GMER 2.1.19357 - http://www.gmer.net Rootkit scan 2015-02-14 20:50:50 Windows 6.2.9200 x64 \Device\Harddisk0\DR0 -> \Device\0000002d TOSHIBA_MQ01ABD075 rev.AX0A4M 698.64GB Running: vfud6snb.exe; Driver: C:\Users\Dominik\AppData\Local\Temp\fxddapog.sys ---- User code sections - GMER 2.1 ---- .text C:\Program Files\Bitdefender\Bitdefender 2015\vsserv.exe[976] C:\Windows\system32\KERNEL32.DLL!UnhandledExceptionFilter + 1 00007ffb2fcad48d 5 bytes [B8, 30, 08, E0, 01] .text C:\Program Files\Bitdefender\Bitdefender 2015\vsserv.exe[976] C:\Windows\system32\KERNEL32.DLL!UnhandledExceptionFilter + 7 00007ffb2fcad493 5 bytes [00, 00, 00, 50, C3] .text C:\Program Files\Bitdefender\Bitdefender 2015\vsserv.exe[976] C:\Windows\system32\PSAPI.DLL!GetModuleBaseNameA + 506 00007ffb3062169a 4 bytes [62, 30, FB, 7F] .text C:\Program Files\Bitdefender\Bitdefender 2015\vsserv.exe[976] C:\Windows\system32\PSAPI.DLL!GetModuleBaseNameA + 514 00007ffb306216a2 4 bytes [62, 30, FB, 7F] .text C:\Program Files\Bitdefender\Bitdefender 2015\vsserv.exe[976] C:\Windows\system32\PSAPI.DLL!QueryWorkingSet + 118 00007ffb3062181a 4 bytes [62, 30, FB, 7F] .text C:\Program Files\Bitdefender\Bitdefender 2015\vsserv.exe[976] C:\Windows\system32\PSAPI.DLL!QueryWorkingSet + 142 00007ffb30621832 4 bytes [62, 30, FB, 7F] .text C:\Windows\system32\dashost.exe[1808] C:\Windows\system32\KERNEL32.DLL!CreateToolhelp32Snapshot 00007ffb2fbea8f0 12 bytes [48, B8, C9, 34, 18, 5D, 00, ...] .text C:\Windows\system32\dashost.exe[1808] C:\Windows\system32\KERNEL32.DLL!Process32NextW 00007ffb2fbeb0f0 12 bytes [48, B8, 49, AF, 18, 5D, 00, ...] .text C:\Windows\system32\dashost.exe[1808] C:\Windows\system32\KERNEL32.DLL!GetStartupInfoA + 1 00007ffb2fc82731 11 bytes [B8, 09, D4, 18, 5D, 00, 00, ...] .text C:\Windows\system32\dashost.exe[1808] C:\Windows\system32\KERNEL32.DLL!MoveFileExA + 1 00007ffb2fca6f9d 8 bytes [B8, C9, C0, 18, 5D, 00, 00, ...] .text C:\Windows\system32\dashost.exe[1808] C:\Windows\system32\KERNEL32.DLL!MoveFileExA + 10 00007ffb2fca6fa6 2 bytes [50, C3] .text C:\Windows\system32\dashost.exe[1808] C:\Windows\system32\KERNEL32.DLL!MoveFileWithProgressA + 1 00007ffb2fca7095 11 bytes [B8, 09, C6, 18, 5D, 00, 00, ...] .text C:\Windows\system32\dashost.exe[1808] C:\Windows\system32\KERNELBASE.dll!CloseHandle 00007ffb2dcf14f0 12 bytes [48, B8, 49, 4D, 18, 5D, 00, ...] .text C:\Windows\system32\dashost.exe[1808] C:\Windows\system32\KERNELBASE.dll!FreeLibrary + 1 00007ffb2dcf54c9 11 bytes [B8, 09, A3, 18, 5D, 00, 00, ...] .text C:\Windows\system32\dashost.exe[1808] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW + 1 00007ffb2dcf55b1 11 bytes [B8, 49, A1, 18, 5D, 00, 00, ...] .text C:\Windows\system32\dashost.exe[1808] C:\Windows\system32\KERNELBASE.dll!OpenMutexW + 1 00007ffb2dcf6741 11 bytes [B8, C9, 49, 18, 5D, 00, 00, ...] .text C:\Windows\system32\dashost.exe[1808] C:\Windows\system32\KERNELBASE.dll!CreateMutexW 00007ffb2dcf688c 12 bytes [48, B8, 89, 4B, 18, 5D, 00, ...] .text C:\Windows\system32\dashost.exe[1808] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExA + 1 00007ffb2dcf8f99 11 bytes [B8, 89, 9F, 18, 5D, 00, 00, ...] .text C:\Windows\system32\dashost.exe[1808] C:\Windows\system32\KERNELBASE.dll!GetProcAddress 00007ffb2dcf9e94 12 bytes [48, B8, C9, A4, 18, 5D, 00, ...] .text C:\Windows\system32\dashost.exe[1808] C:\Windows\system32\KERNELBASE.dll!CreateProcessInternalW 00007ffb2dd068c0 12 bytes [48, B8, 89, 28, 18, 5D, 00, ...] .text C:\Windows\system32\dashost.exe[1808] C:\Windows\system32\KERNELBASE.dll!WriteProcessMemory + 1 00007ffb2dd14ac1 11 bytes [B8, 89, 3D, 18, 5D, 00, 00, ...] .text C:\Windows\system32\dashost.exe[1808] C:\Windows\system32\KERNELBASE.dll!MoveFileExW + 1 00007ffb2dd4cb51 8 bytes [B8, 89, C2, 18, 5D, 00, 00, ...] .text C:\Windows\system32\dashost.exe[1808] C:\Windows\system32\KERNELBASE.dll!MoveFileExW + 10 00007ffb2dd4cb5a 2 bytes [50, C3] .text C:\Windows\system32\dashost.exe[1808] C:\Windows\system32\KERNELBASE.dll!MoveFileWithProgressW + 1 00007ffb2dd522e1 11 bytes [B8, C9, C7, 18, 5D, 00, 00, ...] .text C:\Windows\system32\dashost.exe[1808] C:\Windows\system32\KERNELBASE.dll!DefineDosDeviceW + 1 00007ffb2dd69b79 11 bytes [B8, 49, BD, 18, 5D, 00, 00, ...] .text C:\Windows\system32\dashost.exe[1808] C:\Windows\system32\KERNELBASE.dll!CreateThread 00007ffb2dd69eb0 12 bytes [48, B8, C9, 3B, 18, 5D, 00, ...] .text C:\Windows\system32\dashost.exe[1808] C:\Windows\system32\KERNELBASE.dll!ReadConsoleInputA + 1 00007ffb2ddbada5 11 bytes [B8, 49, 70, 18, 5D, 00, 00, ...] .text C:\Windows\system32\dashost.exe[1808] C:\Windows\system32\KERNELBASE.dll!ReadConsoleInputW + 1 00007ffb2ddbae11 11 bytes [B8, 09, 72, 18, 5D, 00, 00, ...] .text C:\Windows\system32\dashost.exe[1808] C:\Windows\system32\KERNELBASE.dll!ReadConsoleA 00007ffb2ddbb82c 12 bytes [48, B8, C9, 73, 18, 5D, 00, ...] .text C:\Windows\system32\dashost.exe[1808] C:\Windows\system32\KERNELBASE.dll!ReadConsoleW 00007ffb2ddbba54 12 bytes [48, B8, 89, 75, 18, 5D, 00, ...] .text C:\Windows\system32\dashost.exe[1808] C:\Windows\system32\KERNELBASE.dll!CreateRemoteThread 00007ffb2ddccddc 12 bytes [48, B8, C9, 1F, 18, 5D, 00, ...] .text C:\Windows\system32\dashost.exe[1808] C:\Windows\SYSTEM32\sechost.dll!CredIsProtectedW + 225 00007ffb2e032501 11 bytes [B8, 49, E7, 18, 5D, 00, 00, ...] .text C:\Windows\system32\dashost.exe[1808] C:\Windows\SYSTEM32\sechost.dll!CloseServiceHandle + 1 00007ffb2e034fcd 11 bytes [B8, 09, 5D, 18, 5D, 00, 00, ...] .text C:\Windows\system32\dashost.exe[1808] C:\Windows\SYSTEM32\sechost.dll!OpenServiceW 00007ffb2e0354e0 12 bytes [48, B8, C9, 50, 18, 5D, 00, ...] .text C:\Windows\system32\dashost.exe[1808] C:\Windows\SYSTEM32\sechost.dll!ControlServiceExW + 1 00007ffb2e037e31 11 bytes [B8, 49, 54, 18, 5D, 00, 00, ...] .text C:\Windows\system32\dashost.exe[1808] C:\Windows\SYSTEM32\sechost.dll!ControlService + 1 00007ffb2e038975 11 bytes [B8, 09, 56, 18, 5D, 00, 00, ...] .text C:\Windows\system32\dashost.exe[1808] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigW + 1 00007ffb2e03c295 11 bytes [B8, 49, 5B, 18, 5D, 00, 00, ...] .text C:\Windows\system32\dashost.exe[1808] C:\Windows\SYSTEM32\sechost.dll!OpenServiceA 00007ffb2e058840 12 bytes [48, B8, 09, 4F, 18, 5D, 00, ...] .text C:\Windows\system32\dashost.exe[1808] C:\Windows\SYSTEM32\sechost.dll!DeleteService + 1 00007ffb2e059905 11 bytes [B8, C9, 57, 18, 5D, 00, 00, ...] .text C:\Windows\system32\dashost.exe[1808] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigA + 1 00007ffb2e05c721 11 bytes [B8, 89, 59, 18, 5D, 00, 00, ...] .text C:\Windows\system32\dashost.exe[1808] C:\Windows\SYSTEM32\sechost.dll!ControlServiceExA + 1 00007ffb2e06cbf1 11 bytes [B8, 89, 52, 18, 5D, 00, 00, ...] .text C:\Windows\system32\dashost.exe[1808] C:\Windows\system32\WS2_32.dll!closesocket 00007ffb2e761ac0 12 bytes [48, B8, 89, 98, 18, 5D, 00, ...] .text C:\Windows\system32\dashost.exe[1808] C:\Windows\system32\WS2_32.dll!WSASocketW 00007ffb2e762190 12 bytes [48, B8, C9, 96, 18, 5D, 00, ...] .text C:\Windows\system32\dashost.exe[1808] C:\Windows\system32\WS2_32.dll!socket + 1 00007ffb2e7624a1 11 bytes [B8, 89, C9, 18, 5D, 00, 00, ...] .text C:\Windows\system32\dashost.exe[1808] C:\Windows\system32\WS2_32.dll!GetAddrInfoW 00007ffb2e762bb0 12 bytes [48, B8, 09, 80, 18, 5D, 00, ...] .text C:\Windows\system32\dashost.exe[1808] C:\Windows\system32\WS2_32.dll!GetAddrInfoExW 00007ffb2e768a90 12 bytes [48, B8, C9, 81, 18, 5D, 00, ...] .text C:\Windows\system32\dashost.exe[1808] C:\Windows\system32\WS2_32.dll!WSASend + 1 00007ffb2e76f381 11 bytes [B8, 49, 9A, 18, 5D, 00, 00, ...] .text C:\Windows\system32\dashost.exe[1808] C:\Windows\system32\WS2_32.dll!recv + 1 00007ffb2e76f561 11 bytes [B8, C9, CE, 18, 5D, 00, 00, ...] .text C:\Windows\system32\dashost.exe[1808] C:\Windows\system32\WS2_32.dll!WSARecv + 1 00007ffb2e76ffd1 11 bytes [B8, 89, D0, 18, 5D, 00, 00, ...] .text C:\Windows\system32\dashost.exe[1808] C:\Windows\system32\WS2_32.dll!connect 00007ffb2e7707f0 12 bytes [48, B8, 49, 62, 18, 5D, 00, ...] .text C:\Windows\system32\dashost.exe[1808] C:\Windows\system32\WS2_32.dll!send + 1 00007ffb2e770f61 11 bytes [B8, 09, 95, 18, 5D, 00, 00, ...] .text C:\Windows\system32\dashost.exe[1808] C:\Windows\system32\WS2_32.dll!WSAConnect + 1 00007ffb2e7769b1 11 bytes [B8, 09, CD, 18, 5D, 00, 00, ...] .text C:\Windows\system32\dashost.exe[1808] C:\Windows\system32\WS2_32.dll!gethostbyname + 1 00007ffb2e784749 11 bytes [B8, 89, 83, 18, 5D, 00, 00, ...] .text C:\Windows\system32\dashost.exe[1808] C:\Windows\system32\DNSAPI.dll!DnsQueryEx 00007ffb2d0533a0 4 bytes [48, B8, 89, BB] .text C:\Windows\system32\dashost.exe[1808] C:\Windows\system32\DNSAPI.dll!DnsQueryEx + 5 00007ffb2d0533a5 7 bytes [5D, 00, 00, 00, 00, 50, C3] .text C:\Windows\system32\dashost.exe[1808] C:\Windows\system32\DNSAPI.dll!DnsQuery_UTF8 00007ffb2d072ff0 12 bytes [48, B8, C9, B9, 18, 5D, 00, ...] .text C:\Windows\system32\dashost.exe[1808] C:\Windows\system32\DNSAPI.dll!DnsQuery_W 00007ffb2d081b74 12 bytes [48, B8, 09, B8, 18, 5D, 00, ...] .text C:\Windows\system32\dashost.exe[1808] C:\Windows\system32\DNSAPI.dll!DnsQuery_A 00007ffb2d0afcec 12 bytes [48, B8, 49, B6, 18, 5D, 00, ...] .text C:\Windows\system32\dashost.exe[1808] C:\Windows\SYSTEM32\user32.dll!ShowWindow 00007ffb2e5d1190 6 bytes [48, B8, C9, 88, 18, 5D] .text C:\Windows\system32\dashost.exe[1808] C:\Windows\SYSTEM32\user32.dll!ShowWindow + 8 00007ffb2e5d1198 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\dashost.exe[1808] C:\Windows\SYSTEM32\user32.dll!UnhookWindowsHookEx 00007ffb2e5d11f0 6 bytes [48, B8, 89, 7C, 18, 5D] .text C:\Windows\system32\dashost.exe[1808] C:\Windows\SYSTEM32\user32.dll!UnhookWindowsHookEx + 8 00007ffb2e5d11f8 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\dashost.exe[1808] C:\Windows\SYSTEM32\user32.dll!GetMessageW 00007ffb2e5d2030 12 bytes [48, B8, 09, 6B, 18, 5D, 00, ...] .text C:\Windows\system32\dashost.exe[1808] C:\Windows\SYSTEM32\user32.dll!PeekMessageW + 1 00007ffb2e5d3071 11 bytes [B8, 89, 6E, 18, 5D, 00, 00, ...] .text C:\Windows\system32\dashost.exe[1808] C:\Windows\SYSTEM32\user32.dll!PostMessageW + 1 00007ffb2e5d34d1 11 bytes [B8, 49, D9, 18, 5D, 00, 00, ...] .text C:\Windows\system32\dashost.exe[1808] C:\Windows\SYSTEM32\user32.dll!CallNextHookEx + 1 00007ffb2e5d3be1 3 bytes [B8, C9, 7A] .text C:\Windows\system32\dashost.exe[1808] C:\Windows\SYSTEM32\user32.dll!CallNextHookEx + 5 00007ffb2e5d3be5 7 bytes [5D, 00, 00, 00, 00, 50, C3] .text C:\Windows\system32\dashost.exe[1808] C:\Windows\SYSTEM32\user32.dll!SetWindowTextW + 1 00007ffb2e5d56e1 11 bytes [B8, 49, 93, 18, 5D, 00, 00, ...] .text C:\Windows\system32\dashost.exe[1808] C:\Windows\SYSTEM32\user32.dll!GetMessageA + 1 00007ffb2e5d6401 11 bytes [B8, 49, 69, 18, 5D, 00, 00, ...] .text C:\Windows\system32\dashost.exe[1808] C:\Windows\SYSTEM32\user32.dll!PostMessageA 00007ffb2e5d6970 4 bytes [48, B8, 89, D7] .text C:\Windows\system32\dashost.exe[1808] C:\Windows\SYSTEM32\user32.dll!PostMessageA + 5 00007ffb2e5d6975 7 bytes [5D, 00, 00, 00, 00, 50, C3] .text C:\Windows\system32\dashost.exe[1808] C:\Windows\SYSTEM32\user32.dll!CreateWindowExW 00007ffb2e5d7834 7 bytes [48, B8, 49, 85, 18, 5D, 00] .text C:\Windows\system32\dashost.exe[1808] C:\Windows\SYSTEM32\user32.dll!CreateWindowExW + 10 00007ffb2e5d783e 2 bytes [50, C3] .text C:\Windows\system32\dashost.exe[1808] C:\Windows\SYSTEM32\user32.dll!SetWindowsHookExW + 1 00007ffb2e5da861 7 bytes [B8, 09, 1E, 18, 5D, 00, 00] .text C:\Windows\system32\dashost.exe[1808] C:\Windows\SYSTEM32\user32.dll!SetWindowsHookExW + 9 00007ffb2e5da869 3 bytes [00, 50, C3] .text C:\Windows\system32\dashost.exe[1808] C:\Windows\SYSTEM32\user32.dll!CreateWindowExA 00007ffb2e5dae38 7 bytes [48, B8, 09, 87, 18, 5D, 00] .text C:\Windows\system32\dashost.exe[1808] C:\Windows\SYSTEM32\user32.dll!CreateWindowExA + 10 00007ffb2e5dae42 2 bytes [50, C3] .text C:\Windows\system32\dashost.exe[1808] C:\Windows\SYSTEM32\user32.dll!FindWindowExW + 1 00007ffb2e5dceb1 11 bytes [B8, C9, AB, 18, 5D, 00, 00, ...] .text C:\Windows\system32\dashost.exe[1808] C:\Windows\SYSTEM32\user32.dll!FindWindowExA + 1 00007ffb2e5dd241 7 bytes [B8, 49, A8, 18, 5D, 00, 00] .text C:\Windows\system32\dashost.exe[1808] C:\Windows\SYSTEM32\user32.dll!FindWindowExA + 9 00007ffb2e5dd249 3 bytes [00, 50, C3] .text C:\Windows\system32\dashost.exe[1808] C:\Windows\SYSTEM32\user32.dll!FindWindowW + 1 00007ffb2e5dec31 7 bytes [B8, 09, AA, 18, 5D, 00, 00] .text C:\Windows\system32\dashost.exe[1808] C:\Windows\SYSTEM32\user32.dll!FindWindowW + 9 00007ffb2e5dec39 3 bytes [00, 50, C3] .text C:\Windows\system32\dashost.exe[1808] C:\Windows\SYSTEM32\user32.dll!SetWinEventHook 00007ffb2e5e2214 12 bytes [48, B8, 09, 3A, 18, 5D, 00, ...] .text C:\Windows\system32\dashost.exe[1808] C:\Windows\SYSTEM32\user32.dll!CreateDialogIndirectParamAorW + 1 00007ffb2e5f0dcd 11 bytes [B8, 89, 8A, 18, 5D, 00, 00, ...] .text C:\Windows\system32\dashost.exe[1808] C:\Windows\SYSTEM32\user32.dll!PeekMessageA + 1 00007ffb2e5f20e1 11 bytes [B8, C9, 6C, 18, 5D, 00, 00, ...] .text C:\Windows\system32\dashost.exe[1808] C:\Windows\SYSTEM32\user32.dll!UserClientDllInitialize + 1 00007ffb2e5f2831 11 bytes [B8, 89, EC, 18, 5D, 00, 00, ...] .text C:\Windows\system32\dashost.exe[1808] C:\Windows\SYSTEM32\user32.dll!DialogBoxIndirectParamAorW + 1 00007ffb2e600799 11 bytes [B8, 49, 8C, 18, 5D, 00, 00, ...] .text C:\Windows\system32\dashost.exe[1808] C:\Windows\SYSTEM32\user32.dll!SetWindowsHookExA + 1 00007ffb2e62d979 8 bytes [B8, 49, 1C, 18, 5D, 00, 00, ...] .text C:\Windows\system32\dashost.exe[1808] C:\Windows\SYSTEM32\user32.dll!SetWindowsHookExA + 10 00007ffb2e62d982 2 bytes [50, C3] .text C:\Windows\system32\dashost.exe[1808] C:\Windows\SYSTEM32\user32.dll!MessageBoxExA + 1 00007ffb2e6536fd 11 bytes [B8, 09, 8E, 18, 5D, 00, 00, ...] .text C:\Windows\system32\dashost.exe[1808] C:\Windows\SYSTEM32\user32.dll!MessageBoxExW + 1 00007ffb2e653721 11 bytes [B8, C9, 8F, 18, 5D, 00, 00, ...] .text C:\Windows\system32\dashost.exe[1808] C:\Windows\SYSTEM32\user32.dll!FindWindowA + 1 00007ffb2e654881 11 bytes [B8, 89, A6, 18, 5D, 00, 00, ...] .text C:\Windows\system32\dashost.exe[1808] C:\Windows\SYSTEM32\user32.dll!SetWindowTextA + 1 00007ffb2e65c725 11 bytes [B8, 89, 91, 18, 5D, 00, 00, ...] .text C:\Windows\system32\taskhostex.exe[1980] C:\Windows\system32\KERNEL32.DLL!CreateToolhelp32Snapshot 00007ffb2fbea8f0 12 bytes [48, B8, C9, 34, 18, 5D, 00, ...] .text C:\Windows\system32\taskhostex.exe[1980] C:\Windows\system32\KERNEL32.DLL!Process32NextW 00007ffb2fbeb0f0 12 bytes [48, B8, 49, AF, 18, 5D, 00, ...] .text C:\Windows\system32\taskhostex.exe[1980] C:\Windows\system32\KERNEL32.DLL!GetStartupInfoA + 1 00007ffb2fc82731 11 bytes [B8, 09, D4, 18, 5D, 00, 00, ...] .text C:\Windows\system32\taskhostex.exe[1980] C:\Windows\system32\KERNEL32.DLL!MoveFileExA + 1 00007ffb2fca6f9d 8 bytes [B8, C9, C0, 18, 5D, 00, 00, ...] .text C:\Windows\system32\taskhostex.exe[1980] C:\Windows\system32\KERNEL32.DLL!MoveFileExA + 10 00007ffb2fca6fa6 2 bytes [50, C3] .text C:\Windows\system32\taskhostex.exe[1980] C:\Windows\system32\KERNEL32.DLL!MoveFileWithProgressA + 1 00007ffb2fca7095 11 bytes [B8, 09, C6, 18, 5D, 00, 00, ...] .text C:\Windows\system32\taskhostex.exe[1980] C:\Windows\system32\KERNELBASE.dll!CloseHandle 00007ffb2dcf14f0 12 bytes [48, B8, 49, 4D, 18, 5D, 00, ...] .text C:\Windows\system32\taskhostex.exe[1980] C:\Windows\system32\KERNELBASE.dll!FreeLibrary + 1 00007ffb2dcf54c9 11 bytes [B8, 09, A3, 18, 5D, 00, 00, ...] .text C:\Windows\system32\taskhostex.exe[1980] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW + 1 00007ffb2dcf55b1 11 bytes [B8, 49, A1, 18, 5D, 00, 00, ...] .text C:\Windows\system32\taskhostex.exe[1980] C:\Windows\system32\KERNELBASE.dll!OpenMutexW + 1 00007ffb2dcf6741 11 bytes [B8, C9, 49, 18, 5D, 00, 00, ...] .text C:\Windows\system32\taskhostex.exe[1980] C:\Windows\system32\KERNELBASE.dll!CreateMutexW 00007ffb2dcf688c 12 bytes [48, B8, 89, 4B, 18, 5D, 00, ...] .text C:\Windows\system32\taskhostex.exe[1980] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExA + 1 00007ffb2dcf8f99 11 bytes [B8, 89, 9F, 18, 5D, 00, 00, ...] .text C:\Windows\system32\taskhostex.exe[1980] C:\Windows\system32\KERNELBASE.dll!GetProcAddress 00007ffb2dcf9e94 12 bytes [48, B8, C9, A4, 18, 5D, 00, ...] .text C:\Windows\system32\taskhostex.exe[1980] C:\Windows\system32\KERNELBASE.dll!CreateProcessInternalW 00007ffb2dd068c0 12 bytes [48, B8, 89, 28, 18, 5D, 00, ...] .text C:\Windows\system32\taskhostex.exe[1980] C:\Windows\system32\KERNELBASE.dll!WriteProcessMemory + 1 00007ffb2dd14ac1 11 bytes [B8, 89, 3D, 18, 5D, 00, 00, ...] .text C:\Windows\system32\taskhostex.exe[1980] C:\Windows\system32\KERNELBASE.dll!MoveFileExW + 1 00007ffb2dd4cb51 8 bytes [B8, 89, C2, 18, 5D, 00, 00, ...] .text C:\Windows\system32\taskhostex.exe[1980] C:\Windows\system32\KERNELBASE.dll!MoveFileExW + 10 00007ffb2dd4cb5a 2 bytes [50, C3] .text C:\Windows\system32\taskhostex.exe[1980] C:\Windows\system32\KERNELBASE.dll!MoveFileWithProgressW + 1 00007ffb2dd522e1 11 bytes [B8, C9, C7, 18, 5D, 00, 00, ...] .text C:\Windows\system32\taskhostex.exe[1980] C:\Windows\system32\KERNELBASE.dll!DefineDosDeviceW + 1 00007ffb2dd69b79 11 bytes [B8, 49, BD, 18, 5D, 00, 00, ...] .text C:\Windows\system32\taskhostex.exe[1980] C:\Windows\system32\KERNELBASE.dll!CreateThread 00007ffb2dd69eb0 12 bytes [48, B8, C9, 3B, 18, 5D, 00, ...] .text C:\Windows\system32\taskhostex.exe[1980] C:\Windows\system32\KERNELBASE.dll!ReadConsoleInputA + 1 00007ffb2ddbada5 11 bytes [B8, 49, 70, 18, 5D, 00, 00, ...] .text C:\Windows\system32\taskhostex.exe[1980] C:\Windows\system32\KERNELBASE.dll!ReadConsoleInputW + 1 00007ffb2ddbae11 11 bytes [B8, 09, 72, 18, 5D, 00, 00, ...] .text C:\Windows\system32\taskhostex.exe[1980] C:\Windows\system32\KERNELBASE.dll!ReadConsoleA 00007ffb2ddbb82c 12 bytes [48, B8, C9, 73, 18, 5D, 00, ...] .text C:\Windows\system32\taskhostex.exe[1980] C:\Windows\system32\KERNELBASE.dll!ReadConsoleW 00007ffb2ddbba54 12 bytes [48, B8, 89, 75, 18, 5D, 00, ...] .text C:\Windows\system32\taskhostex.exe[1980] C:\Windows\system32\KERNELBASE.dll!CreateRemoteThread 00007ffb2ddccddc 12 bytes [48, B8, C9, 1F, 18, 5D, 00, ...] .text C:\Windows\system32\taskhostex.exe[1980] C:\Windows\SYSTEM32\sechost.dll!CredIsProtectedW + 225 00007ffb2e032501 11 bytes [B8, 49, E7, 18, 5D, 00, 00, ...] .text C:\Windows\system32\taskhostex.exe[1980] C:\Windows\SYSTEM32\sechost.dll!CloseServiceHandle + 1 00007ffb2e034fcd 11 bytes [B8, 09, 5D, 18, 5D, 00, 00, ...] .text C:\Windows\system32\taskhostex.exe[1980] C:\Windows\SYSTEM32\sechost.dll!OpenServiceW 00007ffb2e0354e0 12 bytes [48, B8, C9, 50, 18, 5D, 00, ...] .text C:\Windows\system32\taskhostex.exe[1980] C:\Windows\SYSTEM32\sechost.dll!ControlServiceExW + 1 00007ffb2e037e31 11 bytes [B8, 49, 54, 18, 5D, 00, 00, ...] .text C:\Windows\system32\taskhostex.exe[1980] C:\Windows\SYSTEM32\sechost.dll!ControlService + 1 00007ffb2e038975 11 bytes [B8, 09, 56, 18, 5D, 00, 00, ...] .text C:\Windows\system32\taskhostex.exe[1980] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigW + 1 00007ffb2e03c295 11 bytes [B8, 49, 5B, 18, 5D, 00, 00, ...] .text C:\Windows\system32\taskhostex.exe[1980] C:\Windows\SYSTEM32\sechost.dll!OpenServiceA 00007ffb2e058840 12 bytes [48, B8, 09, 4F, 18, 5D, 00, ...] .text C:\Windows\system32\taskhostex.exe[1980] C:\Windows\SYSTEM32\sechost.dll!DeleteService + 1 00007ffb2e059905 11 bytes [B8, C9, 57, 18, 5D, 00, 00, ...] .text C:\Windows\system32\taskhostex.exe[1980] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigA + 1 00007ffb2e05c721 11 bytes [B8, 89, 59, 18, 5D, 00, 00, ...] .text C:\Windows\system32\taskhostex.exe[1980] C:\Windows\SYSTEM32\sechost.dll!ControlServiceExA + 1 00007ffb2e06cbf1 11 bytes [B8, 89, 52, 18, 5D, 00, 00, ...] .text C:\Windows\system32\taskhostex.exe[1980] C:\Windows\SYSTEM32\user32.dll!ShowWindow 00007ffb2e5d1190 6 bytes [48, B8, C9, 88, 18, 5D] .text C:\Windows\system32\taskhostex.exe[1980] C:\Windows\SYSTEM32\user32.dll!ShowWindow + 8 00007ffb2e5d1198 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\taskhostex.exe[1980] C:\Windows\SYSTEM32\user32.dll!UnhookWindowsHookEx 00007ffb2e5d11f0 6 bytes [48, B8, 89, 7C, 18, 5D] .text C:\Windows\system32\taskhostex.exe[1980] C:\Windows\SYSTEM32\user32.dll!UnhookWindowsHookEx + 8 00007ffb2e5d11f8 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\taskhostex.exe[1980] C:\Windows\SYSTEM32\user32.dll!GetMessageW 00007ffb2e5d2030 12 bytes [48, B8, 09, 6B, 18, 5D, 00, ...] .text C:\Windows\system32\taskhostex.exe[1980] C:\Windows\SYSTEM32\user32.dll!PeekMessageW + 1 00007ffb2e5d3071 11 bytes [B8, 89, 6E, 18, 5D, 00, 00, ...] .text C:\Windows\system32\taskhostex.exe[1980] C:\Windows\SYSTEM32\user32.dll!PostMessageW + 1 00007ffb2e5d34d1 11 bytes [B8, 49, D9, 18, 5D, 00, 00, ...] .text C:\Windows\system32\taskhostex.exe[1980] C:\Windows\SYSTEM32\user32.dll!CallNextHookEx + 1 00007ffb2e5d3be1 3 bytes [B8, C9, 7A] .text C:\Windows\system32\taskhostex.exe[1980] C:\Windows\SYSTEM32\user32.dll!CallNextHookEx + 5 00007ffb2e5d3be5 7 bytes [5D, 00, 00, 00, 00, 50, C3] .text C:\Windows\system32\taskhostex.exe[1980] C:\Windows\SYSTEM32\user32.dll!SetWindowTextW + 1 00007ffb2e5d56e1 11 bytes [B8, 49, 93, 18, 5D, 00, 00, ...] .text C:\Windows\system32\taskhostex.exe[1980] C:\Windows\SYSTEM32\user32.dll!GetMessageA + 1 00007ffb2e5d6401 11 bytes [B8, 49, 69, 18, 5D, 00, 00, ...] .text C:\Windows\system32\taskhostex.exe[1980] C:\Windows\SYSTEM32\user32.dll!PostMessageA 00007ffb2e5d6970 4 bytes [48, B8, 89, D7] .text C:\Windows\system32\taskhostex.exe[1980] C:\Windows\SYSTEM32\user32.dll!PostMessageA + 5 00007ffb2e5d6975 7 bytes [5D, 00, 00, 00, 00, 50, C3] .text C:\Windows\system32\taskhostex.exe[1980] C:\Windows\SYSTEM32\user32.dll!CreateWindowExW 00007ffb2e5d7834 7 bytes [48, B8, 49, 85, 18, 5D, 00] .text C:\Windows\system32\taskhostex.exe[1980] C:\Windows\SYSTEM32\user32.dll!CreateWindowExW + 10 00007ffb2e5d783e 2 bytes [50, C3] .text C:\Windows\system32\taskhostex.exe[1980] C:\Windows\SYSTEM32\user32.dll!SetWindowsHookExW + 1 00007ffb2e5da861 7 bytes [B8, 09, 1E, 18, 5D, 00, 00] .text C:\Windows\system32\taskhostex.exe[1980] C:\Windows\SYSTEM32\user32.dll!SetWindowsHookExW + 9 00007ffb2e5da869 3 bytes [00, 50, C3] .text C:\Windows\system32\taskhostex.exe[1980] C:\Windows\SYSTEM32\user32.dll!CreateWindowExA 00007ffb2e5dae38 7 bytes [48, B8, 09, 87, 18, 5D, 00] .text C:\Windows\system32\taskhostex.exe[1980] C:\Windows\SYSTEM32\user32.dll!CreateWindowExA + 10 00007ffb2e5dae42 2 bytes [50, C3] .text C:\Windows\system32\taskhostex.exe[1980] C:\Windows\SYSTEM32\user32.dll!FindWindowExW + 1 00007ffb2e5dceb1 11 bytes [B8, C9, AB, 18, 5D, 00, 00, ...] .text C:\Windows\system32\taskhostex.exe[1980] C:\Windows\SYSTEM32\user32.dll!FindWindowExA + 1 00007ffb2e5dd241 7 bytes [B8, 49, A8, 18, 5D, 00, 00] .text C:\Windows\system32\taskhostex.exe[1980] C:\Windows\SYSTEM32\user32.dll!FindWindowExA + 9 00007ffb2e5dd249 3 bytes [00, 50, C3] .text C:\Windows\system32\taskhostex.exe[1980] C:\Windows\SYSTEM32\user32.dll!FindWindowW + 1 00007ffb2e5dec31 7 bytes [B8, 09, AA, 18, 5D, 00, 00] .text C:\Windows\system32\taskhostex.exe[1980] C:\Windows\SYSTEM32\user32.dll!FindWindowW + 9 00007ffb2e5dec39 3 bytes [00, 50, C3] .text C:\Windows\system32\taskhostex.exe[1980] C:\Windows\SYSTEM32\user32.dll!SetWinEventHook 00007ffb2e5e2214 12 bytes [48, B8, 09, 3A, 18, 5D, 00, ...] .text C:\Windows\system32\taskhostex.exe[1980] C:\Windows\SYSTEM32\user32.dll!CreateDialogIndirectParamAorW + 1 00007ffb2e5f0dcd 11 bytes [B8, 89, 8A, 18, 5D, 00, 00, ...] .text C:\Windows\system32\taskhostex.exe[1980] C:\Windows\SYSTEM32\user32.dll!PeekMessageA + 1 00007ffb2e5f20e1 11 bytes [B8, C9, 6C, 18, 5D, 00, 00, ...] .text C:\Windows\system32\taskhostex.exe[1980] C:\Windows\SYSTEM32\user32.dll!UserClientDllInitialize + 1 00007ffb2e5f2831 11 bytes [B8, 09, E9, 18, 5D, 00, 00, ...] .text C:\Windows\system32\taskhostex.exe[1980] C:\Windows\SYSTEM32\user32.dll!DialogBoxIndirectParamAorW + 1 00007ffb2e600799 11 bytes [B8, 49, 8C, 18, 5D, 00, 00, ...] .text C:\Windows\system32\taskhostex.exe[1980] C:\Windows\SYSTEM32\user32.dll!SetWindowsHookExA + 1 00007ffb2e62d979 8 bytes [B8, 49, 1C, 18, 5D, 00, 00, ...] .text C:\Windows\system32\taskhostex.exe[1980] C:\Windows\SYSTEM32\user32.dll!SetWindowsHookExA + 10 00007ffb2e62d982 2 bytes [50, C3] .text C:\Windows\system32\taskhostex.exe[1980] C:\Windows\SYSTEM32\user32.dll!MessageBoxExA + 1 00007ffb2e6536fd 11 bytes [B8, 09, 8E, 18, 5D, 00, 00, ...] .text C:\Windows\system32\taskhostex.exe[1980] C:\Windows\SYSTEM32\user32.dll!MessageBoxExW + 1 00007ffb2e653721 11 bytes [B8, C9, 8F, 18, 5D, 00, 00, ...] .text C:\Windows\system32\taskhostex.exe[1980] C:\Windows\SYSTEM32\user32.dll!FindWindowA + 1 00007ffb2e654881 11 bytes [B8, 89, A6, 18, 5D, 00, 00, ...] .text C:\Windows\system32\taskhostex.exe[1980] C:\Windows\SYSTEM32\user32.dll!SetWindowTextA + 1 00007ffb2e65c725 11 bytes [B8, 89, 91, 18, 5D, 00, 00, ...] .text C:\Windows\system32\taskhostex.exe[1980] C:\Windows\system32\SHELL32.dll!Shell_NotifyIconW + 1 00007ffb2e883415 3 bytes [B8, 49, 7E] .text C:\Windows\system32\taskhostex.exe[1980] C:\Windows\system32\SHELL32.dll!Shell_NotifyIconW + 5 00007ffb2e883419 7 bytes [5D, 00, 00, 00, 00, 50, C3] .text C:\Windows\system32\taskhostex.exe[1980] C:\Windows\system32\ADVAPI32.dll!CreateServiceA 00007ffb2e0ecd04 12 bytes [48, B8, C9, 65, 18, 5D, 00, ...] .text C:\Windows\system32\taskhostex.exe[1980] C:\Windows\system32\ADVAPI32.dll!CreateServiceW 00007ffb2e0ecd88 12 bytes [48, B8, 89, 67, 18, 5D, 00, ...] .text C:\Windows\Explorer.EXE[2148] C:\Windows\system32\KERNEL32.DLL!CreateToolhelp32Snapshot 00007ffb2fbea8f0 12 bytes [48, B8, C9, 34, 18, 5D, 00, ...] .text C:\Windows\Explorer.EXE[2148] C:\Windows\system32\KERNEL32.DLL!GetStartupInfoA + 1 00007ffb2fc82731 11 bytes [B8, 09, 6B, 18, 5D, 00, 00, ...] .text C:\Windows\Explorer.EXE[2148] C:\Windows\system32\KERNEL32.DLL!MoveFileExA + 1 00007ffb2fca6f9d 8 bytes [B8, 89, 60, 18, 5D, 00, 00, ...] .text C:\Windows\Explorer.EXE[2148] C:\Windows\system32\KERNEL32.DLL!MoveFileExA + 10 00007ffb2fca6fa6 2 bytes [50, C3] .text C:\Windows\Explorer.EXE[2148] C:\Windows\system32\KERNEL32.DLL!MoveFileWithProgressA + 1 00007ffb2fca7095 11 bytes [B8, C9, 65, 18, 5D, 00, 00, ...] .text C:\Windows\Explorer.EXE[2148] C:\Windows\system32\KERNELBASE.dll!CreateProcessInternalW 00007ffb2dd068c0 12 bytes [48, B8, 89, 28, 18, 5D, 00, ...] .text C:\Windows\Explorer.EXE[2148] C:\Windows\system32\KERNELBASE.dll!WriteProcessMemory + 1 00007ffb2dd14ac1 11 bytes [B8, 89, 3D, 18, 5D, 00, 00, ...] .text C:\Windows\Explorer.EXE[2148] C:\Windows\system32\KERNELBASE.dll!MoveFileExW + 1 00007ffb2dd4cb51 8 bytes [B8, 49, 62, 18, 5D, 00, 00, ...] .text C:\Windows\Explorer.EXE[2148] C:\Windows\system32\KERNELBASE.dll!MoveFileExW + 10 00007ffb2dd4cb5a 2 bytes [50, C3] .text C:\Windows\Explorer.EXE[2148] C:\Windows\system32\KERNELBASE.dll!MoveFileWithProgressW + 1 00007ffb2dd522e1 11 bytes [B8, 89, 67, 18, 5D, 00, 00, ...] .text C:\Windows\Explorer.EXE[2148] C:\Windows\system32\KERNELBASE.dll!DefineDosDeviceW + 1 00007ffb2dd69b79 11 bytes [B8, 09, 5D, 18, 5D, 00, 00, ...] .text C:\Windows\Explorer.EXE[2148] C:\Windows\system32\KERNELBASE.dll!CreateThread 00007ffb2dd69eb0 12 bytes [48, B8, C9, 3B, 18, 5D, 00, ...] .text C:\Windows\Explorer.EXE[2148] C:\Windows\system32\KERNELBASE.dll!CreateRemoteThread 00007ffb2ddccddc 12 bytes [48, B8, C9, 1F, 18, 5D, 00, ...] .text C:\Windows\Explorer.EXE[2148] C:\Windows\SYSTEM32\advapi32.dll!CreateServiceA 00007ffb2e0ecd04 12 bytes [48, B8, 89, 52, 18, 5D, 00, ...] .text C:\Windows\Explorer.EXE[2148] C:\Windows\SYSTEM32\advapi32.dll!CreateServiceW 00007ffb2e0ecd88 12 bytes [48, B8, 49, 54, 18, 5D, 00, ...] .text C:\Windows\Explorer.EXE[2148] C:\Windows\system32\USER32.dll!GetMessageW 00007ffb2e5d2030 12 bytes [48, B8, 49, 70, 18, 5D, 00, ...] .text C:\Windows\Explorer.EXE[2148] C:\Windows\system32\USER32.dll!PostMessageW + 1 00007ffb2e5d34d1 11 bytes [B8, C9, 73, 18, 5D, 00, 00, ...] .text C:\Windows\Explorer.EXE[2148] C:\Windows\system32\USER32.dll!GetMessageA + 1 00007ffb2e5d6401 11 bytes [B8, 89, 6E, 18, 5D, 00, 00, ...] .text C:\Windows\Explorer.EXE[2148] C:\Windows\system32\USER32.dll!PostMessageA 00007ffb2e5d6970 4 bytes [48, B8, 09, 72] .text C:\Windows\Explorer.EXE[2148] C:\Windows\system32\USER32.dll!PostMessageA + 5 00007ffb2e5d6975 7 bytes [5D, 00, 00, 00, 00, 50, C3] .text C:\Windows\Explorer.EXE[2148] C:\Windows\system32\USER32.dll!SetWindowsHookExW + 1 00007ffb2e5da861 7 bytes [B8, 09, 1E, 18, 5D, 00, 00] .text C:\Windows\Explorer.EXE[2148] C:\Windows\system32\USER32.dll!SetWindowsHookExW + 9 00007ffb2e5da869 3 bytes [00, 50, C3] .text C:\Windows\Explorer.EXE[2148] C:\Windows\system32\USER32.dll!SetWinEventHook 00007ffb2e5e2214 12 bytes [48, B8, 09, 3A, 18, 5D, 00, ...] .text C:\Windows\Explorer.EXE[2148] C:\Windows\system32\USER32.dll!UserClientDllInitialize + 1 00007ffb2e5f2831 11 bytes [B8, 09, 80, 18, 5D, 00, 00, ...] .text C:\Windows\Explorer.EXE[2148] C:\Windows\system32\USER32.dll!SetWindowsHookExA + 1 00007ffb2e62d979 8 bytes [B8, 49, 1C, 18, 5D, 00, 00, ...] .text C:\Windows\Explorer.EXE[2148] C:\Windows\system32\USER32.dll!SetWindowsHookExA + 10 00007ffb2e62d982 2 bytes [50, C3] .text C:\Windows\Explorer.EXE[2148] C:\Windows\SYSTEM32\sechost.dll!CredIsProtectedW + 225 00007ffb2e032501 11 bytes [B8, C9, 81, 18, 5D, 00, 00, ...] .text C:\Windows\Explorer.EXE[2148] C:\Windows\SYSTEM32\sechost.dll!CloseServiceHandle + 1 00007ffb2e034fcd 11 bytes [B8, 49, 4D, 18, 5D, 00, 00, ...] .text C:\Windows\Explorer.EXE[2148] C:\Windows\SYSTEM32\sechost.dll!OpenServiceW 00007ffb2e0354e0 12 bytes [48, B8, 09, 41, 18, 5D, 00, ...] .text C:\Windows\Explorer.EXE[2148] C:\Windows\SYSTEM32\sechost.dll!ControlServiceExW + 1 00007ffb2e037e31 11 bytes [B8, 89, 44, 18, 5D, 00, 00, ...] .text C:\Windows\Explorer.EXE[2148] C:\Windows\SYSTEM32\sechost.dll!ControlService + 1 00007ffb2e038975 11 bytes [B8, 49, 46, 18, 5D, 00, 00, ...] .text C:\Windows\Explorer.EXE[2148] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigW + 1 00007ffb2e03c295 11 bytes [B8, 89, 4B, 18, 5D, 00, 00, ...] .text C:\Windows\Explorer.EXE[2148] C:\Windows\SYSTEM32\sechost.dll!OpenServiceA 00007ffb2e058840 12 bytes [48, B8, 49, 3F, 18, 5D, 00, ...] .text C:\Windows\Explorer.EXE[2148] C:\Windows\SYSTEM32\sechost.dll!DeleteService + 1 00007ffb2e059905 11 bytes [B8, 09, 48, 18, 5D, 00, 00, ...] .text C:\Windows\Explorer.EXE[2148] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigA + 1 00007ffb2e05c721 11 bytes [B8, C9, 49, 18, 5D, 00, 00, ...] .text C:\Windows\Explorer.EXE[2148] C:\Windows\SYSTEM32\sechost.dll!ControlServiceExA + 1 00007ffb2e06cbf1 11 bytes [B8, C9, 42, 18, 5D, 00, 00, ...] .text C:\Windows\Explorer.EXE[2148] C:\Windows\system32\WS2_32.dll!connect 00007ffb2e7707f0 12 bytes [48, B8, 09, 4F, 18, 5D, 00, ...] .text C:\Windows\Explorer.EXE[2148] C:\Windows\system32\PSAPI.DLL!GetModuleBaseNameA + 506 00007ffb3062169a 4 bytes [62, 30, FB, 7F] .text C:\Windows\Explorer.EXE[2148] C:\Windows\system32\PSAPI.DLL!GetModuleBaseNameA + 514 00007ffb306216a2 4 bytes [62, 30, FB, 7F] .text C:\Windows\Explorer.EXE[2148] C:\Windows\system32\PSAPI.DLL!QueryWorkingSet + 118 00007ffb3062181a 4 bytes [62, 30, FB, 7F] .text C:\Windows\Explorer.EXE[2148] C:\Windows\system32\PSAPI.DLL!QueryWorkingSet + 142 00007ffb30621832 4 bytes [62, 30, FB, 7F] .text C:\Program Files\Bitdefender\Bitdefender 2015\updatesrv.exe[2444] C:\Windows\system32\KERNEL32.DLL!UnhandledExceptionFilter + 1 00007ffb2fcad48d 5 bytes [B8, 30, 08, 8B, 00] .text C:\Program Files\Bitdefender\Bitdefender 2015\updatesrv.exe[2444] C:\Windows\system32\KERNEL32.DLL!UnhandledExceptionFilter + 7 00007ffb2fcad493 5 bytes [00, 00, 00, 50, C3] .text C:\Program Files\Bitdefender\Bitdefender 2015\updatesrv.exe[2444] C:\Windows\system32\PSAPI.DLL!GetModuleBaseNameA + 506 00007ffb3062169a 4 bytes [62, 30, FB, 7F] .text C:\Program Files\Bitdefender\Bitdefender 2015\updatesrv.exe[2444] C:\Windows\system32\PSAPI.DLL!GetModuleBaseNameA + 514 00007ffb306216a2 4 bytes [62, 30, FB, 7F] .text C:\Program Files\Bitdefender\Bitdefender 2015\updatesrv.exe[2444] C:\Windows\system32\PSAPI.DLL!QueryWorkingSet + 118 00007ffb3062181a 4 bytes [62, 30, FB, 7F] .text C:\Program Files\Bitdefender\Bitdefender 2015\updatesrv.exe[2444] C:\Windows\system32\PSAPI.DLL!QueryWorkingSet + 142 00007ffb30621832 4 bytes [62, 30, FB, 7F] .text C:\Windows\system32\WpcMon.exe[3884] C:\Windows\system32\KERNEL32.DLL!CreateToolhelp32Snapshot 00007ffb2fbea8f0 12 bytes [48, B8, C9, 34, 18, 5D, 00, ...] .text C:\Windows\system32\WpcMon.exe[3884] C:\Windows\system32\KERNEL32.DLL!Process32NextW 00007ffb2fbeb0f0 12 bytes [48, B8, 49, AF, 18, 5D, 00, ...] .text C:\Windows\system32\WpcMon.exe[3884] C:\Windows\system32\KERNEL32.DLL!GetStartupInfoA + 1 00007ffb2fc82731 11 bytes [B8, 09, D4, 18, 5D, 00, 00, ...] .text C:\Windows\system32\WpcMon.exe[3884] C:\Windows\system32\KERNEL32.DLL!MoveFileExA + 1 00007ffb2fca6f9d 8 bytes [B8, C9, C0, 18, 5D, 00, 00, ...] .text C:\Windows\system32\WpcMon.exe[3884] C:\Windows\system32\KERNEL32.DLL!MoveFileExA + 10 00007ffb2fca6fa6 2 bytes [50, C3] .text C:\Windows\system32\WpcMon.exe[3884] C:\Windows\system32\KERNEL32.DLL!MoveFileWithProgressA + 1 00007ffb2fca7095 11 bytes [B8, 09, C6, 18, 5D, 00, 00, ...] .text C:\Windows\system32\WpcMon.exe[3884] C:\Windows\system32\KERNELBASE.dll!CloseHandle 00007ffb2dcf14f0 12 bytes [48, B8, 49, 4D, 18, 5D, 00, ...] .text C:\Windows\system32\WpcMon.exe[3884] C:\Windows\system32\KERNELBASE.dll!FreeLibrary + 1 00007ffb2dcf54c9 11 bytes [B8, 09, A3, 18, 5D, 00, 00, ...] .text C:\Windows\system32\WpcMon.exe[3884] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW + 1 00007ffb2dcf55b1 11 bytes [B8, 49, A1, 18, 5D, 00, 00, ...] .text C:\Windows\system32\WpcMon.exe[3884] C:\Windows\system32\KERNELBASE.dll!OpenMutexW + 1 00007ffb2dcf6741 11 bytes [B8, C9, 49, 18, 5D, 00, 00, ...] .text C:\Windows\system32\WpcMon.exe[3884] C:\Windows\system32\KERNELBASE.dll!CreateMutexW 00007ffb2dcf688c 12 bytes [48, B8, 89, 4B, 18, 5D, 00, ...] .text C:\Windows\system32\WpcMon.exe[3884] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExA + 1 00007ffb2dcf8f99 11 bytes [B8, 89, 9F, 18, 5D, 00, 00, ...] .text C:\Windows\system32\WpcMon.exe[3884] C:\Windows\system32\KERNELBASE.dll!GetProcAddress 00007ffb2dcf9e94 12 bytes [48, B8, C9, A4, 18, 5D, 00, ...] .text C:\Windows\system32\WpcMon.exe[3884] C:\Windows\system32\KERNELBASE.dll!CreateProcessInternalW 00007ffb2dd068c0 12 bytes [48, B8, 89, 28, 18, 5D, 00, ...] .text C:\Windows\system32\WpcMon.exe[3884] C:\Windows\system32\KERNELBASE.dll!WriteProcessMemory + 1 00007ffb2dd14ac1 11 bytes [B8, 89, 3D, 18, 5D, 00, 00, ...] .text C:\Windows\system32\WpcMon.exe[3884] C:\Windows\system32\KERNELBASE.dll!MoveFileExW + 1 00007ffb2dd4cb51 8 bytes [B8, 89, C2, 18, 5D, 00, 00, ...] .text C:\Windows\system32\WpcMon.exe[3884] C:\Windows\system32\KERNELBASE.dll!MoveFileExW + 10 00007ffb2dd4cb5a 2 bytes [50, C3] .text C:\Windows\system32\WpcMon.exe[3884] C:\Windows\system32\KERNELBASE.dll!MoveFileWithProgressW + 1 00007ffb2dd522e1 11 bytes [B8, C9, C7, 18, 5D, 00, 00, ...] .text C:\Windows\system32\WpcMon.exe[3884] C:\Windows\system32\KERNELBASE.dll!DefineDosDeviceW + 1 00007ffb2dd69b79 11 bytes [B8, 49, BD, 18, 5D, 00, 00, ...] .text C:\Windows\system32\WpcMon.exe[3884] C:\Windows\system32\KERNELBASE.dll!CreateThread 00007ffb2dd69eb0 12 bytes [48, B8, C9, 3B, 18, 5D, 00, ...] .text C:\Windows\system32\WpcMon.exe[3884] C:\Windows\system32\KERNELBASE.dll!ReadConsoleInputA + 1 00007ffb2ddbada5 11 bytes [B8, 49, 70, 18, 5D, 00, 00, ...] .text C:\Windows\system32\WpcMon.exe[3884] C:\Windows\system32\KERNELBASE.dll!ReadConsoleInputW + 1 00007ffb2ddbae11 11 bytes [B8, 09, 72, 18, 5D, 00, 00, ...] .text C:\Windows\system32\WpcMon.exe[3884] C:\Windows\system32\KERNELBASE.dll!ReadConsoleA 00007ffb2ddbb82c 12 bytes [48, B8, C9, 73, 18, 5D, 00, ...] .text C:\Windows\system32\WpcMon.exe[3884] C:\Windows\system32\KERNELBASE.dll!ReadConsoleW 00007ffb2ddbba54 12 bytes [48, B8, 89, 75, 18, 5D, 00, ...] .text C:\Windows\system32\WpcMon.exe[3884] C:\Windows\system32\KERNELBASE.dll!CreateRemoteThread 00007ffb2ddccddc 12 bytes [48, B8, C9, 1F, 18, 5D, 00, ...] .text C:\Windows\system32\WpcMon.exe[3884] C:\Windows\system32\ADVAPI32.dll!CreateServiceA 00007ffb2e0ecd04 12 bytes [48, B8, C9, 65, 18, 5D, 00, ...] .text C:\Windows\system32\WpcMon.exe[3884] C:\Windows\system32\ADVAPI32.dll!CreateServiceW 00007ffb2e0ecd88 12 bytes [48, B8, 89, 67, 18, 5D, 00, ...] .text C:\Windows\system32\WpcMon.exe[3884] C:\Windows\system32\SHELL32.dll!Shell_NotifyIconW + 1 00007ffb2e883415 3 bytes [B8, 49, 7E] .text C:\Windows\system32\WpcMon.exe[3884] C:\Windows\system32\SHELL32.dll!Shell_NotifyIconW + 5 00007ffb2e883419 7 bytes [5D, 00, 00, 00, 00, 50, C3] .text C:\Windows\system32\WpcMon.exe[3884] C:\Windows\system32\USER32.dll!ShowWindow 00007ffb2e5d1190 6 bytes [48, B8, C9, 88, 18, 5D] .text C:\Windows\system32\WpcMon.exe[3884] C:\Windows\system32\USER32.dll!ShowWindow + 8 00007ffb2e5d1198 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\WpcMon.exe[3884] C:\Windows\system32\USER32.dll!UnhookWindowsHookEx 00007ffb2e5d11f0 6 bytes [48, B8, 89, 7C, 18, 5D] .text C:\Windows\system32\WpcMon.exe[3884] C:\Windows\system32\USER32.dll!UnhookWindowsHookEx + 8 00007ffb2e5d11f8 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\WpcMon.exe[3884] C:\Windows\system32\USER32.dll!GetMessageW 00007ffb2e5d2030 12 bytes [48, B8, 09, 6B, 18, 5D, 00, ...] .text C:\Windows\system32\WpcMon.exe[3884] C:\Windows\system32\USER32.dll!PeekMessageW + 1 00007ffb2e5d3071 11 bytes [B8, 89, 6E, 18, 5D, 00, 00, ...] .text C:\Windows\system32\WpcMon.exe[3884] C:\Windows\system32\USER32.dll!PostMessageW + 1 00007ffb2e5d34d1 11 bytes [B8, 49, D9, 18, 5D, 00, 00, ...] .text C:\Windows\system32\WpcMon.exe[3884] C:\Windows\system32\USER32.dll!CallNextHookEx + 1 00007ffb2e5d3be1 3 bytes [B8, C9, 7A] .text C:\Windows\system32\WpcMon.exe[3884] C:\Windows\system32\USER32.dll!CallNextHookEx + 5 00007ffb2e5d3be5 7 bytes [5D, 00, 00, 00, 00, 50, C3] .text C:\Windows\system32\WpcMon.exe[3884] C:\Windows\system32\USER32.dll!SetWindowTextW + 1 00007ffb2e5d56e1 11 bytes [B8, 49, 93, 18, 5D, 00, 00, ...] .text C:\Windows\system32\WpcMon.exe[3884] C:\Windows\system32\USER32.dll!GetMessageA + 1 00007ffb2e5d6401 11 bytes [B8, 49, 69, 18, 5D, 00, 00, ...] .text C:\Windows\system32\WpcMon.exe[3884] C:\Windows\system32\USER32.dll!PostMessageA 00007ffb2e5d6970 4 bytes [48, B8, 89, D7] .text C:\Windows\system32\WpcMon.exe[3884] C:\Windows\system32\USER32.dll!PostMessageA + 5 00007ffb2e5d6975 7 bytes [5D, 00, 00, 00, 00, 50, C3] .text C:\Windows\system32\WpcMon.exe[3884] C:\Windows\system32\USER32.dll!CreateWindowExW 00007ffb2e5d7834 7 bytes [48, B8, 49, 85, 18, 5D, 00] .text C:\Windows\system32\WpcMon.exe[3884] C:\Windows\system32\USER32.dll!CreateWindowExW + 10 00007ffb2e5d783e 2 bytes [50, C3] .text C:\Windows\system32\WpcMon.exe[3884] C:\Windows\system32\USER32.dll!SetWindowsHookExW + 1 00007ffb2e5da861 7 bytes [B8, 09, 1E, 18, 5D, 00, 00] .text C:\Windows\system32\WpcMon.exe[3884] C:\Windows\system32\USER32.dll!SetWindowsHookExW + 9 00007ffb2e5da869 3 bytes [00, 50, C3] .text C:\Windows\system32\WpcMon.exe[3884] C:\Windows\system32\USER32.dll!CreateWindowExA 00007ffb2e5dae38 7 bytes [48, B8, 09, 87, 18, 5D, 00] .text C:\Windows\system32\WpcMon.exe[3884] C:\Windows\system32\USER32.dll!CreateWindowExA + 10 00007ffb2e5dae42 2 bytes [50, C3] .text C:\Windows\system32\WpcMon.exe[3884] C:\Windows\system32\USER32.dll!FindWindowExW + 1 00007ffb2e5dceb1 11 bytes [B8, C9, AB, 18, 5D, 00, 00, ...] .text C:\Windows\system32\WpcMon.exe[3884] C:\Windows\system32\USER32.dll!FindWindowExA + 1 00007ffb2e5dd241 7 bytes [B8, 49, A8, 18, 5D, 00, 00] .text C:\Windows\system32\WpcMon.exe[3884] C:\Windows\system32\USER32.dll!FindWindowExA + 9 00007ffb2e5dd249 3 bytes [00, 50, C3] .text C:\Windows\system32\WpcMon.exe[3884] C:\Windows\system32\USER32.dll!FindWindowW + 1 00007ffb2e5dec31 7 bytes [B8, 09, AA, 18, 5D, 00, 00] .text C:\Windows\system32\WpcMon.exe[3884] C:\Windows\system32\USER32.dll!FindWindowW + 9 00007ffb2e5dec39 3 bytes [00, 50, C3] .text C:\Windows\system32\WpcMon.exe[3884] C:\Windows\system32\USER32.dll!SetWinEventHook 00007ffb2e5e2214 12 bytes [48, B8, 09, 3A, 18, 5D, 00, ...] .text C:\Windows\system32\WpcMon.exe[3884] C:\Windows\system32\USER32.dll!CreateDialogIndirectParamAorW + 1 00007ffb2e5f0dcd 11 bytes [B8, 89, 8A, 18, 5D, 00, 00, ...] .text C:\Windows\system32\WpcMon.exe[3884] C:\Windows\system32\USER32.dll!PeekMessageA + 1 00007ffb2e5f20e1 11 bytes [B8, C9, 6C, 18, 5D, 00, 00, ...] .text C:\Windows\system32\WpcMon.exe[3884] C:\Windows\system32\USER32.dll!UserClientDllInitialize + 1 00007ffb2e5f2831 11 bytes [B8, C9, EA, 18, 5D, 00, 00, ...] .text C:\Windows\system32\WpcMon.exe[3884] C:\Windows\system32\USER32.dll!DialogBoxIndirectParamAorW + 1 00007ffb2e600799 11 bytes [B8, 49, 8C, 18, 5D, 00, 00, ...] .text C:\Windows\system32\WpcMon.exe[3884] C:\Windows\system32\USER32.dll!SetWindowsHookExA + 1 00007ffb2e62d979 8 bytes [B8, 49, 1C, 18, 5D, 00, 00, ...] .text C:\Windows\system32\WpcMon.exe[3884] C:\Windows\system32\USER32.dll!SetWindowsHookExA + 10 00007ffb2e62d982 2 bytes [50, C3] .text C:\Windows\system32\WpcMon.exe[3884] C:\Windows\system32\USER32.dll!MessageBoxExA + 1 00007ffb2e6536fd 11 bytes [B8, 09, 8E, 18, 5D, 00, 00, ...] .text C:\Windows\system32\WpcMon.exe[3884] C:\Windows\system32\USER32.dll!MessageBoxExW + 1 00007ffb2e653721 11 bytes [B8, C9, 8F, 18, 5D, 00, 00, ...] .text C:\Windows\system32\WpcMon.exe[3884] C:\Windows\system32\USER32.dll!FindWindowA + 1 00007ffb2e654881 11 bytes [B8, 89, A6, 18, 5D, 00, 00, ...] .text C:\Windows\system32\WpcMon.exe[3884] C:\Windows\system32\USER32.dll!SetWindowTextA + 1 00007ffb2e65c725 11 bytes [B8, 89, 91, 18, 5D, 00, 00, ...] .text C:\Windows\system32\WpcMon.exe[3884] C:\Windows\system32\WS2_32.dll!closesocket 00007ffb2e761ac0 12 bytes [48, B8, 89, 98, 18, 5D, 00, ...] .text C:\Windows\system32\WpcMon.exe[3884] C:\Windows\system32\WS2_32.dll!WSASocketW 00007ffb2e762190 12 bytes [48, B8, C9, 96, 18, 5D, 00, ...] .text C:\Windows\system32\WpcMon.exe[3884] C:\Windows\system32\WS2_32.dll!socket + 1 00007ffb2e7624a1 11 bytes [B8, 89, C9, 18, 5D, 00, 00, ...] .text C:\Windows\system32\WpcMon.exe[3884] C:\Windows\system32\WS2_32.dll!GetAddrInfoW 00007ffb2e762bb0 12 bytes [48, B8, 09, 80, 18, 5D, 00, ...] .text C:\Windows\system32\WpcMon.exe[3884] C:\Windows\system32\WS2_32.dll!GetAddrInfoExW 00007ffb2e768a90 12 bytes [48, B8, C9, 81, 18, 5D, 00, ...] .text C:\Windows\system32\WpcMon.exe[3884] C:\Windows\system32\WS2_32.dll!WSASend + 1 00007ffb2e76f381 11 bytes [B8, 49, 9A, 18, 5D, 00, 00, ...] .text C:\Windows\system32\WpcMon.exe[3884] C:\Windows\system32\WS2_32.dll!recv + 1 00007ffb2e76f561 11 bytes [B8, C9, CE, 18, 5D, 00, 00, ...] .text C:\Windows\system32\WpcMon.exe[3884] C:\Windows\system32\WS2_32.dll!WSARecv + 1 00007ffb2e76ffd1 11 bytes [B8, 89, D0, 18, 5D, 00, 00, ...] .text C:\Windows\system32\WpcMon.exe[3884] C:\Windows\system32\WS2_32.dll!connect 00007ffb2e7707f0 12 bytes [48, B8, 49, 62, 18, 5D, 00, ...] .text C:\Windows\system32\WpcMon.exe[3884] C:\Windows\system32\WS2_32.dll!send + 1 00007ffb2e770f61 11 bytes [B8, 09, 95, 18, 5D, 00, 00, ...] .text C:\Windows\system32\WpcMon.exe[3884] C:\Windows\system32\WS2_32.dll!WSAConnect + 1 00007ffb2e7769b1 11 bytes [B8, 09, CD, 18, 5D, 00, 00, ...] .text C:\Windows\system32\WpcMon.exe[3884] C:\Windows\system32\WS2_32.dll!gethostbyname + 1 00007ffb2e784749 11 bytes [B8, 89, 83, 18, 5D, 00, 00, ...] .text C:\Windows\system32\WpcMon.exe[3884] C:\Windows\SYSTEM32\sechost.dll!CredIsProtectedW + 225 00007ffb2e032501 11 bytes [B8, 49, EE, 18, 5D, 00, 00, ...] .text C:\Windows\system32\WpcMon.exe[3884] C:\Windows\SYSTEM32\sechost.dll!CloseServiceHandle + 1 00007ffb2e034fcd 11 bytes [B8, 09, 5D, 18, 5D, 00, 00, ...] .text C:\Windows\system32\WpcMon.exe[3884] C:\Windows\SYSTEM32\sechost.dll!OpenServiceW 00007ffb2e0354e0 12 bytes [48, B8, C9, 50, 18, 5D, 00, ...] .text C:\Windows\system32\WpcMon.exe[3884] C:\Windows\SYSTEM32\sechost.dll!ControlServiceExW + 1 00007ffb2e037e31 11 bytes [B8, 49, 54, 18, 5D, 00, 00, ...] .text C:\Windows\system32\WpcMon.exe[3884] C:\Windows\SYSTEM32\sechost.dll!ControlService + 1 00007ffb2e038975 11 bytes [B8, 09, 56, 18, 5D, 00, 00, ...] .text C:\Windows\system32\WpcMon.exe[3884] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigW + 1 00007ffb2e03c295 11 bytes [B8, 49, 5B, 18, 5D, 00, 00, ...] .text C:\Windows\system32\WpcMon.exe[3884] C:\Windows\SYSTEM32\sechost.dll!OpenServiceA 00007ffb2e058840 12 bytes [48, B8, 09, 4F, 18, 5D, 00, ...] .text C:\Windows\system32\WpcMon.exe[3884] C:\Windows\SYSTEM32\sechost.dll!DeleteService + 1 00007ffb2e059905 11 bytes [B8, C9, 57, 18, 5D, 00, 00, ...] .text C:\Windows\system32\WpcMon.exe[3884] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigA + 1 00007ffb2e05c721 11 bytes [B8, 89, 59, 18, 5D, 00, 00, ...] .text C:\Windows\system32\WpcMon.exe[3884] C:\Windows\SYSTEM32\sechost.dll!ControlServiceExA + 1 00007ffb2e06cbf1 11 bytes [B8, 89, 52, 18, 5D, 00, 00, ...] .text C:\Windows\system32\WpcMon.exe[3884] C:\Windows\system32\DNSAPI.dll!DnsQueryEx 00007ffb2d0533a0 4 bytes [48, B8, 89, BB] .text C:\Windows\system32\WpcMon.exe[3884] C:\Windows\system32\DNSAPI.dll!DnsQueryEx + 5 00007ffb2d0533a5 7 bytes [5D, 00, 00, 00, 00, 50, C3] .text C:\Windows\system32\WpcMon.exe[3884] C:\Windows\system32\DNSAPI.dll!DnsQuery_UTF8 00007ffb2d072ff0 12 bytes [48, B8, C9, B9, 18, 5D, 00, ...] .text C:\Windows\system32\WpcMon.exe[3884] C:\Windows\system32\DNSAPI.dll!DnsQuery_W 00007ffb2d081b74 12 bytes [48, B8, 09, B8, 18, 5D, 00, ...] .text C:\Windows\system32\WpcMon.exe[3884] C:\Windows\system32\DNSAPI.dll!DnsQuery_A 00007ffb2d0afcec 12 bytes [48, B8, 49, B6, 18, 5D, 00, ...] .text C:\Windows\System32\igfxtray.exe[3832] C:\Windows\system32\KERNEL32.DLL!CreateToolhelp32Snapshot 00007ffb2fbea8f0 12 bytes [48, B8, C9, 34, 18, 5D, 00, ...] .text C:\Windows\System32\igfxtray.exe[3832] C:\Windows\system32\KERNEL32.DLL!Process32NextW 00007ffb2fbeb0f0 12 bytes [48, B8, 49, AF, 18, 5D, 00, ...] .text C:\Windows\System32\igfxtray.exe[3832] C:\Windows\system32\KERNEL32.DLL!GetStartupInfoA + 1 00007ffb2fc82731 11 bytes [B8, 09, D4, 18, 5D, 00, 00, ...] .text C:\Windows\System32\igfxtray.exe[3832] C:\Windows\system32\KERNEL32.DLL!MoveFileExA + 1 00007ffb2fca6f9d 8 bytes [B8, C9, C0, 18, 5D, 00, 00, ...] .text C:\Windows\System32\igfxtray.exe[3832] C:\Windows\system32\KERNEL32.DLL!MoveFileExA + 10 00007ffb2fca6fa6 2 bytes [50, C3] .text C:\Windows\System32\igfxtray.exe[3832] C:\Windows\system32\KERNEL32.DLL!MoveFileWithProgressA + 1 00007ffb2fca7095 11 bytes [B8, 09, C6, 18, 5D, 00, 00, ...] .text C:\Windows\System32\igfxtray.exe[3832] C:\Windows\system32\KERNELBASE.dll!CloseHandle 00007ffb2dcf14f0 12 bytes [48, B8, 49, 4D, 18, 5D, 00, ...] .text C:\Windows\System32\igfxtray.exe[3832] C:\Windows\system32\KERNELBASE.dll!FreeLibrary + 1 00007ffb2dcf54c9 11 bytes [B8, 09, A3, 18, 5D, 00, 00, ...] .text C:\Windows\System32\igfxtray.exe[3832] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW + 1 00007ffb2dcf55b1 11 bytes [B8, 49, A1, 18, 5D, 00, 00, ...] .text C:\Windows\System32\igfxtray.exe[3832] C:\Windows\system32\KERNELBASE.dll!OpenMutexW + 1 00007ffb2dcf6741 11 bytes [B8, C9, 49, 18, 5D, 00, 00, ...] .text C:\Windows\System32\igfxtray.exe[3832] C:\Windows\system32\KERNELBASE.dll!CreateMutexW 00007ffb2dcf688c 12 bytes [48, B8, 89, 4B, 18, 5D, 00, ...] .text C:\Windows\System32\igfxtray.exe[3832] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExA + 1 00007ffb2dcf8f99 11 bytes [B8, 89, 9F, 18, 5D, 00, 00, ...] .text C:\Windows\System32\igfxtray.exe[3832] C:\Windows\system32\KERNELBASE.dll!GetProcAddress 00007ffb2dcf9e94 12 bytes [48, B8, C9, A4, 18, 5D, 00, ...] .text C:\Windows\System32\igfxtray.exe[3832] C:\Windows\system32\KERNELBASE.dll!CreateProcessInternalW 00007ffb2dd068c0 12 bytes [48, B8, 89, 28, 18, 5D, 00, ...] .text C:\Windows\System32\igfxtray.exe[3832] C:\Windows\system32\KERNELBASE.dll!WriteProcessMemory + 1 00007ffb2dd14ac1 11 bytes [B8, 89, 3D, 18, 5D, 00, 00, ...] .text C:\Windows\System32\igfxtray.exe[3832] C:\Windows\system32\KERNELBASE.dll!MoveFileExW + 1 00007ffb2dd4cb51 8 bytes [B8, 89, C2, 18, 5D, 00, 00, ...] .text C:\Windows\System32\igfxtray.exe[3832] C:\Windows\system32\KERNELBASE.dll!MoveFileExW + 10 00007ffb2dd4cb5a 2 bytes [50, C3] .text C:\Windows\System32\igfxtray.exe[3832] C:\Windows\system32\KERNELBASE.dll!MoveFileWithProgressW + 1 00007ffb2dd522e1 11 bytes [B8, C9, C7, 18, 5D, 00, 00, ...] .text C:\Windows\System32\igfxtray.exe[3832] C:\Windows\system32\KERNELBASE.dll!DefineDosDeviceW + 1 00007ffb2dd69b79 11 bytes [B8, 49, BD, 18, 5D, 00, 00, ...] .text C:\Windows\System32\igfxtray.exe[3832] C:\Windows\system32\KERNELBASE.dll!CreateThread 00007ffb2dd69eb0 12 bytes [48, B8, C9, 3B, 18, 5D, 00, ...] .text C:\Windows\System32\igfxtray.exe[3832] C:\Windows\system32\KERNELBASE.dll!ReadConsoleInputA + 1 00007ffb2ddbada5 11 bytes [B8, 49, 70, 18, 5D, 00, 00, ...] .text C:\Windows\System32\igfxtray.exe[3832] C:\Windows\system32\KERNELBASE.dll!ReadConsoleInputW + 1 00007ffb2ddbae11 11 bytes [B8, 09, 72, 18, 5D, 00, 00, ...] .text C:\Windows\System32\igfxtray.exe[3832] C:\Windows\system32\KERNELBASE.dll!ReadConsoleA 00007ffb2ddbb82c 12 bytes [48, B8, C9, 73, 18, 5D, 00, ...] .text C:\Windows\System32\igfxtray.exe[3832] C:\Windows\system32\KERNELBASE.dll!ReadConsoleW 00007ffb2ddbba54 12 bytes [48, B8, 89, 75, 18, 5D, 00, ...] .text C:\Windows\System32\igfxtray.exe[3832] C:\Windows\system32\KERNELBASE.dll!CreateRemoteThread 00007ffb2ddccddc 12 bytes [48, B8, C9, 1F, 18, 5D, 00, ...] .text C:\Windows\System32\igfxtray.exe[3832] C:\Windows\system32\USER32.dll!ShowWindow 00007ffb2e5d1190 6 bytes [48, B8, C9, 88, 18, 5D] .text C:\Windows\System32\igfxtray.exe[3832] C:\Windows\system32\USER32.dll!ShowWindow + 8 00007ffb2e5d1198 4 bytes [00, 00, 50, C3] .text C:\Windows\System32\igfxtray.exe[3832] C:\Windows\system32\USER32.dll!UnhookWindowsHookEx 00007ffb2e5d11f0 6 bytes [48, B8, 89, 7C, 18, 5D] .text C:\Windows\System32\igfxtray.exe[3832] C:\Windows\system32\USER32.dll!UnhookWindowsHookEx + 8 00007ffb2e5d11f8 4 bytes [00, 00, 50, C3] .text C:\Windows\System32\igfxtray.exe[3832] C:\Windows\system32\USER32.dll!GetMessageW 00007ffb2e5d2030 12 bytes [48, B8, 09, 6B, 18, 5D, 00, ...] .text C:\Windows\System32\igfxtray.exe[3832] C:\Windows\system32\USER32.dll!PeekMessageW + 1 00007ffb2e5d3071 11 bytes [B8, 89, 6E, 18, 5D, 00, 00, ...] .text C:\Windows\System32\igfxtray.exe[3832] C:\Windows\system32\USER32.dll!PostMessageW + 1 00007ffb2e5d34d1 11 bytes [B8, 49, D9, 18, 5D, 00, 00, ...] .text C:\Windows\System32\igfxtray.exe[3832] C:\Windows\system32\USER32.dll!CallNextHookEx + 1 00007ffb2e5d3be1 3 bytes [B8, C9, 7A] .text C:\Windows\System32\igfxtray.exe[3832] C:\Windows\system32\USER32.dll!CallNextHookEx + 5 00007ffb2e5d3be5 7 bytes [5D, 00, 00, 00, 00, 50, C3] .text C:\Windows\System32\igfxtray.exe[3832] C:\Windows\system32\USER32.dll!SetWindowTextW + 1 00007ffb2e5d56e1 11 bytes [B8, 49, 93, 18, 5D, 00, 00, ...] .text C:\Windows\System32\igfxtray.exe[3832] C:\Windows\system32\USER32.dll!GetMessageA + 1 00007ffb2e5d6401 11 bytes [B8, 49, 69, 18, 5D, 00, 00, ...] .text C:\Windows\System32\igfxtray.exe[3832] C:\Windows\system32\USER32.dll!PostMessageA 00007ffb2e5d6970 4 bytes [48, B8, 89, D7] .text C:\Windows\System32\igfxtray.exe[3832] C:\Windows\system32\USER32.dll!PostMessageA + 5 00007ffb2e5d6975 7 bytes [5D, 00, 00, 00, 00, 50, C3] .text C:\Windows\System32\igfxtray.exe[3832] C:\Windows\system32\USER32.dll!CreateWindowExW 00007ffb2e5d7834 7 bytes [48, B8, 49, 85, 18, 5D, 00] .text C:\Windows\System32\igfxtray.exe[3832] C:\Windows\system32\USER32.dll!CreateWindowExW + 10 00007ffb2e5d783e 2 bytes [50, C3] .text C:\Windows\System32\igfxtray.exe[3832] C:\Windows\system32\USER32.dll!SetWindowsHookExW + 1 00007ffb2e5da861 7 bytes [B8, 09, 1E, 18, 5D, 00, 00] .text C:\Windows\System32\igfxtray.exe[3832] C:\Windows\system32\USER32.dll!SetWindowsHookExW + 9 00007ffb2e5da869 3 bytes [00, 50, C3] .text C:\Windows\System32\igfxtray.exe[3832] C:\Windows\system32\USER32.dll!CreateWindowExA 00007ffb2e5dae38 7 bytes [48, B8, 09, 87, 18, 5D, 00] .text C:\Windows\System32\igfxtray.exe[3832] C:\Windows\system32\USER32.dll!CreateWindowExA + 10 00007ffb2e5dae42 2 bytes [50, C3] .text C:\Windows\System32\igfxtray.exe[3832] C:\Windows\system32\USER32.dll!FindWindowExW + 1 00007ffb2e5dceb1 11 bytes [B8, C9, AB, 18, 5D, 00, 00, ...] .text C:\Windows\System32\igfxtray.exe[3832] C:\Windows\system32\USER32.dll!FindWindowExA + 1 00007ffb2e5dd241 7 bytes [B8, 49, A8, 18, 5D, 00, 00] .text C:\Windows\System32\igfxtray.exe[3832] C:\Windows\system32\USER32.dll!FindWindowExA + 9 00007ffb2e5dd249 3 bytes [00, 50, C3] .text C:\Windows\System32\igfxtray.exe[3832] C:\Windows\system32\USER32.dll!FindWindowW + 1 00007ffb2e5dec31 7 bytes [B8, 09, AA, 18, 5D, 00, 00] .text C:\Windows\System32\igfxtray.exe[3832] C:\Windows\system32\USER32.dll!FindWindowW + 9 00007ffb2e5dec39 3 bytes [00, 50, C3] .text C:\Windows\System32\igfxtray.exe[3832] C:\Windows\system32\USER32.dll!SetWinEventHook 00007ffb2e5e2214 12 bytes [48, B8, 09, 3A, 18, 5D, 00, ...] .text C:\Windows\System32\igfxtray.exe[3832] C:\Windows\system32\USER32.dll!CreateDialogIndirectParamAorW + 1 00007ffb2e5f0dcd 11 bytes [B8, 89, 8A, 18, 5D, 00, 00, ...] .text C:\Windows\System32\igfxtray.exe[3832] C:\Windows\system32\USER32.dll!PeekMessageA + 1 00007ffb2e5f20e1 11 bytes [B8, C9, 6C, 18, 5D, 00, 00, ...] .text C:\Windows\System32\igfxtray.exe[3832] C:\Windows\system32\USER32.dll!UserClientDllInitialize + 1 00007ffb2e5f2831 11 bytes [B8, 49, E7, 18, 5D, 00, 00, ...] .text C:\Windows\System32\igfxtray.exe[3832] C:\Windows\system32\USER32.dll!DialogBoxIndirectParamAorW + 1 00007ffb2e600799 11 bytes [B8, 49, 8C, 18, 5D, 00, 00, ...] .text C:\Windows\System32\igfxtray.exe[3832] C:\Windows\system32\USER32.dll!SetWindowsHookExA + 1 00007ffb2e62d979 8 bytes [B8, 49, 1C, 18, 5D, 00, 00, ...] .text C:\Windows\System32\igfxtray.exe[3832] C:\Windows\system32\USER32.dll!SetWindowsHookExA + 10 00007ffb2e62d982 2 bytes [50, C3] .text C:\Windows\System32\igfxtray.exe[3832] C:\Windows\system32\USER32.dll!MessageBoxExA + 1 00007ffb2e6536fd 11 bytes [B8, 09, 8E, 18, 5D, 00, 00, ...] .text C:\Windows\System32\igfxtray.exe[3832] C:\Windows\system32\USER32.dll!MessageBoxExW + 1 00007ffb2e653721 11 bytes [B8, C9, 8F, 18, 5D, 00, 00, ...] .text C:\Windows\System32\igfxtray.exe[3832] C:\Windows\system32\USER32.dll!FindWindowA + 1 00007ffb2e654881 11 bytes [B8, 89, A6, 18, 5D, 00, 00, ...] .text C:\Windows\System32\igfxtray.exe[3832] C:\Windows\system32\USER32.dll!SetWindowTextA + 1 00007ffb2e65c725 11 bytes [B8, 89, 91, 18, 5D, 00, 00, ...] .text C:\Windows\System32\igfxtray.exe[3832] C:\Windows\system32\ADVAPI32.dll!CreateServiceA 00007ffb2e0ecd04 12 bytes [48, B8, C9, 65, 18, 5D, 00, ...] .text C:\Windows\System32\igfxtray.exe[3832] C:\Windows\system32\ADVAPI32.dll!CreateServiceW 00007ffb2e0ecd88 12 bytes [48, B8, 89, 67, 18, 5D, 00, ...] .text C:\Windows\System32\igfxtray.exe[3832] C:\Windows\system32\SHELL32.dll!Shell_NotifyIconW + 1 00007ffb2e883415 3 bytes [B8, 49, 7E] .text C:\Windows\System32\igfxtray.exe[3832] C:\Windows\system32\SHELL32.dll!Shell_NotifyIconW + 5 00007ffb2e883419 7 bytes [5D, 00, 00, 00, 00, 50, C3] .text C:\Windows\System32\igfxtray.exe[3832] C:\Windows\SYSTEM32\sechost.dll!CredIsProtectedW + 225 00007ffb2e032501 11 bytes [B8, 89, EC, 18, 5D, 00, 00, ...] .text C:\Windows\System32\igfxtray.exe[3832] C:\Windows\SYSTEM32\sechost.dll!CloseServiceHandle + 1 00007ffb2e034fcd 11 bytes [B8, 09, 5D, 18, 5D, 00, 00, ...] .text C:\Windows\System32\igfxtray.exe[3832] C:\Windows\SYSTEM32\sechost.dll!OpenServiceW 00007ffb2e0354e0 12 bytes [48, B8, C9, 50, 18, 5D, 00, ...] .text C:\Windows\System32\igfxtray.exe[3832] C:\Windows\SYSTEM32\sechost.dll!ControlServiceExW + 1 00007ffb2e037e31 11 bytes [B8, 49, 54, 18, 5D, 00, 00, ...] .text C:\Windows\System32\igfxtray.exe[3832] C:\Windows\SYSTEM32\sechost.dll!ControlService + 1 00007ffb2e038975 11 bytes [B8, 09, 56, 18, 5D, 00, 00, ...] .text C:\Windows\System32\igfxtray.exe[3832] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigW + 1 00007ffb2e03c295 11 bytes [B8, 49, 5B, 18, 5D, 00, 00, ...] .text C:\Windows\System32\igfxtray.exe[3832] C:\Windows\SYSTEM32\sechost.dll!OpenServiceA 00007ffb2e058840 12 bytes [48, B8, 09, 4F, 18, 5D, 00, ...] .text C:\Windows\System32\igfxtray.exe[3832] C:\Windows\SYSTEM32\sechost.dll!DeleteService + 1 00007ffb2e059905 11 bytes [B8, C9, 57, 18, 5D, 00, 00, ...] .text C:\Windows\System32\igfxtray.exe[3832] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigA + 1 00007ffb2e05c721 11 bytes [B8, 89, 59, 18, 5D, 00, 00, ...] .text C:\Windows\System32\igfxtray.exe[3832] C:\Windows\SYSTEM32\sechost.dll!ControlServiceExA + 1 00007ffb2e06cbf1 11 bytes [B8, 89, 52, 18, 5D, 00, 00, ...] .text C:\Windows\system32\igfxsrvc.exe[3312] C:\Windows\system32\KERNEL32.DLL!CreateToolhelp32Snapshot 00007ffb2fbea8f0 12 bytes [48, B8, C9, 34, 18, 5D, 00, ...] .text C:\Windows\system32\igfxsrvc.exe[3312] C:\Windows\system32\KERNEL32.DLL!Process32NextW 00007ffb2fbeb0f0 12 bytes [48, B8, 49, AF, 18, 5D, 00, ...] .text C:\Windows\system32\igfxsrvc.exe[3312] C:\Windows\system32\KERNEL32.DLL!GetStartupInfoA + 1 00007ffb2fc82731 11 bytes [B8, 09, D4, 18, 5D, 00, 00, ...] .text C:\Windows\system32\igfxsrvc.exe[3312] C:\Windows\system32\KERNEL32.DLL!MoveFileExA + 1 00007ffb2fca6f9d 8 bytes [B8, C9, C0, 18, 5D, 00, 00, ...] .text C:\Windows\system32\igfxsrvc.exe[3312] C:\Windows\system32\KERNEL32.DLL!MoveFileExA + 10 00007ffb2fca6fa6 2 bytes [50, C3] .text C:\Windows\system32\igfxsrvc.exe[3312] C:\Windows\system32\KERNEL32.DLL!MoveFileWithProgressA + 1 00007ffb2fca7095 11 bytes [B8, 09, C6, 18, 5D, 00, 00, ...] .text C:\Windows\system32\igfxsrvc.exe[3312] C:\Windows\system32\KERNELBASE.dll!CloseHandle 00007ffb2dcf14f0 12 bytes [48, B8, 49, 4D, 18, 5D, 00, ...] .text C:\Windows\system32\igfxsrvc.exe[3312] C:\Windows\system32\KERNELBASE.dll!FreeLibrary + 1 00007ffb2dcf54c9 11 bytes [B8, 09, A3, 18, 5D, 00, 00, ...] .text C:\Windows\system32\igfxsrvc.exe[3312] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW + 1 00007ffb2dcf55b1 11 bytes [B8, 49, A1, 18, 5D, 00, 00, ...] .text C:\Windows\system32\igfxsrvc.exe[3312] C:\Windows\system32\KERNELBASE.dll!OpenMutexW + 1 00007ffb2dcf6741 11 bytes [B8, C9, 49, 18, 5D, 00, 00, ...] .text C:\Windows\system32\igfxsrvc.exe[3312] C:\Windows\system32\KERNELBASE.dll!CreateMutexW 00007ffb2dcf688c 12 bytes [48, B8, 89, 4B, 18, 5D, 00, ...] .text C:\Windows\system32\igfxsrvc.exe[3312] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExA + 1 00007ffb2dcf8f99 11 bytes [B8, 89, 9F, 18, 5D, 00, 00, ...] .text C:\Windows\system32\igfxsrvc.exe[3312] C:\Windows\system32\KERNELBASE.dll!GetProcAddress 00007ffb2dcf9e94 12 bytes [48, B8, C9, A4, 18, 5D, 00, ...] .text C:\Windows\system32\igfxsrvc.exe[3312] C:\Windows\system32\KERNELBASE.dll!CreateProcessInternalW 00007ffb2dd068c0 12 bytes [48, B8, 89, 28, 18, 5D, 00, ...] .text C:\Windows\system32\igfxsrvc.exe[3312] C:\Windows\system32\KERNELBASE.dll!WriteProcessMemory + 1 00007ffb2dd14ac1 11 bytes [B8, 89, 3D, 18, 5D, 00, 00, ...] .text C:\Windows\system32\igfxsrvc.exe[3312] C:\Windows\system32\KERNELBASE.dll!MoveFileExW + 1 00007ffb2dd4cb51 8 bytes [B8, 89, C2, 18, 5D, 00, 00, ...] .text C:\Windows\system32\igfxsrvc.exe[3312] C:\Windows\system32\KERNELBASE.dll!MoveFileExW + 10 00007ffb2dd4cb5a 2 bytes [50, C3] .text C:\Windows\system32\igfxsrvc.exe[3312] C:\Windows\system32\KERNELBASE.dll!MoveFileWithProgressW + 1 00007ffb2dd522e1 11 bytes [B8, C9, C7, 18, 5D, 00, 00, ...] .text C:\Windows\system32\igfxsrvc.exe[3312] C:\Windows\system32\KERNELBASE.dll!DefineDosDeviceW + 1 00007ffb2dd69b79 11 bytes [B8, 49, BD, 18, 5D, 00, 00, ...] .text C:\Windows\system32\igfxsrvc.exe[3312] C:\Windows\system32\KERNELBASE.dll!CreateThread 00007ffb2dd69eb0 12 bytes [48, B8, C9, 3B, 18, 5D, 00, ...] .text C:\Windows\system32\igfxsrvc.exe[3312] C:\Windows\system32\KERNELBASE.dll!ReadConsoleInputA + 1 00007ffb2ddbada5 11 bytes [B8, 49, 70, 18, 5D, 00, 00, ...] .text C:\Windows\system32\igfxsrvc.exe[3312] C:\Windows\system32\KERNELBASE.dll!ReadConsoleInputW + 1 00007ffb2ddbae11 11 bytes [B8, 09, 72, 18, 5D, 00, 00, ...] .text C:\Windows\system32\igfxsrvc.exe[3312] C:\Windows\system32\KERNELBASE.dll!ReadConsoleA 00007ffb2ddbb82c 12 bytes [48, B8, C9, 73, 18, 5D, 00, ...] .text C:\Windows\system32\igfxsrvc.exe[3312] C:\Windows\system32\KERNELBASE.dll!ReadConsoleW 00007ffb2ddbba54 12 bytes [48, B8, 89, 75, 18, 5D, 00, ...] .text C:\Windows\system32\igfxsrvc.exe[3312] C:\Windows\system32\KERNELBASE.dll!CreateRemoteThread 00007ffb2ddccddc 12 bytes [48, B8, C9, 1F, 18, 5D, 00, ...] .text C:\Windows\system32\igfxsrvc.exe[3312] C:\Windows\system32\USER32.dll!ShowWindow 00007ffb2e5d1190 6 bytes [48, B8, C9, 88, 18, 5D] .text C:\Windows\system32\igfxsrvc.exe[3312] C:\Windows\system32\USER32.dll!ShowWindow + 8 00007ffb2e5d1198 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\igfxsrvc.exe[3312] C:\Windows\system32\USER32.dll!UnhookWindowsHookEx 00007ffb2e5d11f0 6 bytes [48, B8, 89, 7C, 18, 5D] .text C:\Windows\system32\igfxsrvc.exe[3312] C:\Windows\system32\USER32.dll!UnhookWindowsHookEx + 8 00007ffb2e5d11f8 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\igfxsrvc.exe[3312] C:\Windows\system32\USER32.dll!GetMessageW 00007ffb2e5d2030 12 bytes [48, B8, 09, 6B, 18, 5D, 00, ...] .text C:\Windows\system32\igfxsrvc.exe[3312] C:\Windows\system32\USER32.dll!PeekMessageW + 1 00007ffb2e5d3071 11 bytes [B8, 89, 6E, 18, 5D, 00, 00, ...] .text C:\Windows\system32\igfxsrvc.exe[3312] C:\Windows\system32\USER32.dll!PostMessageW + 1 00007ffb2e5d34d1 11 bytes [B8, 49, D9, 18, 5D, 00, 00, ...] .text C:\Windows\system32\igfxsrvc.exe[3312] C:\Windows\system32\USER32.dll!CallNextHookEx + 1 00007ffb2e5d3be1 3 bytes [B8, C9, 7A] .text C:\Windows\system32\igfxsrvc.exe[3312] C:\Windows\system32\USER32.dll!CallNextHookEx + 5 00007ffb2e5d3be5 7 bytes [5D, 00, 00, 00, 00, 50, C3] .text C:\Windows\system32\igfxsrvc.exe[3312] C:\Windows\system32\USER32.dll!SetWindowTextW + 1 00007ffb2e5d56e1 11 bytes [B8, 49, 93, 18, 5D, 00, 00, ...] .text C:\Windows\system32\igfxsrvc.exe[3312] C:\Windows\system32\USER32.dll!GetMessageA + 1 00007ffb2e5d6401 11 bytes [B8, 49, 69, 18, 5D, 00, 00, ...] .text C:\Windows\system32\igfxsrvc.exe[3312] C:\Windows\system32\USER32.dll!PostMessageA 00007ffb2e5d6970 4 bytes [48, B8, 89, D7] .text C:\Windows\system32\igfxsrvc.exe[3312] C:\Windows\system32\USER32.dll!PostMessageA + 5 00007ffb2e5d6975 7 bytes [5D, 00, 00, 00, 00, 50, C3] .text C:\Windows\system32\igfxsrvc.exe[3312] C:\Windows\system32\USER32.dll!CreateWindowExW 00007ffb2e5d7834 7 bytes [48, B8, 49, 85, 18, 5D, 00] .text C:\Windows\system32\igfxsrvc.exe[3312] C:\Windows\system32\USER32.dll!CreateWindowExW + 10 00007ffb2e5d783e 2 bytes [50, C3] .text C:\Windows\system32\igfxsrvc.exe[3312] C:\Windows\system32\USER32.dll!SetWindowsHookExW + 1 00007ffb2e5da861 7 bytes [B8, 09, 1E, 18, 5D, 00, 00] .text C:\Windows\system32\igfxsrvc.exe[3312] C:\Windows\system32\USER32.dll!SetWindowsHookExW + 9 00007ffb2e5da869 3 bytes [00, 50, C3] .text C:\Windows\system32\igfxsrvc.exe[3312] C:\Windows\system32\USER32.dll!CreateWindowExA 00007ffb2e5dae38 7 bytes [48, B8, 09, 87, 18, 5D, 00] .text C:\Windows\system32\igfxsrvc.exe[3312] C:\Windows\system32\USER32.dll!CreateWindowExA + 10 00007ffb2e5dae42 2 bytes [50, C3] .text C:\Windows\system32\igfxsrvc.exe[3312] C:\Windows\system32\USER32.dll!FindWindowExW + 1 00007ffb2e5dceb1 11 bytes [B8, C9, AB, 18, 5D, 00, 00, ...] .text C:\Windows\system32\igfxsrvc.exe[3312] C:\Windows\system32\USER32.dll!FindWindowExA + 1 00007ffb2e5dd241 7 bytes [B8, 49, A8, 18, 5D, 00, 00] .text C:\Windows\system32\igfxsrvc.exe[3312] C:\Windows\system32\USER32.dll!FindWindowExA + 9 00007ffb2e5dd249 3 bytes [00, 50, C3] .text C:\Windows\system32\igfxsrvc.exe[3312] C:\Windows\system32\USER32.dll!FindWindowW + 1 00007ffb2e5dec31 7 bytes [B8, 09, AA, 18, 5D, 00, 00] .text C:\Windows\system32\igfxsrvc.exe[3312] C:\Windows\system32\USER32.dll!FindWindowW + 9 00007ffb2e5dec39 3 bytes [00, 50, C3] .text C:\Windows\system32\igfxsrvc.exe[3312] C:\Windows\system32\USER32.dll!SetWinEventHook 00007ffb2e5e2214 12 bytes [48, B8, 09, 3A, 18, 5D, 00, ...] .text C:\Windows\system32\igfxsrvc.exe[3312] C:\Windows\system32\USER32.dll!CreateDialogIndirectParamAorW + 1 00007ffb2e5f0dcd 11 bytes [B8, 89, 8A, 18, 5D, 00, 00, ...] .text C:\Windows\system32\igfxsrvc.exe[3312] C:\Windows\system32\USER32.dll!PeekMessageA + 1 00007ffb2e5f20e1 11 bytes [B8, C9, 6C, 18, 5D, 00, 00, ...] .text C:\Windows\system32\igfxsrvc.exe[3312] C:\Windows\system32\USER32.dll!UserClientDllInitialize + 1 00007ffb2e5f2831 11 bytes [B8, 49, E7, 18, 5D, 00, 00, ...] .text C:\Windows\system32\igfxsrvc.exe[3312] C:\Windows\system32\USER32.dll!DialogBoxIndirectParamAorW + 1 00007ffb2e600799 11 bytes [B8, 49, 8C, 18, 5D, 00, 00, ...] .text C:\Windows\system32\igfxsrvc.exe[3312] C:\Windows\system32\USER32.dll!SetWindowsHookExA + 1 00007ffb2e62d979 8 bytes [B8, 49, 1C, 18, 5D, 00, 00, ...] .text C:\Windows\system32\igfxsrvc.exe[3312] C:\Windows\system32\USER32.dll!SetWindowsHookExA + 10 00007ffb2e62d982 2 bytes [50, C3] .text C:\Windows\system32\igfxsrvc.exe[3312] C:\Windows\system32\USER32.dll!MessageBoxExA + 1 00007ffb2e6536fd 11 bytes [B8, 09, 8E, 18, 5D, 00, 00, ...] .text C:\Windows\system32\igfxsrvc.exe[3312] C:\Windows\system32\USER32.dll!MessageBoxExW + 1 00007ffb2e653721 11 bytes [B8, C9, 8F, 18, 5D, 00, 00, ...] .text C:\Windows\system32\igfxsrvc.exe[3312] C:\Windows\system32\USER32.dll!FindWindowA + 1 00007ffb2e654881 11 bytes [B8, 89, A6, 18, 5D, 00, 00, ...] .text C:\Windows\system32\igfxsrvc.exe[3312] C:\Windows\system32\USER32.dll!SetWindowTextA + 1 00007ffb2e65c725 11 bytes [B8, 89, 91, 18, 5D, 00, 00, ...] .text C:\Windows\system32\igfxsrvc.exe[3312] C:\Windows\system32\ADVAPI32.dll!CreateServiceA 00007ffb2e0ecd04 12 bytes [48, B8, C9, 65, 18, 5D, 00, ...] .text C:\Windows\system32\igfxsrvc.exe[3312] C:\Windows\system32\ADVAPI32.dll!CreateServiceW 00007ffb2e0ecd88 12 bytes [48, B8, 89, 67, 18, 5D, 00, ...] .text C:\Windows\system32\igfxsrvc.exe[3312] C:\Windows\SYSTEM32\sechost.dll!CredIsProtectedW + 225 00007ffb2e032501 11 bytes [B8, C9, EA, 18, 5D, 00, 00, ...] .text C:\Windows\system32\igfxsrvc.exe[3312] C:\Windows\SYSTEM32\sechost.dll!CloseServiceHandle + 1 00007ffb2e034fcd 11 bytes [B8, 09, 5D, 18, 5D, 00, 00, ...] .text C:\Windows\system32\igfxsrvc.exe[3312] C:\Windows\SYSTEM32\sechost.dll!OpenServiceW 00007ffb2e0354e0 12 bytes [48, B8, C9, 50, 18, 5D, 00, ...] .text C:\Windows\system32\igfxsrvc.exe[3312] C:\Windows\SYSTEM32\sechost.dll!ControlServiceExW + 1 00007ffb2e037e31 11 bytes [B8, 49, 54, 18, 5D, 00, 00, ...] .text C:\Windows\system32\igfxsrvc.exe[3312] C:\Windows\SYSTEM32\sechost.dll!ControlService + 1 00007ffb2e038975 11 bytes [B8, 09, 56, 18, 5D, 00, 00, ...] .text C:\Windows\system32\igfxsrvc.exe[3312] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigW + 1 00007ffb2e03c295 11 bytes [B8, 49, 5B, 18, 5D, 00, 00, ...] .text C:\Windows\system32\igfxsrvc.exe[3312] C:\Windows\SYSTEM32\sechost.dll!OpenServiceA 00007ffb2e058840 12 bytes [48, B8, 09, 4F, 18, 5D, 00, ...] .text C:\Windows\system32\igfxsrvc.exe[3312] C:\Windows\SYSTEM32\sechost.dll!DeleteService + 1 00007ffb2e059905 11 bytes [B8, C9, 57, 18, 5D, 00, 00, ...] .text C:\Windows\system32\igfxsrvc.exe[3312] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigA + 1 00007ffb2e05c721 11 bytes [B8, 89, 59, 18, 5D, 00, 00, ...] .text C:\Windows\system32\igfxsrvc.exe[3312] C:\Windows\SYSTEM32\sechost.dll!ControlServiceExA + 1 00007ffb2e06cbf1 11 bytes [B8, 89, 52, 18, 5D, 00, 00, ...] .text C:\Windows\System32\hkcmd.exe[2292] C:\Windows\system32\KERNEL32.DLL!CreateToolhelp32Snapshot 00007ffb2fbea8f0 12 bytes [48, B8, C9, 34, 18, 5D, 00, ...] .text C:\Windows\System32\hkcmd.exe[2292] C:\Windows\system32\KERNEL32.DLL!Process32NextW 00007ffb2fbeb0f0 12 bytes [48, B8, 49, AF, 18, 5D, 00, ...] .text C:\Windows\System32\hkcmd.exe[2292] C:\Windows\system32\KERNEL32.DLL!GetStartupInfoA + 1 00007ffb2fc82731 11 bytes [B8, 09, D4, 18, 5D, 00, 00, ...] .text C:\Windows\System32\hkcmd.exe[2292] C:\Windows\system32\KERNEL32.DLL!MoveFileExA + 1 00007ffb2fca6f9d 8 bytes [B8, C9, C0, 18, 5D, 00, 00, ...] .text C:\Windows\System32\hkcmd.exe[2292] C:\Windows\system32\KERNEL32.DLL!MoveFileExA + 10 00007ffb2fca6fa6 2 bytes [50, C3] .text C:\Windows\System32\hkcmd.exe[2292] C:\Windows\system32\KERNEL32.DLL!MoveFileWithProgressA + 1 00007ffb2fca7095 11 bytes [B8, 09, C6, 18, 5D, 00, 00, ...] .text C:\Windows\System32\hkcmd.exe[2292] C:\Windows\system32\KERNELBASE.dll!CloseHandle 00007ffb2dcf14f0 12 bytes [48, B8, 49, 4D, 18, 5D, 00, ...] .text C:\Windows\System32\hkcmd.exe[2292] C:\Windows\system32\KERNELBASE.dll!FreeLibrary + 1 00007ffb2dcf54c9 11 bytes [B8, 09, A3, 18, 5D, 00, 00, ...] .text C:\Windows\System32\hkcmd.exe[2292] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW + 1 00007ffb2dcf55b1 11 bytes [B8, 49, A1, 18, 5D, 00, 00, ...] .text C:\Windows\System32\hkcmd.exe[2292] C:\Windows\system32\KERNELBASE.dll!OpenMutexW + 1 00007ffb2dcf6741 11 bytes [B8, C9, 49, 18, 5D, 00, 00, ...] .text C:\Windows\System32\hkcmd.exe[2292] C:\Windows\system32\KERNELBASE.dll!CreateMutexW 00007ffb2dcf688c 12 bytes [48, B8, 89, 4B, 18, 5D, 00, ...] .text C:\Windows\System32\hkcmd.exe[2292] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExA + 1 00007ffb2dcf8f99 11 bytes [B8, 89, 9F, 18, 5D, 00, 00, ...] .text C:\Windows\System32\hkcmd.exe[2292] C:\Windows\system32\KERNELBASE.dll!GetProcAddress 00007ffb2dcf9e94 12 bytes [48, B8, C9, A4, 18, 5D, 00, ...] .text C:\Windows\System32\hkcmd.exe[2292] C:\Windows\system32\KERNELBASE.dll!CreateProcessInternalW 00007ffb2dd068c0 12 bytes [48, B8, 89, 28, 18, 5D, 00, ...] .text C:\Windows\System32\hkcmd.exe[2292] C:\Windows\system32\KERNELBASE.dll!WriteProcessMemory + 1 00007ffb2dd14ac1 11 bytes [B8, 89, 3D, 18, 5D, 00, 00, ...] .text C:\Windows\System32\hkcmd.exe[2292] C:\Windows\system32\KERNELBASE.dll!MoveFileExW + 1 00007ffb2dd4cb51 8 bytes [B8, 89, C2, 18, 5D, 00, 00, ...] .text C:\Windows\System32\hkcmd.exe[2292] C:\Windows\system32\KERNELBASE.dll!MoveFileExW + 10 00007ffb2dd4cb5a 2 bytes [50, C3] .text C:\Windows\System32\hkcmd.exe[2292] C:\Windows\system32\KERNELBASE.dll!MoveFileWithProgressW + 1 00007ffb2dd522e1 11 bytes [B8, C9, C7, 18, 5D, 00, 00, ...] .text C:\Windows\System32\hkcmd.exe[2292] C:\Windows\system32\KERNELBASE.dll!DefineDosDeviceW + 1 00007ffb2dd69b79 11 bytes [B8, 49, BD, 18, 5D, 00, 00, ...] .text C:\Windows\System32\hkcmd.exe[2292] C:\Windows\system32\KERNELBASE.dll!CreateThread 00007ffb2dd69eb0 12 bytes [48, B8, C9, 3B, 18, 5D, 00, ...] .text C:\Windows\System32\hkcmd.exe[2292] C:\Windows\system32\KERNELBASE.dll!ReadConsoleInputA + 1 00007ffb2ddbada5 11 bytes [B8, 49, 70, 18, 5D, 00, 00, ...] .text C:\Windows\System32\hkcmd.exe[2292] C:\Windows\system32\KERNELBASE.dll!ReadConsoleInputW + 1 00007ffb2ddbae11 11 bytes [B8, 09, 72, 18, 5D, 00, 00, ...] .text C:\Windows\System32\hkcmd.exe[2292] C:\Windows\system32\KERNELBASE.dll!ReadConsoleA 00007ffb2ddbb82c 12 bytes [48, B8, C9, 73, 18, 5D, 00, ...] .text C:\Windows\System32\hkcmd.exe[2292] C:\Windows\system32\KERNELBASE.dll!ReadConsoleW 00007ffb2ddbba54 12 bytes [48, B8, 89, 75, 18, 5D, 00, ...] .text C:\Windows\System32\hkcmd.exe[2292] C:\Windows\system32\KERNELBASE.dll!CreateRemoteThread 00007ffb2ddccddc 12 bytes [48, B8, C9, 1F, 18, 5D, 00, ...] .text C:\Windows\System32\hkcmd.exe[2292] C:\Windows\system32\USER32.dll!ShowWindow 00007ffb2e5d1190 6 bytes [48, B8, C9, 88, 18, 5D] .text C:\Windows\System32\hkcmd.exe[2292] C:\Windows\system32\USER32.dll!ShowWindow + 8 00007ffb2e5d1198 4 bytes [00, 00, 50, C3] .text C:\Windows\System32\hkcmd.exe[2292] C:\Windows\system32\USER32.dll!UnhookWindowsHookEx 00007ffb2e5d11f0 6 bytes [48, B8, 89, 7C, 18, 5D] .text C:\Windows\System32\hkcmd.exe[2292] C:\Windows\system32\USER32.dll!UnhookWindowsHookEx + 8 00007ffb2e5d11f8 4 bytes [00, 00, 50, C3] .text C:\Windows\System32\hkcmd.exe[2292] C:\Windows\system32\USER32.dll!GetMessageW 00007ffb2e5d2030 12 bytes [48, B8, 09, 6B, 18, 5D, 00, ...] .text C:\Windows\System32\hkcmd.exe[2292] C:\Windows\system32\USER32.dll!PeekMessageW + 1 00007ffb2e5d3071 11 bytes [B8, 89, 6E, 18, 5D, 00, 00, ...] .text C:\Windows\System32\hkcmd.exe[2292] C:\Windows\system32\USER32.dll!PostMessageW + 1 00007ffb2e5d34d1 11 bytes [B8, 49, D9, 18, 5D, 00, 00, ...] .text C:\Windows\System32\hkcmd.exe[2292] C:\Windows\system32\USER32.dll!CallNextHookEx + 1 00007ffb2e5d3be1 3 bytes [B8, C9, 7A] .text C:\Windows\System32\hkcmd.exe[2292] C:\Windows\system32\USER32.dll!CallNextHookEx + 5 00007ffb2e5d3be5 7 bytes [5D, 00, 00, 00, 00, 50, C3] .text C:\Windows\System32\hkcmd.exe[2292] C:\Windows\system32\USER32.dll!SetWindowTextW + 1 00007ffb2e5d56e1 11 bytes [B8, 49, 93, 18, 5D, 00, 00, ...] .text C:\Windows\System32\hkcmd.exe[2292] C:\Windows\system32\USER32.dll!GetMessageA + 1 00007ffb2e5d6401 11 bytes [B8, 49, 69, 18, 5D, 00, 00, ...] .text C:\Windows\System32\hkcmd.exe[2292] C:\Windows\system32\USER32.dll!PostMessageA 00007ffb2e5d6970 4 bytes [48, B8, 89, D7] .text C:\Windows\System32\hkcmd.exe[2292] C:\Windows\system32\USER32.dll!PostMessageA + 5 00007ffb2e5d6975 7 bytes [5D, 00, 00, 00, 00, 50, C3] .text C:\Windows\System32\hkcmd.exe[2292] C:\Windows\system32\USER32.dll!CreateWindowExW 00007ffb2e5d7834 7 bytes [48, B8, 49, 85, 18, 5D, 00] .text C:\Windows\System32\hkcmd.exe[2292] C:\Windows\system32\USER32.dll!CreateWindowExW + 10 00007ffb2e5d783e 2 bytes [50, C3] .text C:\Windows\System32\hkcmd.exe[2292] C:\Windows\system32\USER32.dll!SetWindowsHookExW + 1 00007ffb2e5da861 7 bytes [B8, 09, 1E, 18, 5D, 00, 00] .text C:\Windows\System32\hkcmd.exe[2292] C:\Windows\system32\USER32.dll!SetWindowsHookExW + 9 00007ffb2e5da869 3 bytes [00, 50, C3] .text C:\Windows\System32\hkcmd.exe[2292] C:\Windows\system32\USER32.dll!CreateWindowExA 00007ffb2e5dae38 7 bytes [48, B8, 09, 87, 18, 5D, 00] .text C:\Windows\System32\hkcmd.exe[2292] C:\Windows\system32\USER32.dll!CreateWindowExA + 10 00007ffb2e5dae42 2 bytes [50, C3] .text C:\Windows\System32\hkcmd.exe[2292] C:\Windows\system32\USER32.dll!FindWindowExW + 1 00007ffb2e5dceb1 11 bytes [B8, C9, AB, 18, 5D, 00, 00, ...] .text C:\Windows\System32\hkcmd.exe[2292] C:\Windows\system32\USER32.dll!FindWindowExA + 1 00007ffb2e5dd241 7 bytes [B8, 49, A8, 18, 5D, 00, 00] .text C:\Windows\System32\hkcmd.exe[2292] C:\Windows\system32\USER32.dll!FindWindowExA + 9 00007ffb2e5dd249 3 bytes [00, 50, C3] .text C:\Windows\System32\hkcmd.exe[2292] C:\Windows\system32\USER32.dll!FindWindowW + 1 00007ffb2e5dec31 7 bytes [B8, 09, AA, 18, 5D, 00, 00] .text C:\Windows\System32\hkcmd.exe[2292] C:\Windows\system32\USER32.dll!FindWindowW + 9 00007ffb2e5dec39 3 bytes [00, 50, C3] .text C:\Windows\System32\hkcmd.exe[2292] C:\Windows\system32\USER32.dll!SetWinEventHook 00007ffb2e5e2214 12 bytes [48, B8, 09, 3A, 18, 5D, 00, ...] .text C:\Windows\System32\hkcmd.exe[2292] C:\Windows\system32\USER32.dll!CreateDialogIndirectParamAorW + 1 00007ffb2e5f0dcd 11 bytes [B8, 89, 8A, 18, 5D, 00, 00, ...] .text C:\Windows\System32\hkcmd.exe[2292] C:\Windows\system32\USER32.dll!PeekMessageA + 1 00007ffb2e5f20e1 11 bytes [B8, C9, 6C, 18, 5D, 00, 00, ...] .text C:\Windows\System32\hkcmd.exe[2292] C:\Windows\system32\USER32.dll!UserClientDllInitialize + 1 00007ffb2e5f2831 11 bytes [B8, 49, E7, 18, 5D, 00, 00, ...] .text C:\Windows\System32\hkcmd.exe[2292] C:\Windows\system32\USER32.dll!DialogBoxIndirectParamAorW + 1 00007ffb2e600799 11 bytes [B8, 49, 8C, 18, 5D, 00, 00, ...] .text C:\Windows\System32\hkcmd.exe[2292] C:\Windows\system32\USER32.dll!SetWindowsHookExA + 1 00007ffb2e62d979 8 bytes [B8, 49, 1C, 18, 5D, 00, 00, ...] .text C:\Windows\System32\hkcmd.exe[2292] C:\Windows\system32\USER32.dll!SetWindowsHookExA + 10 00007ffb2e62d982 2 bytes [50, C3] .text C:\Windows\System32\hkcmd.exe[2292] C:\Windows\system32\USER32.dll!MessageBoxExA + 1 00007ffb2e6536fd 11 bytes [B8, 09, 8E, 18, 5D, 00, 00, ...] .text C:\Windows\System32\hkcmd.exe[2292] C:\Windows\system32\USER32.dll!MessageBoxExW + 1 00007ffb2e653721 11 bytes [B8, C9, 8F, 18, 5D, 00, 00, ...] .text C:\Windows\System32\hkcmd.exe[2292] C:\Windows\system32\USER32.dll!FindWindowA + 1 00007ffb2e654881 11 bytes [B8, 89, A6, 18, 5D, 00, 00, ...] .text C:\Windows\System32\hkcmd.exe[2292] C:\Windows\system32\USER32.dll!SetWindowTextA + 1 00007ffb2e65c725 11 bytes [B8, 89, 91, 18, 5D, 00, 00, ...] .text C:\Windows\System32\hkcmd.exe[2292] C:\Windows\system32\ADVAPI32.dll!CreateServiceA 00007ffb2e0ecd04 12 bytes [48, B8, C9, 65, 18, 5D, 00, ...] .text C:\Windows\System32\hkcmd.exe[2292] C:\Windows\system32\ADVAPI32.dll!CreateServiceW 00007ffb2e0ecd88 12 bytes [48, B8, 89, 67, 18, 5D, 00, ...] .text C:\Windows\System32\hkcmd.exe[2292] C:\Windows\system32\SHELL32.dll!Shell_NotifyIconW + 1 00007ffb2e883415 3 bytes [B8, 49, 7E] .text C:\Windows\System32\hkcmd.exe[2292] C:\Windows\system32\SHELL32.dll!Shell_NotifyIconW + 5 00007ffb2e883419 7 bytes [5D, 00, 00, 00, 00, 50, C3] .text C:\Windows\System32\hkcmd.exe[2292] C:\Windows\SYSTEM32\sechost.dll!CredIsProtectedW + 225 00007ffb2e032501 11 bytes [B8, 89, EC, 18, 5D, 00, 00, ...] .text C:\Windows\System32\hkcmd.exe[2292] C:\Windows\SYSTEM32\sechost.dll!CloseServiceHandle + 1 00007ffb2e034fcd 11 bytes [B8, 09, 5D, 18, 5D, 00, 00, ...] .text C:\Windows\System32\hkcmd.exe[2292] C:\Windows\SYSTEM32\sechost.dll!OpenServiceW 00007ffb2e0354e0 12 bytes [48, B8, C9, 50, 18, 5D, 00, ...] .text C:\Windows\System32\hkcmd.exe[2292] C:\Windows\SYSTEM32\sechost.dll!ControlServiceExW + 1 00007ffb2e037e31 11 bytes [B8, 49, 54, 18, 5D, 00, 00, ...] .text C:\Windows\System32\hkcmd.exe[2292] C:\Windows\SYSTEM32\sechost.dll!ControlService + 1 00007ffb2e038975 11 bytes [B8, 09, 56, 18, 5D, 00, 00, ...] .text C:\Windows\System32\hkcmd.exe[2292] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigW + 1 00007ffb2e03c295 11 bytes [B8, 49, 5B, 18, 5D, 00, 00, ...] .text C:\Windows\System32\hkcmd.exe[2292] C:\Windows\SYSTEM32\sechost.dll!OpenServiceA 00007ffb2e058840 12 bytes [48, B8, 09, 4F, 18, 5D, 00, ...] .text C:\Windows\System32\hkcmd.exe[2292] C:\Windows\SYSTEM32\sechost.dll!DeleteService + 1 00007ffb2e059905 11 bytes [B8, C9, 57, 18, 5D, 00, 00, ...] .text C:\Windows\System32\hkcmd.exe[2292] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigA + 1 00007ffb2e05c721 11 bytes [B8, 89, 59, 18, 5D, 00, 00, ...] .text C:\Windows\System32\hkcmd.exe[2292] C:\Windows\SYSTEM32\sechost.dll!ControlServiceExA + 1 00007ffb2e06cbf1 11 bytes [B8, 89, 52, 18, 5D, 00, 00, ...] .text C:\Windows\System32\igfxpers.exe[3848] C:\Windows\system32\KERNEL32.DLL!CreateToolhelp32Snapshot 00007ffb2fbea8f0 12 bytes [48, B8, C9, 34, 18, 5D, 00, ...] .text C:\Windows\System32\igfxpers.exe[3848] C:\Windows\system32\KERNEL32.DLL!Process32NextW 00007ffb2fbeb0f0 12 bytes [48, B8, 49, AF, 18, 5D, 00, ...] .text C:\Windows\System32\igfxpers.exe[3848] C:\Windows\system32\KERNEL32.DLL!GetStartupInfoA + 1 00007ffb2fc82731 11 bytes [B8, 09, D4, 18, 5D, 00, 00, ...] .text C:\Windows\System32\igfxpers.exe[3848] C:\Windows\system32\KERNEL32.DLL!MoveFileExA + 1 00007ffb2fca6f9d 8 bytes [B8, C9, C0, 18, 5D, 00, 00, ...] .text C:\Windows\System32\igfxpers.exe[3848] C:\Windows\system32\KERNEL32.DLL!MoveFileExA + 10 00007ffb2fca6fa6 2 bytes [50, C3] .text C:\Windows\System32\igfxpers.exe[3848] C:\Windows\system32\KERNEL32.DLL!MoveFileWithProgressA + 1 00007ffb2fca7095 11 bytes [B8, 09, C6, 18, 5D, 00, 00, ...] .text C:\Windows\System32\igfxpers.exe[3848] C:\Windows\system32\KERNELBASE.dll!CloseHandle 00007ffb2dcf14f0 12 bytes [48, B8, 49, 4D, 18, 5D, 00, ...] .text C:\Windows\System32\igfxpers.exe[3848] C:\Windows\system32\KERNELBASE.dll!FreeLibrary + 1 00007ffb2dcf54c9 11 bytes [B8, 09, A3, 18, 5D, 00, 00, ...] .text C:\Windows\System32\igfxpers.exe[3848] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW + 1 00007ffb2dcf55b1 11 bytes [B8, 49, A1, 18, 5D, 00, 00, ...] .text C:\Windows\System32\igfxpers.exe[3848] C:\Windows\system32\KERNELBASE.dll!OpenMutexW + 1 00007ffb2dcf6741 11 bytes [B8, C9, 49, 18, 5D, 00, 00, ...] .text C:\Windows\System32\igfxpers.exe[3848] C:\Windows\system32\KERNELBASE.dll!CreateMutexW 00007ffb2dcf688c 12 bytes [48, B8, 89, 4B, 18, 5D, 00, ...] .text C:\Windows\System32\igfxpers.exe[3848] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExA + 1 00007ffb2dcf8f99 11 bytes [B8, 89, 9F, 18, 5D, 00, 00, ...] .text C:\Windows\System32\igfxpers.exe[3848] C:\Windows\system32\KERNELBASE.dll!GetProcAddress 00007ffb2dcf9e94 12 bytes [48, B8, C9, A4, 18, 5D, 00, ...] .text C:\Windows\System32\igfxpers.exe[3848] C:\Windows\system32\KERNELBASE.dll!CreateProcessInternalW 00007ffb2dd068c0 12 bytes [48, B8, 89, 28, 18, 5D, 00, ...] .text C:\Windows\System32\igfxpers.exe[3848] C:\Windows\system32\KERNELBASE.dll!WriteProcessMemory + 1 00007ffb2dd14ac1 11 bytes [B8, 89, 3D, 18, 5D, 00, 00, ...] .text C:\Windows\System32\igfxpers.exe[3848] C:\Windows\system32\KERNELBASE.dll!MoveFileExW + 1 00007ffb2dd4cb51 8 bytes [B8, 89, C2, 18, 5D, 00, 00, ...] .text C:\Windows\System32\igfxpers.exe[3848] C:\Windows\system32\KERNELBASE.dll!MoveFileExW + 10 00007ffb2dd4cb5a 2 bytes [50, C3] .text C:\Windows\System32\igfxpers.exe[3848] C:\Windows\system32\KERNELBASE.dll!MoveFileWithProgressW + 1 00007ffb2dd522e1 11 bytes [B8, C9, C7, 18, 5D, 00, 00, ...] .text C:\Windows\System32\igfxpers.exe[3848] C:\Windows\system32\KERNELBASE.dll!DefineDosDeviceW + 1 00007ffb2dd69b79 11 bytes [B8, 49, BD, 18, 5D, 00, 00, ...] .text C:\Windows\System32\igfxpers.exe[3848] C:\Windows\system32\KERNELBASE.dll!CreateThread 00007ffb2dd69eb0 12 bytes [48, B8, C9, 3B, 18, 5D, 00, ...] .text C:\Windows\System32\igfxpers.exe[3848] C:\Windows\system32\KERNELBASE.dll!ReadConsoleInputA + 1 00007ffb2ddbada5 11 bytes [B8, 49, 70, 18, 5D, 00, 00, ...] .text C:\Windows\System32\igfxpers.exe[3848] C:\Windows\system32\KERNELBASE.dll!ReadConsoleInputW + 1 00007ffb2ddbae11 11 bytes [B8, 09, 72, 18, 5D, 00, 00, ...] .text C:\Windows\System32\igfxpers.exe[3848] C:\Windows\system32\KERNELBASE.dll!ReadConsoleA 00007ffb2ddbb82c 12 bytes [48, B8, C9, 73, 18, 5D, 00, ...] .text C:\Windows\System32\igfxpers.exe[3848] C:\Windows\system32\KERNELBASE.dll!ReadConsoleW 00007ffb2ddbba54 12 bytes [48, B8, 89, 75, 18, 5D, 00, ...] .text C:\Windows\System32\igfxpers.exe[3848] C:\Windows\system32\KERNELBASE.dll!CreateRemoteThread 00007ffb2ddccddc 12 bytes [48, B8, C9, 1F, 18, 5D, 00, ...] .text C:\Windows\System32\igfxpers.exe[3848] C:\Windows\system32\USER32.dll!ShowWindow 00007ffb2e5d1190 6 bytes [48, B8, C9, 88, 18, 5D] .text C:\Windows\System32\igfxpers.exe[3848] C:\Windows\system32\USER32.dll!ShowWindow + 8 00007ffb2e5d1198 4 bytes [00, 00, 50, C3] .text C:\Windows\System32\igfxpers.exe[3848] C:\Windows\system32\USER32.dll!UnhookWindowsHookEx 00007ffb2e5d11f0 6 bytes [48, B8, 89, 7C, 18, 5D] .text C:\Windows\System32\igfxpers.exe[3848] C:\Windows\system32\USER32.dll!UnhookWindowsHookEx + 8 00007ffb2e5d11f8 4 bytes [00, 00, 50, C3] .text C:\Windows\System32\igfxpers.exe[3848] C:\Windows\system32\USER32.dll!GetMessageW 00007ffb2e5d2030 12 bytes [48, B8, 09, 6B, 18, 5D, 00, ...] .text C:\Windows\System32\igfxpers.exe[3848] C:\Windows\system32\USER32.dll!PeekMessageW + 1 00007ffb2e5d3071 11 bytes [B8, 89, 6E, 18, 5D, 00, 00, ...] .text C:\Windows\System32\igfxpers.exe[3848] C:\Windows\system32\USER32.dll!PostMessageW + 1 00007ffb2e5d34d1 11 bytes [B8, 49, D9, 18, 5D, 00, 00, ...] .text C:\Windows\System32\igfxpers.exe[3848] C:\Windows\system32\USER32.dll!CallNextHookEx + 1 00007ffb2e5d3be1 3 bytes [B8, C9, 7A] .text C:\Windows\System32\igfxpers.exe[3848] C:\Windows\system32\USER32.dll!CallNextHookEx + 5 00007ffb2e5d3be5 7 bytes [5D, 00, 00, 00, 00, 50, C3] .text C:\Windows\System32\igfxpers.exe[3848] C:\Windows\system32\USER32.dll!SetWindowTextW + 1 00007ffb2e5d56e1 11 bytes [B8, 49, 93, 18, 5D, 00, 00, ...] .text C:\Windows\System32\igfxpers.exe[3848] C:\Windows\system32\USER32.dll!GetMessageA + 1 00007ffb2e5d6401 11 bytes [B8, 49, 69, 18, 5D, 00, 00, ...] .text C:\Windows\System32\igfxpers.exe[3848] C:\Windows\system32\USER32.dll!PostMessageA 00007ffb2e5d6970 4 bytes [48, B8, 89, D7] .text C:\Windows\System32\igfxpers.exe[3848] C:\Windows\system32\USER32.dll!PostMessageA + 5 00007ffb2e5d6975 7 bytes [5D, 00, 00, 00, 00, 50, C3] .text C:\Windows\System32\igfxpers.exe[3848] C:\Windows\system32\USER32.dll!CreateWindowExW 00007ffb2e5d7834 7 bytes [48, B8, 49, 85, 18, 5D, 00] .text C:\Windows\System32\igfxpers.exe[3848] C:\Windows\system32\USER32.dll!CreateWindowExW + 10 00007ffb2e5d783e 2 bytes [50, C3] .text C:\Windows\System32\igfxpers.exe[3848] C:\Windows\system32\USER32.dll!SetWindowsHookExW + 1 00007ffb2e5da861 7 bytes [B8, 09, 1E, 18, 5D, 00, 00] .text C:\Windows\System32\igfxpers.exe[3848] C:\Windows\system32\USER32.dll!SetWindowsHookExW + 9 00007ffb2e5da869 3 bytes [00, 50, C3] .text C:\Windows\System32\igfxpers.exe[3848] C:\Windows\system32\USER32.dll!CreateWindowExA 00007ffb2e5dae38 7 bytes [48, B8, 09, 87, 18, 5D, 00] .text C:\Windows\System32\igfxpers.exe[3848] C:\Windows\system32\USER32.dll!CreateWindowExA + 10 00007ffb2e5dae42 2 bytes [50, C3] .text C:\Windows\System32\igfxpers.exe[3848] C:\Windows\system32\USER32.dll!FindWindowExW + 1 00007ffb2e5dceb1 11 bytes [B8, C9, AB, 18, 5D, 00, 00, ...] .text C:\Windows\System32\igfxpers.exe[3848] C:\Windows\system32\USER32.dll!FindWindowExA + 1 00007ffb2e5dd241 7 bytes [B8, 49, A8, 18, 5D, 00, 00] .text C:\Windows\System32\igfxpers.exe[3848] C:\Windows\system32\USER32.dll!FindWindowExA + 9 00007ffb2e5dd249 3 bytes [00, 50, C3] .text C:\Windows\System32\igfxpers.exe[3848] C:\Windows\system32\USER32.dll!FindWindowW + 1 00007ffb2e5dec31 7 bytes [B8, 09, AA, 18, 5D, 00, 00] .text C:\Windows\System32\igfxpers.exe[3848] C:\Windows\system32\USER32.dll!FindWindowW + 9 00007ffb2e5dec39 3 bytes [00, 50, C3] .text C:\Windows\System32\igfxpers.exe[3848] C:\Windows\system32\USER32.dll!SetWinEventHook 00007ffb2e5e2214 12 bytes [48, B8, 09, 3A, 18, 5D, 00, ...] .text C:\Windows\System32\igfxpers.exe[3848] C:\Windows\system32\USER32.dll!CreateDialogIndirectParamAorW + 1 00007ffb2e5f0dcd 11 bytes [B8, 89, 8A, 18, 5D, 00, 00, ...] .text C:\Windows\System32\igfxpers.exe[3848] C:\Windows\system32\USER32.dll!PeekMessageA + 1 00007ffb2e5f20e1 11 bytes [B8, C9, 6C, 18, 5D, 00, 00, ...] .text C:\Windows\System32\igfxpers.exe[3848] C:\Windows\system32\USER32.dll!UserClientDllInitialize + 1 00007ffb2e5f2831 11 bytes [B8, 49, E7, 18, 5D, 00, 00, ...] .text C:\Windows\System32\igfxpers.exe[3848] C:\Windows\system32\USER32.dll!DialogBoxIndirectParamAorW + 1 00007ffb2e600799 11 bytes [B8, 49, 8C, 18, 5D, 00, 00, ...] .text C:\Windows\System32\igfxpers.exe[3848] C:\Windows\system32\USER32.dll!SetWindowsHookExA + 1 00007ffb2e62d979 8 bytes [B8, 49, 1C, 18, 5D, 00, 00, ...] .text C:\Windows\System32\igfxpers.exe[3848] C:\Windows\system32\USER32.dll!SetWindowsHookExA + 10 00007ffb2e62d982 2 bytes [50, C3] .text C:\Windows\System32\igfxpers.exe[3848] C:\Windows\system32\USER32.dll!MessageBoxExA + 1 00007ffb2e6536fd 11 bytes [B8, 09, 8E, 18, 5D, 00, 00, ...] .text C:\Windows\System32\igfxpers.exe[3848] C:\Windows\system32\USER32.dll!MessageBoxExW + 1 00007ffb2e653721 11 bytes [B8, C9, 8F, 18, 5D, 00, 00, ...] .text C:\Windows\System32\igfxpers.exe[3848] C:\Windows\system32\USER32.dll!FindWindowA + 1 00007ffb2e654881 11 bytes [B8, 89, A6, 18, 5D, 00, 00, ...] .text C:\Windows\System32\igfxpers.exe[3848] C:\Windows\system32\USER32.dll!SetWindowTextA + 1 00007ffb2e65c725 11 bytes [B8, 89, 91, 18, 5D, 00, 00, ...] .text C:\Windows\System32\igfxpers.exe[3848] C:\Windows\system32\ADVAPI32.dll!CreateServiceA 00007ffb2e0ecd04 12 bytes [48, B8, C9, 65, 18, 5D, 00, ...] .text C:\Windows\System32\igfxpers.exe[3848] C:\Windows\system32\ADVAPI32.dll!CreateServiceW 00007ffb2e0ecd88 12 bytes [48, B8, 89, 67, 18, 5D, 00, ...] .text C:\Windows\System32\igfxpers.exe[3848] C:\Windows\system32\SHELL32.dll!Shell_NotifyIconW + 1 00007ffb2e883415 3 bytes [B8, 49, 7E] .text C:\Windows\System32\igfxpers.exe[3848] C:\Windows\system32\SHELL32.dll!Shell_NotifyIconW + 5 00007ffb2e883419 7 bytes [5D, 00, 00, 00, 00, 50, C3] .text C:\Windows\System32\igfxpers.exe[3848] C:\Windows\SYSTEM32\sechost.dll!CredIsProtectedW + 225 00007ffb2e032501 11 bytes [B8, 89, EC, 18, 5D, 00, 00, ...] .text C:\Windows\System32\igfxpers.exe[3848] C:\Windows\SYSTEM32\sechost.dll!CloseServiceHandle + 1 00007ffb2e034fcd 11 bytes [B8, 09, 5D, 18, 5D, 00, 00, ...] .text C:\Windows\System32\igfxpers.exe[3848] C:\Windows\SYSTEM32\sechost.dll!OpenServiceW 00007ffb2e0354e0 12 bytes [48, B8, C9, 50, 18, 5D, 00, ...] .text C:\Windows\System32\igfxpers.exe[3848] C:\Windows\SYSTEM32\sechost.dll!ControlServiceExW + 1 00007ffb2e037e31 11 bytes [B8, 49, 54, 18, 5D, 00, 00, ...] .text C:\Windows\System32\igfxpers.exe[3848] C:\Windows\SYSTEM32\sechost.dll!ControlService + 1 00007ffb2e038975 11 bytes [B8, 09, 56, 18, 5D, 00, 00, ...] .text C:\Windows\System32\igfxpers.exe[3848] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigW + 1 00007ffb2e03c295 11 bytes [B8, 49, 5B, 18, 5D, 00, 00, ...] .text C:\Windows\System32\igfxpers.exe[3848] C:\Windows\SYSTEM32\sechost.dll!OpenServiceA 00007ffb2e058840 12 bytes [48, B8, 09, 4F, 18, 5D, 00, ...] .text C:\Windows\System32\igfxpers.exe[3848] C:\Windows\SYSTEM32\sechost.dll!DeleteService + 1 00007ffb2e059905 11 bytes [B8, C9, 57, 18, 5D, 00, 00, ...] .text C:\Windows\System32\igfxpers.exe[3848] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigA + 1 00007ffb2e05c721 11 bytes [B8, 89, 59, 18, 5D, 00, 00, ...] .text C:\Windows\System32\igfxpers.exe[3848] C:\Windows\SYSTEM32\sechost.dll!ControlServiceExA + 1 00007ffb2e06cbf1 11 bytes [B8, 89, 52, 18, 5D, 00, 00, ...] .text C:\Program Files\TOSHIBA\Hotkey\TCrdMain_Win8.exe[3632] C:\Windows\system32\KERNEL32.DLL!CreateToolhelp32Snapshot 00007ffb2fbea8f0 12 bytes [48, B8, C9, 34, 18, 5D, 00, ...] .text C:\Program Files\TOSHIBA\Hotkey\TCrdMain_Win8.exe[3632] C:\Windows\system32\KERNEL32.DLL!Process32NextW 00007ffb2fbeb0f0 12 bytes [48, B8, 49, AF, 18, 5D, 00, ...] .text C:\Program Files\TOSHIBA\Hotkey\TCrdMain_Win8.exe[3632] C:\Windows\system32\KERNEL32.DLL!GetStartupInfoA + 1 00007ffb2fc82731 11 bytes [B8, 09, D4, 18, 5D, 00, 00, ...] .text C:\Program Files\TOSHIBA\Hotkey\TCrdMain_Win8.exe[3632] C:\Windows\system32\KERNEL32.DLL!MoveFileExA + 1 00007ffb2fca6f9d 8 bytes [B8, C9, C0, 18, 5D, 00, 00, ...] .text C:\Program Files\TOSHIBA\Hotkey\TCrdMain_Win8.exe[3632] C:\Windows\system32\KERNEL32.DLL!MoveFileExA + 10 00007ffb2fca6fa6 2 bytes [50, C3] .text C:\Program Files\TOSHIBA\Hotkey\TCrdMain_Win8.exe[3632] C:\Windows\system32\KERNEL32.DLL!MoveFileWithProgressA + 1 00007ffb2fca7095 11 bytes [B8, 09, C6, 18, 5D, 00, 00, ...] .text C:\Program Files\TOSHIBA\Hotkey\TCrdMain_Win8.exe[3632] C:\Windows\system32\KERNELBASE.dll!CloseHandle 00007ffb2dcf14f0 12 bytes [48, B8, 49, 4D, 18, 5D, 00, ...] .text C:\Program Files\TOSHIBA\Hotkey\TCrdMain_Win8.exe[3632] C:\Windows\system32\KERNELBASE.dll!FreeLibrary + 1 00007ffb2dcf54c9 11 bytes [B8, 09, A3, 18, 5D, 00, 00, ...] .text C:\Program Files\TOSHIBA\Hotkey\TCrdMain_Win8.exe[3632] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW + 1 00007ffb2dcf55b1 11 bytes [B8, 49, A1, 18, 5D, 00, 00, ...] .text C:\Program Files\TOSHIBA\Hotkey\TCrdMain_Win8.exe[3632] C:\Windows\system32\KERNELBASE.dll!OpenMutexW + 1 00007ffb2dcf6741 11 bytes [B8, C9, 49, 18, 5D, 00, 00, ...] .text C:\Program Files\TOSHIBA\Hotkey\TCrdMain_Win8.exe[3632] C:\Windows\system32\KERNELBASE.dll!CreateMutexW 00007ffb2dcf688c 12 bytes [48, B8, 89, 4B, 18, 5D, 00, ...] .text C:\Program Files\TOSHIBA\Hotkey\TCrdMain_Win8.exe[3632] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExA + 1 00007ffb2dcf8f99 11 bytes [B8, 89, 9F, 18, 5D, 00, 00, ...] .text C:\Program Files\TOSHIBA\Hotkey\TCrdMain_Win8.exe[3632] C:\Windows\system32\KERNELBASE.dll!GetProcAddress 00007ffb2dcf9e94 12 bytes [48, B8, C9, A4, 18, 5D, 00, ...] .text C:\Program Files\TOSHIBA\Hotkey\TCrdMain_Win8.exe[3632] C:\Windows\system32\KERNELBASE.dll!CreateProcessInternalW 00007ffb2dd068c0 12 bytes [48, B8, 89, 28, 18, 5D, 00, ...] .text C:\Program Files\TOSHIBA\Hotkey\TCrdMain_Win8.exe[3632] C:\Windows\system32\KERNELBASE.dll!WriteProcessMemory + 1 00007ffb2dd14ac1 11 bytes [B8, 89, 3D, 18, 5D, 00, 00, ...] .text C:\Program Files\TOSHIBA\Hotkey\TCrdMain_Win8.exe[3632] C:\Windows\system32\KERNELBASE.dll!MoveFileExW + 1 00007ffb2dd4cb51 8 bytes [B8, 89, C2, 18, 5D, 00, 00, ...] .text C:\Program Files\TOSHIBA\Hotkey\TCrdMain_Win8.exe[3632] C:\Windows\system32\KERNELBASE.dll!MoveFileExW + 10 00007ffb2dd4cb5a 2 bytes [50, C3] .text C:\Program Files\TOSHIBA\Hotkey\TCrdMain_Win8.exe[3632] C:\Windows\system32\KERNELBASE.dll!MoveFileWithProgressW + 1 00007ffb2dd522e1 11 bytes [B8, C9, C7, 18, 5D, 00, 00, ...] .text C:\Program Files\TOSHIBA\Hotkey\TCrdMain_Win8.exe[3632] C:\Windows\system32\KERNELBASE.dll!DefineDosDeviceW + 1 00007ffb2dd69b79 11 bytes [B8, 49, BD, 18, 5D, 00, 00, ...] .text C:\Program Files\TOSHIBA\Hotkey\TCrdMain_Win8.exe[3632] C:\Windows\system32\KERNELBASE.dll!CreateThread 00007ffb2dd69eb0 12 bytes [48, B8, C9, 3B, 18, 5D, 00, ...] .text C:\Program Files\TOSHIBA\Hotkey\TCrdMain_Win8.exe[3632] C:\Windows\system32\KERNELBASE.dll!ReadConsoleInputA + 1 00007ffb2ddbada5 11 bytes [B8, 49, 70, 18, 5D, 00, 00, ...] .text C:\Program Files\TOSHIBA\Hotkey\TCrdMain_Win8.exe[3632] C:\Windows\system32\KERNELBASE.dll!ReadConsoleInputW + 1 00007ffb2ddbae11 11 bytes [B8, 09, 72, 18, 5D, 00, 00, ...] .text C:\Program Files\TOSHIBA\Hotkey\TCrdMain_Win8.exe[3632] C:\Windows\system32\KERNELBASE.dll!ReadConsoleA 00007ffb2ddbb82c 12 bytes [48, B8, C9, 73, 18, 5D, 00, ...] .text C:\Program Files\TOSHIBA\Hotkey\TCrdMain_Win8.exe[3632] C:\Windows\system32\KERNELBASE.dll!ReadConsoleW 00007ffb2ddbba54 12 bytes [48, B8, 89, 75, 18, 5D, 00, ...] .text C:\Program Files\TOSHIBA\Hotkey\TCrdMain_Win8.exe[3632] C:\Windows\system32\KERNELBASE.dll!CreateRemoteThread 00007ffb2ddccddc 12 bytes [48, B8, C9, 1F, 18, 5D, 00, ...] .text C:\Program Files\TOSHIBA\Hotkey\TCrdMain_Win8.exe[3632] C:\Windows\system32\USER32.dll!ShowWindow 00007ffb2e5d1190 6 bytes [48, B8, C9, 88, 18, 5D] .text C:\Program Files\TOSHIBA\Hotkey\TCrdMain_Win8.exe[3632] C:\Windows\system32\USER32.dll!ShowWindow + 8 00007ffb2e5d1198 4 bytes [00, 00, 50, C3] .text C:\Program Files\TOSHIBA\Hotkey\TCrdMain_Win8.exe[3632] C:\Windows\system32\USER32.dll!UnhookWindowsHookEx 00007ffb2e5d11f0 6 bytes [48, B8, 89, 7C, 18, 5D] .text C:\Program Files\TOSHIBA\Hotkey\TCrdMain_Win8.exe[3632] C:\Windows\system32\USER32.dll!UnhookWindowsHookEx + 8 00007ffb2e5d11f8 4 bytes [00, 00, 50, C3] .text C:\Program Files\TOSHIBA\Hotkey\TCrdMain_Win8.exe[3632] C:\Windows\system32\USER32.dll!GetMessageW 00007ffb2e5d2030 12 bytes [48, B8, 09, 6B, 18, 5D, 00, ...] .text C:\Program Files\TOSHIBA\Hotkey\TCrdMain_Win8.exe[3632] C:\Windows\system32\USER32.dll!PeekMessageW + 1 00007ffb2e5d3071 11 bytes [B8, 89, 6E, 18, 5D, 00, 00, ...] .text C:\Program Files\TOSHIBA\Hotkey\TCrdMain_Win8.exe[3632] C:\Windows\system32\USER32.dll!PostMessageW + 1 00007ffb2e5d34d1 11 bytes [B8, 49, D9, 18, 5D, 00, 00, ...] .text C:\Program Files\TOSHIBA\Hotkey\TCrdMain_Win8.exe[3632] C:\Windows\system32\USER32.dll!CallNextHookEx + 1 00007ffb2e5d3be1 3 bytes [B8, C9, 7A] .text C:\Program Files\TOSHIBA\Hotkey\TCrdMain_Win8.exe[3632] C:\Windows\system32\USER32.dll!CallNextHookEx + 5 00007ffb2e5d3be5 7 bytes [5D, 00, 00, 00, 00, 50, C3] .text C:\Program Files\TOSHIBA\Hotkey\TCrdMain_Win8.exe[3632] C:\Windows\system32\USER32.dll!SetWindowTextW + 1 00007ffb2e5d56e1 11 bytes [B8, 49, 93, 18, 5D, 00, 00, ...] .text C:\Program Files\TOSHIBA\Hotkey\TCrdMain_Win8.exe[3632] C:\Windows\system32\USER32.dll!GetMessageA + 1 00007ffb2e5d6401 11 bytes [B8, 49, 69, 18, 5D, 00, 00, ...] .text C:\Program Files\TOSHIBA\Hotkey\TCrdMain_Win8.exe[3632] C:\Windows\system32\USER32.dll!PostMessageA 00007ffb2e5d6970 4 bytes [48, B8, 89, D7] .text C:\Program Files\TOSHIBA\Hotkey\TCrdMain_Win8.exe[3632] C:\Windows\system32\USER32.dll!PostMessageA + 5 00007ffb2e5d6975 7 bytes [5D, 00, 00, 00, 00, 50, C3] .text C:\Program Files\TOSHIBA\Hotkey\TCrdMain_Win8.exe[3632] C:\Windows\system32\USER32.dll!CreateWindowExW 00007ffb2e5d7834 7 bytes [48, B8, 49, 85, 18, 5D, 00] .text C:\Program Files\TOSHIBA\Hotkey\TCrdMain_Win8.exe[3632] C:\Windows\system32\USER32.dll!CreateWindowExW + 10 00007ffb2e5d783e 2 bytes [50, C3] .text C:\Program Files\TOSHIBA\Hotkey\TCrdMain_Win8.exe[3632] C:\Windows\system32\USER32.dll!SetWindowsHookExW + 1 00007ffb2e5da861 7 bytes [B8, 09, 1E, 18, 5D, 00, 00] .text C:\Program Files\TOSHIBA\Hotkey\TCrdMain_Win8.exe[3632] C:\Windows\system32\USER32.dll!SetWindowsHookExW + 9 00007ffb2e5da869 3 bytes [00, 50, C3] .text C:\Program Files\TOSHIBA\Hotkey\TCrdMain_Win8.exe[3632] C:\Windows\system32\USER32.dll!CreateWindowExA 00007ffb2e5dae38 7 bytes [48, B8, 09, 87, 18, 5D, 00] .text C:\Program Files\TOSHIBA\Hotkey\TCrdMain_Win8.exe[3632] C:\Windows\system32\USER32.dll!CreateWindowExA + 10 00007ffb2e5dae42 2 bytes [50, C3] .text C:\Program Files\TOSHIBA\Hotkey\TCrdMain_Win8.exe[3632] C:\Windows\system32\USER32.dll!FindWindowExW + 1 00007ffb2e5dceb1 11 bytes [B8, C9, AB, 18, 5D, 00, 00, ...] .text C:\Program Files\TOSHIBA\Hotkey\TCrdMain_Win8.exe[3632] C:\Windows\system32\USER32.dll!FindWindowExA + 1 00007ffb2e5dd241 7 bytes [B8, 49, A8, 18, 5D, 00, 00] .text C:\Program Files\TOSHIBA\Hotkey\TCrdMain_Win8.exe[3632] C:\Windows\system32\USER32.dll!FindWindowExA + 9 00007ffb2e5dd249 3 bytes [00, 50, C3] .text C:\Program Files\TOSHIBA\Hotkey\TCrdMain_Win8.exe[3632] C:\Windows\system32\USER32.dll!FindWindowW + 1 00007ffb2e5dec31 7 bytes [B8, 09, AA, 18, 5D, 00, 00] .text C:\Program Files\TOSHIBA\Hotkey\TCrdMain_Win8.exe[3632] C:\Windows\system32\USER32.dll!FindWindowW + 9 00007ffb2e5dec39 3 bytes [00, 50, C3] .text C:\Program Files\TOSHIBA\Hotkey\TCrdMain_Win8.exe[3632] C:\Windows\system32\USER32.dll!SetWinEventHook 00007ffb2e5e2214 12 bytes [48, B8, 09, 3A, 18, 5D, 00, ...] .text C:\Program Files\TOSHIBA\Hotkey\TCrdMain_Win8.exe[3632] C:\Windows\system32\USER32.dll!CreateDialogIndirectParamAorW + 1 00007ffb2e5f0dcd 11 bytes [B8, 89, 8A, 18, 5D, 00, 00, ...] .text C:\Program Files\TOSHIBA\Hotkey\TCrdMain_Win8.exe[3632] C:\Windows\system32\USER32.dll!PeekMessageA + 1 00007ffb2e5f20e1 11 bytes [B8, C9, 6C, 18, 5D, 00, 00, ...] .text C:\Program Files\TOSHIBA\Hotkey\TCrdMain_Win8.exe[3632] C:\Windows\system32\USER32.dll!UserClientDllInitialize + 1 00007ffb2e5f2831 11 bytes [B8, 49, E7, 18, 5D, 00, 00, ...] .text C:\Program Files\TOSHIBA\Hotkey\TCrdMain_Win8.exe[3632] C:\Windows\system32\USER32.dll!DialogBoxIndirectParamAorW + 1 00007ffb2e600799 11 bytes [B8, 49, 8C, 18, 5D, 00, 00, ...] .text C:\Program Files\TOSHIBA\Hotkey\TCrdMain_Win8.exe[3632] C:\Windows\system32\USER32.dll!SetWindowsHookExA + 1 00007ffb2e62d979 8 bytes [B8, 49, 1C, 18, 5D, 00, 00, ...] .text C:\Program Files\TOSHIBA\Hotkey\TCrdMain_Win8.exe[3632] C:\Windows\system32\USER32.dll!SetWindowsHookExA + 10 00007ffb2e62d982 2 bytes [50, C3] .text C:\Program Files\TOSHIBA\Hotkey\TCrdMain_Win8.exe[3632] C:\Windows\system32\USER32.dll!MessageBoxExA + 1 00007ffb2e6536fd 11 bytes [B8, 09, 8E, 18, 5D, 00, 00, ...] .text C:\Program Files\TOSHIBA\Hotkey\TCrdMain_Win8.exe[3632] C:\Windows\system32\USER32.dll!MessageBoxExW + 1 00007ffb2e653721 11 bytes [B8, C9, 8F, 18, 5D, 00, 00, ...] .text C:\Program Files\TOSHIBA\Hotkey\TCrdMain_Win8.exe[3632] C:\Windows\system32\USER32.dll!FindWindowA + 1 00007ffb2e654881 11 bytes [B8, 89, A6, 18, 5D, 00, 00, ...] .text C:\Program Files\TOSHIBA\Hotkey\TCrdMain_Win8.exe[3632] C:\Windows\system32\USER32.dll!SetWindowTextA + 1 00007ffb2e65c725 11 bytes [B8, 89, 91, 18, 5D, 00, 00, ...] .text C:\Program Files\TOSHIBA\Hotkey\TCrdMain_Win8.exe[3632] C:\Windows\system32\ADVAPI32.dll!CreateServiceA 00007ffb2e0ecd04 12 bytes [48, B8, C9, 65, 18, 5D, 00, ...] .text C:\Program Files\TOSHIBA\Hotkey\TCrdMain_Win8.exe[3632] C:\Windows\system32\ADVAPI32.dll!CreateServiceW 00007ffb2e0ecd88 12 bytes [48, B8, 89, 67, 18, 5D, 00, ...] .text C:\Program Files\TOSHIBA\Hotkey\TCrdMain_Win8.exe[3632] C:\Windows\system32\SHELL32.dll!Shell_NotifyIconW + 1 00007ffb2e883415 3 bytes [B8, 49, 7E] .text C:\Program Files\TOSHIBA\Hotkey\TCrdMain_Win8.exe[3632] C:\Windows\system32\SHELL32.dll!Shell_NotifyIconW + 5 00007ffb2e883419 7 bytes [5D, 00, 00, 00, 00, 50, C3] .text C:\Program Files\TOSHIBA\Hotkey\TCrdMain_Win8.exe[3632] C:\Windows\SYSTEM32\sechost.dll!CredIsProtectedW + 225 00007ffb2e032501 11 bytes [B8, 89, EC, 18, 5D, 00, 00, ...] .text C:\Program Files\TOSHIBA\Hotkey\TCrdMain_Win8.exe[3632] C:\Windows\SYSTEM32\sechost.dll!CloseServiceHandle + 1 00007ffb2e034fcd 11 bytes [B8, 09, 5D, 18, 5D, 00, 00, ...] .text C:\Program Files\TOSHIBA\Hotkey\TCrdMain_Win8.exe[3632] C:\Windows\SYSTEM32\sechost.dll!OpenServiceW 00007ffb2e0354e0 12 bytes [48, B8, C9, 50, 18, 5D, 00, ...] .text C:\Program Files\TOSHIBA\Hotkey\TCrdMain_Win8.exe[3632] C:\Windows\SYSTEM32\sechost.dll!ControlServiceExW + 1 00007ffb2e037e31 11 bytes [B8, 49, 54, 18, 5D, 00, 00, ...] .text C:\Program Files\TOSHIBA\Hotkey\TCrdMain_Win8.exe[3632] C:\Windows\SYSTEM32\sechost.dll!ControlService + 1 00007ffb2e038975 11 bytes [B8, 09, 56, 18, 5D, 00, 00, ...] .text C:\Program Files\TOSHIBA\Hotkey\TCrdMain_Win8.exe[3632] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigW + 1 00007ffb2e03c295 11 bytes [B8, 49, 5B, 18, 5D, 00, 00, ...] .text C:\Program Files\TOSHIBA\Hotkey\TCrdMain_Win8.exe[3632] C:\Windows\SYSTEM32\sechost.dll!OpenServiceA 00007ffb2e058840 12 bytes [48, B8, 09, 4F, 18, 5D, 00, ...] .text C:\Program Files\TOSHIBA\Hotkey\TCrdMain_Win8.exe[3632] C:\Windows\SYSTEM32\sechost.dll!DeleteService + 1 00007ffb2e059905 11 bytes [B8, C9, 57, 18, 5D, 00, 00, ...] .text C:\Program Files\TOSHIBA\Hotkey\TCrdMain_Win8.exe[3632] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigA + 1 00007ffb2e05c721 11 bytes [B8, 89, 59, 18, 5D, 00, 00, ...] .text C:\Program Files\TOSHIBA\Hotkey\TCrdMain_Win8.exe[3632] C:\Windows\SYSTEM32\sechost.dll!ControlServiceExA + 1 00007ffb2e06cbf1 11 bytes [B8, 89, 52, 18, 5D, 00, 00, ...] .text C:\Program Files\TOSHIBA\Teco\TecoResident.exe[3128] C:\Windows\system32\KERNEL32.DLL!CreateToolhelp32Snapshot 00007ffb2fbea8f0 12 bytes [48, B8, C9, 34, 18, 5D, 00, ...] .text C:\Program Files\TOSHIBA\Teco\TecoResident.exe[3128] C:\Windows\system32\KERNEL32.DLL!Process32NextW 00007ffb2fbeb0f0 12 bytes [48, B8, 49, AF, 18, 5D, 00, ...] .text C:\Program Files\TOSHIBA\Teco\TecoResident.exe[3128] C:\Windows\system32\KERNEL32.DLL!GetStartupInfoA + 1 00007ffb2fc82731 11 bytes [B8, 09, D4, 18, 5D, 00, 00, ...] .text C:\Program Files\TOSHIBA\Teco\TecoResident.exe[3128] C:\Windows\system32\KERNEL32.DLL!MoveFileExA + 1 00007ffb2fca6f9d 8 bytes [B8, C9, C0, 18, 5D, 00, 00, ...] .text C:\Program Files\TOSHIBA\Teco\TecoResident.exe[3128] C:\Windows\system32\KERNEL32.DLL!MoveFileExA + 10 00007ffb2fca6fa6 2 bytes [50, C3] .text C:\Program Files\TOSHIBA\Teco\TecoResident.exe[3128] C:\Windows\system32\KERNEL32.DLL!MoveFileWithProgressA + 1 00007ffb2fca7095 11 bytes [B8, 09, C6, 18, 5D, 00, 00, ...] .text C:\Program Files\TOSHIBA\Teco\TecoResident.exe[3128] C:\Windows\system32\KERNELBASE.dll!CloseHandle 00007ffb2dcf14f0 12 bytes [48, B8, 49, 4D, 18, 5D, 00, ...] .text C:\Program Files\TOSHIBA\Teco\TecoResident.exe[3128] C:\Windows\system32\KERNELBASE.dll!FreeLibrary + 1 00007ffb2dcf54c9 11 bytes [B8, 09, A3, 18, 5D, 00, 00, ...] .text C:\Program Files\TOSHIBA\Teco\TecoResident.exe[3128] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW + 1 00007ffb2dcf55b1 11 bytes [B8, 49, A1, 18, 5D, 00, 00, ...] .text C:\Program Files\TOSHIBA\Teco\TecoResident.exe[3128] C:\Windows\system32\KERNELBASE.dll!OpenMutexW + 1 00007ffb2dcf6741 11 bytes [B8, C9, 49, 18, 5D, 00, 00, ...] .text C:\Program Files\TOSHIBA\Teco\TecoResident.exe[3128] C:\Windows\system32\KERNELBASE.dll!CreateMutexW 00007ffb2dcf688c 12 bytes [48, B8, 89, 4B, 18, 5D, 00, ...] .text C:\Program Files\TOSHIBA\Teco\TecoResident.exe[3128] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExA + 1 00007ffb2dcf8f99 11 bytes [B8, 89, 9F, 18, 5D, 00, 00, ...] .text C:\Program Files\TOSHIBA\Teco\TecoResident.exe[3128] C:\Windows\system32\KERNELBASE.dll!GetProcAddress 00007ffb2dcf9e94 12 bytes [48, B8, C9, A4, 18, 5D, 00, ...] .text C:\Program Files\TOSHIBA\Teco\TecoResident.exe[3128] C:\Windows\system32\KERNELBASE.dll!CreateProcessInternalW 00007ffb2dd068c0 12 bytes [48, B8, 89, 28, 18, 5D, 00, ...] .text C:\Program Files\TOSHIBA\Teco\TecoResident.exe[3128] C:\Windows\system32\KERNELBASE.dll!WriteProcessMemory + 1 00007ffb2dd14ac1 11 bytes [B8, 89, 3D, 18, 5D, 00, 00, ...] .text C:\Program Files\TOSHIBA\Teco\TecoResident.exe[3128] C:\Windows\system32\KERNELBASE.dll!MoveFileExW + 1 00007ffb2dd4cb51 8 bytes [B8, 89, C2, 18, 5D, 00, 00, ...] .text C:\Program Files\TOSHIBA\Teco\TecoResident.exe[3128] C:\Windows\system32\KERNELBASE.dll!MoveFileExW + 10 00007ffb2dd4cb5a 2 bytes [50, C3] .text C:\Program Files\TOSHIBA\Teco\TecoResident.exe[3128] C:\Windows\system32\KERNELBASE.dll!MoveFileWithProgressW + 1 00007ffb2dd522e1 11 bytes [B8, C9, C7, 18, 5D, 00, 00, ...] .text C:\Program Files\TOSHIBA\Teco\TecoResident.exe[3128] C:\Windows\system32\KERNELBASE.dll!DefineDosDeviceW + 1 00007ffb2dd69b79 11 bytes [B8, 49, BD, 18, 5D, 00, 00, ...] .text C:\Program Files\TOSHIBA\Teco\TecoResident.exe[3128] C:\Windows\system32\KERNELBASE.dll!CreateThread 00007ffb2dd69eb0 12 bytes [48, B8, C9, 3B, 18, 5D, 00, ...] .text C:\Program Files\TOSHIBA\Teco\TecoResident.exe[3128] C:\Windows\system32\KERNELBASE.dll!ReadConsoleInputA + 1 00007ffb2ddbada5 11 bytes [B8, 49, 70, 18, 5D, 00, 00, ...] .text C:\Program Files\TOSHIBA\Teco\TecoResident.exe[3128] C:\Windows\system32\KERNELBASE.dll!ReadConsoleInputW + 1 00007ffb2ddbae11 11 bytes [B8, 09, 72, 18, 5D, 00, 00, ...] .text C:\Program Files\TOSHIBA\Teco\TecoResident.exe[3128] C:\Windows\system32\KERNELBASE.dll!ReadConsoleA 00007ffb2ddbb82c 12 bytes [48, B8, C9, 73, 18, 5D, 00, ...] .text C:\Program Files\TOSHIBA\Teco\TecoResident.exe[3128] C:\Windows\system32\KERNELBASE.dll!ReadConsoleW 00007ffb2ddbba54 12 bytes [48, B8, 89, 75, 18, 5D, 00, ...] .text C:\Program Files\TOSHIBA\Teco\TecoResident.exe[3128] C:\Windows\system32\KERNELBASE.dll!CreateRemoteThread 00007ffb2ddccddc 12 bytes [48, B8, C9, 1F, 18, 5D, 00, ...] .text C:\Program Files\TOSHIBA\Teco\TecoResident.exe[3128] C:\Windows\system32\USER32.dll!ShowWindow 00007ffb2e5d1190 6 bytes [48, B8, C9, 88, 18, 5D] .text C:\Program Files\TOSHIBA\Teco\TecoResident.exe[3128] C:\Windows\system32\USER32.dll!ShowWindow + 8 00007ffb2e5d1198 4 bytes [00, 00, 50, C3] .text C:\Program Files\TOSHIBA\Teco\TecoResident.exe[3128] C:\Windows\system32\USER32.dll!UnhookWindowsHookEx 00007ffb2e5d11f0 6 bytes [48, B8, 89, 7C, 18, 5D] .text C:\Program Files\TOSHIBA\Teco\TecoResident.exe[3128] C:\Windows\system32\USER32.dll!UnhookWindowsHookEx + 8 00007ffb2e5d11f8 4 bytes [00, 00, 50, C3] .text C:\Program Files\TOSHIBA\Teco\TecoResident.exe[3128] C:\Windows\system32\USER32.dll!GetMessageW 00007ffb2e5d2030 12 bytes [48, B8, 09, 6B, 18, 5D, 00, ...] .text C:\Program Files\TOSHIBA\Teco\TecoResident.exe[3128] C:\Windows\system32\USER32.dll!PeekMessageW + 1 00007ffb2e5d3071 11 bytes [B8, 89, 6E, 18, 5D, 00, 00, ...] .text C:\Program Files\TOSHIBA\Teco\TecoResident.exe[3128] C:\Windows\system32\USER32.dll!PostMessageW + 1 00007ffb2e5d34d1 11 bytes [B8, 49, D9, 18, 5D, 00, 00, ...] .text C:\Program Files\TOSHIBA\Teco\TecoResident.exe[3128] C:\Windows\system32\USER32.dll!CallNextHookEx + 1 00007ffb2e5d3be1 3 bytes [B8, C9, 7A] .text C:\Program Files\TOSHIBA\Teco\TecoResident.exe[3128] C:\Windows\system32\USER32.dll!CallNextHookEx + 5 00007ffb2e5d3be5 7 bytes [5D, 00, 00, 00, 00, 50, C3] .text C:\Program Files\TOSHIBA\Teco\TecoResident.exe[3128] C:\Windows\system32\USER32.dll!SetWindowTextW + 1 00007ffb2e5d56e1 11 bytes [B8, 49, 93, 18, 5D, 00, 00, ...] .text C:\Program Files\TOSHIBA\Teco\TecoResident.exe[3128] C:\Windows\system32\USER32.dll!GetMessageA + 1 00007ffb2e5d6401 11 bytes [B8, 49, 69, 18, 5D, 00, 00, ...] .text C:\Program Files\TOSHIBA\Teco\TecoResident.exe[3128] C:\Windows\system32\USER32.dll!PostMessageA 00007ffb2e5d6970 4 bytes [48, B8, 89, D7] .text C:\Program Files\TOSHIBA\Teco\TecoResident.exe[3128] C:\Windows\system32\USER32.dll!PostMessageA + 5 00007ffb2e5d6975 7 bytes [5D, 00, 00, 00, 00, 50, C3] .text C:\Program Files\TOSHIBA\Teco\TecoResident.exe[3128] C:\Windows\system32\USER32.dll!CreateWindowExW 00007ffb2e5d7834 7 bytes [48, B8, 49, 85, 18, 5D, 00] .text C:\Program Files\TOSHIBA\Teco\TecoResident.exe[3128] C:\Windows\system32\USER32.dll!CreateWindowExW + 10 00007ffb2e5d783e 2 bytes [50, C3] .text C:\Program Files\TOSHIBA\Teco\TecoResident.exe[3128] C:\Windows\system32\USER32.dll!SetWindowsHookExW + 1 00007ffb2e5da861 7 bytes [B8, 09, 1E, 18, 5D, 00, 00] .text C:\Program Files\TOSHIBA\Teco\TecoResident.exe[3128] C:\Windows\system32\USER32.dll!SetWindowsHookExW + 9 00007ffb2e5da869 3 bytes [00, 50, C3] .text C:\Program Files\TOSHIBA\Teco\TecoResident.exe[3128] C:\Windows\system32\USER32.dll!CreateWindowExA 00007ffb2e5dae38 7 bytes [48, B8, 09, 87, 18, 5D, 00] .text C:\Program Files\TOSHIBA\Teco\TecoResident.exe[3128] C:\Windows\system32\USER32.dll!CreateWindowExA + 10 00007ffb2e5dae42 2 bytes [50, C3] .text C:\Program Files\TOSHIBA\Teco\TecoResident.exe[3128] C:\Windows\system32\USER32.dll!FindWindowExW + 1 00007ffb2e5dceb1 11 bytes [B8, C9, AB, 18, 5D, 00, 00, ...] .text C:\Program Files\TOSHIBA\Teco\TecoResident.exe[3128] C:\Windows\system32\USER32.dll!FindWindowExA + 1 00007ffb2e5dd241 7 bytes [B8, 49, A8, 18, 5D, 00, 00] .text C:\Program Files\TOSHIBA\Teco\TecoResident.exe[3128] C:\Windows\system32\USER32.dll!FindWindowExA + 9 00007ffb2e5dd249 3 bytes [00, 50, C3] .text C:\Program Files\TOSHIBA\Teco\TecoResident.exe[3128] C:\Windows\system32\USER32.dll!FindWindowW + 1 00007ffb2e5dec31 7 bytes [B8, 09, AA, 18, 5D, 00, 00] .text C:\Program Files\TOSHIBA\Teco\TecoResident.exe[3128] C:\Windows\system32\USER32.dll!FindWindowW + 9 00007ffb2e5dec39 3 bytes [00, 50, C3] .text C:\Program Files\TOSHIBA\Teco\TecoResident.exe[3128] C:\Windows\system32\USER32.dll!SetWinEventHook 00007ffb2e5e2214 12 bytes [48, B8, 09, 3A, 18, 5D, 00, ...] .text C:\Program Files\TOSHIBA\Teco\TecoResident.exe[3128] C:\Windows\system32\USER32.dll!CreateDialogIndirectParamAorW + 1 00007ffb2e5f0dcd 11 bytes [B8, 89, 8A, 18, 5D, 00, 00, ...] .text C:\Program Files\TOSHIBA\Teco\TecoResident.exe[3128] C:\Windows\system32\USER32.dll!PeekMessageA + 1 00007ffb2e5f20e1 11 bytes [B8, C9, 6C, 18, 5D, 00, 00, ...] .text C:\Program Files\TOSHIBA\Teco\TecoResident.exe[3128] C:\Windows\system32\USER32.dll!UserClientDllInitialize + 1 00007ffb2e5f2831 11 bytes [B8, 49, E7, 18, 5D, 00, 00, ...] .text C:\Program Files\TOSHIBA\Teco\TecoResident.exe[3128] C:\Windows\system32\USER32.dll!DialogBoxIndirectParamAorW + 1 00007ffb2e600799 11 bytes [B8, 49, 8C, 18, 5D, 00, 00, ...] .text C:\Program Files\TOSHIBA\Teco\TecoResident.exe[3128] C:\Windows\system32\USER32.dll!SetWindowsHookExA + 1 00007ffb2e62d979 8 bytes [B8, 49, 1C, 18, 5D, 00, 00, ...] .text C:\Program Files\TOSHIBA\Teco\TecoResident.exe[3128] C:\Windows\system32\USER32.dll!SetWindowsHookExA + 10 00007ffb2e62d982 2 bytes [50, C3] .text C:\Program Files\TOSHIBA\Teco\TecoResident.exe[3128] C:\Windows\system32\USER32.dll!MessageBoxExA + 1 00007ffb2e6536fd 11 bytes [B8, 09, 8E, 18, 5D, 00, 00, ...] .text C:\Program Files\TOSHIBA\Teco\TecoResident.exe[3128] C:\Windows\system32\USER32.dll!MessageBoxExW + 1 00007ffb2e653721 11 bytes [B8, C9, 8F, 18, 5D, 00, 00, ...] .text C:\Program Files\TOSHIBA\Teco\TecoResident.exe[3128] C:\Windows\system32\USER32.dll!FindWindowA + 1 00007ffb2e654881 11 bytes [B8, 89, A6, 18, 5D, 00, 00, ...] .text C:\Program Files\TOSHIBA\Teco\TecoResident.exe[3128] C:\Windows\system32\USER32.dll!SetWindowTextA + 1 00007ffb2e65c725 11 bytes [B8, 89, 91, 18, 5D, 00, 00, ...] .text C:\Program Files\TOSHIBA\Teco\TecoResident.exe[3128] C:\Windows\system32\ADVAPI32.dll!CreateServiceA 00007ffb2e0ecd04 12 bytes [48, B8, C9, 65, 18, 5D, 00, ...] .text C:\Program Files\TOSHIBA\Teco\TecoResident.exe[3128] C:\Windows\system32\ADVAPI32.dll!CreateServiceW 00007ffb2e0ecd88 12 bytes [48, B8, 89, 67, 18, 5D, 00, ...] .text C:\Program Files\TOSHIBA\Teco\TecoResident.exe[3128] C:\Windows\system32\SHELL32.dll!Shell_NotifyIconW + 1 00007ffb2e883415 3 bytes [B8, 49, 7E] .text C:\Program Files\TOSHIBA\Teco\TecoResident.exe[3128] C:\Windows\system32\SHELL32.dll!Shell_NotifyIconW + 5 00007ffb2e883419 7 bytes [5D, 00, 00, 00, 00, 50, C3] .text C:\Windows\system32\DllHost.exe[3784] C:\Windows\system32\KERNEL32.DLL!CreateToolhelp32Snapshot 00007ffb2fbea8f0 12 bytes [48, B8, C9, 34, 18, 5D, 00, ...] .text C:\Windows\system32\DllHost.exe[3784] C:\Windows\system32\KERNEL32.DLL!Process32NextW 00007ffb2fbeb0f0 12 bytes [48, B8, 49, AF, 18, 5D, 00, ...] .text C:\Windows\system32\DllHost.exe[3784] C:\Windows\system32\KERNEL32.DLL!GetStartupInfoA + 1 00007ffb2fc82731 11 bytes [B8, 09, D4, 18, 5D, 00, 00, ...] .text C:\Windows\system32\DllHost.exe[3784] C:\Windows\system32\KERNEL32.DLL!MoveFileExA + 1 00007ffb2fca6f9d 8 bytes [B8, C9, C0, 18, 5D, 00, 00, ...] .text C:\Windows\system32\DllHost.exe[3784] C:\Windows\system32\KERNEL32.DLL!MoveFileExA + 10 00007ffb2fca6fa6 2 bytes [50, C3] .text C:\Windows\system32\DllHost.exe[3784] C:\Windows\system32\KERNEL32.DLL!MoveFileWithProgressA + 1 00007ffb2fca7095 11 bytes [B8, 09, C6, 18, 5D, 00, 00, ...] .text C:\Windows\system32\DllHost.exe[3784] C:\Windows\system32\KERNELBASE.dll!CloseHandle 00007ffb2dcf14f0 12 bytes [48, B8, 49, 4D, 18, 5D, 00, ...] .text C:\Windows\system32\DllHost.exe[3784] C:\Windows\system32\KERNELBASE.dll!FreeLibrary + 1 00007ffb2dcf54c9 11 bytes [B8, 09, A3, 18, 5D, 00, 00, ...] .text C:\Windows\system32\DllHost.exe[3784] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW + 1 00007ffb2dcf55b1 11 bytes [B8, 49, A1, 18, 5D, 00, 00, ...] .text C:\Windows\system32\DllHost.exe[3784] C:\Windows\system32\KERNELBASE.dll!OpenMutexW + 1 00007ffb2dcf6741 11 bytes [B8, C9, 49, 18, 5D, 00, 00, ...] .text C:\Windows\system32\DllHost.exe[3784] C:\Windows\system32\KERNELBASE.dll!CreateMutexW 00007ffb2dcf688c 12 bytes [48, B8, 89, 4B, 18, 5D, 00, ...] .text C:\Windows\system32\DllHost.exe[3784] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExA + 1 00007ffb2dcf8f99 11 bytes [B8, 89, 9F, 18, 5D, 00, 00, ...] .text C:\Windows\system32\DllHost.exe[3784] C:\Windows\system32\KERNELBASE.dll!GetProcAddress 00007ffb2dcf9e94 12 bytes [48, B8, C9, A4, 18, 5D, 00, ...] .text C:\Windows\system32\DllHost.exe[3784] C:\Windows\system32\KERNELBASE.dll!CreateProcessInternalW 00007ffb2dd068c0 12 bytes [48, B8, 89, 28, 18, 5D, 00, ...] .text C:\Windows\system32\DllHost.exe[3784] C:\Windows\system32\KERNELBASE.dll!WriteProcessMemory + 1 00007ffb2dd14ac1 11 bytes [B8, 89, 3D, 18, 5D, 00, 00, ...] .text C:\Windows\system32\DllHost.exe[3784] C:\Windows\system32\KERNELBASE.dll!MoveFileExW + 1 00007ffb2dd4cb51 8 bytes [B8, 89, C2, 18, 5D, 00, 00, ...] .text C:\Windows\system32\DllHost.exe[3784] C:\Windows\system32\KERNELBASE.dll!MoveFileExW + 10 00007ffb2dd4cb5a 2 bytes [50, C3] .text C:\Windows\system32\DllHost.exe[3784] C:\Windows\system32\KERNELBASE.dll!MoveFileWithProgressW + 1 00007ffb2dd522e1 11 bytes [B8, C9, C7, 18, 5D, 00, 00, ...] .text C:\Windows\system32\DllHost.exe[3784] C:\Windows\system32\KERNELBASE.dll!DefineDosDeviceW + 1 00007ffb2dd69b79 11 bytes [B8, 49, BD, 18, 5D, 00, 00, ...] .text C:\Windows\system32\DllHost.exe[3784] C:\Windows\system32\KERNELBASE.dll!CreateThread 00007ffb2dd69eb0 12 bytes [48, B8, C9, 3B, 18, 5D, 00, ...] .text C:\Windows\system32\DllHost.exe[3784] C:\Windows\system32\KERNELBASE.dll!ReadConsoleInputA + 1 00007ffb2ddbada5 11 bytes [B8, 49, 70, 18, 5D, 00, 00, ...] .text C:\Windows\system32\DllHost.exe[3784] C:\Windows\system32\KERNELBASE.dll!ReadConsoleInputW + 1 00007ffb2ddbae11 11 bytes [B8, 09, 72, 18, 5D, 00, 00, ...] .text C:\Windows\system32\DllHost.exe[3784] C:\Windows\system32\KERNELBASE.dll!ReadConsoleA 00007ffb2ddbb82c 12 bytes [48, B8, C9, 73, 18, 5D, 00, ...] .text C:\Windows\system32\DllHost.exe[3784] C:\Windows\system32\KERNELBASE.dll!ReadConsoleW 00007ffb2ddbba54 12 bytes [48, B8, 89, 75, 18, 5D, 00, ...] .text C:\Windows\system32\DllHost.exe[3784] C:\Windows\system32\KERNELBASE.dll!CreateRemoteThread 00007ffb2ddccddc 12 bytes [48, B8, C9, 1F, 18, 5D, 00, ...] .text C:\Windows\system32\DllHost.exe[3784] C:\Windows\SYSTEM32\sechost.dll!CredIsProtectedW + 225 00007ffb2e032501 11 bytes [B8, 49, E7, 18, 5D, 00, 00, ...] .text C:\Windows\system32\DllHost.exe[3784] C:\Windows\SYSTEM32\sechost.dll!CloseServiceHandle + 1 00007ffb2e034fcd 11 bytes [B8, 09, 5D, 18, 5D, 00, 00, ...] .text C:\Windows\system32\DllHost.exe[3784] C:\Windows\SYSTEM32\sechost.dll!OpenServiceW 00007ffb2e0354e0 12 bytes [48, B8, C9, 50, 18, 5D, 00, ...] .text C:\Windows\system32\DllHost.exe[3784] C:\Windows\SYSTEM32\sechost.dll!ControlServiceExW + 1 00007ffb2e037e31 11 bytes [B8, 49, 54, 18, 5D, 00, 00, ...] .text C:\Windows\system32\DllHost.exe[3784] C:\Windows\SYSTEM32\sechost.dll!ControlService + 1 00007ffb2e038975 11 bytes [B8, 09, 56, 18, 5D, 00, 00, ...] .text C:\Windows\system32\DllHost.exe[3784] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigW + 1 00007ffb2e03c295 11 bytes [B8, 49, 5B, 18, 5D, 00, 00, ...] .text C:\Windows\system32\DllHost.exe[3784] C:\Windows\SYSTEM32\sechost.dll!OpenServiceA 00007ffb2e058840 12 bytes [48, B8, 09, 4F, 18, 5D, 00, ...] .text C:\Windows\system32\DllHost.exe[3784] C:\Windows\SYSTEM32\sechost.dll!DeleteService + 1 00007ffb2e059905 11 bytes [B8, C9, 57, 18, 5D, 00, 00, ...] .text C:\Windows\system32\DllHost.exe[3784] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigA + 1 00007ffb2e05c721 11 bytes [B8, 89, 59, 18, 5D, 00, 00, ...] .text C:\Windows\system32\DllHost.exe[3784] C:\Windows\SYSTEM32\sechost.dll!ControlServiceExA + 1 00007ffb2e06cbf1 11 bytes [B8, 89, 52, 18, 5D, 00, 00, ...] .text C:\Windows\system32\DllHost.exe[3784] C:\Windows\SYSTEM32\user32.dll!ShowWindow 00007ffb2e5d1190 6 bytes [48, B8, C9, 88, 18, 5D] .text C:\Windows\system32\DllHost.exe[3784] C:\Windows\SYSTEM32\user32.dll!ShowWindow + 8 00007ffb2e5d1198 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\DllHost.exe[3784] C:\Windows\SYSTEM32\user32.dll!UnhookWindowsHookEx 00007ffb2e5d11f0 6 bytes [48, B8, 89, 7C, 18, 5D] .text C:\Windows\system32\DllHost.exe[3784] C:\Windows\SYSTEM32\user32.dll!UnhookWindowsHookEx + 8 00007ffb2e5d11f8 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\DllHost.exe[3784] C:\Windows\SYSTEM32\user32.dll!GetMessageW 00007ffb2e5d2030 12 bytes [48, B8, 09, 6B, 18, 5D, 00, ...] .text C:\Windows\system32\DllHost.exe[3784] C:\Windows\SYSTEM32\user32.dll!PeekMessageW + 1 00007ffb2e5d3071 11 bytes [B8, 89, 6E, 18, 5D, 00, 00, ...] .text C:\Windows\system32\DllHost.exe[3784] C:\Windows\SYSTEM32\user32.dll!PostMessageW + 1 00007ffb2e5d34d1 11 bytes [B8, 49, D9, 18, 5D, 00, 00, ...] .text C:\Windows\system32\DllHost.exe[3784] C:\Windows\SYSTEM32\user32.dll!CallNextHookEx + 1 00007ffb2e5d3be1 3 bytes [B8, C9, 7A] .text C:\Windows\system32\DllHost.exe[3784] C:\Windows\SYSTEM32\user32.dll!CallNextHookEx + 5 00007ffb2e5d3be5 7 bytes [5D, 00, 00, 00, 00, 50, C3] .text C:\Windows\system32\DllHost.exe[3784] C:\Windows\SYSTEM32\user32.dll!SetWindowTextW + 1 00007ffb2e5d56e1 11 bytes [B8, 49, 93, 18, 5D, 00, 00, ...] .text C:\Windows\system32\DllHost.exe[3784] C:\Windows\SYSTEM32\user32.dll!GetMessageA + 1 00007ffb2e5d6401 11 bytes [B8, 49, 69, 18, 5D, 00, 00, ...] .text C:\Windows\system32\DllHost.exe[3784] C:\Windows\SYSTEM32\user32.dll!PostMessageA 00007ffb2e5d6970 4 bytes [48, B8, 89, D7] .text C:\Windows\system32\DllHost.exe[3784] C:\Windows\SYSTEM32\user32.dll!PostMessageA + 5 00007ffb2e5d6975 7 bytes [5D, 00, 00, 00, 00, 50, C3] .text C:\Windows\system32\DllHost.exe[3784] C:\Windows\SYSTEM32\user32.dll!CreateWindowExW 00007ffb2e5d7834 7 bytes [48, B8, 49, 85, 18, 5D, 00] .text C:\Windows\system32\DllHost.exe[3784] C:\Windows\SYSTEM32\user32.dll!CreateWindowExW + 10 00007ffb2e5d783e 2 bytes [50, C3] .text C:\Windows\system32\DllHost.exe[3784] C:\Windows\SYSTEM32\user32.dll!SetWindowsHookExW + 1 00007ffb2e5da861 7 bytes [B8, 09, 1E, 18, 5D, 00, 00] .text C:\Windows\system32\DllHost.exe[3784] C:\Windows\SYSTEM32\user32.dll!SetWindowsHookExW + 9 00007ffb2e5da869 3 bytes [00, 50, C3] .text C:\Windows\system32\DllHost.exe[3784] C:\Windows\SYSTEM32\user32.dll!CreateWindowExA 00007ffb2e5dae38 7 bytes [48, B8, 09, 87, 18, 5D, 00] .text C:\Windows\system32\DllHost.exe[3784] C:\Windows\SYSTEM32\user32.dll!CreateWindowExA + 10 00007ffb2e5dae42 2 bytes [50, C3] .text C:\Windows\system32\DllHost.exe[3784] C:\Windows\SYSTEM32\user32.dll!FindWindowExW + 1 00007ffb2e5dceb1 11 bytes [B8, C9, AB, 18, 5D, 00, 00, ...] .text C:\Windows\system32\DllHost.exe[3784] C:\Windows\SYSTEM32\user32.dll!FindWindowExA + 1 00007ffb2e5dd241 7 bytes [B8, 49, A8, 18, 5D, 00, 00] .text C:\Windows\system32\DllHost.exe[3784] C:\Windows\SYSTEM32\user32.dll!FindWindowExA + 9 00007ffb2e5dd249 3 bytes [00, 50, C3] .text C:\Windows\system32\DllHost.exe[3784] C:\Windows\SYSTEM32\user32.dll!FindWindowW + 1 00007ffb2e5dec31 7 bytes [B8, 09, AA, 18, 5D, 00, 00] .text C:\Windows\system32\DllHost.exe[3784] C:\Windows\SYSTEM32\user32.dll!FindWindowW + 9 00007ffb2e5dec39 3 bytes [00, 50, C3] .text C:\Windows\system32\DllHost.exe[3784] C:\Windows\SYSTEM32\user32.dll!SetWinEventHook 00007ffb2e5e2214 12 bytes [48, B8, 09, 3A, 18, 5D, 00, ...] .text C:\Windows\system32\DllHost.exe[3784] C:\Windows\SYSTEM32\user32.dll!CreateDialogIndirectParamAorW + 1 00007ffb2e5f0dcd 11 bytes [B8, 89, 8A, 18, 5D, 00, 00, ...] .text C:\Windows\system32\DllHost.exe[3784] C:\Windows\SYSTEM32\user32.dll!PeekMessageA + 1 00007ffb2e5f20e1 11 bytes [B8, C9, 6C, 18, 5D, 00, 00, ...] .text C:\Windows\system32\DllHost.exe[3784] C:\Windows\SYSTEM32\user32.dll!UserClientDllInitialize + 1 00007ffb2e5f2831 11 bytes [B8, 09, E9, 18, 5D, 00, 00, ...] .text C:\Windows\system32\DllHost.exe[3784] C:\Windows\SYSTEM32\user32.dll!DialogBoxIndirectParamAorW + 1 00007ffb2e600799 11 bytes [B8, 49, 8C, 18, 5D, 00, 00, ...] .text C:\Windows\system32\DllHost.exe[3784] C:\Windows\SYSTEM32\user32.dll!SetWindowsHookExA + 1 00007ffb2e62d979 8 bytes [B8, 49, 1C, 18, 5D, 00, 00, ...] .text C:\Windows\system32\DllHost.exe[3784] C:\Windows\SYSTEM32\user32.dll!SetWindowsHookExA + 10 00007ffb2e62d982 2 bytes [50, C3] .text C:\Windows\system32\DllHost.exe[3784] C:\Windows\SYSTEM32\user32.dll!MessageBoxExA + 1 00007ffb2e6536fd 11 bytes [B8, 09, 8E, 18, 5D, 00, 00, ...] .text C:\Windows\system32\DllHost.exe[3784] C:\Windows\SYSTEM32\user32.dll!MessageBoxExW + 1 00007ffb2e653721 11 bytes [B8, C9, 8F, 18, 5D, 00, 00, ...] .text C:\Windows\system32\DllHost.exe[3784] C:\Windows\SYSTEM32\user32.dll!FindWindowA + 1 00007ffb2e654881 11 bytes [B8, 89, A6, 18, 5D, 00, 00, ...] .text C:\Windows\system32\DllHost.exe[3784] C:\Windows\SYSTEM32\user32.dll!SetWindowTextA + 1 00007ffb2e65c725 11 bytes [B8, 89, 91, 18, 5D, 00, 00, ...] .text C:\Windows\system32\DllHost.exe[3784] C:\Windows\system32\ADVAPI32.dll!CreateServiceA 00007ffb2e0ecd04 12 bytes [48, B8, C9, 65, 18, 5D, 00, ...] .text C:\Windows\system32\DllHost.exe[3784] C:\Windows\system32\ADVAPI32.dll!CreateServiceW 00007ffb2e0ecd88 12 bytes [48, B8, 89, 67, 18, 5D, 00, ...] .text C:\Windows\system32\DllHost.exe[3784] C:\Windows\system32\SHELL32.dll!Shell_NotifyIconW + 1 00007ffb2e883415 3 bytes [B8, 49, 7E] .text C:\Windows\system32\DllHost.exe[3784] C:\Windows\system32\SHELL32.dll!Shell_NotifyIconW + 5 00007ffb2e883419 7 bytes [5D, 00, 00, 00, 00, 50, C3] .text C:\Windows\system32\DllHost.exe[3784] C:\Windows\System32\msi.dll!MsiQueryProductStateW + 1 00007ffb1c269dd1 11 bytes [B8, 09, 48, 18, 5D, 00, 00, ...] .text C:\Windows\system32\DllHost.exe[3784] C:\Windows\System32\msi.dll!MsiInstallProductA + 1 00007ffb1c31c471 3 bytes [B8, C9, 42] .text C:\Windows\system32\DllHost.exe[3784] C:\Windows\System32\msi.dll!MsiInstallProductA + 5 00007ffb1c31c475 7 bytes [5D, 00, 00, 00, 00, 50, C3] .text C:\Windows\system32\DllHost.exe[3784] C:\Windows\System32\msi.dll!MsiInstallProductW + 1 00007ffb1c31c711 11 bytes [B8, 89, 44, 18, 5D, 00, 00, ...] .text C:\Windows\system32\DllHost.exe[3784] C:\Windows\System32\msi.dll!MsiQueryProductStateA + 1 00007ffb1c3210f1 11 bytes [B8, 49, 46, 18, 5D, 00, 00, ...] .text C:\Windows\system32\DllHost.exe[3784] C:\Windows\System32\msi.dll!MsiOpenDatabaseA + 1 00007ffb1c33e5f1 11 bytes [B8, 49, 3F, 18, 5D, 00, 00, ...] .text C:\Windows\system32\DllHost.exe[3784] C:\Windows\System32\msi.dll!MsiOpenDatabaseW + 1 00007ffb1c33e731 11 bytes [B8, 09, 41, 18, 5D, 00, 00, ...] .text C:\Windows\system32\DllHost.exe[3784] C:\Windows\System32\urlmon.dll!URLDownloadToCacheFileW 00007ffb24a05570 12 bytes [48, B8, 89, 60, 18, 5D, 00, ...] .text C:\Windows\system32\DllHost.exe[3784] C:\Windows\System32\urlmon.dll!URLDownloadToFileW + 1 00007ffb24a33681 11 bytes [B8, C9, 5E, 18, 5D, 00, 00, ...] .text C:\Windows\system32\DllHost.exe[3784] C:\Windows\system32\WS2_32.dll!closesocket 00007ffb2e761ac0 12 bytes [48, B8, 89, 98, 18, 5D, 00, ...] .text C:\Windows\system32\DllHost.exe[3784] C:\Windows\system32\WS2_32.dll!WSASocketW 00007ffb2e762190 12 bytes [48, B8, C9, 96, 18, 5D, 00, ...] .text C:\Windows\system32\DllHost.exe[3784] C:\Windows\system32\WS2_32.dll!socket + 1 00007ffb2e7624a1 11 bytes [B8, 89, C9, 18, 5D, 00, 00, ...] .text C:\Windows\system32\DllHost.exe[3784] C:\Windows\system32\WS2_32.dll!GetAddrInfoW 00007ffb2e762bb0 12 bytes [48, B8, 09, 80, 18, 5D, 00, ...] .text C:\Windows\system32\DllHost.exe[3784] C:\Windows\system32\WS2_32.dll!GetAddrInfoExW 00007ffb2e768a90 12 bytes [48, B8, C9, 81, 18, 5D, 00, ...] .text C:\Windows\system32\DllHost.exe[3784] C:\Windows\system32\WS2_32.dll!WSASend + 1 00007ffb2e76f381 11 bytes [B8, 49, 9A, 18, 5D, 00, 00, ...] .text C:\Windows\system32\DllHost.exe[3784] C:\Windows\system32\WS2_32.dll!recv + 1 00007ffb2e76f561 11 bytes [B8, C9, CE, 18, 5D, 00, 00, ...] .text C:\Windows\system32\DllHost.exe[3784] C:\Windows\system32\WS2_32.dll!WSARecv + 1 00007ffb2e76ffd1 11 bytes [B8, 89, D0, 18, 5D, 00, 00, ...] .text C:\Windows\system32\DllHost.exe[3784] C:\Windows\system32\WS2_32.dll!connect 00007ffb2e7707f0 12 bytes [48, B8, 49, 62, 18, 5D, 00, ...] .text C:\Windows\system32\DllHost.exe[3784] C:\Windows\system32\WS2_32.dll!send + 1 00007ffb2e770f61 11 bytes [B8, 09, 95, 18, 5D, 00, 00, ...] .text C:\Windows\system32\DllHost.exe[3784] C:\Windows\system32\WS2_32.dll!WSAConnect + 1 00007ffb2e7769b1 11 bytes [B8, 09, CD, 18, 5D, 00, 00, ...] .text C:\Windows\system32\DllHost.exe[3784] C:\Windows\system32\WS2_32.dll!gethostbyname + 1 00007ffb2e784749 11 bytes [B8, 89, 83, 18, 5D, 00, 00, ...] .text C:\Windows\system32\DllHost.exe[3784] C:\Windows\system32\DNSAPI.dll!DnsQueryEx 00007ffb2d0533a0 4 bytes [48, B8, 89, BB] .text C:\Windows\system32\DllHost.exe[3784] C:\Windows\system32\DNSAPI.dll!DnsQueryEx + 5 00007ffb2d0533a5 7 bytes [5D, 00, 00, 00, 00, 50, C3] .text C:\Windows\system32\DllHost.exe[3784] C:\Windows\system32\DNSAPI.dll!DnsQuery_UTF8 00007ffb2d072ff0 12 bytes [48, B8, C9, B9, 18, 5D, 00, ...] .text C:\Windows\system32\DllHost.exe[3784] C:\Windows\system32\DNSAPI.dll!DnsQuery_W 00007ffb2d081b74 12 bytes [48, B8, 09, B8, 18, 5D, 00, ...] .text C:\Windows\system32\DllHost.exe[3784] C:\Windows\system32\DNSAPI.dll!DnsQuery_A 00007ffb2d0afcec 12 bytes [48, B8, 49, B6, 18, 5D, 00, ...] .text C:\Program Files\Bitdefender\Bitdefender 2015\bdwtxag.exe[4104] C:\Windows\system32\KERNEL32.DLL!UnhandledExceptionFilter + 1 00007ffb2fcad48d 5 bytes [B8, 30, 08, A9, 02] .text C:\Program Files\Bitdefender\Bitdefender 2015\bdwtxag.exe[4104] C:\Windows\system32\KERNEL32.DLL!UnhandledExceptionFilter + 7 00007ffb2fcad493 5 bytes [00, 00, 00, 50, C3] .text C:\Program Files\Bitdefender\Bitdefender 2015\bdwtxag.exe[4104] C:\Windows\system32\PSAPI.DLL!GetModuleBaseNameA + 506 00007ffb3062169a 4 bytes [62, 30, FB, 7F] .text C:\Program Files\Bitdefender\Bitdefender 2015\bdwtxag.exe[4104] C:\Windows\system32\PSAPI.DLL!GetModuleBaseNameA + 514 00007ffb306216a2 4 bytes [62, 30, FB, 7F] .text C:\Program Files\Bitdefender\Bitdefender 2015\bdwtxag.exe[4104] C:\Windows\system32\PSAPI.DLL!QueryWorkingSet + 118 00007ffb3062181a 4 bytes [62, 30, FB, 7F] .text C:\Program Files\Bitdefender\Bitdefender 2015\bdwtxag.exe[4104] C:\Windows\system32\PSAPI.DLL!QueryWorkingSet + 142 00007ffb30621832 4 bytes [62, 30, FB, 7F] .text C:\Program Files\TOSHIBA\TOSHIBA Smart View Utility\TDUSrv64.exe[4348] C:\Windows\system32\KERNEL32.DLL!CreateToolhelp32Snapshot 00007ffb2fbea8f0 12 bytes [48, B8, C9, 34, 18, 5D, 00, ...] .text C:\Program Files\TOSHIBA\TOSHIBA Smart View Utility\TDUSrv64.exe[4348] C:\Windows\system32\KERNEL32.DLL!Process32NextW 00007ffb2fbeb0f0 12 bytes [48, B8, 49, AF, 18, 5D, 00, ...] .text C:\Program Files\TOSHIBA\TOSHIBA Smart View Utility\TDUSrv64.exe[4348] C:\Windows\system32\KERNEL32.DLL!GetStartupInfoA + 1 00007ffb2fc82731 11 bytes [B8, 09, D4, 18, 5D, 00, 00, ...] .text C:\Program Files\TOSHIBA\TOSHIBA Smart View Utility\TDUSrv64.exe[4348] C:\Windows\system32\KERNEL32.DLL!MoveFileExA + 1 00007ffb2fca6f9d 8 bytes [B8, C9, C0, 18, 5D, 00, 00, ...] .text C:\Program Files\TOSHIBA\TOSHIBA Smart View Utility\TDUSrv64.exe[4348] C:\Windows\system32\KERNEL32.DLL!MoveFileExA + 10 00007ffb2fca6fa6 2 bytes [50, C3] .text C:\Program Files\TOSHIBA\TOSHIBA Smart View Utility\TDUSrv64.exe[4348] C:\Windows\system32\KERNEL32.DLL!MoveFileWithProgressA + 1 00007ffb2fca7095 11 bytes [B8, 09, C6, 18, 5D, 00, 00, ...] .text C:\Program Files\TOSHIBA\TOSHIBA Smart View Utility\TDUSrv64.exe[4348] C:\Windows\system32\KERNELBASE.dll!CloseHandle 00007ffb2dcf14f0 12 bytes [48, B8, 49, 4D, 18, 5D, 00, ...] .text C:\Program Files\TOSHIBA\TOSHIBA Smart View Utility\TDUSrv64.exe[4348] C:\Windows\system32\KERNELBASE.dll!FreeLibrary + 1 00007ffb2dcf54c9 11 bytes [B8, 09, A3, 18, 5D, 00, 00, ...] .text C:\Program Files\TOSHIBA\TOSHIBA Smart View Utility\TDUSrv64.exe[4348] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW + 1 00007ffb2dcf55b1 11 bytes [B8, 49, A1, 18, 5D, 00, 00, ...] .text C:\Program Files\TOSHIBA\TOSHIBA Smart View Utility\TDUSrv64.exe[4348] C:\Windows\system32\KERNELBASE.dll!OpenMutexW + 1 00007ffb2dcf6741 11 bytes [B8, C9, 49, 18, 5D, 00, 00, ...] .text C:\Program Files\TOSHIBA\TOSHIBA Smart View Utility\TDUSrv64.exe[4348] C:\Windows\system32\KERNELBASE.dll!CreateMutexW 00007ffb2dcf688c 12 bytes [48, B8, 89, 4B, 18, 5D, 00, ...] .text C:\Program Files\TOSHIBA\TOSHIBA Smart View Utility\TDUSrv64.exe[4348] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExA + 1 00007ffb2dcf8f99 11 bytes [B8, 89, 9F, 18, 5D, 00, 00, ...] .text C:\Program Files\TOSHIBA\TOSHIBA Smart View Utility\TDUSrv64.exe[4348] C:\Windows\system32\KERNELBASE.dll!GetProcAddress 00007ffb2dcf9e94 12 bytes [48, B8, C9, A4, 18, 5D, 00, ...] .text C:\Program Files\TOSHIBA\TOSHIBA Smart View Utility\TDUSrv64.exe[4348] C:\Windows\system32\KERNELBASE.dll!CreateProcessInternalW 00007ffb2dd068c0 12 bytes [48, B8, 89, 28, 18, 5D, 00, ...] .text C:\Program Files\TOSHIBA\TOSHIBA Smart View Utility\TDUSrv64.exe[4348] C:\Windows\system32\KERNELBASE.dll!WriteProcessMemory + 1 00007ffb2dd14ac1 11 bytes [B8, 89, 3D, 18, 5D, 00, 00, ...] .text C:\Program Files\TOSHIBA\TOSHIBA Smart View Utility\TDUSrv64.exe[4348] C:\Windows\system32\KERNELBASE.dll!MoveFileExW + 1 00007ffb2dd4cb51 8 bytes [B8, 89, C2, 18, 5D, 00, 00, ...] .text C:\Program Files\TOSHIBA\TOSHIBA Smart View Utility\TDUSrv64.exe[4348] C:\Windows\system32\KERNELBASE.dll!MoveFileExW + 10 00007ffb2dd4cb5a 2 bytes [50, C3] .text C:\Program Files\TOSHIBA\TOSHIBA Smart View Utility\TDUSrv64.exe[4348] C:\Windows\system32\KERNELBASE.dll!MoveFileWithProgressW + 1 00007ffb2dd522e1 11 bytes [B8, C9, C7, 18, 5D, 00, 00, ...] .text C:\Program Files\TOSHIBA\TOSHIBA Smart View Utility\TDUSrv64.exe[4348] C:\Windows\system32\KERNELBASE.dll!DefineDosDeviceW + 1 00007ffb2dd69b79 11 bytes [B8, 49, BD, 18, 5D, 00, 00, ...] .text C:\Program Files\TOSHIBA\TOSHIBA Smart View Utility\TDUSrv64.exe[4348] C:\Windows\system32\KERNELBASE.dll!CreateThread 00007ffb2dd69eb0 12 bytes [48, B8, C9, 3B, 18, 5D, 00, ...] .text C:\Program Files\TOSHIBA\TOSHIBA Smart View Utility\TDUSrv64.exe[4348] C:\Windows\system32\KERNELBASE.dll!ReadConsoleInputA + 1 00007ffb2ddbada5 11 bytes [B8, 49, 70, 18, 5D, 00, 00, ...] .text C:\Program Files\TOSHIBA\TOSHIBA Smart View Utility\TDUSrv64.exe[4348] C:\Windows\system32\KERNELBASE.dll!ReadConsoleInputW + 1 00007ffb2ddbae11 11 bytes [B8, 09, 72, 18, 5D, 00, 00, ...] .text C:\Program Files\TOSHIBA\TOSHIBA Smart View Utility\TDUSrv64.exe[4348] C:\Windows\system32\KERNELBASE.dll!ReadConsoleA 00007ffb2ddbb82c 12 bytes [48, B8, C9, 73, 18, 5D, 00, ...] .text C:\Program Files\TOSHIBA\TOSHIBA Smart View Utility\TDUSrv64.exe[4348] C:\Windows\system32\KERNELBASE.dll!ReadConsoleW 00007ffb2ddbba54 12 bytes [48, B8, 89, 75, 18, 5D, 00, ...] .text C:\Program Files\TOSHIBA\TOSHIBA Smart View Utility\TDUSrv64.exe[4348] C:\Windows\system32\KERNELBASE.dll!CreateRemoteThread 00007ffb2ddccddc 12 bytes [48, B8, C9, 1F, 18, 5D, 00, ...] .text C:\Program Files\TOSHIBA\TOSHIBA Smart View Utility\TDUSrv64.exe[4348] C:\Windows\system32\USER32.dll!ShowWindow 00007ffb2e5d1190 6 bytes [48, B8, C9, 88, 18, 5D] .text C:\Program Files\TOSHIBA\TOSHIBA Smart View Utility\TDUSrv64.exe[4348] C:\Windows\system32\USER32.dll!ShowWindow + 8 00007ffb2e5d1198 4 bytes [00, 00, 50, C3] .text C:\Program Files\TOSHIBA\TOSHIBA Smart View Utility\TDUSrv64.exe[4348] C:\Windows\system32\USER32.dll!UnhookWindowsHookEx 00007ffb2e5d11f0 6 bytes [48, B8, 89, 7C, 18, 5D] .text C:\Program Files\TOSHIBA\TOSHIBA Smart View Utility\TDUSrv64.exe[4348] C:\Windows\system32\USER32.dll!UnhookWindowsHookEx + 8 00007ffb2e5d11f8 4 bytes [00, 00, 50, C3] .text C:\Program Files\TOSHIBA\TOSHIBA Smart View Utility\TDUSrv64.exe[4348] C:\Windows\system32\USER32.dll!GetMessageW 00007ffb2e5d2030 12 bytes [48, B8, 09, 6B, 18, 5D, 00, ...] .text C:\Program Files\TOSHIBA\TOSHIBA Smart View Utility\TDUSrv64.exe[4348] C:\Windows\system32\USER32.dll!PeekMessageW + 1 00007ffb2e5d3071 11 bytes [B8, 89, 6E, 18, 5D, 00, 00, ...] .text C:\Program Files\TOSHIBA\TOSHIBA Smart View Utility\TDUSrv64.exe[4348] C:\Windows\system32\USER32.dll!PostMessageW + 1 00007ffb2e5d34d1 11 bytes [B8, 49, D9, 18, 5D, 00, 00, ...] .text C:\Program Files\TOSHIBA\TOSHIBA Smart View Utility\TDUSrv64.exe[4348] C:\Windows\system32\USER32.dll!CallNextHookEx + 1 00007ffb2e5d3be1 3 bytes [B8, C9, 7A] .text C:\Program Files\TOSHIBA\TOSHIBA Smart View Utility\TDUSrv64.exe[4348] C:\Windows\system32\USER32.dll!CallNextHookEx + 5 00007ffb2e5d3be5 7 bytes [5D, 00, 00, 00, 00, 50, C3] .text C:\Program Files\TOSHIBA\TOSHIBA Smart View Utility\TDUSrv64.exe[4348] C:\Windows\system32\USER32.dll!SetWindowTextW + 1 00007ffb2e5d56e1 11 bytes [B8, 49, 93, 18, 5D, 00, 00, ...] .text C:\Program Files\TOSHIBA\TOSHIBA Smart View Utility\TDUSrv64.exe[4348] C:\Windows\system32\USER32.dll!GetMessageA + 1 00007ffb2e5d6401 11 bytes [B8, 49, 69, 18, 5D, 00, 00, ...] .text C:\Program Files\TOSHIBA\TOSHIBA Smart View Utility\TDUSrv64.exe[4348] C:\Windows\system32\USER32.dll!PostMessageA 00007ffb2e5d6970 4 bytes [48, B8, 89, D7] .text C:\Program Files\TOSHIBA\TOSHIBA Smart View Utility\TDUSrv64.exe[4348] C:\Windows\system32\USER32.dll!PostMessageA + 5 00007ffb2e5d6975 7 bytes [5D, 00, 00, 00, 00, 50, C3] .text C:\Program Files\TOSHIBA\TOSHIBA Smart View Utility\TDUSrv64.exe[4348] C:\Windows\system32\USER32.dll!CreateWindowExW 00007ffb2e5d7834 7 bytes [48, B8, 49, 85, 18, 5D, 00] .text C:\Program Files\TOSHIBA\TOSHIBA Smart View Utility\TDUSrv64.exe[4348] C:\Windows\system32\USER32.dll!CreateWindowExW + 10 00007ffb2e5d783e 2 bytes [50, C3] .text C:\Program Files\TOSHIBA\TOSHIBA Smart View Utility\TDUSrv64.exe[4348] C:\Windows\system32\USER32.dll!SetWindowsHookExW + 1 00007ffb2e5da861 7 bytes [B8, 09, 1E, 18, 5D, 00, 00] .text C:\Program Files\TOSHIBA\TOSHIBA Smart View Utility\TDUSrv64.exe[4348] C:\Windows\system32\USER32.dll!SetWindowsHookExW + 9 00007ffb2e5da869 3 bytes [00, 50, C3] .text C:\Program Files\TOSHIBA\TOSHIBA Smart View Utility\TDUSrv64.exe[4348] C:\Windows\system32\USER32.dll!CreateWindowExA 00007ffb2e5dae38 7 bytes [48, B8, 09, 87, 18, 5D, 00] .text C:\Program Files\TOSHIBA\TOSHIBA Smart View Utility\TDUSrv64.exe[4348] C:\Windows\system32\USER32.dll!CreateWindowExA + 10 00007ffb2e5dae42 2 bytes [50, C3] .text C:\Program Files\TOSHIBA\TOSHIBA Smart View Utility\TDUSrv64.exe[4348] C:\Windows\system32\USER32.dll!FindWindowExW + 1 00007ffb2e5dceb1 11 bytes [B8, C9, AB, 18, 5D, 00, 00, ...] .text C:\Program Files\TOSHIBA\TOSHIBA Smart View Utility\TDUSrv64.exe[4348] C:\Windows\system32\USER32.dll!FindWindowExA + 1 00007ffb2e5dd241 7 bytes [B8, 49, A8, 18, 5D, 00, 00] .text C:\Program Files\TOSHIBA\TOSHIBA Smart View Utility\TDUSrv64.exe[4348] C:\Windows\system32\USER32.dll!FindWindowExA + 9 00007ffb2e5dd249 3 bytes [00, 50, C3] .text C:\Program Files\TOSHIBA\TOSHIBA Smart View Utility\TDUSrv64.exe[4348] C:\Windows\system32\USER32.dll!FindWindowW + 1 00007ffb2e5dec31 7 bytes [B8, 09, AA, 18, 5D, 00, 00] .text C:\Program Files\TOSHIBA\TOSHIBA Smart View Utility\TDUSrv64.exe[4348] C:\Windows\system32\USER32.dll!FindWindowW + 9 00007ffb2e5dec39 3 bytes [00, 50, C3] .text C:\Program Files\TOSHIBA\TOSHIBA Smart View Utility\TDUSrv64.exe[4348] C:\Windows\system32\USER32.dll!SetWinEventHook 00007ffb2e5e2214 12 bytes [48, B8, 09, 3A, 18, 5D, 00, ...] .text C:\Program Files\TOSHIBA\TOSHIBA Smart View Utility\TDUSrv64.exe[4348] C:\Windows\system32\USER32.dll!CreateDialogIndirectParamAorW + 1 00007ffb2e5f0dcd 11 bytes [B8, 89, 8A, 18, 5D, 00, 00, ...] .text C:\Program Files\TOSHIBA\TOSHIBA Smart View Utility\TDUSrv64.exe[4348] C:\Windows\system32\USER32.dll!PeekMessageA + 1 00007ffb2e5f20e1 11 bytes [B8, C9, 6C, 18, 5D, 00, 00, ...] .text C:\Program Files\TOSHIBA\TOSHIBA Smart View Utility\TDUSrv64.exe[4348] C:\Windows\system32\USER32.dll!UserClientDllInitialize + 1 00007ffb2e5f2831 11 bytes [B8, 49, E7, 18, 5D, 00, 00, ...] .text C:\Program Files\TOSHIBA\TOSHIBA Smart View Utility\TDUSrv64.exe[4348] C:\Windows\system32\USER32.dll!DialogBoxIndirectParamAorW + 1 00007ffb2e600799 11 bytes [B8, 49, 8C, 18, 5D, 00, 00, ...] .text C:\Program Files\TOSHIBA\TOSHIBA Smart View Utility\TDUSrv64.exe[4348] C:\Windows\system32\USER32.dll!SetWindowsHookExA + 1 00007ffb2e62d979 8 bytes [B8, 49, 1C, 18, 5D, 00, 00, ...] .text C:\Program Files\TOSHIBA\TOSHIBA Smart View Utility\TDUSrv64.exe[4348] C:\Windows\system32\USER32.dll!SetWindowsHookExA + 10 00007ffb2e62d982 2 bytes [50, C3] .text C:\Program Files\TOSHIBA\TOSHIBA Smart View Utility\TDUSrv64.exe[4348] C:\Windows\system32\USER32.dll!MessageBoxExA + 1 00007ffb2e6536fd 11 bytes [B8, 09, 8E, 18, 5D, 00, 00, ...] .text C:\Program Files\TOSHIBA\TOSHIBA Smart View Utility\TDUSrv64.exe[4348] C:\Windows\system32\USER32.dll!MessageBoxExW + 1 00007ffb2e653721 11 bytes [B8, C9, 8F, 18, 5D, 00, 00, ...] .text C:\Program Files\TOSHIBA\TOSHIBA Smart View Utility\TDUSrv64.exe[4348] C:\Windows\system32\USER32.dll!FindWindowA + 1 00007ffb2e654881 11 bytes [B8, 89, A6, 18, 5D, 00, 00, ...] .text C:\Program Files\TOSHIBA\TOSHIBA Smart View Utility\TDUSrv64.exe[4348] C:\Windows\system32\USER32.dll!SetWindowTextA + 1 00007ffb2e65c725 11 bytes [B8, 89, 91, 18, 5D, 00, 00, ...] .text C:\Program Files\TOSHIBA\TOSHIBA Smart View Utility\TDUSrv64.exe[4348] C:\Windows\SYSTEM32\sechost.dll!CredIsProtectedW + 225 00007ffb2e032501 11 bytes [B8, 09, E9, 18, 5D, 00, 00, ...] .text C:\Program Files\TOSHIBA\TOSHIBA Smart View Utility\TDUSrv64.exe[4348] C:\Windows\SYSTEM32\sechost.dll!CloseServiceHandle + 1 00007ffb2e034fcd 11 bytes [B8, 09, 5D, 18, 5D, 00, 00, ...] .text C:\Program Files\TOSHIBA\TOSHIBA Smart View Utility\TDUSrv64.exe[4348] C:\Windows\SYSTEM32\sechost.dll!OpenServiceW 00007ffb2e0354e0 12 bytes [48, B8, C9, 50, 18, 5D, 00, ...] .text C:\Program Files\TOSHIBA\TOSHIBA Smart View Utility\TDUSrv64.exe[4348] C:\Windows\SYSTEM32\sechost.dll!ControlServiceExW + 1 00007ffb2e037e31 11 bytes [B8, 49, 54, 18, 5D, 00, 00, ...] .text C:\Program Files\TOSHIBA\TOSHIBA Smart View Utility\TDUSrv64.exe[4348] C:\Windows\SYSTEM32\sechost.dll!ControlService + 1 00007ffb2e038975 11 bytes [B8, 09, 56, 18, 5D, 00, 00, ...] .text C:\Program Files\TOSHIBA\TOSHIBA Smart View Utility\TDUSrv64.exe[4348] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigW + 1 00007ffb2e03c295 11 bytes [B8, 49, 5B, 18, 5D, 00, 00, ...] .text C:\Program Files\TOSHIBA\TOSHIBA Smart View Utility\TDUSrv64.exe[4348] C:\Windows\SYSTEM32\sechost.dll!OpenServiceA 00007ffb2e058840 12 bytes [48, B8, 09, 4F, 18, 5D, 00, ...] .text C:\Program Files\TOSHIBA\TOSHIBA Smart View Utility\TDUSrv64.exe[4348] C:\Windows\SYSTEM32\sechost.dll!DeleteService + 1 00007ffb2e059905 11 bytes [B8, C9, 57, 18, 5D, 00, 00, ...] .text C:\Program Files\TOSHIBA\TOSHIBA Smart View Utility\TDUSrv64.exe[4348] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigA + 1 00007ffb2e05c721 11 bytes [B8, 89, 59, 18, 5D, 00, 00, ...] .text C:\Program Files\TOSHIBA\TOSHIBA Smart View Utility\TDUSrv64.exe[4348] C:\Windows\SYSTEM32\sechost.dll!ControlServiceExA + 1 00007ffb2e06cbf1 11 bytes [B8, 89, 52, 18, 5D, 00, 00, ...] .text C:\Windows\system32\cmd.exe[5872] C:\Windows\system32\KERNEL32.DLL!CreateToolhelp32Snapshot 00007ffb2fbea8f0 12 bytes [48, B8, C9, 34, 18, 5D, 00, ...] .text C:\Windows\system32\cmd.exe[5872] C:\Windows\system32\KERNEL32.DLL!Process32NextW 00007ffb2fbeb0f0 12 bytes [48, B8, 49, AF, 18, 5D, 00, ...] .text C:\Windows\system32\cmd.exe[5872] C:\Windows\system32\KERNEL32.DLL!GetStartupInfoA + 1 00007ffb2fc82731 11 bytes [B8, 09, D4, 18, 5D, 00, 00, ...] .text C:\Windows\system32\cmd.exe[5872] C:\Windows\system32\KERNEL32.DLL!MoveFileExA + 1 00007ffb2fca6f9d 8 bytes [B8, C9, C0, 18, 5D, 00, 00, ...] .text C:\Windows\system32\cmd.exe[5872] C:\Windows\system32\KERNEL32.DLL!MoveFileExA + 10 00007ffb2fca6fa6 2 bytes [50, C3] .text C:\Windows\system32\cmd.exe[5872] C:\Windows\system32\KERNEL32.DLL!MoveFileWithProgressA + 1 00007ffb2fca7095 11 bytes [B8, 09, C6, 18, 5D, 00, 00, ...] .text C:\Windows\system32\cmd.exe[5872] C:\Windows\system32\KERNELBASE.dll!CloseHandle 00007ffb2dcf14f0 12 bytes [48, B8, 49, 4D, 18, 5D, 00, ...] .text C:\Windows\system32\cmd.exe[5872] C:\Windows\system32\KERNELBASE.dll!FreeLibrary + 1 00007ffb2dcf54c9 11 bytes [B8, 09, A3, 18, 5D, 00, 00, ...] .text C:\Windows\system32\cmd.exe[5872] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW + 1 00007ffb2dcf55b1 11 bytes [B8, 49, A1, 18, 5D, 00, 00, ...] .text C:\Windows\system32\cmd.exe[5872] C:\Windows\system32\KERNELBASE.dll!OpenMutexW + 1 00007ffb2dcf6741 11 bytes [B8, C9, 49, 18, 5D, 00, 00, ...] .text C:\Windows\system32\cmd.exe[5872] C:\Windows\system32\KERNELBASE.dll!CreateMutexW 00007ffb2dcf688c 12 bytes [48, B8, 89, 4B, 18, 5D, 00, ...] .text C:\Windows\system32\cmd.exe[5872] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExA + 1 00007ffb2dcf8f99 11 bytes [B8, 89, 9F, 18, 5D, 00, 00, ...] .text C:\Windows\system32\cmd.exe[5872] C:\Windows\system32\KERNELBASE.dll!GetProcAddress 00007ffb2dcf9e94 12 bytes [48, B8, C9, A4, 18, 5D, 00, ...] .text C:\Windows\system32\cmd.exe[5872] C:\Windows\system32\KERNELBASE.dll!CreateProcessInternalW 00007ffb2dd068c0 12 bytes [48, B8, 89, 28, 18, 5D, 00, ...] .text C:\Windows\system32\cmd.exe[5872] C:\Windows\system32\KERNELBASE.dll!WriteProcessMemory + 1 00007ffb2dd14ac1 11 bytes [B8, 89, 3D, 18, 5D, 00, 00, ...] .text C:\Windows\system32\cmd.exe[5872] C:\Windows\system32\KERNELBASE.dll!MoveFileExW + 1 00007ffb2dd4cb51 8 bytes [B8, 89, C2, 18, 5D, 00, 00, ...] .text C:\Windows\system32\cmd.exe[5872] C:\Windows\system32\KERNELBASE.dll!MoveFileExW + 10 00007ffb2dd4cb5a 2 bytes [50, C3] .text C:\Windows\system32\cmd.exe[5872] C:\Windows\system32\KERNELBASE.dll!MoveFileWithProgressW + 1 00007ffb2dd522e1 11 bytes [B8, C9, C7, 18, 5D, 00, 00, ...] .text C:\Windows\system32\cmd.exe[5872] C:\Windows\system32\KERNELBASE.dll!DefineDosDeviceW + 1 00007ffb2dd69b79 11 bytes [B8, 49, BD, 18, 5D, 00, 00, ...] .text C:\Windows\system32\cmd.exe[5872] C:\Windows\system32\KERNELBASE.dll!CreateThread 00007ffb2dd69eb0 12 bytes [48, B8, C9, 3B, 18, 5D, 00, ...] .text C:\Windows\system32\cmd.exe[5872] C:\Windows\system32\KERNELBASE.dll!ReadConsoleInputA + 1 00007ffb2ddbada5 11 bytes [B8, 49, 70, 18, 5D, 00, 00, ...] .text C:\Windows\system32\cmd.exe[5872] C:\Windows\system32\KERNELBASE.dll!ReadConsoleInputW + 1 00007ffb2ddbae11 11 bytes [B8, 09, 72, 18, 5D, 00, 00, ...] .text C:\Windows\system32\cmd.exe[5872] C:\Windows\system32\KERNELBASE.dll!ReadConsoleA 00007ffb2ddbb82c 12 bytes [48, B8, C9, 73, 18, 5D, 00, ...] .text C:\Windows\system32\cmd.exe[5872] C:\Windows\system32\KERNELBASE.dll!ReadConsoleW 00007ffb2ddbba54 12 bytes [48, B8, 89, 75, 18, 5D, 00, ...] .text C:\Windows\system32\cmd.exe[5872] C:\Windows\system32\KERNELBASE.dll!CreateRemoteThread 00007ffb2ddccddc 12 bytes [48, B8, C9, 1F, 18, 5D, 00, ...] .text C:\Windows\SYSTEM32\notepad.exe[6116] C:\Windows\system32\KERNEL32.DLL!CreateToolhelp32Snapshot 00007ffb2fbea8f0 12 bytes [48, B8, C9, 34, 18, 5D, 00, ...] .text C:\Windows\SYSTEM32\notepad.exe[6116] C:\Windows\system32\KERNEL32.DLL!Process32NextW 00007ffb2fbeb0f0 12 bytes [48, B8, 49, AF, 18, 5D, 00, ...] .text C:\Windows\SYSTEM32\notepad.exe[6116] C:\Windows\system32\KERNEL32.DLL!GetStartupInfoA + 1 00007ffb2fc82731 11 bytes [B8, 09, D4, 18, 5D, 00, 00, ...] .text C:\Windows\SYSTEM32\notepad.exe[6116] C:\Windows\system32\KERNEL32.DLL!MoveFileExA + 1 00007ffb2fca6f9d 8 bytes [B8, C9, C0, 18, 5D, 00, 00, ...] .text C:\Windows\SYSTEM32\notepad.exe[6116] C:\Windows\system32\KERNEL32.DLL!MoveFileExA + 10 00007ffb2fca6fa6 2 bytes [50, C3] .text C:\Windows\SYSTEM32\notepad.exe[6116] C:\Windows\system32\KERNEL32.DLL!MoveFileWithProgressA + 1 00007ffb2fca7095 11 bytes [B8, 09, C6, 18, 5D, 00, 00, ...] .text C:\Windows\SYSTEM32\notepad.exe[6116] C:\Windows\system32\KERNELBASE.dll!CloseHandle 00007ffb2dcf14f0 12 bytes [48, B8, 49, 4D, 18, 5D, 00, ...] .text C:\Windows\SYSTEM32\notepad.exe[6116] C:\Windows\system32\KERNELBASE.dll!FreeLibrary + 1 00007ffb2dcf54c9 11 bytes [B8, 09, A3, 18, 5D, 00, 00, ...] .text C:\Windows\SYSTEM32\notepad.exe[6116] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW + 1 00007ffb2dcf55b1 11 bytes [B8, 49, A1, 18, 5D, 00, 00, ...] .text C:\Windows\SYSTEM32\notepad.exe[6116] C:\Windows\system32\KERNELBASE.dll!OpenMutexW + 1 00007ffb2dcf6741 11 bytes [B8, C9, 49, 18, 5D, 00, 00, ...] .text C:\Windows\SYSTEM32\notepad.exe[6116] C:\Windows\system32\KERNELBASE.dll!CreateMutexW 00007ffb2dcf688c 12 bytes [48, B8, 89, 4B, 18, 5D, 00, ...] .text C:\Windows\SYSTEM32\notepad.exe[6116] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExA + 1 00007ffb2dcf8f99 11 bytes [B8, 89, 9F, 18, 5D, 00, 00, ...] .text C:\Windows\SYSTEM32\notepad.exe[6116] C:\Windows\system32\KERNELBASE.dll!GetProcAddress 00007ffb2dcf9e94 12 bytes [48, B8, C9, A4, 18, 5D, 00, ...] .text C:\Windows\SYSTEM32\notepad.exe[6116] C:\Windows\system32\KERNELBASE.dll!CreateProcessInternalW 00007ffb2dd068c0 12 bytes [48, B8, 89, 28, 18, 5D, 00, ...] .text C:\Windows\SYSTEM32\notepad.exe[6116] C:\Windows\system32\KERNELBASE.dll!WriteProcessMemory + 1 00007ffb2dd14ac1 11 bytes [B8, 89, 3D, 18, 5D, 00, 00, ...] .text C:\Windows\SYSTEM32\notepad.exe[6116] C:\Windows\system32\KERNELBASE.dll!MoveFileExW + 1 00007ffb2dd4cb51 8 bytes [B8, 89, C2, 18, 5D, 00, 00, ...] .text C:\Windows\SYSTEM32\notepad.exe[6116] C:\Windows\system32\KERNELBASE.dll!MoveFileExW + 10 00007ffb2dd4cb5a 2 bytes [50, C3] .text C:\Windows\SYSTEM32\notepad.exe[6116] C:\Windows\system32\KERNELBASE.dll!MoveFileWithProgressW + 1 00007ffb2dd522e1 11 bytes [B8, C9, C7, 18, 5D, 00, 00, ...] .text C:\Windows\SYSTEM32\notepad.exe[6116] C:\Windows\system32\KERNELBASE.dll!DefineDosDeviceW + 1 00007ffb2dd69b79 11 bytes [B8, 49, BD, 18, 5D, 00, 00, ...] .text C:\Windows\SYSTEM32\notepad.exe[6116] C:\Windows\system32\KERNELBASE.dll!CreateThread 00007ffb2dd69eb0 12 bytes [48, B8, C9, 3B, 18, 5D, 00, ...] .text C:\Windows\SYSTEM32\notepad.exe[6116] C:\Windows\system32\KERNELBASE.dll!ReadConsoleInputA + 1 00007ffb2ddbada5 11 bytes [B8, 49, 70, 18, 5D, 00, 00, ...] .text C:\Windows\SYSTEM32\notepad.exe[6116] C:\Windows\system32\KERNELBASE.dll!ReadConsoleInputW + 1 00007ffb2ddbae11 11 bytes [B8, 09, 72, 18, 5D, 00, 00, ...] .text C:\Windows\SYSTEM32\notepad.exe[6116] C:\Windows\system32\KERNELBASE.dll!ReadConsoleA 00007ffb2ddbb82c 12 bytes [48, B8, C9, 73, 18, 5D, 00, ...] .text C:\Windows\SYSTEM32\notepad.exe[6116] C:\Windows\system32\KERNELBASE.dll!ReadConsoleW 00007ffb2ddbba54 12 bytes [48, B8, 89, 75, 18, 5D, 00, ...] .text C:\Windows\SYSTEM32\notepad.exe[6116] C:\Windows\system32\KERNELBASE.dll!CreateRemoteThread 00007ffb2ddccddc 12 bytes [48, B8, C9, 1F, 18, 5D, 00, ...] .text C:\Windows\SYSTEM32\notepad.exe[6116] C:\Windows\system32\ADVAPI32.dll!CreateServiceA 00007ffb2e0ecd04 12 bytes [48, B8, C9, 65, 18, 5D, 00, ...] .text C:\Windows\SYSTEM32\notepad.exe[6116] C:\Windows\system32\ADVAPI32.dll!CreateServiceW 00007ffb2e0ecd88 12 bytes [48, B8, 89, 67, 18, 5D, 00, ...] .text C:\Windows\SYSTEM32\notepad.exe[6116] C:\Windows\system32\USER32.dll!ShowWindow 00007ffb2e5d1190 6 bytes [48, B8, C9, 88, 18, 5D] .text C:\Windows\SYSTEM32\notepad.exe[6116] C:\Windows\system32\USER32.dll!ShowWindow + 8 00007ffb2e5d1198 4 bytes [00, 00, 50, C3] .text C:\Windows\SYSTEM32\notepad.exe[6116] C:\Windows\system32\USER32.dll!UnhookWindowsHookEx 00007ffb2e5d11f0 6 bytes [48, B8, 89, 7C, 18, 5D] .text C:\Windows\SYSTEM32\notepad.exe[6116] C:\Windows\system32\USER32.dll!UnhookWindowsHookEx + 8 00007ffb2e5d11f8 4 bytes [00, 00, 50, C3] .text C:\Windows\SYSTEM32\notepad.exe[6116] C:\Windows\system32\USER32.dll!GetMessageW 00007ffb2e5d2030 12 bytes [48, B8, 09, 6B, 18, 5D, 00, ...] .text C:\Windows\SYSTEM32\notepad.exe[6116] C:\Windows\system32\USER32.dll!PeekMessageW + 1 00007ffb2e5d3071 11 bytes [B8, 89, 6E, 18, 5D, 00, 00, ...] .text C:\Windows\SYSTEM32\notepad.exe[6116] C:\Windows\system32\USER32.dll!PostMessageW + 1 00007ffb2e5d34d1 11 bytes [B8, 49, D9, 18, 5D, 00, 00, ...] .text C:\Windows\SYSTEM32\notepad.exe[6116] C:\Windows\system32\USER32.dll!CallNextHookEx + 1 00007ffb2e5d3be1 3 bytes [B8, C9, 7A] .text C:\Windows\SYSTEM32\notepad.exe[6116] C:\Windows\system32\USER32.dll!CallNextHookEx + 5 00007ffb2e5d3be5 7 bytes [5D, 00, 00, 00, 00, 50, C3] .text C:\Windows\SYSTEM32\notepad.exe[6116] C:\Windows\system32\USER32.dll!SetWindowTextW + 1 00007ffb2e5d56e1 11 bytes [B8, 49, 93, 18, 5D, 00, 00, ...] .text C:\Windows\SYSTEM32\notepad.exe[6116] C:\Windows\system32\USER32.dll!GetMessageA + 1 00007ffb2e5d6401 11 bytes [B8, 49, 69, 18, 5D, 00, 00, ...] .text C:\Windows\SYSTEM32\notepad.exe[6116] C:\Windows\system32\USER32.dll!PostMessageA 00007ffb2e5d6970 4 bytes [48, B8, 89, D7] .text C:\Windows\SYSTEM32\notepad.exe[6116] C:\Windows\system32\USER32.dll!PostMessageA + 5 00007ffb2e5d6975 7 bytes [5D, 00, 00, 00, 00, 50, C3] .text C:\Windows\SYSTEM32\notepad.exe[6116] C:\Windows\system32\USER32.dll!CreateWindowExW 00007ffb2e5d7834 7 bytes [48, B8, 49, 85, 18, 5D, 00] .text C:\Windows\SYSTEM32\notepad.exe[6116] C:\Windows\system32\USER32.dll!CreateWindowExW + 10 00007ffb2e5d783e 2 bytes [50, C3] .text C:\Windows\SYSTEM32\notepad.exe[6116] C:\Windows\system32\USER32.dll!SetWindowsHookExW + 1 00007ffb2e5da861 7 bytes [B8, 09, 1E, 18, 5D, 00, 00] .text C:\Windows\SYSTEM32\notepad.exe[6116] C:\Windows\system32\USER32.dll!SetWindowsHookExW + 9 00007ffb2e5da869 3 bytes [00, 50, C3] .text C:\Windows\SYSTEM32\notepad.exe[6116] C:\Windows\system32\USER32.dll!CreateWindowExA 00007ffb2e5dae38 7 bytes [48, B8, 09, 87, 18, 5D, 00] .text C:\Windows\SYSTEM32\notepad.exe[6116] C:\Windows\system32\USER32.dll!CreateWindowExA + 10 00007ffb2e5dae42 2 bytes [50, C3] .text C:\Windows\SYSTEM32\notepad.exe[6116] C:\Windows\system32\USER32.dll!FindWindowExW + 1 00007ffb2e5dceb1 11 bytes [B8, C9, AB, 18, 5D, 00, 00, ...] .text C:\Windows\SYSTEM32\notepad.exe[6116] C:\Windows\system32\USER32.dll!FindWindowExA + 1 00007ffb2e5dd241 7 bytes [B8, 49, A8, 18, 5D, 00, 00] .text C:\Windows\SYSTEM32\notepad.exe[6116] C:\Windows\system32\USER32.dll!FindWindowExA + 9 00007ffb2e5dd249 3 bytes [00, 50, C3] .text C:\Windows\SYSTEM32\notepad.exe[6116] C:\Windows\system32\USER32.dll!FindWindowW + 1 00007ffb2e5dec31 7 bytes [B8, 09, AA, 18, 5D, 00, 00] .text C:\Windows\SYSTEM32\notepad.exe[6116] C:\Windows\system32\USER32.dll!FindWindowW + 9 00007ffb2e5dec39 3 bytes [00, 50, C3] .text C:\Windows\SYSTEM32\notepad.exe[6116] C:\Windows\system32\USER32.dll!SetWinEventHook 00007ffb2e5e2214 12 bytes [48, B8, 09, 3A, 18, 5D, 00, ...] .text C:\Windows\SYSTEM32\notepad.exe[6116] C:\Windows\system32\USER32.dll!CreateDialogIndirectParamAorW + 1 00007ffb2e5f0dcd 11 bytes [B8, 89, 8A, 18, 5D, 00, 00, ...] .text C:\Windows\SYSTEM32\notepad.exe[6116] C:\Windows\system32\USER32.dll!PeekMessageA + 1 00007ffb2e5f20e1 11 bytes [B8, C9, 6C, 18, 5D, 00, 00, ...] .text C:\Windows\SYSTEM32\notepad.exe[6116] C:\Windows\system32\USER32.dll!UserClientDllInitialize + 1 00007ffb2e5f2831 11 bytes [B8, 09, E9, 18, 5D, 00, 00, ...] .text C:\Windows\SYSTEM32\notepad.exe[6116] C:\Windows\system32\USER32.dll!DialogBoxIndirectParamAorW + 1 00007ffb2e600799 11 bytes [B8, 49, 8C, 18, 5D, 00, 00, ...] .text C:\Windows\SYSTEM32\notepad.exe[6116] C:\Windows\system32\USER32.dll!SetWindowsHookExA + 1 00007ffb2e62d979 8 bytes [B8, 49, 1C, 18, 5D, 00, 00, ...] .text C:\Windows\SYSTEM32\notepad.exe[6116] C:\Windows\system32\USER32.dll!SetWindowsHookExA + 10 00007ffb2e62d982 2 bytes [50, C3] .text C:\Windows\SYSTEM32\notepad.exe[6116] C:\Windows\system32\USER32.dll!MessageBoxExA + 1 00007ffb2e6536fd 11 bytes [B8, 09, 8E, 18, 5D, 00, 00, ...] .text C:\Windows\SYSTEM32\notepad.exe[6116] C:\Windows\system32\USER32.dll!MessageBoxExW + 1 00007ffb2e653721 11 bytes [B8, C9, 8F, 18, 5D, 00, 00, ...] .text C:\Windows\SYSTEM32\notepad.exe[6116] C:\Windows\system32\USER32.dll!FindWindowA + 1 00007ffb2e654881 11 bytes [B8, 89, A6, 18, 5D, 00, 00, ...] .text C:\Windows\SYSTEM32\notepad.exe[6116] C:\Windows\system32\USER32.dll!SetWindowTextA + 1 00007ffb2e65c725 11 bytes [B8, 89, 91, 18, 5D, 00, 00, ...] .text C:\Windows\SYSTEM32\notepad.exe[6116] C:\Windows\system32\SHELL32.dll!Shell_NotifyIconW + 1 00007ffb2e883415 3 bytes [B8, 49, 7E] .text C:\Windows\SYSTEM32\notepad.exe[6116] C:\Windows\system32\SHELL32.dll!Shell_NotifyIconW + 5 00007ffb2e883419 7 bytes [5D, 00, 00, 00, 00, 50, C3] .text C:\Windows\SYSTEM32\notepad.exe[6116] C:\Windows\SYSTEM32\sechost.dll!CredIsProtectedW + 225 00007ffb2e032501 11 bytes [B8, 89, EC, 18, 5D, 00, 00, ...] .text C:\Windows\SYSTEM32\notepad.exe[6116] C:\Windows\SYSTEM32\sechost.dll!CloseServiceHandle + 1 00007ffb2e034fcd 11 bytes [B8, 09, 5D, 18, 5D, 00, 00, ...] .text C:\Windows\SYSTEM32\notepad.exe[6116] C:\Windows\SYSTEM32\sechost.dll!OpenServiceW 00007ffb2e0354e0 12 bytes [48, B8, C9, 50, 18, 5D, 00, ...] .text C:\Windows\SYSTEM32\notepad.exe[6116] C:\Windows\SYSTEM32\sechost.dll!ControlServiceExW + 1 00007ffb2e037e31 11 bytes [B8, 49, 54, 18, 5D, 00, 00, ...] .text C:\Windows\SYSTEM32\notepad.exe[6116] C:\Windows\SYSTEM32\sechost.dll!ControlService + 1 00007ffb2e038975 11 bytes [B8, 09, 56, 18, 5D, 00, 00, ...] .text C:\Windows\SYSTEM32\notepad.exe[6116] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigW + 1 00007ffb2e03c295 11 bytes [B8, 49, 5B, 18, 5D, 00, 00, ...] .text C:\Windows\SYSTEM32\notepad.exe[6116] C:\Windows\SYSTEM32\sechost.dll!OpenServiceA 00007ffb2e058840 12 bytes [48, B8, 09, 4F, 18, 5D, 00, ...] .text C:\Windows\SYSTEM32\notepad.exe[6116] C:\Windows\SYSTEM32\sechost.dll!DeleteService + 1 00007ffb2e059905 11 bytes [B8, C9, 57, 18, 5D, 00, 00, ...] .text C:\Windows\SYSTEM32\notepad.exe[6116] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigA + 1 00007ffb2e05c721 11 bytes [B8, 89, 59, 18, 5D, 00, 00, ...] .text C:\Windows\SYSTEM32\notepad.exe[6116] C:\Windows\SYSTEM32\sechost.dll!ControlServiceExA + 1 00007ffb2e06cbf1 11 bytes [B8, 89, 52, 18, 5D, 00, 00, ...] .text C:\Windows\system32\taskeng.exe[4912] C:\Windows\system32\KERNEL32.DLL!CreateToolhelp32Snapshot 00007ffb2fbea8f0 12 bytes [48, B8, C9, 34, 18, 5D, 00, ...] .text C:\Windows\system32\taskeng.exe[4912] C:\Windows\system32\KERNEL32.DLL!Process32NextW 00007ffb2fbeb0f0 12 bytes [48, B8, 49, AF, 18, 5D, 00, ...] .text C:\Windows\system32\taskeng.exe[4912] C:\Windows\system32\KERNEL32.DLL!GetStartupInfoA + 1 00007ffb2fc82731 11 bytes [B8, 09, D4, 18, 5D, 00, 00, ...] .text C:\Windows\system32\taskeng.exe[4912] C:\Windows\system32\KERNEL32.DLL!MoveFileExA + 1 00007ffb2fca6f9d 8 bytes [B8, C9, C0, 18, 5D, 00, 00, ...] .text C:\Windows\system32\taskeng.exe[4912] C:\Windows\system32\KERNEL32.DLL!MoveFileExA + 10 00007ffb2fca6fa6 2 bytes [50, C3] .text C:\Windows\system32\taskeng.exe[4912] C:\Windows\system32\KERNEL32.DLL!MoveFileWithProgressA + 1 00007ffb2fca7095 11 bytes [B8, 09, C6, 18, 5D, 00, 00, ...] .text C:\Windows\system32\taskeng.exe[4912] C:\Windows\system32\KERNELBASE.dll!CloseHandle 00007ffb2dcf14f0 12 bytes [48, B8, 49, 4D, 18, 5D, 00, ...] .text C:\Windows\system32\taskeng.exe[4912] C:\Windows\system32\KERNELBASE.dll!FreeLibrary + 1 00007ffb2dcf54c9 11 bytes [B8, 09, A3, 18, 5D, 00, 00, ...] .text C:\Windows\system32\taskeng.exe[4912] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW + 1 00007ffb2dcf55b1 11 bytes [B8, 49, A1, 18, 5D, 00, 00, ...] .text C:\Windows\system32\taskeng.exe[4912] C:\Windows\system32\KERNELBASE.dll!OpenMutexW + 1 00007ffb2dcf6741 11 bytes [B8, C9, 49, 18, 5D, 00, 00, ...] .text C:\Windows\system32\taskeng.exe[4912] C:\Windows\system32\KERNELBASE.dll!CreateMutexW 00007ffb2dcf688c 12 bytes [48, B8, 89, 4B, 18, 5D, 00, ...] .text C:\Windows\system32\taskeng.exe[4912] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExA + 1 00007ffb2dcf8f99 11 bytes [B8, 89, 9F, 18, 5D, 00, 00, ...] .text C:\Windows\system32\taskeng.exe[4912] C:\Windows\system32\KERNELBASE.dll!GetProcAddress 00007ffb2dcf9e94 12 bytes [48, B8, C9, A4, 18, 5D, 00, ...] .text C:\Windows\system32\taskeng.exe[4912] C:\Windows\system32\KERNELBASE.dll!CreateProcessInternalW 00007ffb2dd068c0 12 bytes [48, B8, 89, 28, 18, 5D, 00, ...] .text C:\Windows\system32\taskeng.exe[4912] C:\Windows\system32\KERNELBASE.dll!WriteProcessMemory + 1 00007ffb2dd14ac1 11 bytes [B8, 89, 3D, 18, 5D, 00, 00, ...] .text C:\Windows\system32\taskeng.exe[4912] C:\Windows\system32\KERNELBASE.dll!MoveFileExW + 1 00007ffb2dd4cb51 8 bytes [B8, 89, C2, 18, 5D, 00, 00, ...] .text C:\Windows\system32\taskeng.exe[4912] C:\Windows\system32\KERNELBASE.dll!MoveFileExW + 10 00007ffb2dd4cb5a 2 bytes [50, C3] .text C:\Windows\system32\taskeng.exe[4912] C:\Windows\system32\KERNELBASE.dll!MoveFileWithProgressW + 1 00007ffb2dd522e1 11 bytes [B8, C9, C7, 18, 5D, 00, 00, ...] .text C:\Windows\system32\taskeng.exe[4912] C:\Windows\system32\KERNELBASE.dll!DefineDosDeviceW + 1 00007ffb2dd69b79 11 bytes [B8, 49, BD, 18, 5D, 00, 00, ...] .text C:\Windows\system32\taskeng.exe[4912] C:\Windows\system32\KERNELBASE.dll!CreateThread 00007ffb2dd69eb0 12 bytes [48, B8, C9, 3B, 18, 5D, 00, ...] .text C:\Windows\system32\taskeng.exe[4912] C:\Windows\system32\KERNELBASE.dll!ReadConsoleInputA + 1 00007ffb2ddbada5 11 bytes [B8, 49, 70, 18, 5D, 00, 00, ...] .text C:\Windows\system32\taskeng.exe[4912] C:\Windows\system32\KERNELBASE.dll!ReadConsoleInputW + 1 00007ffb2ddbae11 11 bytes [B8, 09, 72, 18, 5D, 00, 00, ...] .text C:\Windows\system32\taskeng.exe[4912] C:\Windows\system32\KERNELBASE.dll!ReadConsoleA 00007ffb2ddbb82c 12 bytes [48, B8, C9, 73, 18, 5D, 00, ...] .text C:\Windows\system32\taskeng.exe[4912] C:\Windows\system32\KERNELBASE.dll!ReadConsoleW 00007ffb2ddbba54 12 bytes [48, B8, 89, 75, 18, 5D, 00, ...] .text C:\Windows\system32\taskeng.exe[4912] C:\Windows\system32\KERNELBASE.dll!CreateRemoteThread 00007ffb2ddccddc 12 bytes [48, B8, C9, 1F, 18, 5D, 00, ...] .text C:\Windows\system32\taskeng.exe[4912] C:\Windows\SYSTEM32\advapi32.dll!CreateServiceA 00007ffb2e0ecd04 12 bytes [48, B8, C9, 65, 18, 5D, 00, ...] .text C:\Windows\system32\taskeng.exe[4912] C:\Windows\SYSTEM32\advapi32.dll!CreateServiceW 00007ffb2e0ecd88 12 bytes [48, B8, 89, 67, 18, 5D, 00, ...] .text C:\Windows\system32\taskeng.exe[4912] C:\Windows\SYSTEM32\sechost.dll!CredIsProtectedW + 225 00007ffb2e032501 11 bytes [B8, 09, E9, 18, 5D, 00, 00, ...] .text C:\Windows\system32\taskeng.exe[4912] C:\Windows\SYSTEM32\sechost.dll!CloseServiceHandle + 1 00007ffb2e034fcd 11 bytes [B8, 09, 5D, 18, 5D, 00, 00, ...] .text C:\Windows\system32\taskeng.exe[4912] C:\Windows\SYSTEM32\sechost.dll!OpenServiceW 00007ffb2e0354e0 12 bytes [48, B8, C9, 50, 18, 5D, 00, ...] .text C:\Windows\system32\taskeng.exe[4912] C:\Windows\SYSTEM32\sechost.dll!ControlServiceExW + 1 00007ffb2e037e31 11 bytes [B8, 49, 54, 18, 5D, 00, 00, ...] .text C:\Windows\system32\taskeng.exe[4912] C:\Windows\SYSTEM32\sechost.dll!ControlService + 1 00007ffb2e038975 11 bytes [B8, 09, 56, 18, 5D, 00, 00, ...] .text C:\Windows\system32\taskeng.exe[4912] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigW + 1 00007ffb2e03c295 11 bytes [B8, 49, 5B, 18, 5D, 00, 00, ...] .text C:\Windows\system32\taskeng.exe[4912] C:\Windows\SYSTEM32\sechost.dll!OpenServiceA 00007ffb2e058840 12 bytes [48, B8, 09, 4F, 18, 5D, 00, ...] .text C:\Windows\system32\taskeng.exe[4912] C:\Windows\SYSTEM32\sechost.dll!DeleteService + 1 00007ffb2e059905 11 bytes [B8, C9, 57, 18, 5D, 00, 00, ...] .text C:\Windows\system32\taskeng.exe[4912] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigA + 1 00007ffb2e05c721 11 bytes [B8, 89, 59, 18, 5D, 00, 00, ...] .text C:\Windows\system32\taskeng.exe[4912] C:\Windows\SYSTEM32\sechost.dll!ControlServiceExA + 1 00007ffb2e06cbf1 11 bytes [B8, 89, 52, 18, 5D, 00, 00, ...] .text C:\Windows\system32\taskeng.exe[4912] C:\Windows\SYSTEM32\user32.dll!ShowWindow 00007ffb2e5d1190 6 bytes [48, B8, C9, 88, 18, 5D] .text C:\Windows\system32\taskeng.exe[4912] C:\Windows\SYSTEM32\user32.dll!ShowWindow + 8 00007ffb2e5d1198 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\taskeng.exe[4912] C:\Windows\SYSTEM32\user32.dll!UnhookWindowsHookEx 00007ffb2e5d11f0 6 bytes [48, B8, 89, 7C, 18, 5D] .text C:\Windows\system32\taskeng.exe[4912] C:\Windows\SYSTEM32\user32.dll!UnhookWindowsHookEx + 8 00007ffb2e5d11f8 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\taskeng.exe[4912] C:\Windows\SYSTEM32\user32.dll!GetMessageW 00007ffb2e5d2030 12 bytes [48, B8, 09, 6B, 18, 5D, 00, ...] .text C:\Windows\system32\taskeng.exe[4912] C:\Windows\SYSTEM32\user32.dll!PeekMessageW + 1 00007ffb2e5d3071 11 bytes [B8, 89, 6E, 18, 5D, 00, 00, ...] .text C:\Windows\system32\taskeng.exe[4912] C:\Windows\SYSTEM32\user32.dll!PostMessageW + 1 00007ffb2e5d34d1 11 bytes [B8, 49, D9, 18, 5D, 00, 00, ...] .text C:\Windows\system32\taskeng.exe[4912] C:\Windows\SYSTEM32\user32.dll!CallNextHookEx + 1 00007ffb2e5d3be1 3 bytes [B8, C9, 7A] .text C:\Windows\system32\taskeng.exe[4912] C:\Windows\SYSTEM32\user32.dll!CallNextHookEx + 5 00007ffb2e5d3be5 7 bytes [5D, 00, 00, 00, 00, 50, C3] .text C:\Windows\system32\taskeng.exe[4912] C:\Windows\SYSTEM32\user32.dll!SetWindowTextW + 1 00007ffb2e5d56e1 11 bytes [B8, 49, 93, 18, 5D, 00, 00, ...] .text C:\Windows\system32\taskeng.exe[4912] C:\Windows\SYSTEM32\user32.dll!GetMessageA + 1 00007ffb2e5d6401 11 bytes [B8, 49, 69, 18, 5D, 00, 00, ...] .text C:\Windows\system32\taskeng.exe[4912] C:\Windows\SYSTEM32\user32.dll!PostMessageA 00007ffb2e5d6970 4 bytes [48, B8, 89, D7] .text C:\Windows\system32\taskeng.exe[4912] C:\Windows\SYSTEM32\user32.dll!PostMessageA + 5 00007ffb2e5d6975 7 bytes [5D, 00, 00, 00, 00, 50, C3] .text C:\Windows\system32\taskeng.exe[4912] C:\Windows\SYSTEM32\user32.dll!CreateWindowExW 00007ffb2e5d7834 7 bytes [48, B8, 49, 85, 18, 5D, 00] .text C:\Windows\system32\taskeng.exe[4912] C:\Windows\SYSTEM32\user32.dll!CreateWindowExW + 10 00007ffb2e5d783e 2 bytes [50, C3] .text C:\Windows\system32\taskeng.exe[4912] C:\Windows\SYSTEM32\user32.dll!SetWindowsHookExW + 1 00007ffb2e5da861 7 bytes [B8, 09, 1E, 18, 5D, 00, 00] .text C:\Windows\system32\taskeng.exe[4912] C:\Windows\SYSTEM32\user32.dll!SetWindowsHookExW + 9 00007ffb2e5da869 3 bytes [00, 50, C3] .text C:\Windows\system32\taskeng.exe[4912] C:\Windows\SYSTEM32\user32.dll!CreateWindowExA 00007ffb2e5dae38 7 bytes [48, B8, 09, 87, 18, 5D, 00] .text C:\Windows\system32\taskeng.exe[4912] C:\Windows\SYSTEM32\user32.dll!CreateWindowExA + 10 00007ffb2e5dae42 2 bytes [50, C3] .text C:\Windows\system32\taskeng.exe[4912] C:\Windows\SYSTEM32\user32.dll!FindWindowExW + 1 00007ffb2e5dceb1 11 bytes [B8, C9, AB, 18, 5D, 00, 00, ...] .text C:\Windows\system32\taskeng.exe[4912] C:\Windows\SYSTEM32\user32.dll!FindWindowExA + 1 00007ffb2e5dd241 7 bytes [B8, 49, A8, 18, 5D, 00, 00] .text C:\Windows\system32\taskeng.exe[4912] C:\Windows\SYSTEM32\user32.dll!FindWindowExA + 9 00007ffb2e5dd249 3 bytes [00, 50, C3] .text C:\Windows\system32\taskeng.exe[4912] C:\Windows\SYSTEM32\user32.dll!FindWindowW + 1 00007ffb2e5dec31 7 bytes [B8, 09, AA, 18, 5D, 00, 00] .text C:\Windows\system32\taskeng.exe[4912] C:\Windows\SYSTEM32\user32.dll!FindWindowW + 9 00007ffb2e5dec39 3 bytes [00, 50, C3] .text C:\Windows\system32\taskeng.exe[4912] C:\Windows\SYSTEM32\user32.dll!SetWinEventHook 00007ffb2e5e2214 12 bytes [48, B8, 09, 3A, 18, 5D, 00, ...] .text C:\Windows\system32\taskeng.exe[4912] C:\Windows\SYSTEM32\user32.dll!CreateDialogIndirectParamAorW + 1 00007ffb2e5f0dcd 11 bytes [B8, 89, 8A, 18, 5D, 00, 00, ...] .text C:\Windows\system32\taskeng.exe[4912] C:\Windows\SYSTEM32\user32.dll!PeekMessageA + 1 00007ffb2e5f20e1 11 bytes [B8, C9, 6C, 18, 5D, 00, 00, ...] .text C:\Windows\system32\taskeng.exe[4912] C:\Windows\SYSTEM32\user32.dll!UserClientDllInitialize + 1 00007ffb2e5f2831 11 bytes [B8, C9, EA, 18, 5D, 00, 00, ...] .text C:\Windows\system32\taskeng.exe[4912] C:\Windows\SYSTEM32\user32.dll!DialogBoxIndirectParamAorW + 1 00007ffb2e600799 11 bytes [B8, 49, 8C, 18, 5D, 00, 00, ...] .text C:\Windows\system32\taskeng.exe[4912] C:\Windows\SYSTEM32\user32.dll!SetWindowsHookExA + 1 00007ffb2e62d979 8 bytes [B8, 49, 1C, 18, 5D, 00, 00, ...] .text C:\Windows\system32\taskeng.exe[4912] C:\Windows\SYSTEM32\user32.dll!SetWindowsHookExA + 10 00007ffb2e62d982 2 bytes [50, C3] .text C:\Windows\system32\taskeng.exe[4912] C:\Windows\SYSTEM32\user32.dll!MessageBoxExA + 1 00007ffb2e6536fd 11 bytes [B8, 09, 8E, 18, 5D, 00, 00, ...] .text C:\Windows\system32\taskeng.exe[4912] C:\Windows\SYSTEM32\user32.dll!MessageBoxExW + 1 00007ffb2e653721 11 bytes [B8, C9, 8F, 18, 5D, 00, 00, ...] .text C:\Windows\system32\taskeng.exe[4912] C:\Windows\SYSTEM32\user32.dll!FindWindowA + 1 00007ffb2e654881 11 bytes [B8, 89, A6, 18, 5D, 00, 00, ...] .text C:\Windows\system32\taskeng.exe[4912] C:\Windows\SYSTEM32\user32.dll!SetWindowTextA + 1 00007ffb2e65c725 11 bytes [B8, 89, 91, 18, 5D, 00, 00, ...] .text C:\Users\werasia\Downloads\FRST64.exe[3208] C:\Windows\system32\KERNEL32.DLL!CreateToolhelp32Snapshot 00007ffb2fbea8f0 12 bytes [48, B8, C9, 34, 18, 5D, 00, ...] .text C:\Users\werasia\Downloads\FRST64.exe[3208] C:\Windows\system32\KERNEL32.DLL!Process32NextW 00007ffb2fbeb0f0 12 bytes [48, B8, 49, AF, 18, 5D, 00, ...] .text C:\Users\werasia\Downloads\FRST64.exe[3208] C:\Windows\system32\KERNEL32.DLL!GetStartupInfoA + 1 00007ffb2fc82731 11 bytes [B8, C9, D5, 18, 5D, 00, 00, ...] .text C:\Users\werasia\Downloads\FRST64.exe[3208] C:\Windows\system32\KERNEL32.DLL!MoveFileExA + 1 00007ffb2fca6f9d 8 bytes [B8, C9, C0, 18, 5D, 00, 00, ...] .text C:\Users\werasia\Downloads\FRST64.exe[3208] C:\Windows\system32\KERNEL32.DLL!MoveFileExA + 10 00007ffb2fca6fa6 2 bytes [50, C3] .text C:\Users\werasia\Downloads\FRST64.exe[3208] C:\Windows\system32\KERNEL32.DLL!MoveFileWithProgressA + 1 00007ffb2fca7095 11 bytes [B8, 09, C6, 18, 5D, 00, 00, ...] .text C:\Users\werasia\Downloads\FRST64.exe[3208] C:\Windows\system32\KERNELBASE.dll!CloseHandle 00007ffb2dcf14f0 12 bytes [48, B8, 49, 4D, 18, 5D, 00, ...] .text C:\Users\werasia\Downloads\FRST64.exe[3208] C:\Windows\system32\KERNELBASE.dll!FreeLibrary + 1 00007ffb2dcf54c9 11 bytes [B8, 09, A3, 18, 5D, 00, 00, ...] .text C:\Users\werasia\Downloads\FRST64.exe[3208] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW + 1 00007ffb2dcf55b1 11 bytes [B8, 49, A1, 18, 5D, 00, 00, ...] .text C:\Users\werasia\Downloads\FRST64.exe[3208] C:\Windows\system32\KERNELBASE.dll!OpenMutexW + 1 00007ffb2dcf6741 11 bytes [B8, C9, 49, 18, 5D, 00, 00, ...] .text C:\Users\werasia\Downloads\FRST64.exe[3208] C:\Windows\system32\KERNELBASE.dll!CreateMutexW 00007ffb2dcf688c 12 bytes [48, B8, 89, 4B, 18, 5D, 00, ...] .text C:\Users\werasia\Downloads\FRST64.exe[3208] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExA + 1 00007ffb2dcf8f99 11 bytes [B8, 89, 9F, 18, 5D, 00, 00, ...] .text C:\Users\werasia\Downloads\FRST64.exe[3208] C:\Windows\system32\KERNELBASE.dll!GetProcAddress 00007ffb2dcf9e94 12 bytes [48, B8, C9, A4, 18, 5D, 00, ...] .text C:\Users\werasia\Downloads\FRST64.exe[3208] C:\Windows\system32\KERNELBASE.dll!CreateProcessInternalW 00007ffb2dd068c0 12 bytes [48, B8, 89, 28, 18, 5D, 00, ...] .text C:\Users\werasia\Downloads\FRST64.exe[3208] C:\Windows\system32\KERNELBASE.dll!WriteProcessMemory + 1 00007ffb2dd14ac1 11 bytes [B8, 89, 3D, 18, 5D, 00, 00, ...] .text C:\Users\werasia\Downloads\FRST64.exe[3208] C:\Windows\system32\KERNELBASE.dll!MoveFileExW + 1 00007ffb2dd4cb51 8 bytes [B8, 89, C2, 18, 5D, 00, 00, ...] .text C:\Users\werasia\Downloads\FRST64.exe[3208] C:\Windows\system32\KERNELBASE.dll!MoveFileExW + 10 00007ffb2dd4cb5a 2 bytes [50, C3] .text C:\Users\werasia\Downloads\FRST64.exe[3208] C:\Windows\system32\KERNELBASE.dll!MoveFileWithProgressW + 1 00007ffb2dd522e1 11 bytes [B8, C9, C7, 18, 5D, 00, 00, ...] .text C:\Users\werasia\Downloads\FRST64.exe[3208] C:\Windows\system32\KERNELBASE.dll!DefineDosDeviceW + 1 00007ffb2dd69b79 11 bytes [B8, 49, BD, 18, 5D, 00, 00, ...] .text C:\Users\werasia\Downloads\FRST64.exe[3208] C:\Windows\system32\KERNELBASE.dll!CreateThread 00007ffb2dd69eb0 12 bytes [48, B8, C9, 3B, 18, 5D, 00, ...] .text C:\Users\werasia\Downloads\FRST64.exe[3208] C:\Windows\system32\KERNELBASE.dll!ReadConsoleInputA + 1 00007ffb2ddbada5 11 bytes [B8, 49, 70, 18, 5D, 00, 00, ...] .text C:\Users\werasia\Downloads\FRST64.exe[3208] C:\Windows\system32\KERNELBASE.dll!ReadConsoleInputW + 1 00007ffb2ddbae11 11 bytes [B8, 09, 72, 18, 5D, 00, 00, ...] .text C:\Users\werasia\Downloads\FRST64.exe[3208] C:\Windows\system32\KERNELBASE.dll!ReadConsoleA 00007ffb2ddbb82c 12 bytes [48, B8, C9, 73, 18, 5D, 00, ...] .text C:\Users\werasia\Downloads\FRST64.exe[3208] C:\Windows\system32\KERNELBASE.dll!ReadConsoleW 00007ffb2ddbba54 12 bytes [48, B8, 89, 75, 18, 5D, 00, ...] .text C:\Users\werasia\Downloads\FRST64.exe[3208] C:\Windows\system32\KERNELBASE.dll!CreateRemoteThread 00007ffb2ddccddc 12 bytes [48, B8, C9, 1F, 18, 5D, 00, ...] .text C:\Users\werasia\Downloads\FRST64.exe[3208] C:\Windows\system32\apphelp.dll!SdbFindNextTagRef + 237 00007ffb2c5b86c9 5 bytes [B8, C9, 7A, 18, 5D] .text C:\Users\werasia\Downloads\FRST64.exe[3208] C:\Windows\system32\apphelp.dll!SdbFindNextTagRef + 243 00007ffb2c5b86cf 5 bytes [00, 00, 00, 50, C3] .text C:\Users\werasia\Downloads\FRST64.exe[3208] C:\Windows\SYSTEM32\WSOCK32.dll!setsockopt + 194 00007ffb22f91f6a 4 bytes [F9, 22, FB, 7F] .text C:\Users\werasia\Downloads\FRST64.exe[3208] C:\Windows\SYSTEM32\WSOCK32.dll!setsockopt + 218 00007ffb22f91f82 4 bytes [F9, 22, FB, 7F] .text C:\Users\werasia\Downloads\FRST64.exe[3208] C:\Windows\system32\PSAPI.DLL!GetModuleBaseNameA + 506 00007ffb3062169a 4 bytes [62, 30, FB, 7F] .text C:\Users\werasia\Downloads\FRST64.exe[3208] C:\Windows\system32\PSAPI.DLL!GetModuleBaseNameA + 514 00007ffb306216a2 4 bytes [62, 30, FB, 7F] .text C:\Users\werasia\Downloads\FRST64.exe[3208] C:\Windows\system32\PSAPI.DLL!QueryWorkingSet + 118 00007ffb3062181a 4 bytes [62, 30, FB, 7F] .text C:\Users\werasia\Downloads\FRST64.exe[3208] C:\Windows\system32\PSAPI.DLL!QueryWorkingSet + 142 00007ffb30621832 4 bytes [62, 30, FB, 7F] .text C:\Users\werasia\Downloads\FRST64.exe[3208] C:\Windows\system32\USER32.dll!ShowWindow 00007ffb2e5d1190 6 bytes [48, B8, C9, 88, 18, 5D] .text C:\Users\werasia\Downloads\FRST64.exe[3208] C:\Windows\system32\USER32.dll!ShowWindow + 8 00007ffb2e5d1198 4 bytes [00, 00, 50, C3] .text C:\Users\werasia\Downloads\FRST64.exe[3208] C:\Windows\system32\USER32.dll!UnhookWindowsHookEx 00007ffb2e5d11f0 6 bytes [48, B8, 89, 7C, 18, 5D] .text C:\Users\werasia\Downloads\FRST64.exe[3208] C:\Windows\system32\USER32.dll!UnhookWindowsHookEx + 8 00007ffb2e5d11f8 4 bytes [00, 00, 50, C3] .text C:\Users\werasia\Downloads\FRST64.exe[3208] C:\Windows\system32\USER32.dll!GetMessageW 00007ffb2e5d2030 12 bytes [48, B8, 09, 6B, 18, 5D, 00, ...] .text C:\Users\werasia\Downloads\FRST64.exe[3208] C:\Windows\system32\USER32.dll!PeekMessageW + 1 00007ffb2e5d3071 11 bytes [B8, 89, 6E, 18, 5D, 00, 00, ...] .text C:\Users\werasia\Downloads\FRST64.exe[3208] C:\Windows\system32\USER32.dll!PostMessageW + 1 00007ffb2e5d34d1 11 bytes [B8, 09, DB, 18, 5D, 00, 00, ...] .text C:\Users\werasia\Downloads\FRST64.exe[3208] C:\Windows\system32\USER32.dll!SetWindowTextW + 1 00007ffb2e5d56e1 11 bytes [B8, 49, 93, 18, 5D, 00, 00, ...] .text C:\Users\werasia\Downloads\FRST64.exe[3208] C:\Windows\system32\USER32.dll!GetMessageA + 1 00007ffb2e5d6401 11 bytes [B8, 49, 69, 18, 5D, 00, 00, ...] .text C:\Users\werasia\Downloads\FRST64.exe[3208] C:\Windows\system32\USER32.dll!PostMessageA 00007ffb2e5d6970 4 bytes [48, B8, 49, D9] .text C:\Users\werasia\Downloads\FRST64.exe[3208] C:\Windows\system32\USER32.dll!PostMessageA + 5 00007ffb2e5d6975 7 bytes [5D, 00, 00, 00, 00, 50, C3] .text C:\Users\werasia\Downloads\FRST64.exe[3208] C:\Windows\system32\USER32.dll!CreateWindowExW 00007ffb2e5d7834 7 bytes [48, B8, 49, 85, 18, 5D, 00] .text C:\Users\werasia\Downloads\FRST64.exe[3208] C:\Windows\system32\USER32.dll!CreateWindowExW + 10 00007ffb2e5d783e 2 bytes [50, C3] .text C:\Users\werasia\Downloads\FRST64.exe[3208] C:\Windows\system32\USER32.dll!CreateWindowExA 00007ffb2e5dae38 7 bytes [48, B8, 09, 87, 18, 5D, 00] .text C:\Users\werasia\Downloads\FRST64.exe[3208] C:\Windows\system32\USER32.dll!CreateWindowExA + 10 00007ffb2e5dae42 2 bytes [50, C3] .text C:\Users\werasia\Downloads\FRST64.exe[3208] C:\Windows\system32\USER32.dll!FindWindowExW + 1 00007ffb2e5dceb1 11 bytes [B8, C9, AB, 18, 5D, 00, 00, ...] .text C:\Users\werasia\Downloads\FRST64.exe[3208] C:\Windows\system32\USER32.dll!FindWindowExA + 1 00007ffb2e5dd241 7 bytes [B8, 49, A8, 18, 5D, 00, 00] .text C:\Users\werasia\Downloads\FRST64.exe[3208] C:\Windows\system32\USER32.dll!FindWindowExA + 9 00007ffb2e5dd249 3 bytes [00, 50, C3] .text C:\Users\werasia\Downloads\FRST64.exe[3208] C:\Windows\system32\USER32.dll!FindWindowW + 1 00007ffb2e5dec31 7 bytes [B8, 09, AA, 18, 5D, 00, 00] .text C:\Users\werasia\Downloads\FRST64.exe[3208] C:\Windows\system32\USER32.dll!FindWindowW + 9 00007ffb2e5dec39 3 bytes [00, 50, C3] .text C:\Users\werasia\Downloads\FRST64.exe[3208] C:\Windows\system32\USER32.dll!SetWinEventHook 00007ffb2e5e2214 12 bytes [48, B8, 09, 3A, 18, 5D, 00, ...] .text C:\Users\werasia\Downloads\FRST64.exe[3208] C:\Windows\system32\USER32.dll!CreateDialogIndirectParamAorW + 1 00007ffb2e5f0dcd 11 bytes [B8, 89, 8A, 18, 5D, 00, 00, ...] .text C:\Users\werasia\Downloads\FRST64.exe[3208] C:\Windows\system32\USER32.dll!PeekMessageA + 1 00007ffb2e5f20e1 11 bytes [B8, C9, 6C, 18, 5D, 00, 00, ...] .text C:\Users\werasia\Downloads\FRST64.exe[3208] C:\Windows\system32\USER32.dll!UserClientDllInitialize + 1 00007ffb2e5f2831 11 bytes [B8, 09, E9, 18, 5D, 00, 00, ...] .text C:\Users\werasia\Downloads\FRST64.exe[3208] C:\Windows\system32\USER32.dll!DialogBoxIndirectParamAorW + 1 00007ffb2e600799 11 bytes [B8, 49, 8C, 18, 5D, 00, 00, ...] .text C:\Users\werasia\Downloads\FRST64.exe[3208] C:\Windows\system32\USER32.dll!SetWindowsHookExA + 1 00007ffb2e62d979 8 bytes [B8, 49, 1C, 18, 5D, 00, 00, ...] .text C:\Users\werasia\Downloads\FRST64.exe[3208] C:\Windows\system32\USER32.dll!SetWindowsHookExA + 10 00007ffb2e62d982 2 bytes [50, C3] .text C:\Users\werasia\Downloads\FRST64.exe[3208] C:\Windows\system32\USER32.dll!MessageBoxExA + 1 00007ffb2e6536fd 11 bytes [B8, 09, 8E, 18, 5D, 00, 00, ...] .text C:\Users\werasia\Downloads\FRST64.exe[3208] C:\Windows\system32\USER32.dll!MessageBoxExW + 1 00007ffb2e653721 11 bytes [B8, C9, 8F, 18, 5D, 00, 00, ...] .text C:\Users\werasia\Downloads\FRST64.exe[3208] C:\Windows\system32\USER32.dll!FindWindowA + 1 00007ffb2e654881 11 bytes [B8, 89, A6, 18, 5D, 00, 00, ...] .text C:\Users\werasia\Downloads\FRST64.exe[3208] C:\Windows\system32\USER32.dll!SetWindowTextA + 1 00007ffb2e65c725 11 bytes [B8, 89, 91, 18, 5D, 00, 00, ...] .text C:\Users\werasia\Downloads\FRST64.exe[3208] C:\Windows\system32\ADVAPI32.dll!CreateServiceA 00007ffb2e0ecd04 12 bytes [48, B8, C9, 65, 18, 5D, 00, ...] .text C:\Users\werasia\Downloads\FRST64.exe[3208] C:\Windows\system32\ADVAPI32.dll!CreateServiceW 00007ffb2e0ecd88 12 bytes [48, B8, 89, 67, 18, 5D, 00, ...] .text C:\Users\werasia\Downloads\FRST64.exe[3208] C:\Windows\system32\SHELL32.dll!Shell_NotifyIconW + 1 00007ffb2e883415 3 bytes [B8, 49, 7E] .text C:\Users\werasia\Downloads\FRST64.exe[3208] C:\Windows\system32\SHELL32.dll!Shell_NotifyIconW + 5 00007ffb2e883419 7 bytes [5D, 00, 00, 00, 00, 50, C3] .text C:\Users\werasia\Downloads\FRST64.exe[3208] C:\Windows\system32\WS2_32.dll!closesocket 00007ffb2e761ac0 12 bytes [48, B8, 89, 98, 18, 5D, 00, ...] .text C:\Users\werasia\Downloads\FRST64.exe[3208] C:\Windows\system32\WS2_32.dll!WSASocketW 00007ffb2e762190 12 bytes [48, B8, C9, 96, 18, 5D, 00, ...] .text C:\Users\werasia\Downloads\FRST64.exe[3208] C:\Windows\system32\WS2_32.dll!socket + 1 00007ffb2e7624a1 11 bytes [B8, 49, CB, 18, 5D, 00, 00, ...] .text C:\Users\werasia\Downloads\FRST64.exe[3208] C:\Windows\system32\WS2_32.dll!GetAddrInfoW 00007ffb2e762bb0 12 bytes [48, B8, 09, 80, 18, 5D, 00, ...] .text C:\Users\werasia\Downloads\FRST64.exe[3208] C:\Windows\system32\WS2_32.dll!GetAddrInfoExW 00007ffb2e768a90 12 bytes [48, B8, C9, 81, 18, 5D, 00, ...] .text C:\Users\werasia\Downloads\FRST64.exe[3208] C:\Windows\system32\WS2_32.dll!WSASend + 1 00007ffb2e76f381 11 bytes [B8, 49, 9A, 18, 5D, 00, 00, ...] .text C:\Users\werasia\Downloads\FRST64.exe[3208] C:\Windows\system32\WS2_32.dll!recv + 1 00007ffb2e76f561 11 bytes [B8, 89, D0, 18, 5D, 00, 00, ...] .text C:\Users\werasia\Downloads\FRST64.exe[3208] C:\Windows\system32\WS2_32.dll!WSARecv + 1 00007ffb2e76ffd1 11 bytes [B8, 49, D2, 18, 5D, 00, 00, ...] .text C:\Users\werasia\Downloads\FRST64.exe[3208] C:\Windows\system32\WS2_32.dll!connect 00007ffb2e7707f0 12 bytes [48, B8, 49, 62, 18, 5D, 00, ...] .text C:\Users\werasia\Downloads\FRST64.exe[3208] C:\Windows\system32\WS2_32.dll!send + 1 00007ffb2e770f61 11 bytes [B8, 09, 95, 18, 5D, 00, 00, ...] .text C:\Users\werasia\Downloads\FRST64.exe[3208] C:\Windows\system32\WS2_32.dll!WSAConnect + 1 00007ffb2e7769b1 11 bytes [B8, C9, CE, 18, 5D, 00, 00, ...] .text C:\Users\werasia\Downloads\FRST64.exe[3208] C:\Windows\system32\WS2_32.dll!gethostbyname + 1 00007ffb2e784749 11 bytes [B8, 89, 83, 18, 5D, 00, 00, ...] .text C:\Users\werasia\Downloads\FRST64.exe[3208] C:\Windows\SYSTEM32\sechost.dll!CredIsProtectedW + 225 00007ffb2e032501 11 bytes [B8, 09, F0, 18, 5D, 00, 00, ...] .text C:\Users\werasia\Downloads\FRST64.exe[3208] C:\Windows\SYSTEM32\sechost.dll!CloseServiceHandle + 1 00007ffb2e034fcd 11 bytes [B8, 09, 5D, 18, 5D, 00, 00, ...] .text C:\Users\werasia\Downloads\FRST64.exe[3208] C:\Windows\SYSTEM32\sechost.dll!OpenServiceW 00007ffb2e0354e0 12 bytes [48, B8, C9, 50, 18, 5D, 00, ...] .text C:\Users\werasia\Downloads\FRST64.exe[3208] C:\Windows\SYSTEM32\sechost.dll!ControlServiceExW + 1 00007ffb2e037e31 11 bytes [B8, 49, 54, 18, 5D, 00, 00, ...] .text C:\Users\werasia\Downloads\FRST64.exe[3208] C:\Windows\SYSTEM32\sechost.dll!ControlService + 1 00007ffb2e038975 11 bytes [B8, 09, 56, 18, 5D, 00, 00, ...] .text C:\Users\werasia\Downloads\FRST64.exe[3208] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigW + 1 00007ffb2e03c295 11 bytes [B8, 49, 5B, 18, 5D, 00, 00, ...] .text C:\Users\werasia\Downloads\FRST64.exe[3208] C:\Windows\SYSTEM32\sechost.dll!OpenServiceA 00007ffb2e058840 12 bytes [48, B8, 09, 4F, 18, 5D, 00, ...] .text C:\Users\werasia\Downloads\FRST64.exe[3208] C:\Windows\SYSTEM32\sechost.dll!DeleteService + 1 00007ffb2e059905 11 bytes [B8, C9, 57, 18, 5D, 00, 00, ...] .text C:\Users\werasia\Downloads\FRST64.exe[3208] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigA + 1 00007ffb2e05c721 11 bytes [B8, 89, 59, 18, 5D, 00, 00, ...] .text C:\Users\werasia\Downloads\FRST64.exe[3208] C:\Windows\SYSTEM32\sechost.dll!ControlServiceExA + 1 00007ffb2e06cbf1 11 bytes [B8, 89, 52, 18, 5D, 00, 00, ...] .text C:\Users\werasia\Downloads\FRST64.exe[3208] C:\Windows\SYSTEM32\DNSAPI.dll!DnsQueryEx 00007ffb2d0533a0 4 bytes [48, B8, 89, BB] .text C:\Users\werasia\Downloads\FRST64.exe[3208] C:\Windows\SYSTEM32\DNSAPI.dll!DnsQueryEx + 5 00007ffb2d0533a5 7 bytes [5D, 00, 00, 00, 00, 50, C3] .text C:\Users\werasia\Downloads\FRST64.exe[3208] C:\Windows\SYSTEM32\DNSAPI.dll!DnsQuery_UTF8 00007ffb2d072ff0 12 bytes [48, B8, C9, B9, 18, 5D, 00, ...] .text C:\Users\werasia\Downloads\FRST64.exe[3208] C:\Windows\SYSTEM32\DNSAPI.dll!DnsQuery_W 00007ffb2d081b74 12 bytes [48, B8, 09, B8, 18, 5D, 00, ...] .text C:\Users\werasia\Downloads\FRST64.exe[3208] C:\Windows\SYSTEM32\DNSAPI.dll!DnsQuery_A 00007ffb2d0afcec 12 bytes [48, B8, 49, B6, 18, 5D, 00, ...] .text C:\Users\werasia\Downloads\FRST64.exe[3208] C:\Windows\SYSTEM32\urlmon.dll!URLDownloadToCacheFileW 00007ffb24a05570 12 bytes [48, B8, 89, 60, 18, 5D, 00, ...] .text C:\Users\werasia\Downloads\FRST64.exe[3208] C:\Windows\SYSTEM32\urlmon.dll!URLDownloadToFileW + 1 00007ffb24a33681 11 bytes [B8, C9, 5E, 18, 5D, 00, 00, ...] .text C:\Windows\system32\DllHost.exe[2460] C:\Windows\system32\KERNEL32.DLL!CreateToolhelp32Snapshot 00007ffb2fbea8f0 12 bytes [48, B8, C9, 34, 18, 5D, 00, ...] .text C:\Windows\system32\DllHost.exe[2460] C:\Windows\system32\KERNEL32.DLL!Process32NextW 00007ffb2fbeb0f0 12 bytes [48, B8, 49, AF, 18, 5D, 00, ...] .text C:\Windows\system32\DllHost.exe[2460] C:\Windows\system32\KERNEL32.DLL!GetStartupInfoA + 1 00007ffb2fc82731 11 bytes [B8, 09, D4, 18, 5D, 00, 00, ...] .text C:\Windows\system32\DllHost.exe[2460] C:\Windows\system32\KERNEL32.DLL!MoveFileExA + 1 00007ffb2fca6f9d 8 bytes [B8, C9, C0, 18, 5D, 00, 00, ...] .text C:\Windows\system32\DllHost.exe[2460] C:\Windows\system32\KERNEL32.DLL!MoveFileExA + 10 00007ffb2fca6fa6 2 bytes [50, C3] .text C:\Windows\system32\DllHost.exe[2460] C:\Windows\system32\KERNEL32.DLL!MoveFileWithProgressA + 1 00007ffb2fca7095 11 bytes [B8, 09, C6, 18, 5D, 00, 00, ...] .text C:\Windows\system32\DllHost.exe[2460] C:\Windows\system32\KERNELBASE.dll!CloseHandle 00007ffb2dcf14f0 12 bytes [48, B8, 49, 4D, 18, 5D, 00, ...] .text C:\Windows\system32\DllHost.exe[2460] C:\Windows\system32\KERNELBASE.dll!FreeLibrary + 1 00007ffb2dcf54c9 11 bytes [B8, 09, A3, 18, 5D, 00, 00, ...] .text C:\Windows\system32\DllHost.exe[2460] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW + 1 00007ffb2dcf55b1 11 bytes [B8, 49, A1, 18, 5D, 00, 00, ...] .text C:\Windows\system32\DllHost.exe[2460] C:\Windows\system32\KERNELBASE.dll!OpenMutexW + 1 00007ffb2dcf6741 11 bytes [B8, C9, 49, 18, 5D, 00, 00, ...] .text C:\Windows\system32\DllHost.exe[2460] C:\Windows\system32\KERNELBASE.dll!CreateMutexW 00007ffb2dcf688c 12 bytes [48, B8, 89, 4B, 18, 5D, 00, ...] .text C:\Windows\system32\DllHost.exe[2460] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExA + 1 00007ffb2dcf8f99 11 bytes [B8, 89, 9F, 18, 5D, 00, 00, ...] .text C:\Windows\system32\DllHost.exe[2460] C:\Windows\system32\KERNELBASE.dll!GetProcAddress 00007ffb2dcf9e94 12 bytes [48, B8, C9, A4, 18, 5D, 00, ...] .text C:\Windows\system32\DllHost.exe[2460] C:\Windows\system32\KERNELBASE.dll!CreateProcessInternalW 00007ffb2dd068c0 12 bytes [48, B8, 89, 28, 18, 5D, 00, ...] .text C:\Windows\system32\DllHost.exe[2460] C:\Windows\system32\KERNELBASE.dll!WriteProcessMemory + 1 00007ffb2dd14ac1 11 bytes [B8, 89, 3D, 18, 5D, 00, 00, ...] .text C:\Windows\system32\DllHost.exe[2460] C:\Windows\system32\KERNELBASE.dll!MoveFileExW + 1 00007ffb2dd4cb51 8 bytes [B8, 89, C2, 18, 5D, 00, 00, ...] .text C:\Windows\system32\DllHost.exe[2460] C:\Windows\system32\KERNELBASE.dll!MoveFileExW + 10 00007ffb2dd4cb5a 2 bytes [50, C3] .text C:\Windows\system32\DllHost.exe[2460] C:\Windows\system32\KERNELBASE.dll!MoveFileWithProgressW + 1 00007ffb2dd522e1 11 bytes [B8, C9, C7, 18, 5D, 00, 00, ...] .text C:\Windows\system32\DllHost.exe[2460] C:\Windows\system32\KERNELBASE.dll!DefineDosDeviceW + 1 00007ffb2dd69b79 11 bytes [B8, 49, BD, 18, 5D, 00, 00, ...] .text C:\Windows\system32\DllHost.exe[2460] C:\Windows\system32\KERNELBASE.dll!CreateThread 00007ffb2dd69eb0 12 bytes [48, B8, C9, 3B, 18, 5D, 00, ...] .text C:\Windows\system32\DllHost.exe[2460] C:\Windows\system32\KERNELBASE.dll!ReadConsoleInputA + 1 00007ffb2ddbada5 11 bytes [B8, 49, 70, 18, 5D, 00, 00, ...] .text C:\Windows\system32\DllHost.exe[2460] C:\Windows\system32\KERNELBASE.dll!ReadConsoleInputW + 1 00007ffb2ddbae11 11 bytes [B8, 09, 72, 18, 5D, 00, 00, ...] .text C:\Windows\system32\DllHost.exe[2460] C:\Windows\system32\KERNELBASE.dll!ReadConsoleA 00007ffb2ddbb82c 12 bytes [48, B8, C9, 73, 18, 5D, 00, ...] .text C:\Windows\system32\DllHost.exe[2460] C:\Windows\system32\KERNELBASE.dll!ReadConsoleW 00007ffb2ddbba54 12 bytes [48, B8, 89, 75, 18, 5D, 00, ...] .text C:\Windows\system32\DllHost.exe[2460] C:\Windows\system32\KERNELBASE.dll!CreateRemoteThread 00007ffb2ddccddc 12 bytes [48, B8, C9, 1F, 18, 5D, 00, ...] .text C:\Windows\system32\DllHost.exe[2460] C:\Windows\SYSTEM32\sechost.dll!CredIsProtectedW + 225 00007ffb2e032501 11 bytes [B8, 49, E7, 18, 5D, 00, 00, ...] .text C:\Windows\system32\DllHost.exe[2460] C:\Windows\SYSTEM32\sechost.dll!CloseServiceHandle + 1 00007ffb2e034fcd 11 bytes [B8, 09, 5D, 18, 5D, 00, 00, ...] .text C:\Windows\system32\DllHost.exe[2460] C:\Windows\SYSTEM32\sechost.dll!OpenServiceW 00007ffb2e0354e0 12 bytes [48, B8, C9, 50, 18, 5D, 00, ...] .text C:\Windows\system32\DllHost.exe[2460] C:\Windows\SYSTEM32\sechost.dll!ControlServiceExW + 1 00007ffb2e037e31 11 bytes [B8, 49, 54, 18, 5D, 00, 00, ...] .text C:\Windows\system32\DllHost.exe[2460] C:\Windows\SYSTEM32\sechost.dll!ControlService + 1 00007ffb2e038975 11 bytes [B8, 09, 56, 18, 5D, 00, 00, ...] .text C:\Windows\system32\DllHost.exe[2460] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigW + 1 00007ffb2e03c295 11 bytes [B8, 49, 5B, 18, 5D, 00, 00, ...] .text C:\Windows\system32\DllHost.exe[2460] C:\Windows\SYSTEM32\sechost.dll!OpenServiceA 00007ffb2e058840 12 bytes [48, B8, 09, 4F, 18, 5D, 00, ...] .text C:\Windows\system32\DllHost.exe[2460] C:\Windows\SYSTEM32\sechost.dll!DeleteService + 1 00007ffb2e059905 11 bytes [B8, C9, 57, 18, 5D, 00, 00, ...] .text C:\Windows\system32\DllHost.exe[2460] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigA + 1 00007ffb2e05c721 11 bytes [B8, 89, 59, 18, 5D, 00, 00, ...] .text C:\Windows\system32\DllHost.exe[2460] C:\Windows\SYSTEM32\sechost.dll!ControlServiceExA + 1 00007ffb2e06cbf1 11 bytes [B8, 89, 52, 18, 5D, 00, 00, ...] .text C:\Windows\system32\DllHost.exe[2460] C:\Windows\SYSTEM32\user32.dll!ShowWindow 00007ffb2e5d1190 6 bytes [48, B8, C9, 88, 18, 5D] .text C:\Windows\system32\DllHost.exe[2460] C:\Windows\SYSTEM32\user32.dll!ShowWindow + 8 00007ffb2e5d1198 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\DllHost.exe[2460] C:\Windows\SYSTEM32\user32.dll!UnhookWindowsHookEx 00007ffb2e5d11f0 6 bytes [48, B8, 89, 7C, 18, 5D] .text C:\Windows\system32\DllHost.exe[2460] C:\Windows\SYSTEM32\user32.dll!UnhookWindowsHookEx + 8 00007ffb2e5d11f8 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\DllHost.exe[2460] C:\Windows\SYSTEM32\user32.dll!GetMessageW 00007ffb2e5d2030 12 bytes [48, B8, 09, 6B, 18, 5D, 00, ...] .text C:\Windows\system32\DllHost.exe[2460] C:\Windows\SYSTEM32\user32.dll!PeekMessageW + 1 00007ffb2e5d3071 11 bytes [B8, 89, 6E, 18, 5D, 00, 00, ...] .text C:\Windows\system32\DllHost.exe[2460] C:\Windows\SYSTEM32\user32.dll!PostMessageW + 1 00007ffb2e5d34d1 11 bytes [B8, 49, D9, 18, 5D, 00, 00, ...] .text C:\Windows\system32\DllHost.exe[2460] C:\Windows\SYSTEM32\user32.dll!CallNextHookEx + 1 00007ffb2e5d3be1 3 bytes [B8, C9, 7A] .text C:\Windows\system32\DllHost.exe[2460] C:\Windows\SYSTEM32\user32.dll!CallNextHookEx + 5 00007ffb2e5d3be5 7 bytes [5D, 00, 00, 00, 00, 50, C3] .text C:\Windows\system32\DllHost.exe[2460] C:\Windows\SYSTEM32\user32.dll!SetWindowTextW + 1 00007ffb2e5d56e1 11 bytes [B8, 49, 93, 18, 5D, 00, 00, ...] .text C:\Windows\system32\DllHost.exe[2460] C:\Windows\SYSTEM32\user32.dll!GetMessageA + 1 00007ffb2e5d6401 11 bytes [B8, 49, 69, 18, 5D, 00, 00, ...] .text C:\Windows\system32\DllHost.exe[2460] C:\Windows\SYSTEM32\user32.dll!PostMessageA 00007ffb2e5d6970 4 bytes [48, B8, 89, D7] .text C:\Windows\system32\DllHost.exe[2460] C:\Windows\SYSTEM32\user32.dll!PostMessageA + 5 00007ffb2e5d6975 7 bytes [5D, 00, 00, 00, 00, 50, C3] .text C:\Windows\system32\DllHost.exe[2460] C:\Windows\SYSTEM32\user32.dll!CreateWindowExW 00007ffb2e5d7834 7 bytes [48, B8, 49, 85, 18, 5D, 00] .text C:\Windows\system32\DllHost.exe[2460] C:\Windows\SYSTEM32\user32.dll!CreateWindowExW + 10 00007ffb2e5d783e 2 bytes [50, C3] .text C:\Windows\system32\DllHost.exe[2460] C:\Windows\SYSTEM32\user32.dll!SetWindowsHookExW + 1 00007ffb2e5da861 7 bytes [B8, 09, 1E, 18, 5D, 00, 00] .text C:\Windows\system32\DllHost.exe[2460] C:\Windows\SYSTEM32\user32.dll!SetWindowsHookExW + 9 00007ffb2e5da869 3 bytes [00, 50, C3] .text C:\Windows\system32\DllHost.exe[2460] C:\Windows\SYSTEM32\user32.dll!CreateWindowExA 00007ffb2e5dae38 7 bytes [48, B8, 09, 87, 18, 5D, 00] .text C:\Windows\system32\DllHost.exe[2460] C:\Windows\SYSTEM32\user32.dll!CreateWindowExA + 10 00007ffb2e5dae42 2 bytes [50, C3] .text C:\Windows\system32\DllHost.exe[2460] C:\Windows\SYSTEM32\user32.dll!FindWindowExW + 1 00007ffb2e5dceb1 11 bytes [B8, C9, AB, 18, 5D, 00, 00, ...] .text C:\Windows\system32\DllHost.exe[2460] C:\Windows\SYSTEM32\user32.dll!FindWindowExA + 1 00007ffb2e5dd241 7 bytes [B8, 49, A8, 18, 5D, 00, 00] .text C:\Windows\system32\DllHost.exe[2460] C:\Windows\SYSTEM32\user32.dll!FindWindowExA + 9 00007ffb2e5dd249 3 bytes [00, 50, C3] .text C:\Windows\system32\DllHost.exe[2460] C:\Windows\SYSTEM32\user32.dll!FindWindowW + 1 00007ffb2e5dec31 7 bytes [B8, 09, AA, 18, 5D, 00, 00] .text C:\Windows\system32\DllHost.exe[2460] C:\Windows\SYSTEM32\user32.dll!FindWindowW + 9 00007ffb2e5dec39 3 bytes [00, 50, C3] .text C:\Windows\system32\DllHost.exe[2460] C:\Windows\SYSTEM32\user32.dll!SetWinEventHook 00007ffb2e5e2214 12 bytes [48, B8, 09, 3A, 18, 5D, 00, ...] .text C:\Windows\system32\DllHost.exe[2460] C:\Windows\SYSTEM32\user32.dll!CreateDialogIndirectParamAorW + 1 00007ffb2e5f0dcd 11 bytes [B8, 89, 8A, 18, 5D, 00, 00, ...] .text C:\Windows\system32\DllHost.exe[2460] C:\Windows\SYSTEM32\user32.dll!PeekMessageA + 1 00007ffb2e5f20e1 11 bytes [B8, C9, 6C, 18, 5D, 00, 00, ...] .text C:\Windows\system32\DllHost.exe[2460] C:\Windows\SYSTEM32\user32.dll!UserClientDllInitialize + 1 00007ffb2e5f2831 11 bytes [B8, 09, E9, 18, 5D, 00, 00, ...] .text C:\Windows\system32\DllHost.exe[2460] C:\Windows\SYSTEM32\user32.dll!DialogBoxIndirectParamAorW + 1 00007ffb2e600799 11 bytes [B8, 49, 8C, 18, 5D, 00, 00, ...] .text C:\Windows\system32\DllHost.exe[2460] C:\Windows\SYSTEM32\user32.dll!SetWindowsHookExA + 1 00007ffb2e62d979 8 bytes [B8, 49, 1C, 18, 5D, 00, 00, ...] .text C:\Windows\system32\DllHost.exe[2460] C:\Windows\SYSTEM32\user32.dll!SetWindowsHookExA + 10 00007ffb2e62d982 2 bytes [50, C3] .text C:\Windows\system32\DllHost.exe[2460] C:\Windows\SYSTEM32\user32.dll!MessageBoxExA + 1 00007ffb2e6536fd 11 bytes [B8, 09, 8E, 18, 5D, 00, 00, ...] .text C:\Windows\system32\DllHost.exe[2460] C:\Windows\SYSTEM32\user32.dll!MessageBoxExW + 1 00007ffb2e653721 11 bytes [B8, C9, 8F, 18, 5D, 00, 00, ...] .text C:\Windows\system32\DllHost.exe[2460] C:\Windows\SYSTEM32\user32.dll!FindWindowA + 1 00007ffb2e654881 11 bytes [B8, 89, A6, 18, 5D, 00, 00, ...] .text C:\Windows\system32\DllHost.exe[2460] C:\Windows\SYSTEM32\user32.dll!SetWindowTextA + 1 00007ffb2e65c725 11 bytes [B8, 89, 91, 18, 5D, 00, 00, ...] .text C:\Windows\system32\DllHost.exe[2460] C:\Windows\system32\SHELL32.dll!Shell_NotifyIconW + 1 00007ffb2e883415 3 bytes [B8, 49, 7E] .text C:\Windows\system32\DllHost.exe[2460] C:\Windows\system32\SHELL32.dll!Shell_NotifyIconW + 5 00007ffb2e883419 7 bytes [5D, 00, 00, 00, 00, 50, C3] .text C:\Windows\system32\DllHost.exe[2460] C:\Windows\system32\ADVAPI32.dll!CreateServiceA 00007ffb2e0ecd04 12 bytes [48, B8, C9, 65, 18, 5D, 00, ...] .text C:\Windows\system32\DllHost.exe[2460] C:\Windows\system32\ADVAPI32.dll!CreateServiceW 00007ffb2e0ecd88 12 bytes [48, B8, 89, 67, 18, 5D, 00, ...] ---- Threads - GMER 2.1 ---- Thread C:\Windows\system32\csrss.exe [644:668] fffff9600097cb90 ---- Processes - GMER 2.1 ---- Library \\?\C:\Program Files\Common Files\Bitdefender\Bitdefender Threat Scanner\trufos.dll (*** suspicious ***) @ C:\Program Files\Bitdefender\Bitdefender 2015\vsserv.exe [976] (FILE NOT FOUND) 00007ffb27bb0000 ---- Disk sectors - GMER 2.1 ---- Disk \Device\Harddisk0\DR0 unknown MBR code ---- EOF - GMER 2.1 ----