Windows\SysWOW64\ntdll.dll!NtQueueApcThread 00000000774dff34 5 bytes JMP 000000007ef20414 .text C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTsysTray8.exe[5512] C:\Windows\SysWOW64\ntdll.dll!NtCreateProcessEx 00000000774dfffc 5 bytes JMP 000000007ef2036a .text C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTsysTray8.exe[5512] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread 00000000774e0014 5 bytes JMP 000000007ef20326 .text C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTsysTray8.exe[5512] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory 00000000774e0048 5 bytes JMP 000000007ef208dc .text C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTsysTray8.exe[5512] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile 00000000774e00c4 2 bytes JMP 000000007ef20128 .text C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTsysTray8.exe[5512] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile + 3 00000000774e00c7 2 bytes [A4, 07] .text C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTsysTray8.exe[5512] C:\Windows\SysWOW64\ntdll.dll!NtSetValueKey 00000000774e01d4 5 bytes JMP 000000007ef201b0 .text C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTsysTray8.exe[5512] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant 00000000774e07ac 2 bytes JMP 000000007ef20898 .text C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTsysTray8.exe[5512] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant + 3 00000000774e07af 2 bytes [A4, 07] .text C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTsysTray8.exe[5512] C:\Windows\SysWOW64\ntdll.dll!NtCreateProcess 00000000774e0824 5 bytes JMP 000000007ef20348 .text C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTsysTray8.exe[5512] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx 00000000774e08b4 5 bytes JMP 000000007ef20304 .text C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTsysTray8.exe[5512] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver 00000000774e0e04 5 bytes JMP 000000007ef20722 .text C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTsysTray8.exe[5512] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessToken 00000000774e10d0 5 bytes JMP 000000007ef209a8 .text C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTsysTray8.exe[5512] C:\Windows\SysWOW64\ntdll.dll!NtRaiseHardError 00000000774e1614 5 bytes JMP 000000007ef205f0 .text C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTsysTray8.exe[5512] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread 00000000774e1930 5 bytes JMP 000000007ef203d0 .text C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTsysTray8.exe[5512] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation 00000000774e1bf4 5 bytes JMP 000000007ef20744 .text C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTsysTray8.exe[5512] C:\Windows\SysWOW64\ntdll.dll!NtSuspendProcess 00000000774e1d64 5 bytes JMP 000000007ef2047a .text C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTsysTray8.exe[5512] C:\Windows\SysWOW64\ntdll.dll!NtSuspendThread 00000000774e1d80 5 bytes JMP 000000007ef20458 .text C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTsysTray8.exe[5512] C:\Windows\SysWOW64\ntdll.dll!NtSystemDebugControl 00000000774e1d9c 5 bytes JMP 000000007ef20a30 .text C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTsysTray8.exe[5512] C:\Windows\SysWOW64\ntdll.dll!RtlQueryPerformanceCounter 00000000774f2954 5 bytes JMP 000000007ef200c2 .text C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTsysTray8.exe[5512] C:\Windows\SysWOW64\ntdll.dll!RtlEqualSid 00000000774f8ee1 5 bytes JMP 000000007ef209ec .text C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTsysTray8.exe[5512] C:\Windows\SysWOW64\ntdll.dll!RtlCreateProcessParametersEx 000000007752005b 5 bytes JMP 000000007ef2016c .text C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTsysTray8.exe[5512] C:\Windows\SysWOW64\ntdll.dll!RtlReportException 0000000077568757 5 bytes JMP 000000007ef20612 .text C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTsysTray8.exe[5512] C:\Windows\SysWOW64\ntdll.dll!RtlCreateProcessParameters 000000007756e9f7 5 bytes JMP 000000007ef2014a .text C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTsysTray8.exe[5512] C:\Windows\syswow64\kernel32.dll!GetStartupInfoA 0000000076310e00 5 bytes JMP 000000007ef200e4 .text C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTsysTray8.exe[5512] C:\Windows\syswow64\kernel32.dll!CreateProcessA 0000000076311072 5 bytes JMP 000000007ef202c0 .text C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTsysTray8.exe[5512] C:\Windows\syswow64\kernel32.dll!LoadLibraryA 0000000076314977 5 bytes JMP 000000007ef20238 .text C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTsysTray8.exe[5512] C:\Windows\syswow64\kernel32.dll!CreateProcessInternalW 0000000076323bbb 5 bytes JMP 000000007ef2038c .text C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTsysTray8.exe[5512] C:\Windows\syswow64\kernel32.dll!MoveFileWithProgressW 0000000076329abc 5 bytes JMP 000000007ef207ee .text C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTsysTray8.exe[5512] C:\Windows\syswow64\kernel32.dll!MoveFileExW 0000000076329b1d 5 bytes JMP 000000007ef207aa .text C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTsysTray8.exe[5512] C:\Windows\syswow64\kernel32.dll!CreateToolhelp32Snapshot 000000007633733f 5 bytes JMP 000000007ef2025a .text C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTsysTray8.exe[5512] C:\Windows\syswow64\kernel32.dll!Process32NextW 00000000763388f2 5 bytes JMP 000000007ef206de .text C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTsysTray8.exe[5512] C:\Windows\syswow64\kernel32.dll!MoveFileExA 000000007633ccf1 5 bytes JMP 000000007ef20788 .text C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTsysTray8.exe[5512] C:\Windows\syswow64\kernel32.dll!MoveFileWithProgressA 000000007633cd11 5 bytes JMP 000000007ef207cc .text C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTsysTray8.exe[5512] C:\Windows\syswow64\kernel32.dll!WinExec 0000000076393231 5 bytes JMP 000000007ef2029e .text C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTsysTray8.exe[5512] C:\Windows\syswow64\kernel32.dll!ReadConsoleInputA 00000000763b773b 5 bytes JMP 000000007ef20568 .text C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTsysTray8.exe[5512] C:\Windows\syswow64\kernel32.dll!ReadConsoleInputW 00000000763b775e 5 bytes JMP 000000007ef2058a .text C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTsysTray8.exe[5512] C:\Windows\syswow64\kernel32.dll!ReadConsoleA 00000000763b7b09 5 bytes JMP 000000007ef205ac .text C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTsysTray8.exe[5512] C:\Windows\syswow64\kernel32.dll!ReadConsoleW 00000000763b7b82 5 bytes JMP 000000007ef205ce .text C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTsysTray8.exe[5512] C:\Windows\syswow64\KERNELBASE.dll!GetSystemTimeAsFileTime 0000000077078fa5 5 bytes JMP 000000007ef200a0 .text C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTsysTray8.exe[5512] C:\Windows\syswow64\KERNELBASE.dll!CloseHandle 000000007707c558 5 bytes JMP 000000007ef20546 .text C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTsysTray8.exe[5512] C:\Windows\syswow64\KERNELBASE.dll!WriteProcessMemory 000000007707edc6 5 bytes JMP 000000007ef204e0 .text C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTsysTray8.exe[5512] C:\Windows\syswow64\KERNELBASE.dll!ExitProcess 000000007707f329 5 bytes JMP 000000007ef201d2 .text C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTsysTray8.exe[5512] C:\Windows\syswow64\KERNELBASE.dll!GetStartupInfoW 000000007707fbac 5 bytes JMP 000000007ef20106 .text C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTsysTray8.exe[5512] C:\Windows\syswow64\KERNELBASE.dll!DefineDosDeviceW 000000007707fcda 5 bytes JMP 000000007ef20766 .text C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTsysTray8.exe[5512] C:\Windows\syswow64\KERNELBASE.dll!CreateMutexW 000000007708147b 5 bytes JMP 000000007ef20524 .text C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTsysTray8.exe[5512] C:\Windows\syswow64\KERNELBASE.dll!OpenMutexW 00000000770814a2 5 bytes JMP 000000007ef20502 .text C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTsysTray8.exe[5512] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000077081e4c 5 bytes JMP 000000007ef2007e .text C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTsysTray8.exe[5512] C:\Windows\syswow64\KERNELBASE.dll!GetProcAddress 0000000077081f38 5 bytes JMP 000000007ef20216 .text C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTsysTray8.exe[5512] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000077082bdc 5 bytes JMP 000000007ef2069a .text C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTsysTray8.exe[5512] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExA 0000000077082e40 5 bytes JMP 000000007ef20678 .text C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTsysTray8.exe[5512] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000077082e7e 5 bytes JMP 000000007ef206bc .text C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTsysTray8.exe[5512] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleA 0000000077082fe1 5 bytes JMP 000000007ef2005c .text C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTsysTray8.exe[5512] C:\Windows\syswow64\KERNELBASE.dll!OpenThread 000000007708396a 5 bytes JMP 000000007ef2049c .text C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTsysTray8.exe[5512] C:\Windows\syswow64\KERNELBASE.dll!SleepEx 0000000077083cd7 5 bytes JMP 000000007ef2018e .text C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTsysTray8.exe[5512] C:\Windows\syswow64\KERNELBASE.dll!CreateRemoteThreadEx 0000000077083fdf 5 bytes JMP 000000007ef208fe .text C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTsysTray8.exe[5512] C:\Windows\syswow64\KERNELBASE.dll!Sleep 00000000770845fd 5 bytes JMP 000000007ef201f4 .text C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTsysTray8.exe[5512] C:\Windows\syswow64\KERNELBASE.dll!CreateThread 000000007708476f 5 bytes JMP 000000007ef204be .text C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTsysTray8.exe[5512] C:\Windows\syswow64\KERNELBASE.dll!CreateRemoteThread 0000000077084798 5 bytes JMP 000000007ef202e2 .text C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTsysTray8.exe[5512] C:\Windows\syswow64\KERNELBASE.dll!DeleteFileW 0000000077089dcf 5 bytes JMP 000000007ef20832 .text C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTsysTray8.exe[5512] C:\Windows\syswow64\KERNELBASE.dll!DeleteFileA 000000007708a11c 5 bytes JMP 000000007ef20854 .text C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTsysTray8.exe[5512] C:\Windows\syswow64\KERNELBASE.dll!FindNextFileW 000000007708a37a 5 bytes JMP 000000007ef20942 .text C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTsysTray8.exe[5512] C:\Windows\syswow64\KERNELBASE.dll!FindClose 000000007708a589 5 bytes JMP 000000007ef20964 .text C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTsysTray8.exe[5512] C:\Windows\syswow64\KERNELBASE.dll!FindFirstFileExW 000000007708a663 5 bytes JMP 000000007ef20920 .text C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTsysTray8.exe[5512] C:\Windows\syswow64\KERNELBASE.dll!CreateFileA 000000007708c8a8 5 bytes JMP 000000007ef2027c .text C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTsysTray8.exe[5512] C:\Windows\syswow64\KERNELBASE.dll!CreateWellKnownSid 000000007708e414 5 bytes JMP 000000007ef20986 .text C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTsysTray8.exe[5512] C:\Windows\syswow64\USER32.dll!GetWindowLongW 0000000076ef6ffe 5 bytes JMP 000000007ef2115c .text C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTsysTray8.exe[5512] C:\Windows\syswow64\USER32.dll!GetMessageW 0000000076ef78e2 5 bytes JMP 000000007ef20ed6 .text C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTsysTray8.exe[5512] C:\Windows\syswow64\USER32.dll!GetMessageA 0000000076ef7bd3 5 bytes JMP 000000007ef20eb4 .text C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTsysTray8.exe[5512] C:\Windows\syswow64\USER32.dll!SetWindowLongW 0000000076ef8332 5 bytes JMP 000000007ef211a0 .text C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTsysTray8.exe[5512] C:\Windows\syswow64\USER32.dll!CreateWindowExW 0000000076ef8a29 5 bytes JMP 000000007ef20f80 .text C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTsysTray8.exe[5512] C:\Windows\syswow64\USER32.dll!FindWindowW 0000000076ef98fd 5 bytes JMP 000000007ef210f6 .text C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTsysTray8.exe[5512] C:\Windows\syswow64\USER32.dll!UserClientDllInitialize 0000000076efb6fa 5 bytes JMP 000000007ef20a52 .text C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTsysTray8.exe[5512] C:\Windows\syswow64\USER32.dll!GetWindowLongA 0000000076efd166 5 bytes JMP 000000007ef2113a .text C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTsysTray8.exe[5512] C:\Windows\syswow64\USER32.dll!CreateWindowExA 0000000076efd23e 5 bytes JMP 000000007ef20fa2 .text C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTsysTray8.exe[5512] C:\Windows\syswow64\USER32.dll!SetWinEventHook 0000000076efee21 5 bytes JMP 000000007ef20e92 .text C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTsysTray8.exe[5512] C:\Windows\syswow64\USER32.dll!FindWindowA 0000000076effffe 5 bytes JMP 000000007ef210b2 .text C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTsysTray8.exe[5512] C:\Windows\syswow64\USER32.dll!FindWindowExA 0000000076f000f1 5 bytes JMP 000000007ef210d4 .text C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTsysTray8.exe[5512] C:\Windows\syswow64\USER32.dll!PeekMessageW 0000000076f005d2 5 bytes JMP 000000007ef20f1a .text C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTsysTray8.exe[5512] C:\Windows\syswow64\USER32.dll!ShowWindow 0000000076f00e13 5 bytes JMP 000000007ef20fc4 .text C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTsysTray8.exe[5512] C:\Windows\syswow64\USER32.dll!SetWindowTextW 0000000076f01f14 5 bytes JMP 000000007ef21090 .text C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTsysTray8.exe[5512] C:\Windows\syswow64\USER32.dll!UnhookWindowsHookEx 0000000076f0392d 5 bytes JMP 000000007ef20f5e .text C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTsysTray8.exe[5512] C:\Windows\syswow64\USER32.dll!FindWindowExW 0000000076f0398a 5 bytes JMP 000000007ef21118 .text C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTsysTray8.exe[5512] C:\Windows\syswow64\USER32.dll!PeekMessageA 0000000076f07044 5 bytes JMP 000000007ef20ef8 .text C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTsysTray8.exe[5512] C:\Windows\syswow64\USER32.dll!SetWindowLongA 0000000076f071e0 5 bytes JMP 000000007ef2117e .text C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTsysTray8.exe[5512] C:\Windows\syswow64\USER32.dll!CallNextHookEx 0000000076f07355 5 bytes JMP 000000007ef20f3c .text C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTsysTray8.exe[5512] C:\Windows\syswow64\USER32.dll!SetWindowsHookExW 0000000076f081f5 5 bytes JMP 000000007ef20e70 .text C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTsysTray8.exe[5512] C:\Windows\syswow64\USER32.dll!SendNotifyMessageW 0000000076f0825a 5 bytes JMP 000000007ef211e4 .text C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTsysTray8.exe[5512] C:\Windows\syswow64\USER32.dll!SetWindowTextA 0000000076f086de 5 bytes JMP 000000007ef2106e .text C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTsysTray8.exe[5512] C:\Windows\syswow64\USER32.dll!SetWindowsHookExA 0000000076f08f4c 5 bytes JMP 000000007ef20e4e .text C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTsysTray8.exe[5512] C:\Windows\syswow64\USER32.dll!DialogBoxIndirectParamAorW 0000000076f1d954 5 bytes JMP 000000007ef21008 .text C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTsysTray8.exe[5512] C:\Windows\syswow64\USER32.dll!CreateDialogIndirectParamAorW 0000000076f21080 5 bytes JMP 000000007ef20fe6 .text C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTsysTray8.exe[5512] C:\Windows\syswow64\USER32.dll!MessageBoxExA 0000000076f4fd66 5 bytes JMP 000000007ef2102a .text C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTsysTray8.exe[5512] C:\Windows\syswow64\USER32.dll!MessageBoxExW 0000000076f4fd8a 5 bytes JMP 000000007ef2104c .text C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTsysTray8.exe[5512] C:\Windows\syswow64\USER32.dll!SendNotifyMessageA 0000000076f56df5 5 bytes JMP 000000007ef211c2 .text C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTsysTray8.exe[5512] C:\Windows\syswow64\GDI32.dll!TranslateCharsetInfo + 505 0000000076d1633b 5 bytes JMP 000000007ef20a74 .text C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTsysTray8.exe[5512] C:\Windows\syswow64\GDI32.dll!SetBrushAttributes 0000000076d385fd 5 bytes JMP 000000007ef20b40 .text C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTsysTray8.exe[5512] C:\Windows\syswow64\GDI32.dll!ClearBrushAttributes 0000000076d3861c 5 bytes JMP 000000007ef20b62 .text C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTsysTray8.exe[5512] C:\Windows\syswow64\GDI32.dll!NamedEscape 0000000076d4421d 5 bytes JMP 000000007ef20b84 .text C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTsysTray8.exe[5512] C:\Windows\syswow64\msvcrt.dll!_lock + 41 000000007652a472 5 bytes JMP 000000007ef20a96 .text C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTsysTray8.exe[5512] C:\Windows\syswow64\msvcrt.dll!__p__fmode 00000000765327ce 5 bytes JMP 000000007ef20b1e .text C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTsysTray8.exe[5512] C:\Windows\syswow64\msvcrt.dll!__p__environ 000000007653e6cf 5 bytes JMP 000000007ef20afc .text C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTsysTray8.exe[5512] C:\Windows\syswow64\ADVAPI32.dll!CryptGenKey 0000000076c28e69 5 bytes JMP 000000007ef20d60 .text C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTsysTray8.exe[5512] C:\Windows\syswow64\ADVAPI32.dll!CryptAcquireContextA 0000000076c29159 5 bytes JMP 000000007ef20d1c .text C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTsysTray8.exe[5512] C:\Windows\syswow64\ADVAPI32.dll!CryptExportKey 0000000076c29166 5 bytes JMP 000000007ef20dc6 .text C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTsysTray8.exe[5512] C:\Windows\syswow64\ADVAPI32.dll!CryptImportKey 0000000076c2c4b2 5 bytes JMP 000000007ef20e2c .text C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTsysTray8.exe[5512] C:\Windows\syswow64\ADVAPI32.dll!OpenServiceW 0000000076c2c9cc 5 bytes JMP 000000007ef20bc8 .text C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTsysTray8.exe[5512] C:\Windows\syswow64\ADVAPI32.dll!CryptAcquireContextW 0000000076c2de94 5 bytes JMP 000000007ef20d3e .text C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTsysTray8.exe[5512] C:\Windows\syswow64\ADVAPI32.dll!CryptHashData 0000000076c2deb6 5 bytes JMP 000000007ef20e0a .text C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTsysTray8.exe[5512] C:\Windows\syswow64\ADVAPI32.dll!CryptCreateHash 0000000076c2dece 5 bytes JMP 000000007ef20da4 .text C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTsysTray8.exe[5512] C:\Windows\syswow64\ADVAPI32.dll!CryptGetHashParam 0000000076c2defe 5 bytes JMP 000000007ef20de8 .text C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTsysTray8.exe[5512] C:\Windows\syswow64\ADVAPI32.dll!OpenServiceA 0000000076c32b38 5 bytes JMP 000000007ef20ba6 .text C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTsysTray8.exe[5512] C:\Windows\syswow64\ADVAPI32.dll!CloseServiceHandle 0000000076c335e4 5 bytes JMP 000000007ef20cb6 .text C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTsysTray8.exe[5512] C:\Windows\syswow64\ADVAPI32.dll!RegOpenKeyExA + 222 0000000076c34939 5 bytes JMP 000000007ef20ab8 .text C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTsysTray8.exe[5512] C:\Windows\syswow64\ADVAPI32.dll!CreateServiceW 0000000076c470a4 5 bytes JMP 000000007ef20cfa .text C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTsysTray8.exe[5512] C:\Windows\syswow64\ADVAPI32.dll!ControlService 0000000076c470bc 5 bytes JMP 000000007ef20c2e .text C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTsysTray8.exe[5512] C:\Windows\syswow64\ADVAPI32.dll!DeleteService 0000000076c470d4 5 bytes JMP 000000007ef20c50 .text C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTsysTray8.exe[5512] C:\Windows\syswow64\ADVAPI32.dll!CryptEncrypt 0000000076c4771b 5 bytes JMP 000000007ef20d82 .text C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTsysTray8.exe[5512] C:\Windows\syswow64\ADVAPI32.dll!ChangeServiceConfigA 0000000076c633a4 5 bytes JMP 000000007ef20c72 .text C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTsysTray8.exe[5512] C:\Windows\syswow64\ADVAPI32.dll!ChangeServiceConfigW 0000000076c633b4 5 bytes JMP 000000007ef20c94 .text C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTsysTray8.exe[5512] C:\Windows\syswow64\ADVAPI32.dll!ControlServiceExA 0000000076c633c4 5 bytes JMP 000000007ef20bea .text C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTsysTray8.exe[5512] C:\Windows\syswow64\ADVAPI32.dll!ControlServiceExW 0000000076c633d4 5 bytes JMP 000000007ef20c0c .text C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTsysTray8.exe[5512] C:\Windows\syswow64\ADVAPI32.dll!CreateServiceA 0000000076c63414 5 bytes JMP 000000007ef20cd8 .text C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTsysTray8.exe[5512] C:\Windows\syswow64\SHELL32.dll!Shell_NotifyIconW 0000000075370179 5 bytes JMP 000000007ef21206 .text C:\Windows\system32\wbem\wmiprvse.exe[6388] C:\Windows\SYSTEM32\ntdll.dll!RtlEqualSid + 1 00000000773076b1 11 bytes [B8, E6, 21, F2, FF, FF, 07, ...] .text C:\Windows\system32\wbem\wmiprvse.exe[6388] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateProcessParametersEx + 1 0000000077315121 7 bytes [B8, 64, 0D, F2, FF, FF, 07] .text C:\Windows\system32\wbem\wmiprvse.exe[6388] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateProcessParametersEx + 10 000000007731512a 2 bytes [50, C3] .text C:\Windows\system32\wbem\wmiprvse.exe[6388] C:\Windows\SYSTEM32\ntdll.dll!NtClose 000000007732be20 12 bytes [48, B8, 98, 15, F2, FF, FF, ...] .text C:\Windows\system32\wbem\wmiprvse.exe[6388] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory 000000007732beb0 12 bytes [48, B8, A0, 1C, F2, FF, FF, ...] .text C:\Windows\system32\wbem\wmiprvse.exe[6388] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess 000000007732bef0 12 bytes [48, B8, 14, 12, F2, FF, FF, ...] .text C:\Windows\system32\wbem\wmiprvse.exe[6388] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationToken 000000007732bf40 12 bytes [48, B8, 50, 21, F2, FF, FF, ...] .text C:\Windows\system32\wbem\wmiprvse.exe[6388] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 000000007732bf90 12 bytes [48, B8, 5C, 06, F2, FF, FF, ...] .text C:\Windows\system32\wbem\wmiprvse.exe[6388] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 000000007732bfb0 12 bytes [48, B8, 80, 00, F2, FF, FF, ...] .text C:\Windows\system32\wbem\wmiprvse.exe[6388] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection 000000007732bfd0 12 bytes [48, B8, 16, 01, F2, FF, FF, ...] .text C:\Windows\system32\wbem\wmiprvse.exe[6388] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000000007732bff0 12 bytes [48, B8, 7E, 11, F2, FF, FF, ...] .text C:\Windows\system32\wbem\wmiprvse.exe[6388] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 000000007732c0a0 12 bytes [48, B8, 12, 23, F2, FF, FF, ...] .text C:\Windows\system32\wbem\wmiprvse.exe[6388] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000000007732c0d0 12 bytes [48, B8, 30, 05, F2, FF, FF, ...] .text C:\Windows\system32\wbem\wmiprvse.exe[6388] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 000000007732c0f0 12 bytes [48, B8, 88, 07, F2, FF, FF, ...] .text C:\Windows\system32\wbem\wmiprvse.exe[6388] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 000000007732c130 12 bytes [48, B8, 74, 1B, F2, FF, FF, ...] .text C:\Windows\system32\wbem\wmiprvse.exe[6388] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 000000007732c180 12 bytes [48, B8, F2, 06, F2, FF, FF, ...] .text C:\Windows\system32\wbem\wmiprvse.exe[6388] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcessEx 000000007732c200 12 bytes [48, B8, 04, 04, F2, FF, FF, ...] .text C:\Windows\system32\wbem\wmiprvse.exe[6388] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 000000007732c210 12 bytes [48, B8, D8, 02, F2, FF, FF, ...] .text C:\Windows\system32\wbem\wmiprvse.exe[6388] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory 000000007732c230 12 bytes [48, B8, 36, 1D, F2, FF, FF, ...] .text C:\Windows\system32\wbem\wmiprvse.exe[6388] C:\Windows\SYSTEM32\ntdll.dll!NtSetValueKey 000000007732c330 12 bytes [48, B8, 3E, 24, F2, FF, FF, ...] .text C:\Windows\system32\wbem\wmiprvse.exe[6388] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 000000007732c700 12 bytes [48, B8, 0A, 1C, F2, FF, FF, ...] .text C:\Windows\system32\wbem\wmiprvse.exe[6388] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcess 000000007732c750 12 bytes [48, B8, 6E, 03, F2, FF, FF, ...] .text C:\Windows\system32\wbem\wmiprvse.exe[6388] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 000000007732c7b0 12 bytes [48, B8, 42, 02, F2, FF, FF, ...] .text C:\Windows\system32\wbem\wmiprvse.exe[6388] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 000000007732cb20 12 bytes [48, B8, 2E, 16, F2, FF, FF, ...] .text C:\Windows\system32\wbem\wmiprvse.exe[6388] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcessToken 000000007732ccf0 12 bytes [48, B8, BA, 20, F2, FF, FF, ...] .text C:\Windows\system32\wbem\wmiprvse.exe[6388] C:\Windows\SYSTEM32\ntdll.dll!NtRaiseHardError 000000007732d060 12 bytes [48, B8, 52, 10, F2, FF, FF, ...] .text C:\Windows\system32\wbem\wmiprvse.exe[6388] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 000000007732d260 12 bytes [48, B8, C6, 05, F2, FF, FF, ...] .text C:\Windows\system32\wbem\wmiprvse.exe[6388] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 000000007732d420 12 bytes [48, B8, C4, 16, F2, FF, FF, ...] .text C:\Windows\system32\wbem\wmiprvse.exe[6388] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 000000007732d500 12 bytes [48, B8, 4A, 09, F2, FF, FF, ...] .text C:\Windows\system32\wbem\wmiprvse.exe[6388] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 000000007732d510 12 bytes [48, B8, B4, 08, F2, FF, FF, ...] .text C:\Windows\system32\wbem\wmiprvse.exe[6388] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 000000007732d520 12 bytes [48, B8, A8, 23, F2, FF, FF, ...] .text C:\Windows\system32\wbem\wmiprvse.exe[6388] C:\Windows\SYSTEM32\ntdll.dll!RtlReportException + 1 000000007739e391 11 bytes [B8, E8, 10, F2, FF, FF, 07, ...] .text C:\Windows\system32\wbem\wmiprvse.exe[6388] C:\Windows\system32\kernel32.dll!Process32NextW + 1 00000000770c1b21 11 bytes [B8, 02, 15, F2, FF, FF, 07, ...] .text C:\Windows\system32\wbem\wmiprvse.exe[6388] C:\Windows\system32\kernel32.dll!CreateToolhelp32Snapshot 00000000770c1c10 12 bytes [48, B8, 1E, 08, F2, FF, FF, ...] .text C:\Windows\system32\wbem\wmiprvse.exe[6388] C:\Windows\system32\kernel32.dll!MoveFileExW + 1 00000000770c2b61 8 bytes [B8, 86, 18, F2, FF, FF, 07, ...] .text C:\Windows\system32\wbem\wmiprvse.exe[6388] C:\Windows\system32\kernel32.dll!MoveFileExW + 10 00000000770c2b6a 2 bytes [50, C3] .text C:\Windows\system32\wbem\wmiprvse.exe[6388] C:\Windows\system32\kernel32.dll!CreateProcessInternalW 00000000770ddd20 12 bytes [48, B8, 9A, 04, F2, FF, FF, ...] .text C:\Windows\system32\wbem\wmiprvse.exe[6388] C:\Windows\system32\kernel32.dll!GetStartupInfoA + 1 00000000770e08c1 11 bytes [B8, 7C, 22, F2, FF, FF, 07, ...] .text C:\Windows\system32\wbem\wmiprvse.exe[6388] C:\Windows\system32\kernel32.dll!ReadConsoleInputW + 1 00000000771154f1 11 bytes [B8, 90, 0E, F2, FF, FF, 07, ...] .text C:\Windows\system32\wbem\wmiprvse.exe[6388] C:\Windows\system32\kernel32.dll!ReadConsoleInputA + 1 0000000077115511 11 bytes [B8, FA, 0D, F2, FF, FF, 07, ...] .text C:\Windows\system32\wbem\wmiprvse.exe[6388] C:\Windows\system32\kernel32.dll!ReadConsoleW 000000007712a830 12 bytes [48, B8, BC, 0F, F2, FF, FF, ...] .text C:\Windows\system32\wbem\wmiprvse.exe[6388] C:\Windows\system32\kernel32.dll!ReadConsoleA 000000007712a940 12 bytes [48, B8, 26, 0F, F2, FF, FF, ...] .text C:\Windows\system32\wbem\wmiprvse.exe[6388] C:\Windows\system32\kernel32.dll!MoveFileWithProgressW + 1 000000007714f6e1 11 bytes [B8, B2, 19, F2, FF, FF, 07, ...] .text C:\Windows\system32\wbem\wmiprvse.exe[6388] C:\Windows\system32\kernel32.dll!MoveFileWithProgressA + 1 000000007714f8e1 11 bytes [B8, 1C, 19, F2, FF, FF, 07, ...] .text C:\Windows\system32\wbem\wmiprvse.exe[6388] C:\Windows\system32\kernel32.dll!MoveFileExA + 1 000000007714f911 8 bytes [B8, F0, 17, F2, FF, FF, 07, ...] .text C:\Windows\system32\wbem\wmiprvse.exe[6388] C:\Windows\system32\kernel32.dll!MoveFileExA + 10 000000007714f91a 2 bytes [50, C3] .text C:\Windows\system32\wbem\wmiprvse.exe[6388] C:\Windows\system32\KERNELBASE.dll!CloseHandle + 1 000007fefd251861 11 bytes [B8, CE, 0C, F2, FF, FF, 07, ...] .text C:\Windows\system32\wbem\wmiprvse.exe[6388] C:\Windows\system32\KERNELBASE.dll!GetProcAddress + 1 000007fefd253371 11 bytes [B8, 6C, 14, F2, FF, FF, 07, ...] .text C:\Windows\system32\wbem\wmiprvse.exe[6388] C:\Windows\system32\KERNELBASE.dll!FindClose + 1 000007fefd256401 11 bytes [B8, 8E, 1F, F2, FF, FF, 07, ...] .text C:\Windows\system32\wbem\wmiprvse.exe[6388] C:\Windows\system32\KERNELBASE.dll!FindFirstFileExW 000007fefd256620 12 bytes [48, B8, 62, 1E, F2, FF, FF, ...] .text C:\Windows\system32\wbem\wmiprvse.exe[6388] C:\Windows\system32\KERNELBASE.dll!FindNextFileW + 1 000007fefd257901 11 bytes [B8, F8, 1E, F2, FF, FF, 07, ...] .text C:\Windows\system32\wbem\wmiprvse.exe[6388] C:\Windows\system32\KERNELBASE.dll!CreateMutexW 000007fefd258750 9 bytes [48, B8, 38, 0C, F2, FF, FF, ...] .text C:\Windows\system32\wbem\wmiprvse.exe[6388] C:\Windows\system32\KERNELBASE.dll!CreateMutexW + 10 000007fefd25875a 2 bytes [50, C3] .text C:\Windows\system32\wbem\wmiprvse.exe[6388] C:\Windows\system32\KERNELBASE.dll!CreateWellKnownSid + 1 000007fefd25a5c1 11 bytes [B8, 24, 20, F2, FF, FF, 07, ...] .text C:\Windows\system32\wbem\wmiprvse.exe[6388] C:\Windows\system32\KERNELBASE.dll!FreeLibrary + 1 000007fefd25aa61 11 bytes [B8, D6, 13, F2, FF, FF, 07, ...] .text C:\Windows\system32\wbem\wmiprvse.exe[6388] C:\Windows\system32\KERNELBASE.dll!CreateRemoteThreadEx 000007fefd25acb0 12 bytes [48, B8, CC, 1D, F2, FF, FF, ...] .text C:\Windows\system32\wbem\wmiprvse.exe[6388] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExA + 1 000007fefd25c751 11 bytes [B8, AA, 12, F2, FF, FF, 07, ...] .text C:\Windows\system32\wbem\wmiprvse.exe[6388] C:\Windows\system32\KERNELBASE.dll!OpenThread + 1 000007fefd25ef51 11 bytes [B8, E0, 09, F2, FF, FF, 07, ...] .text C:\Windows\system32\wbem\wmiprvse.exe[6388] C:\Windows\system32\KERNELBASE.dll!OpenMutexW + 1 000007fefd261c41 11 bytes [B8, A2, 0B, F2, FF, FF, 07, ...] .text C:\Windows\system32\wbem\wmiprvse.exe[6388] C:\Windows\system32\KERNELBASE.dll!DeleteFileW + 1 000007fefd263291 11 bytes [B8, 48, 1A, F2, FF, FF, 07, ...] .text C:\Windows\system32\wbem\wmiprvse.exe[6388] C:\Windows\system32\KERNELBASE.dll!DeleteFileA + 1 000007fefd2635a1 11 bytes [B8, DE, 1A, F2, FF, FF, 07, ...] .text C:\Windows\system32\wbem\wmiprvse.exe[6388] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd269ac0 12 bytes [48, B8, 40, 13, F2, FF, FF, ...] .text C:\Windows\system32\wbem\wmiprvse.exe[6388] C:\Windows\system32\KERNELBASE.dll!WriteProcessMemory 000007fefd2838a0 12 bytes [48, B8, 0C, 0B, F2, FF, FF, ...] .text C:\Windows\system32\wbem\wmiprvse.exe[6388] C:\Windows\system32\KERNELBASE.dll!DefineDosDeviceW + 1 000007fefd28ff01 11 bytes [B8, 5A, 17, F2, FF, FF, 07, ...] .text C:\Windows\system32\wbem\wmiprvse.exe[6388] C:\Windows\system32\KERNELBASE.dll!CreateRemoteThread + 1 000007fefd2922c1 8 bytes [B8, AC, 01, F2, FF, FF, 07, ...] .text C:\Windows\system32\wbem\wmiprvse.exe[6388] C:\Windows\system32\KERNELBASE.dll!CreateRemoteThread + 10 000007fefd2922ca 2 bytes [50, C3] .text C:\Windows\system32\wbem\wmiprvse.exe[6388] C:\Windows\system32\KERNELBASE.dll!CreateThread + 1 000007fefd292301 11 bytes [B8, 76, 0A, F2, FF, FF, 07, ...] .text C:\Windows\system32\wbem\wmiprvse.exe[6388] C:\Windows\system32\ADVAPI32.dll!CryptExportKey + 1 000007fefeb7ac21 11 bytes [B8, 34, 30, F2, FF, FF, 07, ...] .text C:\Windows\system32\wbem\wmiprvse.exe[6388] C:\Windows\system32\ADVAPI32.dll!CryptAcquireContextA + 1 000007fefeb7ac7d 11 bytes [B8, 5C, 2D, F2, FF, FF, 07, ...] .text C:\Windows\system32\wbem\wmiprvse.exe[6388] C:\Windows\system32\ADVAPI32.dll!CryptImportKey + 1 000007fefeb7e415 11 bytes [B8, E0, 31, F2, FF, FF, 07, ...] .text C:\Windows\system32\wbem\wmiprvse.exe[6388] C:\Windows\system32\ADVAPI32.dll!OpenServiceW 000007fefeb7e514 12 bytes [48, B8, AC, 27, F2, FF, FF, ...] .text C:\Windows\system32\wbem\wmiprvse.exe[6388] C:\Windows\system32\ADVAPI32.dll!CryptAcquireContextW + 1 000007fefeb801bd 11 bytes [B8, F2, 2D, F2, FF, FF, 07, ...] .text C:\Windows\system32\wbem\wmiprvse.exe[6388] C:\Windows\system32\ADVAPI32.dll!CryptCreateHash + 1 000007fefeb80291 11 bytes [B8, 9E, 2F, F2, FF, FF, 07, ...] .text C:\Windows\system32\wbem\wmiprvse.exe[6388] C:\Windows\system32\ADVAPI32.dll!CryptGetHashParam + 1 000007fefeb802bd 11 bytes [B8, CA, 30, F2, FF, FF, 07, ...] .text C:\Windows\system32\wbem\wmiprvse.exe[6388] C:\Windows\system32\ADVAPI32.dll!CloseServiceHandle 000007fefeb8a830 12 bytes [48, B8, 9A, 2B, F2, FF, FF, ...] .text C:\Windows\system32\wbem\wmiprvse.exe[6388] C:\Windows\system32\ADVAPI32.dll!IsTextUnicode + 49 000007fefeb94291 2 bytes [B8, D4] .text C:\Windows\system32\wbem\wmiprvse.exe[6388] C:\Windows\system32\ADVAPI32.dll!IsTextUnicode + 52 000007fefeb94294 8 bytes [F2, FF, FF, 07, 00, 00, 50, ...] .text C:\Windows\system32\wbem\wmiprvse.exe[6388] C:\Windows\system32\ADVAPI32.dll!CreateServiceW 000007fefeb949b0 12 bytes [48, B8, C6, 2C, F2, FF, FF, ...] .text C:\Windows\system32\wbem\wmiprvse.exe[6388] C:\Windows\system32\ADVAPI32.dll!CryptEncrypt + 1 000007fefebaa409 7 bytes [B8, 08, 2F, F2, FF, FF, 07] .text C:\Windows\system32\wbem\wmiprvse.exe[6388] C:\Windows\system32\ADVAPI32.dll!CryptEncrypt + 10 000007fefebaa412 2 bytes [50, C3] .text C:\Windows\system32\wbem\wmiprvse.exe[6388] C:\Windows\system32\ADVAPI32.dll!CreateServiceA 000007fefebaa490 12 bytes [48, B8, 30, 2C, F2, FF, FF, ...] .text C:\Windows\system32\wbem\wmiprvse.exe[6388] C:\Windows\system32\ADVAPI32.dll!ControlServiceExW 000007fefebaa5e8 36 bytes [48, B8, D8, 28, F2, FF, FF, ...] .text C:\Windows\system32\wbem\wmiprvse.exe[6388] C:\Windows\system32\ADVAPI32.dll!ChangeServiceConfigA 000007fefebaa66c 12 bytes [48, B8, 6E, 2A, F2, FF, FF, ...] .text C:\Windows\system32\wbem\wmiprvse.exe[6388] C:\Windows\system32\GDI32.dll!GdiDllInitialize + 353 000007feff3caf11 11 bytes [B8, 00, 26, F2, FF, FF, 07, ...] .text C:\Windows\system32\wbem\wmiprvse.exe[6388] C:\Windows\system32\GDI32.dll!SetBrushAttributes + 1 000007feff3e49a9 11 bytes [B8, 76, 32, F2, FF, FF, 07, ...] .text C:\Windows\system32\wbem\wmiprvse.exe[6388] C:\Windows\system32\GDI32.dll!ClearBrushAttributes + 1 000007feff3e49c9 11 bytes [B8, 0C, 33, F2, FF, FF, 07, ...] .text C:\Windows\system32\wbem\wmiprvse.exe[6388] C:\Windows\system32\GDI32.dll!NamedEscape + 1 000007feff3f9271 11 bytes [B8, A2, 33, F2, FF, FF, 07, ...] .text C:\Windows\system32\wbem\wmiprvse.exe[6388] C:\Windows\system32\WS2_32.dll!WSASend + 1 000007fefea813b1 11 bytes [B8, FC, 4A, F2, FF, FF, 07, ...] .text C:\Windows\system32\wbem\wmiprvse.exe[6388] C:\Windows\system32\WS2_32.dll!closesocket 000007fefea818e0 12 bytes [48, B8, 66, 4A, F2, FF, FF, ...] .text C:\Windows\system32\wbem\wmiprvse.exe[6388] C:\Windows\system32\WS2_32.dll!WSASocketW + 1 000007fefea81bd1 11 bytes [B8, D0, 49, F2, FF, FF, 07, ...] .text C:\Windows\system32\wbem\wmiprvse.exe[6388] C:\Windows\system32\WS2_32.dll!WSARecv + 1 000007fefea82201 11 bytes [B8, 54, 4D, F2, FF, FF, 07, ...] .text C:\Windows\system32\wbem\wmiprvse.exe[6388] C:\Windows\system32\WS2_32.dll!GetAddrInfoW 000007fefea823c0 12 bytes [48, B8, 78, 47, F2, FF, FF, ...] .text C:\Windows\system32\wbem\wmiprvse.exe[6388] C:\Windows\system32\WS2_32.dll!connect 000007fefea842f0 12 bytes [48, B8, E2, 46, F2, FF, FF, ...] .text C:\Windows\system32\wbem\wmiprvse.exe[6388] C:\Windows\system32\WS2_32.dll!send + 1 000007fefea87cd1 11 bytes [B8, 3A, 49, F2, FF, FF, 07, ...] .text C:\Windows\system32\wbem\wmiprvse.exe[6388] C:\Windows\system32\WS2_32.dll!gethostbyname 000007fefea88ac0 8 bytes [48, B8, A4, 48, F2, FF, FF, ...] .text C:\Windows\system32\wbem\wmiprvse.exe[6388] C:\Windows\system32\WS2_32.dll!gethostbyname + 9 000007fefea88ac9 3 bytes [00, 50, C3] .text C:\Windows\system32\wbem\wmiprvse.exe[6388] C:\Windows\system32\WS2_32.dll!GetAddrInfoExW 000007fefea8be40 12 bytes [48, B8, 0E, 48, F2, FF, FF, ...] .text C:\Windows\system32\wbem\wmiprvse.exe[6388] C:\Windows\system32\WS2_32.dll!socket + 1 000007fefea8d911 11 bytes [B8, 92, 4B, F2, FF, FF, 07, ...] .text C:\Windows\system32\wbem\wmiprvse.exe[6388] C:\Windows\system32\WS2_32.dll!recv + 1 000007fefea8d9c1 11 bytes [B8, BE, 4C, F2, FF, FF, 07, ...] .text C:\Windows\system32\wbem\wmiprvse.exe[6388] C:\Windows\system32\WS2_32.dll!WSAConnect + 1 000007fefeaae081 11 bytes [B8, 28, 4C, F2, FF, FF, 07, ...] .text C:\Windows\system32\wbem\wmiprvse.exe[6396] C:\Windows\SYSTEM32\ntdll.dll!RtlEqualSid + 1 00000000773076b1 11 bytes [B8, E6, 21, F2, FF, FF, 07, ...] .text C:\Windows\system32\wbem\wmiprvse.exe[6396] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateProcessParametersEx + 1 0000000077315121 7 bytes [B8, 64, 0D, F2, FF, FF, 07] .text C:\Windows\system32\wbem\wmiprvse.exe[6396] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateProcessParametersEx + 10 000000007731512a 2 bytes [50, C3] .text C:\Windows\system32\wbem\wmiprvse.exe[6396] C:\Windows\SYSTEM32\ntdll.dll!NtClose 000000007732be20 12 bytes [48, B8, 98, 15, F2, FF, FF, ...] .text C:\Windows\system32\wbem\wmiprvse.exe[6396] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory 000000007732beb0 12 bytes [48, B8, A0, 1C, F2, FF, FF, ...] .text C:\Windows\system32\wbem\wmiprvse.exe[6396] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess 000000007732bef0 12 bytes [48, B8, 14, 12, F2, FF, FF, ...] .text C:\Windows\system32\wbem\wmiprvse.exe[6396] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationToken 000000007732bf40 12 bytes [48, B8, 50, 21, F2, FF, FF, ...] .text C:\Windows\system32\wbem\wmiprvse.exe[6396] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 000000007732bf90 12 bytes [48, B8, 5C, 06, F2, FF, FF, ...] .text C:\Windows\system32\wbem\wmiprvse.exe[6396] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 000000007732bfb0 12 bytes [48, B8, 80, 00, F2, FF, FF, ...] .text C:\Windows\system32\wbem\wmiprvse.exe[6396] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection 000000007732bfd0 12 bytes [48, B8, 16, 01, F2, FF, FF, ...] .text C:\Windows\system32\wbem\wmiprvse.exe[6396] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000000007732bff0 12 bytes [48, B8, 7E, 11, F2, FF, FF, ...] .text C:\Windows\system32\wbem\wmiprvse.exe[6396] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 000000007732c0a0 12 bytes [48, B8, 12, 23, F2, FF, FF, ...] .text C:\Windows\system32\wbem\wmiprvse.exe[6396] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000000007732c0d0 12 bytes [48, B8, 30, 05, F2, FF, FF, ...] .text C:\Windows\system32\wbem\wmiprvse.exe[6396] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 000000007732c0f0 12 bytes [48, B8, 88, 07, F2, FF, FF, ...] .text C:\Windows\system32\wbem\wmiprvse.exe[6396] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 000000007732c130 12 bytes [48, B8, 74, 1B, F2, FF, FF, ...] .text C:\Windows\system32\wbem\wmiprvse.exe[6396] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 000000007732c180 12 bytes [48, B8, F2, 06, F2, FF, FF, ...] .text C:\Windows\system32\wbem\wmiprvse.exe[6396] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcessEx 000000007732c200 12 bytes [48, B8, 04, 04, F2, FF, FF, ...] .text C:\Windows\system32\wbem\wmiprvse.exe[6396] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 000000007732c210 12 bytes [48, B8, D8, 02, F2, FF, FF, ...] .text C:\Windows\system32\wbem\wmiprvse.exe[6396] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory 000000007732c230 12 bytes [48, B8, 36, 1D, F2, FF, FF, ...] .text C:\Windows\system32\wbem\wmiprvse.exe[6396] C:\Windows\SYSTEM32\ntdll.dll!NtSetValueKey 000000007732c330 12 bytes [48, B8, 3E, 24, F2, FF, FF, ...] .text C:\Windows\system32\wbem\wmiprvse.exe[6396] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 000000007732c700 12 bytes [48, B8, 0A, 1C, F2, FF, FF, ...] .text C:\Windows\system32\wbem\wmiprvse.exe[6396] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcess 000000007732c750 12 bytes [48, B8, 6E, 03, F2, FF, FF, ...] .text C:\Windows\system32\wbem\wmiprvse.exe[6396] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 000000007732c7b0 12 bytes [48, B8, 42, 02, F2, FF, FF, ...] .text C:\Windows\system32\wbem\wmiprvse.exe[6396] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 000000007732cb20 12 bytes [48, B8, 2E, 16, F2, FF, FF, ...] .text C:\Windows\system32\wbem\wmiprvse.exe[6396] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcessToken 000000007732ccf0 12 bytes [48, B8, BA, 20, F2, FF, FF, ...] .text C:\Windows\system32\wbem\wmiprvse.exe[6396] C:\Windows\SYSTEM32\ntdll.dll!NtRaiseHardError 000000007732d060 12 bytes [48, B8, 52, 10, F2, FF, FF, ...] .text C:\Windows\system32\wbem\wmiprvse.exe[6396] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 000000007732d260 12 bytes [48, B8, C6, 05, F2, FF, FF, ...] .text C:\Windows\system32\wbem\wmiprvse.exe[6396] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 000000007732d420 12 bytes [48, B8, C4, 16, F2, FF, FF, ...] .text C:\Windows\system32\wbem\wmiprvse.exe[6396] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 000000007732d500 12 bytes [48, B8, 4A, 09, F2, FF, FF, ...] .text C:\Windows\system32\wbem\wmiprvse.exe[6396] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 000000007732d510 12 bytes [48, B8, B4, 08, F2, FF, FF, ...] .text C:\Windows\system32\wbem\wmiprvse.exe[6396] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 000000007732d520 12 bytes [48, B8, A8, 23, F2, FF, FF, ...] .text C:\Windows\system32\wbem\wmiprvse.exe[6396] C:\Windows\SYSTEM32\ntdll.dll!RtlReportException + 1 000000007739e391 11 bytes [B8, E8, 10, F2, FF, FF, 07, ...] .text C:\Windows\system32\wbem\wmiprvse.exe[6396] C:\Windows\system32\kernel32.dll!Process32NextW + 1 00000000770c1b21 11 bytes [B8, 02, 15, F2, FF, FF, 07, ...] .text C:\Windows\system32\wbem\wmiprvse.exe[6396] C:\Windows\system32\kernel32.dll!CreateToolhelp32Snapshot 00000000770c1c10 12 bytes [48, B8, 1E, 08, F2, FF, FF, ...] .text C:\Windows\system32\wbem\wmiprvse.exe[6396] C:\Windows\system32\kernel32.dll!MoveFileExW + 1 00000000770c2b61 8 bytes [B8, 86, 18, F2, FF, FF, 07, ...] .text C:\Windows\system32\wbem\wmiprvse.exe[6396] C:\Windows\system32\kernel32.dll!MoveFileExW + 10 00000000770c2b6a 2 bytes [50, C3] .text C:\Windows\system32\wbem\wmiprvse.exe[6396] C:\Windows\system32\kernel32.dll!CreateProcessInternalW 00000000770ddd20 12 bytes [48, B8, 9A, 04, F2, FF, FF, ...] .text C:\Windows\system32\wbem\wmiprvse.exe[6396] C:\Windows\system32\kernel32.dll!GetStartupInfoA + 1 00000000770e08c1 11 bytes [B8, 7C, 22, F2, FF, FF, 07, ...] .text C:\Windows\system32\wbem\wmiprvse.exe[6396] C:\Windows\system32\kernel32.dll!ReadConsoleInputW + 1 00000000771154f1 11 bytes [B8, 90, 0E, F2, FF, FF, 07, ...] .text C:\Windows\system32\wbem\wmiprvse.exe[6396] C:\Windows\system32\kernel32.dll!ReadConsoleInputA + 1 0000000077115511 11 bytes [B8, FA, 0D, F2, FF, FF, 07, ...] .text C:\Windows\system32\wbem\wmiprvse.exe[6396] C:\Windows\system32\kernel32.dll!ReadConsoleW 000000007712a830 12 bytes [48, B8, BC, 0F, F2, FF, FF, ...] .text C:\Windows\system32\wbem\wmiprvse.exe[6396] C:\Windows\system32\kernel32.dll!ReadConsoleA 000000007712a940 12 bytes [48, B8, 26, 0F, F2, FF, FF, ...] .text C:\Windows\system32\wbem\wmiprvse.exe[6396] C:\Windows\system32\kernel32.dll!MoveFileWithProgressW + 1 000000007714f6e1 11 bytes [B8, B2, 19, F2, FF, FF, 07, ...] .text C:\Windows\system32\wbem\wmiprvse.exe[6396] C:\Windows\system32\kernel32.dll!MoveFileWithProgressA + 1 000000007714f8e1 11 bytes [B8, 1C, 19, F2, FF, FF, 07, ...] .text C:\Windows\system32\wbem\wmiprvse.exe[6396] C:\Windows\system32\kernel32.dll!MoveFileExA + 1 000000007714f911 8 bytes [B8, F0, 17, F2, FF, FF, 07, ...] .text C:\Windows\system32\wbem\wmiprvse.exe[6396] C:\Windows\system32\kernel32.dll!MoveFileExA + 10 000000007714f91a 2 bytes [50, C3] .text C:\Windows\system32\wbem\wmiprvse.exe[6396] C:\Windows\system32\KERNELBASE.dll!CloseHandle + 1 000007fefd251861 11 bytes [B8, CE, 0C, F2, FF, FF, 07, ...] .text C:\Windows\system32\wbem\wmiprvse.exe[6396] C:\Windows\system32\KERNELBASE.dll!GetProcAddress + 1 000007fefd253371 11 bytes [B8, 6C, 14, F2, FF, FF, 07, ...] .text C:\Windows\system32\wbem\wmiprvse.exe[6396] C:\Windows\system32\KERNELBASE.dll!FindClose + 1 000007fefd256401 11 bytes [B8, 8E, 1F, F2, FF, FF, 07, ...] .text C:\Windows\system32\wbem\wmiprvse.exe[6396] C:\Windows\system32\KERNELBASE.dll!FindFirstFileExW 000007fefd256620 12 bytes [48, B8, 62, 1E, F2, FF, FF, ...] .text C:\Windows\system32\wbem\wmiprvse.exe[6396] C:\Windows\system32\KERNELBASE.dll!FindNextFileW + 1 000007fefd257901 11 bytes [B8, F8, 1E, F2, FF, FF, 07, ...] .text C:\Windows\system32\wbem\wmiprvse.exe[6396] C:\Windows\system32\KERNELBASE.dll!CreateMutexW 000007fefd258750 9 bytes [48, B8, 38, 0C, F2, FF, FF, ...] .text C:\Windows\system32\wbem\wmiprvse.exe[6396] C:\Windows\system32\KERNELBASE.dll!CreateMutexW + 10 000007fefd25875a 2 bytes [50, C3] .text C:\Windows\system32\wbem\wmiprvse.exe[6396] C:\Windows\system32\KERNELBASE.dll!CreateWellKnownSid + 1 000007fefd25a5c1 11 bytes [B8, 24, 20, F2, FF, FF, 07, ...] .text C:\Windows\system32\wbem\wmiprvse.exe[6396] C:\Windows\system32\KERNELBASE.dll!FreeLibrary + 1 000007fefd25aa61 11 bytes [B8, D6, 13, F2, FF, FF, 07, ...] .text C:\Windows\system32\wbem\wmiprvse.exe[6396] C:\Windows\system32\KERNELBASE.dll!CreateRemoteThreadEx 000007fefd25acb0 12 bytes [48, B8, CC, 1D, F2, FF, FF, ...] .text C:\Windows\system32\wbem\wmiprvse.exe[6396] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExA + 1 000007fefd25c751 11 bytes [B8, AA, 12, F2, FF, FF, 07, ...] .text C:\Windows\system32\wbem\wmiprvse.exe[6396] C:\Windows\system32\KERNELBASE.dll!OpenThread + 1 000007fefd25ef51 11 bytes [B8, E0, 09, F2, FF, FF, 07, ...] .text C:\Windows\system32\wbem\wmiprvse.exe[6396] C:\Windows\system32\KERNELBASE.dll!OpenMutexW + 1 000007fefd261c41 11 bytes [B8, A2, 0B, F2, FF, FF, 07, ...] .text C:\Windows\system32\wbem\wmiprvse.exe[6396] C:\Windows\system32\KERNELBASE.dll!DeleteFileW + 1 000007fefd263291 11 bytes [B8, 48, 1A, F2, FF, FF, 07, ...] .text C:\Windows\system32\wbem\wmiprvse.exe[6396] C:\Windows\system32\KERNELBASE.dll!DeleteFileA + 1 000007fefd2635a1 11 bytes [B8, DE, 1A, F2, FF, FF, 07, ...] .text C:\Windows\system32\wbem\wmiprvse.exe[6396] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd269ac0 12 bytes [48, B8, 40, 13, F2, FF, FF, ...] .text C:\Windows\system32\wbem\wmiprvse.exe[6396] C:\Windows\system32\KERNELBASE.dll!WriteProcessMemory 000007fefd2838a0 12 bytes [48, B8, 0C, 0B, F2, FF, FF, ...] .text C:\Windows\system32\wbem\wmiprvse.exe[6396] C:\Windows\system32\KERNELBASE.dll!DefineDosDeviceW + 1 000007fefd28ff01 11 bytes [B8, 5A, 17, F2, FF, FF, 07, ...] .text C:\Windows\system32\wbem\wmiprvse.exe[6396] C:\Windows\system32\KERNELBASE.dll!CreateRemoteThread + 1 000007fefd2922c1 8 bytes [B8, AC, 01, F2, FF, FF, 07, ...] .text C:\Windows\system32\wbem\wmiprvse.exe[6396] C:\Windows\system32\KERNELBASE.dll!CreateRemoteThread + 10 000007fefd2922ca 2 bytes [50, C3] .text C:\Windows\system32\wbem\wmiprvse.exe[6396] C:\Windows\system32\KERNELBASE.dll!CreateThread + 1 000007fefd292301 11 bytes [B8, 76, 0A, F2, FF, FF, 07, ...] .text C:\Windows\system32\wbem\wmiprvse.exe[6396] C:\Windows\system32\ADVAPI32.dll!CryptExportKey + 1 000007fefeb7ac21 11 bytes [B8, 34, 30, F2, FF, FF, 07, ...] .text C:\Windows\system32\wbem\wmiprvse.exe[6396] C:\Windows\system32\ADVAPI32.dll!CryptAcquireContextA + 1 000007fefeb7ac7d 11 bytes [B8, 5C, 2D, F2, FF, FF, 07, ...] .text C:\Windows\system32\wbem\wmiprvse.exe[6396] C:\Windows\system32\ADVAPI32.dll!CryptImportKey + 1 000007fefeb7e415 11 bytes [B8, E0, 31, F2, FF, FF, 07, ...] .text C:\Windows\system32\wbem\wmiprvse.exe[6396] C:\Windows\system32\ADVAPI32.dll!OpenServiceW 000007fefeb7e514 12 bytes [48, B8, AC, 27, F2, FF, FF, ...] .text C:\Windows\system32\wbem\wmiprvse.exe[6396] C:\Windows\system32\ADVAPI32.dll!CryptAcquireContextW + 1 000007fefeb801bd 11 bytes [B8, F2, 2D, F2, FF, FF, 07, ...] .text C:\Windows\system32\wbem\wmiprvse.exe[6396] C:\Windows\system32\ADVAPI32.dll!CryptCreateHash + 1 000007fefeb80291 11 bytes [B8, 9E, 2F, F2, FF, FF, 07, ...] .text C:\Windows\system32\wbem\wmiprvse.exe[6396] C:\Windows\system32\ADVAPI32.dll!CryptGetHashParam + 1 000007fefeb802bd 11 bytes [B8, CA, 30, F2, FF, FF, 07, ...] .text C:\Windows\system32\wbem\wmiprvse.exe[6396] C:\Windows\system32\ADVAPI32.dll!CloseServiceHandle 000007fefeb8a830 12 bytes [48, B8, 9A, 2B, F2, FF, FF, ...] .text C:\Windows\system32\wbem\wmiprvse.exe[6396] C:\Windows\system32\ADVAPI32.dll!IsTextUnicode + 49 000007fefeb94291 2 bytes [B8, D4] .text C:\Windows\system32\wbem\wmiprvse.exe[6396] C:\Windows\system32\ADVAPI32.dll!IsTextUnicode + 52 000007fefeb94294 8 bytes [F2, FF, FF, 07, 00, 00, 50, ...] .text C:\Windows\system32\wbem\wmiprvse.exe[6396] C:\Windows\system32\ADVAPI32.dll!CreateServiceW 000007fefeb949b0 12 bytes [48, B8, C6, 2C, F2, FF, FF, ...] .text C:\Windows\system32\wbem\wmiprvse.exe[6396] C:\Windows\system32\ADVAPI32.dll!CryptEncrypt + 1 000007fefebaa409 7 bytes [B8, 08, 2F, F2, FF, FF, 07] .text C:\Windows\system32\wbem\wmiprvse.exe[6396] C:\Windows\system32\ADVAPI32.dll!CryptEncrypt + 10 000007fefebaa412 2 bytes [50, C3] .text C:\Windows\system32\wbem\wmiprvse.exe[6396] C:\Windows\system32\ADVAPI32.dll!CreateServiceA 000007fefebaa490 12 bytes [48, B8, 30, 2C, F2, FF, FF, ...] .text C:\Windows\system32\wbem\wmiprvse.exe[6396] C:\Windows\system32\ADVAPI32.dll!ControlServiceExW 000007fefebaa5e8 36 bytes [48, B8, D8, 28, F2, FF, FF, ...] .text C:\Windows\system32\wbem\wmiprvse.exe[6396] C:\Windows\system32\ADVAPI32.dll!ChangeServiceConfigA 000007fefebaa66c 12 bytes [48, B8, 6E, 2A, F2, FF, FF, ...] .text C:\Windows\system32\wbem\wmiprvse.exe[6396] C:\Windows\system32\GDI32.dll!GdiDllInitialize + 353 000007feff3caf11 11 bytes [B8, 00, 26, F2, FF, FF, 07, ...] .text C:\Windows\system32\wbem\wmiprvse.exe[6396] C:\Windows\system32\GDI32.dll!SetBrushAttributes + 1 000007feff3e49a9 11 bytes [B8, 76, 32, F2, FF, FF, 07, ...] .text C:\Windows\system32\wbem\wmiprvse.exe[6396] C:\Windows\system32\GDI32.dll!ClearBrushAttributes + 1 000007feff3e49c9 11 bytes [B8, 0C, 33, F2, FF, FF, 07, ...] .text C:\Windows\system32\wbem\wmiprvse.exe[6396] C:\Windows\system32\GDI32.dll!NamedEscape + 1 000007feff3f9271 11 bytes [B8, A2, 33, F2, FF, FF, 07, ...] .text C:\Windows\system32\wbem\wmiprvse.exe[6396] C:\Windows\system32\WS2_32.dll!WSASend + 1 000007fefea813b1 11 bytes [B8, FC, 4A, F2, FF, FF, 07, ...] .text C:\Windows\system32\wbem\wmiprvse.exe[6396] C:\Windows\system32\WS2_32.dll!closesocket 000007fefea818e0 12 bytes [48, B8, 66, 4A, F2, FF, FF, ...] .text C:\Windows\system32\wbem\wmiprvse.exe[6396] C:\Windows\system32\WS2_32.dll!WSASocketW + 1 000007fefea81bd1 11 bytes [B8, D0, 49, F2, FF, FF, 07, ...] .text C:\Windows\system32\wbem\wmiprvse.exe[6396] C:\Windows\system32\WS2_32.dll!WSARecv + 1 000007fefea82201 11 bytes [B8, 54, 4D, F2, FF, FF, 07, ...] .text C:\Windows\system32\wbem\wmiprvse.exe[6396] C:\Windows\system32\WS2_32.dll!GetAddrInfoW 000007fefea823c0 12 bytes [48, B8, 78, 47, F2, FF, FF, ...] .text C:\Windows\system32\wbem\wmiprvse.exe[6396] C:\Windows\system32\WS2_32.dll!connect 000007fefea842f0 12 bytes [48, B8, E2, 46, F2, FF, FF, ...] .text C:\Windows\system32\wbem\wmiprvse.exe[6396] C:\Windows\system32\WS2_32.dll!send + 1 000007fefea87cd1 11 bytes [B8, 3A, 49, F2, FF, FF, 07, ...] .text C:\Windows\system32\wbem\wmiprvse.exe[6396] C:\Windows\system32\WS2_32.dll!gethostbyname 000007fefea88ac0 8 bytes [48, B8, A4, 48, F2, FF, FF, ...] .text C:\Windows\system32\wbem\wmiprvse.exe[6396] C:\Windows\system32\WS2_32.dll!gethostbyname + 9 000007fefea88ac9 3 bytes [00, 50, C3] .text C:\Windows\system32\wbem\wmiprvse.exe[6396] C:\Windows\system32\WS2_32.dll!GetAddrInfoExW 000007fefea8be40 12 bytes [48, B8, 0E, 48, F2, FF, FF, ...] .text C:\Windows\system32\wbem\wmiprvse.exe[6396] C:\Windows\system32\WS2_32.dll!socket + 1 000007fefea8d911 11 bytes [B8, 92, 4B, F2, FF, FF, 07, ...] .text C:\Windows\system32\wbem\wmiprvse.exe[6396] C:\Windows\system32\WS2_32.dll!recv + 1 000007fefea8d9c1 11 bytes [B8, BE, 4C, F2, FF, FF, 07, ...] .text C:\Windows\system32\wbem\wmiprvse.exe[6396] C:\Windows\system32\WS2_32.dll!WSAConnect + 1 000007fefeaae081 11 bytes [B8, 28, 4C, F2, FF, FF, 07, ...] .text C:\Program Files (x86)\MSI\Live Update\Live Update.exe[6536] C:\Windows\SysWOW64\ntdll.dll!NtClose 00000000774df9f0 5 bytes JMP 000000007ef20700 .text C:\Program Files (x86)\MSI\Live Update\Live Update.exe[6536] C:\Windows\SysWOW64\ntdll.dll!NtAllocateVirtualMemory 00000000774dfad0 5 bytes JMP 000000007ef208ba .text C:\Program Files (x86)\MSI\Live Update\Live Update.exe[6536] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationProcess 00000000774dfb38 1 byte JMP 000000007ef20656 .text C:\Program Files (x86)\MSI\Live Update\Live Update.exe[6536] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationProcess + 2 00000000774dfb3a 3 bytes {JMP 0x7a40b1e} .text C:\Program Files (x86)\MSI\Live Update\Live Update.exe[6536] C:\Windows\SysWOW64\ntdll.dll!NtQueryInformationToken 00000000774dfbb8 5 bytes JMP 000000007ef209ca .text C:\Program Files (x86)\MSI\Live Update\Live Update.exe[6536] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess 00000000774dfc30 5 bytes JMP 000000007ef203f2 .text C:\Program Files (x86)\MSI\Live Update\Live Update.exe[6536] C:\Windows\SysWOW64\ntdll.dll!NtMapViewOfSection 00000000774dfc60 5 bytes JMP 000000007ef20018 .text C:\Program Files (x86)\MSI\Live Update\Live Update.exe[6536] C:\Windows\SysWOW64\ntdll.dll!NtUnmapViewOfSection 00000000774dfc90 5 bytes JMP 000000007ef2003a .text C:\Program Files (x86)\MSI\Live Update\Live Update.exe[6536] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 00000000774dfcc0 5 bytes JMP 000000007ef20634 .text C:\Program Files (x86)\MSI\Live Update\Live Update.exe[6536] C:\Windows\SysWOW64\ntdll.dll!NtOpenSection 00000000774dfdd8 5 bytes JMP 000000007ef20a0e .text C:\Program Files (x86)\MSI\Live Update\Live Update.exe[6536] C:\Windows\SysWOW64\ntdll.dll!NtWriteVirtualMemory 00000000774dfe24 5 bytes JMP 000000007ef203ae .text C:\Program Files (x86)\MSI\Live Update\Live Update.exe[6536] C:\Windows\SysWOW64\ntdll.dll!NtDuplicateObject 00000000774dfe54 5 bytes JMP 000000007ef20436 .text C:\Program Files (x86)\MSI\Live Update\Live Update.exe[6536] C:\Windows\SysWOW64\ntdll.dll!NtOpenEvent 00000000774dfeb8 5 bytes JMP 000000007ef20876 .text C:\Program Files (x86)\MSI\Live Update\Live Update.exe[6536] C:\Windows\SysWOW64\ntdll.dll!NtAdjustPrivilegesToken 00000000774dfed0 5 bytes JMP 000000007ef20810 .text C:\Program Files (x86)\MSI\Live Update\Live Update.exe[6536] C:\Windows\SysWOW64\ntdll.dll!NtQueueApcThread 00000000774dff34 5 bytes JMP 000000007ef20414 .text C:\Program Files (x86)\MSI\Live Update\Live Update.exe[6536] C:\Windows\SysWOW64\ntdll.dll!NtCreateProcessEx 00000000774dfffc 5 bytes JMP 000000007ef2036a .text C:\Program Files (x86)\MSI\Live Update\Live Update.exe[6536] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread 00000000774e0014 5 bytes JMP 000000007ef20326 .text C:\Program Files (x86)\MSI\Live Update\Live Update.exe[6536] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory 00000000774e0048 5 bytes JMP 000000007ef208dc .text C:\Program Files (x86)\MSI\Live Update\Live Update.exe[6536] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile 00000000774e00c4 2 bytes JMP 000000007ef20128 .text C:\Program Files (x86)\MSI\Live Update\Live Update.exe[6536] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile + 3 00000000774e00c7 2 bytes [A4, 07] .text C:\Program Files (x86)\MSI\Live Update\Live Update.exe[6536] C:\Windows\SysWOW64\ntdll.dll!NtSetValueKey 00000000774e01d4 5 bytes JMP 000000007ef201b0 .text C:\Program Files (x86)\MSI\Live Update\Live Update.exe[6536] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant 00000000774e07ac 2 bytes JMP 000000007ef20898 .text C:\Program Files (x86)\MSI\Live Update\Live Update.exe[6536] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant + 3 00000000774e07af 2 bytes [A4, 07] .text C:\Program Files (x86)\MSI\Live Update\Live Update.exe[6536] C:\Windows\SysWOW64\ntdll.dll!NtCreateProcess 00000000774e0824 5 bytes JMP 000000007ef20348 .text C:\Program Files (x86)\MSI\Live Update\Live Update.exe[6536] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx 00000000774e08b4 5 bytes JMP 000000007ef20304 .text C:\Program Files (x86)\MSI\Live Update\Live Update.exe[6536] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver 00000000774e0e04 5 bytes JMP 000000007ef20722 .text C:\Program Files (x86)\MSI\Live Update\Live Update.exe[6536] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessToken 00000000774e10d0 5 bytes JMP 000000007ef209a8 .text C:\Program Files (x86)\MSI\Live Update\Live Update.exe[6536] C:\Windows\SysWOW64\ntdll.dll!NtRaiseHardError 00000000774e1614 5 bytes JMP 000000007ef205f0 .text C:\Program Files (x86)\MSI\Live Update\Live Update.exe[6536] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread 00000000774e1930 5 bytes JMP 000000007ef203d0 .text C:\Program Files (x86)\MSI\Live Update\Live Update.exe[6536] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation 00000000774e1bf4 5 bytes JMP 000000007ef20744 .text C:\Program Files (x86)\MSI\Live Update\Live Update.exe[6536] C:\Windows\SysWOW64\ntdll.dll!NtSuspendProcess 00000000774e1d64 5 bytes JMP 000000007ef2047a .text C:\Program Files (x86)\MSI\Live Update\Live Update.exe[6536] C:\Windows\SysWOW64\ntdll.dll!NtSuspendThread 00000000774e1d80 5 bytes JMP 000000007ef20458 .text C:\Program Files (x86)\MSI\Live Update\Live Update.exe[6536] C:\Windows\SysWOW64\ntdll.dll!NtSystemDebugControl 00000000774e1d9c 5 bytes JMP 000000007ef20a30 .text C:\Program Files (x86)\MSI\Live Update\Live Update.exe[6536] C:\Windows\SysWOW64\ntdll.dll!RtlQueryPerformanceCounter 00000000774f2954 5 bytes JMP 000000007ef200c2 .text C:\Program Files (x86)\MSI\Live Update\Live Update.exe[6536] C:\Windows\SysWOW64\ntdll.dll!RtlEqualSid 00000000774f8ee1 5 bytes JMP 000000007ef209ec .text C:\Program Files (x86)\MSI\Live Update\Live Update.exe[6536] C:\Windows\SysWOW64\ntdll.dll!RtlCreateProcessParametersEx 000000007752005b 5 bytes JMP 000000007ef2016c .text C:\Program Files (x86)\MSI\Live Update\Live Update.exe[6536] C:\Windows\SysWOW64\ntdll.dll!RtlReportException 0000000077568757 5 bytes JMP 000000007ef20612 .text C:\Program Files (x86)\MSI\Live Update\Live Update.exe[6536] C:\Windows\SysWOW64\ntdll.dll!RtlCreateProcessParameters 000000007756e9f7 5 bytes JMP 000000007ef2014a .text C:\Program Files (x86)\MSI\Live Update\Live Update.exe[6536] C:\Windows\syswow64\kernel32.dll!GetStartupInfoA 0000000076310e00 5 bytes JMP 000000007ef200e4 .text C:\Program Files (x86)\MSI\Live Update\Live Update.exe[6536] C:\Windows\syswow64\kernel32.dll!CreateProcessA 0000000076311072 5 bytes JMP 000000007ef202c0 .text C:\Program Files (x86)\MSI\Live Update\Live Update.exe[6536] C:\Windows\syswow64\kernel32.dll!LoadLibraryA 0000000076314977 5 bytes JMP 000000007ef20238 .text C:\Program Files (x86)\MSI\Live Update\Live Update.exe[6536] C:\Windows\syswow64\kernel32.dll!CreateProcessInternalW 0000000076323bbb 5 bytes JMP 000000007ef2038c .text C:\Program Files (x86)\MSI\Live Update\Live Update.exe[6536] C:\Windows\syswow64\kernel32.dll!MoveFileWithProgressW 0000000076329abc 5 bytes JMP 000000007ef207ee .text C:\Program Files (x86)\MSI\Live Update\Live Update.exe[6536] C:\Windows\syswow64\kernel32.dll!MoveFileExW 0000000076329b1d 5 bytes JMP 000000007ef207aa .text C:\Program Files (x86)\MSI\Live Update\Live Update.exe[6536] C:\Windows\syswow64\kernel32.dll!CreateToolhelp32Snapshot 000000007633733f 5 bytes JMP 000000007ef2025a .text C:\Program Files (x86)\MSI\Live Update\Live Update.exe[6536] C:\Windows\syswow64\kernel32.dll!Process32NextW 00000000763388f2 5 bytes JMP 000000007ef206de .text C:\Program Files (x86)\MSI\Live Update\Live Update.exe[6536] C:\Windows\syswow64\kernel32.dll!MoveFileExA 000000007633ccf1 5 bytes JMP 000000007ef20788 .text C:\Program Files (x86)\MSI\Live Update\Live Update.exe[6536] C:\Windows\syswow64\kernel32.dll!MoveFileWithProgressA 000000007633cd11 5 bytes JMP 000000007ef207cc .text C:\Program Files (x86)\MSI\Live Update\Live Update.exe[6536] C:\Windows\syswow64\kernel32.dll!WinExec 0000000076393231 5 bytes JMP 000000007ef2029e .text C:\Program Files (x86)\MSI\Live Update\Live Update.exe[6536] C:\Windows\syswow64\kernel32.dll!ReadConsoleInputA 00000000763b773b 5 bytes JMP 000000007ef20568 .text C:\Program Files (x86)\MSI\Live Update\Live Update.exe[6536] C:\Windows\syswow64\kernel32.dll!ReadConsoleInputW 00000000763b775e 5 bytes JMP 000000007ef2058a .text C:\Program Files (x86)\MSI\Live Update\Live Update.exe[6536] C:\Windows\syswow64\kernel32.dll!ReadConsoleA 00000000763b7b09 5 bytes JMP 000000007ef205ac .text C:\Program Files (x86)\MSI\Live Update\Live Update.exe[6536] C:\Windows\syswow64\kernel32.dll!ReadConsoleW 00000000763b7b82 5 bytes JMP 000000007ef205ce .text C:\Program Files (x86)\MSI\Live Update\Live Update.exe[6536] C:\Windows\syswow64\KERNELBASE.dll!GetSystemTimeAsFileTime 0000000077078fa5 5 bytes JMP 000000007ef200a0 .text C:\Program Files (x86)\MSI\Live Update\Live Update.exe[6536] C:\Windows\syswow64\KERNELBASE.dll!CloseHandle 000000007707c558 5 bytes JMP 000000007ef20546 .text C:\Program Files (x86)\MSI\Live Update\Live Update.exe[6536] C:\Windows\syswow64\KERNELBASE.dll!WriteProcessMemory 000000007707edc6 5 bytes JMP 000000007ef204e0 .text C:\Program Files (x86)\MSI\Live Update\Live Update.exe[6536] C:\Windows\syswow64\KERNELBASE.dll!ExitProcess 000000007707f329 5 bytes JMP 000000007ef201d2 .text C:\Program Files (x86)\MSI\Live Update\Live Update.exe[6536] C:\Windows\syswow64\KERNELBASE.dll!GetStartupInfoW 000000007707fbac 5 bytes JMP 000000007ef20106 .text C:\Program Files (x86)\MSI\Live Update\Live Update.exe[6536] C:\Windows\syswow64\KERNELBASE.dll!DefineDosDeviceW 000000007707fcda 5 bytes JMP 000000007ef20766 .text C:\Program Files (x86)\MSI\Live Update\Live Update.exe[6536] C:\Windows\syswow64\KERNELBASE.dll!CreateMutexW 000000007708147b 5 bytes JMP 000000007ef20524 .text C:\Program Files (x86)\MSI\Live Update\Live Update.exe[6536] C:\Windows\syswow64\KERNELBASE.dll!OpenMutexW 00000000770814a2 5 bytes JMP 000000007ef20502 .text C:\Program Files (x86)\MSI\Live Update\Live Update.exe[6536] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000077081e4c 5 bytes JMP 000000007ef2007e .text C:\Program Files (x86)\MSI\Live Update\Live Update.exe[6536] C:\Windows\syswow64\KERNELBASE.dll!GetProcAddress 0000000077081f38 5 bytes JMP 000000007ef20216 .text C:\Program Files (x86)\MSI\Live Update\Live Update.exe[6536] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000077082bdc 5 bytes JMP 000000007ef2069a .text C:\Program Files (x86)\MSI\Live Update\Live Update.exe[6536] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExA 0000000077082e40 5 bytes JMP 000000007ef20678 .text C:\Program Files (x86)\MSI\Live Update\Live Update.exe[6536] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000077082e7e 5 bytes JMP 000000007ef206bc .text C:\Program Files (x86)\MSI\Live Update\Live Update.exe[6536] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleA 0000000077082fe1 5 bytes JMP 000000007ef2005c .text C:\Program Files (x86)\MSI\Live Update\Live Update.exe[6536] C:\Windows\syswow64\KERNELBASE.dll!OpenThread 000000007708396a 5 bytes JMP 000000007ef2049c .text C:\Program Files (x86)\MSI\Live Update\Live Update.exe[6536] C:\Windows\syswow64\KERNELBASE.dll!SleepEx 0000000077083cd7 5 bytes JMP 000000007ef2018e .text C:\Program Files (x86)\MSI\Live Update\Live Update.exe[6536] C:\Windows\syswow64\KERNELBASE.dll!CreateRemoteThreadEx 0000000077083fdf 5 bytes JMP 000000007ef208fe .text C:\Program Files (x86)\MSI\Live Update\Live Update.exe[6536] C:\Windows\syswow64\KERNELBASE.dll!Sleep 00000000770845fd 5 bytes JMP 000000007ef201f4 .text C:\Program Files (x86)\MSI\Live Update\Live Update.exe[6536] C:\Windows\syswow64\KERNELBASE.dll!CreateThread 000000007708476f 5 bytes JMP 000000007ef204be .text C:\Program Files (x86)\MSI\Live Update\Live Update.exe[6536] C:\Windows\syswow64\KERNELBASE.dll!CreateRemoteThread 0000000077084798 5 bytes JMP 000000007ef202e2 .text C:\Program Files (x86)\MSI\Live Update\Live Update.exe[6536] C:\Windows\syswow64\KERNELBASE.dll!DeleteFileW 0000000077089dcf 5 bytes JMP 000000007ef20832 .text C:\Program Files (x86)\MSI\Live Update\Live Update.exe[6536] C:\Windows\syswow64\KERNELBASE.dll!DeleteFileA 000000007708a11c 5 bytes JMP 000000007ef20854 .text C:\Program Files (x86)\MSI\Live Update\Live Update.exe[6536] C:\Windows\syswow64\KERNELBASE.dll!FindNextFileW 000000007708a37a 5 bytes JMP 000000007ef20942 .text C:\Program Files (x86)\MSI\Live Update\Live Update.exe[6536] C:\Windows\syswow64\KERNELBASE.dll!FindClose 000000007708a589 5 bytes JMP 000000007ef20964 .text C:\Program Files (x86)\MSI\Live Update\Live Update.exe[6536] C:\Windows\syswow64\KERNELBASE.dll!FindFirstFileExW 000000007708a663 5 bytes JMP 000000007ef20920 .text C:\Program Files (x86)\MSI\Live Update\Live Update.exe[6536] C:\Windows\syswow64\KERNELBASE.dll!CreateFileA 000000007708c8a8 5 bytes JMP 000000007ef2027c .text C:\Program Files (x86)\MSI\Live Update\Live Update.exe[6536] C:\Windows\syswow64\KERNELBASE.dll!CreateWellKnownSid 000000007708e414 5 bytes JMP 000000007ef20986 .text C:\Program Files (x86)\MSI\Live Update\Live Update.exe[6536] C:\Windows\syswow64\USER32.dll!GetWindowLongW 0000000076ef6ffe 5 bytes JMP 000000007ef2117e .text C:\Program Files (x86)\MSI\Live Update\Live Update.exe[6536] C:\Windows\syswow64\USER32.dll!GetMessageW 0000000076ef78e2 5 bytes JMP 000000007ef20ef8 .text C:\Program Files (x86)\MSI\Live Update\Live Update.exe[6536] C:\Windows\syswow64\USER32.dll!GetMessageA 0000000076ef7bd3 5 bytes JMP 000000007ef20ed6 .text C:\Program Files (x86)\MSI\Live Update\Live Update.exe[6536] C:\Windows\syswow64\USER32.dll!SetWindowLongW 0000000076ef8332 5 bytes JMP 000000007ef211c2 .text C:\Program Files (x86)\MSI\Live Update\Live Update.exe[6536] C:\Windows\syswow64\USER32.dll!CreateWindowExW 0000000076ef8a29 5 bytes JMP 000000007ef20fa2 .text C:\Program Files (x86)\MSI\Live Update\Live Update.exe[6536] C:\Windows\syswow64\USER32.dll!FindWindowW 0000000076ef98fd 5 bytes JMP 000000007ef21118 .text C:\Program Files (x86)\MSI\Live Update\Live Update.exe[6536] C:\Windows\syswow64\USER32.dll!UserClientDllInitialize 0000000076efb6fa 5 bytes JMP 000000007ef20a52 .text C:\Program Files (x86)\MSI\Live Update\Live Update.exe[6536] C:\Windows\syswow64\USER32.dll!GetWindowLongA 0000000076efd166 5 bytes JMP 000000007ef2115c .text C:\Program Files (x86)\MSI\Live Update\Live Update.exe[6536] C:\Windows\syswow64\USER32.dll!CreateWindowExA 0000000076efd23e 5 bytes JMP 000000007ef20fc4 .text C:\Program Files (x86)\MSI\Live Update\Live Update.exe[6536] C:\Windows\syswow64\USER32.dll!SetWinEventHook 0000000076efee21 5 bytes JMP 000000007ef20eb4 .text C:\Program Files (x86)\MSI\Live Update\Live Update.exe[6536] C:\Windows\syswow64\USER32.dll!FindWindowA 0000000076effffe 5 bytes JMP 000000007ef210d4 .text C:\Program Files (x86)\MSI\Live Update\Live Update.exe[6536] C:\Windows\syswow64\USER32.dll!FindWindowExA 0000000076f000f1 5 bytes JMP 000000007ef210f6 .text C:\Program Files (x86)\MSI\Live Update\Live Update.exe[6536] C:\Windows\syswow64\USER32.dll!PeekMessageW 0000000076f005d2 5 bytes JMP 000000007ef20f3c .text C:\Program Files (x86)\MSI\Live Update\Live Update.exe[6536] C:\Windows\syswow64\USER32.dll!ShowWindow 0000000076f00e13 5 bytes JMP 000000007ef20fe6 .text C:\Program Files (x86)\MSI\Live Update\Live Update.exe[6536] C:\Windows\syswow64\USER32.dll!SetWindowTextW 0000000076f01f14 5 bytes JMP 000000007ef210b2 .text C:\Program Files (x86)\MSI\Live Update\Live Update.exe[6536] C:\Windows\syswow64\USER32.dll!UnhookWindowsHookEx 0000000076f0392d 5 bytes JMP 000000007ef20f80 .text C:\Program Files (x86)\MSI\Live Update\Live Update.exe[6536] C:\Windows\syswow64\USER32.dll!FindWindowExW 0000000076f0398a 5 bytes JMP 000000007ef2113a .text C:\Program Files (x86)\MSI\Live Update\Live Update.exe[6536] C:\Windows\syswow64\USER32.dll!PeekMessageA 0000000076f07044 5 bytes JMP 000000007ef20f1a .text C:\Program Files (x86)\MSI\Live Update\Live Update.exe[6536] C:\Windows\syswow64\USER32.dll!SetWindowLongA 0000000076f071e0 5 bytes JMP 000000007ef211a0 .text C:\Program Files (x86)\MSI\Live Update\Live Update.exe[6536] C:\Windows\syswow64\USER32.dll!CallNextHookEx 0000000076f07355 5 bytes JMP 000000007ef20f5e .text C:\Program Files (x86)\MSI\Live Update\Live Update.exe[6536] C:\Windows\syswow64\USER32.dll!SetWindowsHookExW 0000000076f081f5 5 bytes JMP 000000007ef20e92 .text C:\Program Files (x86)\MSI\Live Update\Live Update.exe[6536] C:\Windows\syswow64\USER32.dll!SendNotifyMessageW 0000000076f0825a 5 bytes JMP 000000007ef21206 .text C:\Program Files (x86)\MSI\Live Update\Live Update.exe[6536] C:\Windows\syswow64\USER32.dll!SetWindowTextA 0000000076f086de 5 bytes JMP 000000007ef21090 .text C:\Program Files (x86)\MSI\Live Update\Live Update.exe[6536] C:\Windows\syswow64\USER32.dll!SetWindowsHookExA 0000000076f08f4c 5 bytes JMP 000000007ef20e70 .text C:\Program Files (x86)\MSI\Live Update\Live Update.exe[6536] C:\Windows\syswow64\USER32.dll!DialogBoxIndirectParamAorW 0000000076f1d954 5 bytes JMP 000000007ef2102a .text C:\Program Files (x86)\MSI\Live Update\Live Update.exe[6536] C:\Windows\syswow64\USER32.dll!CreateDialogIndirectParamAorW 0000000076f21080 5 bytes JMP 000000007ef21008 .text C:\Program Files (x86)\MSI\Live Update\Live Update.exe[6536] C:\Windows\syswow64\USER32.dll!MessageBoxExA 0000000076f4fd66 5 bytes JMP 000000007ef2104c .text C:\Program Files (x86)\MSI\Live Update\Live Update.exe[6536] C:\Windows\syswow64\USER32.dll!MessageBoxExW 0000000076f4fd8a 5 bytes JMP 000000007ef2106e .text C:\Program Files (x86)\MSI\Live Update\Live Update.exe[6536] C:\Windows\syswow64\USER32.dll!SendNotifyMessageA 0000000076f56df5 5 bytes JMP 000000007ef211e4 .text C:\Program Files (x86)\MSI\Live Update\Live Update.exe[6536] C:\Windows\syswow64\GDI32.dll!TranslateCharsetInfo + 505 0000000076d1633b 5 bytes JMP 000000007ef20a74 .text C:\Program Files (x86)\MSI\Live Update\Live Update.exe[6536] C:\Windows\syswow64\GDI32.dll!SetBrushAttributes 0000000076d385fd 5 bytes JMP 000000007ef20b62 .text C:\Program Files (x86)\MSI\Live Update\Live Update.exe[6536] C:\Windows\syswow64\GDI32.dll!ClearBrushAttributes 0000000076d3861c 5 bytes JMP 000000007ef20b84 .text C:\Program Files (x86)\MSI\Live Update\Live Update.exe[6536] C:\Windows\syswow64\GDI32.dll!NamedEscape 0000000076d4421d 5 bytes JMP 000000007ef20ba6 .text C:\Program Files (x86)\MSI\Live Update\Live Update.exe[6536] C:\Windows\syswow64\msvcrt.dll!_lock + 41 000000007652a472 5 bytes JMP 000000007ef20a96 .text C:\Program Files (x86)\MSI\Live Update\Live Update.exe[6536] C:\Windows\syswow64\msvcrt.dll!__p__fmode 00000000765327ce 5 bytes JMP 000000007ef20b40 .text C:\Program Files (x86)\MSI\Live Update\Live Update.exe[6536] C:\Windows\syswow64\msvcrt.dll!__p__environ 000000007653e6cf 5 bytes JMP 000000007ef20b1e .text C:\Program Files (x86)\MSI\Live Update\Live Update.exe[6536] C:\Windows\syswow64\ADVAPI32.dll!CryptGenKey 0000000076c28e69 5 bytes JMP 000000007ef20d82 .text C:\Program Files (x86)\MSI\Live Update\Live Update.exe[6536] C:\Windows\syswow64\ADVAPI32.dll!CryptAcquireContextA 0000000076c29159 5 bytes JMP 000000007ef20d3e .text C:\Program Files (x86)\MSI\Live Update\Live Update.exe[6536] C:\Windows\syswow64\ADVAPI32.dll!CryptExportKey 0000000076c29166 5 bytes JMP 000000007ef20de8 .text C:\Program Files (x86)\MSI\Live Update\Live Update.exe[6536] C:\Windows\syswow64\ADVAPI32.dll!CryptImportKey 0000000076c2c4b2 5 bytes JMP 000000007ef20e4e .text C:\Program Files (x86)\MSI\Live Update\Live Update.exe[6536] C:\Windows\syswow64\ADVAPI32.dll!OpenServiceW 0000000076c2c9cc 5 bytes JMP 000000007ef20bea .text C:\Program Files (x86)\MSI\Live Update\Live Update.exe[6536] C:\Windows\syswow64\ADVAPI32.dll!CryptAcquireContextW 0000000076c2de94 5 bytes JMP 000000007ef20d60 .text C:\Program Files (x86)\MSI\Live Update\Live Update.exe[6536] C:\Windows\syswow64\ADVAPI32.dll!CryptHashData 0000000076c2deb6 5 bytes JMP 000000007ef20e2c .text C:\Program Files (x86)\MSI\Live Update\Live Update.exe[6536] C:\Windows\syswow64\ADVAPI32.dll!CryptCreateHash 0000000076c2dece 5 bytes JMP 000000007ef20dc6 .text C:\Program Files (x86)\MSI\Live Update\Live Update.exe[6536] C:\Windows\syswow64\ADVAPI32.dll!CryptGetHashParam 0000000076c2defe 5 bytes JMP 000000007ef20e0a .text C:\Program Files (x86)\MSI\Live Update\Live Update.exe[6536] C:\Windows\syswow64\ADVAPI32.dll!OpenServiceA 0000000076c32b38 5 bytes JMP 000000007ef20bc8 .text C:\Program Files (x86)\MSI\Live Update\Live Update.exe[6536] C:\Windows\syswow64\ADVAPI32.dll!CloseServiceHandle 0000000076c335e4 5 bytes JMP 000000007ef20cd8 .text C:\Program Files (x86)\MSI\Live Update\Live Update.exe[6536] C:\Windows\syswow64\ADVAPI32.dll!RegOpenKeyExA + 222 0000000076c34939 5 bytes JMP 000000007ef20ab8 .text C:\Program Files (x86)\MSI\Live Update\Live Update.exe[6536] C:\Windows\syswow64\ADVAPI32.dll!CreateServiceW 0000000076c470a4 5 bytes JMP 000000007ef20d1c .text C:\Program Files (x86)\MSI\Live Update\Live Update.exe[6536] C:\Windows\syswow64\ADVAPI32.dll!ControlService 0000000076c470bc 5 bytes JMP 000000007ef20c50 .text C:\Program Files (x86)\MSI\Live Update\Live Update.exe[6536] C:\Windows\syswow64\ADVAPI32.dll!DeleteService 0000000076c470d4 5 bytes JMP 000000007ef20c72 .text C:\Program Files (x86)\MSI\Live Update\Live Update.exe[6536] C:\Windows\syswow64\ADVAPI32.dll!CryptEncrypt 0000000076c4771b 5 bytes JMP 000000007ef20da4 .text C:\Program Files (x86)\MSI\Live Update\Live Update.exe[6536] C:\Windows\syswow64\ADVAPI32.dll!ChangeServiceConfigA 0000000076c633a4 5 bytes JMP 000000007ef20c94 .text C:\Program Files (x86)\MSI\Live Update\Live Update.exe[6536] C:\Windows\syswow64\ADVAPI32.dll!ChangeServiceConfigW 0000000076c633b4 5 bytes JMP 000000007ef20cb6 .text C:\Program Files (x86)\MSI\Live Update\Live Update.exe[6536] C:\Windows\syswow64\ADVAPI32.dll!ControlServiceExA 0000000076c633c4 5 bytes JMP 000000007ef20c0c .text C:\Program Files (x86)\MSI\Live Update\Live Update.exe[6536] C:\Windows\syswow64\ADVAPI32.dll!ControlServiceExW 0000000076c633d4 5 bytes JMP 000000007ef20c2e .text C:\Program Files (x86)\MSI\Live Update\Live Update.exe[6536] C:\Windows\syswow64\ADVAPI32.dll!CreateServiceA 0000000076c63414 5 bytes JMP 000000007ef20cfa .text C:\Program Files (x86)\MSI\Live Update\Live Update.exe[6536] C:\Windows\syswow64\SHELL32.dll!Shell_NotifyIconW 0000000075370179 5 bytes JMP 000000007ef21228 .text C:\Program Files (x86)\MSI\Live Update\Live Update.exe[6536] C:\Windows\syswow64\urlmon.dll!CreateUri + 128 0000000076d92b80 5 bytes JMP 000000007ef20afc .text C:\Program Files (x86)\MSI\Live Update\Live Update.exe[6536] C:\Windows\syswow64\urlmon.dll!URLDownloadToCacheFileW 0000000076db95a0 5 bytes JMP 000000007ef2128e .text C:\Program Files (x86)\MSI\Live Update\Live Update.exe[6536] C:\Windows\syswow64\urlmon.dll!URLDownloadToFileW 0000000076dc31d0 5 bytes JMP 000000007ef2124a .text C:\Program Files (x86)\MSI\Live Update\Live Update.exe[6536] C:\Windows\syswow64\urlmon.dll!URLDownloadToFileA 0000000076e4cd50 5 bytes JMP 000000007ef2126c .text C:\Program Files (x86)\MSI\Live Update\Live Update.exe[6536] C:\Windows\syswow64\WS2_32.dll!closesocket 0000000076633918 5 bytes JMP 000000007ef213c0 .text C:\Program Files (x86)\MSI\Live Update\Live Update.exe[6536] C:\Windows\syswow64\WS2_32.dll!WSASocketW 0000000076633cd3 5 bytes JMP 000000007ef2139e .text C:\Program Files (x86)\MSI\Live Update\Live Update.exe[6536] C:\Windows\syswow64\WS2_32.dll!socket 0000000076633eb8 5 bytes JMP 000000007ef213e2 .text C:\Program Files (x86)\MSI\Live Update\Live Update.exe[6536] C:\Windows\syswow64\WS2_32.dll!WSASend 0000000076634406 5 bytes JMP 000000007ef212f4 .text C:\Program Files (x86)\MSI\Live Update\Live Update.exe[6536] C:\Windows\syswow64\WS2_32.dll!GetAddrInfoW 0000000076634889 5 bytes JMP 000000007ef21338 .text C:\Program Files (x86)\MSI\Live Update\Live Update.exe[6536] C:\Windows\syswow64\WS2_32.dll!recv 0000000076636826 5 bytes JMP 000000007ef21426 .text C:\Program Files (x86)\MSI\Live Update\Live Update.exe[6536] C:\Windows\syswow64\WS2_32.dll!connect 00000000766368f5 5 bytes JMP 000000007ef21316 .text C:\Program Files (x86)\MSI\Live Update\Live Update.exe[6536] C:\Windows\syswow64\WS2_32.dll!send 0000000076636c19 5 bytes JMP 000000007ef212d2 .text C:\Program Files (x86)\MSI\Live Update\Live Update.exe[6536] C:\Windows\syswow64\WS2_32.dll!WSARecv 0000000076636da1 5 bytes JMP 000000007ef21448 .text C:\Program Files (x86)\MSI\Live Update\Live Update.exe[6536] C:\Windows\syswow64\WS2_32.dll!GetAddrInfoExW 000000007663a6db 5 bytes JMP 000000007ef2135a .text C:\Program Files (x86)\MSI\Live Update\Live Update.exe[6536] C:\Windows\syswow64\WS2_32.dll!WSAConnect 000000007663bcd5 5 bytes JMP 000000007ef21404 .text C:\Program Files (x86)\MSI\Live Update\Live Update.exe[6536] C:\Windows\syswow64\WS2_32.dll!gethostbyname 000000007664771b 5 bytes JMP 000000007ef2137c .text C:\MSI\MSI SUITE\MSI SUITE.exe[6684] C:\Windows\SysWOW64\ntdll.dll!NtReadFile 00000000774df900 5 bytes JMP 000000007ef20942 .text C:\MSI\MSI SUITE\MSI SUITE.exe[6684] C:\Windows\SysWOW64\ntdll.dll!NtWriteFile 00000000774df938 5 bytes JMP 000000007ef20a74 .text C:\MSI\MSI SUITE\MSI SUITE.exe[6684] C:\Windows\SysWOW64\ntdll.dll!NtClose 00000000774df9f0 5 bytes JMP 000000007ef20722 .text C:\MSI\MSI SUITE\MSI SUITE.exe[6684] C:\Windows\SysWOW64\ntdll.dll!NtAllocateVirtualMemory 00000000774dfad0 5 bytes JMP 000000007ef208dc .text C:\MSI\MSI SUITE\MSI SUITE.exe[6684] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationProcess 00000000774dfb38 5 bytes JMP 000000007ef20678 .text C:\MSI\MSI SUITE\MSI SUITE.exe[6684] C:\Windows\SysWOW64\ntdll.dll!NtQueryInformationToken 00000000774dfbb8 5 bytes JMP 000000007ef20a0e .text C:\MSI\MSI SUITE\MSI SUITE.exe[6684] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess 00000000774dfc30 5 bytes JMP 000000007ef20414 .text C:\MSI\MSI SUITE\MSI SUITE.exe[6684] C:\Windows\SysWOW64\ntdll.dll!NtMapViewOfSection 00000000774dfc60 5 bytes JMP 000000007ef20018 .text C:\MSI\MSI SUITE\MSI SUITE.exe[6684] C:\Windows\SysWOW64\ntdll.dll!NtUnmapViewOfSection 00000000774dfc90 5 bytes JMP 000000007ef2003a .text C:\MSI\MSI SUITE\MSI SUITE.exe[6684] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 00000000774dfcc0 5 bytes JMP 000000007ef20656 .text C:\MSI\MSI SUITE\MSI SUITE.exe[6684] C:\Windows\SysWOW64\ntdll.dll!NtOpenSection 00000000774dfdd8 5 bytes JMP 000000007ef20a52 .text C:\MSI\MSI SUITE\MSI SUITE.exe[6684] C:\Windows\SysWOW64\ntdll.dll!NtWriteVirtualMemory 00000000774dfe24 5 bytes JMP 000000007ef203d0 .text C:\MSI\MSI SUITE\MSI SUITE.exe[6684] C:\Windows\SysWOW64\ntdll.dll!NtDuplicateObject 00000000774dfe54 5 bytes JMP 000000007ef20458 .text C:\MSI\MSI SUITE\MSI SUITE.exe[6684] C:\Windows\SysWOW64\ntdll.dll!NtOpenEvent 00000000774dfeb8 5 bytes JMP 000000007ef20898 .text C:\MSI\MSI SUITE\MSI SUITE.exe[6684] C:\Windows\SysWOW64\ntdll.dll!NtAdjustPrivilegesToken 00000000774dfed0 5 bytes JMP 000000007ef20832 .text C:\MSI\MSI SUITE\MSI SUITE.exe[6684] C:\Windows\SysWOW64\ntdll.dll!NtQueueApcThread 00000000774dff34 5 bytes JMP 000000007ef20436 .text C:\MSI\MSI SUITE\MSI SUITE.exe[6684] C:\Windows\SysWOW64\ntdll.dll!NtCreateProcessEx 00000000774dfffc 5 bytes JMP 000000007ef2038c .text C:\MSI\MSI SUITE\MSI SUITE.exe[6684] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread 00000000774e0014 5 bytes JMP 000000007ef20348 .text C:\MSI\MSI SUITE\MSI SUITE.exe[6684] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory 00000000774e0048 5 bytes JMP 000000007ef208fe .text C:\MSI\MSI SUITE\MSI SUITE.exe[6684] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile 00000000774e00c4 2 bytes JMP 000000007ef2014a .text C:\MSI\MSI SUITE\MSI SUITE.exe[6684] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile + 3 00000000774e00c7 2 bytes [A4, 07] .text C:\MSI\MSI SUITE\MSI SUITE.exe[6684] C:\Windows\SysWOW64\ntdll.dll!NtSetValueKey 00000000774e01d4 5 bytes JMP 000000007ef201d2 .text C:\MSI\MSI SUITE\MSI SUITE.exe[6684] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant 00000000774e07ac 5 bytes JMP 000000007ef208ba .text C:\MSI\MSI SUITE\MSI SUITE.exe[6684] C:\Windows\SysWOW64\ntdll.dll!NtCreateProcess 00000000774e0824 5 bytes JMP 000000007ef2036a .text C:\MSI\MSI SUITE\MSI SUITE.exe[6684] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx 00000000774e08b4 5 bytes JMP 000000007ef20326 .text C:\MSI\MSI SUITE\MSI SUITE.exe[6684] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver 00000000774e0e04 5 bytes JMP 000000007ef20744 .text C:\MSI\MSI SUITE\MSI SUITE.exe[6684] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessToken 00000000774e10d0 5 bytes JMP 000000007ef209ec .text C:\MSI\MSI SUITE\MSI SUITE.exe[6684] C:\Windows\SysWOW64\ntdll.dll!NtRaiseHardError 00000000774e1614 5 bytes JMP 000000007ef20612 .text C:\MSI\MSI SUITE\MSI SUITE.exe[6684] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread 00000000774e1930 5 bytes JMP 000000007ef203f2 .text C:\MSI\MSI SUITE\MSI SUITE.exe[6684] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation 00000000774e1bf4 5 bytes JMP 000000007ef20766 .text C:\MSI\MSI SUITE\MSI SUITE.exe[6684] C:\Windows\SysWOW64\ntdll.dll!NtSuspendProcess 00000000774e1d64 5 bytes JMP 000000007ef2049c .text C:\MSI\MSI SUITE\MSI SUITE.exe[6684] C:\Windows\SysWOW64\ntdll.dll!NtSuspendThread 00000000774e1d80 5 bytes JMP 000000007ef2047a .text C:\MSI\MSI SUITE\MSI SUITE.exe[6684] C:\Windows\SysWOW64\ntdll.dll!NtSystemDebugControl 00000000774e1d9c 5 bytes JMP 000000007ef20a96 .text C:\MSI\MSI SUITE\MSI SUITE.exe[6684] C:\Windows\SysWOW64\ntdll.dll!RtlQueryPerformanceCounter 00000000774f2954 5 bytes JMP 000000007ef200e4 .text C:\MSI\MSI SUITE\MSI SUITE.exe[6684] C:\Windows\SysWOW64\ntdll.dll!RtlEqualSid 00000000774f8ee1 5 bytes JMP 000000007ef20a30 .text C:\MSI\MSI SUITE\MSI SUITE.exe[6684] C:\Windows\SysWOW64\ntdll.dll!RtlCreateProcessParametersEx 000000007752005b 5 bytes JMP 000000007ef2018e .text C:\MSI\MSI SUITE\MSI SUITE.exe[6684] C:\Windows\SysWOW64\ntdll.dll!RtlReportException 0000000077568757 5 bytes JMP 000000007ef20634 .text C:\MSI\MSI SUITE\MSI SUITE.exe[6684] C:\Windows\SysWOW64\ntdll.dll!RtlCreateProcessParameters 000000007756e9f7 5 bytes JMP 000000007ef2016c .text C:\MSI\MSI SUITE\MSI SUITE.exe[6684] C:\Windows\syswow64\KERNEL32.dll!GetStartupInfoA 0000000076310e00 5 bytes JMP 000000007ef20106 .text C:\MSI\MSI SUITE\MSI SUITE.exe[6684] C:\Windows\syswow64\KERNEL32.dll!CreateProcessA 0000000076311072 5 bytes JMP 000000007ef202e2 .text C:\MSI\MSI SUITE\MSI SUITE.exe[6684] C:\Windows\syswow64\KERNEL32.dll!LoadLibraryA 0000000076314977 5 bytes JMP 000000007ef2025a .text C:\MSI\MSI SUITE\MSI SUITE.exe[6684] C:\Windows\syswow64\KERNEL32.dll!CreateProcessInternalW 0000000076323bbb 5 bytes JMP 000000007ef203ae .text C:\MSI\MSI SUITE\MSI SUITE.exe[6684] C:\Windows\syswow64\KERNEL32.dll!MoveFileWithProgressW 0000000076329abc 5 bytes JMP 000000007ef20810 .text C:\MSI\MSI SUITE\MSI SUITE.exe[6684] C:\Windows\syswow64\KERNEL32.dll!MoveFileExW 0000000076329b1d 5 bytes JMP 000000007ef207cc .text C:\MSI\MSI SUITE\MSI SUITE.exe[6684] C:\Windows\syswow64\KERNEL32.dll!CreateToolhelp32Snapshot 000000007633733f 5 bytes JMP 000000007ef2027c .text C:\MSI\MSI SUITE\MSI SUITE.exe[6684] C:\Windows\syswow64\KERNEL32.dll!Process32NextW 00000000763388f2 5 bytes JMP 000000007ef20700 .text C:\MSI\MSI SUITE\MSI SUITE.exe[6684] C:\Windows\syswow64\KERNEL32.dll!MoveFileExA 000000007633ccf1 5 bytes JMP 000000007ef207aa .text C:\MSI\MSI SUITE\MSI SUITE.exe[6684] C:\Windows\syswow64\KERNEL32.dll!MoveFileWithProgressA 000000007633cd11 5 bytes JMP 000000007ef207ee .text C:\MSI\MSI SUITE\MSI SUITE.exe[6684] C:\Windows\syswow64\KERNEL32.dll!WinExec 0000000076393231 5 bytes JMP 000000007ef202c0 .text C:\MSI\MSI SUITE\MSI SUITE.exe[6684] C:\Windows\syswow64\KERNEL32.dll!ReadConsoleInputA 00000000763b773b 5 bytes JMP 000000007ef2058a .text C:\MSI\MSI SUITE\MSI SUITE.exe[6684] C:\Windows\syswow64\KERNEL32.dll!ReadConsoleInputW 00000000763b775e 5 bytes JMP 000000007ef205ac .text C:\MSI\MSI SUITE\MSI SUITE.exe[6684] C:\Windows\syswow64\KERNEL32.dll!ReadConsoleA 00000000763b7b09 5 bytes JMP 000000007ef205ce .text C:\MSI\MSI SUITE\MSI SUITE.exe[6684] C:\Windows\syswow64\KERNEL32.dll!ReadConsoleW 00000000763b7b82 5 bytes JMP 000000007ef205f0 .text C:\MSI\MSI SUITE\MSI SUITE.exe[6684] C:\Windows\syswow64\KERNELBASE.dll!GetSystemTimeAsFileTime 0000000077078fa5 5 bytes JMP 000000007ef200c2 .text C:\MSI\MSI SUITE\MSI SUITE.exe[6684] C:\Windows\syswow64\KERNELBASE.dll!CloseHandle 000000007707c558 5 bytes JMP 000000007ef20568 .text C:\MSI\MSI SUITE\MSI SUITE.exe[6684] C:\Windows\syswow64\KERNELBASE.dll!WriteProcessMemory 000000007707edc6 5 bytes JMP 000000007ef20502 .text C:\MSI\MSI SUITE\MSI SUITE.exe[6684] C:\Windows\syswow64\KERNELBASE.dll!ExitProcess 000000007707f329 5 bytes JMP 000000007ef201f4 .text C:\MSI\MSI SUITE\MSI SUITE.exe[6684] C:\Windows\syswow64\KERNELBASE.dll!GetStartupInfoW 000000007707fbac 5 bytes JMP 000000007ef20128 .text C:\MSI\MSI SUITE\MSI SUITE.exe[6684] C:\Windows\syswow64\KERNELBASE.dll!DefineDosDeviceW 000000007707fcda 5 bytes JMP 000000007ef20788 .text C:\MSI\MSI SUITE\MSI SUITE.exe[6684] C:\Windows\syswow64\KERNELBASE.dll!CreateMutexW 000000007708147b 5 bytes JMP 000000007ef20546 .text C:\MSI\MSI SUITE\MSI SUITE.exe[6684] C:\Windows\syswow64\KERNELBASE.dll!OpenMutexW 00000000770814a2 5 bytes JMP 000000007ef20524 .text C:\MSI\MSI SUITE\MSI SUITE.exe[6684] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000077081e4c 5 bytes JMP 000000007ef200a0 .text C:\MSI\MSI SUITE\MSI SUITE.exe[6684] C:\Windows\syswow64\KERNELBASE.dll!GetProcAddress 0000000077081f38 5 bytes JMP 000000007ef20238 .text C:\MSI\MSI SUITE\MSI SUITE.exe[6684] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000077082bdc 5 bytes JMP 000000007ef206bc .text C:\MSI\MSI SUITE\MSI SUITE.exe[6684] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExA 0000000077082e40 5 bytes JMP 000000007ef2069a .text C:\MSI\MSI SUITE\MSI SUITE.exe[6684] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000077082e7e 5 bytes JMP 000000007ef206de .text C:\MSI\MSI SUITE\MSI SUITE.exe[6684] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleA 0000000077082fe1 5 bytes JMP 000000007ef2007e .text C:\MSI\MSI SUITE\MSI SUITE.exe[6684] C:\Windows\syswow64\KERNELBASE.dll!OpenThread 000000007708396a 5 bytes JMP 000000007ef204be .text C:\MSI\MSI SUITE\MSI SUITE.exe[6684] C:\Windows\syswow64\KERNELBASE.dll!SleepEx 0000000077083cd7 5 bytes JMP 000000007ef201b0 .text C:\MSI\MSI SUITE\MSI SUITE.exe[6684] C:\Windows\syswow64\KERNELBASE.dll!CreateRemoteThreadEx 0000000077083fdf 5 bytes JMP 000000007ef20920 .text C:\MSI\MSI SUITE\MSI SUITE.exe[6684] C:\Windows\syswow64\KERNELBASE.dll!Sleep 00000000770845fd 5 bytes JMP 000000007ef20216 .text C:\MSI\MSI SUITE\MSI SUITE.exe[6684] C:\Windows\syswow64\KERNELBASE.dll!CreateThread 000000007708476f 5 bytes JMP 000000007ef204e0 .text C:\MSI\MSI SUITE\MSI SUITE.exe[6684] C:\Windows\syswow64\KERNELBASE.dll!CreateRemoteThread 0000000077084798 5 bytes JMP 000000007ef20304 .text C:\MSI\MSI SUITE\MSI SUITE.exe[6684] C:\Windows\syswow64\KERNELBASE.dll!DeleteFileW 0000000077089dcf 5 bytes JMP 000000007ef20854 .text C:\MSI\MSI SUITE\MSI SUITE.exe[6684] C:\Windows\syswow64\KERNELBASE.dll!DeleteFileA 000000007708a11c 5 bytes JMP 000000007ef20876 .text C:\MSI\MSI SUITE\MSI SUITE.exe[6684] C:\Windows\syswow64\KERNELBASE.dll!FindNextFileW 000000007708a37a 5 bytes JMP 000000007ef20986 .text C:\MSI\MSI SUITE\MSI SUITE.exe[6684] C:\Windows\syswow64\KERNELBASE.dll!FindClose 000000007708a589 5 bytes JMP 000000007ef209a8 .text C:\MSI\MSI SUITE\MSI SUITE.exe[6684] C:\Windows\syswow64\KERNELBASE.dll!FindFirstFileExW 000000007708a663 5 bytes JMP 000000007ef20964 .text C:\MSI\MSI SUITE\MSI SUITE.exe[6684] C:\Windows\syswow64\KERNELBASE.dll!CreateFileA 000000007708c8a8 5 bytes JMP 000000007ef2029e .text C:\MSI\MSI SUITE\MSI SUITE.exe[6684] C:\Windows\syswow64\KERNELBASE.dll!CreateWellKnownSid 000000007708e414 5 bytes JMP 000000007ef209ca .text C:\MSI\MSI SUITE\MSI SUITE.exe[6684] C:\Windows\syswow64\ADVAPI32.dll!CryptGenKey 0000000076c28e69 5 bytes JMP 000000007ef20cfa .text C:\MSI\MSI SUITE\MSI SUITE.exe[6684] C:\Windows\syswow64\ADVAPI32.dll!CryptAcquireContextA 0000000076c29159 5 bytes JMP 000000007ef20cb6 .text C:\MSI\MSI SUITE\MSI SUITE.exe[6684] C:\Windows\syswow64\ADVAPI32.dll!CryptExportKey 0000000076c29166 5 bytes JMP 000000007ef20d60 .text C:\MSI\MSI SUITE\MSI SUITE.exe[6684] C:\Windows\syswow64\ADVAPI32.dll!CryptImportKey 0000000076c2c4b2 5 bytes JMP 000000007ef20dc6 .text C:\MSI\MSI SUITE\MSI SUITE.exe[6684] C:\Windows\syswow64\ADVAPI32.dll!OpenServiceW 0000000076c2c9cc 5 bytes JMP 000000007ef20b62 .text C:\MSI\MSI SUITE\MSI SUITE.exe[6684] C:\Windows\syswow64\ADVAPI32.dll!CryptAcquireContextW 0000000076c2de94 5 bytes JMP 000000007ef20cd8 .text C:\MSI\MSI SUITE\MSI SUITE.exe[6684] C:\Windows\syswow64\ADVAPI32.dll!CryptHashData 0000000076c2deb6 5 bytes JMP 000000007ef20da4 .text C:\MSI\MSI SUITE\MSI SUITE.exe[6684] C:\Windows\syswow64\ADVAPI32.dll!CryptCreateHash 0000000076c2dece 5 bytes JMP 000000007ef20d3e .text C:\MSI\MSI SUITE\MSI SUITE.exe[6684] C:\Windows\syswow64\ADVAPI32.dll!CryptGetHashParam 0000000076c2defe 5 bytes JMP 000000007ef20d82 .text C:\MSI\MSI SUITE\MSI SUITE.exe[6684] C:\Windows\syswow64\ADVAPI32.dll!OpenServiceA 0000000076c32b38 5 bytes JMP 000000007ef20b40 .text C:\MSI\MSI SUITE\MSI SUITE.exe[6684] C:\Windows\syswow64\ADVAPI32.dll!CloseServiceHandle 0000000076c335e4 5 bytes JMP 000000007ef20c50 .text C:\MSI\MSI SUITE\MSI SUITE.exe[6684] C:\Windows\syswow64\ADVAPI32.dll!RegOpenKeyExA + 222 0000000076c34939 5 bytes JMP 000000007ef20ab8 .text C:\MSI\MSI SUITE\MSI SUITE.exe[6684] C:\Windows\syswow64\ADVAPI32.dll!CreateServiceW 0000000076c470a4 5 bytes JMP 000000007ef20c94 .text C:\MSI\MSI SUITE\MSI SUITE.exe[6684] C:\Windows\syswow64\ADVAPI32.dll!ControlService 0000000076c470bc 5 bytes JMP 000000007ef20bc8 .text C:\MSI\MSI SUITE\MSI SUITE.exe[6684] C:\Windows\syswow64\ADVAPI32.dll!DeleteService 0000000076c470d4 5 bytes JMP 000000007ef20bea .text C:\MSI\MSI SUITE\MSI SUITE.exe[6684] C:\Windows\syswow64\ADVAPI32.dll!CryptEncrypt 0000000076c4771b 5 bytes JMP 000000007ef20d1c .text C:\MSI\MSI SUITE\MSI SUITE.exe[6684] C:\Windows\syswow64\ADVAPI32.dll!ChangeServiceConfigA 0000000076c633a4 5 bytes JMP 000000007ef20c0c .text C:\MSI\MSI SUITE\MSI SUITE.exe[6684] C:\Windows\syswow64\ADVAPI32.dll!ChangeServiceConfigW 0000000076c633b4 5 bytes JMP 000000007ef20c2e .text C:\MSI\MSI SUITE\MSI SUITE.exe[6684] C:\Windows\syswow64\ADVAPI32.dll!ControlServiceExA 0000000076c633c4 5 bytes JMP 000000007ef20b84 .text C:\MSI\MSI SUITE\MSI SUITE.exe[6684] C:\Windows\syswow64\ADVAPI32.dll!ControlServiceExW 0000000076c633d4 5 bytes JMP 000000007ef20ba6 .text C:\MSI\MSI SUITE\MSI SUITE.exe[6684] C:\Windows\syswow64\ADVAPI32.dll!CreateServiceA 0000000076c63414 5 bytes JMP 000000007ef20c72 .text C:\MSI\MSI SUITE\MSI SUITE.exe[6684] C:\Windows\syswow64\msvcrt.dll!_lock + 41 000000007652a472 5 bytes JMP 000000007ef20ada .text C:\MSI\MSI SUITE\MSI SUITE.exe[6684] C:\Windows\syswow64\msvcrt.dll!__p__fmode 00000000765327ce 5 bytes JMP 000000007ef20b1e .text C:\MSI\MSI SUITE\MSI SUITE.exe[6684] C:\Windows\syswow64\msvcrt.dll!__p__environ 000000007653e6cf 5 bytes JMP 000000007ef20afc .text C:\MSI\MSI SUITE\MSI SUITE.exe[6684] C:\Windows\syswow64\GDI32.dll!TranslateCharsetInfo + 505 0000000076d1633b 5 bytes JMP 000000007ef20de8 .text C:\MSI\MSI SUITE\MSI SUITE.exe[6684] C:\Windows\syswow64\GDI32.dll!SetBrushAttributes 0000000076d385fd 5 bytes JMP 000000007ef211e4 .text C:\MSI\MSI SUITE\MSI SUITE.exe[6684] C:\Windows\syswow64\GDI32.dll!ClearBrushAttributes 0000000076d3861c 5 bytes JMP 000000007ef21206 .text C:\MSI\MSI SUITE\MSI SUITE.exe[6684] C:\Windows\syswow64\GDI32.dll!NamedEscape 0000000076d4421d 5 bytes JMP 000000007ef21228 .text C:\MSI\MSI SUITE\MSI SUITE.exe[6684] C:\Windows\syswow64\USER32.dll!GetWindowLongW 0000000076ef6ffe 5 bytes JMP 000000007ef2113a .text C:\MSI\MSI SUITE\MSI SUITE.exe[6684] C:\Windows\syswow64\USER32.dll!GetMessageW 0000000076ef78e2 5 bytes JMP 000000007ef20eb4 .text C:\MSI\MSI SUITE\MSI SUITE.exe[6684] C:\Windows\syswow64\USER32.dll!GetMessageA 0000000076ef7bd3 5 bytes JMP 000000007ef20e92 .text C:\MSI\MSI SUITE\MSI SUITE.exe[6684] C:\Windows\syswow64\USER32.dll!SetWindowLongW 0000000076ef8332 5 bytes JMP 000000007ef2117e .text C:\MSI\MSI SUITE\MSI SUITE.exe[6684] C:\Windows\syswow64\USER32.dll!CreateWindowExW 0000000076ef8a29 5 bytes JMP 000000007ef20f5e .text C:\MSI\MSI SUITE\MSI SUITE.exe[6684] C:\Windows\syswow64\USER32.dll!FindWindowW 0000000076ef98fd 5 bytes JMP 000000007ef210d4 .text C:\MSI\MSI SUITE\MSI SUITE.exe[6684] C:\Windows\syswow64\USER32.dll!UserClientDllInitialize 0000000076efb6fa 5 bytes JMP 000000007ef20e0a .text C:\MSI\MSI SUITE\MSI SUITE.exe[6684] C:\Windows\syswow64\USER32.dll!GetWindowLongA 0000000076efd166 5 bytes JMP 000000007ef21118 .text C:\MSI\MSI SUITE\MSI SUITE.exe[6684] C:\Windows\syswow64\USER32.dll!CreateWindowExA 0000000076efd23e 5 bytes JMP 000000007ef20f80 .text C:\MSI\MSI SUITE\MSI SUITE.exe[6684] C:\Windows\syswow64\USER32.dll!SetWinEventHook 0000000076efee21 5 bytes JMP 000000007ef20e70 .text C:\MSI\MSI SUITE\MSI SUITE.exe[6684] C:\Windows\syswow64\USER32.dll!FindWindowA 0000000076effffe 5 bytes JMP 000000007ef21090 .text C:\MSI\MSI SUITE\MSI SUITE.exe[6684] C:\Windows\syswow64\USER32.dll!FindWindowExA 0000000076f000f1 5 bytes JMP 000000007ef210b2 .text C:\MSI\MSI SUITE\MSI SUITE.exe[6684] C:\Windows\syswow64\USER32.dll!PeekMessageW 0000000076f005d2 5 bytes JMP 000000007ef20ef8 .text C:\MSI\MSI SUITE\MSI SUITE.exe[6684] C:\Windows\syswow64\USER32.dll!ShowWindow 0000000076f00e13 5 bytes JMP 000000007ef20fa2 .text C:\MSI\MSI SUITE\MSI SUITE.exe[6684] C:\Windows\syswow64\USER32.dll!SetWindowTextW 0000000076f01f14 5 bytes JMP 000000007ef2106e .text C:\MSI\MSI SUITE\MSI SUITE.exe[6684] C:\Windows\syswow64\USER32.dll!UnhookWindowsHookEx 0000000076f0392d 5 bytes JMP 000000007ef20f3c .text C:\MSI\MSI SUITE\MSI SUITE.exe[6684] C:\Windows\syswow64\USER32.dll!FindWindowExW 0000000076f0398a 5 bytes JMP 000000007ef210f6 .text C:\MSI\MSI SUITE\MSI SUITE.exe[6684] C:\Windows\syswow64\USER32.dll!PeekMessageA 0000000076f07044 5 bytes JMP 000000007ef20ed6 .text C:\MSI\MSI SUITE\MSI SUITE.exe[6684] C:\Windows\syswow64\USER32.dll!SetWindowLongA 0000000076f071e0 5 bytes JMP 000000007ef2115c .text C:\MSI\MSI SUITE\MSI SUITE.exe[6684] C:\Windows\syswow64\USER32.dll!CallNextHookEx 0000000076f07355 5 bytes JMP 000000007ef20f1a .text C:\MSI\MSI SUITE\MSI SUITE.exe[6684] C:\Windows\syswow64\USER32.dll!SetWindowsHookExW 0000000076f081f5 5 bytes JMP 000000007ef20e4e .text C:\MSI\MSI SUITE\MSI SUITE.exe[6684] C:\Windows\syswow64\USER32.dll!SendNotifyMessageW 0000000076f0825a 5 bytes JMP 000000007ef211c2 .text C:\MSI\MSI SUITE\MSI SUITE.exe[6684] C:\Windows\syswow64\USER32.dll!SetWindowTextA 0000000076f086de 5 bytes JMP 000000007ef2104c .text C:\MSI\MSI SUITE\MSI SUITE.exe[6684] C:\Windows\syswow64\USER32.dll!SetWindowsHookExA 0000000076f08f4c 5 bytes JMP 000000007ef20e2c .text C:\MSI\MSI SUITE\MSI SUITE.exe[6684] C:\Windows\syswow64\USER32.dll!DialogBoxIndirectParamAorW 0000000076f1d954 5 bytes JMP 000000007ef20fe6 .text C:\MSI\MSI SUITE\MSI SUITE.exe[6684] C:\Windows\syswow64\USER32.dll!CreateDialogIndirectParamAorW 0000000076f21080 5 bytes JMP 000000007ef20fc4 .text C:\MSI\MSI SUITE\MSI SUITE.exe[6684] C:\Windows\syswow64\USER32.dll!MessageBoxExA 0000000076f4fd66 5 bytes JMP 000000007ef21008 .text C:\MSI\MSI SUITE\MSI SUITE.exe[6684] C:\Windows\syswow64\USER32.dll!MessageBoxExW 0000000076f4fd8a 5 bytes JMP 000000007ef2102a .text C:\MSI\MSI SUITE\MSI SUITE.exe[6684] C:\Windows\syswow64\USER32.dll!SendNotifyMessageA 0000000076f56df5 5 bytes JMP 000000007ef211a0 .text C:\MSI\MSI SUITE\MSI SUITE.exe[6684] C:\Windows\syswow64\WS2_32.dll!closesocket 0000000076633918 5 bytes JMP 000000007ef2135a .text C:\MSI\MSI SUITE\MSI SUITE.exe[6684] C:\Windows\syswow64\WS2_32.dll!WSASocketW 0000000076633cd3 5 bytes JMP 000000007ef21338 .text C:\MSI\MSI SUITE\MSI SUITE.exe[6684] C:\Windows\syswow64\WS2_32.dll!socket 0000000076633eb8 5 bytes JMP 000000007ef2137c .text C:\MSI\MSI SUITE\MSI SUITE.exe[6684] C:\Windows\syswow64\WS2_32.dll!WSASend 0000000076634406 5 bytes JMP 000000007ef2128e .text C:\MSI\MSI SUITE\MSI SUITE.exe[6684] C:\Windows\syswow64\WS2_32.dll!GetAddrInfoW 0000000076634889 5 bytes JMP 000000007ef212d2 .text C:\MSI\MSI SUITE\MSI SUITE.exe[6684] C:\Windows\syswow64\WS2_32.dll!recv 0000000076636826 5 bytes JMP 000000007ef213c0 .text C:\MSI\MSI SUITE\MSI SUITE.exe[6684] C:\Windows\syswow64\WS2_32.dll!connect 00000000766368f5 5 bytes JMP 000000007ef212b0 .text C:\MSI\MSI SUITE\MSI SUITE.exe[6684] C:\Windows\syswow64\WS2_32.dll!send 0000000076636c19 5 bytes JMP 000000007ef2126c .text C:\MSI\MSI SUITE\MSI SUITE.exe[6684] C:\Windows\syswow64\WS2_32.dll!WSARecv 0000000076636da1 5 bytes JMP 000000007ef213e2 .text C:\MSI\MSI SUITE\MSI SUITE.exe[6684] C:\Windows\syswow64\WS2_32.dll!GetAddrInfoExW 000000007663a6db 5 bytes JMP 000000007ef212f4 .text C:\MSI\MSI SUITE\MSI SUITE.exe[6684] C:\Windows\syswow64\WS2_32.dll!WSAConnect 000000007663bcd5 5 bytes JMP 000000007ef2139e .text C:\MSI\MSI SUITE\MSI SUITE.exe[6684] C:\Windows\syswow64\WS2_32.dll!gethostbyname 000000007664771b 5 bytes JMP 000000007ef21316 .text C:\MSI\MSI SUITE\MSI SUITE.exe[6684] C:\Windows\syswow64\shell32.dll!Shell_NotifyIconW 0000000075370179 5 bytes JMP 000000007ef21426 .text C:\MSI\MSI SUITE\MSI SUITE.exe[6684] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000074e61401 2 bytes JMP 7633b233 C:\Windows\syswow64\KERNEL32.dll .text C:\MSI\MSI SUITE\MSI SUITE.exe[6684] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000074e61419 2 bytes JMP 7633b35e C:\Windows\syswow64\KERNEL32.dll .text C:\MSI\MSI SUITE\MSI SUITE.exe[6684] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000074e61431 2 bytes JMP 763b9149 C:\Windows\syswow64\KERNEL32.dll .text C:\MSI\MSI SUITE\MSI SUITE.exe[6684] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000074e6144a 2 bytes CALL 76314885 C:\Windows\syswow64\KERNEL32.dll .text ... * 9 .text C:\MSI\MSI SUITE\MSI SUITE.exe[6684] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000074e614dd 2 bytes JMP 763b8a42 C:\Windows\syswow64\KERNEL32.dll .text C:\MSI\MSI SUITE\MSI SUITE.exe[6684] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000074e614f5 2 bytes JMP 763b8c18 C:\Windows\syswow64\KERNEL32.dll .text C:\MSI\MSI SUITE\MSI SUITE.exe[6684] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000074e6150d 2 bytes JMP 763b8938 C:\Windows\syswow64\KERNEL32.dll .text C:\MSI\MSI SUITE\MSI SUITE.exe[6684] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000074e61525 2 bytes JMP 763b8d02 C:\Windows\syswow64\KERNEL32.dll .text C:\MSI\MSI SUITE\MSI SUITE.exe[6684] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000074e6153d 2 bytes JMP 7632fcc0 C:\Windows\syswow64\KERNEL32.dll .text C:\MSI\MSI SUITE\MSI SUITE.exe[6684] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000074e61555 2 bytes JMP 76336907 C:\Windows\syswow64\KERNEL32.dll .text C:\MSI\MSI SUITE\MSI SUITE.exe[6684] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000074e6156d 2 bytes JMP 763b9201 C:\Windows\syswow64\KERNEL32.dll .text C:\MSI\MSI SUITE\MSI SUITE.exe[6684] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000074e61585 2 bytes JMP 763b8d62 C:\Windows\syswow64\KERNEL32.dll .text C:\MSI\MSI SUITE\MSI SUITE.exe[6684] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000074e6159d 2 bytes JMP 763b88fc C:\Windows\syswow64\KERNEL32.dll .text C:\MSI\MSI SUITE\MSI SUITE.exe[6684] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000074e615b5 2 bytes JMP 7632fd59 C:\Windows\syswow64\KERNEL32.dll .text C:\MSI\MSI SUITE\MSI SUITE.exe[6684] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000074e615cd 2 bytes JMP 7633b2f4 C:\Windows\syswow64\KERNEL32.dll .text C:\MSI\MSI SUITE\MSI SUITE.exe[6684] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000074e616b2 2 bytes JMP 763b90c4 C:\Windows\syswow64\KERNEL32.dll .text C:\MSI\MSI SUITE\MSI SUITE.exe[6684] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000074e616bd 2 bytes JMP 763b8891 C:\Windows\syswow64\KERNEL32.dll .text C:\MSI\MSI SUITE\MSI SUITE.exe[6684] C:\Windows\SysWOW64\urlmon.dll!CreateUri + 128 0000000076d92b80 5 bytes JMP 000000007ef21514 .text C:\MSI\MSI SUITE\MSI SUITE.exe[6684] C:\Windows\SysWOW64\urlmon.dll!URLDownloadToCacheFileW 0000000076db95a0 5 bytes JMP 000000007ef2157a .text C:\MSI\MSI SUITE\MSI SUITE.exe[6684] C:\Windows\SysWOW64\urlmon.dll!URLDownloadToFileW 0000000076dc31d0 5 bytes JMP 000000007ef21536 .text C:\MSI\MSI SUITE\MSI SUITE.exe[6684] C:\Windows\SysWOW64\urlmon.dll!URLDownloadToFileA 0000000076e4cd50 5 bytes JMP 000000007ef21558 .text C:\Windows\system32\SearchIndexer.exe[6764] C:\Windows\SYSTEM32\ntdll.dll!RtlEqualSid + 1 00000000773076b1 11 bytes [B8, 7C, 22, F2, FF, FF, 07, ...] .text C:\Windows\system32\SearchIndexer.exe[6764] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateProcessParametersEx + 1 0000000077315121 7 bytes [B8, 64, 0D, F2, FF, FF, 07] .text C:\Windows\system32\SearchIndexer.exe[6764] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateProcessParametersEx + 10 000000007731512a 2 bytes [50, C3] .text C:\Windows\system32\SearchIndexer.exe[6764] C:\Windows\SYSTEM32\ntdll.dll!NtClose 000000007732be20 12 bytes [48, B8, 98, 15, F2, FF, FF, ...] .text C:\Windows\system32\SearchIndexer.exe[6764] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory 000000007732beb0 12 bytes [48, B8, 36, 1D, F2, FF, FF, ...] .text C:\Windows\system32\SearchIndexer.exe[6764] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess 000000007732bef0 12 bytes [48, B8, 14, 12, F2, FF, FF, ...] .text C:\Windows\system32\SearchIndexer.exe[6764] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationToken 000000007732bf40 12 bytes [48, B8, E6, 21, F2, FF, FF, ...] .text C:\Windows\system32\SearchIndexer.exe[6764] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 000000007732bf90 12 bytes [48, B8, 5C, 06, F2, FF, FF, ...] .text C:\Windows\system32\SearchIndexer.exe[6764] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 000000007732bfb0 12 bytes [48, B8, 80, 00, F2, FF, FF, ...] .text C:\Windows\system32\SearchIndexer.exe[6764] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection 000000007732bfd0 12 bytes [48, B8, 16, 01, F2, FF, FF, ...] .text C:\Windows\system32\SearchIndexer.exe[6764] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000000007732bff0 12 bytes [48, B8, 7E, 11, F2, FF, FF, ...] .text C:\Windows\system32\SearchIndexer.exe[6764] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 000000007732c0a0 12 bytes [48, B8, A8, 23, F2, FF, FF, ...] .text C:\Windows\system32\SearchIndexer.exe[6764] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000000007732c0d0 12 bytes [48, B8, 30, 05, F2, FF, FF, ...] .text C:\Windows\system32\SearchIndexer.exe[6764] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 000000007732c0f0 12 bytes [48, B8, 88, 07, F2, FF, FF, ...] .text C:\Windows\system32\SearchIndexer.exe[6764] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 000000007732c130 12 bytes [48, B8, 0A, 1C, F2, FF, FF, ...] .text C:\Windows\system32\SearchIndexer.exe[6764] C:\Windows\SYSTEM32\ntdll.dll!NtAdjustPrivilegesToken 000000007732c140 12 bytes [48, B8, 48, 1A, F2, FF, FF, ...] .text C:\Windows\system32\SearchIndexer.exe[6764] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 000000007732c180 12 bytes [48, B8, F2, 06, F2, FF, FF, ...] .text C:\Windows\system32\SearchIndexer.exe[6764] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcessEx 000000007732c200 12 bytes [48, B8, 04, 04, F2, FF, FF, ...] .text C:\Windows\system32\SearchIndexer.exe[6764] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 000000007732c210 12 bytes [48, B8, D8, 02, F2, FF, FF, ...] .text C:\Windows\system32\SearchIndexer.exe[6764] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory 000000007732c230 12 bytes [48, B8, CC, 1D, F2, FF, FF, ...] .text C:\Windows\system32\SearchIndexer.exe[6764] C:\Windows\SYSTEM32\ntdll.dll!NtSetValueKey 000000007732c330 12 bytes [48, B8, D4, 24, F2, FF, FF, ...] .text C:\Windows\system32\SearchIndexer.exe[6764] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 000000007732c700 12 bytes [48, B8, A0, 1C, F2, FF, FF, ...] .text C:\Windows\system32\SearchIndexer.exe[6764] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcess 000000007732c750 12 bytes [48, B8, 6E, 03, F2, FF, FF, ...] .text C:\Windows\system32\SearchIndexer.exe[6764] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 000000007732c7b0 12 bytes [48, B8, 42, 02, F2, FF, FF, ...] .text C:\Windows\system32\SearchIndexer.exe[6764] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 000000007732cb20 12 bytes [48, B8, 2E, 16, F2, FF, FF, ...] .text C:\Windows\system32\SearchIndexer.exe[6764] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcessToken 000000007732ccf0 12 bytes [48, B8, 50, 21, F2, FF, FF, ...] .text C:\Windows\system32\SearchIndexer.exe[6764] C:\Windows\SYSTEM32\ntdll.dll!NtRaiseHardError 000000007732d060 12 bytes [48, B8, 52, 10, F2, FF, FF, ...] .text C:\Windows\system32\SearchIndexer.exe[6764] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 000000007732d260 12 bytes [48, B8, C6, 05, F2, FF, FF, ...] .text C:\Windows\system32\SearchIndexer.exe[6764] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 000000007732d420 12 bytes [48, B8, C4, 16, F2, FF, FF, ...] .text C:\Windows\system32\SearchIndexer.exe[6764] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 000000007732d500 12 bytes [48, B8, 4A, 09, F2, FF, FF, ...] .text C:\Windows\system32\SearchIndexer.exe[6764] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 000000007732d510 12 bytes [48, B8, B4, 08, F2, FF, FF, ...] .text C:\Windows\system32\SearchIndexer.exe[6764] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 000000007732d520 12 bytes [48, B8, 3E, 24, F2, FF, FF, ...] .text C:\Windows\system32\SearchIndexer.exe[6764] C:\Windows\SYSTEM32\ntdll.dll!RtlReportException + 1 000000007739e391 11 bytes [B8, E8, 10, F2, FF, FF, 07, ...] .text C:\Windows\system32\SearchIndexer.exe[6764] C:\Windows\system32\KERNELBASE.dll!CloseHandle + 1 000007fefd251861 11 bytes [B8, CE, 0C, F2, FF, FF, 07, ...] .text C:\Windows\system32\SearchIndexer.exe[6764] C:\Windows\system32\KERNELBASE.dll!GetProcAddress + 1 000007fefd253371 11 bytes [B8, 6C, 14, F2, FF, FF, 07, ...] .text C:\Windows\system32\SearchIndexer.exe[6764] C:\Windows\system32\KERNELBASE.dll!FindClose + 1 000007fefd256401 11 bytes [B8, 24, 20, F2, FF, FF, 07, ...] .text C:\Windows\system32\SearchIndexer.exe[6764] C:\Windows\system32\KERNELBASE.dll!FindFirstFileExW 000007fefd256620 12 bytes [48, B8, F8, 1E, F2, FF, FF, ...] .text C:\Windows\system32\SearchIndexer.exe[6764] C:\Windows\system32\KERNELBASE.dll!FindNextFileW + 1 000007fefd257901 11 bytes [B8, 8E, 1F, F2, FF, FF, 07, ...] .text C:\Windows\system32\SearchIndexer.exe[6764] C:\Windows\system32\KERNELBASE.dll!CreateMutexW 000007fefd258750 9 bytes [48, B8, 38, 0C, F2, FF, FF, ...] .text C:\Windows\system32\SearchIndexer.exe[6764] C:\Windows\system32\KERNELBASE.dll!CreateMutexW + 10 000007fefd25875a 2 bytes [50, C3] .text C:\Windows\system32\SearchIndexer.exe[6764] C:\Windows\system32\KERNELBASE.dll!CreateWellKnownSid + 1 000007fefd25a5c1 11 bytes [B8, BA, 20, F2, FF, FF, 07, ...] .text C:\Windows\system32\SearchIndexer.exe[6764] C:\Windows\system32\KERNELBASE.dll!FreeLibrary + 1 000007fefd25aa61 11 bytes [B8, D6, 13, F2, FF, FF, 07, ...] .text C:\Windows\system32\SearchIndexer.exe[6764] C:\Windows\system32\KERNELBASE.dll!CreateRemoteThreadEx 000007fefd25acb0 12 bytes [48, B8, 62, 1E, F2, FF, FF, ...] .text C:\Windows\system32\SearchIndexer.exe[6764] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExA + 1 000007fefd25c751 11 bytes [B8, AA, 12, F2, FF, FF, 07, ...] .text C:\Windows\system32\SearchIndexer.exe[6764] C:\Windows\system32\KERNELBASE.dll!OpenThread + 1 000007fefd25ef51 11 bytes [B8, E0, 09, F2, FF, FF, 07, ...] .text C:\Windows\system32\SearchIndexer.exe[6764] C:\Windows\system32\KERNELBASE.dll!OpenMutexW + 1 000007fefd261c41 11 bytes [B8, A2, 0B, F2, FF, FF, 07, ...] .text C:\Windows\system32\SearchIndexer.exe[6764] C:\Windows\system32\KERNELBASE.dll!DeleteFileW + 1 000007fefd263291 11 bytes [B8, DE, 1A, F2, FF, FF, 07, ...] .text C:\Windows\system32\SearchIndexer.exe[6764] C:\Windows\system32\KERNELBASE.dll!DeleteFileA + 1 000007fefd2635a1 11 bytes [B8, 74, 1B, F2, FF, FF, 07, ...] .text C:\Windows\system32\SearchIndexer.exe[6764] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd269ac0 12 bytes [48, B8, 40, 13, F2, FF, FF, ...] .text C:\Windows\system32\SearchIndexer.exe[6764] C:\Windows\system32\KERNELBASE.dll!WriteProcessMemory 000007fefd2838a0 12 bytes [48, B8, 0C, 0B, F2, FF, FF, ...] .text C:\Windows\system32\SearchIndexer.exe[6764] C:\Windows\system32\KERNELBASE.dll!DefineDosDeviceW + 1 000007fefd28ff01 11 bytes [B8, 5A, 17, F2, FF, FF, 07, ...] .text C:\Windows\system32\SearchIndexer.exe[6764] C:\Windows\system32\KERNELBASE.dll!CreateRemoteThread + 1 000007fefd2922c1 8 bytes [B8, AC, 01, F2, FF, FF, 07, ...] .text C:\Windows\system32\SearchIndexer.exe[6764] C:\Windows\system32\KERNELBASE.dll!CreateRemoteThread + 10 000007fefd2922ca 2 bytes [50, C3] .text C:\Windows\system32\SearchIndexer.exe[6764] C:\Windows\system32\KERNELBASE.dll!CreateThread + 1 000007fefd292301 11 bytes [B8, 76, 0A, F2, FF, FF, 07, ...] .text C:\Program Files (x86)\MSI\Super Charger\Super Charger.exe[6904] C:\Windows\SysWOW64\ntdll.dll!NtClose 00000000774df9f0 5 bytes JMP 000000007ef20700 .text C:\Program Files (x86)\MSI\Super Charger\Super Charger.exe[6904] C:\Windows\SysWOW64\ntdll.dll!NtAllocateVirtualMemory 00000000774dfad0 5 bytes JMP 000000007ef208ba .text C:\Program Files (x86)\MSI\Super Charger\Super Charger.exe[6904] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationProcess 00000000774dfb38 1 byte JMP 000000007ef20656 .text C:\Program Files (x86)\MSI\Super Charger\Super Charger.exe[6904] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationProcess + 2 00000000774dfb3a 3 bytes {JMP 0x7a40b1e} .text C:\Program Files (x86)\MSI\Super Charger\Super Charger.exe[6904] C:\Windows\SysWOW64\ntdll.dll!NtQueryInformationToken 00000000774dfbb8 5 bytes JMP 000000007ef209ca .text C:\Program Files (x86)\MSI\Super Charger\Super Charger.exe[6904] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess 00000000774dfc30 5 bytes JMP 000000007ef203f2 .text C:\Program Files (x86)\MSI\Super Charger\Super Charger.exe[6904] C:\Windows\SysWOW64\ntdll.dll!NtMapViewOfSection 00000000774dfc60 5 bytes JMP 000000007ef20018 .text C:\Program Files (x86)\MSI\Super Charger\Super Charger.exe[6904] C:\Windows\SysWOW64\ntdll.dll!NtUnmapViewOfSection 00000000774dfc90 5 bytes JMP 000000007ef2003a .text C:\Program Files (x86)\MSI\Super Charger\Super Charger.exe[6904] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 00000000774dfcc0 5 bytes JMP 000000007ef20634 .text C:\Program Files (x86)\MSI\Super Charger\Super Charger.exe[6904] C:\Windows\SysWOW64\ntdll.dll!NtOpenSection 00000000774dfdd8 5 bytes JMP 000000007ef20a0e .text C:\Program Files (x86)\MSI\Super Charger\Super Charger.exe[6904] C:\Windows\SysWOW64\ntdll.dll!NtWriteVirtualMemory 00000000774dfe24 5 bytes JMP 000000007ef203ae .text C:\Program Files (x86)\MSI\Super Charger\Super Charger.exe[6904] C:\Windows\SysWOW64\ntdll.dll!NtDuplicateObject 00000000774dfe54 5 bytes JMP 000000007ef20436 .text C:\Program Files (x86)\MSI\Super Charger\Super Charger.exe[6904] C:\Windows\SysWOW64\ntdll.dll!NtOpenEvent 00000000774dfeb8 5 bytes JMP 000000007ef20876 .text C:\Program Files (x86)\MSI\Super Charger\Super Charger.exe[6904] C:\Windows\SysWOW64\ntdll.dll!NtAdjustPrivilegesToken 00000000774dfed0 5 bytes JMP 000000007ef20810 .text C:\Program Files (x86)\MSI\Super Charger\Super Charger.exe[6904] C:\Windows\SysWOW64\ntdll.dll!NtQueueApcThread 00000000774dff34 5 bytes JMP 000000007ef20414 .text C:\Program Files (x86)\MSI\Super Charger\Super Charger.exe[6904] C:\Windows\SysWOW64\ntdll.dll!NtCreateProcessEx 00000000774dfffc 5 bytes JMP 000000007ef2036a .text C:\Program Files (x86)\MSI\Super Charger\Super Charger.exe[6904] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread 00000000774e0014 5 bytes JMP 000000007ef20326 .text C:\Program Files (x86)\MSI\Super Charger\Super Charger.exe[6904] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory 00000000774e0048 5 bytes JMP 000000007ef208dc .text C:\Program Files (x86)\MSI\Super Charger\Super Charger.exe[6904] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile 00000000774e00c4 2 bytes JMP 000000007ef20128 .text C:\Program Files (x86)\MSI\Super Charger\Super Charger.exe[6904] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile + 3 00000000774e00c7 2 bytes [A4, 07] .text C:\Program Files (x86)\MSI\Super Charger\Super Charger.exe[6904] C:\Windows\SysWOW64\ntdll.dll!NtSetValueKey 00000000774e01d4 5 bytes JMP 000000007ef201b0 .text C:\Program Files (x86)\MSI\Super Charger\Super Charger.exe[6904] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant 00000000774e07ac 2 bytes JMP 000000007ef20898 .text C:\Program Files (x86)\MSI\Super Charger\Super Charger.exe[6904] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant + 3 00000000774e07af 2 bytes [A4, 07] .text C:\Program Files (x86)\MSI\Super Charger\Super Charger.exe[6904] C:\Windows\SysWOW64\ntdll.dll!NtCreateProcess 00000000774e0824 5 bytes JMP 000000007ef20348 .text C:\Program Files (x86)\MSI\Super Charger\Super Charger.exe[6904] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx 00000000774e08b4 5 bytes JMP 000000007ef20304 .text C:\Program Files (x86)\MSI\Super Charger\Super Charger.exe[6904] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver 00000000774e0e04 5 bytes JMP 000000007ef20722 .text C:\Program Files (x86)\MSI\Super Charger\Super Charger.exe[6904] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessToken 00000000774e10d0 5 bytes JMP 000000007ef209a8 .text C:\Program Files (x86)\MSI\Super Charger\Super Charger.exe[6904] C:\Windows\SysWOW64\ntdll.dll!NtRaiseHardError 00000000774e1614 5 bytes JMP 000000007ef205f0 .text C:\Program Files (x86)\MSI\Super Charger\Super Charger.exe[6904] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread 00000000774e1930 5 bytes JMP 000000007ef203d0 .text C:\Program Files (x86)\MSI\Super Charger\Super Charger.exe[6904] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation 00000000774e1bf4 5 bytes JMP 000000007ef20744 .text C:\Program Files (x86)\MSI\Super Charger\Super Charger.exe[6904] C:\Windows\SysWOW64\ntdll.dll!NtSuspendProcess 00000000774e1d64 5 bytes JMP 000000007ef2047a .text C:\Program Files (x86)\MSI\Super Charger\Super Charger.exe[6904] C:\Windows\SysWOW64\ntdll.dll!NtSuspendThread 00000000774e1d80 5 bytes JMP 000000007ef20458 .text C:\Program Files (x86)\MSI\Super Charger\Super Charger.exe[6904] C:\Windows\SysWOW64\ntdll.dll!NtSystemDebugControl 00000000774e1d9c 5 bytes JMP 000000007ef20a30 .text C:\Program Files (x86)\MSI\Super Charger\Super Charger.exe[6904] C:\Windows\SysWOW64\ntdll.dll!RtlQueryPerformanceCounter 00000000774f2954 5 bytes JMP 000000007ef200c2 .text C:\Program Files (x86)\MSI\Super Charger\Super Charger.exe[6904] C:\Windows\SysWOW64\ntdll.dll!RtlEqualSid 00000000774f8ee1 5 bytes JMP 000000007ef209ec .text C:\Program Files (x86)\MSI\Super Charger\Super Charger.exe[6904] C:\Windows\SysWOW64\ntdll.dll!RtlCreateProcessParametersEx 000000007752005b 5 bytes JMP 000000007ef2016c .text C:\Program Files (x86)\MSI\Super Charger\Super Charger.exe[6904] C:\Windows\SysWOW64\ntdll.dll!RtlReportException 0000000077568757 5 bytes JMP 000000007ef20612 .text C:\Program Files (x86)\MSI\Super Charger\Super Charger.exe[6904] C:\Windows\SysWOW64\ntdll.dll!RtlCreateProcessParameters 000000007756e9f7 5 bytes JMP 000000007ef2014a .text C:\Program Files (x86)\MSI\Super Charger\Super Charger.exe[6904] C:\Windows\syswow64\kernel32.dll!GetStartupInfoA 0000000076310e00 5 bytes JMP 000000007ef200e4 .text C:\Program Files (x86)\MSI\Super Charger\Super Charger.exe[6904] C:\Windows\syswow64\kernel32.dll!CreateProcessA 0000000076311072 5 bytes JMP 000000007ef202c0 .text C:\Program Files (x86)\MSI\Super Charger\Super Charger.exe[6904] C:\Windows\syswow64\kernel32.dll!LoadLibraryA 0000000076314977 5 bytes JMP 000000007ef20238 .text C:\Program Files (x86)\MSI\Super Charger\Super Charger.exe[6904] C:\Windows\syswow64\kernel32.dll!CreateProcessInternalW 0000000076323bbb 5 bytes JMP 000000007ef2038c .text C:\Program Files (x86)\MSI\Super Charger\Super Charger.exe[6904] C:\Windows\syswow64\kernel32.dll!MoveFileWithProgressW 0000000076329abc 5 bytes JMP 000000007ef207ee .text C:\Program Files (x86)\MSI\Super Charger\Super Charger.exe[6904] C:\Windows\syswow64\kernel32.dll!MoveFileExW 0000000076329b1d 5 bytes JMP 000000007ef207aa .text C:\Program Files (x86)\MSI\Super Charger\Super Charger.exe[6904] C:\Windows\syswow64\kernel32.dll!CreateToolhelp32Snapshot 000000007633733f 5 bytes JMP 000000007ef2025a .text C:\Program Files (x86)\MSI\Super Charger\Super Charger.exe[6904] C:\Windows\syswow64\kernel32.dll!Process32NextW 00000000763388f2 5 bytes JMP 000000007ef206de .text C:\Program Files (x86)\MSI\Super Charger\Super Charger.exe[6904] C:\Windows\syswow64\kernel32.dll!MoveFileExA 000000007633ccf1 5 bytes JMP 000000007ef20788 .text C:\Program Files (x86)\MSI\Super Charger\Super Charger.exe[6904] C:\Windows\syswow64\kernel32.dll!MoveFileWithProgressA 000000007633cd11 5 bytes JMP 000000007ef207cc .text C:\Program Files (x86)\MSI\Super Charger\Super Charger.exe[6904] C:\Windows\syswow64\kernel32.dll!WinExec 0000000076393231 5 bytes JMP 000000007ef2029e .text C:\Program Files (x86)\MSI\Super Charger\Super Charger.exe[6904] C:\Windows\syswow64\kernel32.dll!ReadConsoleInputA 00000000763b773b 5 bytes JMP 000000007ef20568 .text C:\Program Files (x86)\MSI\Super Charger\Super Charger.exe[6904] C:\Windows\syswow64\kernel32.dll!ReadConsoleInputW 00000000763b775e 5 bytes JMP 000000007ef2058a .text C:\Program Files (x86)\MSI\Super Charger\Super Charger.exe[6904] C:\Windows\syswow64\kernel32.dll!ReadConsoleA 00000000763b7b09 5 bytes JMP 000000007ef205ac .text C:\Program Files (x86)\MSI\Super Charger\Super Charger.exe[6904] C:\Windows\syswow64\kernel32.dll!ReadConsoleW 00000000763b7b82 5 bytes JMP 000000007ef205ce .text C:\Program Files (x86)\MSI\Super Charger\Super Charger.exe[6904] C:\Windows\syswow64\KERNELBASE.dll!GetSystemTimeAsFileTime 0000000077078fa5 5 bytes JMP 000000007ef200a0 .text C:\Program Files (x86)\MSI\Super Charger\Super Charger.exe[6904] C:\Windows\syswow64\KERNELBASE.dll!CloseHandle 000000007707c558 5 bytes JMP 000000007ef20546 .text C:\Program Files (x86)\MSI\Super Charger\Super Charger.exe[6904] C:\Windows\syswow64\KERNELBASE.dll!WriteProcessMemory 000000007707edc6 5 bytes JMP 000000007ef204e0 .text C:\Program Files (x86)\MSI\Super Charger\Super Charger.exe[6904] C:\Windows\syswow64\KERNELBASE.dll!ExitProcess 000000007707f329 5 bytes JMP 000000007ef201d2 .text C:\Program Files (x86)\MSI\Super Charger\Super Charger.exe[6904] C:\Windows\syswow64\KERNELBASE.dll!GetStartupInfoW 000000007707fbac 5 bytes JMP 000000007ef20106 .text C:\Program Files (x86)\MSI\Super Charger\Super Charger.exe[6904] C:\Windows\syswow64\KERNELBASE.dll!DefineDosDeviceW 000000007707fcda 5 bytes JMP 000000007ef20766 .text C:\Program Files (x86)\MSI\Super Charger\Super Charger.exe[6904] C:\Windows\syswow64\KERNELBASE.dll!CreateMutexW 000000007708147b 5 bytes JMP 000000007ef20524 .text C:\Program Files (x86)\MSI\Super Charger\Super Charger.exe[6904] C:\Windows\syswow64\KERNELBASE.dll!OpenMutexW 00000000770814a2 5 bytes JMP 000000007ef20502 .text C:\Program Files (x86)\MSI\Super Charger\Super Charger.exe[6904] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000077081e4c 5 bytes JMP 000000007ef2007e .text C:\Program Files (x86)\MSI\Super Charger\Super Charger.exe[6904] C:\Windows\syswow64\KERNELBASE.dll!GetProcAddress 0000000077081f38 5 bytes JMP 000000007ef20216 .text C:\Program Files (x86)\MSI\Super Charger\Super Charger.exe[6904] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000077082bdc 5 bytes JMP 000000007ef2069a .text C:\Program Files (x86)\MSI\Super Charger\Super Charger.exe[6904] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExA 0000000077082e40 5 bytes JMP 000000007ef20678 .text C:\Program Files (x86)\MSI\Super Charger\Super Charger.exe[6904] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000077082e7e 5 bytes JMP 000000007ef206bc .text C:\Program Files (x86)\MSI\Super Charger\Super Charger.exe[6904] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleA 0000000077082fe1 5 bytes JMP 000000007ef2005c .text C:\Program Files (x86)\MSI\Super Charger\Super Charger.exe[6904] C:\Windows\syswow64\KERNELBASE.dll!OpenThread 000000007708396a 5 bytes JMP 000000007ef2049c .text C:\Program Files (x86)\MSI\Super Charger\Super Charger.exe[6904] C:\Windows\syswow64\KERNELBASE.dll!SleepEx 0000000077083cd7 5 bytes JMP 000000007ef2018e .text C:\Program Files (x86)\MSI\Super Charger\Super Charger.exe[6904] C:\Windows\syswow64\KERNELBASE.dll!CreateRemoteThreadEx 0000000077083fdf 5 bytes JMP 000000007ef208fe .text C:\Program Files (x86)\MSI\Super Charger\Super Charger.exe[6904] C:\Windows\syswow64\KERNELBASE.dll!Sleep 00000000770845fd 5 bytes JMP 000000007ef201f4 .text C:\Program Files (x86)\MSI\Super Charger\Super Charger.exe[6904] C:\Windows\syswow64\KERNELBASE.dll!CreateThread 000000007708476f 5 bytes JMP 000000007ef204be .text C:\Program Files (x86)\MSI\Super Charger\Super Charger.exe[6904] C:\Windows\syswow64\KERNELBASE.dll!CreateRemoteThread 0000000077084798 5 bytes JMP 000000007ef202e2 .text C:\Program Files (x86)\MSI\Super Charger\Super Charger.exe[6904] C:\Windows\syswow64\KERNELBASE.dll!DeleteFileW 0000000077089dcf 5 bytes JMP 000000007ef20832 .text C:\Program Files (x86)\MSI\Super Charger\Super Charger.exe[6904] C:\Windows\syswow64\KERNELBASE.dll!DeleteFileA 000000007708a11c 5 bytes JMP 000000007ef20854 .text C:\Program Files (x86)\MSI\Super Charger\Super Charger.exe[6904] C:\Windows\syswow64\KERNELBASE.dll!FindNextFileW 000000007708a37a 5 bytes JMP 000000007ef20942 .text C:\Program Files (x86)\MSI\Super Charger\Super Charger.exe[6904] C:\Windows\syswow64\KERNELBASE.dll!FindClose 000000007708a589 5 bytes JMP 000000007ef20964 .text C:\Program Files (x86)\MSI\Super Charger\Super Charger.exe[6904] C:\Windows\syswow64\KERNELBASE.dll!FindFirstFileExW 000000007708a663 5 bytes JMP 000000007ef20920 .text C:\Program Files (x86)\MSI\Super Charger\Super Charger.exe[6904] C:\Windows\syswow64\KERNELBASE.dll!CreateFileA 000000007708c8a8 5 bytes JMP 000000007ef2027c .text C:\Program Files (x86)\MSI\Super Charger\Super Charger.exe[6904] C:\Windows\syswow64\KERNELBASE.dll!CreateWellKnownSid 000000007708e414 5 bytes JMP 000000007ef20986 .text C:\Program Files (x86)\MSI\Super Charger\Super Charger.exe[6904] C:\Windows\syswow64\USER32.dll!GetWindowLongW 0000000076ef6ffe 5 bytes JMP 000000007ef2115c .text C:\Program Files (x86)\MSI\Super Charger\Super Charger.exe[6904] C:\Windows\syswow64\USER32.dll!GetMessageW 0000000076ef78e2 5 bytes JMP 000000007ef20ed6 .text C:\Program Files (x86)\MSI\Super Charger\Super Charger.exe[6904] C:\Windows\syswow64\USER32.dll!GetMessageA 0000000076ef7bd3 5 bytes JMP 000000007ef20eb4 .text C:\Program Files (x86)\MSI\Super Charger\Super Charger.exe[6904] C:\Windows\syswow64\USER32.dll!SetWindowLongW 0000000076ef8332 5 bytes JMP 000000007ef211a0 .text C:\Program Files (x86)\MSI\Super Charger\Super Charger.exe[6904] C:\Windows\syswow64\USER32.dll!CreateWindowExW 0000000076ef8a29 5 bytes JMP 000000007ef20f80 .text C:\Program Files (x86)\MSI\Super Charger\Super Charger.exe[6904] C:\Windows\syswow64\USER32.dll!FindWindowW 0000000076ef98fd 5 bytes JMP 000000007ef210f6 .text C:\Program Files (x86)\MSI\Super Charger\Super Charger.exe[6904] C:\Windows\syswow64\USER32.dll!UserClientDllInitialize 0000000076efb6fa 5 bytes JMP 000000007ef20a52 .text C:\Program Files (x86)\MSI\Super Charger\Super Charger.exe[6904] C:\Windows\syswow64\USER32.dll!GetWindowLongA 0000000076efd166 5 bytes JMP 000000007ef2113a .text C:\Program Files (x86)\MSI\Super Charger\Super Charger.exe[6904] C:\Windows\syswow64\USER32.dll!CreateWindowExA 0000000076efd23e 5 bytes JMP 000000007ef20fa2 .text C:\Program Files (x86)\MSI\Super Charger\Super Charger.exe[6904] C:\Windows\syswow64\USER32.dll!SetWinEventHook 0000000076efee21 5 bytes JMP 000000007ef20e92 .text C:\Program Files (x86)\MSI\Super Charger\Super Charger.exe[6904] C:\Windows\syswow64\USER32.dll!FindWindowA 0000000076effffe 5 bytes JMP 000000007ef210b2 .text C:\Program Files (x86)\MSI\Super Charger\Super Charger.exe[6904] C:\Windows\syswow64\USER32.dll!FindWindowExA 0000000076f000f1 5 bytes JMP 000000007ef210d4 .text C:\Program Files (x86)\MSI\Super Charger\Super Charger.exe[6904] C:\Windows\syswow64\USER32.dll!PeekMessageW 0000000076f005d2 5 bytes JMP 000000007ef20f1a .text C:\Program Files (x86)\MSI\Super Charger\Super Charger.exe[6904] C:\Windows\syswow64\USER32.dll!ShowWindow 0000000076f00e13 5 bytes JMP 000000007ef20fc4 .text C:\Program Files (x86)\MSI\Super Charger\Super Charger.exe[6904] C:\Windows\syswow64\USER32.dll!SetWindowTextW 0000000076f01f14 5 bytes JMP 000000007ef21090 .text C:\Program Files (x86)\MSI\Super Charger\Super Charger.exe[6904] C:\Windows\syswow64\USER32.dll!UnhookWindowsHookEx 0000000076f0392d 5 bytes JMP 000000007ef20f5e .text C:\Program Files (x86)\MSI\Super Charger\Super Charger.exe[6904] C:\Windows\syswow64\USER32.dll!FindWindowExW 0000000076f0398a 5 bytes JMP 000000007ef21118 .text C:\Program Files (x86)\MSI\Super Charger\Super Charger.exe[6904] C:\Windows\syswow64\USER32.dll!PeekMessageA 0000000076f07044 5 bytes JMP 000000007ef20ef8 .text C:\Program Files (x86)\MSI\Super Charger\Super Charger.exe[6904] C:\Windows\syswow64\USER32.dll!SetWindowLongA 0000000076f071e0 5 bytes JMP 000000007ef2117e .text C:\Program Files (x86)\MSI\Super Charger\Super Charger.exe[6904] C:\Windows\syswow64\USER32.dll!CallNextHookEx 0000000076f07355 5 bytes JMP 000000007ef20f3c .text C:\Program Files (x86)\MSI\Super Charger\Super Charger.exe[6904] C:\Windows\syswow64\USER32.dll!SetWindowsHookExW 0000000076f081f5 5 bytes JMP 000000007ef20e70 .text C:\Program Files (x86)\MSI\Super Charger\Super Charger.exe[6904] C:\Windows\syswow64\USER32.dll!SendNotifyMessageW 0000000076f0825a 5 bytes JMP 000000007ef211e4 .text C:\Program Files (x86)\MSI\Super Charger\Super Charger.exe[6904] C:\Windows\syswow64\USER32.dll!SetWindowTextA 0000000076f086de 5 bytes JMP 000000007ef2106e .text C:\Program Files (x86)\MSI\Super Charger\Super Charger.exe[6904] C:\Windows\syswow64\USER32.dll!SetWindowsHookExA 0000000076f08f4c 5 bytes JMP 000000007ef20e4e .text C:\Program Files (x86)\MSI\Super Charger\Super Charger.exe[6904] C:\Windows\syswow64\USER32.dll!DialogBoxIndirectParamAorW 0000000076f1d954 5 bytes JMP 000000007ef21008 .text C:\Program Files (x86)\MSI\Super Charger\Super Charger.exe[6904] C:\Windows\syswow64\USER32.dll!CreateDialogIndirectParamAorW 0000000076f21080 5 bytes JMP 000000007ef20fe6 .text C:\Program Files (x86)\MSI\Super Charger\Super Charger.exe[6904] C:\Windows\syswow64\USER32.dll!MessageBoxExA 0000000076f4fd66 5 bytes JMP 000000007ef2102a .text C:\Program Files (x86)\MSI\Super Charger\Super Charger.exe[6904] C:\Windows\syswow64\USER32.dll!MessageBoxExW 0000000076f4fd8a 5 bytes JMP 000000007ef2104c .text C:\Program Files (x86)\MSI\Super Charger\Super Charger.exe[6904] C:\Windows\syswow64\USER32.dll!SendNotifyMessageA 0000000076f56df5 5 bytes JMP 000000007ef211c2 .text C:\Program Files (x86)\MSI\Super Charger\Super Charger.exe[6904] C:\Windows\syswow64\GDI32.dll!TranslateCharsetInfo + 505 0000000076d1633b 5 bytes JMP 000000007ef20a74 .text C:\Program Files (x86)\MSI\Super Charger\Super Charger.exe[6904] C:\Windows\syswow64\GDI32.dll!SetBrushAttributes 0000000076d385fd 5 bytes JMP 000000007ef20b40 .text C:\Program Files (x86)\MSI\Super Charger\Super Charger.exe[6904] C:\Windows\syswow64\GDI32.dll!ClearBrushAttributes 0000000076d3861c 5 bytes JMP 000000007ef20b62 .text C:\Program Files (x86)\MSI\Super Charger\Super Charger.exe[6904] C:\Windows\syswow64\GDI32.dll!NamedEscape 0000000076d4421d 5 bytes JMP 000000007ef20b84 .text C:\Program Files (x86)\MSI\Super Charger\Super Charger.exe[6904] C:\Windows\syswow64\msvcrt.dll!_lock + 41 000000007652a472 5 bytes JMP 000000007ef20a96 .text C:\Program Files (x86)\MSI\Super Charger\Super Charger.exe[6904] C:\Windows\syswow64\msvcrt.dll!__p__fmode 00000000765327ce 5 bytes JMP 000000007ef20b1e .text C:\Program Files (x86)\MSI\Super Charger\Super Charger.exe[6904] C:\Windows\syswow64\msvcrt.dll!__p__environ 000000007653e6cf 5 bytes JMP 000000007ef20afc .text C:\Program Files (x86)\MSI\Super Charger\Super Charger.exe[6904] C:\Windows\syswow64\ADVAPI32.dll!CryptGenKey 0000000076c28e69 5 bytes JMP 000000007ef20d60 .text C:\Program Files (x86)\MSI\Super Charger\Super Charger.exe[6904] C:\Windows\syswow64\ADVAPI32.dll!CryptAcquireContextA 0000000076c29159 5 bytes JMP 000000007ef20d1c .text C:\Program Files (x86)\MSI\Super Charger\Super Charger.exe[6904] C:\Windows\syswow64\ADVAPI32.dll!CryptExportKey 0000000076c29166 5 bytes JMP 000000007ef20dc6 .text C:\Program Files (x86)\MSI\Super Charger\Super Charger.exe[6904] C:\Windows\syswow64\ADVAPI32.dll!CryptImportKey 0000000076c2c4b2 5 bytes JMP 000000007ef20e2c .text C:\Program Files (x86)\MSI\Super Charger\Super Charger.exe[6904] C:\Windows\syswow64\ADVAPI32.dll!OpenServiceW 0000000076c2c9cc 5 bytes JMP 000000007ef20bc8 .text C:\Program Files (x86)\MSI\Super Charger\Super Charger.exe[6904] C:\Windows\syswow64\ADVAPI32.dll!CryptAcquireContextW 0000000076c2de94 5 bytes JMP 000000007ef20d3e .text C:\Program Files (x86)\MSI\Super Charger\Super Charger.exe[6904] C:\Windows\syswow64\ADVAPI32.dll!CryptHashData 0000000076c2deb6 5 bytes JMP 000000007ef20e0a .text C:\Program Files (x86)\MSI\Super Charger\Super Charger.exe[6904] C:\Windows\syswow64\ADVAPI32.dll!CryptCreateHash 0000000076c2dece 5 bytes JMP 000000007ef20da4 .text C:\Program Files (x86)\MSI\Super Charger\Super Charger.exe[6904] C:\Windows\syswow64\ADVAPI32.dll!CryptGetHashParam 0000000076c2defe 5 bytes JMP 000000007ef20de8 .text C:\Program Files (x86)\MSI\Super Charger\Super Charger.exe[6904] C:\Windows\syswow64\ADVAPI32.dll!OpenServiceA 0000000076c32b38 5 bytes JMP 000000007ef20ba6 .text C:\Program Files (x86)\MSI\Super Charger\Super Charger.exe[6904] C:\Windows\syswow64\ADVAPI32.dll!CloseServiceHandle 0000000076c335e4 5 bytes JMP 000000007ef20cb6 .text C:\Program Files (x86)\MSI\Super Charger\Super Charger.exe[6904] C:\Windows\syswow64\ADVAPI32.dll!RegOpenKeyExA + 222 0000000076c34939 5 bytes JMP 000000007ef20ab8 .text C:\Program Files (x86)\MSI\Super Charger\Super Charger.exe[6904] C:\Windows\syswow64\ADVAPI32.dll!CreateServiceW 0000000076c470a4 5 bytes JMP 000000007ef20cfa .text C:\Program Files (x86)\MSI\Super Charger\Super Charger.exe[6904] C:\Windows\syswow64\ADVAPI32.dll!ControlService 0000000076c470bc 5 bytes JMP 000000007ef20c2e .text C:\Program Files (x86)\MSI\Super Charger\Super Charger.exe[6904] C:\Windows\syswow64\ADVAPI32.dll!DeleteService 0000000076c470d4 5 bytes JMP 000000007ef20c50 .text C:\Program Files (x86)\MSI\Super Charger\Super Charger.exe[6904] C:\Windows\syswow64\ADVAPI32.dll!CryptEncrypt 0000000076c4771b 5 bytes JMP 000000007ef20d82 .text C:\Program Files (x86)\MSI\Super Charger\Super Charger.exe[6904] C:\Windows\syswow64\ADVAPI32.dll!ChangeServiceConfigA 0000000076c633a4 5 bytes JMP 000000007ef20c72 .text C:\Program Files (x86)\MSI\Super Charger\Super Charger.exe[6904] C:\Windows\syswow64\ADVAPI32.dll!ChangeServiceConfigW 0000000076c633b4 5 bytes JMP 000000007ef20c94 .text C:\Program Files (x86)\MSI\Super Charger\Super Charger.exe[6904] C:\Windows\syswow64\ADVAPI32.dll!ControlServiceExA 0000000076c633c4 5 bytes JMP 000000007ef20bea .text C:\Program Files (x86)\MSI\Super Charger\Super Charger.exe[6904] C:\Windows\syswow64\ADVAPI32.dll!ControlServiceExW 0000000076c633d4 5 bytes JMP 000000007ef20c0c .text C:\Program Files (x86)\MSI\Super Charger\Super Charger.exe[6904] C:\Windows\syswow64\ADVAPI32.dll!CreateServiceA 0000000076c63414 5 bytes JMP 000000007ef20cd8 .text C:\Program Files (x86)\MSI\Super Charger\Super Charger.exe[6904] C:\Windows\syswow64\SHELL32.dll!Shell_NotifyIconW 0000000075370179 5 bytes JMP 000000007ef21206 .text C:\Program Files (x86)\MSI\Super Charger\Super Charger.exe[6904] C:\Windows\syswow64\WS2_32.dll!closesocket 0000000076633918 5 bytes JMP 000000007ef21338 .text C:\Program Files (x86)\MSI\Super Charger\Super Charger.exe[6904] C:\Windows\syswow64\WS2_32.dll!WSASocketW 0000000076633cd3 5 bytes JMP 000000007ef21316 .text C:\Program Files (x86)\MSI\Super Charger\Super Charger.exe[6904] C:\Windows\syswow64\WS2_32.dll!socket 0000000076633eb8 5 bytes JMP 000000007ef2135a .text C:\Program Files (x86)\MSI\Super Charger\Super Charger.exe[6904] C:\Windows\syswow64\WS2_32.dll!WSASend 0000000076634406 5 bytes JMP 000000007ef2126c .text C:\Program Files (x86)\MSI\Super Charger\Super Charger.exe[6904] C:\Windows\syswow64\WS2_32.dll!GetAddrInfoW 0000000076634889 5 bytes JMP 000000007ef212b0 .text C:\Program Files (x86)\MSI\Super Charger\Super Charger.exe[6904] C:\Windows\syswow64\WS2_32.dll!recv 0000000076636826 5 bytes JMP 000000007ef2139e .text C:\Program Files (x86)\MSI\Super Charger\Super Charger.exe[6904] C:\Windows\syswow64\WS2_32.dll!connect 00000000766368f5 5 bytes JMP 000000007ef2128e .text C:\Program Files (x86)\MSI\Super Charger\Super Charger.exe[6904] C:\Windows\syswow64\WS2_32.dll!send 0000000076636c19 5 bytes JMP 000000007ef2124a .text C:\Program Files (x86)\MSI\Super Charger\Super Charger.exe[6904] C:\Windows\syswow64\WS2_32.dll!WSARecv 0000000076636da1 5 bytes JMP 000000007ef213c0 .text C:\Program Files (x86)\MSI\Super Charger\Super Charger.exe[6904] C:\Windows\syswow64\WS2_32.dll!GetAddrInfoExW 000000007663a6db 5 bytes JMP 000000007ef212d2 .text C:\Program Files (x86)\MSI\Super Charger\Super Charger.exe[6904] C:\Windows\syswow64\WS2_32.dll!WSAConnect 000000007663bcd5 5 bytes JMP 000000007ef2137c .text C:\Program Files (x86)\MSI\Super Charger\Super Charger.exe[6904] C:\Windows\syswow64\WS2_32.dll!gethostbyname 000000007664771b 5 bytes JMP 000000007ef212f4 .text C:\Windows\system32\svchost.exe[4120] C:\Windows\SYSTEM32\ntdll.dll!RtlEqualSid + 1 00000000773076b1 11 bytes [B8, E6, 21, F2, FF, FF, 07, ...] .text C:\Windows\system32\svchost.exe[4120] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateProcessParametersEx + 1 0000000077315121 7 bytes [B8, 64, 0D, F2, FF, FF, 07] .text C:\Windows\system32\svchost.exe[4120] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateProcessParametersEx + 10 000000007731512a 2 bytes [50, C3] .text C:\Windows\system32\svchost.exe[4120] C:\Windows\SYSTEM32\ntdll.dll!NtClose 000000007732be20 12 bytes [48, B8, 98, 15, F2, FF, FF, ...] .text C:\Windows\system32\svchost.exe[4120] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory 000000007732beb0 12 bytes [48, B8, A0, 1C, F2, FF, FF, ...] .text C:\Windows\system32\svchost.exe[4120] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess 000000007732bef0 12 bytes [48, B8, 14, 12, F2, FF, FF, ...] .text C:\Windows\system32\svchost.exe[4120] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationToken 000000007732bf40 12 bytes [48, B8, 50, 21, F2, FF, FF, ...] .text C:\Windows\system32\svchost.exe[4120] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 000000007732bf90 12 bytes [48, B8, 5C, 06, F2, FF, FF, ...] .text C:\Windows\system32\svchost.exe[4120] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 000000007732bfb0 12 bytes [48, B8, 80, 00, F2, FF, FF, ...] .text C:\Windows\system32\svchost.exe[4120] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection 000000007732bfd0 12 bytes [48, B8, 16, 01, F2, FF, FF, ...] .text C:\Windows\system32\svchost.exe[4120] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000000007732bff0 12 bytes [48, B8, 7E, 11, F2, FF, FF, ...] .text C:\Windows\system32\svchost.exe[4120] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 000000007732c0a0 12 bytes [48, B8, 12, 23, F2, FF, FF, ...] .text C:\Windows\system32\svchost.exe[4120] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000000007732c0d0 12 bytes [48, B8, 30, 05, F2, FF, FF, ...] .text C:\Windows\system32\svchost.exe[4120] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 000000007732c0f0 12 bytes [48, B8, 88, 07, F2, FF, FF, ...] .text C:\Windows\system32\svchost.exe[4120] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 000000007732c130 12 bytes [48, B8, 74, 1B, F2, FF, FF, ...] .text C:\Windows\system32\svchost.exe[4120] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 000000007732c180 12 bytes [48, B8, F2, 06, F2, FF, FF, ...] .text C:\Windows\system32\svchost.exe[4120] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcessEx 000000007732c200 12 bytes [48, B8, 04, 04, F2, FF, FF, ...] .text C:\Windows\system32\svchost.exe[4120] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 000000007732c210 12 bytes [48, B8, D8, 02, F2, FF, FF, ...] .text C:\Windows\system32\svchost.exe[4120] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory 000000007732c230 12 bytes [48, B8, 36, 1D, F2, FF, FF, ...] .text C:\Windows\system32\svchost.exe[4120] C:\Windows\SYSTEM32\ntdll.dll!NtSetValueKey 000000007732c330 12 bytes [48, B8, 3E, 24, F2, FF, FF, ...] .text C:\Windows\system32\svchost.exe[4120] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 000000007732c700 12 bytes [48, B8, 0A, 1C, F2, FF, FF, ...] .text C:\Windows\system32\svchost.exe[4120] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcess 000000007732c750 12 bytes [48, B8, 6E, 03, F2, FF, FF, ...] .text C:\Windows\system32\svchost.exe[4120] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 000000007732c7b0 12 bytes [48, B8, 42, 02, F2, FF, FF, ...] .text C:\Windows\system32\svchost.exe[4120] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 000000007732cb20 12 bytes [48, B8, 2E, 16, F2, FF, FF, ...] .text C:\Windows\system32\svchost.exe[4120] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcessToken 000000007732ccf0 12 bytes [48, B8, BA, 20, F2, FF, FF, ...] .text C:\Windows\system32\svchost.exe[4120] C:\Windows\SYSTEM32\ntdll.dll!NtRaiseHardError 000000007732d060 12 bytes [48, B8, 52, 10, F2, FF, FF, ...] .text C:\Windows\system32\svchost.exe[4120] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 000000007732d260 12 bytes [48, B8, C6, 05, F2, FF, FF, ...] .text C:\Windows\system32\svchost.exe[4120] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 000000007732d420 12 bytes [48, B8, C4, 16, F2, FF, FF, ...] .text C:\Windows\system32\svchost.exe[4120] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 000000007732d500 12 bytes [48, B8, 4A, 09, F2, FF, FF, ...] .text C:\Windows\system32\svchost.exe[4120] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 000000007732d510 12 bytes [48, B8, B4, 08, F2, FF, FF, ...] .text C:\Windows\system32\svchost.exe[4120] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 000000007732d520 12 bytes [48, B8, A8, 23, F2, FF, FF, ...] .text C:\Windows\system32\svchost.exe[4120] C:\Windows\SYSTEM32\ntdll.dll!RtlReportException + 1 000000007739e391 11 bytes [B8, E8, 10, F2, FF, FF, 07, ...] .text C:\Windows\system32\svchost.exe[4120] C:\Windows\system32\kernel32.dll!Process32NextW + 1 00000000770c1b21 11 bytes [B8, 02, 15, F2, FF, FF, 07, ...] .text C:\Windows\system32\svchost.exe[4120] C:\Windows\system32\kernel32.dll!CreateToolhelp32Snapshot 00000000770c1c10 12 bytes [48, B8, 1E, 08, F2, FF, FF, ...] .text C:\Windows\system32\svchost.exe[4120] C:\Windows\system32\kernel32.dll!MoveFileExW + 1 00000000770c2b61 8 bytes [B8, 86, 18, F2, FF, FF, 07, ...] .text C:\Windows\system32\svchost.exe[4120] C:\Windows\system32\kernel32.dll!MoveFileExW + 10 00000000770c2b6a 2 bytes [50, C3] .text C:\Windows\system32\svchost.exe[4120] C:\Windows\system32\kernel32.dll!CreateProcessInternalW 00000000770ddd20 12 bytes [48, B8, 9A, 04, F2, FF, FF, ...] .text C:\Windows\system32\svchost.exe[4120] C:\Windows\system32\kernel32.dll!GetStartupInfoA + 1 00000000770e08c1 11 bytes [B8, 7C, 22, F2, FF, FF, 07, ...] .text C:\Windows\system32\svchost.exe[4120] C:\Windows\system32\kernel32.dll!ReadConsoleInputW + 1 00000000771154f1 11 bytes [B8, 90, 0E, F2, FF, FF, 07, ...] .text C:\Windows\system32\svchost.exe[4120] C:\Windows\system32\kernel32.dll!ReadConsoleInputA + 1 0000000077115511 11 bytes [B8, FA, 0D, F2, FF, FF, 07, ...] .text C:\Windows\system32\svchost.exe[4120] C:\Windows\system32\kernel32.dll!ReadConsoleW 000000007712a830 12 bytes [48, B8, BC, 0F, F2, FF, FF, ...] .text C:\Windows\system32\svchost.exe[4120] C:\Windows\system32\kernel32.dll!ReadConsoleA 000000007712a940 12 bytes [48, B8, 26, 0F, F2, FF, FF, ...] .text C:\Windows\system32\svchost.exe[4120] C:\Windows\system32\kernel32.dll!MoveFileWithProgressW + 1 000000007714f6e1 11 bytes [B8, B2, 19, F2, FF, FF, 07, ...] .text C:\Windows\system32\svchost.exe[4120] C:\Windows\system32\kernel32.dll!MoveFileWithProgressA + 1 000000007714f8e1 11 bytes [B8, 1C, 19, F2, FF, FF, 07, ...] .text C:\Windows\system32\svchost.exe[4120] C:\Windows\system32\kernel32.dll!MoveFileExA + 1 000000007714f911 8 bytes [B8, F0, 17, F2, FF, FF, 07, ...] .text C:\Windows\system32\svchost.exe[4120] C:\Windows\system32\kernel32.dll!MoveFileExA + 10 000000007714f91a 2 bytes [50, C3] .text C:\Windows\system32\svchost.exe[4120] C:\Windows\system32\KERNELBASE.dll!CloseHandle + 1 000007fefd251861 11 bytes [B8, CE, 0C, F2, FF, FF, 07, ...] .text C:\Windows\system32\svchost.exe[4120] C:\Windows\system32\KERNELBASE.dll!GetProcAddress + 1 000007fefd253371 11 bytes [B8, 6C, 14, F2, FF, FF, 07, ...] .text C:\Windows\system32\svchost.exe[4120] C:\Windows\system32\KERNELBASE.dll!FindClose + 1 000007fefd256401 11 bytes [B8, 8E, 1F, F2, FF, FF, 07, ...] .text C:\Windows\system32\svchost.exe[4120] C:\Windows\system32\KERNELBASE.dll!FindFirstFileExW 000007fefd256620 12 bytes [48, B8, 62, 1E, F2, FF, FF, ...] .text C:\Windows\system32\svchost.exe[4120] C:\Windows\system32\KERNELBASE.dll!FindNextFileW + 1 000007fefd257901 11 bytes [B8, F8, 1E, F2, FF, FF, 07, ...] .text C:\Windows\system32\svchost.exe[4120] C:\Windows\system32\KERNELBASE.dll!CreateMutexW 000007fefd258750 9 bytes [48, B8, 38, 0C, F2, FF, FF, ...] .text C:\Windows\system32\svchost.exe[4120] C:\Windows\system32\KERNELBASE.dll!CreateMutexW + 10 000007fefd25875a 2 bytes [50, C3] .text C:\Windows\system32\svchost.exe[4120] C:\Windows\system32\KERNELBASE.dll!CreateWellKnownSid + 1 000007fefd25a5c1 11 bytes [B8, 24, 20, F2, FF, FF, 07, ...] .text C:\Windows\system32\svchost.exe[4120] C:\Windows\system32\KERNELBASE.dll!FreeLibrary + 1 000007fefd25aa61 11 bytes [B8, D6, 13, F2, FF, FF, 07, ...] .text C:\Windows\system32\svchost.exe[4120] C:\Windows\system32\KERNELBASE.dll!CreateRemoteThreadEx 000007fefd25acb0 12 bytes [48, B8, CC, 1D, F2, FF, FF, ...] .text C:\Windows\system32\svchost.exe[4120] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExA + 1 000007fefd25c751 11 bytes [B8, AA, 12, F2, FF, FF, 07, ...] .text C:\Windows\system32\svchost.exe[4120] C:\Windows\system32\KERNELBASE.dll!OpenThread + 1 000007fefd25ef51 11 bytes [B8, E0, 09, F2, FF, FF, 07, ...] .text C:\Windows\system32\svchost.exe[4120] C:\Windows\system32\KERNELBASE.dll!OpenMutexW + 1 000007fefd261c41 11 bytes [B8, A2, 0B, F2, FF, FF, 07, ...] .text C:\Windows\system32\svchost.exe[4120] C:\Windows\system32\KERNELBASE.dll!DeleteFileW + 1 000007fefd263291 11 bytes [B8, 48, 1A, F2, FF, FF, 07, ...] .text C:\Windows\system32\svchost.exe[4120] C:\Windows\system32\KERNELBASE.dll!DeleteFileA + 1 000007fefd2635a1 11 bytes [B8, DE, 1A, F2, FF, FF, 07, ...] .text C:\Windows\system32\svchost.exe[4120] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd269ac0 12 bytes [48, B8, 40, 13, F2, FF, FF, ...] .text C:\Windows\system32\svchost.exe[4120] C:\Windows\system32\KERNELBASE.dll!WriteProcessMemory 000007fefd2838a0 12 bytes [48, B8, 0C, 0B, F2, FF, FF, ...] .text C:\Windows\system32\svchost.exe[4120] C:\Windows\system32\KERNELBASE.dll!DefineDosDeviceW + 1 000007fefd28ff01 11 bytes [B8, 5A, 17, F2, FF, FF, 07, ...] .text C:\Windows\system32\svchost.exe[4120] C:\Windows\system32\KERNELBASE.dll!CreateRemoteThread + 1 000007fefd2922c1 8 bytes [B8, AC, 01, F2, FF, FF, 07, ...] .text C:\Windows\system32\svchost.exe[4120] C:\Windows\system32\KERNELBASE.dll!CreateRemoteThread + 10 000007fefd2922ca 2 bytes [50, C3] .text C:\Windows\system32\svchost.exe[4120] C:\Windows\system32\KERNELBASE.dll!CreateThread + 1 000007fefd292301 11 bytes [B8, 76, 0A, F2, FF, FF, 07, ...] .text C:\Windows\system32\svchost.exe[4120] C:\Windows\system32\GDI32.dll!GdiDllInitialize + 353 000007feff3caf11 11 bytes [B8, D4, 24, F2, FF, FF, 07, ...] .text C:\Windows\system32\svchost.exe[4120] C:\Windows\system32\GDI32.dll!SetBrushAttributes + 1 000007feff3e49a9 11 bytes [B8, AA, 38, F2, FF, FF, 07, ...] .text C:\Windows\system32\svchost.exe[4120] C:\Windows\system32\GDI32.dll!ClearBrushAttributes + 1 000007feff3e49c9 11 bytes [B8, 40, 39, F2, FF, FF, 07, ...] .text C:\Windows\system32\svchost.exe[4120] C:\Windows\system32\GDI32.dll!NamedEscape + 1 000007feff3f9271 11 bytes [B8, D6, 39, F2, FF, FF, 07, ...] .text C:\Windows\system32\svchost.exe[4120] C:\Windows\system32\ADVAPI32.dll!CryptExportKey + 1 000007fefeb7ac21 11 bytes [B8, 0A, 44, F2, FF, FF, 07, ...] .text C:\Windows\system32\svchost.exe[4120] C:\Windows\system32\ADVAPI32.dll!CryptAcquireContextA + 1 000007fefeb7ac7d 11 bytes [B8, 32, 41, F2, FF, FF, 07, ...] .text C:\Windows\system32\svchost.exe[4120] C:\Windows\system32\ADVAPI32.dll!CryptImportKey + 1 000007fefeb7e415 11 bytes [B8, B6, 45, F2, FF, FF, 07, ...] .text C:\Windows\system32\svchost.exe[4120] C:\Windows\system32\ADVAPI32.dll!OpenServiceW 000007fefeb7e514 12 bytes [48, B8, 82, 3B, F2, FF, FF, ...] .text C:\Windows\system32\svchost.exe[4120] C:\Windows\system32\ADVAPI32.dll!CryptAcquireContextW + 1 000007fefeb801bd 11 bytes [B8, C8, 41, F2, FF, FF, 07, ...] .text C:\Windows\system32\svchost.exe[4120] C:\Windows\system32\ADVAPI32.dll!CryptCreateHash + 1 000007fefeb80291 11 bytes [B8, 74, 43, F2, FF, FF, 07, ...] .text C:\Windows\system32\svchost.exe[4120] C:\Windows\system32\ADVAPI32.dll!CryptGetHashParam + 1 000007fefeb802bd 11 bytes [B8, A0, 44, F2, FF, FF, 07, ...] .text C:\Windows\system32\svchost.exe[4120] C:\Windows\system32\ADVAPI32.dll!CloseServiceHandle 000007fefeb8a830 12 bytes [48, B8, 70, 3F, F2, FF, FF, ...] .text C:\Windows\system32\svchost.exe[4120] C:\Windows\system32\ADVAPI32.dll!IsTextUnicode + 49 000007fefeb94291 11 bytes [B8, 6C, 3A, F2, FF, FF, 07, ...] .text C:\Windows\system32\svchost.exe[4120] C:\Windows\system32\ADVAPI32.dll!CreateServiceW 000007fefeb949b0 12 bytes [48, B8, 9C, 40, F2, FF, FF, ...] .text C:\Windows\system32\svchost.exe[4120] C:\Windows\system32\ADVAPI32.dll!CryptEncrypt + 1 000007fefebaa409 7 bytes [B8, DE, 42, F2, FF, FF, 07] .text C:\Windows\system32\svchost.exe[4120] C:\Windows\system32\ADVAPI32.dll!CryptEncrypt + 10 000007fefebaa412 2 bytes [50, C3] .text C:\Windows\system32\svchost.exe[4120] C:\Windows\system32\ADVAPI32.dll!CreateServiceA 000007fefebaa490 12 bytes [48, B8, 06, 40, F2, FF, FF, ...] .text C:\Windows\system32\svchost.exe[4120] C:\Windows\system32\ADVAPI32.dll!ControlServiceExW 000007fefebaa5e8 36 bytes [48, B8, AE, 3C, F2, FF, FF, ...] .text C:\Windows\system32\svchost.exe[4120] C:\Windows\system32\ADVAPI32.dll!ChangeServiceConfigA 000007fefebaa66c 12 bytes [48, B8, 44, 3E, F2, FF, FF, ...] .text C:\Windows\system32\svchost.exe[4120] C:\Windows\system32\WS2_32.dll!WSASend + 1 000007fefea813b1 11 bytes [B8, FC, 4A, F2, FF, FF, 07, ...] .text C:\Windows\system32\svchost.exe[4120] C:\Windows\system32\WS2_32.dll!closesocket 000007fefea818e0 12 bytes [48, B8, 66, 4A, F2, FF, FF, ...] .text C:\Windows\system32\svchost.exe[4120] C:\Windows\system32\WS2_32.dll!WSASocketW + 1 000007fefea81bd1 11 bytes [B8, D0, 49, F2, FF, FF, 07, ...] .text C:\Windows\system32\svchost.exe[4120] C:\Windows\system32\WS2_32.dll!WSARecv + 1 000007fefea82201 11 bytes [B8, 54, 4D, F2, FF, FF, 07, ...] .text C:\Windows\system32\svchost.exe[4120] C:\Windows\system32\WS2_32.dll!GetAddrInfoW 000007fefea823c0 12 bytes [48, B8, 78, 47, F2, FF, FF, ...] .text C:\Windows\system32\svchost.exe[4120] C:\Windows\system32\WS2_32.dll!connect 000007fefea842f0 12 bytes [48, B8, E2, 46, F2, FF, FF, ...] .text C:\Windows\system32\svchost.exe[4120] C:\Windows\system32\WS2_32.dll!send + 1 000007fefea87cd1 11 bytes [B8, 3A, 49, F2, FF, FF, 07, ...] .text C:\Windows\system32\svchost.exe[4120] C:\Windows\system32\WS2_32.dll!gethostbyname 000007fefea88ac0 8 bytes [48, B8, A4, 48, F2, FF, FF, ...] .text C:\Windows\system32\svchost.exe[4120] C:\Windows\system32\WS2_32.dll!gethostbyname + 9 000007fefea88ac9 3 bytes [00, 50, C3] .text C:\Windows\system32\svchost.exe[4120] C:\Windows\system32\WS2_32.dll!GetAddrInfoExW 000007fefea8be40 12 bytes [48, B8, 0E, 48, F2, FF, FF, ...] .text C:\Windows\system32\svchost.exe[4120] C:\Windows\system32\WS2_32.dll!socket + 1 000007fefea8d911 11 bytes [B8, 92, 4B, F2, FF, FF, 07, ...] .text C:\Windows\system32\svchost.exe[4120] C:\Windows\system32\WS2_32.dll!recv + 1 000007fefea8d9c1 11 bytes [B8, BE, 4C, F2, FF, FF, 07, ...] .text C:\Windows\system32\svchost.exe[4120] C:\Windows\system32\WS2_32.dll!WSAConnect + 1 000007fefeaae081 11 bytes [B8, 28, 4C, F2, FF, FF, 07, ...] .text C:\Windows\system32\svchost.exe[4120] C:\Windows\system32\WINHTTP.dll!WinHttpCloseHandle 000007fef67e22d0 12 bytes [48, B8, 16, 4F, F2, FF, FF, ...] .text C:\Windows\system32\svchost.exe[4120] C:\Windows\system32\WINHTTP.dll!WinHttpOpenRequest 000007fef67e45f0 12 bytes [48, B8, 80, 4E, F2, FF, FF, ...] .text C:\Windows\system32\svchost.exe[4120] C:\Windows\system32\WINHTTP.dll!WinHttpConnect 000007fef67f3e68 12 bytes [48, B8, AC, 4F, F2, FF, FF, ...] .text C:\Windows\System32\svchost.exe[2500] C:\Windows\SYSTEM32\ntdll.dll!RtlEqualSid + 1 00000000773076b1 11 bytes [B8, E6, 21, F2, FF, FF, 07, ...] .text C:\Windows\System32\svchost.exe[2500] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateProcessParametersEx + 1 0000000077315121 7 bytes [B8, 64, 0D, F2, FF, FF, 07] .text C:\Windows\System32\svchost.exe[2500] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateProcessParametersEx + 10 000000007731512a 2 bytes [50, C3] .text C:\Windows\System32\svchost.exe[2500] C:\Windows\SYSTEM32\ntdll.dll!NtClose 000000007732be20 12 bytes [48, B8, 98, 15, F2, FF, FF, ...] .text C:\Windows\System32\svchost.exe[2500] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory 000000007732beb0 12 bytes [48, B8, A0, 1C, F2, FF, FF, ...] .text C:\Windows\System32\svchost.exe[2500] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess 000000007732bef0 12 bytes [48, B8, 14, 12, F2, FF, FF, ...] .text C:\Windows\System32\svchost.exe[2500] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationToken 000000007732bf40 12 bytes [48, B8, 50, 21, F2, FF, FF, ...] .text C:\Windows\System32\svchost.exe[2500] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 000000007732bf90 12 bytes [48, B8, 5C, 06, F2, FF, FF, ...] .text C:\Windows\System32\svchost.exe[2500] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 000000007732bfb0 12 bytes [48, B8, 80, 00, F2, FF, FF, ...] .text C:\Windows\System32\svchost.exe[2500] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection 000000007732bfd0 12 bytes [48, B8, 16, 01, F2, FF, FF, ...] .text C:\Windows\System32\svchost.exe[2500] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000000007732bff0 12 bytes [48, B8, 7E, 11, F2, FF, FF, ...] .text C:\Windows\System32\svchost.exe[2500] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 000000007732c0a0 12 bytes [48, B8, 12, 23, F2, FF, FF, ...] .text C:\Windows\System32\svchost.exe[2500] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000000007732c0d0 12 bytes [48, B8, 30, 05, F2, FF, FF, ...] .text C:\Windows\System32\svchost.exe[2500] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 000000007732c0f0 12 bytes [48, B8, 88, 07, F2, FF, FF, ...] .text C:\Windows\System32\svchost.exe[2500] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 000000007732c130 12 bytes [48, B8, 74, 1B, F2, FF, FF, ...] .text C:\Windows\System32\svchost.exe[2500] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 000000007732c180 12 bytes [48, B8, F2, 06, F2, FF, FF, ...] .text C:\Windows\System32\svchost.exe[2500] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcessEx 000000007732c200 12 bytes [48, B8, 04, 04, F2, FF, FF, ...] .text C:\Windows\System32\svchost.exe[2500] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 000000007732c210 12 bytes [48, B8, D8, 02, F2, FF, FF, ...] .text C:\Windows\System32\svchost.exe[2500] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory 000000007732c230 12 bytes [48, B8, 36, 1D, F2, FF, FF, ...] .text C:\Windows\System32\svchost.exe[2500] C:\Windows\SYSTEM32\ntdll.dll!NtSetValueKey 000000007732c330 12 bytes [48, B8, 3E, 24, F2, FF, FF, ...] .text C:\Windows\System32\svchost.exe[2500] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 000000007732c700 12 bytes [48, B8, 0A, 1C, F2, FF, FF, ...] .text C:\Windows\System32\svchost.exe[2500] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcess 000000007732c750 12 bytes [48, B8, 6E, 03, F2, FF, FF, ...] .text C:\Windows\System32\svchost.exe[2500] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 000000007732c7b0 12 bytes [48, B8, 42, 02, F2, FF, FF, ...] .text C:\Windows\System32\svchost.exe[2500] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 000000007732cb20 12 bytes [48, B8, 2E, 16, F2, FF, FF, ...] .text C:\Windows\System32\svchost.exe[2500] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcessToken 000000007732ccf0 12 bytes [48, B8, BA, 20, F2, FF, FF, ...] .text C:\Windows\System32\svchost.exe[2500] C:\Windows\SYSTEM32\ntdll.dll!NtRaiseHardError 000000007732d060 12 bytes [48, B8, 52, 10, F2, FF, FF, ...] .text C:\Windows\System32\svchost.exe[2500] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 000000007732d260 12 bytes [48, B8, C6, 05, F2, FF, FF, ...] .text C:\Windows\System32\svchost.exe[2500] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 000000007732d420 12 bytes [48, B8, C4, 16, F2, FF, FF, ...] .text C:\Windows\System32\svchost.exe[2500] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 000000007732d500 12 bytes [48, B8, 4A, 09, F2, FF, FF, ...] .text C:\Windows\System32\svchost.exe[2500] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 000000007732d510 12 bytes [48, B8, B4, 08, F2, FF, FF, ...] .text C:\Windows\System32\svchost.exe[2500] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 000000007732d520 12 bytes [48, B8, A8, 23, F2, FF, FF, ...] .text C:\Windows\System32\svchost.exe[2500] C:\Windows\SYSTEM32\ntdll.dll!RtlReportException + 1 000000007739e391 11 bytes [B8, E8, 10, F2, FF, FF, 07, ...] .text C:\Windows\System32\svchost.exe[2500] C:\Windows\system32\kernel32.dll!Process32NextW + 1 00000000770c1b21 11 bytes [B8, 02, 15, F2, FF, FF, 07, ...] .text C:\Windows\System32\svchost.exe[2500] C:\Windows\system32\kernel32.dll!CreateToolhelp32Snapshot 00000000770c1c10 12 bytes [48, B8, 1E, 08, F2, FF, FF, ...] .text C:\Windows\System32\svchost.exe[2500] C:\Windows\system32\kernel32.dll!MoveFileExW + 1 00000000770c2b61 8 bytes [B8, 86, 18, F2, FF, FF, 07, ...] .text C:\Windows\System32\svchost.exe[2500] C:\Windows\system32\kernel32.dll!MoveFileExW + 10 00000000770c2b6a 2 bytes [50, C3] .text C:\Windows\System32\svchost.exe[2500] C:\Windows\system32\kernel32.dll!CreateProcessInternalW 00000000770ddd20 12 bytes [48, B8, 9A, 04, F2, FF, FF, ...] .text C:\Windows\System32\svchost.exe[2500] C:\Windows\system32\kernel32.dll!GetStartupInfoA + 1 00000000770e08c1 11 bytes [B8, 7C, 22, F2, FF, FF, 07, ...] .text C:\Windows\System32\svchost.exe[2500] C:\Windows\system32\kernel32.dll!ReadConsoleInputW + 1 00000000771154f1 11 bytes [B8, 90, 0E, F2, FF, FF, 07, ...] .text C:\Windows\System32\svchost.exe[2500] C:\Windows\system32\kernel32.dll!ReadConsoleInputA + 1 0000000077115511 11 bytes [B8, FA, 0D, F2, FF, FF, 07, ...] .text C:\Windows\System32\svchost.exe[2500] C:\Windows\system32\kernel32.dll!ReadConsoleW 000000007712a830 12 bytes [48, B8, BC, 0F, F2, FF, FF, ...] .text C:\Windows\System32\svchost.exe[2500] C:\Windows\system32\kernel32.dll!ReadConsoleA 000000007712a940 12 bytes [48, B8, 26, 0F, F2, FF, FF, ...] .text C:\Windows\System32\svchost.exe[2500] C:\Windows\system32\kernel32.dll!MoveFileWithProgressW + 1 000000007714f6e1 11 bytes [B8, B2, 19, F2, FF, FF, 07, ...] .text C:\Windows\System32\svchost.exe[2500] C:\Windows\system32\kernel32.dll!MoveFileWithProgressA + 1 000000007714f8e1 11 bytes [B8, 1C, 19, F2, FF, FF, 07, ...] .text C:\Windows\System32\svchost.exe[2500] C:\Windows\system32\kernel32.dll!MoveFileExA + 1 000000007714f911 8 bytes [B8, F0, 17, F2, FF, FF, 07, ...] .text C:\Windows\System32\svchost.exe[2500] C:\Windows\system32\kernel32.dll!MoveFileExA + 10 000000007714f91a 2 bytes [50, C3] .text C:\Windows\System32\svchost.exe[2500] C:\Windows\system32\KERNELBASE.dll!CloseHandle + 1 000007fefd251861 11 bytes [B8, CE, 0C, F2, FF, FF, 07, ...] .text C:\Windows\System32\svchost.exe[2500] C:\Windows\system32\KERNELBASE.dll!GetProcAddress + 1 000007fefd253371 11 bytes [B8, 6C, 14, F2, FF, FF, 07, ...] .text C:\Windows\System32\svchost.exe[2500] C:\Windows\system32\KERNELBASE.dll!FindClose + 1 000007fefd256401 11 bytes [B8, 8E, 1F, F2, FF, FF, 07, ...] .text C:\Windows\System32\svchost.exe[2500] C:\Windows\system32\KERNELBASE.dll!FindFirstFileExW 000007fefd256620 12 bytes [48, B8, 62, 1E, F2, FF, FF, ...] .text C:\Windows\System32\svchost.exe[2500] C:\Windows\system32\KERNELBASE.dll!FindNextFileW + 1 000007fefd257901 11 bytes [B8, F8, 1E, F2, FF, FF, 07, ...] .text C:\Windows\System32\svchost.exe[2500] C:\Windows\system32\KERNELBASE.dll!CreateMutexW 000007fefd258750 9 bytes [48, B8, 38, 0C, F2, FF, FF, ...] .text C:\Windows\System32\svchost.exe[2500] C:\Windows\system32\KERNELBASE.dll!CreateMutexW + 10 000007fefd25875a 2 bytes [50, C3] .text C:\Windows\System32\svchost.exe[2500] C:\Windows\system32\KERNELBASE.dll!CreateWellKnownSid + 1 000007fefd25a5c1 11 bytes [B8, 24, 20, F2, FF, FF, 07, ...] .text C:\Windows\System32\svchost.exe[2500] C:\Windows\system32\KERNELBASE.dll!FreeLibrary + 1 000007fefd25aa61 11 bytes [B8, D6, 13, F2, FF, FF, 07, ...] .text C:\Windows\System32\svchost.exe[2500] C:\Windows\system32\KERNELBASE.dll!CreateRemoteThreadEx 000007fefd25acb0 12 bytes [48, B8, CC, 1D, F2, FF, FF, ...] .text C:\Windows\System32\svchost.exe[2500] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExA + 1 000007fefd25c751 11 bytes [B8, AA, 12, F2, FF, FF, 07, ...] .text C:\Windows\System32\svchost.exe[2500] C:\Windows\system32\KERNELBASE.dll!OpenThread + 1 000007fefd25ef51 11 bytes [B8, E0, 09, F2, FF, FF, 07, ...] .text C:\Windows\System32\svchost.exe[2500] C:\Windows\system32\KERNELBASE.dll!OpenMutexW + 1 000007fefd261c41 11 bytes [B8, A2, 0B, F2, FF, FF, 07, ...] .text C:\Windows\System32\svchost.exe[2500] C:\Windows\system32\KERNELBASE.dll!DeleteFileW + 1 000007fefd263291 11 bytes [B8, 48, 1A, F2, FF, FF, 07, ...] .text C:\Windows\System32\svchost.exe[2500] C:\Windows\system32\KERNELBASE.dll!DeleteFileA + 1 000007fefd2635a1 11 bytes [B8, DE, 1A, F2, FF, FF, 07, ...] .text C:\Windows\System32\svchost.exe[2500] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd269ac0 12 bytes [48, B8, 40, 13, F2, FF, FF, ...] .text C:\Windows\System32\svchost.exe[2500] C:\Windows\system32\KERNELBASE.dll!WriteProcessMemory 000007fefd2838a0 12 bytes [48, B8, 0C, 0B, F2, FF, FF, ...] .text C:\Windows\System32\svchost.exe[2500] C:\Windows\system32\KERNELBASE.dll!DefineDosDeviceW + 1 000007fefd28ff01 11 bytes [B8, 5A, 17, F2, FF, FF, 07, ...] .text C:\Windows\System32\svchost.exe[2500] C:\Windows\system32\KERNELBASE.dll!CreateRemoteThread + 1 000007fefd2922c1 8 bytes [B8, AC, 01, F2, FF, FF, 07, ...] .text C:\Windows\System32\svchost.exe[2500] C:\Windows\system32\KERNELBASE.dll!CreateRemoteThread + 10 000007fefd2922ca 2 bytes [50, C3] .text C:\Windows\System32\svchost.exe[2500] C:\Windows\system32\KERNELBASE.dll!CreateThread + 1 000007fefd292301 11 bytes [B8, 76, 0A, F2, FF, FF, 07, ...] .text C:\Windows\System32\svchost.exe[2500] C:\Windows\system32\WS2_32.dll!WSASend + 1 000007fefea813b1 11 bytes [B8, 84, 29, F2, FF, FF, 07, ...] .text C:\Windows\System32\svchost.exe[2500] C:\Windows\system32\WS2_32.dll!closesocket 000007fefea818e0 12 bytes [48, B8, EE, 28, F2, FF, FF, ...] .text C:\Windows\System32\svchost.exe[2500] C:\Windows\system32\WS2_32.dll!WSASocketW + 1 000007fefea81bd1 11 bytes [B8, 58, 28, F2, FF, FF, 07, ...] .text C:\Windows\System32\svchost.exe[2500] C:\Windows\system32\WS2_32.dll!WSARecv + 1 000007fefea82201 11 bytes [B8, DC, 2B, F2, FF, FF, 07, ...] .text C:\Windows\System32\svchost.exe[2500] C:\Windows\system32\WS2_32.dll!GetAddrInfoW 000007fefea823c0 12 bytes [48, B8, 00, 26, F2, FF, FF, ...] .text C:\Windows\System32\svchost.exe[2500] C:\Windows\system32\WS2_32.dll!connect 000007fefea842f0 12 bytes [48, B8, 6A, 25, F2, FF, FF, ...] .text C:\Windows\System32\svchost.exe[2500] C:\Windows\system32\WS2_32.dll!send + 1 000007fefea87cd1 11 bytes [B8, C2, 27, F2, FF, FF, 07, ...] .text C:\Windows\System32\svchost.exe[2500] C:\Windows\system32\WS2_32.dll!gethostbyname 000007fefea88ac0 8 bytes [48, B8, 2C, 27, F2, FF, FF, ...] .text C:\Windows\System32\svchost.exe[2500] C:\Windows\system32\WS2_32.dll!gethostbyname + 9 000007fefea88ac9 3 bytes [00, 50, C3] .text C:\Windows\System32\svchost.exe[2500] C:\Windows\system32\WS2_32.dll!GetAddrInfoExW 000007fefea8be40 12 bytes [48, B8, 96, 26, F2, FF, FF, ...] .text C:\Windows\System32\svchost.exe[2500] C:\Windows\system32\WS2_32.dll!socket + 1 000007fefea8d911 11 bytes [B8, 1A, 2A, F2, FF, FF, 07, ...] .text C:\Windows\System32\svchost.exe[2500] C:\Windows\system32\WS2_32.dll!recv + 1 000007fefea8d9c1 11 bytes [B8, 46, 2B, F2, FF, FF, 07, ...] .text C:\Windows\System32\svchost.exe[2500] C:\Windows\system32\WS2_32.dll!WSAConnect + 1 000007fefeaae081 11 bytes [B8, B0, 2A, F2, FF, FF, 07, ...] .text C:\Windows\System32\svchost.exe[2500] C:\Windows\system32\GDI32.dll!GdiDllInitialize + 353 000007feff3caf11 11 bytes [B8, 08, 2D, F2, FF, FF, 07, ...] .text C:\Windows\System32\svchost.exe[2500] C:\Windows\system32\GDI32.dll!SetBrushAttributes + 1 000007feff3e49a9 11 bytes [B8, 9E, 2D, F2, FF, FF, 07, ...] .text C:\Windows\System32\svchost.exe[2500] C:\Windows\system32\GDI32.dll!ClearBrushAttributes + 1 000007feff3e49c9 11 bytes [B8, 34, 2E, F2, FF, FF, 07, ...] .text C:\Windows\System32\svchost.exe[2500] C:\Windows\system32\GDI32.dll!NamedEscape + 1 000007feff3f9271 11 bytes [B8, CA, 2E, F2, FF, FF, 07, ...] .text C:\Windows\System32\svchost.exe[2500] C:\Windows\system32\ADVAPI32.dll!CryptExportKey + 1 000007fefeb7ac21 11 bytes [B8, A8, 4B, F2, FF, FF, 07, ...] .text C:\Windows\System32\svchost.exe[2500] C:\Windows\system32\ADVAPI32.dll!CryptAcquireContextA + 1 000007fefeb7ac7d 11 bytes [B8, D0, 48, F2, FF, FF, 07, ...] .text C:\Windows\System32\svchost.exe[2500] C:\Windows\system32\ADVAPI32.dll!CryptImportKey + 1 000007fefeb7e415 11 bytes [B8, 54, 4D, F2, FF, FF, 07, ...] .text C:\Windows\System32\svchost.exe[2500] C:\Windows\system32\ADVAPI32.dll!OpenServiceW 000007fefeb7e514 12 bytes [48, B8, 20, 43, F2, FF, FF, ...] .text C:\Windows\System32\svchost.exe[2500] C:\Windows\system32\ADVAPI32.dll!CryptAcquireContextW + 1 000007fefeb801bd 11 bytes [B8, 66, 49, F2, FF, FF, 07, ...] .text C:\Windows\System32\svchost.exe[2500] C:\Windows\system32\ADVAPI32.dll!CryptCreateHash + 1 000007fefeb80291 11 bytes [B8, 12, 4B, F2, FF, FF, 07, ...] .text C:\Windows\System32\svchost.exe[2500] C:\Windows\system32\ADVAPI32.dll!CryptGetHashParam + 1 000007fefeb802bd 11 bytes [B8, 3E, 4C, F2, FF, FF, 07, ...] .text C:\Windows\System32\svchost.exe[2500] C:\Windows\system32\ADVAPI32.dll!CloseServiceHandle 000007fefeb8a830 12 bytes [48, B8, 0E, 47, F2, FF, FF, ...] .text C:\Windows\System32\svchost.exe[2500] C:\Windows\system32\ADVAPI32.dll!IsTextUnicode + 49 000007fefeb94291 11 bytes [B8, 0A, 42, F2, FF, FF, 07, ...] .text C:\Windows\System32\svchost.exe[2500] C:\Windows\system32\ADVAPI32.dll!CreateServiceW 000007fefeb949b0 3 bytes [48, B8, 3A] .text C:\Windows\System32\svchost.exe[2500] C:\Windows\system32\ADVAPI32.dll!CreateServiceW + 4 000007fefeb949b4 8 bytes [F2, FF, FF, 07, 00, 00, 50, ...] .text C:\Windows\System32\svchost.exe[2500] C:\Windows\system32\ADVAPI32.dll!CryptEncrypt + 1 000007fefebaa409 7 bytes [B8, 7C, 4A, F2, FF, FF, 07] .text C:\Windows\System32\svchost.exe[2500] C:\Windows\system32\ADVAPI32.dll!CryptEncrypt + 10 000007fefebaa412 2 bytes [50, C3] .text C:\Windows\System32\svchost.exe[2500] C:\Windows\system32\ADVAPI32.dll!CreateServiceA 000007fefebaa490 12 bytes [48, B8, A4, 47, F2, FF, FF, ...] .text C:\Windows\System32\svchost.exe[2500] C:\Windows\system32\ADVAPI32.dll!ControlServiceExW 000007fefebaa5e8 36 bytes [48, B8, 4C, 44, F2, FF, FF, ...] .text C:\Windows\System32\svchost.exe[2500] C:\Windows\system32\ADVAPI32.dll!ChangeServiceConfigA 000007fefebaa66c 12 bytes [48, B8, E2, 45, F2, FF, FF, ...] .text C:\Windows\sysWOW64\wbem\wmiprvse.exe[7176] C:\Windows\SysWOW64\ntdll.dll!NtWriteFile 00000000774df938 5 bytes JMP 000000007ef20a0e .text C:\Windows\sysWOW64\wbem\wmiprvse.exe[7176] C:\Windows\SysWOW64\ntdll.dll!NtClose 00000000774df9f0 5 bytes JMP 000000007ef20700 .text C:\Windows\sysWOW64\wbem\wmiprvse.exe[7176] C:\Windows\SysWOW64\ntdll.dll!NtAllocateVirtualMemory 00000000774dfad0 5 bytes JMP 000000007ef20898 .text C:\Windows\sysWOW64\wbem\wmiprvse.exe[7176] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationProcess 00000000774dfb38 1 byte JMP 000000007ef20656 .text C:\Windows\sysWOW64\wbem\wmiprvse.exe[7176] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationProcess + 2 00000000774dfb3a 3 bytes {JMP 0x7a40b1e} .text C:\Windows\sysWOW64\wbem\wmiprvse.exe[7176] C:\Windows\SysWOW64\ntdll.dll!NtQueryInformationToken 00000000774dfbb8 5 bytes JMP 000000007ef209a8 .text C:\Windows\sysWOW64\wbem\wmiprvse.exe[7176] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess 00000000774dfc30 5 bytes JMP 000000007ef203f2 .text C:\Windows\sysWOW64\wbem\wmiprvse.exe[7176] C:\Windows\SysWOW64\ntdll.dll!NtMapViewOfSection 00000000774dfc60 5 bytes JMP 000000007ef20018 .text C:\Windows\sysWOW64\wbem\wmiprvse.exe[7176] C:\Windows\SysWOW64\ntdll.dll!NtUnmapViewOfSection 00000000774dfc90 5 bytes JMP 000000007ef2003a .text C:\Windows\sysWOW64\wbem\wmiprvse.exe[7176] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 00000000774dfcc0 5 bytes JMP 000000007ef20634 .text C:\Windows\sysWOW64\wbem\wmiprvse.exe[7176] C:\Windows\SysWOW64\ntdll.dll!NtOpenSection 00000000774dfdd8 5 bytes JMP 000000007ef209ec .text C:\Windows\sysWOW64\wbem\wmiprvse.exe[7176] C:\Windows\SysWOW64\ntdll.dll!NtWriteVirtualMemory 00000000774dfe24 5 bytes JMP 000000007ef203ae .text C:\Windows\sysWOW64\wbem\wmiprvse.exe[7176] C:\Windows\SysWOW64\ntdll.dll!NtDuplicateObject 00000000774dfe54 5 bytes JMP 000000007ef20436 .text C:\Windows\sysWOW64\wbem\wmiprvse.exe[7176] C:\Windows\SysWOW64\ntdll.dll!NtOpenEvent 00000000774dfeb8 5 bytes JMP 000000007ef20854 .text C:\Windows\sysWOW64\wbem\wmiprvse.exe[7176] C:\Windows\SysWOW64\ntdll.dll!NtQueueApcThread 00000000774dff34 5 bytes JMP 000000007ef20414 .text C:\Windows\sysWOW64\wbem\wmiprvse.exe[7176] C:\Windows\SysWOW64\ntdll.dll!NtCreateProcessEx 00000000774dfffc 5 bytes JMP 000000007ef2036a .text C:\Windows\sysWOW64\wbem\wmiprvse.exe[7176] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread 00000000774e0014 5 bytes JMP 000000007ef20326 .text C:\Windows\sysWOW64\wbem\wmiprvse.exe[7176] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory 00000000774e0048 5 bytes JMP 000000007ef208ba .text C:\Windows\sysWOW64\wbem\wmiprvse.exe[7176] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile 00000000774e00c4 2 bytes JMP 000000007ef20128 .text C:\Windows\sysWOW64\wbem\wmiprvse.exe[7176] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile + 3 00000000774e00c7 2 bytes [A4, 07] .text C:\Windows\sysWOW64\wbem\wmiprvse.exe[7176] C:\Windows\SysWOW64\ntdll.dll!NtSetValueKey 00000000774e01d4 5 bytes JMP 000000007ef201b0 .text C:\Windows\sysWOW64\wbem\wmiprvse.exe[7176] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant 00000000774e07ac 2 bytes JMP 000000007ef20876 .text C:\Windows\sysWOW64\wbem\wmiprvse.exe[7176] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant + 3 00000000774e07af 2 bytes [A4, 07] .text C:\Windows\sysWOW64\wbem\wmiprvse.exe[7176] C:\Windows\SysWOW64\ntdll.dll!NtCreateProcess 00000000774e0824 5 bytes JMP 000000007ef20348 .text C:\Windows\sysWOW64\wbem\wmiprvse.exe[7176] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx 00000000774e08b4 5 bytes JMP 000000007ef20304 .text C:\Windows\sysWOW64\wbem\wmiprvse.exe[7176] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver 00000000774e0e04 5 bytes JMP 000000007ef20722 .text C:\Windows\sysWOW64\wbem\wmiprvse.exe[7176] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessToken 00000000774e10d0 5 bytes JMP 000000007ef20986 .text C:\Windows\sysWOW64\wbem\wmiprvse.exe[7176] C:\Windows\SysWOW64\ntdll.dll!NtRaiseHardError 00000000774e1614 5 bytes JMP 000000007ef205f0 .text C:\Windows\sysWOW64\wbem\wmiprvse.exe[7176] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread 00000000774e1930 5 bytes JMP 000000007ef203d0 .text C:\Windows\sysWOW64\wbem\wmiprvse.exe[7176] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation 00000000774e1bf4 5 bytes JMP 000000007ef20744 .text C:\Windows\sysWOW64\wbem\wmiprvse.exe[7176] C:\Windows\SysWOW64\ntdll.dll!NtSuspendProcess 00000000774e1d64 5 bytes JMP 000000007ef2047a .text C:\Windows\sysWOW64\wbem\wmiprvse.exe[7176] C:\Windows\SysWOW64\ntdll.dll!NtSuspendThread 00000000774e1d80 5 bytes JMP 000000007ef20458 .text C:\Windows\sysWOW64\wbem\wmiprvse.exe[7176] C:\Windows\SysWOW64\ntdll.dll!NtSystemDebugControl 00000000774e1d9c 5 bytes JMP 000000007ef20a30 .text C:\Windows\sysWOW64\wbem\wmiprvse.exe[7176] C:\Windows\SysWOW64\ntdll.dll!RtlQueryPerformanceCounter 00000000774f2954 5 bytes JMP 000000007ef200c2 .text C:\Windows\sysWOW64\wbem\wmiprvse.exe[7176] C:\Windows\SysWOW64\ntdll.dll!RtlEqualSid 00000000774f8ee1 5 bytes JMP 000000007ef209ca .text C:\Windows\sysWOW64\wbem\wmiprvse.exe[7176] C:\Windows\SysWOW64\ntdll.dll!RtlCreateProcessParametersEx 000000007752005b 5 bytes JMP 000000007ef2016c .text C:\Windows\sysWOW64\wbem\wmiprvse.exe[7176] C:\Windows\SysWOW64\ntdll.dll!RtlReportException 0000000077568757 5 bytes JMP 000000007ef20612 .text C:\Windows\sysWOW64\wbem\wmiprvse.exe[7176] C:\Windows\SysWOW64\ntdll.dll!RtlCreateProcessParameters 000000007756e9f7 5 bytes JMP 000000007ef2014a .text C:\Windows\sysWOW64\wbem\wmiprvse.exe[7176] C:\Windows\syswow64\kernel32.dll!GetStartupInfoA 0000000076310e00 5 bytes JMP 000000007ef200e4 .text C:\Windows\sysWOW64\wbem\wmiprvse.exe[7176] C:\Windows\syswow64\kernel32.dll!CreateProcessA 0000000076311072 5 bytes JMP 000000007ef202c0 .text C:\Windows\sysWOW64\wbem\wmiprvse.exe[7176] C:\Windows\syswow64\kernel32.dll!LoadLibraryA 0000000076314977 5 bytes JMP 000000007ef20238 .text C:\Windows\sysWOW64\wbem\wmiprvse.exe[7176] C:\Windows\syswow64\kernel32.dll!CreateProcessInternalW 0000000076323bbb 5 bytes JMP 000000007ef2038c .text C:\Windows\sysWOW64\wbem\wmiprvse.exe[7176] C:\Windows\syswow64\kernel32.dll!MoveFileWithProgressW 0000000076329abc 5 bytes JMP 000000007ef207ee .text C:\Windows\sysWOW64\wbem\wmiprvse.exe[7176] C:\Windows\syswow64\kernel32.dll!MoveFileExW 0000000076329b1d 5 bytes JMP 000000007ef207aa .text C:\Windows\sysWOW64\wbem\wmiprvse.exe[7176] C:\Windows\syswow64\kernel32.dll!CreateToolhelp32Snapshot 000000007633733f 5 bytes JMP 000000007ef2025a .text C:\Windows\sysWOW64\wbem\wmiprvse.exe[7176] C:\Windows\syswow64\kernel32.dll!Process32NextW 00000000763388f2 5 bytes JMP 000000007ef206de .text C:\Windows\sysWOW64\wbem\wmiprvse.exe[7176] C:\Windows\syswow64\kernel32.dll!MoveFileExA 000000007633ccf1 5 bytes JMP 000000007ef20788 .text C:\Windows\sysWOW64\wbem\wmiprvse.exe[7176] C:\Windows\syswow64\kernel32.dll!MoveFileWithProgressA 000000007633cd11 5 bytes JMP 000000007ef207cc .text C:\Windows\sysWOW64\wbem\wmiprvse.exe[7176] C:\Windows\syswow64\kernel32.dll!WinExec 0000000076393231 5 bytes JMP 000000007ef2029e .text C:\Windows\sysWOW64\wbem\wmiprvse.exe[7176] C:\Windows\syswow64\kernel32.dll!ReadConsoleInputA 00000000763b773b 5 bytes JMP 000000007ef20568 .text C:\Windows\sysWOW64\wbem\wmiprvse.exe[7176] C:\Windows\syswow64\kernel32.dll!ReadConsoleInputW 00000000763b775e 5 bytes JMP 000000007ef2058a .text C:\Windows\sysWOW64\wbem\wmiprvse.exe[7176] C:\Windows\syswow64\kernel32.dll!ReadConsoleA 00000000763b7b09 5 bytes JMP 000000007ef205ac .text C:\Windows\sysWOW64\wbem\wmiprvse.exe[7176] C:\Windows\syswow64\kernel32.dll!ReadConsoleW 00000000763b7b82 5 bytes JMP 000000007ef205ce .text C:\Windows\sysWOW64\wbem\wmiprvse.exe[7176] C:\Windows\syswow64\KERNELBASE.dll!GetSystemTimeAsFileTime 0000000077078fa5 5 bytes JMP 000000007ef200a0 .text C:\Windows\sysWOW64\wbem\wmiprvse.exe[7176] C:\Windows\syswow64\KERNELBASE.dll!CloseHandle 000000007707c558 5 bytes JMP 000000007ef20546 .text C:\Windows\sysWOW64\wbem\wmiprvse.exe[7176] C:\Windows\syswow64\KERNELBASE.dll!WriteProcessMemory 000000007707edc6 5 bytes JMP 000000007ef204e0 .text C:\Windows\sysWOW64\wbem\wmiprvse.exe[7176] C:\Windows\syswow64\KERNELBASE.dll!ExitProcess 000000007707f329 5 bytes JMP 000000007ef201d2 .text C:\Windows\sysWOW64\wbem\wmiprvse.exe[7176] C:\Windows\syswow64\KERNELBASE.dll!GetStartupInfoW 000000007707fbac 5 bytes JMP 000000007ef20106 .text C:\Windows\sysWOW64\wbem\wmiprvse.exe[7176] C:\Windows\syswow64\KERNELBASE.dll!DefineDosDeviceW 000000007707fcda 5 bytes JMP 000000007ef20766 .text C:\Windows\sysWOW64\wbem\wmiprvse.exe[7176] C:\Windows\syswow64\KERNELBASE.dll!CreateMutexW 000000007708147b 5 bytes JMP 000000007ef20524 .text C:\Windows\sysWOW64\wbem\wmiprvse.exe[7176] C:\Windows\syswow64\KERNELBASE.dll!OpenMutexW 00000000770814a2 5 bytes JMP 000000007ef20502 .text C:\Windows\sysWOW64\wbem\wmiprvse.exe[7176] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000077081e4c 5 bytes JMP 000000007ef2007e .text C:\Windows\sysWOW64\wbem\wmiprvse.exe[7176] C:\Windows\syswow64\KERNELBASE.dll!GetProcAddress 0000000077081f38 5 bytes JMP 000000007ef20216 .text C:\Windows\sysWOW64\wbem\wmiprvse.exe[7176] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000077082bdc 5 bytes JMP 000000007ef2069a .text C:\Windows\sysWOW64\wbem\wmiprvse.exe[7176] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExA 0000000077082e40 5 bytes JMP 000000007ef20678 .text C:\Windows\sysWOW64\wbem\wmiprvse.exe[7176] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000077082e7e 5 bytes JMP 000000007ef206bc .text C:\Windows\sysWOW64\wbem\wmiprvse.exe[7176] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleA 0000000077082fe1 5 bytes JMP 000000007ef2005c .text C:\Windows\sysWOW64\wbem\wmiprvse.exe[7176] C:\Windows\syswow64\KERNELBASE.dll!OpenThread 000000007708396a 5 bytes JMP 000000007ef2049c .text C:\Windows\sysWOW64\wbem\wmiprvse.exe[7176] C:\Windows\syswow64\KERNELBASE.dll!SleepEx 0000000077083cd7 5 bytes JMP 000000007ef2018e .text C:\Windows\sysWOW64\wbem\wmiprvse.exe[7176] C:\Windows\syswow64\KERNELBASE.dll!CreateRemoteThreadEx 0000000077083fdf 5 bytes JMP 000000007ef208dc .text C:\Windows\sysWOW64\wbem\wmiprvse.exe[7176] C:\Windows\syswow64\KERNELBASE.dll!Sleep 00000000770845fd 5 bytes JMP 000000007ef201f4 .text C:\Windows\sysWOW64\wbem\wmiprvse.exe[7176] C:\Windows\syswow64\KERNELBASE.dll!CreateThread 000000007708476f 5 bytes JMP 000000007ef204be .text C:\Windows\sysWOW64\wbem\wmiprvse.exe[7176] C:\Windows\syswow64\KERNELBASE.dll!CreateRemoteThread 0000000077084798 5 bytes JMP 000000007ef202e2 .text C:\Windows\sysWOW64\wbem\wmiprvse.exe[7176] C:\Windows\syswow64\KERNELBASE.dll!DeleteFileW 0000000077089dcf 5 bytes JMP 000000007ef20810 .text C:\Windows\sysWOW64\wbem\wmiprvse.exe[7176] C:\Windows\syswow64\KERNELBASE.dll!DeleteFileA 000000007708a11c 5 bytes JMP 000000007ef20832 .text C:\Windows\sysWOW64\wbem\wmiprvse.exe[7176] C:\Windows\syswow64\KERNELBASE.dll!FindNextFileW 000000007708a37a 5 bytes JMP 000000007ef20920 .text C:\Windows\sysWOW64\wbem\wmiprvse.exe[7176] C:\Windows\syswow64\KERNELBASE.dll!FindClose 000000007708a589 5 bytes JMP 000000007ef20942 .text C:\Windows\sysWOW64\wbem\wmiprvse.exe[7176] C:\Windows\syswow64\KERNELBASE.dll!FindFirstFileExW 000000007708a663 5 bytes JMP 000000007ef208fe .text C:\Windows\sysWOW64\wbem\wmiprvse.exe[7176] C:\Windows\syswow64\KERNELBASE.dll!CreateFileA 000000007708c8a8 5 bytes JMP 000000007ef2027c .text C:\Windows\sysWOW64\wbem\wmiprvse.exe[7176] C:\Windows\syswow64\KERNELBASE.dll!CreateWellKnownSid 000000007708e414 5 bytes JMP 000000007ef20964 .text C:\Windows\sysWOW64\wbem\wmiprvse.exe[7176] C:\Windows\syswow64\ADVAPI32.dll!CryptGenKey 0000000076c28e69 5 bytes JMP 000000007ef20cfa .text C:\Windows\sysWOW64\wbem\wmiprvse.exe[7176] C:\Windows\syswow64\ADVAPI32.dll!CryptAcquireContextA 0000000076c29159 5 bytes JMP 000000007ef20cb6 .text C:\Windows\sysWOW64\wbem\wmiprvse.exe[7176] C:\Windows\syswow64\ADVAPI32.dll!CryptExportKey 0000000076c29166 5 bytes JMP 000000007ef20d60 .text C:\Windows\sysWOW64\wbem\wmiprvse.exe[7176] C:\Windows\syswow64\ADVAPI32.dll!CryptImportKey 0000000076c2c4b2 5 bytes JMP 000000007ef20dc6 .text C:\Windows\sysWOW64\wbem\wmiprvse.exe[7176] C:\Windows\syswow64\ADVAPI32.dll!OpenServiceW 0000000076c2c9cc 5 bytes JMP 000000007ef20b62 .text C:\Windows\sysWOW64\wbem\wmiprvse.exe[7176] C:\Windows\syswow64\ADVAPI32.dll!CryptAcquireContextW 0000000076c2de94 5 bytes JMP 000000007ef20cd8 .text C:\Windows\sysWOW64\wbem\wmiprvse.exe[7176] C:\Windows\syswow64\ADVAPI32.dll!CryptHashData 0000000076c2deb6 5 bytes JMP 000000007ef20da4 .text C:\Windows\sysWOW64\wbem\wmiprvse.exe[7176] C:\Windows\syswow64\ADVAPI32.dll!CryptCreateHash 0000000076c2dece 5 bytes JMP 000000007ef20d3e .text C:\Windows\sysWOW64\wbem\wmiprvse.exe[7176] C:\Windows\syswow64\ADVAPI32.dll!CryptGetHashParam 0000000076c2defe 5 bytes JMP 000000007ef20d82 .text C:\Windows\sysWOW64\wbem\wmiprvse.exe[7176] C:\Windows\syswow64\ADVAPI32.dll!OpenServiceA 0000000076c32b38 5 bytes JMP 000000007ef20b40 .text C:\Windows\sysWOW64\wbem\wmiprvse.exe[7176] C:\Windows\syswow64\ADVAPI32.dll!CloseServiceHandle 0000000076c335e4 5 bytes JMP 000000007ef20c50 .text C:\Windows\sysWOW64\wbem\wmiprvse.exe[7176] C:\Windows\syswow64\ADVAPI32.dll!RegOpenKeyExA + 222 0000000076c34939 5 bytes JMP 000000007ef20a52 .text C:\Windows\sysWOW64\wbem\wmiprvse.exe[7176] C:\Windows\syswow64\ADVAPI32.dll!CreateServiceW 0000000076c470a4 5 bytes JMP 000000007ef20c94 .text C:\Windows\sysWOW64\wbem\wmiprvse.exe[7176] C:\Windows\syswow64\ADVAPI32.dll!ControlService 0000000076c470bc 5 bytes JMP 000000007ef20bc8 .text C:\Windows\sysWOW64\wbem\wmiprvse.exe[7176] C:\Windows\syswow64\ADVAPI32.dll!DeleteService 0000000076c470d4 5 bytes JMP 000000007ef20bea .text C:\Windows\sysWOW64\wbem\wmiprvse.exe[7176] C:\Windows\syswow64\ADVAPI32.dll!CryptEncrypt 0000000076c4771b 5 bytes JMP 000000007ef20d1c .text C:\Windows\sysWOW64\wbem\wmiprvse.exe[7176] C:\Windows\syswow64\ADVAPI32.dll!ChangeServiceConfigA 0000000076c633a4 5 bytes JMP 000000007ef20c0c .text C:\Windows\sysWOW64\wbem\wmiprvse.exe[7176] C:\Windows\syswow64\ADVAPI32.dll!ChangeServiceConfigW 0000000076c633b4 5 bytes JMP 000000007ef20c2e .text C:\Windows\sysWOW64\wbem\wmiprvse.exe[7176] C:\Windows\syswow64\ADVAPI32.dll!ControlServiceExA 0000000076c633c4 5 bytes JMP 000000007ef20b84 .text C:\Windows\sysWOW64\wbem\wmiprvse.exe[7176] C:\Windows\syswow64\ADVAPI32.dll!ControlServiceExW 0000000076c633d4 5 bytes JMP 000000007ef20ba6 .text C:\Windows\sysWOW64\wbem\wmiprvse.exe[7176] C:\Windows\syswow64\ADVAPI32.dll!CreateServiceA 0000000076c63414 5 bytes JMP 000000007ef20c72 .text C:\Windows\sysWOW64\wbem\wmiprvse.exe[7176] C:\Windows\syswow64\msvcrt.dll!_lock + 41 000000007652a472 5 bytes JMP 000000007ef20a74 .text C:\Windows\sysWOW64\wbem\wmiprvse.exe[7176] C:\Windows\syswow64\msvcrt.dll!__p__fmode 00000000765327ce 5 bytes JMP 000000007ef20b1e .text C:\Windows\sysWOW64\wbem\wmiprvse.exe[7176] C:\Windows\syswow64\msvcrt.dll!__p__environ 000000007653e6cf 5 bytes JMP 000000007ef20afc .text C:\Windows\sysWOW64\wbem\wmiprvse.exe[7176] C:\Windows\syswow64\USER32.dll!GetWindowLongW 0000000076ef6ffe 5 bytes JMP 000000007ef2115c .text C:\Windows\sysWOW64\wbem\wmiprvse.exe[7176] C:\Windows\syswow64\USER32.dll!GetMessageW 0000000076ef78e2 5 bytes JMP 000000007ef20ed6 .text C:\Windows\sysWOW64\wbem\wmiprvse.exe[7176] C:\Windows\syswow64\USER32.dll!GetMessageA 0000000076ef7bd3 5 bytes JMP 000000007ef20eb4 .text C:\Windows\sysWOW64\wbem\wmiprvse.exe[7176] C:\Windows\syswow64\USER32.dll!SetWindowLongW 0000000076ef8332 5 bytes JMP 000000007ef211a0 .text C:\Windows\sysWOW64\wbem\wmiprvse.exe[7176] C:\Windows\syswow64\USER32.dll!CreateWindowExW 0000000076ef8a29 5 bytes JMP 000000007ef20f80 .text C:\Windows\sysWOW64\wbem\wmiprvse.exe[7176] C:\Windows\syswow64\USER32.dll!FindWindowW 0000000076ef98fd 5 bytes JMP 000000007ef210f6 .text C:\Windows\sysWOW64\wbem\wmiprvse.exe[7176] C:\Windows\syswow64\USER32.dll!UserClientDllInitialize 0000000076efb6fa 5 bytes JMP 000000007ef20a96 .text C:\Windows\sysWOW64\wbem\wmiprvse.exe[7176] C:\Windows\syswow64\USER32.dll!GetWindowLongA 0000000076efd166 5 bytes JMP 000000007ef2113a .text C:\Windows\sysWOW64\wbem\wmiprvse.exe[7176] C:\Windows\syswow64\USER32.dll!CreateWindowExA 0000000076efd23e 5 bytes JMP 000000007ef20fa2 .text C:\Windows\sysWOW64\wbem\wmiprvse.exe[7176] C:\Windows\syswow64\USER32.dll!SetWinEventHook 0000000076efee21 5 bytes JMP 000000007ef20e92 .text C:\Windows\sysWOW64\wbem\wmiprvse.exe[7176] C:\Windows\syswow64\USER32.dll!FindWindowA 0000000076effffe 5 bytes JMP 000000007ef210b2 .text C:\Windows\sysWOW64\wbem\wmiprvse.exe[7176] C:\Windows\syswow64\USER32.dll!FindWindowExA 0000000076f000f1 5 bytes JMP 000000007ef210d4 .text C:\Windows\sysWOW64\wbem\wmiprvse.exe[7176] C:\Windows\syswow64\USER32.dll!PeekMessageW 0000000076f005d2 5 bytes JMP 000000007ef20f1a .text C:\Windows\sysWOW64\wbem\wmiprvse.exe[7176] C:\Windows\syswow64\USER32.dll!ShowWindow 0000000076f00e13 5 bytes JMP 000000007ef20fc4 .text C:\Windows\sysWOW64\wbem\wmiprvse.exe[7176] C:\Windows\syswow64\USER32.dll!SetWindowTextW 0000000076f01f14 5 bytes JMP 000000007ef21090 .text C:\Windows\sysWOW64\wbem\wmiprvse.exe[7176] C:\Windows\syswow64\USER32.dll!UnhookWindowsHookEx 0000000076f0392d 5 bytes JMP 000000007ef20f5e .text C:\Windows\sysWOW64\wbem\wmiprvse.exe[7176] C:\Windows\syswow64\USER32.dll!FindWindowExW 0000000076f0398a 5 bytes JMP 000000007ef21118 .text C:\Windows\sysWOW64\wbem\wmiprvse.exe[7176] C:\Windows\syswow64\USER32.dll!PeekMessageA 0000000076f07044 5 bytes JMP 000000007ef20ef8 .text C:\Windows\sysWOW64\wbem\wmiprvse.exe[7176] C:\Windows\syswow64\USER32.dll!SetWindowLongA 0000000076f071e0 5 bytes JMP 000000007ef2117e .text C:\Windows\sysWOW64\wbem\wmiprvse.exe[7176] C:\Windows\syswow64\USER32.dll!CallNextHookEx 0000000076f07355 5 bytes JMP 000000007ef20f3c .text C:\Windows\sysWOW64\wbem\wmiprvse.exe[7176] C:\Windows\syswow64\USER32.dll!SetWindowsHookExW 0000000076f081f5 5 bytes JMP 000000007ef20e70 .text C:\Windows\sysWOW64\wbem\wmiprvse.exe[7176] C:\Windows\syswow64\USER32.dll!SendNotifyMessageW 0000000076f0825a 5 bytes JMP 000000007ef211e4 .text C:\Windows\sysWOW64\wbem\wmiprvse.exe[7176] C:\Windows\syswow64\USER32.dll!SetWindowTextA 0000000076f086de 5 bytes JMP 000000007ef2106e .text C:\Windows\sysWOW64\wbem\wmiprvse.exe[7176] C:\Windows\syswow64\USER32.dll!SetWindowsHookExA 0000000076f08f4c 5 bytes JMP 000000007ef20e4e .text C:\Windows\sysWOW64\wbem\wmiprvse.exe[7176] C:\Windows\syswow64\USER32.dll!DialogBoxIndirectParamAorW 0000000076f1d954 5 bytes JMP 000000007ef21008 .text C:\Windows\sysWOW64\wbem\wmiprvse.exe[7176] C:\Windows\syswow64\USER32.dll!CreateDialogIndirectParamAorW 0000000076f21080 5 bytes JMP 000000007ef20fe6 .text C:\Windows\sysWOW64\wbem\wmiprvse.exe[7176] C:\Windows\syswow64\USER32.dll!MessageBoxExA 0000000076f4fd66 5 bytes JMP 000000007ef2102a .text C:\Windows\sysWOW64\wbem\wmiprvse.exe[7176] C:\Windows\syswow64\USER32.dll!MessageBoxExW 0000000076f4fd8a 5 bytes JMP 000000007ef2104c .text C:\Windows\sysWOW64\wbem\wmiprvse.exe[7176] C:\Windows\syswow64\USER32.dll!SendNotifyMessageA 0000000076f56df5 5 bytes JMP 000000007ef211c2 .text C:\Windows\sysWOW64\wbem\wmiprvse.exe[7176] C:\Windows\syswow64\GDI32.dll!TranslateCharsetInfo + 505 0000000076d1633b 5 bytes JMP 000000007ef20ab8 .text C:\Windows\sysWOW64\wbem\wmiprvse.exe[7176] C:\Windows\syswow64\GDI32.dll!SetBrushAttributes 0000000076d385fd 5 bytes JMP 000000007ef20de8 .text C:\Windows\sysWOW64\wbem\wmiprvse.exe[7176] C:\Windows\syswow64\GDI32.dll!ClearBrushAttributes 0000000076d3861c 5 bytes JMP 000000007ef20e0a .text C:\Windows\sysWOW64\wbem\wmiprvse.exe[7176] C:\Windows\syswow64\GDI32.dll!NamedEscape 0000000076d4421d 5 bytes JMP 000000007ef20e2c .text C:\Windows\sysWOW64\wbem\wmiprvse.exe[7176] C:\Windows\syswow64\WS2_32.dll!closesocket 0000000076633918 5 bytes JMP 000000007ef212f4 .text C:\Windows\sysWOW64\wbem\wmiprvse.exe[7176] C:\Windows\syswow64\WS2_32.dll!WSASocketW 0000000076633cd3 5 bytes JMP 000000007ef212d2 .text C:\Windows\sysWOW64\wbem\wmiprvse.exe[7176] C:\Windows\syswow64\WS2_32.dll!socket 0000000076633eb8 5 bytes JMP 000000007ef21316 .text C:\Windows\sysWOW64\wbem\wmiprvse.exe[7176] C:\Windows\syswow64\WS2_32.dll!WSASend 0000000076634406 5 bytes JMP 000000007ef21228 .text C:\Windows\sysWOW64\wbem\wmiprvse.exe[7176] C:\Windows\syswow64\WS2_32.dll!GetAddrInfoW 0000000076634889 5 bytes JMP 000000007ef2126c .text C:\Windows\sysWOW64\wbem\wmiprvse.exe[7176] C:\Windows\syswow64\WS2_32.dll!recv 0000000076636826 5 bytes JMP 000000007ef2135a .text C:\Windows\sysWOW64\wbem\wmiprvse.exe[7176] C:\Windows\syswow64\WS2_32.dll!connect 00000000766368f5 5 bytes JMP 000000007ef2124a .text C:\Windows\sysWOW64\wbem\wmiprvse.exe[7176] C:\Windows\syswow64\WS2_32.dll!send 0000000076636c19 5 bytes JMP 000000007ef21206 .text C:\Windows\sysWOW64\wbem\wmiprvse.exe[7176] C:\Windows\syswow64\WS2_32.dll!WSARecv 0000000076636da1 5 bytes JMP 000000007ef2137c .text C:\Windows\sysWOW64\wbem\wmiprvse.exe[7176] C:\Windows\syswow64\WS2_32.dll!GetAddrInfoExW 000000007663a6db 5 bytes JMP 000000007ef2128e .text C:\Windows\sysWOW64\wbem\wmiprvse.exe[7176] C:\Windows\syswow64\WS2_32.dll!WSAConnect 000000007663bcd5 5 bytes JMP 000000007ef21338 .text C:\Windows\sysWOW64\wbem\wmiprvse.exe[7176] C:\Windows\syswow64\WS2_32.dll!gethostbyname 000000007664771b 5 bytes JMP 000000007ef212b0 .text C:\Windows\sysWOW64\wbem\wmiprvse.exe[7176] C:\Windows\syswow64\SHELL32.dll!Shell_NotifyIconW 0000000075370179 5 bytes JMP 000000007ef21522 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7768] C:\Windows\SYSTEM32\ntdll.dll!RtlEqualSid + 1 00000000773076b1 11 bytes [B8, C4, 16, F2, FF, FF, 07, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7768] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateProcessParametersEx + 1 0000000077315121 7 bytes [B8, A2, 0B, F2, FF, FF, 07] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7768] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateProcessParametersEx + 10 000000007731512a 2 bytes [50, C3] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7768] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess 000000007732bef0 12 bytes [48, B8, CE, 0C, F2, FF, FF, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7768] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationToken 000000007732bf40 12 bytes [48, B8, 2E, 16, F2, FF, FF, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7768] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 000000007732bf90 12 bytes [48, B8, 5C, 06, F2, FF, FF, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7768] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 000000007732bfb0 12 bytes [48, B8, 80, 00, F2, FF, FF, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7768] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection 000000007732bfd0 12 bytes [48, B8, 16, 01, F2, FF, FF, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7768] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000000007732bff0 12 bytes [48, B8, 38, 0C, F2, FF, FF, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7768] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 000000007732c0a0 12 bytes [48, B8, 86, 18, F2, FF, FF, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7768] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000000007732c0d0 12 bytes [48, B8, 30, 05, F2, FF, FF, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7768] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 000000007732c0f0 12 bytes [48, B8, 88, 07, F2, FF, FF, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7768] C:\Windows\SYSTEM32\ntdll.dll!NtAdjustPrivilegesToken 000000007732c140 12 bytes [48, B8, 7E, 11, F2, FF, FF, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7768] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 000000007732c180 12 bytes [48, B8, F2, 06, F2, FF, FF, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7768] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcessEx 000000007732c200 12 bytes [48, B8, 04, 04, F2, FF, FF, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7768] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 000000007732c210 12 bytes [48, B8, D8, 02, F2, FF, FF, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7768] C:\Windows\SYSTEM32\ntdll.dll!NtSetValueKey 000000007732c330 12 bytes [48, B8, B2, 19, F2, FF, FF, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7768] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 000000007732c700 12 bytes [48, B8, F0, 17, F2, FF, FF, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7768] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcess 000000007732c750 12 bytes [48, B8, 6E, 03, F2, FF, FF, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7768] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 000000007732c7b0 12 bytes [48, B8, 42, 02, F2, FF, FF, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7768] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 000000007732cb20 12 bytes [48, B8, 64, 0D, F2, FF, FF, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7768] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcessToken 000000007732ccf0 12 bytes [48, B8, 98, 15, F2, FF, FF, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7768] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 000000007732d260 12 bytes [48, B8, C6, 05, F2, FF, FF, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7768] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 000000007732d420 12 bytes [48, B8, FA, 0D, F2, FF, FF, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7768] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 000000007732d500 12 bytes [48, B8, 4A, 09, F2, FF, FF, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7768] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 000000007732d510 12 bytes [48, B8, B4, 08, F2, FF, FF, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7768] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 000000007732d520 12 bytes [48, B8, 1C, 19, F2, FF, FF, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7768] C:\Windows\system32\kernel32.dll!CreateToolhelp32Snapshot 00000000770c1c10 12 bytes [48, B8, 1E, 08, F2, FF, FF, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7768] C:\Windows\system32\kernel32.dll!MoveFileExW + 1 00000000770c2b61 8 bytes [B8, BC, 0F, F2, FF, FF, 07, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7768] C:\Windows\system32\kernel32.dll!MoveFileExW + 10 00000000770c2b6a 2 bytes [50, C3] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7768] C:\Windows\system32\kernel32.dll!CreateProcessInternalW 00000000770ddd20 12 bytes [48, B8, 9A, 04, F2, FF, FF, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7768] C:\Windows\system32\kernel32.dll!GetStartupInfoA + 1 00000000770e08c1 11 bytes [B8, 5A, 17, F2, FF, FF, 07, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7768] C:\Windows\system32\kernel32.dll!MoveFileWithProgressW + 1 000000007714f6e1 11 bytes [B8, E8, 10, F2, FF, FF, 07, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7768] C:\Windows\system32\kernel32.dll!MoveFileWithProgressA + 1 000000007714f8e1 11 bytes [B8, 52, 10, F2, FF, FF, 07, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7768] C:\Windows\system32\kernel32.dll!MoveFileExA + 1 000000007714f911 8 bytes [B8, 26, 0F, F2, FF, FF, 07, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7768] C:\Windows\system32\kernel32.dll!MoveFileExA + 10 000000007714f91a 2 bytes [50, C3] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7768] C:\Windows\system32\KERNELBASE.dll!FindClose + 1 000007fefd256401 11 bytes [B8, 6C, 14, F2, FF, FF, 07, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7768] C:\Windows\system32\KERNELBASE.dll!FindFirstFileExW 000007fefd256620 12 bytes [48, B8, 40, 13, F2, FF, FF, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7768] C:\Windows\system32\KERNELBASE.dll!FindNextFileW + 1 000007fefd257901 11 bytes [B8, D6, 13, F2, FF, FF, 07, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7768] C:\Windows\system32\KERNELBASE.dll!CreateWellKnownSid + 1 000007fefd25a5c1 11 bytes [B8, 02, 15, F2, FF, FF, 07, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7768] C:\Windows\system32\KERNELBASE.dll!OpenThread + 1 000007fefd25ef51 11 bytes [B8, E0, 09, F2, FF, FF, 07, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7768] C:\Windows\system32\KERNELBASE.dll!DeleteFileW + 1 000007fefd263291 11 bytes [B8, 14, 12, F2, FF, FF, 07, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7768] C:\Windows\system32\KERNELBASE.dll!DeleteFileA + 1 000007fefd2635a1 11 bytes [B8, AA, 12, F2, FF, FF, 07, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7768] C:\Windows\system32\KERNELBASE.dll!WriteProcessMemory 000007fefd2838a0 12 bytes [48, B8, 0C, 0B, F2, FF, FF, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7768] C:\Windows\system32\KERNELBASE.dll!DefineDosDeviceW + 1 000007fefd28ff01 11 bytes [B8, 90, 0E, F2, FF, FF, 07, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7768] C:\Windows\system32\KERNELBASE.dll!CreateRemoteThread + 1 000007fefd2922c1 8 bytes [B8, AC, 01, F2, FF, FF, 07, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7768] C:\Windows\system32\KERNELBASE.dll!CreateRemoteThread + 10 000007fefd2922ca 2 bytes [50, C3] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7768] C:\Windows\system32\KERNELBASE.dll!CreateThread + 1 000007fefd292301 11 bytes [B8, 76, 0A, F2, FF, FF, 07, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7768] C:\Windows\system32\ADVAPI32.dll!CryptExportKey + 1 000007fefeb7ac21 11 bytes [B8, 12, 25, F2, FF, FF, 07, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7768] C:\Windows\system32\ADVAPI32.dll!CryptAcquireContextA + 1 000007fefeb7ac7d 11 bytes [B8, 3A, 22, F2, FF, FF, 07, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7768] C:\Windows\system32\ADVAPI32.dll!CryptImportKey + 1 000007fefeb7e415 11 bytes [B8, BE, 26, F2, FF, FF, 07, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7768] C:\Windows\system32\ADVAPI32.dll!OpenServiceW 000007fefeb7e514 12 bytes [48, B8, 8A, 1C, F2, FF, FF, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7768] C:\Windows\system32\ADVAPI32.dll!CryptAcquireContextW + 1 000007fefeb801bd 11 bytes [B8, D0, 22, F2, FF, FF, 07, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7768] C:\Windows\system32\ADVAPI32.dll!CryptCreateHash + 1 000007fefeb80291 11 bytes [B8, 7C, 24, F2, FF, FF, 07, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7768] C:\Windows\system32\ADVAPI32.dll!CryptGetHashParam + 1 000007fefeb802bd 11 bytes [B8, A8, 25, F2, FF, FF, 07, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7768] C:\Windows\system32\ADVAPI32.dll!CloseServiceHandle 000007fefeb8a830 12 bytes [48, B8, 78, 20, F2, FF, FF, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7768] C:\Windows\system32\ADVAPI32.dll!IsTextUnicode + 49 000007fefeb94291 11 bytes [B8, 48, 1A, F2, FF, FF, 07, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7768] C:\Windows\system32\ADVAPI32.dll!CreateServiceW 000007fefeb949b0 12 bytes [48, B8, A4, 21, F2, FF, FF, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7768] C:\Windows\system32\ADVAPI32.dll!CryptEncrypt + 1 000007fefebaa409 7 bytes [B8, E6, 23, F2, FF, FF, 07] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7768] C:\Windows\system32\ADVAPI32.dll!CryptEncrypt + 10 000007fefebaa412 2 bytes [50, C3] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7768] C:\Windows\system32\ADVAPI32.dll!CreateServiceA 000007fefebaa490 12 bytes [48, B8, 0E, 21, F2, FF, FF, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7768] C:\Windows\system32\ADVAPI32.dll!ControlServiceExW 000007fefebaa5e8 36 bytes [48, B8, B6, 1D, F2, FF, FF, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7768] C:\Windows\system32\ADVAPI32.dll!ChangeServiceConfigA 000007fefebaa66c 12 bytes [48, B8, 4C, 1F, F2, FF, FF, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7768] C:\Windows\system32\GDI32.dll!GdiDllInitialize + 353 000007feff3caf11 11 bytes [B8, DE, 1A, F2, FF, FF, 07, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7768] C:\Windows\system32\GDI32.dll!SetBrushAttributes + 1 000007feff3e49a9 11 bytes [B8, 34, 31, F2, FF, FF, 07, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7768] C:\Windows\system32\GDI32.dll!ClearBrushAttributes + 1 000007feff3e49c9 11 bytes [B8, CA, 31, F2, FF, FF, 07, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7768] C:\Windows\system32\GDI32.dll!NamedEscape + 1 000007feff3f9271 11 bytes [B8, 60, 32, F2, FF, FF, 07, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7768] C:\Windows\system32\USER32.dll!SetWindowLongPtrA 00000000771eb474 9 bytes [48, B8, C6, 2D, F2, FF, FF, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7768] C:\Windows\system32\USER32.dll!SetWindowLongPtrA + 10 00000000771eb47e 2 bytes [50, C3] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7768] C:\Windows\system32\USER32.dll!FindWindowW + 1 00000000771ed1c1 7 bytes [B8, 42, 2A, F2, FF, FF, 07] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7768] C:\Windows\system32\USER32.dll!FindWindowW + 9 00000000771ed1c9 3 bytes [00, 50, C3] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7768] C:\Windows\system32\USER32.dll!SendNotifyMessageW + 1 00000000771edbc1 7 bytes [B8, 9E, 30, F2, FF, FF, 07] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7768] C:\Windows\system32\USER32.dll!SendNotifyMessageW + 9 00000000771edbc9 3 bytes [00, 50, C3] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7768] C:\Windows\system32\USER32.dll!SetWindowsHookExW + 1 00000000771ef805 7 bytes [B8, EA, 27, F2, FF, FF, 07] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7768] C:\Windows\system32\USER32.dll!SetWindowsHookExW + 9 00000000771ef80d 3 bytes [00, 50, C3] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7768] C:\Windows\system32\USER32.dll!SetWindowLongW 00000000771f3340 5 bytes [48, B8, 72, 2F, F2] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7768] C:\Windows\system32\USER32.dll!SetWindowLongW + 7 00000000771f3347 5 bytes [07, 00, 00, 50, C3] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7768] C:\Windows\system32\USER32.dll!GetWindowLongPtrA 00000000771f3758 12 bytes [48, B8, 6E, 2B, F2, FF, FF, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7768] C:\Windows\system32\USER32.dll!SetWinEventHook 00000000771f4ccc 12 bytes [48, B8, 80, 28, F2, FF, FF, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7768] C:\Windows\system32\USER32.dll!GetWindowLongA 00000000771f53a0 12 bytes [48, B8, 9A, 2C, F2, FF, FF, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7768] C:\Windows\system32\USER32.dll!SetWindowLongPtrW 00000000771f76ac 5 bytes [48, B8, 5C, 2E, F2] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7768] C:\Windows\system32\USER32.dll!SetWindowLongPtrW + 7 00000000771f76b3 5 bytes [07, 00, 00, 50, C3] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7768] C:\Windows\system32\USER32.dll!GetWindowLongW 00000000771f7f20 12 bytes [48, B8, 30, 2D, F2, FF, FF, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7768] C:\Windows\system32\USER32.dll!GetWindowLongPtrW 00000000771f96a8 12 bytes [48, B8, 04, 2C, F2, FF, FF, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7768] C:\Windows\system32\USER32.dll!UserClientDllInitialize + 1 00000000771fa2a1 11 bytes [B8, 74, 1B, F2, FF, FF, 07, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7768] C:\Windows\system32\USER32.dll!SendNotifyMessageA + 1 00000000772028d5 8 bytes [B8, 08, 30, F2, FF, FF, 07, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7768] C:\Windows\system32\USER32.dll!SendNotifyMessageA + 10 00000000772028de 2 bytes [50, C3] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7768] C:\Windows\system32\USER32.dll!FindWindowA + 1 0000000077208231 7 bytes [B8, 16, 29, F2, FF, FF, 07] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7768] C:\Windows\system32\USER32.dll!FindWindowA + 9 0000000077208239 3 bytes [00, 50, C3] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7768] C:\Windows\system32\USER32.dll!SetWindowsHookExA + 1 0000000077208bd1 8 bytes [B8, 54, 27, F2, FF, FF, 07, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7768] C:\Windows\system32\USER32.dll!SetWindowsHookExA + 10 0000000077208bda 2 bytes [50, C3] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7768] C:\Windows\system32\USER32.dll!FindWindowExW + 1 0000000077208cd9 7 bytes [B8, D8, 2A, F2, FF, FF, 07] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7768] C:\Windows\system32\USER32.dll!FindWindowExW + 9 0000000077208ce1 3 bytes [00, 50, C3] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7768] C:\Windows\system32\USER32.dll!FindWindowExA + 1 000000007725db61 7 bytes [B8, AC, 29, F2, FF, FF, 07] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7768] C:\Windows\system32\USER32.dll!FindWindowExA + 9 000000007725db69 3 bytes [00, 50, C3] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7776] C:\Windows\SYSTEM32\ntdll.dll!RtlEqualSid + 1 00000000773076b1 11 bytes [B8, C4, 16, F2, FF, FF, 07, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7776] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateProcessParametersEx + 1 0000000077315121 7 bytes [B8, A2, 0B, F2, FF, FF, 07] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7776] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateProcessParametersEx + 10 000000007731512a 2 bytes [50, C3] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7776] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess 000000007732bef0 12 bytes [48, B8, CE, 0C, F2, FF, FF, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7776] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationToken 000000007732bf40 12 bytes [48, B8, 2E, 16, F2, FF, FF, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7776] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 000000007732bf90 12 bytes [48, B8, 5C, 06, F2, FF, FF, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7776] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 000000007732bfb0 12 bytes [48, B8, 80, 00, F2, FF, FF, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7776] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection 000000007732bfd0 12 bytes [48, B8, 16, 01, F2, FF, FF, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7776] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000000007732bff0 12 bytes [48, B8, 38, 0C, F2, FF, FF, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7776] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 000000007732c0a0 12 bytes [48, B8, 86, 18, F2, FF, FF, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7776] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000000007732c0d0 12 bytes [48, B8, 30, 05, F2, FF, FF, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7776] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 000000007732c0f0 12 bytes [48, B8, 88, 07, F2, FF, FF, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7776] C:\Windows\SYSTEM32\ntdll.dll!NtAdjustPrivilegesToken 000000007732c140 12 bytes [48, B8, 7E, 11, F2, FF, FF, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7776] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 000000007732c180 12 bytes [48, B8, F2, 06, F2, FF, FF, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7776] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcessEx 000000007732c200 12 bytes [48, B8, 04, 04, F2, FF, FF, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7776] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 000000007732c210 12 bytes [48, B8, D8, 02, F2, FF, FF, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7776] C:\Windows\SYSTEM32\ntdll.dll!NtSetValueKey 000000007732c330 12 bytes [48, B8, B2, 19, F2, FF, FF, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7776] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 000000007732c700 12 bytes [48, B8, F0, 17, F2, FF, FF, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7776] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcess 000000007732c750 12 bytes [48, B8, 6E, 03, F2, FF, FF, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7776] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 000000007732c7b0 12 bytes [48, B8, 42, 02, F2, FF, FF, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7776] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 000000007732cb20 12 bytes [48, B8, 64, 0D, F2, FF, FF, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7776] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcessToken 000000007732ccf0 12 bytes [48, B8, 98, 15, F2, FF, FF, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7776] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 000000007732d260 12 bytes [48, B8, C6, 05, F2, FF, FF, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7776] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 000000007732d420 12 bytes [48, B8, FA, 0D, F2, FF, FF, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7776] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 000000007732d500 12 bytes [48, B8, 4A, 09, F2, FF, FF, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7776] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 000000007732d510 12 bytes [48, B8, B4, 08, F2, FF, FF, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7776] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 000000007732d520 12 bytes [48, B8, 1C, 19, F2, FF, FF, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7776] C:\Windows\system32\kernel32.dll!CreateToolhelp32Snapshot 00000000770c1c10 12 bytes [48, B8, 1E, 08, F2, FF, FF, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7776] C:\Windows\system32\kernel32.dll!MoveFileExW + 1 00000000770c2b61 8 bytes [B8, BC, 0F, F2, FF, FF, 07, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7776] C:\Windows\system32\kernel32.dll!MoveFileExW + 10 00000000770c2b6a 2 bytes [50, C3] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7776] C:\Windows\system32\kernel32.dll!CreateProcessInternalW 00000000770ddd20 12 bytes [48, B8, 9A, 04, F2, FF, FF, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7776] C:\Windows\system32\kernel32.dll!GetStartupInfoA + 1 00000000770e08c1 11 bytes [B8, 5A, 17, F2, FF, FF, 07, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7776] C:\Windows\system32\kernel32.dll!MoveFileWithProgressW + 1 000000007714f6e1 11 bytes [B8, E8, 10, F2, FF, FF, 07, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7776] C:\Windows\system32\kernel32.dll!MoveFileWithProgressA + 1 000000007714f8e1 11 bytes [B8, 52, 10, F2, FF, FF, 07, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7776] C:\Windows\system32\kernel32.dll!MoveFileExA + 1 000000007714f911 8 bytes [B8, 26, 0F, F2, FF, FF, 07, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7776] C:\Windows\system32\kernel32.dll!MoveFileExA + 10 000000007714f91a 2 bytes [50, C3] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7776] C:\Windows\system32\KERNELBASE.dll!FindClose + 1 000007fefd256401 11 bytes [B8, 6C, 14, F2, FF, FF, 07, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7776] C:\Windows\system32\KERNELBASE.dll!FindFirstFileExW 000007fefd256620 12 bytes [48, B8, 40, 13, F2, FF, FF, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7776] C:\Windows\system32\KERNELBASE.dll!FindNextFileW + 1 000007fefd257901 11 bytes [B8, D6, 13, F2, FF, FF, 07, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7776] C:\Windows\system32\KERNELBASE.dll!CreateWellKnownSid + 1 000007fefd25a5c1 11 bytes [B8, 02, 15, F2, FF, FF, 07, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7776] C:\Windows\system32\KERNELBASE.dll!OpenThread + 1 000007fefd25ef51 11 bytes [B8, E0, 09, F2, FF, FF, 07, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7776] C:\Windows\system32\KERNELBASE.dll!DeleteFileW + 1 000007fefd263291 11 bytes [B8, 14, 12, F2, FF, FF, 07, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7776] C:\Windows\system32\KERNELBASE.dll!DeleteFileA + 1 000007fefd2635a1 11 bytes [B8, AA, 12, F2, FF, FF, 07, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7776] C:\Windows\system32\KERNELBASE.dll!WriteProcessMemory 000007fefd2838a0 12 bytes [48, B8, 0C, 0B, F2, FF, FF, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7776] C:\Windows\system32\KERNELBASE.dll!DefineDosDeviceW + 1 000007fefd28ff01 11 bytes [B8, 90, 0E, F2, FF, FF, 07, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7776] C:\Windows\system32\KERNELBASE.dll!CreateRemoteThread + 1 000007fefd2922c1 8 bytes [B8, AC, 01, F2, FF, FF, 07, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7776] C:\Windows\system32\KERNELBASE.dll!CreateRemoteThread + 10 000007fefd2922ca 2 bytes [50, C3] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7776] C:\Windows\system32\KERNELBASE.dll!CreateThread + 1 000007fefd292301 11 bytes [B8, 76, 0A, F2, FF, FF, 07, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7776] C:\Windows\system32\ADVAPI32.dll!CryptExportKey + 1 000007fefeb7ac21 11 bytes [B8, 12, 25, F2, FF, FF, 07, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7776] C:\Windows\system32\ADVAPI32.dll!CryptAcquireContextA + 1 000007fefeb7ac7d 11 bytes [B8, 3A, 22, F2, FF, FF, 07, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7776] C:\Windows\system32\ADVAPI32.dll!CryptImportKey + 1 000007fefeb7e415 11 bytes [B8, BE, 26, F2, FF, FF, 07, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7776] C:\Windows\system32\ADVAPI32.dll!OpenServiceW 000007fefeb7e514 12 bytes [48, B8, 8A, 1C, F2, FF, FF, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7776] C:\Windows\system32\ADVAPI32.dll!CryptAcquireContextW + 1 000007fefeb801bd 11 bytes [B8, D0, 22, F2, FF, FF, 07, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7776] C:\Windows\system32\ADVAPI32.dll!CryptCreateHash + 1 000007fefeb80291 11 bytes [B8, 7C, 24, F2, FF, FF, 07, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7776] C:\Windows\system32\ADVAPI32.dll!CryptGetHashParam + 1 000007fefeb802bd 11 bytes [B8, A8, 25, F2, FF, FF, 07, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7776] C:\Windows\system32\ADVAPI32.dll!CloseServiceHandle 000007fefeb8a830 12 bytes [48, B8, 78, 20, F2, FF, FF, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7776] C:\Windows\system32\ADVAPI32.dll!IsTextUnicode + 49 000007fefeb94291 11 bytes [B8, 48, 1A, F2, FF, FF, 07, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7776] C:\Windows\system32\ADVAPI32.dll!CreateServiceW 000007fefeb949b0 12 bytes [48, B8, A4, 21, F2, FF, FF, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7776] C:\Windows\system32\ADVAPI32.dll!CryptEncrypt + 1 000007fefebaa409 7 bytes [B8, E6, 23, F2, FF, FF, 07] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7776] C:\Windows\system32\ADVAPI32.dll!CryptEncrypt + 10 000007fefebaa412 2 bytes [50, C3] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7776] C:\Windows\system32\ADVAPI32.dll!CreateServiceA 000007fefebaa490 12 bytes [48, B8, 0E, 21, F2, FF, FF, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7776] C:\Windows\system32\ADVAPI32.dll!ControlServiceExW 000007fefebaa5e8 36 bytes [48, B8, B6, 1D, F2, FF, FF, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7776] C:\Windows\system32\ADVAPI32.dll!ChangeServiceConfigA 000007fefebaa66c 12 bytes [48, B8, 4C, 1F, F2, FF, FF, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7776] C:\Windows\system32\GDI32.dll!GdiDllInitialize + 353 000007feff3caf11 11 bytes [B8, DE, 1A, F2, FF, FF, 07, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7776] C:\Windows\system32\GDI32.dll!SetBrushAttributes + 1 000007feff3e49a9 11 bytes [B8, 34, 31, F2, FF, FF, 07, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7776] C:\Windows\system32\GDI32.dll!ClearBrushAttributes + 1 000007feff3e49c9 11 bytes [B8, CA, 31, F2, FF, FF, 07, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7776] C:\Windows\system32\GDI32.dll!NamedEscape + 1 000007feff3f9271 11 bytes [B8, 60, 32, F2, FF, FF, 07, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7848] C:\Windows\SYSTEM32\ntdll.dll!RtlEqualSid + 1 00000000773076b1 11 bytes [B8, C4, 16, F2, FF, FF, 07, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7848] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateProcessParametersEx + 1 0000000077315121 7 bytes [B8, A2, 0B, F2, FF, FF, 07] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7848] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateProcessParametersEx + 10 000000007731512a 2 bytes [50, C3] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7848] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess 000000007732bef0 12 bytes [48, B8, CE, 0C, F2, FF, FF, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7848] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationToken 000000007732bf40 12 bytes [48, B8, 2E, 16, F2, FF, FF, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7848] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 000000007732bf90 12 bytes [48, B8, 5C, 06, F2, FF, FF, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7848] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 000000007732bfb0 12 bytes [48, B8, 80, 00, F2, FF, FF, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7848] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection 000000007732bfd0 12 bytes [48, B8, 16, 01, F2, FF, FF, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7848] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000000007732bff0 12 bytes [48, B8, 38, 0C, F2, FF, FF, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7848] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 000000007732c0a0 12 bytes [48, B8, 86, 18, F2, FF, FF, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7848] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000000007732c0d0 12 bytes [48, B8, 30, 05, F2, FF, FF, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7848] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 000000007732c0f0 12 bytes [48, B8, 88, 07, F2, FF, FF, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7848] C:\Windows\SYSTEM32\ntdll.dll!NtAdjustPrivilegesToken 000000007732c140 12 bytes [48, B8, 7E, 11, F2, FF, FF, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7848] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 000000007732c180 12 bytes [48, B8, F2, 06, F2, FF, FF, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7848] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcessEx 000000007732c200 12 bytes [48, B8, 04, 04, F2, FF, FF, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7848] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 000000007732c210 12 bytes [48, B8, D8, 02, F2, FF, FF, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7848] C:\Windows\SYSTEM32\ntdll.dll!NtSetValueKey 000000007732c330 12 bytes [48, B8, B2, 19, F2, FF, FF, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7848] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 000000007732c700 12 bytes [48, B8, F0, 17, F2, FF, FF, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7848] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcess 000000007732c750 12 bytes [48, B8, 6E, 03, F2, FF, FF, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7848] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 000000007732c7b0 12 bytes [48, B8, 42, 02, F2, FF, FF, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7848] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 000000007732cb20 12 bytes [48, B8, 64, 0D, F2, FF, FF, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7848] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcessToken 000000007732ccf0 12 bytes [48, B8, 98, 15, F2, FF, FF, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7848] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 000000007732d260 12 bytes [48, B8, C6, 05, F2, FF, FF, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7848] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 000000007732d420 12 bytes [48, B8, FA, 0D, F2, FF, FF, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7848] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 000000007732d500 12 bytes [48, B8, 4A, 09, F2, FF, FF, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7848] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 000000007732d510 12 bytes [48, B8, B4, 08, F2, FF, FF, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7848] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 000000007732d520 12 bytes [48, B8, 1C, 19, F2, FF, FF, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7848] C:\Windows\system32\kernel32.dll!CreateToolhelp32Snapshot 00000000770c1c10 12 bytes [48, B8, 1E, 08, F2, FF, FF, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7848] C:\Windows\system32\kernel32.dll!MoveFileExW + 1 00000000770c2b61 8 bytes [B8, BC, 0F, F2, FF, FF, 07, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7848] C:\Windows\system32\kernel32.dll!MoveFileExW + 10 00000000770c2b6a 2 bytes [50, C3] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7848] C:\Windows\system32\kernel32.dll!CreateProcessInternalW 00000000770ddd20 12 bytes [48, B8, 9A, 04, F2, FF, FF, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7848] C:\Windows\system32\kernel32.dll!GetStartupInfoA + 1 00000000770e08c1 11 bytes [B8, 5A, 17, F2, FF, FF, 07, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7848] C:\Windows\system32\kernel32.dll!MoveFileWithProgressW + 1 000000007714f6e1 11 bytes [B8, E8, 10, F2, FF, FF, 07, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7848] C:\Windows\system32\kernel32.dll!MoveFileWithProgressA + 1 000000007714f8e1 11 bytes [B8, 52, 10, F2, FF, FF, 07, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7848] C:\Windows\system32\kernel32.dll!MoveFileExA + 1 000000007714f911 8 bytes [B8, 26, 0F, F2, FF, FF, 07, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7848] C:\Windows\system32\kernel32.dll!MoveFileExA + 10 000000007714f91a 2 bytes [50, C3] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7848] C:\Windows\system32\KERNELBASE.dll!FindClose + 1 000007fefd256401 11 bytes [B8, 6C, 14, F2, FF, FF, 07, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7848] C:\Windows\system32\KERNELBASE.dll!FindFirstFileExW 000007fefd256620 12 bytes [48, B8, 40, 13, F2, FF, FF, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7848] C:\Windows\system32\KERNELBASE.dll!FindNextFileW + 1 000007fefd257901 11 bytes [B8, D6, 13, F2, FF, FF, 07, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7848] C:\Windows\system32\KERNELBASE.dll!CreateWellKnownSid + 1 000007fefd25a5c1 11 bytes [B8, 02, 15, F2, FF, FF, 07, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7848] C:\Windows\system32\KERNELBASE.dll!OpenThread + 1 000007fefd25ef51 11 bytes [B8, E0, 09, F2, FF, FF, 07, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7848] C:\Windows\system32\KERNELBASE.dll!DeleteFileW + 1 000007fefd263291 11 bytes [B8, 14, 12, F2, FF, FF, 07, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7848] C:\Windows\system32\KERNELBASE.dll!DeleteFileA + 1 000007fefd2635a1 11 bytes [B8, AA, 12, F2, FF, FF, 07, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7848] C:\Windows\system32\KERNELBASE.dll!WriteProcessMemory 000007fefd2838a0 12 bytes [48, B8, 0C, 0B, F2, FF, FF, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7848] C:\Windows\system32\KERNELBASE.dll!DefineDosDeviceW + 1 000007fefd28ff01 11 bytes [B8, 90, 0E, F2, FF, FF, 07, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7848] C:\Windows\system32\KERNELBASE.dll!CreateRemoteThread + 1 000007fefd2922c1 8 bytes [B8, AC, 01, F2, FF, FF, 07, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7848] C:\Windows\system32\KERNELBASE.dll!CreateRemoteThread + 10 000007fefd2922ca 2 bytes [50, C3] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7848] C:\Windows\system32\KERNELBASE.dll!CreateThread + 1 000007fefd292301 11 bytes [B8, 76, 0A, F2, FF, FF, 07, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7848] C:\Windows\system32\ADVAPI32.dll!CryptExportKey + 1 000007fefeb7ac21 11 bytes [B8, 12, 25, F2, FF, FF, 07, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7848] C:\Windows\system32\ADVAPI32.dll!CryptAcquireContextA + 1 000007fefeb7ac7d 11 bytes [B8, 3A, 22, F2, FF, FF, 07, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7848] C:\Windows\system32\ADVAPI32.dll!CryptImportKey + 1 000007fefeb7e415 11 bytes [B8, BE, 26, F2, FF, FF, 07, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7848] C:\Windows\system32\ADVAPI32.dll!OpenServiceW 000007fefeb7e514 12 bytes [48, B8, 8A, 1C, F2, FF, FF, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7848] C:\Windows\system32\ADVAPI32.dll!CryptAcquireContextW + 1 000007fefeb801bd 11 bytes [B8, D0, 22, F2, FF, FF, 07, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7848] C:\Windows\system32\ADVAPI32.dll!CryptCreateHash + 1 000007fefeb80291 11 bytes [B8, 7C, 24, F2, FF, FF, 07, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7848] C:\Windows\system32\ADVAPI32.dll!CryptGetHashParam + 1 000007fefeb802bd 11 bytes [B8, A8, 25, F2, FF, FF, 07, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7848] C:\Windows\system32\ADVAPI32.dll!CloseServiceHandle 000007fefeb8a830 12 bytes [48, B8, 78, 20, F2, FF, FF, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7848] C:\Windows\system32\ADVAPI32.dll!IsTextUnicode + 49 000007fefeb94291 11 bytes [B8, 48, 1A, F2, FF, FF, 07, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7848] C:\Windows\system32\ADVAPI32.dll!CreateServiceW 000007fefeb949b0 12 bytes [48, B8, A4, 21, F2, FF, FF, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7848] C:\Windows\system32\ADVAPI32.dll!CryptEncrypt + 1 000007fefebaa409 7 bytes [B8, E6, 23, F2, FF, FF, 07] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7848] C:\Windows\system32\ADVAPI32.dll!CryptEncrypt + 10 000007fefebaa412 2 bytes [50, C3] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7848] C:\Windows\system32\ADVAPI32.dll!CreateServiceA 000007fefebaa490 12 bytes [48, B8, 0E, 21, F2, FF, FF, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7848] C:\Windows\system32\ADVAPI32.dll!ControlServiceExW 000007fefebaa5e8 36 bytes [48, B8, B6, 1D, F2, FF, FF, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7848] C:\Windows\system32\ADVAPI32.dll!ChangeServiceConfigA 000007fefebaa66c 12 bytes [48, B8, 4C, 1F, F2, FF, FF, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7848] C:\Windows\system32\GDI32.dll!GdiDllInitialize + 353 000007feff3caf11 11 bytes [B8, DE, 1A, F2, FF, FF, 07, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7848] C:\Windows\system32\GDI32.dll!SetBrushAttributes + 1 000007feff3e49a9 11 bytes [B8, 34, 31, F2, FF, FF, 07, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7848] C:\Windows\system32\GDI32.dll!ClearBrushAttributes + 1 000007feff3e49c9 11 bytes [B8, CA, 31, F2, FF, FF, 07, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7848] C:\Windows\system32\GDI32.dll!NamedEscape + 1 000007feff3f9271 11 bytes [B8, 60, 32, F2, FF, FF, 07, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7964] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread 000000007732be00 7 bytes [48, B8, 60, F9, BA, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7964] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread + 8 000000007732be08 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7964] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThreadToken 000000007732bf70 7 bytes [48, B8, E0, F9, BA, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7964] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThreadToken + 8 000000007732bf78 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7964] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 000000007732bf90 7 bytes [48, B8, D0, FD, BA, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7964] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess + 8 000000007732bf98 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7964] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationFile 000000007732bfa0 7 bytes [48, B8, C0, FB, BA, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7964] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationFile + 8 000000007732bfa8 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7964] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 000000007732bfb0 7 bytes [48, B8, 40, F8, BA, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7964] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection + 8 000000007732bfb8 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7964] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection 000000007732bfd0 7 bytes [48, B8, B0, F8, BA, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7964] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection + 8 000000007732bfd8 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7964] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThreadTokenEx 000000007732c020 7 bytes [48, B8, 50, FA, BA, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7964] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThreadTokenEx + 8 000000007732c028 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7964] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcessTokenEx 000000007732c030 7 bytes [48, B8, 20, FE, BA, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7964] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcessTokenEx + 8 000000007732c038 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7964] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile 000000007732c060 7 bytes [48, B8, 40, FB, BA, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7964] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile + 8 000000007732c068 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7964] C:\Windows\SYSTEM32\ntdll.dll!NtQueryAttributesFile 000000007732c100 7 bytes [48, B8, 80, FB, BA, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7964] C:\Windows\SYSTEM32\ntdll.dll!NtQueryAttributesFile + 8 000000007732c108 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7964] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 000000007732c280 7 bytes [48, B8, C0, FA, BA, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7964] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile + 8 000000007732c288 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7964] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcessToken 000000007732ccf0 7 bytes [48, B8, 00, FE, BA, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7964] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcessToken + 8 000000007732ccf8 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7964] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 000000007732cd40 7 bytes [48, B8, A0, FD, BA, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7964] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread + 8 000000007732cd48 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7964] C:\Windows\SYSTEM32\ntdll.dll!NtQueryFullAttributesFile 000000007732ce90 7 bytes [48, B8, A0, FB, BA, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7964] C:\Windows\SYSTEM32\ntdll.dll!NtQueryFullAttributesFile + 8 000000007732ce98 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[8052] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread 000000007732be00 7 bytes [48, B8, 60, F9, BA, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[8052] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread + 8 000000007732be08 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[8052] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThreadToken 000000007732bf70 7 bytes [48, B8, E0, F9, BA, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[8052] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThreadToken + 8 000000007732bf78 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[8052] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 000000007732bf90 7 bytes [48, B8, D0, FD, BA, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[8052] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess + 8 000000007732bf98 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[8052] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationFile 000000007732bfa0 7 bytes [48, B8, C0, FB, BA, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[8052] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationFile + 8 000000007732bfa8 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[8052] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 000000007732bfb0 7 bytes [48, B8, 40, F8, BA, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[8052] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection + 8 000000007732bfb8 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[8052] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection 000000007732bfd0 7 bytes [48, B8, B0, F8, BA, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[8052] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection + 8 000000007732bfd8 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[8052] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThreadTokenEx 000000007732c020 7 bytes [48, B8, 50, FA, BA, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[8052] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThreadTokenEx + 8 000000007732c028 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[8052] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcessTokenEx 000000007732c030 7 bytes [48, B8, 20, FE, BA, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[8052] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcessTokenEx + 8 000000007732c038 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[8052] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile 000000007732c060 7 bytes [48, B8, 40, FB, BA, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[8052] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile + 8 000000007732c068 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[8052] C:\Windows\SYSTEM32\ntdll.dll!NtQueryAttributesFile 000000007732c100 7 bytes [48, B8, 80, FB, BA, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[8052] C:\Windows\SYSTEM32\ntdll.dll!NtQueryAttributesFile + 8 000000007732c108 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[8052] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 000000007732c280 7 bytes [48, B8, C0, FA, BA, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[8052] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile + 8 000000007732c288 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[8052] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcessToken 000000007732ccf0 7 bytes [48, B8, 00, FE, BA, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[8052] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcessToken + 8 000000007732ccf8 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[8052] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 000000007732cd40 7 bytes [48, B8, A0, FD, BA, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[8052] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread + 8 000000007732cd48 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[8052] C:\Windows\SYSTEM32\ntdll.dll!NtQueryFullAttributesFile 000000007732ce90 7 bytes [48, B8, A0, FB, BA, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[8052] C:\Windows\SYSTEM32\ntdll.dll!NtQueryFullAttributesFile + 8 000000007732ce98 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6344] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread 000000007732be00 7 bytes [48, B8, 60, F9, BA, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6344] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread + 8 000000007732be08 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6344] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThreadToken 000000007732bf70 7 bytes [48, B8, E0, F9, BA, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6344] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThreadToken + 8 000000007732bf78 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6344] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 000000007732bf90 7 bytes [48, B8, D0, FD, BA, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6344] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess + 8 000000007732bf98 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6344] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationFile 000000007732bfa0 7 bytes [48, B8, C0, FB, BA, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6344] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationFile + 8 000000007732bfa8 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6344] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 000000007732bfb0 7 bytes [48, B8, 40, F8, BA, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6344] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection + 8 000000007732bfb8 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6344] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection 000000007732bfd0 7 bytes [48, B8, B0, F8, BA, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6344] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection + 8 000000007732bfd8 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6344] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThreadTokenEx 000000007732c020 7 bytes [48, B8, 50, FA, BA, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6344] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThreadTokenEx + 8 000000007732c028 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6344] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcessTokenEx 000000007732c030 7 bytes [48, B8, 20, FE, BA, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6344] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcessTokenEx + 8 000000007732c038 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6344] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile 000000007732c060 7 bytes [48, B8, 40, FB, BA, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6344] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile + 8 000000007732c068 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6344] C:\Windows\SYSTEM32\ntdll.dll!NtQueryAttributesFile 000000007732c100 7 bytes [48, B8, 80, FB, BA, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6344] C:\Windows\SYSTEM32\ntdll.dll!NtQueryAttributesFile + 8 000000007732c108 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6344] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 000000007732c280 7 bytes [48, B8, C0, FA, BA, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6344] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile + 8 000000007732c288 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6344] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcessToken 000000007732ccf0 7 bytes [48, B8, 00, FE, BA, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6344] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcessToken + 8 000000007732ccf8 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6344] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 000000007732cd40 7 bytes [48, B8, A0, FD, BA, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6344] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread + 8 000000007732cd48 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6344] C:\Windows\SYSTEM32\ntdll.dll!NtQueryFullAttributesFile 000000007732ce90 7 bytes [48, B8, A0, FB, BA, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6344] C:\Windows\SYSTEM32\ntdll.dll!NtQueryFullAttributesFile + 8 000000007732ce98 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Windows\system32\wbem\WmiApSrv.exe[7392] C:\Windows\SYSTEM32\ntdll.dll!RtlEqualSid + 1 00000000773076b1 11 bytes [B8, 7C, 22, F2, FF, FF, 07, ...] .text C:\Windows\system32\wbem\WmiApSrv.exe[7392] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateProcessParametersEx + 1 0000000077315121 7 bytes [B8, 64, 0D, F2, FF, FF, 07] .text C:\Windows\system32\wbem\WmiApSrv.exe[7392] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateProcessParametersEx + 10 000000007731512a 2 bytes [50, C3] .text C:\Windows\system32\wbem\WmiApSrv.exe[7392] C:\Windows\SYSTEM32\ntdll.dll!NtClose 000000007732be20 12 bytes [48, B8, 98, 15, F2, FF, FF, ...] .text C:\Windows\system32\wbem\WmiApSrv.exe[7392] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory 000000007732beb0 12 bytes [48, B8, 36, 1D, F2, FF, FF, ...] .text C:\Windows\system32\wbem\WmiApSrv.exe[7392] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess 000000007732bef0 12 bytes [48, B8, 14, 12, F2, FF, FF, ...] .text C:\Windows\system32\wbem\WmiApSrv.exe[7392] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationToken 000000007732bf40 12 bytes [48, B8, E6, 21, F2, FF, FF, ...] .text C:\Windows\system32\wbem\WmiApSrv.exe[7392] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 000000007732bf90 12 bytes [48, B8, 5C, 06, F2, FF, FF, ...] .text C:\Windows\system32\wbem\WmiApSrv.exe[7392] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 000000007732bfb0 12 bytes [48, B8, 80, 00, F2, FF, FF, ...] .text C:\Windows\system32\wbem\WmiApSrv.exe[7392] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection 000000007732bfd0 12 bytes [48, B8, 16, 01, F2, FF, FF, ...] .text C:\Windows\system32\wbem\WmiApSrv.exe[7392] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000000007732bff0 12 bytes [48, B8, 7E, 11, F2, FF, FF, ...] .text C:\Windows\system32\wbem\WmiApSrv.exe[7392] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 000000007732c0a0 12 bytes [48, B8, A8, 23, F2, FF, FF, ...] .text C:\Windows\system32\wbem\WmiApSrv.exe[7392] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000000007732c0d0 12 bytes [48, B8, 30, 05, F2, FF, FF, ...] .text C:\Windows\system32\wbem\WmiApSrv.exe[7392] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 000000007732c0f0 12 bytes [48, B8, 88, 07, F2, FF, FF, ...] .text C:\Windows\system32\wbem\WmiApSrv.exe[7392] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 000000007732c130 12 bytes [48, B8, 0A, 1C, F2, FF, FF, ...] .text C:\Windows\system32\wbem\WmiApSrv.exe[7392] C:\Windows\SYSTEM32\ntdll.dll!NtAdjustPrivilegesToken 000000007732c140 12 bytes [48, B8, 48, 1A, F2, FF, FF, ...] .text C:\Windows\system32\wbem\WmiApSrv.exe[7392] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 000000007732c180 12 bytes [48, B8, F2, 06, F2, FF, FF, ...] .text C:\Windows\system32\wbem\WmiApSrv.exe[7392] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcessEx 000000007732c200 12 bytes [48, B8, 04, 04, F2, FF, FF, ...] .text C:\Windows\system32\wbem\WmiApSrv.exe[7392] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 000000007732c210 12 bytes [48, B8, D8, 02, F2, FF, FF, ...] .text C:\Windows\system32\wbem\WmiApSrv.exe[7392] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory 000000007732c230 12 bytes [48, B8, CC, 1D, F2, FF, FF, ...] .text C:\Windows\system32\wbem\WmiApSrv.exe[7392] C:\Windows\SYSTEM32\ntdll.dll!NtSetValueKey 000000007732c330 12 bytes [48, B8, D4, 24, F2, FF, FF, ...] .text C:\Windows\system32\wbem\WmiApSrv.exe[7392] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 000000007732c700 12 bytes [48, B8, A0, 1C, F2, FF, FF, ...] .text C:\Windows\system32\wbem\WmiApSrv.exe[7392] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcess 000000007732c750 12 bytes [48, B8, 6E, 03, F2, FF, FF, ...] .text C:\Windows\system32\wbem\WmiApSrv.exe[7392] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 000000007732c7b0 12 bytes [48, B8, 42, 02, F2, FF, FF, ...] .text C:\Windows\system32\wbem\WmiApSrv.exe[7392] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 000000007732cb20 12 bytes [48, B8, 2E, 16, F2, FF, FF, ...] .text C:\Windows\system32\wbem\WmiApSrv.exe[7392] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcessToken 000000007732ccf0 12 bytes [48, B8, 50, 21, F2, FF, FF, ...] .text C:\Windows\system32\wbem\WmiApSrv.exe[7392] C:\Windows\SYSTEM32\ntdll.dll!NtRaiseHardError 000000007732d060 12 bytes [48, B8, 52, 10, F2, FF, FF, ...] .text C:\Windows\system32\wbem\WmiApSrv.exe[7392] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 000000007732d260 12 bytes [48, B8, C6, 05, F2, FF, FF, ...] .text C:\Windows\system32\wbem\WmiApSrv.exe[7392] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 000000007732d420 12 bytes [48, B8, C4, 16, F2, FF, FF, ...] .text C:\Windows\system32\wbem\WmiApSrv.exe[7392] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 000000007732d500 12 bytes [48, B8, 4A, 09, F2, FF, FF, ...] .text C:\Windows\system32\wbem\WmiApSrv.exe[7392] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 000000007732d510 12 bytes [48, B8, B4, 08, F2, FF, FF, ...] .text C:\Windows\system32\wbem\WmiApSrv.exe[7392] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 000000007732d520 12 bytes [48, B8, 3E, 24, F2, FF, FF, ...] .text C:\Windows\system32\wbem\WmiApSrv.exe[7392] C:\Windows\SYSTEM32\ntdll.dll!RtlReportException + 1 000000007739e391 11 bytes [B8, E8, 10, F2, FF, FF, 07, ...] .text C:\Windows\system32\wbem\WmiApSrv.exe[7392] C:\Windows\system32\kernel32.dll!Process32NextW + 1 00000000770c1b21 11 bytes [B8, 02, 15, F2, FF, FF, 07, ...] .text C:\Windows\system32\wbem\WmiApSrv.exe[7392] C:\Windows\system32\kernel32.dll!CreateToolhelp32Snapshot 00000000770c1c10 12 bytes [48, B8, 1E, 08, F2, FF, FF, ...] .text C:\Windows\system32\wbem\WmiApSrv.exe[7392] C:\Windows\system32\kernel32.dll!MoveFileExW + 1 00000000770c2b61 8 bytes [B8, 86, 18, F2, FF, FF, 07, ...] .text C:\Windows\system32\wbem\WmiApSrv.exe[7392] C:\Windows\system32\kernel32.dll!MoveFileExW + 10 00000000770c2b6a 2 bytes [50, C3] .text C:\Windows\system32\wbem\WmiApSrv.exe[7392] C:\Windows\system32\kernel32.dll!CreateProcessInternalW 00000000770ddd20 12 bytes [48, B8, 9A, 04, F2, FF, FF, ...] .text C:\Windows\system32\wbem\WmiApSrv.exe[7392] C:\Windows\system32\kernel32.dll!GetStartupInfoA + 1 00000000770e08c1 11 bytes [B8, 12, 23, F2, FF, FF, 07, ...] .text C:\Windows\system32\wbem\WmiApSrv.exe[7392] C:\Windows\system32\kernel32.dll!ReadConsoleInputW + 1 00000000771154f1 11 bytes [B8, 90, 0E, F2, FF, FF, 07, ...] .text C:\Windows\system32\wbem\WmiApSrv.exe[7392] C:\Windows\system32\kernel32.dll!ReadConsoleInputA + 1 0000000077115511 11 bytes [B8, FA, 0D, F2, FF, FF, 07, ...] .text C:\Windows\system32\wbem\WmiApSrv.exe[7392] C:\Windows\system32\kernel32.dll!ReadConsoleW 000000007712a830 12 bytes [48, B8, BC, 0F, F2, FF, FF, ...] .text C:\Windows\system32\wbem\WmiApSrv.exe[7392] C:\Windows\system32\kernel32.dll!ReadConsoleA 000000007712a940 12 bytes [48, B8, 26, 0F, F2, FF, FF, ...] .text C:\Windows\system32\wbem\WmiApSrv.exe[7392] C:\Windows\system32\kernel32.dll!MoveFileWithProgressW + 1 000000007714f6e1 11 bytes [B8, B2, 19, F2, FF, FF, 07, ...] .text C:\Windows\system32\wbem\WmiApSrv.exe[7392] C:\Windows\system32\kernel32.dll!MoveFileWithProgressA + 1 000000007714f8e1 11 bytes [B8, 1C, 19, F2, FF, FF, 07, ...] .text C:\Windows\system32\wbem\WmiApSrv.exe[7392] C:\Windows\system32\kernel32.dll!MoveFileExA + 1 000000007714f911 8 bytes [B8, F0, 17, F2, FF, FF, 07, ...] .text C:\Windows\system32\wbem\WmiApSrv.exe[7392] C:\Windows\system32\kernel32.dll!MoveFileExA + 10 000000007714f91a 2 bytes [50, C3] .text C:\Windows\system32\wbem\WmiApSrv.exe[7392] C:\Windows\system32\KERNELBASE.dll!CloseHandle + 1 000007fefd251861 11 bytes [B8, CE, 0C, F2, FF, FF, 07, ...] .text C:\Windows\system32\wbem\WmiApSrv.exe[7392] C:\Windows\system32\KERNELBASE.dll!GetProcAddress + 1 000007fefd253371 11 bytes [B8, 6C, 14, F2, FF, FF, 07, ...] .text C:\Windows\system32\wbem\WmiApSrv.exe[7392] C:\Windows\system32\KERNELBASE.dll!FindClose + 1 000007fefd256401 11 bytes [B8, 24, 20, F2, FF, FF, 07, ...] .text C:\Windows\system32\wbem\WmiApSrv.exe[7392] C:\Windows\system32\KERNELBASE.dll!FindFirstFileExW 000007fefd256620 12 bytes [48, B8, F8, 1E, F2, FF, FF, ...] .text C:\Windows\system32\wbem\WmiApSrv.exe[7392] C:\Windows\system32\KERNELBASE.dll!FindNextFileW + 1 000007fefd257901 11 bytes [B8, 8E, 1F, F2, FF, FF, 07, ...] .text C:\Windows\system32\wbem\WmiApSrv.exe[7392] C:\Windows\system32\KERNELBASE.dll!CreateMutexW 000007fefd258750 9 bytes [48, B8, 38, 0C, F2, FF, FF, ...] .text C:\Windows\system32\wbem\WmiApSrv.exe[7392] C:\Windows\system32\KERNELBASE.dll!CreateMutexW + 10 000007fefd25875a 2 bytes [50, C3] .text C:\Windows\system32\wbem\WmiApSrv.exe[7392] C:\Windows\system32\KERNELBASE.dll!CreateWellKnownSid + 1 000007fefd25a5c1 11 bytes [B8, BA, 20, F2, FF, FF, 07, ...] .text C:\Windows\system32\wbem\WmiApSrv.exe[7392] C:\Windows\system32\KERNELBASE.dll!FreeLibrary + 1 000007fefd25aa61 11 bytes [B8, D6, 13, F2, FF, FF, 07, ...] .text C:\Windows\system32\wbem\WmiApSrv.exe[7392] C:\Windows\system32\KERNELBASE.dll!CreateRemoteThreadEx 000007fefd25acb0 12 bytes [48, B8, 62, 1E, F2, FF, FF, ...] .text C:\Windows\system32\wbem\WmiApSrv.exe[7392] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExA + 1 000007fefd25c751 11 bytes [B8, AA, 12, F2, FF, FF, 07, ...] .text C:\Windows\system32\wbem\WmiApSrv.exe[7392] C:\Windows\system32\KERNELBASE.dll!OpenThread + 1 000007fefd25ef51 11 bytes [B8, E0, 09, F2, FF, FF, 07, ...] .text C:\Windows\system32\wbem\WmiApSrv.exe[7392] C:\Windows\system32\KERNELBASE.dll!OpenMutexW + 1 000007fefd261c41 11 bytes [B8, A2, 0B, F2, FF, FF, 07, ...] .text C:\Windows\system32\wbem\WmiApSrv.exe[7392] C:\Windows\system32\KERNELBASE.dll!DeleteFileW + 1 000007fefd263291 11 bytes [B8, DE, 1A, F2, FF, FF, 07, ...] .text C:\Windows\system32\wbem\WmiApSrv.exe[7392] C:\Windows\system32\KERNELBASE.dll!DeleteFileA + 1 000007fefd2635a1 11 bytes [B8, 74, 1B, F2, FF, FF, 07, ...] .text C:\Windows\system32\wbem\WmiApSrv.exe[7392] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd269ac0 12 bytes [48, B8, 40, 13, F2, FF, FF, ...] .text C:\Windows\system32\wbem\WmiApSrv.exe[7392] C:\Windows\system32\KERNELBASE.dll!WriteProcessMemory 000007fefd2838a0 12 bytes [48, B8, 0C, 0B, F2, FF, FF, ...] .text C:\Windows\system32\wbem\WmiApSrv.exe[7392] C:\Windows\system32\KERNELBASE.dll!DefineDosDeviceW + 1 000007fefd28ff01 11 bytes [B8, 5A, 17, F2, FF, FF, 07, ...] .text C:\Windows\system32\wbem\WmiApSrv.exe[7392] C:\Windows\system32\KERNELBASE.dll!CreateRemoteThread + 1 000007fefd2922c1 8 bytes [B8, AC, 01, F2, FF, FF, 07, ...] .text C:\Windows\system32\wbem\WmiApSrv.exe[7392] C:\Windows\system32\KERNELBASE.dll!CreateRemoteThread + 10 000007fefd2922ca 2 bytes [50, C3] .text C:\Windows\system32\wbem\WmiApSrv.exe[7392] C:\Windows\system32\KERNELBASE.dll!CreateThread + 1 000007fefd292301 11 bytes [B8, 76, 0A, F2, FF, FF, 07, ...] .text C:\Windows\system32\wbem\WmiApSrv.exe[7392] C:\Windows\system32\ADVAPI32.dll!CryptExportKey + 1 000007fefeb7ac21 11 bytes [B8, CA, 30, F2, FF, FF, 07, ...] .text C:\Windows\system32\wbem\WmiApSrv.exe[7392] C:\Windows\system32\ADVAPI32.dll!CryptAcquireContextA + 1 000007fefeb7ac7d 11 bytes [B8, F2, 2D, F2, FF, FF, 07, ...] .text C:\Windows\system32\wbem\WmiApSrv.exe[7392] C:\Windows\system32\ADVAPI32.dll!CryptImportKey + 1 000007fefeb7e415 11 bytes [B8, 76, 32, F2, FF, FF, 07, ...] .text C:\Windows\system32\wbem\WmiApSrv.exe[7392] C:\Windows\system32\ADVAPI32.dll!OpenServiceW 000007fefeb7e514 12 bytes [48, B8, 42, 28, F2, FF, FF, ...] .text C:\Windows\system32\wbem\WmiApSrv.exe[7392] C:\Windows\system32\ADVAPI32.dll!CryptAcquireContextW + 1 000007fefeb801bd 11 bytes [B8, 88, 2E, F2, FF, FF, 07, ...] .text C:\Windows\system32\wbem\WmiApSrv.exe[7392] C:\Windows\system32\ADVAPI32.dll!CryptCreateHash + 1 000007fefeb80291 11 bytes [B8, 34, 30, F2, FF, FF, 07, ...] .text C:\Windows\system32\wbem\WmiApSrv.exe[7392] C:\Windows\system32\ADVAPI32.dll!CryptGetHashParam + 1 000007fefeb802bd 11 bytes [B8, 60, 31, F2, FF, FF, 07, ...] .text C:\Windows\system32\wbem\WmiApSrv.exe[7392] C:\Windows\system32\ADVAPI32.dll!CloseServiceHandle 000007fefeb8a830 12 bytes [48, B8, 30, 2C, F2, FF, FF, ...] .text C:\Windows\system32\wbem\WmiApSrv.exe[7392] C:\Windows\system32\ADVAPI32.dll!IsTextUnicode + 49 000007fefeb94291 11 bytes [B8, 6A, 25, F2, FF, FF, 07, ...] .text C:\Windows\system32\wbem\WmiApSrv.exe[7392] C:\Windows\system32\ADVAPI32.dll!CreateServiceW 000007fefeb949b0 12 bytes [48, B8, 5C, 2D, F2, FF, FF, ...] .text C:\Windows\system32\wbem\WmiApSrv.exe[7392] C:\Windows\system32\ADVAPI32.dll!CryptEncrypt + 1 000007fefebaa409 7 bytes [B8, 9E, 2F, F2, FF, FF, 07] .text C:\Windows\system32\wbem\WmiApSrv.exe[7392] C:\Windows\system32\ADVAPI32.dll!CryptEncrypt + 10 000007fefebaa412 2 bytes [50, C3] .text C:\Windows\system32\wbem\WmiApSrv.exe[7392] C:\Windows\system32\ADVAPI32.dll!CreateServiceA 000007fefebaa490 12 bytes [48, B8, C6, 2C, F2, FF, FF, ...] .text C:\Windows\system32\wbem\WmiApSrv.exe[7392] C:\Windows\system32\ADVAPI32.dll!ControlServiceExW 000007fefebaa5e8 36 bytes [48, B8, 6E, 29, F2, FF, FF, ...] .text C:\Windows\system32\wbem\WmiApSrv.exe[7392] C:\Windows\system32\ADVAPI32.dll!ChangeServiceConfigA 000007fefebaa66c 12 bytes [48, B8, 04, 2B, F2, FF, FF, ...] .text C:\Windows\system32\wbem\WmiApSrv.exe[7392] C:\Windows\system32\GDI32.dll!GdiDllInitialize + 353 000007feff3caf11 11 bytes [B8, 96, 26, F2, FF, FF, 07, ...] .text C:\Windows\system32\wbem\WmiApSrv.exe[7392] C:\Windows\system32\GDI32.dll!SetBrushAttributes + 1 000007feff3e49a9 11 bytes [B8, 0C, 33, F2, FF, FF, 07, ...] .text C:\Windows\system32\wbem\WmiApSrv.exe[7392] C:\Windows\system32\GDI32.dll!ClearBrushAttributes + 1 000007feff3e49c9 11 bytes [B8, A2, 33, F2, FF, FF, 07, ...] .text C:\Windows\system32\wbem\WmiApSrv.exe[7392] C:\Windows\system32\GDI32.dll!NamedEscape + 1 000007feff3f9271 11 bytes [B8, 38, 34, F2, FF, FF, 07, ...] .text C:\Windows\system32\wbem\WmiApSrv.exe[7392] C:\Windows\system32\WS2_32.dll!WSASend + 1 000007fefea813b1 11 bytes [B8, 92, 4B, F2, FF, FF, 07, ...] .text C:\Windows\system32\wbem\WmiApSrv.exe[7392] C:\Windows\system32\WS2_32.dll!closesocket 000007fefea818e0 12 bytes [48, B8, FC, 4A, F2, FF, FF, ...] .text C:\Windows\system32\wbem\WmiApSrv.exe[7392] C:\Windows\system32\WS2_32.dll!WSASocketW + 1 000007fefea81bd1 11 bytes [B8, 66, 4A, F2, FF, FF, 07, ...] .text C:\Windows\system32\wbem\WmiApSrv.exe[7392] C:\Windows\system32\WS2_32.dll!WSARecv + 1 000007fefea82201 11 bytes [B8, EA, 4D, F2, FF, FF, 07, ...] .text C:\Windows\system32\wbem\WmiApSrv.exe[7392] C:\Windows\system32\WS2_32.dll!GetAddrInfoW 000007fefea823c0 12 bytes [48, B8, 0E, 48, F2, FF, FF, ...] .text C:\Windows\system32\wbem\WmiApSrv.exe[7392] C:\Windows\system32\WS2_32.dll!connect 000007fefea842f0 12 bytes [48, B8, 78, 47, F2, FF, FF, ...] .text C:\Windows\system32\wbem\WmiApSrv.exe[7392] C:\Windows\system32\WS2_32.dll!send + 1 000007fefea87cd1 11 bytes [B8, D0, 49, F2, FF, FF, 07, ...] .text C:\Windows\system32\wbem\WmiApSrv.exe[7392] C:\Windows\system32\WS2_32.dll!gethostbyname 000007fefea88ac0 8 bytes [48, B8, 3A, 49, F2, FF, FF, ...] .text C:\Windows\system32\wbem\WmiApSrv.exe[7392] C:\Windows\system32\WS2_32.dll!gethostbyname + 9 000007fefea88ac9 3 bytes [00, 50, C3] .text C:\Windows\system32\wbem\WmiApSrv.exe[7392] C:\Windows\system32\WS2_32.dll!GetAddrInfoExW 000007fefea8be40 12 bytes [48, B8, A4, 48, F2, FF, FF, ...] .text C:\Windows\system32\wbem\WmiApSrv.exe[7392] C:\Windows\system32\WS2_32.dll!socket + 1 000007fefea8d911 11 bytes [B8, 28, 4C, F2, FF, FF, 07, ...] .text C:\Windows\system32\wbem\WmiApSrv.exe[7392] C:\Windows\system32\WS2_32.dll!recv + 1 000007fefea8d9c1 11 bytes [B8, 54, 4D, F2, FF, FF, 07, ...] .text C:\Windows\system32\wbem\WmiApSrv.exe[7392] C:\Windows\system32\WS2_32.dll!WSAConnect + 1 000007fefeaae081 11 bytes [B8, BE, 4C, F2, FF, FF, 07, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7692] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread 000000007732be00 7 bytes [48, B8, 60, F9, BA, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7692] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread + 8 000000007732be08 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7692] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThreadToken 000000007732bf70 7 bytes [48, B8, E0, F9, BA, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7692] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThreadToken + 8 000000007732bf78 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7692] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 000000007732bf90 7 bytes [48, B8, D0, FD, BA, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7692] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess + 8 000000007732bf98 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7692] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationFile 000000007732bfa0 7 bytes [48, B8, C0, FB, BA, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7692] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationFile + 8 000000007732bfa8 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7692] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 000000007732bfb0 7 bytes [48, B8, 40, F8, BA, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7692] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection + 8 000000007732bfb8 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7692] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection 000000007732bfd0 7 bytes [48, B8, B0, F8, BA, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7692] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection + 8 000000007732bfd8 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7692] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThreadTokenEx 000000007732c020 7 bytes [48, B8, 50, FA, BA, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7692] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThreadTokenEx + 8 000000007732c028 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7692] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcessTokenEx 000000007732c030 7 bytes [48, B8, 20, FE, BA, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7692] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcessTokenEx + 8 000000007732c038 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7692] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile 000000007732c060 7 bytes [48, B8, 40, FB, BA, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7692] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile + 8 000000007732c068 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7692] C:\Windows\SYSTEM32\ntdll.dll!NtQueryAttributesFile 000000007732c100 7 bytes [48, B8, 80, FB, BA, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7692] C:\Windows\SYSTEM32\ntdll.dll!NtQueryAttributesFile + 8 000000007732c108 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7692] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 000000007732c280 7 bytes [48, B8, C0, FA, BA, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7692] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile + 8 000000007732c288 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7692] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcessToken 000000007732ccf0 7 bytes [48, B8, 00, FE, BA, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7692] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcessToken + 8 000000007732ccf8 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7692] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 000000007732cd40 7 bytes [48, B8, A0, FD, BA, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7692] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread + 8 000000007732cd48 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7692] C:\Windows\SYSTEM32\ntdll.dll!NtQueryFullAttributesFile 000000007732ce90 7 bytes [48, B8, A0, FB, BA, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7692] C:\Windows\SYSTEM32\ntdll.dll!NtQueryFullAttributesFile + 8 000000007732ce98 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7728] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread 000000007732be00 7 bytes [48, B8, 60, F9, BA, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7728] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread + 8 000000007732be08 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7728] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThreadToken 000000007732bf70 7 bytes [48, B8, E0, F9, BA, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7728] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThreadToken + 8 000000007732bf78 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7728] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 000000007732bf90 7 bytes [48, B8, D0, FD, BA, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7728] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess + 8 000000007732bf98 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7728] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationFile 000000007732bfa0 7 bytes [48, B8, C0, FB, BA, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7728] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationFile + 8 000000007732bfa8 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7728] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 000000007732bfb0 7 bytes [48, B8, 40, F8, BA, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7728] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection + 8 000000007732bfb8 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7728] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection 000000007732bfd0 7 bytes [48, B8, B0, F8, BA, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7728] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection + 8 000000007732bfd8 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7728] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThreadTokenEx 000000007732c020 7 bytes [48, B8, 50, FA, BA, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7728] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThreadTokenEx + 8 000000007732c028 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7728] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcessTokenEx 000000007732c030 7 bytes [48, B8, 20, FE, BA, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7728] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcessTokenEx + 8 000000007732c038 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7728] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile 000000007732c060 7 bytes [48, B8, 40, FB, BA, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7728] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile + 8 000000007732c068 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7728] C:\Windows\SYSTEM32\ntdll.dll!NtQueryAttributesFile 000000007732c100 7 bytes [48, B8, 80, FB, BA, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7728] C:\Windows\SYSTEM32\ntdll.dll!NtQueryAttributesFile + 8 000000007732c108 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7728] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 000000007732c280 7 bytes [48, B8, C0, FA, BA, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7728] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile + 8 000000007732c288 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7728] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcessToken 000000007732ccf0 7 bytes [48, B8, 00, FE, BA, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7728] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcessToken + 8 000000007732ccf8 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7728] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 000000007732cd40 7 bytes [48, B8, A0, FD, BA, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7728] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread + 8 000000007732cd48 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7728] C:\Windows\SYSTEM32\ntdll.dll!NtQueryFullAttributesFile 000000007732ce90 7 bytes [48, B8, A0, FB, BA, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7728] C:\Windows\SYSTEM32\ntdll.dll!NtQueryFullAttributesFile + 8 000000007732ce98 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[8076] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread 000000007732be00 7 bytes [48, B8, 60, F9, BA, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[8076] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread + 8 000000007732be08 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[8076] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThreadToken 000000007732bf70 7 bytes [48, B8, E0, F9, BA, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[8076] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThreadToken + 8 000000007732bf78 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[8076] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 000000007732bf90 7 bytes [48, B8, D0, FD, BA, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[8076] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess + 8 000000007732bf98 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[8076] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationFile 000000007732bfa0 7 bytes [48, B8, C0, FB, BA, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[8076] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationFile + 8 000000007732bfa8 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[8076] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 000000007732bfb0 7 bytes [48, B8, 40, F8, BA, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[8076] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection + 8 000000007732bfb8 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[8076] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection 000000007732bfd0 7 bytes [48, B8, B0, F8, BA, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[8076] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection + 8 000000007732bfd8 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[8076] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThreadTokenEx 000000007732c020 7 bytes [48, B8, 50, FA, BA, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[8076] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThreadTokenEx + 8 000000007732c028 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[8076] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcessTokenEx 000000007732c030 7 bytes [48, B8, 20, FE, BA, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[8076] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcessTokenEx + 8 000000007732c038 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[8076] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile 000000007732c060 7 bytes [48, B8, 40, FB, BA, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[8076] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile + 8 000000007732c068 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[8076] C:\Windows\SYSTEM32\ntdll.dll!NtQueryAttributesFile 000000007732c100 7 bytes [48, B8, 80, FB, BA, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[8076] C:\Windows\SYSTEM32\ntdll.dll!NtQueryAttributesFile + 8 000000007732c108 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[8076] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 000000007732c280 7 bytes [48, B8, C0, FA, BA, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[8076] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile + 8 000000007732c288 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[8076] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcessToken 000000007732ccf0 7 bytes [48, B8, 00, FE, BA, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[8076] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcessToken + 8 000000007732ccf8 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[8076] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 000000007732cd40 7 bytes [48, B8, A0, FD, BA, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[8076] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread + 8 000000007732cd48 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[8076] C:\Windows\SYSTEM32\ntdll.dll!NtQueryFullAttributesFile 000000007732ce90 7 bytes [48, B8, A0, FB, BA, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[8076] C:\Windows\SYSTEM32\ntdll.dll!NtQueryFullAttributesFile + 8 000000007732ce98 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2720] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread 000000007732be00 7 bytes [48, B8, 60, F9, BA, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2720] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread + 8 000000007732be08 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2720] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThreadToken 000000007732bf70 7 bytes [48, B8, E0, F9, BA, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2720] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThreadToken + 8 000000007732bf78 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2720] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 000000007732bf90 7 bytes [48, B8, D0, FD, BA, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2720] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess + 8 000000007732bf98 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2720] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationFile 000000007732bfa0 7 bytes [48, B8, C0, FB, BA, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2720] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationFile + 8 000000007732bfa8 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2720] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 000000007732bfb0 7 bytes [48, B8, 40, F8, BA, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2720] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection + 8 000000007732bfb8 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2720] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection 000000007732bfd0 7 bytes [48, B8, B0, F8, BA, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2720] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection + 8 000000007732bfd8 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2720] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThreadTokenEx 000000007732c020 7 bytes [48, B8, 50, FA, BA, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2720] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThreadTokenEx + 8 000000007732c028 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2720] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcessTokenEx 000000007732c030 7 bytes [48, B8, 20, FE, BA, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2720] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcessTokenEx + 8 000000007732c038 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2720] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile 000000007732c060 7 bytes [48, B8, 40, FB, BA, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2720] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile + 8 000000007732c068 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2720] C:\Windows\SYSTEM32\ntdll.dll!NtQueryAttributesFile 000000007732c100 7 bytes [48, B8, 80, FB, BA, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2720] C:\Windows\SYSTEM32\ntdll.dll!NtQueryAttributesFile + 8 000000007732c108 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2720] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 000000007732c280 7 bytes [48, B8, C0, FA, BA, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2720] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile + 8 000000007732c288 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2720] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcessToken 000000007732ccf0 7 bytes [48, B8, 00, FE, BA, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2720] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcessToken + 8 000000007732ccf8 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2720] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 000000007732cd40 7 bytes [48, B8, A0, FD, BA, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2720] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread + 8 000000007732cd48 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2720] C:\Windows\SYSTEM32\ntdll.dll!NtQueryFullAttributesFile 000000007732ce90 7 bytes [48, B8, A0, FB, BA, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2720] C:\Windows\SYSTEM32\ntdll.dll!NtQueryFullAttributesFile + 8 000000007732ce98 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6792] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread 000000007732be00 7 bytes [48, B8, 60, F9, BA, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6792] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread + 8 000000007732be08 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6792] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThreadToken 000000007732bf70 7 bytes [48, B8, E0, F9, BA, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6792] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThreadToken + 8 000000007732bf78 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6792] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 000000007732bf90 7 bytes [48, B8, D0, FD, BA, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6792] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess + 8 000000007732bf98 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6792] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationFile 000000007732bfa0 7 bytes [48, B8, C0, FB, BA, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6792] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationFile + 8 000000007732bfa8 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6792] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 000000007732bfb0 7 bytes [48, B8, 40, F8, BA, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6792] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection + 8 000000007732bfb8 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6792] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection 000000007732bfd0 7 bytes [48, B8, B0, F8, BA, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6792] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection + 8 000000007732bfd8 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6792] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThreadTokenEx 000000007732c020 7 bytes [48, B8, 50, FA, BA, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6792] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThreadTokenEx + 8 000000007732c028 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6792] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcessTokenEx 000000007732c030 7 bytes [48, B8, 20, FE, BA, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6792] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcessTokenEx + 8 000000007732c038 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6792] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile 000000007732c060 7 bytes [48, B8, 40, FB, BA, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6792] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile + 8 000000007732c068 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6792] C:\Windows\SYSTEM32\ntdll.dll!NtQueryAttributesFile 000000007732c100 7 bytes [48, B8, 80, FB, BA, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6792] C:\Windows\SYSTEM32\ntdll.dll!NtQueryAttributesFile + 8 000000007732c108 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6792] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 000000007732c280 7 bytes [48, B8, C0, FA, BA, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6792] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile + 8 000000007732c288 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6792] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcessToken 000000007732ccf0 7 bytes [48, B8, 00, FE, BA, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6792] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcessToken + 8 000000007732ccf8 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6792] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 000000007732cd40 7 bytes [48, B8, A0, FD, BA, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6792] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread + 8 000000007732cd48 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6792] C:\Windows\SYSTEM32\ntdll.dll!NtQueryFullAttributesFile 000000007732ce90 7 bytes [48, B8, A0, FB, BA, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6792] C:\Windows\SYSTEM32\ntdll.dll!NtQueryFullAttributesFile + 8 000000007732ce98 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7536] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread 000000007732be00 7 bytes [48, B8, 60, F9, BA, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7536] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread + 8 000000007732be08 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7536] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThreadToken 000000007732bf70 7 bytes [48, B8, E0, F9, BA, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7536] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThreadToken + 8 000000007732bf78 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7536] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 000000007732bf90 7 bytes [48, B8, D0, FD, BA, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7536] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess + 8 000000007732bf98 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7536] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationFile 000000007732bfa0 7 bytes [48, B8, C0, FB, BA, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7536] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationFile + 8 000000007732bfa8 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7536] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 000000007732bfb0 7 bytes [48, B8, 40, F8, BA, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7536] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection + 8 000000007732bfb8 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7536] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection 000000007732bfd0 7 bytes [48, B8, B0, F8, BA, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7536] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection + 8 000000007732bfd8 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7536] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThreadTokenEx 000000007732c020 7 bytes [48, B8, 50, FA, BA, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7536] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThreadTokenEx + 8 000000007732c028 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7536] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcessTokenEx 000000007732c030 7 bytes [48, B8, 20, FE, BA, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7536] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcessTokenEx + 8 000000007732c038 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7536] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile 000000007732c060 7 bytes [48, B8, 40, FB, BA, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7536] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile + 8 000000007732c068 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7536] C:\Windows\SYSTEM32\ntdll.dll!NtQueryAttributesFile 000000007732c100 7 bytes [48, B8, 80, FB, BA, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7536] C:\Windows\SYSTEM32\ntdll.dll!NtQueryAttributesFile + 8 000000007732c108 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7536] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 000000007732c280 7 bytes [48, B8, C0, FA, BA, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7536] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile + 8 000000007732c288 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7536] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcessToken 000000007732ccf0 7 bytes [48, B8, 00, FE, BA, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7536] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcessToken + 8 000000007732ccf8 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7536] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 000000007732cd40 7 bytes [48, B8, A0, FD, BA, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7536] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread + 8 000000007732cd48 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7536] C:\Windows\SYSTEM32\ntdll.dll!NtQueryFullAttributesFile 000000007732ce90 7 bytes [48, B8, A0, FB, BA, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7536] C:\Windows\SYSTEM32\ntdll.dll!NtQueryFullAttributesFile + 8 000000007732ce98 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7640] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread 000000007732be00 7 bytes [48, B8, 60, F9, BA, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7640] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread + 8 000000007732be08 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7640] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThreadToken 000000007732bf70 7 bytes [48, B8, E0, F9, BA, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7640] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThreadToken + 8 000000007732bf78 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7640] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 000000007732bf90 7 bytes [48, B8, D0, FD, BA, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7640] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess + 8 000000007732bf98 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7640] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationFile 000000007732bfa0 7 bytes [48, B8, C0, FB, BA, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7640] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationFile + 8 000000007732bfa8 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7640] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 000000007732bfb0 7 bytes [48, B8, 40, F8, BA, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7640] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection + 8 000000007732bfb8 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7640] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection 000000007732bfd0 7 bytes [48, B8, B0, F8, BA, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7640] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection + 8 000000007732bfd8 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7640] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThreadTokenEx 000000007732c020 7 bytes [48, B8, 50, FA, BA, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7640] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThreadTokenEx + 8 000000007732c028 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7640] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcessTokenEx 000000007732c030 7 bytes [48, B8, 20, FE, BA, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7640] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcessTokenEx + 8 000000007732c038 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7640] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile 000000007732c060 7 bytes [48, B8, 40, FB, BA, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7640] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile + 8 000000007732c068 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7640] C:\Windows\SYSTEM32\ntdll.dll!NtQueryAttributesFile 000000007732c100 7 bytes [48, B8, 80, FB, BA, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7640] C:\Windows\SYSTEM32\ntdll.dll!NtQueryAttributesFile + 8 000000007732c108 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7640] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 000000007732c280 7 bytes [48, B8, C0, FA, BA, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7640] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile + 8 000000007732c288 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7640] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcessToken 000000007732ccf0 7 bytes [48, B8, 00, FE, BA, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7640] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcessToken + 8 000000007732ccf8 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7640] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 000000007732cd40 7 bytes [48, B8, A0, FD, BA, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7640] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread + 8 000000007732cd48 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7640] C:\Windows\SYSTEM32\ntdll.dll!NtQueryFullAttributesFile 000000007732ce90 7 bytes [48, B8, A0, FB, BA, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7640] C:\Windows\SYSTEM32\ntdll.dll!NtQueryFullAttributesFile + 8 000000007732ce98 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4388] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread 000000007732be00 7 bytes [48, B8, 60, F9, BA, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4388] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread + 8 000000007732be08 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4388] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThreadToken 000000007732bf70 7 bytes [48, B8, E0, F9, BA, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4388] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThreadToken + 8 000000007732bf78 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4388] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 000000007732bf90 7 bytes [48, B8, D0, FD, BA, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4388] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess + 8 000000007732bf98 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4388] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationFile 000000007732bfa0 7 bytes [48, B8, C0, FB, BA, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4388] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationFile + 8 000000007732bfa8 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4388] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 000000007732bfb0 7 bytes [48, B8, 40, F8, BA, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4388] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection + 8 000000007732bfb8 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4388] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection 000000007732bfd0 7 bytes [48, B8, B0, F8, BA, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4388] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection + 8 000000007732bfd8 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4388] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThreadTokenEx 000000007732c020 7 bytes [48, B8, 50, FA, BA, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4388] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThreadTokenEx + 8 000000007732c028 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4388] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcessTokenEx 000000007732c030 7 bytes [48, B8, 20, FE, BA, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4388] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcessTokenEx + 8 000000007732c038 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4388] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile 000000007732c060 7 bytes [48, B8, 40, FB, BA, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4388] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile + 8 000000007732c068 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4388] C:\Windows\SYSTEM32\ntdll.dll!NtQueryAttributesFile 000000007732c100 7 bytes [48, B8, 80, FB, BA, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4388] C:\Windows\SYSTEM32\ntdll.dll!NtQueryAttributesFile + 8 000000007732c108 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4388] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 000000007732c280 7 bytes [48, B8, C0, FA, BA, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4388] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile + 8 000000007732c288 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4388] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcessToken 000000007732ccf0 7 bytes [48, B8, 00, FE, BA, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4388] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcessToken + 8 000000007732ccf8 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4388] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 000000007732cd40 7 bytes [48, B8, A0, FD, BA, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4388] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread + 8 000000007732cd48 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4388] C:\Windows\SYSTEM32\ntdll.dll!NtQueryFullAttributesFile 000000007732ce90 7 bytes [48, B8, A0, FB, BA, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4388] C:\Windows\SYSTEM32\ntdll.dll!NtQueryFullAttributesFile + 8 000000007732ce98 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\HD Tune Pro\HDTunePro.exe[5220] C:\Windows\SysWOW64\ntdll.dll!NtClose 00000000774df9f0 5 bytes JMP 000000007ef20700 .text C:\Program Files (x86)\HD Tune Pro\HDTunePro.exe[5220] C:\Windows\SysWOW64\ntdll.dll!NtAllocateVirtualMemory 00000000774dfad0 5 bytes JMP 000000007ef208ba .text C:\Program Files (x86)\HD Tune Pro\HDTunePro.exe[5220] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationProcess 00000000774dfb38 1 byte JMP 000000007ef20656 .text C:\Program Files (x86)\HD Tune Pro\HDTunePro.exe[5220] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationProcess + 2 00000000774dfb3a 3 bytes {JMP 0x7a40b1e} .text C:\Program Files (x86)\HD Tune Pro\HDTunePro.exe[5220] C:\Windows\SysWOW64\ntdll.dll!NtQueryInformationToken 00000000774dfbb8 5 bytes JMP 000000007ef209ca .text C:\Program Files (x86)\HD Tune Pro\HDTunePro.exe[5220] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess 00000000774dfc30 5 bytes JMP 000000007ef203f2 .text C:\Program Files (x86)\HD Tune Pro\HDTunePro.exe[5220] C:\Windows\SysWOW64\ntdll.dll!NtMapViewOfSection 00000000774dfc60 5 bytes JMP 000000007ef20018 .text C:\Program Files (x86)\HD Tune Pro\HDTunePro.exe[5220] C:\Windows\SysWOW64\ntdll.dll!NtUnmapViewOfSection 00000000774dfc90 5 bytes JMP 000000007ef2003a .text C:\Program Files (x86)\HD Tune Pro\HDTunePro.exe[5220] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 00000000774dfcc0 5 bytes JMP 000000007ef20634 .text C:\Program Files (x86)\HD Tune Pro\HDTunePro.exe[5220] C:\Windows\SysWOW64\ntdll.dll!NtOpenSection 00000000774dfdd8 5 bytes JMP 000000007ef20a0e .text C:\Program Files (x86)\HD Tune Pro\HDTunePro.exe[5220] C:\Windows\SysWOW64\ntdll.dll!NtWriteVirtualMemory 00000000774dfe24 5 bytes JMP 000000007ef203ae .text C:\Program Files (x86)\HD Tune Pro\HDTunePro.exe[5220] C:\Windows\SysWOW64\ntdll.dll!NtDuplicateObject 00000000774dfe54 5 bytes JMP 000000007ef20436 .text C:\Program Files (x86)\HD Tune Pro\HDTunePro.exe[5220] C:\Windows\SysWOW64\ntdll.dll!NtOpenEvent 00000000774dfeb8 5 bytes JMP 000000007ef20876 .text C:\Program Files (x86)\HD Tune Pro\HDTunePro.exe[5220] C:\Windows\SysWOW64\ntdll.dll!NtAdjustPrivilegesToken 00000000774dfed0 5 bytes JMP 000000007ef20810 .text C:\Program Files (x86)\HD Tune Pro\HDTunePro.exe[5220] C:\Windows\SysWOW64\ntdll.dll!NtQueueApcThread 00000000774dff34 5 bytes JMP 000000007ef20414 .text C:\Program Files (x86)\HD Tune Pro\HDTunePro.exe[5220] C:\Windows\SysWOW64\ntdll.dll!NtCreateProcessEx 00000000774dfffc 5 bytes JMP 000000007ef2036a .text C:\Program Files (x86)\HD Tune Pro\HDTunePro.exe[5220] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread 00000000774e0014 5 bytes JMP 000000007ef20326 .text C:\Program Files (x86)\HD Tune Pro\HDTunePro.exe[5220] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory 00000000774e0048 5 bytes JMP 000000007ef208dc .text C:\Program Files (x86)\HD Tune Pro\HDTunePro.exe[5220] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile 00000000774e00c4 2 bytes JMP 000000007ef20128 .text C:\Program Files (x86)\HD Tune Pro\HDTunePro.exe[5220] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile + 3 00000000774e00c7 2 bytes [A4, 07] .text C:\Program Files (x86)\HD Tune Pro\HDTunePro.exe[5220] C:\Windows\SysWOW64\ntdll.dll!NtSetValueKey 00000000774e01d4 5 bytes JMP 000000007ef201b0 .text C:\Program Files (x86)\HD Tune Pro\HDTunePro.exe[5220] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant 00000000774e07ac 2 bytes JMP 000000007ef20898 .text C:\Program Files (x86)\HD Tune Pro\HDTunePro.exe[5220] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant + 3 00000000774e07af 2 bytes [A4, 07] .text C:\Program Files (x86)\HD Tune Pro\HDTunePro.exe[5220] C:\Windows\SysWOW64\ntdll.dll!NtCreateProcess 00000000774e0824 5 bytes JMP 000000007ef20348 .text C:\Program Files (x86)\HD Tune Pro\HDTunePro.exe[5220] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx 00000000774e08b4 5 bytes JMP 000000007ef20304 .text C:\Program Files (x86)\HD Tune Pro\HDTunePro.exe[5220] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver 00000000774e0e04 5 bytes JMP 000000007ef20722 .text C:\Program Files (x86)\HD Tune Pro\HDTunePro.exe[5220] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessToken 00000000774e10d0 5 bytes JMP 000000007ef209a8 .text C:\Program Files (x86)\HD Tune Pro\HDTunePro.exe[5220] C:\Windows\SysWOW64\ntdll.dll!NtRaiseHardError 00000000774e1614 5 bytes JMP 000000007ef205f0 .text C:\Program Files (x86)\HD Tune Pro\HDTunePro.exe[5220] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread 00000000774e1930 5 bytes JMP 000000007ef203d0 .text C:\Program Files (x86)\HD Tune Pro\HDTunePro.exe[5220] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation 00000000774e1bf4 5 bytes JMP 000000007ef20744 .text C:\Program Files (x86)\HD Tune Pro\HDTunePro.exe[5220] C:\Windows\SysWOW64\ntdll.dll!NtSuspendProcess 00000000774e1d64 5 bytes JMP 000000007ef2047a .text C:\Program Files (x86)\HD Tune Pro\HDTunePro.exe[5220] C:\Windows\SysWOW64\ntdll.dll!NtSuspendThread 00000000774e1d80 5 bytes JMP 000000007ef20458 .text C:\Program Files (x86)\HD Tune Pro\HDTunePro.exe[5220] C:\Windows\SysWOW64\ntdll.dll!NtSystemDebugControl 00000000774e1d9c 5 bytes JMP 000000007ef20a30 .text C:\Program Files (x86)\HD Tune Pro\HDTunePro.exe[5220] C:\Windows\SysWOW64\ntdll.dll!RtlQueryPerformanceCounter 00000000774f2954 5 bytes JMP 000000007ef200c2 .text C:\Program Files (x86)\HD Tune Pro\HDTunePro.exe[5220] C:\Windows\SysWOW64\ntdll.dll!RtlEqualSid 00000000774f8ee1 5 bytes JMP 000000007ef209ec .text C:\Program Files (x86)\HD Tune Pro\HDTunePro.exe[5220] C:\Windows\SysWOW64\ntdll.dll!RtlCreateProcessParametersEx 000000007752005b 5 bytes JMP 000000007ef2016c .text C:\Program Files (x86)\HD Tune Pro\HDTunePro.exe[5220] C:\Windows\SysWOW64\ntdll.dll!RtlReportException 0000000077568757 5 bytes JMP 000000007ef20612 .text C:\Program Files (x86)\HD Tune Pro\HDTunePro.exe[5220] C:\Windows\SysWOW64\ntdll.dll!RtlCreateProcessParameters 000000007756e9f7 5 bytes JMP 000000007ef2014a .text C:\Program Files (x86)\HD Tune Pro\HDTunePro.exe[5220] C:\Windows\syswow64\kernel32.dll!GetStartupInfoA 0000000076310e00 5 bytes JMP 000000007ef200e4 .text C:\Program Files (x86)\HD Tune Pro\HDTunePro.exe[5220] C:\Windows\syswow64\kernel32.dll!CreateProcessA 0000000076311072 5 bytes JMP 000000007ef202c0 .text C:\Program Files (x86)\HD Tune Pro\HDTunePro.exe[5220] C:\Windows\syswow64\kernel32.dll!LoadLibraryA 0000000076314977 5 bytes JMP 000000007ef20238 .text C:\Program Files (x86)\HD Tune Pro\HDTunePro.exe[5220] C:\Windows\syswow64\kernel32.dll!CreateProcessInternalW 0000000076323bbb 5 bytes JMP 000000007ef2038c .text C:\Program Files (x86)\HD Tune Pro\HDTunePro.exe[5220] C:\Windows\syswow64\kernel32.dll!MoveFileWithProgressW 0000000076329abc 5 bytes JMP 000000007ef207ee .text C:\Program Files (x86)\HD Tune Pro\HDTunePro.exe[5220] C:\Windows\syswow64\kernel32.dll!MoveFileExW 0000000076329b1d 5 bytes JMP 000000007ef207aa .text C:\Program Files (x86)\HD Tune Pro\HDTunePro.exe[5220] C:\Windows\syswow64\kernel32.dll!CreateToolhelp32Snapshot 000000007633733f 5 bytes JMP 000000007ef2025a .text C:\Program Files (x86)\HD Tune Pro\HDTunePro.exe[5220] C:\Windows\syswow64\kernel32.dll!Process32NextW 00000000763388f2 5 bytes JMP 000000007ef206de .text C:\Program Files (x86)\HD Tune Pro\HDTunePro.exe[5220] C:\Windows\syswow64\kernel32.dll!MoveFileExA 000000007633ccf1 5 bytes JMP 000000007ef20788 .text C:\Program Files (x86)\HD Tune Pro\HDTunePro.exe[5220] C:\Windows\syswow64\kernel32.dll!MoveFileWithProgressA 000000007633cd11 5 bytes JMP 000000007ef207cc .text C:\Program Files (x86)\HD Tune Pro\HDTunePro.exe[5220] C:\Windows\syswow64\kernel32.dll!WinExec 0000000076393231 5 bytes JMP 000000007ef2029e .text C:\Program Files (x86)\HD Tune Pro\HDTunePro.exe[5220] C:\Windows\syswow64\kernel32.dll!ReadConsoleInputA 00000000763b773b 5 bytes JMP 000000007ef20568 .text C:\Program Files (x86)\HD Tune Pro\HDTunePro.exe[5220] C:\Windows\syswow64\kernel32.dll!ReadConsoleInputW 00000000763b775e 5 bytes JMP 000000007ef2058a .text C:\Program Files (x86)\HD Tune Pro\HDTunePro.exe[5220] C:\Windows\syswow64\kernel32.dll!ReadConsoleA 00000000763b7b09 5 bytes JMP 000000007ef205ac .text C:\Program Files (x86)\HD Tune Pro\HDTunePro.exe[5220] C:\Windows\syswow64\kernel32.dll!ReadConsoleW 00000000763b7b82 5 bytes JMP 000000007ef205ce .text C:\Program Files (x86)\HD Tune Pro\HDTunePro.exe[5220] C:\Windows\syswow64\KERNELBASE.dll!GetSystemTimeAsFileTime 0000000077078fa5 5 bytes JMP 000000007ef200a0 .text C:\Program Files (x86)\HD Tune Pro\HDTunePro.exe[5220] C:\Windows\syswow64\KERNELBASE.dll!CloseHandle 000000007707c558 5 bytes JMP 000000007ef20546 .text C:\Program Files (x86)\HD Tune Pro\HDTunePro.exe[5220] C:\Windows\syswow64\KERNELBASE.dll!WriteProcessMemory 000000007707edc6 5 bytes JMP 000000007ef204e0 .text C:\Program Files (x86)\HD Tune Pro\HDTunePro.exe[5220] C:\Windows\syswow64\KERNELBASE.dll!ExitProcess 000000007707f329 5 bytes JMP 000000007ef201d2 .text C:\Program Files (x86)\HD Tune Pro\HDTunePro.exe[5220] C:\Windows\syswow64\KERNELBASE.dll!GetStartupInfoW 000000007707fbac 5 bytes JMP 000000007ef20106 .text C:\Program Files (x86)\HD Tune Pro\HDTunePro.exe[5220] C:\Windows\syswow64\KERNELBASE.dll!DefineDosDeviceW 000000007707fcda 5 bytes JMP 000000007ef20766 .text C:\Program Files (x86)\HD Tune Pro\HDTunePro.exe[5220] C:\Windows\syswow64\KERNELBASE.dll!CreateMutexW 000000007708147b 5 bytes JMP 000000007ef20524 .text C:\Program Files (x86)\HD Tune Pro\HDTunePro.exe[5220] C:\Windows\syswow64\KERNELBASE.dll!OpenMutexW 00000000770814a2 5 bytes JMP 000000007ef20502 .text C:\Program Files (x86)\HD Tune Pro\HDTunePro.exe[5220] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000077081e4c 5 bytes JMP 000000007ef2007e .text C:\Program Files (x86)\HD Tune Pro\HDTunePro.exe[5220] C:\Windows\syswow64\KERNELBASE.dll!GetProcAddress 0000000077081f38 5 bytes JMP 000000007ef20216 .text C:\Program Files (x86)\HD Tune Pro\HDTunePro.exe[5220] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000077082bdc 5 bytes JMP 000000007ef2069a .text C:\Program Files (x86)\HD Tune Pro\HDTunePro.exe[5220] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExA 0000000077082e40 5 bytes JMP 000000007ef20678 .text C:\Program Files (x86)\HD Tune Pro\HDTunePro.exe[5220] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000077082e7e 5 bytes JMP 000000007ef206bc .text C:\Program Files (x86)\HD Tune Pro\HDTunePro.exe[5220] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleA 0000000077082fe1 5 bytes JMP 000000007ef2005c .text C:\Program Files (x86)\HD Tune Pro\HDTunePro.exe[5220] C:\Windows\syswow64\KERNELBASE.dll!OpenThread 000000007708396a 5 bytes JMP 000000007ef2049c .text C:\Program Files (x86)\HD Tune Pro\HDTunePro.exe[5220] C:\Windows\syswow64\KERNELBASE.dll!SleepEx 0000000077083cd7 5 bytes JMP 000000007ef2018e .text C:\Program Files (x86)\HD Tune Pro\HDTunePro.exe[5220] C:\Windows\syswow64\KERNELBASE.dll!CreateRemoteThreadEx 0000000077083fdf 5 bytes JMP 000000007ef208fe .text C:\Program Files (x86)\HD Tune Pro\HDTunePro.exe[5220] C:\Windows\syswow64\KERNELBASE.dll!Sleep 00000000770845fd 5 bytes JMP 000000007ef201f4 .text C:\Program Files (x86)\HD Tune Pro\HDTunePro.exe[5220] C:\Windows\syswow64\KERNELBASE.dll!CreateThread 000000007708476f 5 bytes JMP 000000007ef204be .text C:\Program Files (x86)\HD Tune Pro\HDTunePro.exe[5220] C:\Windows\syswow64\KERNELBASE.dll!CreateRemoteThread 0000000077084798 5 bytes JMP 000000007ef202e2 .text C:\Program Files (x86)\HD Tune Pro\HDTunePro.exe[5220] C:\Windows\syswow64\KERNELBASE.dll!DeleteFileW 0000000077089dcf 5 bytes JMP 000000007ef20832 .text C:\Program Files (x86)\HD Tune Pro\HDTunePro.exe[5220] C:\Windows\syswow64\KERNELBASE.dll!DeleteFileA 000000007708a11c 5 bytes JMP 000000007ef20854 .text C:\Program Files (x86)\HD Tune Pro\HDTunePro.exe[5220] C:\Windows\syswow64\KERNELBASE.dll!FindNextFileW 000000007708a37a 5 bytes JMP 000000007ef20942 .text C:\Program Files (x86)\HD Tune Pro\HDTunePro.exe[5220] C:\Windows\syswow64\KERNELBASE.dll!FindClose 000000007708a589 5 bytes JMP 000000007ef20964 .text C:\Program Files (x86)\HD Tune Pro\HDTunePro.exe[5220] C:\Windows\syswow64\KERNELBASE.dll!FindFirstFileExW 000000007708a663 5 bytes JMP 000000007ef20920 .text C:\Program Files (x86)\HD Tune Pro\HDTunePro.exe[5220] C:\Windows\syswow64\KERNELBASE.dll!CreateFileA 000000007708c8a8 5 bytes JMP 000000007ef2027c .text C:\Program Files (x86)\HD Tune Pro\HDTunePro.exe[5220] C:\Windows\syswow64\KERNELBASE.dll!CreateWellKnownSid 000000007708e414 5 bytes JMP 000000007ef20986 .text C:\Program Files (x86)\HD Tune Pro\HDTunePro.exe[5220] C:\Windows\syswow64\msvcrt.dll!_lock + 41 000000007652a472 5 bytes JMP 000000007ef20a52 .text C:\Program Files (x86)\HD Tune Pro\HDTunePro.exe[5220] C:\Windows\syswow64\msvcrt.dll!__p__fmode 00000000765327ce 5 bytes JMP 000000007ef20b1e .text C:\Program Files (x86)\HD Tune Pro\HDTunePro.exe[5220] C:\Windows\syswow64\msvcrt.dll!__p__environ 000000007653e6cf 5 bytes JMP 000000007ef20afc .text C:\Program Files (x86)\HD Tune Pro\HDTunePro.exe[5220] C:\Windows\syswow64\ADVAPI32.dll!CryptGenKey 0000000076c28e69 5 bytes JMP 000000007ef20cfa .text C:\Program Files (x86)\HD Tune Pro\HDTunePro.exe[5220] C:\Windows\syswow64\ADVAPI32.dll!CryptAcquireContextA 0000000076c29159 5 bytes JMP 000000007ef20cb6 .text C:\Program Files (x86)\HD Tune Pro\HDTunePro.exe[5220] C:\Windows\syswow64\ADVAPI32.dll!CryptExportKey 0000000076c29166 5 bytes JMP 000000007ef20d60 .text C:\Program Files (x86)\HD Tune Pro\HDTunePro.exe[5220] C:\Windows\syswow64\ADVAPI32.dll!CryptImportKey 0000000076c2c4b2 5 bytes JMP 000000007ef20dc6 .text C:\Program Files (x86)\HD Tune Pro\HDTunePro.exe[5220] C:\Windows\syswow64\ADVAPI32.dll!OpenServiceW 0000000076c2c9cc 5 bytes JMP 000000007ef20b62 .text C:\Program Files (x86)\HD Tune Pro\HDTunePro.exe[5220] C:\Windows\syswow64\ADVAPI32.dll!CryptAcquireContextW 0000000076c2de94 5 bytes JMP 000000007ef20cd8 .text C:\Program Files (x86)\HD Tune Pro\HDTunePro.exe[5220] C:\Windows\syswow64\ADVAPI32.dll!CryptHashData 0000000076c2deb6 5 bytes JMP 000000007ef20da4 .text C:\Program Files (x86)\HD Tune Pro\HDTunePro.exe[5220] C:\Windows\syswow64\ADVAPI32.dll!CryptCreateHash 0000000076c2dece 5 bytes JMP 000000007ef20d3e .text C:\Program Files (x86)\HD Tune Pro\HDTunePro.exe[5220] C:\Windows\syswow64\ADVAPI32.dll!CryptGetHashParam 0000000076c2defe 5 bytes JMP 000000007ef20d82 .text C:\Program Files (x86)\HD Tune Pro\HDTunePro.exe[5220] C:\Windows\syswow64\ADVAPI32.dll!OpenServiceA 0000000076c32b38 5 bytes JMP 000000007ef20b40 .text C:\Program Files (x86)\HD Tune Pro\HDTunePro.exe[5220] C:\Windows\syswow64\ADVAPI32.dll!CloseServiceHandle 0000000076c335e4 5 bytes JMP 000000007ef20c50 .text C:\Program Files (x86)\HD Tune Pro\HDTunePro.exe[5220] C:\Windows\syswow64\ADVAPI32.dll!RegOpenKeyExA + 222 0000000076c34939 5 bytes JMP 000000007ef20a74 .text C:\Program Files (x86)\HD Tune Pro\HDTunePro.exe[5220] C:\Windows\syswow64\ADVAPI32.dll!CreateServiceW 0000000076c470a4 5 bytes JMP 000000007ef20c94 .text C:\Program Files (x86)\HD Tune Pro\HDTunePro.exe[5220] C:\Windows\syswow64\ADVAPI32.dll!ControlService 0000000076c470bc 5 bytes JMP 000000007ef20bc8 .text C:\Program Files (x86)\HD Tune Pro\HDTunePro.exe[5220] C:\Windows\syswow64\ADVAPI32.dll!DeleteService 0000000076c470d4 5 bytes JMP 000000007ef20bea .text C:\Program Files (x86)\HD Tune Pro\HDTunePro.exe[5220] C:\Windows\syswow64\ADVAPI32.dll!CryptEncrypt 0000000076c4771b 5 bytes JMP 000000007ef20d1c .text C:\Program Files (x86)\HD Tune Pro\HDTunePro.exe[5220] C:\Windows\syswow64\ADVAPI32.dll!ChangeServiceConfigA 0000000076c633a4 5 bytes JMP 000000007ef20c0c .text C:\Program Files (x86)\HD Tune Pro\HDTunePro.exe[5220] C:\Windows\syswow64\ADVAPI32.dll!ChangeServiceConfigW 0000000076c633b4 5 bytes JMP 000000007ef20c2e .text C:\Program Files (x86)\HD Tune Pro\HDTunePro.exe[5220] C:\Windows\syswow64\ADVAPI32.dll!ControlServiceExA 0000000076c633c4 5 bytes JMP 000000007ef20b84 .text C:\Program Files (x86)\HD Tune Pro\HDTunePro.exe[5220] C:\Windows\syswow64\ADVAPI32.dll!ControlServiceExW 0000000076c633d4 5 bytes JMP 000000007ef20ba6 .text C:\Program Files (x86)\HD Tune Pro\HDTunePro.exe[5220] C:\Windows\syswow64\ADVAPI32.dll!CreateServiceA 0000000076c63414 5 bytes JMP 000000007ef20c72 .text C:\Program Files (x86)\HD Tune Pro\HDTunePro.exe[5220] C:\Windows\syswow64\GDI32.dll!TranslateCharsetInfo + 505 0000000076d1633b 5 bytes JMP 000000007ef20a96 .text C:\Program Files (x86)\HD Tune Pro\HDTunePro.exe[5220] C:\Windows\syswow64\GDI32.dll!SetBrushAttributes 0000000076d385fd 5 bytes JMP 000000007ef211a0 .text C:\Program Files (x86)\HD Tune Pro\HDTunePro.exe[5220] C:\Windows\syswow64\GDI32.dll!ClearBrushAttributes 0000000076d3861c 5 bytes JMP 000000007ef211c2 .text C:\Program Files (x86)\HD Tune Pro\HDTunePro.exe[5220] C:\Windows\syswow64\GDI32.dll!NamedEscape 0000000076d4421d 5 bytes JMP 000000007ef211e4 .text C:\Program Files (x86)\HD Tune Pro\HDTunePro.exe[5220] C:\Windows\syswow64\USER32.dll!GetWindowLongW 0000000076ef6ffe 5 bytes JMP 000000007ef210f6 .text C:\Program Files (x86)\HD Tune Pro\HDTunePro.exe[5220] C:\Windows\syswow64\USER32.dll!GetMessageW 0000000076ef78e2 5 bytes JMP 000000007ef20e70 .text C:\Program Files (x86)\HD Tune Pro\HDTunePro.exe[5220] C:\Windows\syswow64\USER32.dll!GetMessageA 0000000076ef7bd3 5 bytes JMP 000000007ef20e4e .text C:\Program Files (x86)\HD Tune Pro\HDTunePro.exe[5220] C:\Windows\syswow64\USER32.dll!SetWindowLongW 0000000076ef8332 5 bytes JMP 000000007ef2113a .text C:\Program Files (x86)\HD Tune Pro\HDTunePro.exe[5220] C:\Windows\syswow64\USER32.dll!CreateWindowExW 0000000076ef8a29 5 bytes JMP 000000007ef20f1a .text C:\Program Files (x86)\HD Tune Pro\HDTunePro.exe[5220] C:\Windows\syswow64\USER32.dll!FindWindowW 0000000076ef98fd 5 bytes JMP 000000007ef21090 .text C:\Program Files (x86)\HD Tune Pro\HDTunePro.exe[5220] C:\Windows\syswow64\USER32.dll!UserClientDllInitialize 0000000076efb6fa 5 bytes JMP 000000007ef20ab8 .text C:\Program Files (x86)\HD Tune Pro\HDTunePro.exe[5220] C:\Windows\syswow64\USER32.dll!GetWindowLongA 0000000076efd166 5 bytes JMP 000000007ef210d4 .text C:\Program Files (x86)\HD Tune Pro\HDTunePro.exe[5220] C:\Windows\syswow64\USER32.dll!CreateWindowExA 0000000076efd23e 5 bytes JMP 000000007ef20f3c .text C:\Program Files (x86)\HD Tune Pro\HDTunePro.exe[5220] C:\Windows\syswow64\USER32.dll!SetWinEventHook 0000000076efee21 5 bytes JMP 000000007ef20e2c .text C:\Program Files (x86)\HD Tune Pro\HDTunePro.exe[5220] C:\Windows\syswow64\USER32.dll!FindWindowA 0000000076effffe 5 bytes JMP 000000007ef2104c .text C:\Program Files (x86)\HD Tune Pro\HDTunePro.exe[5220] C:\Windows\syswow64\USER32.dll!FindWindowExA 0000000076f000f1 5 bytes JMP 000000007ef2106e .text C:\Program Files (x86)\HD Tune Pro\HDTunePro.exe[5220] C:\Windows\syswow64\USER32.dll!PeekMessageW 0000000076f005d2 5 bytes JMP 000000007ef20eb4 .text C:\Program Files (x86)\HD Tune Pro\HDTunePro.exe[5220] C:\Windows\syswow64\USER32.dll!ShowWindow 0000000076f00e13 5 bytes JMP 000000007ef20f5e .text C:\Program Files (x86)\HD Tune Pro\HDTunePro.exe[5220] C:\Windows\syswow64\USER32.dll!SetWindowTextW 0000000076f01f14 5 bytes JMP 000000007ef2102a .text C:\Program Files (x86)\HD Tune Pro\HDTunePro.exe[5220] C:\Windows\syswow64\USER32.dll!UnhookWindowsHookEx 0000000076f0392d 5 bytes JMP 000000007ef20ef8 .text C:\Program Files (x86)\HD Tune Pro\HDTunePro.exe[5220] C:\Windows\syswow64\USER32.dll!FindWindowExW 0000000076f0398a 5 bytes JMP 000000007ef210b2 .text C:\Program Files (x86)\HD Tune Pro\HDTunePro.exe[5220] C:\Windows\syswow64\USER32.dll!PeekMessageA 0000000076f07044 5 bytes JMP 000000007ef20e92 .text C:\Program Files (x86)\HD Tune Pro\HDTunePro.exe[5220] C:\Windows\syswow64\USER32.dll!SetWindowLongA 0000000076f071e0 5 bytes JMP 000000007ef21118 .text C:\Program Files (x86)\HD Tune Pro\HDTunePro.exe[5220] C:\Windows\syswow64\USER32.dll!CallNextHookEx 0000000076f07355 5 bytes JMP 000000007ef20ed6 .text C:\Program Files (x86)\HD Tune Pro\HDTunePro.exe[5220] C:\Windows\syswow64\USER32.dll!SetWindowsHookExW 0000000076f081f5 5 bytes JMP 000000007ef20e0a .text C:\Program Files (x86)\HD Tune Pro\HDTunePro.exe[5220] C:\Windows\syswow64\USER32.dll!SendNotifyMessageW 0000000076f0825a 5 bytes JMP 000000007ef2117e .text C:\Program Files (x86)\HD Tune Pro\HDTunePro.exe[5220] C:\Windows\syswow64\USER32.dll!SetWindowTextA 0000000076f086de 5 bytes JMP 000000007ef21008 .text C:\Program Files (x86)\HD Tune Pro\HDTunePro.exe[5220] C:\Windows\syswow64\USER32.dll!SetWindowsHookExA 0000000076f08f4c 5 bytes JMP 000000007ef20de8 .text C:\Program Files (x86)\HD Tune Pro\HDTunePro.exe[5220] C:\Windows\syswow64\USER32.dll!DialogBoxIndirectParamAorW 0000000076f1d954 5 bytes JMP 000000007ef20fa2 .text C:\Program Files (x86)\HD Tune Pro\HDTunePro.exe[5220] C:\Windows\syswow64\USER32.dll!CreateDialogIndirectParamAorW 0000000076f21080 5 bytes JMP 000000007ef20f80 .text C:\Program Files (x86)\HD Tune Pro\HDTunePro.exe[5220] C:\Windows\syswow64\USER32.dll!MessageBoxExA 0000000076f4fd66 5 bytes JMP 000000007ef20fc4 .text C:\Program Files (x86)\HD Tune Pro\HDTunePro.exe[5220] C:\Windows\syswow64\USER32.dll!MessageBoxExW 0000000076f4fd8a 5 bytes JMP 000000007ef20fe6 .text C:\Program Files (x86)\HD Tune Pro\HDTunePro.exe[5220] C:\Windows\syswow64\USER32.dll!SendNotifyMessageA 0000000076f56df5 5 bytes JMP 000000007ef2115c .text C:\Program Files (x86)\HD Tune Pro\HDTunePro.exe[5220] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000074e61401 2 bytes JMP 7633b233 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\HD Tune Pro\HDTunePro.exe[5220] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000074e61419 2 bytes JMP 7633b35e C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\HD Tune Pro\HDTunePro.exe[5220] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000074e61431 2 bytes JMP 763b9149 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\HD Tune Pro\HDTunePro.exe[5220] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000074e6144a 2 bytes CALL 76314885 C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files (x86)\HD Tune Pro\HDTunePro.exe[5220] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000074e614dd 2 bytes JMP 763b8a42 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\HD Tune Pro\HDTunePro.exe[5220] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000074e614f5 2 bytes JMP 763b8c18 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\HD Tune Pro\HDTunePro.exe[5220] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000074e6150d 2 bytes JMP 763b8938 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\HD Tune Pro\HDTunePro.exe[5220] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000074e61525 2 bytes JMP 763b8d02 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\HD Tune Pro\HDTunePro.exe[5220] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000074e6153d 2 bytes JMP 7632fcc0 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\HD Tune Pro\HDTunePro.exe[5220] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000074e61555 2 bytes JMP 76336907 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\HD Tune Pro\HDTunePro.exe[5220] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000074e6156d 2 bytes JMP 763b9201 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\HD Tune Pro\HDTunePro.exe[5220] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000074e61585 2 bytes JMP 763b8d62 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\HD Tune Pro\HDTunePro.exe[5220] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000074e6159d 2 bytes JMP 763b88fc C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\HD Tune Pro\HDTunePro.exe[5220] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000074e615b5 2 bytes JMP 7632fd59 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\HD Tune Pro\HDTunePro.exe[5220] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000074e615cd 2 bytes JMP 7633b2f4 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\HD Tune Pro\HDTunePro.exe[5220] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000074e616b2 2 bytes JMP 763b90c4 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\HD Tune Pro\HDTunePro.exe[5220] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000074e616bd 2 bytes JMP 763b8891 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\HD Tune Pro\HDTunePro.exe[5220] C:\Windows\syswow64\SHELL32.dll!Shell_NotifyIconW 0000000075370179 5 bytes JMP 000000007ef21206 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[4532] C:\Windows\SysWOW64\ntdll.dll!NtClose 00000000774df9f0 5 bytes JMP 000000007ef20700 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[4532] C:\Windows\SysWOW64\ntdll.dll!NtAllocateVirtualMemory 00000000774dfad0 5 bytes JMP 000000007ef208ba .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[4532] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationProcess 00000000774dfb38 1 byte JMP 000000007ef20656 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[4532] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationProcess + 2 00000000774dfb3a 3 bytes {JMP 0x7a40b1e} .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[4532] C:\Windows\SysWOW64\ntdll.dll!NtQueryInformationToken 00000000774dfbb8 5 bytes JMP 000000007ef209ca .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[4532] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess 00000000774dfc30 5 bytes JMP 000000007ef203f2 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[4532] C:\Windows\SysWOW64\ntdll.dll!NtMapViewOfSection 00000000774dfc60 5 bytes JMP 000000007ef20018 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[4532] C:\Windows\SysWOW64\ntdll.dll!NtUnmapViewOfSection 00000000774dfc90 5 bytes JMP 000000007ef2003a .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[4532] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 00000000774dfcc0 5 bytes JMP 000000007ef20634 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[4532] C:\Windows\SysWOW64\ntdll.dll!NtOpenSection 00000000774dfdd8 5 bytes JMP 000000007ef20a0e .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[4532] C:\Windows\SysWOW64\ntdll.dll!NtWriteVirtualMemory 00000000774dfe24 5 bytes JMP 000000007ef203ae .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[4532] C:\Windows\SysWOW64\ntdll.dll!NtDuplicateObject 00000000774dfe54 5 bytes JMP 000000007ef20436 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[4532] C:\Windows\SysWOW64\ntdll.dll!NtOpenEvent 00000000774dfeb8 5 bytes JMP 000000007ef20876 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[4532] C:\Windows\SysWOW64\ntdll.dll!NtAdjustPrivilegesToken 00000000774dfed0 5 bytes JMP 000000007ef20810 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[4532] C:\Windows\SysWOW64\ntdll.dll!NtQueueApcThread 00000000774dff34 5 bytes JMP 000000007ef20414 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[4532] C:\Windows\SysWOW64\ntdll.dll!NtCreateProcessEx 00000000774dfffc 5 bytes JMP 000000007ef2036a .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[4532] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread 00000000774e0014 5 bytes JMP 000000007ef20326 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[4532] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory 00000000774e0048 5 bytes JMP 000000007ef208dc .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[4532] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile 00000000774e00c4 2 bytes JMP 000000007ef20128 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[4532] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile + 3 00000000774e00c7 2 bytes [A4, 07] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[4532] C:\Windows\SysWOW64\ntdll.dll!NtSetValueKey 00000000774e01d4 5 bytes JMP 000000007ef201b0 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[4532] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant 00000000774e07ac 2 bytes JMP 000000007ef20898 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[4532] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant + 3 00000000774e07af 2 bytes [A4, 07] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[4532] C:\Windows\SysWOW64\ntdll.dll!NtCreateProcess 00000000774e0824 5 bytes JMP 000000007ef20348 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[4532] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx 00000000774e08b4 5 bytes JMP 000000007ef20304 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[4532] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver 00000000774e0e04 5 bytes JMP 000000007ef20722 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[4532] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessToken 00000000774e10d0 5 bytes JMP 000000007ef209a8 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[4532] C:\Windows\SysWOW64\ntdll.dll!NtRaiseHardError 00000000774e1614 5 bytes JMP 000000007ef205f0 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[4532] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread 00000000774e1930 5 bytes JMP 000000007ef203d0 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[4532] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation 00000000774e1bf4 5 bytes JMP 000000007ef20744 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[4532] C:\Windows\SysWOW64\ntdll.dll!NtSuspendProcess 00000000774e1d64 5 bytes JMP 000000007ef2047a .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[4532] C:\Windows\SysWOW64\ntdll.dll!NtSuspendThread 00000000774e1d80 5 bytes JMP 000000007ef20458 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[4532] C:\Windows\SysWOW64\ntdll.dll!NtSystemDebugControl 00000000774e1d9c 5 bytes JMP 000000007ef20a30 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[4532] C:\Windows\SysWOW64\ntdll.dll!RtlQueryPerformanceCounter 00000000774f2954 5 bytes JMP 000000007ef200c2 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[4532] C:\Windows\SysWOW64\ntdll.dll!RtlEqualSid 00000000774f8ee1 5 bytes JMP 000000007ef209ec .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[4532] C:\Windows\SysWOW64\ntdll.dll!RtlCreateProcessParametersEx 000000007752005b 5 bytes JMP 000000007ef2016c .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[4532] C:\Windows\SysWOW64\ntdll.dll!RtlReportException 0000000077568757 5 bytes JMP 000000007ef20612 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[4532] C:\Windows\SysWOW64\ntdll.dll!RtlCreateProcessParameters 000000007756e9f7 5 bytes JMP 000000007ef2014a .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[4532] C:\Windows\syswow64\kernel32.dll!GetStartupInfoA 0000000076310e00 5 bytes JMP 000000007ef200e4 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[4532] C:\Windows\syswow64\kernel32.dll!CreateProcessA 0000000076311072 5 bytes JMP 000000007ef202c0 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[4532] C:\Windows\syswow64\kernel32.dll!LoadLibraryA 0000000076314977 5 bytes JMP 000000007ef20238 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[4532] C:\Windows\syswow64\kernel32.dll!CreateProcessInternalW 0000000076323bbb 5 bytes JMP 000000007ef2038c .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[4532] C:\Windows\syswow64\kernel32.dll!MoveFileWithProgressW 0000000076329abc 5 bytes JMP 000000007ef207ee .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[4532] C:\Windows\syswow64\kernel32.dll!MoveFileExW 0000000076329b1d 5 bytes JMP 000000007ef207aa .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[4532] C:\Windows\syswow64\kernel32.dll!CreateToolhelp32Snapshot 000000007633733f 5 bytes JMP 000000007ef2025a .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[4532] C:\Windows\syswow64\kernel32.dll!Process32NextW 00000000763388f2 5 bytes JMP 000000007ef206de .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[4532] C:\Windows\syswow64\kernel32.dll!MoveFileExA 000000007633ccf1 5 bytes JMP 000000007ef20788 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[4532] C:\Windows\syswow64\kernel32.dll!MoveFileWithProgressA 000000007633cd11 5 bytes JMP 000000007ef207cc .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[4532] C:\Windows\syswow64\kernel32.dll!WinExec 0000000076393231 5 bytes JMP 000000007ef2029e .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[4532] C:\Windows\syswow64\kernel32.dll!ReadConsoleInputA 00000000763b773b 5 bytes JMP 000000007ef20568 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[4532] C:\Windows\syswow64\kernel32.dll!ReadConsoleInputW 00000000763b775e 5 bytes JMP 000000007ef2058a .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[4532] C:\Windows\syswow64\kernel32.dll!ReadConsoleA 00000000763b7b09 5 bytes JMP 000000007ef205ac .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[4532] C:\Windows\syswow64\kernel32.dll!ReadConsoleW 00000000763b7b82 5 bytes JMP 000000007ef205ce .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[4532] C:\Windows\syswow64\KERNELBASE.dll!GetSystemTimeAsFileTime 0000000077078fa5 5 bytes JMP 000000007ef200a0 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[4532] C:\Windows\syswow64\KERNELBASE.dll!CloseHandle 000000007707c558 5 bytes JMP 000000007ef20546 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[4532] C:\Windows\syswow64\KERNELBASE.dll!WriteProcessMemory 000000007707edc6 5 bytes JMP 000000007ef204e0 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[4532] C:\Windows\syswow64\KERNELBASE.dll!ExitProcess 000000007707f329 5 bytes JMP 000000007ef201d2 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[4532] C:\Windows\syswow64\KERNELBASE.dll!GetStartupInfoW 000000007707fbac 5 bytes JMP 000000007ef20106 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[4532] C:\Windows\syswow64\KERNELBASE.dll!DefineDosDeviceW 000000007707fcda 5 bytes JMP 000000007ef20766 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[4532] C:\Windows\syswow64\KERNELBASE.dll!CreateMutexW 000000007708147b 5 bytes JMP 000000007ef20524 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[4532] C:\Windows\syswow64\KERNELBASE.dll!OpenMutexW 00000000770814a2 5 bytes JMP 000000007ef20502 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[4532] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000077081e4c 5 bytes JMP 000000007ef2007e .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[4532] C:\Windows\syswow64\KERNELBASE.dll!GetProcAddress 0000000077081f38 5 bytes JMP 000000007ef20216 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[4532] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000077082bdc 5 bytes JMP 000000007ef2069a .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[4532] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExA 0000000077082e40 5 bytes JMP 000000007ef20678 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[4532] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000077082e7e 5 bytes JMP 000000007ef206bc .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[4532] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleA 0000000077082fe1 5 bytes JMP 000000007ef2005c .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[4532] C:\Windows\syswow64\KERNELBASE.dll!OpenThread 000000007708396a 5 bytes JMP 000000007ef2049c .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[4532] C:\Windows\syswow64\KERNELBASE.dll!SleepEx 0000000077083cd7 5 bytes JMP 000000007ef2018e .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[4532] C:\Windows\syswow64\KERNELBASE.dll!CreateRemoteThreadEx 0000000077083fdf 5 bytes JMP 000000007ef208fe .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[4532] C:\Windows\syswow64\KERNELBASE.dll!Sleep 00000000770845fd 5 bytes JMP 000000007ef201f4 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[4532] C:\Windows\syswow64\KERNELBASE.dll!CreateThread 000000007708476f 5 bytes JMP 000000007ef204be .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[4532] C:\Windows\syswow64\KERNELBASE.dll!CreateRemoteThread 0000000077084798 5 bytes JMP 000000007ef202e2 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[4532] C:\Windows\syswow64\KERNELBASE.dll!DeleteFileW 0000000077089dcf 5 bytes JMP 000000007ef20832 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[4532] C:\Windows\syswow64\KERNELBASE.dll!DeleteFileA 000000007708a11c 5 bytes JMP 000000007ef20854 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[4532] C:\Windows\syswow64\KERNELBASE.dll!FindNextFileW 000000007708a37a 5 bytes JMP 000000007ef20942 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[4532] C:\Windows\syswow64\KERNELBASE.dll!FindClose 000000007708a589 5 bytes JMP 000000007ef20964 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[4532] C:\Windows\syswow64\KERNELBASE.dll!FindFirstFileExW 000000007708a663 5 bytes JMP 000000007ef20920 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[4532] C:\Windows\syswow64\KERNELBASE.dll!CreateFileA 000000007708c8a8 5 bytes JMP 000000007ef2027c .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[4532] C:\Windows\syswow64\KERNELBASE.dll!CreateWellKnownSid 000000007708e414 5 bytes JMP 000000007ef20986 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[4532] C:\Windows\syswow64\USER32.dll!GetWindowLongW 0000000076ef6ffe 5 bytes JMP 000000007ef2113a .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[4532] C:\Windows\syswow64\USER32.dll!GetMessageW 0000000076ef78e2 5 bytes JMP 000000007ef20eb4 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[4532] C:\Windows\syswow64\USER32.dll!GetMessageA 0000000076ef7bd3 5 bytes JMP 000000007ef20e92 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[4532] C:\Windows\syswow64\USER32.dll!SetWindowLongW 0000000076ef8332 5 bytes JMP 000000007ef2117e .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[4532] C:\Windows\syswow64\USER32.dll!CreateWindowExW 0000000076ef8a29 5 bytes JMP 000000007ef20f5e .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[4532] C:\Windows\syswow64\USER32.dll!FindWindowW 0000000076ef98fd 5 bytes JMP 000000007ef210d4 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[4532] C:\Windows\syswow64\USER32.dll!UserClientDllInitialize 0000000076efb6fa 5 bytes JMP 000000007ef20a52 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[4532] C:\Windows\syswow64\USER32.dll!GetWindowLongA 0000000076efd166 5 bytes JMP 000000007ef21118 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[4532] C:\Windows\syswow64\USER32.dll!CreateWindowExA 0000000076efd23e 5 bytes JMP 000000007ef20f80 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[4532] C:\Windows\syswow64\USER32.dll!SetWinEventHook 0000000076efee21 5 bytes JMP 000000007ef20e70 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[4532] C:\Windows\syswow64\USER32.dll!FindWindowA 0000000076effffe 5 bytes JMP 000000007ef21090 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[4532] C:\Windows\syswow64\USER32.dll!FindWindowExA 0000000076f000f1 5 bytes JMP 000000007ef210b2 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[4532] C:\Windows\syswow64\USER32.dll!PeekMessageW 0000000076f005d2 5 bytes JMP 000000007ef20ef8 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[4532] C:\Windows\syswow64\USER32.dll!ShowWindow 0000000076f00e13 5 bytes JMP 000000007ef20fa2 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[4532] C:\Windows\syswow64\USER32.dll!SetWindowTextW 0000000076f01f14 5 bytes JMP 000000007ef2106e .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[4532] C:\Windows\syswow64\USER32.dll!UnhookWindowsHookEx 0000000076f0392d 5 bytes JMP 000000007ef20f3c .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[4532] C:\Windows\syswow64\USER32.dll!FindWindowExW 0000000076f0398a 5 bytes JMP 000000007ef210f6 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[4532] C:\Windows\syswow64\USER32.dll!PeekMessageA 0000000076f07044 5 bytes JMP 000000007ef20ed6 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[4532] C:\Windows\syswow64\USER32.dll!SetWindowLongA 0000000076f071e0 5 bytes JMP 000000007ef2115c .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[4532] C:\Windows\syswow64\USER32.dll!CallNextHookEx 0000000076f07355 5 bytes JMP 000000007ef20f1a .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[4532] C:\Windows\syswow64\USER32.dll!SetWindowsHookExW 0000000076f081f5 5 bytes JMP 000000007ef20e4e .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[4532] C:\Windows\syswow64\USER32.dll!SendNotifyMessageW 0000000076f0825a 5 bytes JMP 000000007ef211c2 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[4532] C:\Windows\syswow64\USER32.dll!SetWindowTextA 0000000076f086de 5 bytes JMP 000000007ef2104c .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[4532] C:\Windows\syswow64\USER32.dll!SetWindowsHookExA 0000000076f08f4c 5 bytes JMP 000000007ef20e2c .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[4532] C:\Windows\syswow64\USER32.dll!DialogBoxIndirectParamAorW 0000000076f1d954 5 bytes JMP 000000007ef20fe6 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[4532] C:\Windows\syswow64\USER32.dll!CreateDialogIndirectParamAorW 0000000076f21080 5 bytes JMP 000000007ef20fc4 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[4532] C:\Windows\syswow64\USER32.dll!MessageBoxExA 0000000076f4fd66 5 bytes JMP 000000007ef21008 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[4532] C:\Windows\syswow64\USER32.dll!MessageBoxExW 0000000076f4fd8a 5 bytes JMP 000000007ef2102a .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[4532] C:\Windows\syswow64\USER32.dll!SendNotifyMessageA 0000000076f56df5 5 bytes JMP 000000007ef211a0 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[4532] C:\Windows\syswow64\GDI32.dll!TranslateCharsetInfo + 505 0000000076d1633b 5 bytes JMP 000000007ef20a74 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[4532] C:\Windows\syswow64\GDI32.dll!SetBrushAttributes 0000000076d385fd 5 bytes JMP 000000007ef20b1e .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[4532] C:\Windows\syswow64\GDI32.dll!ClearBrushAttributes 0000000076d3861c 5 bytes JMP 000000007ef20b40 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[4532] C:\Windows\syswow64\GDI32.dll!NamedEscape 0000000076d4421d 5 bytes JMP 000000007ef20b62 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[4532] C:\Windows\syswow64\msvcrt.dll!_lock + 41 000000007652a472 5 bytes JMP 000000007ef20a96 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[4532] C:\Windows\syswow64\msvcrt.dll!__p__fmode 00000000765327ce 5 bytes JMP 000000007ef20afc .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[4532] C:\Windows\syswow64\msvcrt.dll!__p__environ 000000007653e6cf 5 bytes JMP 000000007ef20ada .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[4532] C:\Windows\syswow64\ADVAPI32.dll!CryptGenKey 0000000076c28e69 5 bytes JMP 000000007ef20d3e .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[4532] C:\Windows\syswow64\ADVAPI32.dll!CryptAcquireContextA 0000000076c29159 5 bytes JMP 000000007ef20cfa .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[4532] C:\Windows\syswow64\ADVAPI32.dll!CryptExportKey 0000000076c29166 5 bytes JMP 000000007ef20da4 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[4532] C:\Windows\syswow64\ADVAPI32.dll!CryptImportKey 0000000076c2c4b2 5 bytes JMP 000000007ef20e0a .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[4532] C:\Windows\syswow64\ADVAPI32.dll!OpenServiceW 0000000076c2c9cc 5 bytes JMP 000000007ef20ba6 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[4532] C:\Windows\syswow64\ADVAPI32.dll!CryptAcquireContextW 0000000076c2de94 5 bytes JMP 000000007ef20d1c .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[4532] C:\Windows\syswow64\ADVAPI32.dll!CryptHashData 0000000076c2deb6 5 bytes JMP 000000007ef20de8 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[4532] C:\Windows\syswow64\ADVAPI32.dll!CryptCreateHash 0000000076c2dece 5 bytes JMP 000000007ef20d82 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[4532] C:\Windows\syswow64\ADVAPI32.dll!CryptGetHashParam 0000000076c2defe 5 bytes JMP 000000007ef20dc6 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[4532] C:\Windows\syswow64\ADVAPI32.dll!OpenServiceA 0000000076c32b38 5 bytes JMP 000000007ef20b84 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[4532] C:\Windows\syswow64\ADVAPI32.dll!CloseServiceHandle 0000000076c335e4 5 bytes JMP 000000007ef20c94 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[4532] C:\Windows\syswow64\ADVAPI32.dll!RegOpenKeyExA + 222 0000000076c34939 5 bytes JMP 000000007ef20ab8 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[4532] C:\Windows\syswow64\ADVAPI32.dll!CreateServiceW 0000000076c470a4 5 bytes JMP 000000007ef20cd8 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[4532] C:\Windows\syswow64\ADVAPI32.dll!ControlService 0000000076c470bc 5 bytes JMP 000000007ef20c0c .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[4532] C:\Windows\syswow64\ADVAPI32.dll!DeleteService 0000000076c470d4 5 bytes JMP 000000007ef20c2e .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[4532] C:\Windows\syswow64\ADVAPI32.dll!CryptEncrypt 0000000076c4771b 5 bytes JMP 000000007ef20d60 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[4532] C:\Windows\syswow64\ADVAPI32.dll!ChangeServiceConfigA 0000000076c633a4 5 bytes JMP 000000007ef20c50 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[4532] C:\Windows\syswow64\ADVAPI32.dll!ChangeServiceConfigW 0000000076c633b4 5 bytes JMP 000000007ef20c72 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[4532] C:\Windows\syswow64\ADVAPI32.dll!ControlServiceExA 0000000076c633c4 1 byte JMP 000000007ef20bc8 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[4532] C:\Windows\syswow64\ADVAPI32.dll!ControlServiceExA + 2 0000000076c633c6 3 bytes {CALL RDI} .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[4532] C:\Windows\syswow64\ADVAPI32.dll!ControlServiceExW 0000000076c633d4 5 bytes JMP 000000007ef20bea .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[4532] C:\Windows\syswow64\ADVAPI32.dll!CreateServiceA 0000000076c63414 5 bytes JMP 000000007ef20cb6 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[4532] C:\Windows\syswow64\WS2_32.dll!closesocket 0000000076633918 5 bytes JMP 000000007ef212f4 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[4532] C:\Windows\syswow64\WS2_32.dll!WSASocketW 0000000076633cd3 5 bytes JMP 000000007ef212d2 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[4532] C:\Windows\syswow64\WS2_32.dll!socket 0000000076633eb8 5 bytes JMP 000000007ef21316 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[4532] C:\Windows\syswow64\WS2_32.dll!WSASend 0000000076634406 5 bytes JMP 000000007ef21228 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[4532] C:\Windows\syswow64\WS2_32.dll!GetAddrInfoW 0000000076634889 5 bytes JMP 000000007ef2126c .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[4532] C:\Windows\syswow64\WS2_32.dll!recv 0000000076636826 5 bytes JMP 000000007ef2135a .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[4532] C:\Windows\syswow64\WS2_32.dll!connect 00000000766368f5 5 bytes JMP 000000007ef2124a .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[4532] C:\Windows\syswow64\WS2_32.dll!send 0000000076636c19 5 bytes JMP 000000007ef21206 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[4532] C:\Windows\syswow64\WS2_32.dll!WSARecv 0000000076636da1 5 bytes JMP 000000007ef2137c .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[4532] C:\Windows\syswow64\WS2_32.dll!GetAddrInfoExW 000000007663a6db 5 bytes JMP 000000007ef2128e .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[4532] C:\Windows\syswow64\WS2_32.dll!WSAConnect 000000007663bcd5 5 bytes JMP 000000007ef21338 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[4532] C:\Windows\syswow64\WS2_32.dll!gethostbyname 000000007664771b 5 bytes JMP 000000007ef212b0 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[4408] C:\Windows\SysWOW64\ntdll.dll!NtClose 00000000774df9f0 5 bytes JMP 000000007ef20700 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[4408] C:\Windows\SysWOW64\ntdll.dll!NtAllocateVirtualMemory 00000000774dfad0 5 bytes JMP 000000007ef208ba .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[4408] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationProcess 00000000774dfb38 1 byte JMP 000000007ef20656 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[4408] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationProcess + 2 00000000774dfb3a 3 bytes {JMP 0x7a40b1e} .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[4408] C:\Windows\SysWOW64\ntdll.dll!NtQueryInformationToken 00000000774dfbb8 5 bytes JMP 000000007ef209ca .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[4408] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess 00000000774dfc30 5 bytes JMP 000000007ef203f2 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[4408] C:\Windows\SysWOW64\ntdll.dll!NtMapViewOfSection 00000000774dfc60 5 bytes JMP 000000007ef20018 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[4408] C:\Windows\SysWOW64\ntdll.dll!NtUnmapViewOfSection 00000000774dfc90 5 bytes JMP 000000007ef2003a .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[4408] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 00000000774dfcc0 5 bytes JMP 000000007ef20634 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[4408] C:\Windows\SysWOW64\ntdll.dll!NtOpenSection 00000000774dfdd8 5 bytes JMP 000000007ef20a0e .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[4408] C:\Windows\SysWOW64\ntdll.dll!NtWriteVirtualMemory 00000000774dfe24 5 bytes JMP 000000007ef203ae .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[4408] C:\Windows\SysWOW64\ntdll.dll!NtDuplicateObject 00000000774dfe54 5 bytes JMP 000000007ef20436 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[4408] C:\Windows\SysWOW64\ntdll.dll!NtOpenEvent 00000000774dfeb8 5 bytes JMP 000000007ef20876 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[4408] C:\Windows\SysWOW64\ntdll.dll!NtAdjustPrivilegesToken 00000000774dfed0 5 bytes JMP 000000007ef20810 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[4408] C:\Windows\SysWOW64\ntdll.dll!NtQueueApcThread 00000000774dff34 5 bytes JMP 000000007ef20414 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[4408] C:\Windows\SysWOW64\ntdll.dll!NtCreateProcessEx 00000000774dfffc 5 bytes JMP 000000007ef2036a .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[4408] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread 00000000774e0014 5 bytes JMP 000000007ef20326 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[4408] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory 00000000774e0048 5 bytes JMP 000000007ef208dc .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[4408] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile 00000000774e00c4 2 bytes JMP 000000007ef20128 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[4408] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile + 3 00000000774e00c7 2 bytes [A4, 07] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[4408] C:\Windows\SysWOW64\ntdll.dll!NtSetValueKey 00000000774e01d4 5 bytes JMP 000000007ef201b0 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[4408] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant 00000000774e07ac 2 bytes JMP 000000007ef20898 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[4408] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant + 3 00000000774e07af 2 bytes [A4, 07] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[4408] C:\Windows\SysWOW64\ntdll.dll!NtCreateProcess 00000000774e0824 5 bytes JMP 000000007ef20348 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[4408] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx 00000000774e08b4 5 bytes JMP 000000007ef20304 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[4408] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver 00000000774e0e04 5 bytes JMP 000000007ef20722 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[4408] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessToken 00000000774e10d0 5 bytes JMP 000000007ef209a8 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[4408] C:\Windows\SysWOW64\ntdll.dll!NtRaiseHardError 00000000774e1614 5 bytes JMP 000000007ef205f0 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[4408] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread 00000000774e1930 5 bytes JMP 000000007ef203d0 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[4408] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation 00000000774e1bf4 5 bytes JMP 000000007ef20744 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[4408] C:\Windows\SysWOW64\ntdll.dll!NtSuspendProcess 00000000774e1d64 5 bytes JMP 000000007ef2047a .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[4408] C:\Windows\SysWOW64\ntdll.dll!NtSuspendThread 00000000774e1d80 5 bytes JMP 000000007ef20458 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[4408] C:\Windows\SysWOW64\ntdll.dll!NtSystemDebugControl 00000000774e1d9c 5 bytes JMP 000000007ef20a30 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[4408] C:\Windows\SysWOW64\ntdll.dll!RtlQueryPerformanceCounter 00000000774f2954 5 bytes JMP 000000007ef200c2 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[4408] C:\Windows\SysWOW64\ntdll.dll!RtlEqualSid 00000000774f8ee1 5 bytes JMP 000000007ef209ec .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[4408] C:\Windows\SysWOW64\ntdll.dll!RtlCreateProcessParametersEx 000000007752005b 5 bytes JMP 000000007ef2016c .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[4408] C:\Windows\SysWOW64\ntdll.dll!RtlReportException 0000000077568757 5 bytes JMP 000000007ef20612 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[4408] C:\Windows\SysWOW64\ntdll.dll!RtlCreateProcessParameters 000000007756e9f7 5 bytes JMP 000000007ef2014a .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[4408] C:\Windows\syswow64\kernel32.dll!GetStartupInfoA 0000000076310e00 5 bytes JMP 000000007ef200e4 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[4408] C:\Windows\syswow64\kernel32.dll!CreateProcessA 0000000076311072 5 bytes JMP 000000007ef202c0 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[4408] C:\Windows\syswow64\kernel32.dll!LoadLibraryA 0000000076314977 5 bytes JMP 000000007ef20238 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[4408] C:\Windows\syswow64\kernel32.dll!CreateProcessInternalW 0000000076323bbb 5 bytes JMP 000000007ef2038c .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[4408] C:\Windows\syswow64\kernel32.dll!MoveFileWithProgressW 0000000076329abc 5 bytes JMP 000000007ef207ee .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[4408] C:\Windows\syswow64\kernel32.dll!MoveFileExW 0000000076329b1d 5 bytes JMP 000000007ef207aa .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[4408] C:\Windows\syswow64\kernel32.dll!CreateToolhelp32Snapshot 000000007633733f 5 bytes JMP 000000007ef2025a .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[4408] C:\Windows\syswow64\kernel32.dll!Process32NextW 00000000763388f2 5 bytes JMP 000000007ef206de .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[4408] C:\Windows\syswow64\kernel32.dll!MoveFileExA 000000007633ccf1 5 bytes JMP 000000007ef20788 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[4408] C:\Windows\syswow64\kernel32.dll!MoveFileWithProgressA 000000007633cd11 5 bytes JMP 000000007ef207cc .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[4408] C:\Windows\syswow64\kernel32.dll!WinExec 0000000076393231 5 bytes JMP 000000007ef2029e .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[4408] C:\Windows\syswow64\kernel32.dll!ReadConsoleInputA 00000000763b773b 5 bytes JMP 000000007ef20568 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[4408] C:\Windows\syswow64\kernel32.dll!ReadConsoleInputW 00000000763b775e 5 bytes JMP 000000007ef2058a .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[4408] C:\Windows\syswow64\kernel32.dll!ReadConsoleA 00000000763b7b09 5 bytes JMP 000000007ef205ac .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[4408] C:\Windows\syswow64\kernel32.dll!ReadConsoleW 00000000763b7b82 5 bytes JMP 000000007ef205ce .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[4408] C:\Windows\syswow64\KERNELBASE.dll!GetSystemTimeAsFileTime 0000000077078fa5 5 bytes JMP 000000007ef200a0 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[4408] C:\Windows\syswow64\KERNELBASE.dll!CloseHandle 000000007707c558 5 bytes JMP 000000007ef20546 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[4408] C:\Windows\syswow64\KERNELBASE.dll!WriteProcessMemory 000000007707edc6 5 bytes JMP 000000007ef204e0 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[4408] C:\Windows\syswow64\KERNELBASE.dll!ExitProcess 000000007707f329 5 bytes JMP 000000007ef201d2 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[4408] C:\Windows\syswow64\KERNELBASE.dll!GetStartupInfoW 000000007707fbac 5 bytes JMP 000000007ef20106 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[4408] C:\Windows\syswow64\KERNELBASE.dll!DefineDosDeviceW 000000007707fcda 5 bytes JMP 000000007ef20766 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[4408] C:\Windows\syswow64\KERNELBASE.dll!CreateMutexW 000000007708147b 5 bytes JMP 000000007ef20524 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[4408] C:\Windows\syswow64\KERNELBASE.dll!OpenMutexW 00000000770814a2 5 bytes JMP 000000007ef20502 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[4408] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000077081e4c 5 bytes JMP 000000007ef2007e .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[4408] C:\Windows\syswow64\KERNELBASE.dll!GetProcAddress 0000000077081f38 5 bytes JMP 000000007ef20216 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[4408] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000077082bdc 5 bytes JMP 000000007ef2069a .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[4408] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExA 0000000077082e40 5 bytes JMP 000000007ef20678 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[4408] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000077082e7e 5 bytes JMP 000000007ef206bc .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[4408] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleA 0000000077082fe1 5 bytes JMP 000000007ef2005c .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[4408] C:\Windows\syswow64\KERNELBASE.dll!OpenThread 000000007708396a 5 bytes JMP 000000007ef2049c .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[4408] C:\Windows\syswow64\KERNELBASE.dll!SleepEx 0000000077083cd7 5 bytes JMP 000000007ef2018e .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[4408] C:\Windows\syswow64\KERNELBASE.dll!CreateRemoteThreadEx 0000000077083fdf 5 bytes JMP 000000007ef208fe .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[4408] C:\Windows\syswow64\KERNELBASE.dll!Sleep 00000000770845fd 5 bytes JMP 000000007ef201f4 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[4408] C:\Windows\syswow64\KERNELBASE.dll!CreateThread 000000007708476f 5 bytes JMP 000000007ef204be .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[4408] C:\Windows\syswow64\KERNELBASE.dll!CreateRemoteThread 0000000077084798 5 bytes JMP 000000007ef202e2 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[4408] C:\Windows\syswow64\KERNELBASE.dll!DeleteFileW 0000000077089dcf 5 bytes JMP 000000007ef20832 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[4408] C:\Windows\syswow64\KERNELBASE.dll!DeleteFileA 000000007708a11c 5 bytes JMP 000000007ef20854 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[4408] C:\Windows\syswow64\KERNELBASE.dll!FindNextFileW 000000007708a37a 5 bytes JMP 000000007ef20942 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[4408] C:\Windows\syswow64\KERNELBASE.dll!FindClose 000000007708a589 5 bytes JMP 000000007ef20964 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[4408] C:\Windows\syswow64\KERNELBASE.dll!FindFirstFileExW 000000007708a663 5 bytes JMP 000000007ef20920 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[4408] C:\Windows\syswow64\KERNELBASE.dll!CreateFileA 000000007708c8a8 5 bytes JMP 000000007ef2027c .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[4408] C:\Windows\syswow64\KERNELBASE.dll!CreateWellKnownSid 000000007708e414 5 bytes JMP 000000007ef20986 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[4408] C:\Windows\syswow64\WS2_32.dll!closesocket 0000000076633918 5 bytes JMP 000000007ef20c72 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[4408] C:\Windows\syswow64\WS2_32.dll!WSASocketW 0000000076633cd3 5 bytes JMP 000000007ef20c50 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[4408] C:\Windows\syswow64\WS2_32.dll!socket 0000000076633eb8 5 bytes JMP 000000007ef20c94 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[4408] C:\Windows\syswow64\WS2_32.dll!WSASend 0000000076634406 5 bytes JMP 000000007ef20ba6 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[4408] C:\Windows\syswow64\WS2_32.dll!GetAddrInfoW 0000000076634889 5 bytes JMP 000000007ef20bea .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[4408] C:\Windows\syswow64\WS2_32.dll!recv 0000000076636826 5 bytes JMP 000000007ef20cd8 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[4408] C:\Windows\syswow64\WS2_32.dll!connect 00000000766368f5 5 bytes JMP 000000007ef20bc8 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[4408] C:\Windows\syswow64\WS2_32.dll!send 0000000076636c19 5 bytes JMP 000000007ef20b84 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[4408] C:\Windows\syswow64\WS2_32.dll!WSARecv 0000000076636da1 5 bytes JMP 000000007ef20cfa .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[4408] C:\Windows\syswow64\WS2_32.dll!GetAddrInfoExW 000000007663a6db 5 bytes JMP 000000007ef20c0c .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[4408] C:\Windows\syswow64\WS2_32.dll!WSAConnect 000000007663bcd5 5 bytes JMP 000000007ef20cb6 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[4408] C:\Windows\syswow64\WS2_32.dll!gethostbyname 000000007664771b 5 bytes JMP 000000007ef20c2e .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[4408] C:\Windows\syswow64\msvcrt.dll!_lock + 41 000000007652a472 5 bytes JMP 000000007ef20a74 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[4408] C:\Windows\syswow64\msvcrt.dll!__p__fmode 00000000765327ce 5 bytes JMP 000000007ef20b62 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[4408] C:\Windows\syswow64\msvcrt.dll!__p__environ 000000007653e6cf 5 bytes JMP 000000007ef20b40 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[4408] C:\Windows\syswow64\ADVAPI32.dll!CryptGenKey 0000000076c28e69 5 bytes JMP 000000007ef20ed6 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[4408] C:\Windows\syswow64\ADVAPI32.dll!CryptAcquireContextA 0000000076c29159 5 bytes JMP 000000007ef20e92 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[4408] C:\Windows\syswow64\ADVAPI32.dll!CryptExportKey 0000000076c29166 5 bytes JMP 000000007ef20f3c .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[4408] C:\Windows\syswow64\ADVAPI32.dll!CryptImportKey 0000000076c2c4b2 5 bytes JMP 000000007ef20fa2 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[4408] C:\Windows\syswow64\ADVAPI32.dll!OpenServiceW 0000000076c2c9cc 5 bytes JMP 000000007ef20d3e .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[4408] C:\Windows\syswow64\ADVAPI32.dll!CryptAcquireContextW 0000000076c2de94 5 bytes JMP 000000007ef20eb4 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[4408] C:\Windows\syswow64\ADVAPI32.dll!CryptHashData 0000000076c2deb6 5 bytes JMP 000000007ef20f80 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[4408] C:\Windows\syswow64\ADVAPI32.dll!CryptCreateHash 0000000076c2dece 5 bytes JMP 000000007ef20f1a .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[4408] C:\Windows\syswow64\ADVAPI32.dll!CryptGetHashParam 0000000076c2defe 5 bytes JMP 000000007ef20f5e .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[4408] C:\Windows\syswow64\ADVAPI32.dll!OpenServiceA 0000000076c32b38 5 bytes JMP 000000007ef20d1c .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[4408] C:\Windows\syswow64\ADVAPI32.dll!CloseServiceHandle 0000000076c335e4 5 bytes JMP 000000007ef20e2c .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[4408] C:\Windows\syswow64\ADVAPI32.dll!RegOpenKeyExA + 222 0000000076c34939 5 bytes JMP 000000007ef20a96 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[4408] C:\Windows\syswow64\ADVAPI32.dll!CreateServiceW 0000000076c470a4 5 bytes JMP 000000007ef20e70 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[4408] C:\Windows\syswow64\ADVAPI32.dll!ControlService 0000000076c470bc 5 bytes JMP 000000007ef20da4 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[4408] C:\Windows\syswow64\ADVAPI32.dll!DeleteService 0000000076c470d4 5 bytes JMP 000000007ef20dc6 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[4408] C:\Windows\syswow64\ADVAPI32.dll!CryptEncrypt 0000000076c4771b 5 bytes JMP 000000007ef20ef8 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[4408] C:\Windows\syswow64\ADVAPI32.dll!ChangeServiceConfigA 0000000076c633a4 5 bytes JMP 000000007ef20de8 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[4408] C:\Windows\syswow64\ADVAPI32.dll!ChangeServiceConfigW 0000000076c633b4 5 bytes JMP 000000007ef20e0a .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[4408] C:\Windows\syswow64\ADVAPI32.dll!ControlServiceExA 0000000076c633c4 5 bytes JMP 000000007ef20d60 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[4408] C:\Windows\syswow64\ADVAPI32.dll!ControlServiceExW 0000000076c633d4 5 bytes JMP 000000007ef20d82 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[4408] C:\Windows\syswow64\ADVAPI32.dll!CreateServiceA 0000000076c63414 5 bytes JMP 000000007ef20e4e .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[4408] C:\Windows\syswow64\USER32.dll!GetWindowLongW 0000000076ef6ffe 5 bytes JMP 000000007ef21338 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[4408] C:\Windows\syswow64\USER32.dll!GetMessageW 0000000076ef78e2 5 bytes JMP 000000007ef210b2 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[4408] C:\Windows\syswow64\USER32.dll!GetMessageA 0000000076ef7bd3 5 bytes JMP 000000007ef21090 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[4408] C:\Windows\syswow64\USER32.dll!SetWindowLongW 0000000076ef8332 5 bytes JMP 000000007ef2137c .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[4408] C:\Windows\syswow64\USER32.dll!CreateWindowExW 0000000076ef8a29 5 bytes JMP 000000007ef2115c .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[4408] C:\Windows\syswow64\USER32.dll!FindWindowW 0000000076ef98fd 5 bytes JMP 000000007ef212d2 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[4408] C:\Windows\syswow64\USER32.dll!UserClientDllInitialize 0000000076efb6fa 5 bytes JMP 000000007ef20ab8 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[4408] C:\Windows\syswow64\USER32.dll!GetWindowLongA 0000000076efd166 5 bytes JMP 000000007ef21316 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[4408] C:\Windows\syswow64\USER32.dll!CreateWindowExA 0000000076efd23e 5 bytes JMP 000000007ef2117e .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[4408] C:\Windows\syswow64\USER32.dll!SetWinEventHook 0000000076efee21 5 bytes JMP 000000007ef2106e .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[4408] C:\Windows\syswow64\USER32.dll!FindWindowA 0000000076effffe 5 bytes JMP 000000007ef2128e .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[4408] C:\Windows\syswow64\USER32.dll!FindWindowExA 0000000076f000f1 5 bytes JMP 000000007ef212b0 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[4408] C:\Windows\syswow64\USER32.dll!PeekMessageW 0000000076f005d2 5 bytes JMP 000000007ef210f6 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[4408] C:\Windows\syswow64\USER32.dll!ShowWindow 0000000076f00e13 5 bytes JMP 000000007ef211a0 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[4408] C:\Windows\syswow64\USER32.dll!SetWindowTextW 0000000076f01f14 5 bytes JMP 000000007ef2126c .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[4408] C:\Windows\syswow64\USER32.dll!UnhookWindowsHookEx 0000000076f0392d 5 bytes JMP 000000007ef2113a .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[4408] C:\Windows\syswow64\USER32.dll!FindWindowExW 0000000076f0398a 5 bytes JMP 000000007ef212f4 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[4408] C:\Windows\syswow64\USER32.dll!PeekMessageA 0000000076f07044 5 bytes JMP 000000007ef210d4 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[4408] C:\Windows\syswow64\USER32.dll!SetWindowLongA 0000000076f071e0 5 bytes JMP 000000007ef2135a .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[4408] C:\Windows\syswow64\USER32.dll!CallNextHookEx 0000000076f07355 5 bytes JMP 000000007ef21118 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[4408] C:\Windows\syswow64\USER32.dll!SetWindowsHookExW 0000000076f081f5 5 bytes JMP 000000007ef2104c .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[4408] C:\Windows\syswow64\USER32.dll!SendNotifyMessageW 0000000076f0825a 5 bytes JMP 000000007ef213c0 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[4408] C:\Windows\syswow64\USER32.dll!SetWindowTextA 0000000076f086de 5 bytes JMP 000000007ef2124a .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[4408] C:\Windows\syswow64\USER32.dll!SetWindowsHookExA 0000000076f08f4c 5 bytes JMP 000000007ef2102a .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[4408] C:\Windows\syswow64\USER32.dll!DialogBoxIndirectParamAorW 0000000076f1d954 5 bytes JMP 000000007ef211e4 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[4408] C:\Windows\syswow64\USER32.dll!CreateDialogIndirectParamAorW 0000000076f21080 5 bytes JMP 000000007ef211c2 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[4408] C:\Windows\syswow64\USER32.dll!MessageBoxExA 0000000076f4fd66 5 bytes JMP 000000007ef21206 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[4408] C:\Windows\syswow64\USER32.dll!MessageBoxExW 0000000076f4fd8a 5 bytes JMP 000000007ef21228 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[4408] C:\Windows\syswow64\USER32.dll!SendNotifyMessageA 0000000076f56df5 5 bytes JMP 000000007ef2139e .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[4408] C:\Windows\syswow64\GDI32.dll!TranslateCharsetInfo + 505 0000000076d1633b 5 bytes JMP 000000007ef20ada .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[4408] C:\Windows\syswow64\GDI32.dll!SetBrushAttributes 0000000076d385fd 5 bytes JMP 000000007ef20fc4 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[4408] C:\Windows\syswow64\GDI32.dll!ClearBrushAttributes 0000000076d3861c 5 bytes JMP 000000007ef20fe6 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[4408] C:\Windows\syswow64\GDI32.dll!NamedEscape 0000000076d4421d 5 bytes JMP 000000007ef21008 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[4408] C:\Windows\syswow64\SHELL32.dll!Shell_NotifyIconW 0000000075370179 5 bytes JMP 000000007ef21448 .text C:\Windows\System32\svchost.exe[5704] C:\Windows\SYSTEM32\ntdll.dll!RtlEqualSid + 1 00000000773076b1 11 bytes [B8, E6, 21, F2, FF, FF, 07, ...] .text C:\Windows\System32\svchost.exe[5704] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateProcessParametersEx + 1 0000000077315121 7 bytes [B8, 64, 0D, F2, FF, FF, 07] .text C:\Windows\System32\svchost.exe[5704] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateProcessParametersEx + 10 000000007731512a 2 bytes [50, C3] .text C:\Windows\System32\svchost.exe[5704] C:\Windows\SYSTEM32\ntdll.dll!NtClose 000000007732be20 12 bytes [48, B8, 98, 15, F2, FF, FF, ...] .text C:\Windows\System32\svchost.exe[5704] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory 000000007732beb0 12 bytes [48, B8, A0, 1C, F2, FF, FF, ...] .text C:\Windows\System32\svchost.exe[5704] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess 000000007732bef0 12 bytes [48, B8, 14, 12, F2, FF, FF, ...] .text C:\Windows\System32\svchost.exe[5704] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationToken 000000007732bf40 12 bytes [48, B8, 50, 21, F2, FF, FF, ...] .text C:\Windows\System32\svchost.exe[5704] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 000000007732bf90 12 bytes [48, B8, 5C, 06, F2, FF, FF, ...] .text C:\Windows\System32\svchost.exe[5704] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 000000007732bfb0 12 bytes [48, B8, 80, 00, F2, FF, FF, ...] .text C:\Windows\System32\svchost.exe[5704] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection 000000007732bfd0 12 bytes [48, B8, 16, 01, F2, FF, FF, ...] .text C:\Windows\System32\svchost.exe[5704] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000000007732bff0 12 bytes [48, B8, 7E, 11, F2, FF, FF, ...] .text C:\Windows\System32\svchost.exe[5704] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 000000007732c0a0 12 bytes [48, B8, 12, 23, F2, FF, FF, ...] .text C:\Windows\System32\svchost.exe[5704] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000000007732c0d0 12 bytes [48, B8, 30, 05, F2, FF, FF, ...] .text C:\Windows\System32\svchost.exe[5704] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 000000007732c0f0 12 bytes [48, B8, 88, 07, F2, FF, FF, ...] .text C:\Windows\System32\svchost.exe[5704] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 000000007732c130 12 bytes [48, B8, 74, 1B, F2, FF, FF, ...] .text C:\Windows\System32\svchost.exe[5704] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 000000007732c180 12 bytes [48, B8, F2, 06, F2, FF, FF, ...] .text C:\Windows\System32\svchost.exe[5704] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcessEx 000000007732c200 12 bytes [48, B8, 04, 04, F2, FF, FF, ...] .text C:\Windows\System32\svchost.exe[5704] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 000000007732c210 12 bytes [48, B8, D8, 02, F2, FF, FF, ...] .text C:\Windows\System32\svchost.exe[5704] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory 000000007732c230 12 bytes [48, B8, 36, 1D, F2, FF, FF, ...] .text C:\Windows\System32\svchost.exe[5704] C:\Windows\SYSTEM32\ntdll.dll!NtSetValueKey 000000007732c330 12 bytes [48, B8, 3E, 24, F2, FF, FF, ...] .text C:\Windows\System32\svchost.exe[5704] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 000000007732c700 12 bytes [48, B8, 0A, 1C, F2, FF, FF, ...] .text C:\Windows\System32\svchost.exe[5704] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcess 000000007732c750 12 bytes [48, B8, 6E, 03, F2, FF, FF, ...] .text C:\Windows\System32\svchost.exe[5704] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 000000007732c7b0 12 bytes [48, B8, 42, 02, F2, FF, FF, ...] .text C:\Windows\System32\svchost.exe[5704] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 000000007732cb20 12 bytes [48, B8, 2E, 16, F2, FF, FF, ...] .text C:\Windows\System32\svchost.exe[5704] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcessToken 000000007732ccf0 12 bytes [48, B8, BA, 20, F2, FF, FF, ...] .text C:\Windows\System32\svchost.exe[5704] C:\Windows\SYSTEM32\ntdll.dll!NtRaiseHardError 000000007732d060 12 bytes [48, B8, 52, 10, F2, FF, FF, ...] .text C:\Windows\System32\svchost.exe[5704] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 000000007732d260 12 bytes [48, B8, C6, 05, F2, FF, FF, ...] .text C:\Windows\System32\svchost.exe[5704] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 000000007732d420 12 bytes [48, B8, C4, 16, F2, FF, FF, ...] .text C:\Windows\System32\svchost.exe[5704] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 000000007732d500 12 bytes [48, B8, 4A, 09, F2, FF, FF, ...] .text C:\Windows\System32\svchost.exe[5704] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 000000007732d510 12 bytes [48, B8, B4, 08, F2, FF, FF, ...] .text C:\Windows\System32\svchost.exe[5704] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 000000007732d520 12 bytes [48, B8, A8, 23, F2, FF, FF, ...] .text C:\Windows\System32\svchost.exe[5704] C:\Windows\SYSTEM32\ntdll.dll!RtlReportException + 1 000000007739e391 11 bytes [B8, E8, 10, F2, FF, FF, 07, ...] .text C:\Windows\System32\svchost.exe[5704] C:\Windows\system32\kernel32.dll!Process32NextW + 1 00000000770c1b21 11 bytes [B8, 02, 15, F2, FF, FF, 07, ...] .text C:\Windows\System32\svchost.exe[5704] C:\Windows\system32\kernel32.dll!CreateToolhelp32Snapshot 00000000770c1c10 12 bytes [48, B8, 1E, 08, F2, FF, FF, ...] .text C:\Windows\System32\svchost.exe[5704] C:\Windows\system32\kernel32.dll!MoveFileExW + 1 00000000770c2b61 8 bytes [B8, 86, 18, F2, FF, FF, 07, ...] .text C:\Windows\System32\svchost.exe[5704] C:\Windows\system32\kernel32.dll!MoveFileExW + 10 00000000770c2b6a 2 bytes [50, C3] .text C:\Windows\System32\svchost.exe[5704] C:\Windows\system32\kernel32.dll!CreateProcessInternalW 00000000770ddd20 12 bytes [48, B8, 9A, 04, F2, FF, FF, ...] .text C:\Windows\System32\svchost.exe[5704] C:\Windows\system32\kernel32.dll!GetStartupInfoA + 1 00000000770e08c1 11 bytes [B8, 7C, 22, F2, FF, FF, 07, ...] .text C:\Windows\System32\svchost.exe[5704] C:\Windows\system32\kernel32.dll!ReadConsoleInputW + 1 00000000771154f1 11 bytes [B8, 90, 0E, F2, FF, FF, 07, ...] .text C:\Windows\System32\svchost.exe[5704] C:\Windows\system32\kernel32.dll!ReadConsoleInputA + 1 0000000077115511 11 bytes [B8, FA, 0D, F2, FF, FF, 07, ...] .text C:\Windows\System32\svchost.exe[5704] C:\Windows\system32\kernel32.dll!ReadConsoleW 000000007712a830 12 bytes [48, B8, BC, 0F, F2, FF, FF, ...] .text C:\Windows\System32\svchost.exe[5704] C:\Windows\system32\kernel32.dll!ReadConsoleA 000000007712a940 12 bytes [48, B8, 26, 0F, F2, FF, FF, ...] .text C:\Windows\System32\svchost.exe[5704] C:\Windows\system32\kernel32.dll!MoveFileWithProgressW + 1 000000007714f6e1 11 bytes [B8, B2, 19, F2, FF, FF, 07, ...] .text C:\Windows\System32\svchost.exe[5704] C:\Windows\system32\kernel32.dll!MoveFileWithProgressA + 1 000000007714f8e1 11 bytes [B8, 1C, 19, F2, FF, FF, 07, ...] .text C:\Windows\System32\svchost.exe[5704] C:\Windows\system32\kernel32.dll!MoveFileExA + 1 000000007714f911 8 bytes [B8, F0, 17, F2, FF, FF, 07, ...] .text C:\Windows\System32\svchost.exe[5704] C:\Windows\system32\kernel32.dll!MoveFileExA + 10 000000007714f91a 2 bytes [50, C3] .text C:\Windows\System32\svchost.exe[5704] C:\Windows\system32\KERNELBASE.dll!CloseHandle + 1 000007fefd251861 11 bytes [B8, CE, 0C, F2, FF, FF, 07, ...] .text C:\Windows\System32\svchost.exe[5704] C:\Windows\system32\KERNELBASE.dll!GetProcAddress + 1 000007fefd253371 11 bytes [B8, 6C, 14, F2, FF, FF, 07, ...] .text C:\Windows\System32\svchost.exe[5704] C:\Windows\system32\KERNELBASE.dll!FindClose + 1 000007fefd256401 11 bytes [B8, 8E, 1F, F2, FF, FF, 07, ...] .text C:\Windows\System32\svchost.exe[5704] C:\Windows\system32\KERNELBASE.dll!FindFirstFileExW 000007fefd256620 12 bytes [48, B8, 62, 1E, F2, FF, FF, ...] .text C:\Windows\System32\svchost.exe[5704] C:\Windows\system32\KERNELBASE.dll!FindNextFileW + 1 000007fefd257901 11 bytes [B8, F8, 1E, F2, FF, FF, 07, ...] .text C:\Windows\System32\svchost.exe[5704] C:\Windows\system32\KERNELBASE.dll!CreateMutexW 000007fefd258750 9 bytes [48, B8, 38, 0C, F2, FF, FF, ...] .text C:\Windows\System32\svchost.exe[5704] C:\Windows\system32\KERNELBASE.dll!CreateMutexW + 10 000007fefd25875a 2 bytes [50, C3] .text C:\Windows\System32\svchost.exe[5704] C:\Windows\system32\KERNELBASE.dll!CreateWellKnownSid + 1 000007fefd25a5c1 11 bytes [B8, 24, 20, F2, FF, FF, 07, ...] .text C:\Windows\System32\svchost.exe[5704] C:\Windows\system32\KERNELBASE.dll!FreeLibrary + 1 000007fefd25aa61 11 bytes [B8, D6, 13, F2, FF, FF, 07, ...] .text C:\Windows\System32\svchost.exe[5704] C:\Windows\system32\KERNELBASE.dll!CreateRemoteThreadEx 000007fefd25acb0 12 bytes [48, B8, CC, 1D, F2, FF, FF, ...] .text C:\Windows\System32\svchost.exe[5704] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExA + 1 000007fefd25c751 11 bytes [B8, AA, 12, F2, FF, FF, 07, ...] .text C:\Windows\System32\svchost.exe[5704] C:\Windows\system32\KERNELBASE.dll!OpenThread + 1 000007fefd25ef51 11 bytes [B8, E0, 09, F2, FF, FF, 07, ...] .text C:\Windows\System32\svchost.exe[5704] C:\Windows\system32\KERNELBASE.dll!OpenMutexW + 1 000007fefd261c41 11 bytes [B8, A2, 0B, F2, FF, FF, 07, ...] .text C:\Windows\System32\svchost.exe[5704] C:\Windows\system32\KERNELBASE.dll!DeleteFileW + 1 000007fefd263291 11 bytes [B8, 48, 1A, F2, FF, FF, 07, ...] .text C:\Windows\System32\svchost.exe[5704] C:\Windows\system32\KERNELBASE.dll!DeleteFileA + 1 000007fefd2635a1 11 bytes [B8, DE, 1A, F2, FF, FF, 07, ...] .text C:\Windows\System32\svchost.exe[5704] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd269ac0 12 bytes [48, B8, 40, 13, F2, FF, FF, ...] .text C:\Windows\System32\svchost.exe[5704] C:\Windows\system32\KERNELBASE.dll!WriteProcessMemory 000007fefd2838a0 12 bytes [48, B8, 0C, 0B, F2, FF, FF, ...] .text C:\Windows\System32\svchost.exe[5704] C:\Windows\system32\KERNELBASE.dll!DefineDosDeviceW + 1 000007fefd28ff01 11 bytes [B8, 5A, 17, F2, FF, FF, 07, ...] .text C:\Windows\System32\svchost.exe[5704] C:\Windows\system32\KERNELBASE.dll!CreateRemoteThread + 1 000007fefd2922c1 8 bytes [B8, AC, 01, F2, FF, FF, 07, ...] .text C:\Windows\System32\svchost.exe[5704] C:\Windows\system32\KERNELBASE.dll!CreateRemoteThread + 10 000007fefd2922ca 2 bytes [50, C3] .text C:\Windows\System32\svchost.exe[5704] C:\Windows\system32\KERNELBASE.dll!CreateThread + 1 000007fefd292301 11 bytes [B8, 76, 0A, F2, FF, FF, 07, ...] .text C:\Windows\System32\svchost.exe[5704] C:\Windows\system32\ADVAPI32.dll!CryptExportKey + 1 000007fefeb7ac21 11 bytes [B8, 34, 30, F2, FF, FF, 07, ...] .text C:\Windows\System32\svchost.exe[5704] C:\Windows\system32\ADVAPI32.dll!CryptAcquireContextA + 1 000007fefeb7ac7d 11 bytes [B8, 5C, 2D, F2, FF, FF, 07, ...] .text C:\Windows\System32\svchost.exe[5704] C:\Windows\system32\ADVAPI32.dll!CryptImportKey + 1 000007fefeb7e415 11 bytes [B8, E0, 31, F2, FF, FF, 07, ...] .text C:\Windows\System32\svchost.exe[5704] C:\Windows\system32\ADVAPI32.dll!OpenServiceW 000007fefeb7e514 12 bytes [48, B8, AC, 27, F2, FF, FF, ...] .text C:\Windows\System32\svchost.exe[5704] C:\Windows\system32\ADVAPI32.dll!CryptAcquireContextW + 1 000007fefeb801bd 11 bytes [B8, F2, 2D, F2, FF, FF, 07, ...] .text C:\Windows\System32\svchost.exe[5704] C:\Windows\system32\ADVAPI32.dll!CryptCreateHash + 1 000007fefeb80291 11 bytes [B8, 9E, 2F, F2, FF, FF, 07, ...] .text C:\Windows\System32\svchost.exe[5704] C:\Windows\system32\ADVAPI32.dll!CryptGetHashParam + 1 000007fefeb802bd 11 bytes [B8, CA, 30, F2, FF, FF, 07, ...] .text C:\Windows\System32\svchost.exe[5704] C:\Windows\system32\ADVAPI32.dll!CloseServiceHandle 000007fefeb8a830 12 bytes [48, B8, 9A, 2B, F2, FF, FF, ...] .text C:\Windows\System32\svchost.exe[5704] C:\Windows\system32\ADVAPI32.dll!IsTextUnicode + 49 000007fefeb94291 2 bytes [B8, D4] .text C:\Windows\System32\svchost.exe[5704] C:\Windows\system32\ADVAPI32.dll!IsTextUnicode + 52 000007fefeb94294 8 bytes [F2, FF, FF, 07, 00, 00, 50, ...] .text C:\Windows\System32\svchost.exe[5704] C:\Windows\system32\ADVAPI32.dll!CreateServiceW 000007fefeb949b0 12 bytes [48, B8, C6, 2C, F2, FF, FF, ...] .text C:\Windows\System32\svchost.exe[5704] C:\Windows\system32\ADVAPI32.dll!CryptEncrypt + 1 000007fefebaa409 7 bytes [B8, 08, 2F, F2, FF, FF, 07] .text C:\Windows\System32\svchost.exe[5704] C:\Windows\system32\ADVAPI32.dll!CryptEncrypt + 10 000007fefebaa412 2 bytes [50, C3] .text C:\Windows\System32\svchost.exe[5704] C:\Windows\system32\ADVAPI32.dll!CreateServiceA 000007fefebaa490 12 bytes [48, B8, 30, 2C, F2, FF, FF, ...] .text C:\Windows\System32\svchost.exe[5704] C:\Windows\system32\ADVAPI32.dll!ControlServiceExW 000007fefebaa5e8 36 bytes [48, B8, D8, 28, F2, FF, FF, ...] .text C:\Windows\System32\svchost.exe[5704] C:\Windows\system32\ADVAPI32.dll!ChangeServiceConfigA 000007fefebaa66c 12 bytes [48, B8, 6E, 2A, F2, FF, FF, ...] .text C:\Windows\System32\svchost.exe[5704] C:\Windows\system32\GDI32.dll!GdiDllInitialize + 353 000007feff3caf11 11 bytes [B8, 6A, 25, F2, FF, FF, 07, ...] .text C:\Windows\System32\svchost.exe[5704] C:\Windows\system32\GDI32.dll!SetBrushAttributes + 1 000007feff3e49a9 11 bytes [B8, 20, 45, F2, FF, FF, 07, ...] .text C:\Windows\System32\svchost.exe[5704] C:\Windows\system32\GDI32.dll!ClearBrushAttributes + 1 000007feff3e49c9 11 bytes [B8, B6, 45, F2, FF, FF, 07, ...] .text C:\Windows\System32\svchost.exe[5704] C:\Windows\system32\GDI32.dll!NamedEscape + 1 000007feff3f9271 11 bytes [B8, 4C, 46, F2, FF, FF, 07, ...] .text C:\Windows\System32\svchost.exe[5704] C:\Windows\system32\urlmon.dll!URLDownloadToCacheFileW 000007fefec71ce0 12 bytes [48, B8, A4, 48, F2, FF, FF, ...] .text C:\Windows\System32\svchost.exe[5704] C:\Windows\system32\urlmon.dll!URLDownloadToFileW + 1 000007fefec728b1 11 bytes [B8, 0E, 48, F2, FF, FF, 07, ...] .text C:\Program Files (x86)\Intel\Extreme Tuning Utility\XtuService.exe[6436] C:\Windows\SysWOW64\ntdll.dll!NtClose 00000000774df9f0 5 bytes JMP 000000007ef20722 .text C:\Program Files (x86)\Intel\Extreme Tuning Utility\XtuService.exe[6436] C:\Windows\SysWOW64\ntdll.dll!NtAllocateVirtualMemory 00000000774dfad0 5 bytes JMP 000000007ef208dc .text C:\Program Files (x86)\Intel\Extreme Tuning Utility\XtuService.exe[6436] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationProcess 00000000774dfb38 5 bytes JMP 000000007ef20678 .text C:\Program Files (x86)\Intel\Extreme Tuning Utility\XtuService.exe[6436] C:\Windows\SysWOW64\ntdll.dll!NtQueryInformationToken 00000000774dfbb8 5 bytes JMP 000000007ef209ec .text C:\Program Files (x86)\Intel\Extreme Tuning Utility\XtuService.exe[6436] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess 00000000774dfc30 5 bytes JMP 000000007ef20414 .text C:\Program Files (x86)\Intel\Extreme Tuning Utility\XtuService.exe[6436] C:\Windows\SysWOW64\ntdll.dll!NtMapViewOfSection 00000000774dfc60 5 bytes JMP 000000007ef20018 .text C:\Program Files (x86)\Intel\Extreme Tuning Utility\XtuService.exe[6436] C:\Windows\SysWOW64\ntdll.dll!NtUnmapViewOfSection 00000000774dfc90 5 bytes JMP 000000007ef2003a .text C:\Program Files (x86)\Intel\Extreme Tuning Utility\XtuService.exe[6436] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 00000000774dfcc0 5 bytes JMP 000000007ef20656 .text C:\Program Files (x86)\Intel\Extreme Tuning Utility\XtuService.exe[6436] C:\Windows\SysWOW64\ntdll.dll!NtOpenSection 00000000774dfdd8 5 bytes JMP 000000007ef20a30 .text C:\Program Files (x86)\Intel\Extreme Tuning Utility\XtuService.exe[6436] C:\Windows\SysWOW64\ntdll.dll!NtWriteVirtualMemory 00000000774dfe24 5 bytes JMP 000000007ef203d0 .text C:\Program Files (x86)\Intel\Extreme Tuning Utility\XtuService.exe[6436] C:\Windows\SysWOW64\ntdll.dll!NtDuplicateObject 00000000774dfe54 5 bytes JMP 000000007ef20458 .text C:\Program Files (x86)\Intel\Extreme Tuning Utility\XtuService.exe[6436] C:\Windows\SysWOW64\ntdll.dll!NtOpenEvent 00000000774dfeb8 5 bytes JMP 000000007ef20898 .text C:\Program Files (x86)\Intel\Extreme Tuning Utility\XtuService.exe[6436] C:\Windows\SysWOW64\ntdll.dll!NtAdjustPrivilegesToken 00000000774dfed0 5 bytes JMP 000000007ef20832 .text C:\Program Files (x86)\Intel\Extreme Tuning Utility\XtuService.exe[6436] C:\Windows\SysWOW64\ntdll.dll!NtQueueApcThread 00000000774dff34 5 bytes JMP 000000007ef20436 .text C:\Program Files (x86)\Intel\Extreme Tuning Utility\XtuService.exe[6436] C:\Windows\SysWOW64\ntdll.dll!NtCreateProcessEx 00000000774dfffc 5 bytes JMP 000000007ef2038c .text C:\Program Files (x86)\Intel\Extreme Tuning Utility\XtuService.exe[6436] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread 00000000774e0014 5 bytes JMP 000000007ef20348 .text C:\Program Files (x86)\Intel\Extreme Tuning Utility\XtuService.exe[6436] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory 00000000774e0048 5 bytes JMP 000000007ef208fe .text C:\Program Files (x86)\Intel\Extreme Tuning Utility\XtuService.exe[6436] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile 00000000774e00c4 2 bytes JMP 000000007ef2014a .text C:\Program Files (x86)\Intel\Extreme Tuning Utility\XtuService.exe[6436] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile + 3 00000000774e00c7 2 bytes [A4, 07] .text C:\Program Files (x86)\Intel\Extreme Tuning Utility\XtuService.exe[6436] C:\Windows\SysWOW64\ntdll.dll!NtSetValueKey 00000000774e01d4 5 bytes JMP 000000007ef201d2 .text C:\Program Files (x86)\Intel\Extreme Tuning Utility\XtuService.exe[6436] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant 00000000774e07ac 5 bytes JMP 000000007ef208ba .text C:\Program Files (x86)\Intel\Extreme Tuning Utility\XtuService.exe[6436] C:\Windows\SysWOW64\ntdll.dll!NtCreateProcess 00000000774e0824 5 bytes JMP 000000007ef2036a .text C:\Program Files (x86)\Intel\Extreme Tuning Utility\XtuService.exe[6436] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx 00000000774e08b4 5 bytes JMP 000000007ef20326 .text C:\Program Files (x86)\Intel\Extreme Tuning Utility\XtuService.exe[6436] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver 00000000774e0e04 5 bytes JMP 000000007ef20744 .text C:\Program Files (x86)\Intel\Extreme Tuning Utility\XtuService.exe[6436] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessToken 00000000774e10d0 5 bytes JMP 000000007ef209ca .text C:\Program Files (x86)\Intel\Extreme Tuning Utility\XtuService.exe[6436] C:\Windows\SysWOW64\ntdll.dll!NtRaiseHardError 00000000774e1614 5 bytes JMP 000000007ef20612 .text C:\Program Files (x86)\Intel\Extreme Tuning Utility\XtuService.exe[6436] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread 00000000774e1930 5 bytes JMP 000000007ef203f2 .text C:\Program Files (x86)\Intel\Extreme Tuning Utility\XtuService.exe[6436] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation 00000000774e1bf4 5 bytes JMP 000000007ef20766 .text C:\Program Files (x86)\Intel\Extreme Tuning Utility\XtuService.exe[6436] C:\Windows\SysWOW64\ntdll.dll!NtSuspendProcess 00000000774e1d64 5 bytes JMP 000000007ef2049c .text C:\Program Files (x86)\Intel\Extreme Tuning Utility\XtuService.exe[6436] C:\Windows\SysWOW64\ntdll.dll!NtSuspendThread 00000000774e1d80 5 bytes JMP 000000007ef2047a .text C:\Program Files (x86)\Intel\Extreme Tuning Utility\XtuService.exe[6436] C:\Windows\SysWOW64\ntdll.dll!NtSystemDebugControl 00000000774e1d9c 5 bytes JMP 000000007ef20a52 .text C:\Program Files (x86)\Intel\Extreme Tuning Utility\XtuService.exe[6436] C:\Windows\SysWOW64\ntdll.dll!RtlQueryPerformanceCounter 00000000774f2954 5 bytes JMP 000000007ef200e4 .text C:\Program Files (x86)\Intel\Extreme Tuning Utility\XtuService.exe[6436] C:\Windows\SysWOW64\ntdll.dll!RtlEqualSid 00000000774f8ee1 5 bytes JMP 000000007ef20a0e .text C:\Program Files (x86)\Intel\Extreme Tuning Utility\XtuService.exe[6436] C:\Windows\SysWOW64\ntdll.dll!RtlCreateProcessParametersEx 000000007752005b 5 bytes JMP 000000007ef2018e .text C:\Program Files (x86)\Intel\Extreme Tuning Utility\XtuService.exe[6436] C:\Windows\SysWOW64\ntdll.dll!RtlReportException 0000000077568757 5 bytes JMP 000000007ef20634 .text C:\Program Files (x86)\Intel\Extreme Tuning Utility\XtuService.exe[6436] C:\Windows\SysWOW64\ntdll.dll!RtlCreateProcessParameters 000000007756e9f7 5 bytes JMP 000000007ef2016c .text C:\Program Files (x86)\Intel\Extreme Tuning Utility\XtuService.exe[6436] C:\Windows\syswow64\KERNEL32.dll!GetStartupInfoA 0000000076310e00 5 bytes JMP 000000007ef20106 .text C:\Program Files (x86)\Intel\Extreme Tuning Utility\XtuService.exe[6436] C:\Windows\syswow64\KERNEL32.dll!CreateProcessA 0000000076311072 5 bytes JMP 000000007ef202e2 .text C:\Program Files (x86)\Intel\Extreme Tuning Utility\XtuService.exe[6436] C:\Windows\syswow64\KERNEL32.dll!LoadLibraryA 0000000076314977 5 bytes JMP 000000007ef2025a .text C:\Program Files (x86)\Intel\Extreme Tuning Utility\XtuService.exe[6436] C:\Windows\syswow64\KERNEL32.dll!CreateProcessInternalW 0000000076323bbb 5 bytes JMP 000000007ef203ae .text C:\Program Files (x86)\Intel\Extreme Tuning Utility\XtuService.exe[6436] C:\Windows\syswow64\KERNEL32.dll!MoveFileWithProgressW 0000000076329abc 5 bytes JMP 000000007ef20810 .text C:\Program Files (x86)\Intel\Extreme Tuning Utility\XtuService.exe[6436] C:\Windows\syswow64\KERNEL32.dll!MoveFileExW 0000000076329b1d 5 bytes JMP 000000007ef207cc .text C:\Program Files (x86)\Intel\Extreme Tuning Utility\XtuService.exe[6436] C:\Windows\syswow64\KERNEL32.dll!CreateToolhelp32Snapshot 000000007633733f 5 bytes JMP 000000007ef2027c .text C:\Program Files (x86)\Intel\Extreme Tuning Utility\XtuService.exe[6436] C:\Windows\syswow64\KERNEL32.dll!Process32NextW 00000000763388f2 5 bytes JMP 000000007ef20700 .text C:\Program Files (x86)\Intel\Extreme Tuning Utility\XtuService.exe[6436] C:\Windows\syswow64\KERNEL32.dll!MoveFileExA 000000007633ccf1 5 bytes JMP 000000007ef207aa .text C:\Program Files (x86)\Intel\Extreme Tuning Utility\XtuService.exe[6436] C:\Windows\syswow64\KERNEL32.dll!MoveFileWithProgressA 000000007633cd11 5 bytes JMP 000000007ef207ee .text C:\Program Files (x86)\Intel\Extreme Tuning Utility\XtuService.exe[6436] C:\Windows\syswow64\KERNEL32.dll!WinExec 0000000076393231 5 bytes JMP 000000007ef202c0 .text C:\Program Files (x86)\Intel\Extreme Tuning Utility\XtuService.exe[6436] C:\Windows\syswow64\KERNEL32.dll!ReadConsoleInputA 00000000763b773b 5 bytes JMP 000000007ef2058a .text C:\Program Files (x86)\Intel\Extreme Tuning Utility\XtuService.exe[6436] C:\Windows\syswow64\KERNEL32.dll!ReadConsoleInputW 00000000763b775e 5 bytes JMP 000000007ef205ac .text C:\Program Files (x86)\Intel\Extreme Tuning Utility\XtuService.exe[6436] C:\Windows\syswow64\KERNEL32.dll!ReadConsoleA 00000000763b7b09 5 bytes JMP 000000007ef205ce .text C:\Program Files (x86)\Intel\Extreme Tuning Utility\XtuService.exe[6436] C:\Windows\syswow64\KERNEL32.dll!ReadConsoleW 00000000763b7b82 5 bytes JMP 000000007ef205f0 .text C:\Program Files (x86)\Intel\Extreme Tuning Utility\XtuService.exe[6436] C:\Windows\syswow64\KERNELBASE.dll!GetSystemTimeAsFileTime 0000000077078fa5 5 bytes JMP 000000007ef200c2 .text C:\Program Files (x86)\Intel\Extreme Tuning Utility\XtuService.exe[6436] C:\Windows\syswow64\KERNELBASE.dll!CloseHandle 000000007707c558 5 bytes JMP 000000007ef20568 .text C:\Program Files (x86)\Intel\Extreme Tuning Utility\XtuService.exe[6436] C:\Windows\syswow64\KERNELBASE.dll!WriteProcessMemory 000000007707edc6 5 bytes JMP 000000007ef20502 .text C:\Program Files (x86)\Intel\Extreme Tuning Utility\XtuService.exe[6436] C:\Windows\syswow64\KERNELBASE.dll!ExitProcess 000000007707f329 5 bytes JMP 000000007ef201f4 .text C:\Program Files (x86)\Intel\Extreme Tuning Utility\XtuService.exe[6436] C:\Windows\syswow64\KERNELBASE.dll!GetStartupInfoW 000000007707fbac 5 bytes JMP 000000007ef20128 .text C:\Program Files (x86)\Intel\Extreme Tuning Utility\XtuService.exe[6436] C:\Windows\syswow64\KERNELBASE.dll!DefineDosDeviceW 000000007707fcda 5 bytes JMP 000000007ef20788 .text C:\Program Files (x86)\Intel\Extreme Tuning Utility\XtuService.exe[6436] C:\Windows\syswow64\KERNELBASE.dll!CreateMutexW 000000007708147b 5 bytes JMP 000000007ef20546 .text C:\Program Files (x86)\Intel\Extreme Tuning Utility\XtuService.exe[6436] C:\Windows\syswow64\KERNELBASE.dll!OpenMutexW 00000000770814a2 5 bytes JMP 000000007ef20524 .text C:\Program Files (x86)\Intel\Extreme Tuning Utility\XtuService.exe[6436] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000077081e4c 5 bytes JMP 000000007ef200a0 .text C:\Program Files (x86)\Intel\Extreme Tuning Utility\XtuService.exe[6436] C:\Windows\syswow64\KERNELBASE.dll!GetProcAddress 0000000077081f38 5 bytes JMP 000000007ef20238 .text C:\Program Files (x86)\Intel\Extreme Tuning Utility\XtuService.exe[6436] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000077082bdc 5 bytes JMP 000000007ef206bc .text C:\Program Files (x86)\Intel\Extreme Tuning Utility\XtuService.exe[6436] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExA 0000000077082e40 5 bytes JMP 000000007ef2069a .text C:\Program Files (x86)\Intel\Extreme Tuning Utility\XtuService.exe[6436] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000077082e7e 5 bytes JMP 000000007ef206de .text C:\Program Files (x86)\Intel\Extreme Tuning Utility\XtuService.exe[6436] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleA 0000000077082fe1 5 bytes JMP 000000007ef2007e .text C:\Program Files (x86)\Intel\Extreme Tuning Utility\XtuService.exe[6436] C:\Windows\syswow64\KERNELBASE.dll!OpenThread 000000007708396a 5 bytes JMP 000000007ef204be .text C:\Program Files (x86)\Intel\Extreme Tuning Utility\XtuService.exe[6436] C:\Windows\syswow64\KERNELBASE.dll!SleepEx 0000000077083cd7 5 bytes JMP 000000007ef201b0 .text C:\Program Files (x86)\Intel\Extreme Tuning Utility\XtuService.exe[6436] C:\Windows\syswow64\KERNELBASE.dll!CreateRemoteThreadEx 0000000077083fdf 5 bytes JMP 000000007ef20920 .text C:\Program Files (x86)\Intel\Extreme Tuning Utility\XtuService.exe[6436] C:\Windows\syswow64\KERNELBASE.dll!Sleep 00000000770845fd 5 bytes JMP 000000007ef20216 .text C:\Program Files (x86)\Intel\Extreme Tuning Utility\XtuService.exe[6436] C:\Windows\syswow64\KERNELBASE.dll!CreateThread 000000007708476f 5 bytes JMP 000000007ef204e0 .text C:\Program Files (x86)\Intel\Extreme Tuning Utility\XtuService.exe[6436] C:\Windows\syswow64\KERNELBASE.dll!CreateRemoteThread 0000000077084798 5 bytes JMP 000000007ef20304 .text C:\Program Files (x86)\Intel\Extreme Tuning Utility\XtuService.exe[6436] C:\Windows\syswow64\KERNELBASE.dll!DeleteFileW 0000000077089dcf 5 bytes JMP 000000007ef20854 .text C:\Program Files (x86)\Intel\Extreme Tuning Utility\XtuService.exe[6436] C:\Windows\syswow64\KERNELBASE.dll!DeleteFileA 000000007708a11c 5 bytes JMP 000000007ef20876 .text C:\Program Files (x86)\Intel\Extreme Tuning Utility\XtuService.exe[6436] C:\Windows\syswow64\KERNELBASE.dll!FindNextFileW 000000007708a37a 5 bytes JMP 000000007ef20964 .text C:\Program Files (x86)\Intel\Extreme Tuning Utility\XtuService.exe[6436] C:\Windows\syswow64\KERNELBASE.dll!FindClose 000000007708a589 5 bytes JMP 000000007ef20986 .text C:\Program Files (x86)\Intel\Extreme Tuning Utility\XtuService.exe[6436] C:\Windows\syswow64\KERNELBASE.dll!FindFirstFileExW 000000007708a663 5 bytes JMP 000000007ef20942 .text C:\Program Files (x86)\Intel\Extreme Tuning Utility\XtuService.exe[6436] C:\Windows\syswow64\KERNELBASE.dll!CreateFileA 000000007708c8a8 5 bytes JMP 000000007ef2029e .text C:\Program Files (x86)\Intel\Extreme Tuning Utility\XtuService.exe[6436] C:\Windows\syswow64\KERNELBASE.dll!CreateWellKnownSid 000000007708e414 5 bytes JMP 000000007ef209a8 .text C:\Program Files (x86)\Intel\Extreme Tuning Utility\XtuService.exe[6436] C:\Windows\syswow64\ADVAPI32.dll!CryptGenKey 0000000076c28e69 5 bytes JMP 000000007ef20cb6 .text C:\Program Files (x86)\Intel\Extreme Tuning Utility\XtuService.exe[6436] C:\Windows\syswow64\ADVAPI32.dll!CryptAcquireContextA 0000000076c29159 5 bytes JMP 000000007ef20c72 .text C:\Program Files (x86)\Intel\Extreme Tuning Utility\XtuService.exe[6436] C:\Windows\syswow64\ADVAPI32.dll!CryptExportKey 0000000076c29166 5 bytes JMP 000000007ef20d1c .text C:\Program Files (x86)\Intel\Extreme Tuning Utility\XtuService.exe[6436] C:\Windows\syswow64\ADVAPI32.dll!CryptImportKey 0000000076c2c4b2 5 bytes JMP 000000007ef20d82 .text C:\Program Files (x86)\Intel\Extreme Tuning Utility\XtuService.exe[6436] C:\Windows\syswow64\ADVAPI32.dll!OpenServiceW 0000000076c2c9cc 5 bytes JMP 000000007ef20b1e .text C:\Program Files (x86)\Intel\Extreme Tuning Utility\XtuService.exe[6436] C:\Windows\syswow64\ADVAPI32.dll!CryptAcquireContextW 0000000076c2de94 5 bytes JMP 000000007ef20c94 .text C:\Program Files (x86)\Intel\Extreme Tuning Utility\XtuService.exe[6436] C:\Windows\syswow64\ADVAPI32.dll!CryptHashData 0000000076c2deb6 5 bytes JMP 000000007ef20d60 .text C:\Program Files (x86)\Intel\Extreme Tuning Utility\XtuService.exe[6436] C:\Windows\syswow64\ADVAPI32.dll!CryptCreateHash 0000000076c2dece 5 bytes JMP 000000007ef20cfa .text C:\Program Files (x86)\Intel\Extreme Tuning Utility\XtuService.exe[6436] C:\Windows\syswow64\ADVAPI32.dll!CryptGetHashParam 0000000076c2defe 5 bytes JMP 000000007ef20d3e .text C:\Program Files (x86)\Intel\Extreme Tuning Utility\XtuService.exe[6436] C:\Windows\syswow64\ADVAPI32.dll!OpenServiceA 0000000076c32b38 5 bytes JMP 000000007ef20afc .text C:\Program Files (x86)\Intel\Extreme Tuning Utility\XtuService.exe[6436] C:\Windows\syswow64\ADVAPI32.dll!CloseServiceHandle 0000000076c335e4 5 bytes JMP 000000007ef20c0c .text C:\Program Files (x86)\Intel\Extreme Tuning Utility\XtuService.exe[6436] C:\Windows\syswow64\ADVAPI32.dll!RegOpenKeyExA + 222 0000000076c34939 5 bytes JMP 000000007ef20a74 .text C:\Program Files (x86)\Intel\Extreme Tuning Utility\XtuService.exe[6436] C:\Windows\syswow64\ADVAPI32.dll!CreateServiceW 0000000076c470a4 5 bytes JMP 000000007ef20c50 .text C:\Program Files (x86)\Intel\Extreme Tuning Utility\XtuService.exe[6436] C:\Windows\syswow64\ADVAPI32.dll!ControlService 0000000076c470bc 5 bytes JMP 000000007ef20b84 .text C:\Program Files (x86)\Intel\Extreme Tuning Utility\XtuService.exe[6436] C:\Windows\syswow64\ADVAPI32.dll!DeleteService 0000000076c470d4 5 bytes JMP 000000007ef20ba6 .text C:\Program Files (x86)\Intel\Extreme Tuning Utility\XtuService.exe[6436] C:\Windows\syswow64\ADVAPI32.dll!CryptEncrypt 0000000076c4771b 5 bytes JMP 000000007ef20cd8 .text C:\Program Files (x86)\Intel\Extreme Tuning Utility\XtuService.exe[6436] C:\Windows\syswow64\ADVAPI32.dll!ChangeServiceConfigA 0000000076c633a4 5 bytes JMP 000000007ef20bc8 .text C:\Program Files (x86)\Intel\Extreme Tuning Utility\XtuService.exe[6436] C:\Windows\syswow64\ADVAPI32.dll!ChangeServiceConfigW 0000000076c633b4 5 bytes JMP 000000007ef20bea .text C:\Program Files (x86)\Intel\Extreme Tuning Utility\XtuService.exe[6436] C:\Windows\syswow64\ADVAPI32.dll!ControlServiceExA 0000000076c633c4 5 bytes JMP 000000007ef20b40 .text C:\Program Files (x86)\Intel\Extreme Tuning Utility\XtuService.exe[6436] C:\Windows\syswow64\ADVAPI32.dll!ControlServiceExW 0000000076c633d4 5 bytes JMP 000000007ef20b62 .text C:\Program Files (x86)\Intel\Extreme Tuning Utility\XtuService.exe[6436] C:\Windows\syswow64\ADVAPI32.dll!CreateServiceA 0000000076c63414 5 bytes JMP 000000007ef20c2e .text C:\Program Files (x86)\Intel\Extreme Tuning Utility\XtuService.exe[6436] C:\Windows\syswow64\msvcrt.dll!_lock + 41 000000007652a472 5 bytes JMP 000000007ef20a96 .text C:\Program Files (x86)\Intel\Extreme Tuning Utility\XtuService.exe[6436] C:\Windows\syswow64\msvcrt.dll!__p__fmode 00000000765327ce 5 bytes JMP 000000007ef20ada .text C:\Program Files (x86)\Intel\Extreme Tuning Utility\XtuService.exe[6436] C:\Windows\syswow64\msvcrt.dll!__p__environ 000000007653e6cf 1 byte JMP 000000007ef20ab8 .text C:\Program Files (x86)\Intel\Extreme Tuning Utility\XtuService.exe[6436] C:\Windows\syswow64\msvcrt.dll!__p__environ + 2 000000007653e6d1 3 bytes {JMP 0x89e23e9} .text C:\Program Files (x86)\Intel\Extreme Tuning Utility\XtuService.exe[6436] C:\Windows\syswow64\GDI32.dll!TranslateCharsetInfo + 505 0000000076d1633b 5 bytes JMP 000000007ef20da4 .text C:\Program Files (x86)\Intel\Extreme Tuning Utility\XtuService.exe[6436] C:\Windows\syswow64\GDI32.dll!SetBrushAttributes 0000000076d385fd 5 bytes JMP 000000007ef211a0 .text C:\Program Files (x86)\Intel\Extreme Tuning Utility\XtuService.exe[6436] C:\Windows\syswow64\GDI32.dll!ClearBrushAttributes 0000000076d3861c 5 bytes JMP 000000007ef211c2 .text C:\Program Files (x86)\Intel\Extreme Tuning Utility\XtuService.exe[6436] C:\Windows\syswow64\GDI32.dll!NamedEscape 0000000076d4421d 5 bytes JMP 000000007ef211e4 .text C:\Program Files (x86)\Intel\Extreme Tuning Utility\XtuService.exe[6436] C:\Windows\syswow64\USER32.dll!GetWindowLongW 0000000076ef6ffe 5 bytes JMP 000000007ef210f6 .text C:\Program Files (x86)\Intel\Extreme Tuning Utility\XtuService.exe[6436] C:\Windows\syswow64\USER32.dll!GetMessageW 0000000076ef78e2 5 bytes JMP 000000007ef20e70 .text C:\Program Files (x86)\Intel\Extreme Tuning Utility\XtuService.exe[6436] C:\Windows\syswow64\USER32.dll!GetMessageA 0000000076ef7bd3 5 bytes JMP 000000007ef20e4e .text C:\Program Files (x86)\Intel\Extreme Tuning Utility\XtuService.exe[6436] C:\Windows\syswow64\USER32.dll!SetWindowLongW 0000000076ef8332 5 bytes JMP 000000007ef2113a .text C:\Program Files (x86)\Intel\Extreme Tuning Utility\XtuService.exe[6436] C:\Windows\syswow64\USER32.dll!CreateWindowExW 0000000076ef8a29 5 bytes JMP 000000007ef20f1a .text C:\Program Files (x86)\Intel\Extreme Tuning Utility\XtuService.exe[6436] C:\Windows\syswow64\USER32.dll!FindWindowW 0000000076ef98fd 5 bytes JMP 000000007ef21090 .text C:\Program Files (x86)\Intel\Extreme Tuning Utility\XtuService.exe[6436] C:\Windows\syswow64\USER32.dll!UserClientDllInitialize 0000000076efb6fa 5 bytes JMP 000000007ef20dc6 .text C:\Program Files (x86)\Intel\Extreme Tuning Utility\XtuService.exe[6436] C:\Windows\syswow64\USER32.dll!GetWindowLongA 0000000076efd166 5 bytes JMP 000000007ef210d4 .text C:\Program Files (x86)\Intel\Extreme Tuning Utility\XtuService.exe[6436] C:\Windows\syswow64\USER32.dll!CreateWindowExA 0000000076efd23e 5 bytes JMP 000000007ef20f3c .text C:\Program Files (x86)\Intel\Extreme Tuning Utility\XtuService.exe[6436] C:\Windows\syswow64\USER32.dll!SetWinEventHook 0000000076efee21 5 bytes JMP 000000007ef20e2c .text C:\Program Files (x86)\Intel\Extreme Tuning Utility\XtuService.exe[6436] C:\Windows\syswow64\USER32.dll!FindWindowA 0000000076effffe 5 bytes JMP 000000007ef2104c .text C:\Program Files (x86)\Intel\Extreme Tuning Utility\XtuService.exe[6436] C:\Windows\syswow64\USER32.dll!FindWindowExA 0000000076f000f1 5 bytes JMP 000000007ef2106e .text C:\Program Files (x86)\Intel\Extreme Tuning Utility\XtuService.exe[6436] C:\Windows\syswow64\USER32.dll!PeekMessageW 0000000076f005d2 5 bytes JMP 000000007ef20eb4 .text C:\Program Files (x86)\Intel\Extreme Tuning Utility\XtuService.exe[6436] C:\Windows\syswow64\USER32.dll!ShowWindow 0000000076f00e13 5 bytes JMP 000000007ef20f5e .text C:\Program Files (x86)\Intel\Extreme Tuning Utility\XtuService.exe[6436] C:\Windows\syswow64\USER32.dll!SetWindowTextW 0000000076f01f14 5 bytes JMP 000000007ef2102a .text C:\Program Files (x86)\Intel\Extreme Tuning Utility\XtuService.exe[6436] C:\Windows\syswow64\USER32.dll!UnhookWindowsHookEx 0000000076f0392d 5 bytes JMP 000000007ef20ef8 .text C:\Program Files (x86)\Intel\Extreme Tuning Utility\XtuService.exe[6436] C:\Windows\syswow64\USER32.dll!FindWindowExW 0000000076f0398a 5 bytes JMP 000000007ef210b2 .text C:\Program Files (x86)\Intel\Extreme Tuning Utility\XtuService.exe[6436] C:\Windows\syswow64\USER32.dll!PeekMessageA 0000000076f07044 5 bytes JMP 000000007ef20e92 .text C:\Program Files (x86)\Intel\Extreme Tuning Utility\XtuService.exe[6436] C:\Windows\syswow64\USER32.dll!SetWindowLongA 0000000076f071e0 5 bytes JMP 000000007ef21118 .text C:\Program Files (x86)\Intel\Extreme Tuning Utility\XtuService.exe[6436] C:\Windows\syswow64\USER32.dll!CallNextHookEx 0000000076f07355 5 bytes JMP 000000007ef20ed6 .text C:\Program Files (x86)\Intel\Extreme Tuning Utility\XtuService.exe[6436] C:\Windows\syswow64\USER32.dll!SetWindowsHookExW 0000000076f081f5 5 bytes JMP 000000007ef20e0a .text C:\Program Files (x86)\Intel\Extreme Tuning Utility\XtuService.exe[6436] C:\Windows\syswow64\USER32.dll!SendNotifyMessageW 0000000076f0825a 5 bytes JMP 000000007ef2117e .text C:\Program Files (x86)\Intel\Extreme Tuning Utility\XtuService.exe[6436] C:\Windows\syswow64\USER32.dll!SetWindowTextA 0000000076f086de 5 bytes JMP 000000007ef21008 .text C:\Program Files (x86)\Intel\Extreme Tuning Utility\XtuService.exe[6436] C:\Windows\syswow64\USER32.dll!SetWindowsHookExA 0000000076f08f4c 5 bytes JMP 000000007ef20de8 .text C:\Program Files (x86)\Intel\Extreme Tuning Utility\XtuService.exe[6436] C:\Windows\syswow64\USER32.dll!DialogBoxIndirectParamAorW 0000000076f1d954 5 bytes JMP 000000007ef20fa2 .text C:\Program Files (x86)\Intel\Extreme Tuning Utility\XtuService.exe[6436] C:\Windows\syswow64\USER32.dll!CreateDialogIndirectParamAorW 0000000076f21080 5 bytes JMP 000000007ef20f80 .text C:\Program Files (x86)\Intel\Extreme Tuning Utility\XtuService.exe[6436] C:\Windows\syswow64\USER32.dll!MessageBoxExA 0000000076f4fd66 5 bytes JMP 000000007ef20fc4 .text C:\Program Files (x86)\Intel\Extreme Tuning Utility\XtuService.exe[6436] C:\Windows\syswow64\USER32.dll!MessageBoxExW 0000000076f4fd8a 5 bytes JMP 000000007ef20fe6 .text C:\Program Files (x86)\Intel\Extreme Tuning Utility\XtuService.exe[6436] C:\Windows\syswow64\USER32.dll!SendNotifyMessageA 0000000076f56df5 5 bytes JMP 000000007ef2115c .text C:\Program Files (x86)\Intel\Extreme Tuning Utility\XtuService.exe[6436] C:\Windows\syswow64\shell32.dll!Shell_NotifyIconW 0000000075370179 5 bytes JMP 000000007ef21228 .text C:\Program Files (x86)\Intel\Extreme Tuning Utility\XtuService.exe[6436] C:\Windows\syswow64\WS2_32.dll!closesocket 0000000076633918 5 bytes JMP 000000007ef2135a .text C:\Program Files (x86)\Intel\Extreme Tuning Utility\XtuService.exe[6436] C:\Windows\syswow64\WS2_32.dll!WSASocketW 0000000076633cd3 5 bytes JMP 000000007ef21338 .text C:\Program Files (x86)\Intel\Extreme Tuning Utility\XtuService.exe[6436] C:\Windows\syswow64\WS2_32.dll!socket 0000000076633eb8 5 bytes JMP 000000007ef2137c .text C:\Program Files (x86)\Intel\Extreme Tuning Utility\XtuService.exe[6436] C:\Windows\syswow64\WS2_32.dll!WSASend 0000000076634406 5 bytes JMP 000000007ef2128e .text C:\Program Files (x86)\Intel\Extreme Tuning Utility\XtuService.exe[6436] C:\Windows\syswow64\WS2_32.dll!GetAddrInfoW 0000000076634889 5 bytes JMP 000000007ef212d2 .text C:\Program Files (x86)\Intel\Extreme Tuning Utility\XtuService.exe[6436] C:\Windows\syswow64\WS2_32.dll!recv 0000000076636826 5 bytes JMP 000000007ef213c0 .text C:\Program Files (x86)\Intel\Extreme Tuning Utility\XtuService.exe[6436] C:\Windows\syswow64\WS2_32.dll!connect 00000000766368f5 5 bytes JMP 000000007ef212b0 .text C:\Program Files (x86)\Intel\Extreme Tuning Utility\XtuService.exe[6436] C:\Windows\syswow64\WS2_32.dll!send 0000000076636c19 5 bytes JMP 000000007ef2126c .text C:\Program Files (x86)\Intel\Extreme Tuning Utility\XtuService.exe[6436] C:\Windows\syswow64\WS2_32.dll!WSARecv 0000000076636da1 5 bytes JMP 000000007ef213e2 .text C:\Program Files (x86)\Intel\Extreme Tuning Utility\XtuService.exe[6436] C:\Windows\syswow64\WS2_32.dll!GetAddrInfoExW 000000007663a6db 5 bytes JMP 000000007ef212f4 .text C:\Program Files (x86)\Intel\Extreme Tuning Utility\XtuService.exe[6436] C:\Windows\syswow64\WS2_32.dll!WSAConnect 000000007663bcd5 5 bytes JMP 000000007ef2139e .text C:\Program Files (x86)\Intel\Extreme Tuning Utility\XtuService.exe[6436] C:\Windows\syswow64\WS2_32.dll!gethostbyname 000000007664771b 5 bytes JMP 000000007ef21316 .text C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe[7368] C:\Windows\SysWOW64\ntdll.dll!NtClose 00000000774df9f0 5 bytes JMP 000000007ef20700 .text C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe[7368] C:\Windows\SysWOW64\ntdll.dll!NtAllocateVirtualMemory 00000000774dfad0 5 bytes JMP 000000007ef208ba .text C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe[7368] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationProcess 00000000774dfb38 1 byte JMP 000000007ef20656 .text C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe[7368] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationProcess + 2 00000000774dfb3a 3 bytes {JMP 0x7a40b1e} .text C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe[7368] C:\Windows\SysWOW64\ntdll.dll!NtQueryInformationToken 00000000774dfbb8 5 bytes JMP 000000007ef209ca .text C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe[7368] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess 00000000774dfc30 5 bytes JMP 000000007ef203f2 .text C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe[7368] C:\Windows\SysWOW64\ntdll.dll!NtMapViewOfSection 00000000774dfc60 5 bytes JMP 000000007ef20018 .text C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe[7368] C:\Windows\SysWOW64\ntdll.dll!NtUnmapViewOfSection 00000000774dfc90 5 bytes JMP 000000007ef2003a .text C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe[7368] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 00000000774dfcc0 5 bytes JMP 000000007ef20634 .text C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe[7368] C:\Windows\SysWOW64\ntdll.dll!NtOpenSection 00000000774dfdd8 5 bytes JMP 000000007ef20a0e .text C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe[7368] C:\Windows\SysWOW64\ntdll.dll!NtWriteVirtualMemory 00000000774dfe24 5 bytes JMP 000000007ef203ae .text C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe[7368] C:\Windows\SysWOW64\ntdll.dll!NtDuplicateObject 00000000774dfe54 5 bytes JMP 000000007ef20436 .text C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe[7368] C:\Windows\SysWOW64\ntdll.dll!NtOpenEvent 00000000774dfeb8 5 bytes JMP 000000007ef20876 .text C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe[7368] C:\Windows\SysWOW64\ntdll.dll!NtAdjustPrivilegesToken 00000000774dfed0 5 bytes JMP 000000007ef20810 .text C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe[7368] C:\Windows\SysWOW64\ntdll.dll!NtQueueApcThread 00000000774dff34 5 bytes JMP 000000007ef20414 .text C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe[7368] C:\Windows\SysWOW64\ntdll.dll!NtCreateProcessEx 00000000774dfffc 5 bytes JMP 000000007ef2036a .text C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe[7368] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread 00000000774e0014 5 bytes JMP 000000007ef20326 .text C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe[7368] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory 00000000774e0048 5 bytes JMP 000000007ef208dc .text C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe[7368] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile 00000000774e00c4 2 bytes JMP 000000007ef20128 .text C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe[7368] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile + 3 00000000774e00c7 2 bytes [A4, 07] .text C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe[7368] C:\Windows\SysWOW64\ntdll.dll!NtSetValueKey 00000000774e01d4 5 bytes JMP 000000007ef201b0 .text C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe[7368] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant 00000000774e07ac 2 bytes JMP 000000007ef20898 .text C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe[7368] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant + 3 00000000774e07af 2 bytes [A4, 07] .text C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe[7368] C:\Windows\SysWOW64\ntdll.dll!NtCreateProcess 00000000774e0824 5 bytes JMP 000000007ef20348 .text C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe[7368] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx 00000000774e08b4 5 bytes JMP 000000007ef20304 .text C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe[7368] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver 00000000774e0e04 5 bytes JMP 000000007ef20722 .text C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe[7368] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessToken 00000000774e10d0 5 bytes JMP 000000007ef209a8 .text C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe[7368] C:\Windows\SysWOW64\ntdll.dll!NtRaiseHardError 00000000774e1614 5 bytes JMP 000000007ef205f0 .text C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe[7368] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread 00000000774e1930 5 bytes JMP 000000007ef203d0 .text C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe[7368] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation 00000000774e1bf4 5 bytes JMP 000000007ef20744 .text C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe[7368] C:\Windows\SysWOW64\ntdll.dll!NtSuspendProcess 00000000774e1d64 5 bytes JMP 000000007ef2047a .text C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe[7368] C:\Windows\SysWOW64\ntdll.dll!NtSuspendThread 00000000774e1d80 5 bytes JMP 000000007ef20458 .text C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe[7368] C:\Windows\SysWOW64\ntdll.dll!NtSystemDebugControl 00000000774e1d9c 5 bytes JMP 000000007ef20a30 .text C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe[7368] C:\Windows\SysWOW64\ntdll.dll!RtlQueryPerformanceCounter 00000000774f2954 5 bytes JMP 000000007ef200c2 .text C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe[7368] C:\Windows\SysWOW64\ntdll.dll!RtlEqualSid 00000000774f8ee1 5 bytes JMP 000000007ef209ec .text C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe[7368] C:\Windows\SysWOW64\ntdll.dll!RtlCreateProcessParametersEx 000000007752005b 5 bytes JMP 000000007ef2016c .text C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe[7368] C:\Windows\SysWOW64\ntdll.dll!RtlReportException 0000000077568757 5 bytes JMP 000000007ef20612 .text C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe[7368] C:\Windows\SysWOW64\ntdll.dll!RtlCreateProcessParameters 000000007756e9f7 5 bytes JMP 000000007ef2014a .text C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe[7368] C:\Windows\syswow64\kernel32.dll!GetStartupInfoA 0000000076310e00 5 bytes JMP 000000007ef200e4 .text C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe[7368] C:\Windows\syswow64\kernel32.dll!CreateProcessA 0000000076311072 5 bytes JMP 000000007ef202c0 .text C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe[7368] C:\Windows\syswow64\kernel32.dll!LoadLibraryA 0000000076314977 5 bytes JMP 000000007ef20238 .text C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe[7368] C:\Windows\syswow64\kernel32.dll!CreateProcessInternalW 0000000076323bbb 5 bytes JMP 000000007ef2038c .text C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe[7368] C:\Windows\syswow64\kernel32.dll!MoveFileWithProgressW 0000000076329abc 5 bytes JMP 000000007ef207ee .text C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe[7368] C:\Windows\syswow64\kernel32.dll!MoveFileExW 0000000076329b1d 5 bytes JMP 000000007ef207aa .text C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe[7368] C:\Windows\syswow64\kernel32.dll!CreateToolhelp32Snapshot 000000007633733f 5 bytes JMP 000000007ef2025a .text C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe[7368] C:\Windows\syswow64\kernel32.dll!Process32NextW 00000000763388f2 5 bytes JMP 000000007ef206de .text C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe[7368] C:\Windows\syswow64\kernel32.dll!MoveFileExA 000000007633ccf1 5 bytes JMP 000000007ef20788 .text C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe[7368] C:\Windows\syswow64\kernel32.dll!MoveFileWithProgressA 000000007633cd11 5 bytes JMP 000000007ef207cc .text C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe[7368] C:\Windows\syswow64\kernel32.dll!WinExec 0000000076393231 5 bytes JMP 000000007ef2029e .text C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe[7368] C:\Windows\syswow64\kernel32.dll!ReadConsoleInputA 00000000763b773b 5 bytes JMP 000000007ef20568 .text C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe[7368] C:\Windows\syswow64\kernel32.dll!ReadConsoleInputW 00000000763b775e 5 bytes JMP 000000007ef2058a .text C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe[7368] C:\Windows\syswow64\kernel32.dll!ReadConsoleA 00000000763b7b09 5 bytes JMP 000000007ef205ac .text C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe[7368] C:\Windows\syswow64\kernel32.dll!ReadConsoleW 00000000763b7b82 5 bytes JMP 000000007ef205ce .text C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe[7368] C:\Windows\syswow64\KERNELBASE.dll!GetSystemTimeAsFileTime 0000000077078fa5 5 bytes JMP 000000007ef200a0 .text C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe[7368] C:\Windows\syswow64\KERNELBASE.dll!CloseHandle 000000007707c558 5 bytes JMP 000000007ef20546 .text C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe[7368] C:\Windows\syswow64\KERNELBASE.dll!WriteProcessMemory 000000007707edc6 5 bytes JMP 000000007ef204e0 .text C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe[7368] C:\Windows\syswow64\KERNELBASE.dll!ExitProcess 000000007707f329 5 bytes JMP 000000007ef201d2 .text C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe[7368] C:\Windows\syswow64\KERNELBASE.dll!GetStartupInfoW 000000007707fbac 5 bytes JMP 000000007ef20106 .text C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe[7368] C:\Windows\syswow64\KERNELBASE.dll!DefineDosDeviceW 000000007707fcda 5 bytes JMP 000000007ef20766 .text C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe[7368] C:\Windows\syswow64\KERNELBASE.dll!CreateMutexW 000000007708147b 5 bytes JMP 000000007ef20524 .text C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe[7368] C:\Windows\syswow64\KERNELBASE.dll!OpenMutexW 00000000770814a2 5 bytes JMP 000000007ef20502 .text C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe[7368] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000077081e4c 5 bytes JMP 000000007ef2007e .text C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe[7368] C:\Windows\syswow64\KERNELBASE.dll!GetProcAddress 0000000077081f38 5 bytes JMP 000000007ef20216 .text C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe[7368] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000077082bdc 5 bytes JMP 000000007ef2069a .text C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe[7368] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExA 0000000077082e40 5 bytes JMP 000000007ef20678 .text C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe[7368] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000077082e7e 5 bytes JMP 000000007ef206bc .text C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe[7368] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleA 0000000077082fe1 5 bytes JMP 000000007ef2005c .text C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe[7368] C:\Windows\syswow64\KERNELBASE.dll!OpenThread 000000007708396a 5 bytes JMP 000000007ef2049c .text C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe[7368] C:\Windows\syswow64\KERNELBASE.dll!SleepEx 0000000077083cd7 5 bytes JMP 000000007ef2018e .text C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe[7368] C:\Windows\syswow64\KERNELBASE.dll!CreateRemoteThreadEx 0000000077083fdf 5 bytes JMP 000000007ef208fe .text C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe[7368] C:\Windows\syswow64\KERNELBASE.dll!Sleep 00000000770845fd 5 bytes JMP 000000007ef201f4 .text C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe[7368] C:\Windows\syswow64\KERNELBASE.dll!CreateThread 000000007708476f 5 bytes JMP 000000007ef204be .text C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe[7368] C:\Windows\syswow64\KERNELBASE.dll!CreateRemoteThread 0000000077084798 5 bytes JMP 000000007ef202e2 .text C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe[7368] C:\Windows\syswow64\KERNELBASE.dll!DeleteFileW 0000000077089dcf 5 bytes JMP 000000007ef20832 .text C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe[7368] C:\Windows\syswow64\KERNELBASE.dll!DeleteFileA 000000007708a11c 5 bytes JMP 000000007ef20854 .text C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe[7368] C:\Windows\syswow64\KERNELBASE.dll!FindNextFileW 000000007708a37a 5 bytes JMP 000000007ef20942 .text C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe[7368] C:\Windows\syswow64\KERNELBASE.dll!FindClose 000000007708a589 5 bytes JMP 000000007ef20964 .text C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe[7368] C:\Windows\syswow64\KERNELBASE.dll!FindFirstFileExW 000000007708a663 5 bytes JMP 000000007ef20920 .text C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe[7368] C:\Windows\syswow64\KERNELBASE.dll!CreateFileA 000000007708c8a8 5 bytes JMP 000000007ef2027c .text C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe[7368] C:\Windows\syswow64\KERNELBASE.dll!CreateWellKnownSid 000000007708e414 5 bytes JMP 000000007ef20986 .text C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe[7368] C:\Windows\syswow64\msvcrt.dll!_lock + 41 000000007652a472 5 bytes JMP 000000007ef20a52 .text C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe[7368] C:\Windows\syswow64\msvcrt.dll!__p__fmode 00000000765327ce 5 bytes JMP 000000007ef20afc .text C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe[7368] C:\Windows\syswow64\msvcrt.dll!__p__environ 000000007653e6cf 5 bytes JMP 000000007ef20ada .text C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe[7368] C:\Windows\syswow64\ADVAPI32.dll!CryptGenKey 0000000076c28e69 5 bytes JMP 000000007ef20cd8 .text C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe[7368] C:\Windows\syswow64\ADVAPI32.dll!CryptAcquireContextA 0000000076c29159 5 bytes JMP 000000007ef20c94 .text C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe[7368] C:\Windows\syswow64\ADVAPI32.dll!CryptExportKey 0000000076c29166 5 bytes JMP 000000007ef20d3e .text C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe[7368] C:\Windows\syswow64\ADVAPI32.dll!CryptImportKey 0000000076c2c4b2 5 bytes JMP 000000007ef20da4 .text C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe[7368] C:\Windows\syswow64\ADVAPI32.dll!OpenServiceW 0000000076c2c9cc 5 bytes JMP 000000007ef20b40 .text C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe[7368] C:\Windows\syswow64\ADVAPI32.dll!CryptAcquireContextW 0000000076c2de94 5 bytes JMP 000000007ef20cb6 .text C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe[7368] C:\Windows\syswow64\ADVAPI32.dll!CryptHashData 0000000076c2deb6 5 bytes JMP 000000007ef20d82 .text C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe[7368] C:\Windows\syswow64\ADVAPI32.dll!CryptCreateHash 0000000076c2dece 5 bytes JMP 000000007ef20d1c .text C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe[7368] C:\Windows\syswow64\ADVAPI32.dll!CryptGetHashParam 0000000076c2defe 5 bytes JMP 000000007ef20d60 .text C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe[7368] C:\Windows\syswow64\ADVAPI32.dll!OpenServiceA 0000000076c32b38 5 bytes JMP 000000007ef20b1e .text C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe[7368] C:\Windows\syswow64\ADVAPI32.dll!CloseServiceHandle 0000000076c335e4 5 bytes JMP 000000007ef20c2e .text C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe[7368] C:\Windows\syswow64\ADVAPI32.dll!RegOpenKeyExA + 222 0000000076c34939 5 bytes JMP 000000007ef20a74 .text C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe[7368] C:\Windows\syswow64\ADVAPI32.dll!CreateServiceW 0000000076c470a4 5 bytes JMP 000000007ef20c72 .text C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe[7368] C:\Windows\syswow64\ADVAPI32.dll!ControlService 0000000076c470bc 5 bytes JMP 000000007ef20ba6 .text C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe[7368] C:\Windows\syswow64\ADVAPI32.dll!DeleteService 0000000076c470d4 5 bytes JMP 000000007ef20bc8 .text C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe[7368] C:\Windows\syswow64\ADVAPI32.dll!CryptEncrypt 0000000076c4771b 5 bytes JMP 000000007ef20cfa .text C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe[7368] C:\Windows\syswow64\ADVAPI32.dll!ChangeServiceConfigA 0000000076c633a4 5 bytes JMP 000000007ef20bea .text C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe[7368] C:\Windows\syswow64\ADVAPI32.dll!ChangeServiceConfigW 0000000076c633b4 5 bytes JMP 000000007ef20c0c .text C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe[7368] C:\Windows\syswow64\ADVAPI32.dll!ControlServiceExA 0000000076c633c4 5 bytes JMP 000000007ef20b62 .text C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe[7368] C:\Windows\syswow64\ADVAPI32.dll!ControlServiceExW 0000000076c633d4 5 bytes JMP 000000007ef20b84 .text C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe[7368] C:\Windows\syswow64\ADVAPI32.dll!CreateServiceA 0000000076c63414 5 bytes JMP 000000007ef20c50 .text C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe[7368] C:\Windows\syswow64\GDI32.dll!TranslateCharsetInfo + 505 0000000076d1633b 5 bytes JMP 000000007ef20a96 .text C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe[7368] C:\Windows\syswow64\GDI32.dll!SetBrushAttributes 0000000076d385fd 5 bytes JMP 000000007ef2117e .text C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe[7368] C:\Windows\syswow64\GDI32.dll!ClearBrushAttributes 0000000076d3861c 5 bytes JMP 000000007ef211a0 .text C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe[7368] C:\Windows\syswow64\GDI32.dll!NamedEscape 0000000076d4421d 5 bytes JMP 000000007ef211c2 .text C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe[7368] C:\Windows\syswow64\USER32.dll!GetWindowLongW 0000000076ef6ffe 5 bytes JMP 000000007ef210d4 .text C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe[7368] C:\Windows\syswow64\USER32.dll!GetMessageW 0000000076ef78e2 5 bytes JMP 000000007ef20e4e .text C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe[7368] C:\Windows\syswow64\USER32.dll!GetMessageA 0000000076ef7bd3 5 bytes JMP 000000007ef20e2c .text C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe[7368] C:\Windows\syswow64\USER32.dll!SetWindowLongW 0000000076ef8332 5 bytes JMP 000000007ef21118 .text C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe[7368] C:\Windows\syswow64\USER32.dll!CreateWindowExW 0000000076ef8a29 5 bytes JMP 000000007ef20ef8 .text C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe[7368] C:\Windows\syswow64\USER32.dll!FindWindowW 0000000076ef98fd 5 bytes JMP 000000007ef2106e .text C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe[7368] C:\Windows\syswow64\USER32.dll!UserClientDllInitialize 0000000076efb6fa 5 bytes JMP 000000007ef20ab8 .text C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe[7368] C:\Windows\syswow64\USER32.dll!GetWindowLongA 0000000076efd166 5 bytes JMP 000000007ef210b2 .text C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe[7368] C:\Windows\syswow64\USER32.dll!CreateWindowExA 0000000076efd23e 5 bytes JMP 000000007ef20f1a .text C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe[7368] C:\Windows\syswow64\USER32.dll!SetWinEventHook 0000000076efee21 5 bytes JMP 000000007ef20e0a .text C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe[7368] C:\Windows\syswow64\USER32.dll!FindWindowA 0000000076effffe 5 bytes JMP 000000007ef2102a .text C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe[7368] C:\Windows\syswow64\USER32.dll!FindWindowExA 0000000076f000f1 5 bytes JMP 000000007ef2104c .text C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe[7368] C:\Windows\syswow64\USER32.dll!PeekMessageW 0000000076f005d2 5 bytes JMP 000000007ef20e92 .text C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe[7368] C:\Windows\syswow64\USER32.dll!ShowWindow 0000000076f00e13 5 bytes JMP 000000007ef20f3c .text C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe[7368] C:\Windows\syswow64\USER32.dll!SetWindowTextW 0000000076f01f14 5 bytes JMP 000000007ef21008 .text C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe[7368] C:\Windows\syswow64\USER32.dll!UnhookWindowsHookEx 0000000076f0392d 5 bytes JMP 000000007ef20ed6 .text C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe[7368] C:\Windows\syswow64\USER32.dll!FindWindowExW 0000000076f0398a 5 bytes JMP 000000007ef21090 .text C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe[7368] C:\Windows\syswow64\USER32.dll!PeekMessageA 0000000076f07044 5 bytes JMP 000000007ef20e70 .text C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe[7368] C:\Windows\syswow64\USER32.dll!SetWindowLongA 0000000076f071e0 5 bytes JMP 000000007ef210f6 .text C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe[7368] C:\Windows\syswow64\USER32.dll!CallNextHookEx 0000000076f07355 5 bytes JMP 000000007ef20eb4 .text C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe[7368] C:\Windows\syswow64\USER32.dll!SetWindowsHookExW 0000000076f081f5 5 bytes JMP 000000007ef20de8 .text C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe[7368] C:\Windows\syswow64\USER32.dll!SendNotifyMessageW 0000000076f0825a 5 bytes JMP 000000007ef2115c .text C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe[7368] C:\Windows\syswow64\USER32.dll!SetWindowTextA 0000000076f086de 5 bytes JMP 000000007ef20fe6 .text C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe[7368] C:\Windows\syswow64\USER32.dll!SetWindowsHookExA 0000000076f08f4c 5 bytes JMP 000000007ef20dc6 .text C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe[7368] C:\Windows\syswow64\USER32.dll!DialogBoxIndirectParamAorW 0000000076f1d954 5 bytes JMP 000000007ef20f80 .text C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe[7368] C:\Windows\syswow64\USER32.dll!CreateDialogIndirectParamAorW 0000000076f21080 5 bytes JMP 000000007ef20f5e .text C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe[7368] C:\Windows\syswow64\USER32.dll!MessageBoxExA 0000000076f4fd66 5 bytes JMP 000000007ef20fa2 .text C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe[7368] C:\Windows\syswow64\USER32.dll!MessageBoxExW 0000000076f4fd8a 5 bytes JMP 000000007ef20fc4 .text C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe[7368] C:\Windows\syswow64\USER32.dll!SendNotifyMessageA 0000000076f56df5 5 bytes JMP 000000007ef2113a .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5048] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread 000000007732be00 7 bytes [48, B8, 60, F9, BA, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5048] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread + 8 000000007732be08 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5048] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThreadToken 000000007732bf70 7 bytes [48, B8, E0, F9, BA, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5048] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThreadToken + 8 000000007732bf78 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5048] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 000000007732bf90 7 bytes [48, B8, D0, FD, BA, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5048] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess + 8 000000007732bf98 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5048] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationFile 000000007732bfa0 7 bytes [48, B8, C0, FB, BA, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5048] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationFile + 8 000000007732bfa8 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5048] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 000000007732bfb0 7 bytes [48, B8, 40, F8, BA, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5048] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection + 8 000000007732bfb8 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5048] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection 000000007732bfd0 7 bytes [48, B8, B0, F8, BA, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5048] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection + 8 000000007732bfd8 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5048] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThreadTokenEx 000000007732c020 7 bytes [48, B8, 50, FA, BA, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5048] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThreadTokenEx + 8 000000007732c028 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5048] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcessTokenEx 000000007732c030 7 bytes [48, B8, 20, FE, BA, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5048] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcessTokenEx + 8 000000007732c038 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5048] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile 000000007732c060 7 bytes [48, B8, 40, FB, BA, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5048] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile + 8 000000007732c068 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5048] C:\Windows\SYSTEM32\ntdll.dll!NtQueryAttributesFile 000000007732c100 7 bytes [48, B8, 80, FB, BA, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5048] C:\Windows\SYSTEM32\ntdll.dll!NtQueryAttributesFile + 8 000000007732c108 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5048] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 000000007732c280 7 bytes [48, B8, C0, FA, BA, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5048] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile + 8 000000007732c288 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5048] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcessToken 000000007732ccf0 7 bytes [48, B8, 00, FE, BA, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5048] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcessToken + 8 000000007732ccf8 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5048] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 000000007732cd40 7 bytes [48, B8, A0, FD, BA, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5048] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread + 8 000000007732cd48 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5048] C:\Windows\SYSTEM32\ntdll.dll!NtQueryFullAttributesFile 000000007732ce90 7 bytes [48, B8, A0, FB, BA, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5048] C:\Windows\SYSTEM32\ntdll.dll!NtQueryFullAttributesFile + 8 000000007732ce98 6 bytes {ADD [RAX], AL; JMP RAX} ---- User IAT/EAT - GMER 2.2 ---- IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[8052] @ C:\Windows\system32\DWrite.dll[ADVAPI32.dll!OpenServiceW] [7feddee6490] C:\Program Files (x86)\Google\Chrome\Application\58.0.3029.110\chrome_child.dll IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[8052] @ C:\Windows\system32\DWrite.dll[ADVAPI32.dll!CloseServiceHandle] [7feddee5ca0] C:\Program Files (x86)\Google\Chrome\Application\58.0.3029.110\chrome_child.dll IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[8052] @ C:\Windows\system32\DWrite.dll[ADVAPI32.dll!OpenSCManagerW] [7feddee6470] C:\Program Files (x86)\Google\Chrome\Application\58.0.3029.110\chrome_child.dll IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[8052] @ C:\Windows\system32\DWrite.dll[ADVAPI32.dll!StartServiceW] [7feddee66e0] C:\Program Files (x86)\Google\Chrome\Application\58.0.3029.110\chrome_child.dll IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[8052] @ C:\Windows\system32\DWrite.dll[ntdll.dll!NtAlpcConnectPort] [7fedd022730] C:\Program Files (x86)\Google\Chrome\Application\58.0.3029.110\chrome_child.dll IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6344] @ C:\Windows\system32\DWrite.dll[ADVAPI32.dll!OpenServiceW] [7feddee6490] C:\Program Files (x86)\Google\Chrome\Application\58.0.3029.110\chrome_child.dll IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6344] @ C:\Windows\system32\DWrite.dll[ADVAPI32.dll!CloseServiceHandle] [7feddee5ca0] C:\Program Files (x86)\Google\Chrome\Application\58.0.3029.110\chrome_child.dll IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6344] @ C:\Windows\system32\DWrite.dll[ADVAPI32.dll!OpenSCManagerW] [7feddee6470] C:\Program Files (x86)\Google\Chrome\Application\58.0.3029.110\chrome_child.dll IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6344] @ C:\Windows\system32\DWrite.dll[ADVAPI32.dll!StartServiceW] [7feddee66e0] C:\Program Files (x86)\Google\Chrome\Application\58.0.3029.110\chrome_child.dll IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6344] @ C:\Windows\system32\DWrite.dll[ntdll.dll!NtAlpcConnectPort] [7fedd022730] C:\Program Files (x86)\Google\Chrome\Application\58.0.3029.110\chrome_child.dll IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7692] @ C:\Windows\system32\DWrite.dll[ADVAPI32.dll!OpenServiceW] [7feddee6490] C:\Program Files (x86)\Google\Chrome\Application\58.0.3029.110\chrome_child.dll IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7692] @ C:\Windows\system32\DWrite.dll[ADVAPI32.dll!CloseServiceHandle] [7feddee5ca0] C:\Program Files (x86)\Google\Chrome\Application\58.0.3029.110\chrome_child.dll IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7692] @ C:\Windows\system32\DWrite.dll[ADVAPI32.dll!OpenSCManagerW] [7feddee6470] C:\Program Files (x86)\Google\Chrome\Application\58.0.3029.110\chrome_child.dll IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7692] @ C:\Windows\system32\DWrite.dll[ADVAPI32.dll!StartServiceW] [7feddee66e0] C:\Program Files (x86)\Google\Chrome\Application\58.0.3029.110\chrome_child.dll IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7692] @ C:\Windows\system32\DWrite.dll[ntdll.dll!NtAlpcConnectPort] [7fedd022730] C:\Program Files (x86)\Google\Chrome\Application\58.0.3029.110\chrome_child.dll IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7728] @ C:\Windows\system32\DWrite.dll[ADVAPI32.dll!OpenServiceW] [7feddee6490] C:\Program Files (x86)\Google\Chrome\Application\58.0.3029.110\chrome_child.dll IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7728] @ C:\Windows\system32\DWrite.dll[ADVAPI32.dll!CloseServiceHandle] [7feddee5ca0] C:\Program Files (x86)\Google\Chrome\Application\58.0.3029.110\chrome_child.dll IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7728] @ C:\Windows\system32\DWrite.dll[ADVAPI32.dll!OpenSCManagerW] [7feddee6470] C:\Program Files (x86)\Google\Chrome\Application\58.0.3029.110\chrome_child.dll IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7728] @ C:\Windows\system32\DWrite.dll[ADVAPI32.dll!StartServiceW] [7feddee66e0] C:\Program Files (x86)\Google\Chrome\Application\58.0.3029.110\chrome_child.dll IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7728] @ C:\Windows\system32\DWrite.dll[ntdll.dll!NtAlpcConnectPort] [7fedd022730] C:\Program Files (x86)\Google\Chrome\Application\58.0.3029.110\chrome_child.dll IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[8076] @ C:\Windows\system32\DWrite.dll[ADVAPI32.dll!OpenServiceW] [7feddee6490] C:\Program Files (x86)\Google\Chrome\Application\58.0.3029.110\chrome_child.dll IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[8076] @ C:\Windows\system32\DWrite.dll[ADVAPI32.dll!CloseServiceHandle] [7feddee5ca0] C:\Program Files (x86)\Google\Chrome\Application\58.0.3029.110\chrome_child.dll IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[8076] @ C:\Windows\system32\DWrite.dll[ADVAPI32.dll!OpenSCManagerW] [7feddee6470] C:\Program Files (x86)\Google\Chrome\Application\58.0.3029.110\chrome_child.dll IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[8076] @ C:\Windows\system32\DWrite.dll[ADVAPI32.dll!StartServiceW] [7feddee66e0] C:\Program Files (x86)\Google\Chrome\Application\58.0.3029.110\chrome_child.dll IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[8076] @ C:\Windows\system32\DWrite.dll[ntdll.dll!NtAlpcConnectPort] [7fedd022730] C:\Program Files (x86)\Google\Chrome\Application\58.0.3029.110\chrome_child.dll IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2720] @ C:\Windows\system32\DWrite.dll[ADVAPI32.dll!OpenServiceW] [7feddee6490] C:\Program Files (x86)\Google\Chrome\Application\58.0.3029.110\chrome_child.dll IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2720] @ C:\Windows\system32\DWrite.dll[ADVAPI32.dll!CloseServiceHandle] [7feddee5ca0] C:\Program Files (x86)\Google\Chrome\Application\58.0.3029.110\chrome_child.dll IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2720] @ C:\Windows\system32\DWrite.dll[ADVAPI32.dll!OpenSCManagerW] [7feddee6470] C:\Program Files (x86)\Google\Chrome\Application\58.0.3029.110\chrome_child.dll IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2720] @ C:\Windows\system32\DWrite.dll[ADVAPI32.dll!StartServiceW] [7feddee66e0] C:\Program Files (x86)\Google\Chrome\Application\58.0.3029.110\chrome_child.dll IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2720] @ C:\Windows\system32\DWrite.dll[ntdll.dll!NtAlpcConnectPort] [7fedd022730] C:\Program Files (x86)\Google\Chrome\Application\58.0.3029.110\chrome_child.dll IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6792] @ C:\Windows\system32\DWrite.dll[ADVAPI32.dll!OpenServiceW] [7feddee6490] C:\Program Files (x86)\Google\Chrome\Application\58.0.3029.110\chrome_child.dll IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6792] @ C:\Windows\system32\DWrite.dll[ADVAPI32.dll!CloseServiceHandle] [7feddee5ca0] C:\Program Files (x86)\Google\Chrome\Application\58.0.3029.110\chrome_child.dll IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6792] @ C:\Windows\system32\DWrite.dll[ADVAPI32.dll!OpenSCManagerW] [7feddee6470] C:\Program Files (x86)\Google\Chrome\Application\58.0.3029.110\chrome_child.dll IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6792] @ C:\Windows\system32\DWrite.dll[ADVAPI32.dll!StartServiceW] [7feddee66e0] C:\Program Files (x86)\Google\Chrome\Application\58.0.3029.110\chrome_child.dll IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6792] @ C:\Windows\system32\DWrite.dll[ntdll.dll!NtAlpcConnectPort] [7fedd022730] C:\Program Files (x86)\Google\Chrome\Application\58.0.3029.110\chrome_child.dll IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7536] @ C:\Windows\system32\DWrite.dll[ADVAPI32.dll!OpenServiceW] [7feddee6490] C:\Program Files (x86)\Google\Chrome\Application\58.0.3029.110\chrome_child.dll IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7536] @ C:\Windows\system32\DWrite.dll[ADVAPI32.dll!CloseServiceHandle] [7feddee5ca0] C:\Program Files (x86)\Google\Chrome\Application\58.0.3029.110\chrome_child.dll IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7536] @ C:\Windows\system32\DWrite.dll[ADVAPI32.dll!OpenSCManagerW] [7feddee6470] C:\Program Files (x86)\Google\Chrome\Application\58.0.3029.110\chrome_child.dll IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7536] @ C:\Windows\system32\DWrite.dll[ADVAPI32.dll!StartServiceW] [7feddee66e0] C:\Program Files (x86)\Google\Chrome\Application\58.0.3029.110\chrome_child.dll IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7536] @ C:\Windows\system32\DWrite.dll[ntdll.dll!NtAlpcConnectPort] [7fedd022730] C:\Program Files (x86)\Google\Chrome\Application\58.0.3029.110\chrome_child.dll IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7640] @ C:\Windows\system32\DWrite.dll[ADVAPI32.dll!OpenServiceW] [7feddee6490] C:\Program Files (x86)\Google\Chrome\Application\58.0.3029.110\chrome_child.dll IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7640] @ C:\Windows\system32\DWrite.dll[ADVAPI32.dll!CloseServiceHandle] [7feddee5ca0] C:\Program Files (x86)\Google\Chrome\Application\58.0.3029.110\chrome_child.dll IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7640] @ C:\Windows\system32\DWrite.dll[ADVAPI32.dll!OpenSCManagerW] [7feddee6470] C:\Program Files (x86)\Google\Chrome\Application\58.0.3029.110\chrome_child.dll IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7640] @ C:\Windows\system32\DWrite.dll[ADVAPI32.dll!StartServiceW] [7feddee66e0] C:\Program Files (x86)\Google\Chrome\Application\58.0.3029.110\chrome_child.dll IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7640] @ C:\Windows\system32\DWrite.dll[ntdll.dll!NtAlpcConnectPort] [7fedd022730] C:\Program Files (x86)\Google\Chrome\Application\58.0.3029.110\chrome_child.dll IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4388] @ C:\Windows\system32\DWrite.dll[ADVAPI32.dll!OpenServiceW] [7feddee6490] C:\Program Files (x86)\Google\Chrome\Application\58.0.3029.110\chrome_child.dll IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4388] @ C:\Windows\system32\DWrite.dll[ADVAPI32.dll!CloseServiceHandle] [7feddee5ca0] C:\Program Files (x86)\Google\Chrome\Application\58.0.3029.110\chrome_child.dll IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4388] @ C:\Windows\system32\DWrite.dll[ADVAPI32.dll!OpenSCManagerW] [7feddee6470] C:\Program Files (x86)\Google\Chrome\Application\58.0.3029.110\chrome_child.dll IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4388] @ C:\Windows\system32\DWrite.dll[ADVAPI32.dll!StartServiceW] [7feddee66e0] C:\Program Files (x86)\Google\Chrome\Application\58.0.3029.110\chrome_child.dll IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4388] @ C:\Windows\system32\DWrite.dll[ntdll.dll!NtAlpcConnectPort] [7fedd022730] C:\Program Files (x86)\Google\Chrome\Application\58.0.3029.110\chrome_child.dll IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5048] @ C:\Windows\system32\DWrite.dll[ADVAPI32.dll!OpenServiceW] [7feddee6490] C:\Program Files (x86)\Google\Chrome\Application\58.0.3029.110\chrome_child.dll IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5048] @ C:\Windows\system32\DWrite.dll[ADVAPI32.dll!CloseServiceHandle] [7feddee5ca0] C:\Program Files (x86)\Google\Chrome\Application\58.0.3029.110\chrome_child.dll IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5048] @ C:\Windows\system32\DWrite.dll[ADVAPI32.dll!OpenSCManagerW] [7feddee6470] C:\Program Files (x86)\Google\Chrome\Application\58.0.3029.110\chrome_child.dll IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5048] @ C:\Windows\system32\DWrite.dll[ADVAPI32.dll!StartServiceW] [7feddee66e0] C:\Program Files (x86)\Google\Chrome\Application\58.0.3029.110\chrome_child.dll IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5048] @ C:\Windows\system32\DWrite.dll[ntdll.dll!NtAlpcConnectPort] [7fedd022730] C:\Program Files (x86)\Google\Chrome\Application\58.0.3029.110\chrome_child.dll ---- Processes - GMER 2.2 ---- Library C:\Program Files\Common Files\Bitdefender\Bitdefender Threat Scanner\Antivirus_48171_066\bdcore.dll (*** suspicious ***) @ C:\Program Files\Bitdefender\Bitdefender 2017\vsserv.exe [168] 000007fefa9d0000 ---- Registry - GMER 2.2 ---- Reg HKLM\SYSTEM\ControlSet002\Control@PreshutdownOrder wuauserv?gpsvc?trustedinstaller? Reg HKLM\SYSTEM\ControlSet002\Control@WaitToKillServiceTimeout 12000 Reg HKLM\SYSTEM\ControlSet002\Control@CurrentUser USERNAME Reg HKLM\SYSTEM\ControlSet002\Control@BootDriverFlags 0 Reg HKLM\SYSTEM\ControlSet002\Control@ServiceControlManagerExtension %systemroot%\system32\scext.dll Reg HKLM\SYSTEM\ControlSet002\Control@SystemStartOptions NOEXECUTE=OPTIN Reg HKLM\SYSTEM\ControlSet002\Control@SystemBootDevice multi(0)disk(0)rdisk(0)partition(2) Reg HKLM\SYSTEM\ControlSet002\Control@FirmwareBootDevice multi(0)disk(0)rdisk(0)partition(1) ---- Disk sectors - GMER 2.2 ---- Disk \Device\Harddisk0\DR0 sector 0: rootkit-like behavior ---- EOF - GMER 2.2 ----