GMER 2.1.19357 - http://www.gmer.net Rootkit scan 2015-06-16 06:07:40 Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\00000064 TOSHIBA_ rev.MS1O 465,76GB Running: 13e48xtt.exe; Driver: C:\USERS\JA\APPDATA\LOCAL\TEMP\pxldypoc.sys ---- User code sections - GMER 2.1 ---- .text C:\Program Files\Bitdefender\Bitdefender 2015\vsserv.exe[156] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000000007749de70 5 bytes [48, B8, F0, 12, EF] .text C:\Program Files\Bitdefender\Bitdefender 2015\vsserv.exe[156] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess + 8 000000007749de78 4 bytes [00, 00, 50, C3] .text C:\Program Files\Bitdefender\Bitdefender 2015\vsserv.exe[156] C:\Windows\system32\kernel32.dll!UnhandledExceptionFilter + 1 00000000772cb851 11 bytes [B8, F0, 12, 2F, 01, 00, 00, ...] .text C:\Windows\system32\svchost.exe[1516] C:\Windows\system32\kernel32.dll!Process32NextW + 1 0000000077231b21 11 bytes [B8, B9, C0, B5, 75, 00, 00, ...] .text C:\Windows\system32\svchost.exe[1516] C:\Windows\system32\kernel32.dll!CreateToolhelp32Snapshot 0000000077231c10 12 bytes [48, B8, F9, 39, B5, 75, 00, ...] .text C:\Windows\system32\svchost.exe[1516] C:\Windows\system32\kernel32.dll!MoveFileExW + 1 0000000077232b61 8 bytes [B8, B9, D5, B5, 75, 00, 00, ...] .text C:\Windows\system32\svchost.exe[1516] C:\Windows\system32\kernel32.dll!MoveFileExW + 10 0000000077232b6a 2 bytes [50, C3] .text C:\Windows\system32\svchost.exe[1516] C:\Windows\system32\kernel32.dll!CreateProcessInternalW 000000007724dbc0 12 bytes [48, B8, B9, 2D, B5, 75, 00, ...] .text C:\Windows\system32\svchost.exe[1516] C:\Windows\system32\kernel32.dll!GetStartupInfoA + 1 0000000077250941 11 bytes [B8, B9, 06, B6, 75, 00, 00, ...] .text C:\Windows\system32\svchost.exe[1516] C:\Windows\system32\kernel32.dll!ReadConsoleInputW + 1 0000000077285321 11 bytes [B8, B9, 7A, B5, 75, 00, 00, ...] .text C:\Windows\system32\svchost.exe[1516] C:\Windows\system32\kernel32.dll!ReadConsoleInputA + 1 0000000077285341 11 bytes [B8, 39, 77, B5, 75, 00, 00, ...] .text C:\Windows\system32\svchost.exe[1516] C:\Windows\system32\kernel32.dll!ReadConsoleW 000000007729a650 12 bytes [48, B8, B9, 81, B5, 75, 00, ...] .text C:\Windows\system32\svchost.exe[1516] C:\Windows\system32\kernel32.dll!ReadConsoleA 000000007729a760 12 bytes [48, B8, 39, 7E, B5, 75, 00, ...] .text C:\Windows\system32\svchost.exe[1516] C:\Windows\system32\kernel32.dll!MoveFileWithProgressW + 1 00000000772bf501 11 bytes [B8, B9, DC, B5, 75, 00, 00, ...] .text C:\Windows\system32\svchost.exe[1516] C:\Windows\system32\kernel32.dll!MoveFileWithProgressA + 1 00000000772bf701 11 bytes [B8, 39, D9, B5, 75, 00, 00, ...] .text C:\Windows\system32\svchost.exe[1516] C:\Windows\system32\kernel32.dll!MoveFileExA + 1 00000000772bf731 8 bytes [B8, 39, D2, B5, 75, 00, 00, ...] .text C:\Windows\system32\svchost.exe[1516] C:\Windows\system32\kernel32.dll!MoveFileExA + 10 00000000772bf73a 2 bytes [50, C3] .text C:\Windows\system32\svchost.exe[1516] C:\Windows\system32\KERNELBASE.dll!CloseHandle + 1 000007fefd231861 11 bytes [B8, 79, 52, B5, 75, 00, 00, ...] .text C:\Windows\system32\svchost.exe[1516] C:\Windows\system32\KERNELBASE.dll!GetProcAddress + 1 000007fefd2330f1 11 bytes [B8, 39, B6, B5, 75, 00, 00, ...] .text C:\Windows\system32\svchost.exe[1516] C:\Windows\system32\KERNELBASE.dll!FindFirstFileExW 000007fefd235200 12 bytes [48, B8, F9, E1, B5, 75, 00, ...] .text C:\Windows\system32\svchost.exe[1516] C:\Windows\system32\KERNELBASE.dll!FindNextFileW + 1 000007fefd235b91 11 bytes [B8, B9, E3, B5, 75, 00, 00, ...] .text C:\Windows\system32\svchost.exe[1516] C:\Windows\system32\KERNELBASE.dll!CreateMutexW 000007fefd238c00 12 bytes [48, B8, B9, 50, B5, 75, 00, ...] .text C:\Windows\system32\svchost.exe[1516] C:\Windows\system32\KERNELBASE.dll!CreateWellKnownSid + 1 000007fefd239531 11 bytes [B8, F9, FD, B5, 75, 00, 00, ...] .text C:\Windows\system32\svchost.exe[1516] C:\Windows\system32\KERNELBASE.dll!DeviceIoControl + 1 000007fefd239e71 11 bytes [B8, 39, E0, B5, 75, 00, 00, ...] .text C:\Windows\system32\svchost.exe[1516] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExA + 1 000007fefd23b591 11 bytes [B8, F9, B0, B5, 75, 00, 00, ...] .text C:\Windows\system32\svchost.exe[1516] C:\Windows\system32\KERNELBASE.dll!OpenMutexW + 1 000007fefd242361 11 bytes [B8, F9, 4E, B5, 75, 00, 00, ...] .text C:\Windows\system32\svchost.exe[1516] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd24a590 12 bytes [48, B8, B9, B2, B5, 75, 00, ...] .text C:\Windows\system32\svchost.exe[1516] C:\Windows\system32\KERNELBASE.dll!FreeLibrary + 1 000007fefd24ac01 11 bytes [B8, 79, B4, B5, 75, 00, 00, ...] .text C:\Windows\system32\svchost.exe[1516] C:\Windows\system32\KERNELBASE.dll!WriteProcessMemory 000007fefd2642e0 12 bytes [48, B8, B9, 42, B5, 75, 00, ...] .text C:\Windows\system32\svchost.exe[1516] C:\Windows\system32\KERNELBASE.dll!DefineDosDeviceW + 1 000007fefd270ba1 11 bytes [B8, B9, CE, B5, 75, 00, 00, ...] .text C:\Windows\system32\svchost.exe[1516] C:\Windows\system32\KERNELBASE.dll!CreateRemoteThread + 1 000007fefd272801 8 bytes [B8, 39, 23, B5, 75, 00, 00, ...] .text C:\Windows\system32\svchost.exe[1516] C:\Windows\system32\KERNELBASE.dll!CreateRemoteThread + 10 000007fefd27280a 2 bytes [50, C3] .text C:\Windows\system32\svchost.exe[1516] C:\Windows\system32\KERNELBASE.dll!CreateThread + 1 000007fefd272841 11 bytes [B8, F9, 40, B5, 75, 00, 00, ...] .text C:\Windows\system32\svchost.exe[1516] C:\Windows\SYSTEM32\sechost.dll!ControlService + 1 000007fefdc0642d 11 bytes [B8, 39, 5B, B5, 75, 00, 00, ...] .text C:\Windows\system32\svchost.exe[1516] C:\Windows\SYSTEM32\sechost.dll!OpenServiceW 000007fefdc06484 12 bytes [48, B8, F9, 55, B5, 75, 00, ...] .text C:\Windows\system32\svchost.exe[1516] C:\Windows\SYSTEM32\sechost.dll!CloseServiceHandle + 1 000007fefdc06519 11 bytes [B8, 39, 62, B5, 75, 00, 00, ...] .text C:\Windows\system32\svchost.exe[1516] C:\Windows\SYSTEM32\sechost.dll!OpenServiceA 000007fefdc06c34 12 bytes [48, B8, 39, 54, B5, 75, 00, ...] .text C:\Windows\system32\svchost.exe[1516] C:\Windows\SYSTEM32\sechost.dll!DeleteService + 1 000007fefdc07ab5 11 bytes [B8, F9, 5C, B5, 75, 00, 00, ...] .text C:\Windows\system32\svchost.exe[1516] C:\Windows\SYSTEM32\sechost.dll!ControlServiceExA + 1 000007fefdc08b01 11 bytes [B8, B9, 57, B5, 75, 00, 00, ...] .text C:\Windows\system32\svchost.exe[1516] C:\Windows\SYSTEM32\sechost.dll!ControlServiceExW + 1 000007fefdc08c39 11 bytes [B8, 79, 59, B5, 75, 00, 00, ...] .text C:\Windows\system32\svchost.exe[1516] C:\Windows\system32\ADVAPI32.dll!CryptExportKey + 1 000007fefe3fae81 11 bytes [B8, F9, F6, B5, 75, 00, 00, ...] .text C:\Windows\system32\svchost.exe[1516] C:\Windows\system32\ADVAPI32.dll!CryptAcquireContextA + 1 000007fefe3faee1 11 bytes [B8, 79, E5, B5, 75, 00, 00, ...] .text C:\Windows\system32\svchost.exe[1516] C:\Windows\system32\ADVAPI32.dll!CryptImportKey + 1 000007fefe3fe6e9 11 bytes [B8, 39, FC, B5, 75, 00, 00, ...] .text C:\Windows\system32\svchost.exe[1516] C:\Windows\system32\ADVAPI32.dll!CryptAcquireContextW + 1 000007fefe40048d 11 bytes [B8, 39, E7, B5, 75, 00, 00, ...] .text C:\Windows\system32\svchost.exe[1516] C:\Windows\system32\ADVAPI32.dll!CryptCreateHash + 1 000007fefe400579 11 bytes [B8, 39, F5, B5, 75, 00, 00, ...] .text C:\Windows\system32\svchost.exe[1516] C:\Windows\system32\ADVAPI32.dll!CryptGetHashParam + 1 000007fefe4005b1 11 bytes [B8, B9, F8, B5, 75, 00, 00, ...] .text C:\Windows\system32\svchost.exe[1516] C:\Windows\system32\ADVAPI32.dll!CryptGetHashParam + 73 000007fefe4005f9 5 bytes [B8, 79, FA, B5, 75] .text ... * 2 .text C:\Windows\system32\svchost.exe[1516] C:\Windows\system32\ADVAPI32.dll!IsTextUnicode + 49 000007fefe414e21 11 bytes [B8, 39, 0A, B6, 75, 00, 00, ...] .text C:\Windows\system32\svchost.exe[1516] C:\Windows\system32\ADVAPI32.dll!CreateServiceW 000007fefe415538 12 bytes [48, B8, B9, 6C, B5, 75, 00, ...] .text C:\Windows\system32\svchost.exe[1516] C:\Windows\system32\ADVAPI32.dll!CryptEncrypt + 1 000007fefe42b9c1 7 bytes [B8, B9, EA, B5, 75, 00, 00] .text C:\Windows\system32\svchost.exe[1516] C:\Windows\system32\ADVAPI32.dll!CryptEncrypt + 10 000007fefe42b9ca 2 bytes [50, C3] .text C:\Windows\system32\svchost.exe[1516] C:\Windows\system32\ADVAPI32.dll!CreateServiceA 000007fefe42ba4c 12 bytes [48, B8, F9, 6A, B5, 75, 00, ...] .text C:\Windows\system32\svchost.exe[1516] C:\Windows\system32\ADVAPI32.dll!ChangeServiceConfigW 000007fefe42bbc0 12 bytes [48, B8, 79, 60, B5, 75, 00, ...] .text C:\Windows\system32\svchost.exe[1516] C:\Windows\system32\ADVAPI32.dll!ChangeServiceConfigA 000007fefe42bc2c 12 bytes [48, B8, B9, 5E, B5, 75, 00, ...] .text C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe[1628] C:\Windows\system32\kernel32.dll!Process32NextW + 1 0000000077231b21 11 bytes [B8, B9, DC, B5, 75, 00, 00, ...] .text C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe[1628] C:\Windows\system32\kernel32.dll!CreateToolhelp32Snapshot 0000000077231c10 12 bytes [48, B8, F9, 39, B5, 75, 00, ...] .text C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe[1628] C:\Windows\system32\kernel32.dll!MoveFileExW + 1 0000000077232b61 8 bytes [B8, B9, F1, B5, 75, 00, 00, ...] .text C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe[1628] C:\Windows\system32\kernel32.dll!MoveFileExW + 10 0000000077232b6a 2 bytes [50, C3] .text C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe[1628] C:\Windows\system32\kernel32.dll!CreateProcessInternalW 000000007724dbc0 12 bytes [48, B8, B9, 2D, B5, 75, 00, ...] .text C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe[1628] C:\Windows\system32\kernel32.dll!GetStartupInfoA + 1 0000000077250941 2 bytes [B8, 79] .text C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe[1628] C:\Windows\system32\kernel32.dll!GetStartupInfoA + 4 0000000077250944 8 bytes [B6, 75, 00, 00, 00, 00, 50, ...] .text C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe[1628] C:\Windows\system32\kernel32.dll!ReadConsoleInputW + 1 0000000077285321 11 bytes [B8, B9, 7A, B5, 75, 00, 00, ...] .text C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe[1628] C:\Windows\system32\kernel32.dll!ReadConsoleInputA + 1 0000000077285341 11 bytes [B8, 39, 77, B5, 75, 00, 00, ...] .text C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe[1628] C:\Windows\system32\kernel32.dll!ReadConsoleW 000000007729a650 12 bytes [48, B8, B9, 81, B5, 75, 00, ...] .text C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe[1628] C:\Windows\system32\kernel32.dll!ReadConsoleA 000000007729a760 12 bytes [48, B8, 39, 7E, B5, 75, 00, ...] .text C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe[1628] C:\Windows\system32\kernel32.dll!MoveFileWithProgressW + 1 00000000772bf501 11 bytes [B8, B9, F8, B5, 75, 00, 00, ...] .text C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe[1628] C:\Windows\system32\kernel32.dll!MoveFileWithProgressA + 1 00000000772bf701 11 bytes [B8, 39, F5, B5, 75, 00, 00, ...] .text C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe[1628] C:\Windows\system32\kernel32.dll!MoveFileExA + 1 00000000772bf731 8 bytes [B8, 39, EE, B5, 75, 00, 00, ...] .text C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe[1628] C:\Windows\system32\kernel32.dll!MoveFileExA + 10 00000000772bf73a 2 bytes [50, C3] .text C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe[1628] C:\Windows\system32\KERNELBASE.dll!CloseHandle + 1 000007fefd231861 11 bytes [B8, 79, 52, B5, 75, 00, 00, ...] .text C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe[1628] C:\Windows\system32\KERNELBASE.dll!GetProcAddress + 1 000007fefd2330f1 11 bytes [B8, 39, D2, B5, 75, 00, 00, ...] .text C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe[1628] C:\Windows\system32\KERNELBASE.dll!FindFirstFileExW 000007fefd235200 12 bytes [48, B8, B9, FF, B5, 75, 00, ...] .text C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe[1628] C:\Windows\system32\KERNELBASE.dll!FindNextFileW + 1 000007fefd235b91 11 bytes [B8, 79, 01, B6, 75, 00, 00, ...] .text C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe[1628] C:\Windows\system32\KERNELBASE.dll!CreateMutexW 000007fefd238c00 12 bytes [48, B8, B9, 50, B5, 75, 00, ...] .text C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe[1628] C:\Windows\system32\KERNELBASE.dll!CreateWellKnownSid + 1 000007fefd239531 11 bytes [B8, B9, 1B, B6, 75, 00, 00, ...] .text C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe[1628] C:\Windows\system32\KERNELBASE.dll!DeviceIoControl + 1 000007fefd239e71 11 bytes [B8, F9, FD, B5, 75, 00, 00, ...] .text C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe[1628] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExA + 1 000007fefd23b591 11 bytes [B8, F9, CC, B5, 75, 00, 00, ...] .text C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe[1628] C:\Windows\system32\KERNELBASE.dll!OpenMutexW + 1 000007fefd242361 11 bytes [B8, F9, 4E, B5, 75, 00, 00, ...] .text C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe[1628] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd24a590 12 bytes [48, B8, B9, CE, B5, 75, 00, ...] .text C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe[1628] C:\Windows\system32\KERNELBASE.dll!FreeLibrary + 1 000007fefd24ac01 11 bytes [B8, 79, D0, B5, 75, 00, 00, ...] .text C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe[1628] C:\Windows\system32\KERNELBASE.dll!WriteProcessMemory 000007fefd2642e0 12 bytes [48, B8, B9, 42, B5, 75, 00, ...] .text C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe[1628] C:\Windows\system32\KERNELBASE.dll!DefineDosDeviceW + 1 000007fefd270ba1 11 bytes [B8, B9, EA, B5, 75, 00, 00, ...] .text C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe[1628] C:\Windows\system32\KERNELBASE.dll!CreateRemoteThread + 1 000007fefd272801 8 bytes [B8, 39, 23, B5, 75, 00, 00, ...] .text C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe[1628] C:\Windows\system32\KERNELBASE.dll!CreateRemoteThread + 10 000007fefd27280a 2 bytes [50, C3] .text C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe[1628] C:\Windows\system32\KERNELBASE.dll!CreateThread + 1 000007fefd272841 11 bytes [B8, F9, 40, B5, 75, 00, 00, ...] .text C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe[1628] C:\Windows\system32\ADVAPI32.dll!CryptExportKey + 1 000007fefe3fae81 11 bytes [B8, B9, 14, B6, 75, 00, 00, ...] .text C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe[1628] C:\Windows\system32\ADVAPI32.dll!CryptAcquireContextA + 1 000007fefe3faee1 11 bytes [B8, 39, 03, B6, 75, 00, 00, ...] .text C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe[1628] C:\Windows\system32\ADVAPI32.dll!CryptImportKey + 1 000007fefe3fe6e9 11 bytes [B8, F9, 19, B6, 75, 00, 00, ...] .text C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe[1628] C:\Windows\system32\ADVAPI32.dll!CryptAcquireContextW + 1 000007fefe40048d 11 bytes [B8, F9, 04, B6, 75, 00, 00, ...] .text C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe[1628] C:\Windows\system32\ADVAPI32.dll!CryptCreateHash + 1 000007fefe400579 11 bytes [B8, F9, 12, B6, 75, 00, 00, ...] .text C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe[1628] C:\Windows\system32\ADVAPI32.dll!CryptGetHashParam + 1 000007fefe4005b1 11 bytes [B8, 79, 16, B6, 75, 00, 00, ...] .text C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe[1628] C:\Windows\system32\ADVAPI32.dll!CryptGetHashParam + 73 000007fefe4005f9 5 bytes [B8, 39, 18, B6, 75] .text ... * 2 .text C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe[1628] C:\Windows\system32\ADVAPI32.dll!IsTextUnicode + 49 000007fefe414e21 11 bytes [B8, 79, 2B, B6, 75, 00, 00, ...] .text C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe[1628] C:\Windows\system32\ADVAPI32.dll!CreateServiceW 000007fefe415538 12 bytes [48, B8, B9, 6C, B5, 75, 00, ...] .text C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe[1628] C:\Windows\system32\ADVAPI32.dll!CryptEncrypt + 1 000007fefe42b9c1 7 bytes [B8, 79, 08, B6, 75, 00, 00] .text C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe[1628] C:\Windows\system32\ADVAPI32.dll!CryptEncrypt + 10 000007fefe42b9ca 2 bytes [50, C3] .text C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe[1628] C:\Windows\system32\ADVAPI32.dll!CreateServiceA 000007fefe42ba4c 12 bytes [48, B8, F9, 6A, B5, 75, 00, ...] .text C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe[1628] C:\Windows\system32\ADVAPI32.dll!ChangeServiceConfigW 000007fefe42bbc0 12 bytes [48, B8, 79, 60, B5, 75, 00, ...] .text C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe[1628] C:\Windows\system32\ADVAPI32.dll!ChangeServiceConfigA 000007fefe42bc2c 12 bytes [48, B8, B9, 5E, B5, 75, 00, ...] .text C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe[1628] C:\Windows\SYSTEM32\sechost.dll!ControlService + 1 000007fefdc0642d 11 bytes [B8, 39, 5B, B5, 75, 00, 00, ...] .text C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe[1628] C:\Windows\SYSTEM32\sechost.dll!OpenServiceW 000007fefdc06484 12 bytes [48, B8, F9, 55, B5, 75, 00, ...] .text C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe[1628] C:\Windows\SYSTEM32\sechost.dll!CloseServiceHandle + 1 000007fefdc06519 11 bytes [B8, 39, 62, B5, 75, 00, 00, ...] .text C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe[1628] C:\Windows\SYSTEM32\sechost.dll!OpenServiceA 000007fefdc06c34 12 bytes [48, B8, 39, 54, B5, 75, 00, ...] .text C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe[1628] C:\Windows\SYSTEM32\sechost.dll!DeleteService + 1 000007fefdc07ab5 11 bytes [B8, F9, 5C, B5, 75, 00, 00, ...] .text C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe[1628] C:\Windows\SYSTEM32\sechost.dll!ControlServiceExA + 1 000007fefdc08b01 11 bytes [B8, B9, 57, B5, 75, 00, 00, ...] .text C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe[1628] C:\Windows\SYSTEM32\sechost.dll!ControlServiceExW + 1 000007fefdc08c39 11 bytes [B8, 79, 59, B5, 75, 00, 00, ...] .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[1656] C:\Windows\SYSTEM32\ntdll.dll!RtlEqualSid + 1 0000000077478731 11 bytes [B8, F9, 20, B6, 75, 00, 00, ...] .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[1656] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateProcessParametersEx + 1 0000000077486761 7 bytes [B8, 39, 69, B5, 75, 00, 00] .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[1656] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateProcessParametersEx + 10 000000007748676a 2 bytes [50, C3] .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[1656] C:\Windows\SYSTEM32\ntdll.dll!NtClose 000000007749dca0 6 bytes [48, B8, 79, DE, B5, 75] .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[1656] C:\Windows\SYSTEM32\ntdll.dll!NtClose + 8 000000007749dca8 4 bytes [00, 00, 50, C3] .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[1656] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess 000000007749dd70 6 bytes [48, B8, 39, CB, B5, 75] .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[1656] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess + 8 000000007749dd78 4 bytes [00, 00, 50, C3] .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[1656] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationToken 000000007749ddc0 6 bytes [48, B8, 39, 1F, B6, 75] .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[1656] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationToken + 8 000000007749ddc8 4 bytes [00, 00, 50, C3] .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[1656] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 000000007749de10 6 bytes [48, B8, F9, 32, B5, 75] .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[1656] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess + 8 000000007749de18 4 bytes [00, 00, 50, C3] .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[1656] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 000000007749de30 6 bytes [48, B8, 39, 1C, B5, 75] .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[1656] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection + 8 000000007749de38 4 bytes [00, 00, 50, C3] .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[1656] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection 000000007749de50 6 bytes [48, B8, F9, 1D, B5, 75] .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[1656] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection + 8 000000007749de58 4 bytes [00, 00, 50, C3] .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[1656] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000000007749de70 6 bytes [48, B8, 79, C9, B5, 75] .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[1656] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess + 8 000000007749de78 4 bytes [00, 00, 50, C3] .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[1656] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000000007749df50 6 bytes [48, B8, 79, 2F, B5, 75] .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[1656] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory + 8 000000007749df58 4 bytes [00, 00, 50, C3] .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[1656] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 000000007749df70 6 bytes [48, B8, 79, 36, B5, 75] .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[1656] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject + 8 000000007749df78 4 bytes [00, 00, 50, C3] .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[1656] C:\Windows\SYSTEM32\ntdll.dll!NtAdjustPrivilegesToken 000000007749dfc0 6 bytes [48, B8, 79, FA, B5, 75] .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[1656] C:\Windows\SYSTEM32\ntdll.dll!NtAdjustPrivilegesToken + 8 000000007749dfc8 4 bytes [00, 00, 50, C3] .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[1656] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 000000007749e000 6 bytes [48, B8, B9, 34, B5, 75] .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[1656] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread + 8 000000007749e008 4 bytes [00, 00, 50, C3] .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[1656] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcessEx 000000007749e080 6 bytes [48, B8, 39, 2A, B5, 75] .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[1656] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcessEx + 8 000000007749e088 4 bytes [00, 00, 50, C3] .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[1656] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 000000007749e090 6 bytes [48, B8, B9, 26, B5, 75] .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[1656] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread + 8 000000007749e098 4 bytes [00, 00, 50, C3] .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[1656] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 000000007749e100 6 bytes [48, B8, 39, FC, B5, 75] .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[1656] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile + 8 000000007749e108 4 bytes [00, 00, 50, C3] .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[1656] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcess 000000007749e5d0 6 bytes [48, B8, 79, 28, B5, 75] .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[1656] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcess + 8 000000007749e5d8 4 bytes [00, 00, 50, C3] .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[1656] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 000000007749e630 6 bytes [48, B8, F9, 24, B5, 75] .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[1656] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx + 8 000000007749e638 4 bytes [00, 00, 50, C3] .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[1656] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 000000007749e9a0 6 bytes [48, B8, 39, E0, B5, 75] .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[1656] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver + 8 000000007749e9a8 4 bytes [00, 00, 50, C3] .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[1656] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcessToken 000000007749eb70 6 bytes [48, B8, 79, 1D, B6, 75] .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[1656] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcessToken + 8 000000007749eb78 4 bytes [00, 00, 50, C3] .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[1656] C:\Windows\SYSTEM32\ntdll.dll!NtRaiseHardError 000000007749eee0 6 bytes [48, B8, 79, 83, B5, 75] .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[1656] C:\Windows\SYSTEM32\ntdll.dll!NtRaiseHardError + 8 000000007749eee8 4 bytes [00, 00, 50, C3] .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[1656] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 000000007749f0e0 6 bytes [48, B8, 39, 31, B5, 75] .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[1656] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread + 8 000000007749f0e8 4 bytes [00, 00, 50, C3] .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[1656] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 000000007749f2a0 6 bytes [48, B8, F9, E1, B5, 75] .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[1656] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation + 8 000000007749f2a8 4 bytes [00, 00, 50, C3] .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[1656] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 000000007749f380 6 bytes [48, B8, 79, 3D, B5, 75] .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[1656] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess + 8 000000007749f388 4 bytes [00, 00, 50, C3] .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[1656] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 000000007749f390 6 bytes [48, B8, B9, 3B, B5, 75] .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[1656] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread + 8 000000007749f398 4 bytes [00, 00, 50, C3] .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[1656] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 000000007749f480 6 bytes [48, B8, 39, 26, B6, 75] .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[1656] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl + 8 000000007749f488 4 bytes [00, 00, 50, C3] .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[1656] C:\Windows\SYSTEM32\ntdll.dll!RtlReportException + 1 000000007750ed21 11 bytes [B8, 39, 85, B5, 75, 00, 00, ...] .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[1656] C:\Windows\system32\kernel32.dll!Process32NextW + 1 0000000077231b21 11 bytes [B8, B9, DC, B5, 75, 00, 00, ...] .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[1656] C:\Windows\system32\kernel32.dll!CreateToolhelp32Snapshot 0000000077231c10 12 bytes [48, B8, F9, 39, B5, 75, 00, ...] .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[1656] C:\Windows\system32\kernel32.dll!MoveFileExW + 1 0000000077232b61 8 bytes [B8, B9, F1, B5, 75, 00, 00, ...] .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[1656] C:\Windows\system32\kernel32.dll!MoveFileExW + 10 0000000077232b6a 2 bytes [50, C3] .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[1656] C:\Windows\system32\kernel32.dll!CreateProcessInternalW 000000007724dbc0 12 bytes [48, B8, B9, 2D, B5, 75, 00, ...] .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[1656] C:\Windows\system32\kernel32.dll!GetStartupInfoA + 1 0000000077250941 2 bytes [B8, 79] .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[1656] C:\Windows\system32\kernel32.dll!GetStartupInfoA + 4 0000000077250944 8 bytes [B6, 75, 00, 00, 00, 00, 50, ...] .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[1656] C:\Windows\system32\kernel32.dll!ReadConsoleInputW + 1 0000000077285321 11 bytes [B8, B9, 7A, B5, 75, 00, 00, ...] .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[1656] C:\Windows\system32\kernel32.dll!ReadConsoleInputA + 1 0000000077285341 11 bytes [B8, 39, 77, B5, 75, 00, 00, ...] .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[1656] C:\Windows\system32\kernel32.dll!ReadConsoleW 000000007729a650 12 bytes [48, B8, B9, 81, B5, 75, 00, ...] .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[1656] C:\Windows\system32\kernel32.dll!ReadConsoleA 000000007729a760 12 bytes [48, B8, 39, 7E, B5, 75, 00, ...] .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[1656] C:\Windows\system32\kernel32.dll!MoveFileWithProgressW + 1 00000000772bf501 11 bytes [B8, B9, F8, B5, 75, 00, 00, ...] .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[1656] C:\Windows\system32\kernel32.dll!MoveFileWithProgressA + 1 00000000772bf701 11 bytes [B8, 39, F5, B5, 75, 00, 00, ...] .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[1656] C:\Windows\system32\kernel32.dll!MoveFileExA + 1 00000000772bf731 8 bytes [B8, 39, EE, B5, 75, 00, 00, ...] .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[1656] C:\Windows\system32\kernel32.dll!MoveFileExA + 10 00000000772bf73a 2 bytes [50, C3] .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[1656] C:\Windows\system32\KERNELBASE.dll!CloseHandle + 1 000007fefd231861 11 bytes [B8, 79, 52, B5, 75, 00, 00, ...] .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[1656] C:\Windows\system32\KERNELBASE.dll!GetProcAddress + 1 000007fefd2330f1 11 bytes [B8, 39, D2, B5, 75, 00, 00, ...] .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[1656] C:\Windows\system32\KERNELBASE.dll!FindFirstFileExW 000007fefd235200 12 bytes [48, B8, B9, FF, B5, 75, 00, ...] .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[1656] C:\Windows\system32\KERNELBASE.dll!FindNextFileW + 1 000007fefd235b91 11 bytes [B8, 79, 01, B6, 75, 00, 00, ...] .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[1656] C:\Windows\system32\KERNELBASE.dll!CreateMutexW 000007fefd238c00 12 bytes [48, B8, B9, 50, B5, 75, 00, ...] .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[1656] C:\Windows\system32\KERNELBASE.dll!CreateWellKnownSid + 1 000007fefd239531 11 bytes [B8, B9, 1B, B6, 75, 00, 00, ...] .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[1656] C:\Windows\system32\KERNELBASE.dll!DeviceIoControl + 1 000007fefd239e71 11 bytes [B8, F9, FD, B5, 75, 00, 00, ...] .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[1656] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExA + 1 000007fefd23b591 11 bytes [B8, F9, CC, B5, 75, 00, 00, ...] .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[1656] C:\Windows\system32\KERNELBASE.dll!OpenMutexW + 1 000007fefd242361 11 bytes [B8, F9, 4E, B5, 75, 00, 00, ...] .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[1656] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd24a590 12 bytes [48, B8, B9, CE, B5, 75, 00, ...] .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[1656] C:\Windows\system32\KERNELBASE.dll!FreeLibrary + 1 000007fefd24ac01 11 bytes [B8, 79, D0, B5, 75, 00, 00, ...] .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[1656] C:\Windows\system32\KERNELBASE.dll!WriteProcessMemory 000007fefd2642e0 12 bytes [48, B8, B9, 42, B5, 75, 00, ...] .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[1656] C:\Windows\system32\KERNELBASE.dll!DefineDosDeviceW + 1 000007fefd270ba1 11 bytes [B8, B9, EA, B5, 75, 00, 00, ...] .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[1656] C:\Windows\system32\KERNELBASE.dll!CreateRemoteThread + 1 000007fefd272801 8 bytes [B8, 39, 23, B5, 75, 00, 00, ...] .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[1656] C:\Windows\system32\KERNELBASE.dll!CreateRemoteThread + 10 000007fefd27280a 2 bytes [50, C3] .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[1656] C:\Windows\system32\KERNELBASE.dll!CreateThread + 1 000007fefd272841 11 bytes [B8, F9, 40, B5, 75, 00, 00, ...] .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[1656] C:\Windows\system32\ADVAPI32.dll!CryptExportKey + 1 000007fefe3fae81 11 bytes [B8, B9, 14, B6, 75, 00, 00, ...] .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[1656] C:\Windows\system32\ADVAPI32.dll!CryptAcquireContextA + 1 000007fefe3faee1 11 bytes [B8, 39, 03, B6, 75, 00, 00, ...] .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[1656] C:\Windows\system32\ADVAPI32.dll!CryptImportKey + 1 000007fefe3fe6e9 11 bytes [B8, F9, 19, B6, 75, 00, 00, ...] .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[1656] C:\Windows\system32\ADVAPI32.dll!CryptAcquireContextW + 1 000007fefe40048d 11 bytes [B8, F9, 04, B6, 75, 00, 00, ...] .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[1656] C:\Windows\system32\ADVAPI32.dll!CryptCreateHash + 1 000007fefe400579 11 bytes [B8, F9, 12, B6, 75, 00, 00, ...] .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[1656] C:\Windows\system32\ADVAPI32.dll!CryptGetHashParam + 1 000007fefe4005b1 11 bytes [B8, 79, 16, B6, 75, 00, 00, ...] .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[1656] C:\Windows\system32\ADVAPI32.dll!CryptGetHashParam + 73 000007fefe4005f9 5 bytes [B8, 39, 18, B6, 75] .text ... * 2 .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[1656] C:\Windows\system32\ADVAPI32.dll!IsTextUnicode + 49 000007fefe414e21 11 bytes [B8, 39, 2D, B6, 75, 00, 00, ...] .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[1656] C:\Windows\system32\ADVAPI32.dll!CreateServiceW 000007fefe415538 12 bytes [48, B8, B9, 6C, B5, 75, 00, ...] .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[1656] C:\Windows\system32\ADVAPI32.dll!CryptEncrypt + 1 000007fefe42b9c1 7 bytes [B8, 79, 08, B6, 75, 00, 00] .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[1656] C:\Windows\system32\ADVAPI32.dll!CryptEncrypt + 10 000007fefe42b9ca 2 bytes [50, C3] .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[1656] C:\Windows\system32\ADVAPI32.dll!CreateServiceA 000007fefe42ba4c 12 bytes [48, B8, F9, 6A, B5, 75, 00, ...] .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[1656] C:\Windows\system32\ADVAPI32.dll!ChangeServiceConfigW 000007fefe42bbc0 12 bytes [48, B8, 79, 60, B5, 75, 00, ...] .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[1656] C:\Windows\system32\ADVAPI32.dll!ChangeServiceConfigA 000007fefe42bc2c 12 bytes [48, B8, B9, 5E, B5, 75, 00, ...] .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[1656] C:\Windows\SYSTEM32\sechost.dll!ControlService + 1 000007fefdc0642d 11 bytes [B8, 39, 5B, B5, 75, 00, 00, ...] .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[1656] C:\Windows\SYSTEM32\sechost.dll!OpenServiceW 000007fefdc06484 12 bytes [48, B8, F9, 55, B5, 75, 00, ...] .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[1656] C:\Windows\SYSTEM32\sechost.dll!CloseServiceHandle + 1 000007fefdc06519 11 bytes [B8, 39, 62, B5, 75, 00, 00, ...] .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[1656] C:\Windows\SYSTEM32\sechost.dll!OpenServiceA 000007fefdc06c34 12 bytes [48, B8, 39, 54, B5, 75, 00, ...] .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[1656] C:\Windows\SYSTEM32\sechost.dll!DeleteService + 1 000007fefdc07ab5 11 bytes [B8, F9, 5C, B5, 75, 00, 00, ...] .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[1656] C:\Windows\SYSTEM32\sechost.dll!ControlServiceExA + 1 000007fefdc08b01 11 bytes [B8, B9, 57, B5, 75, 00, 00, ...] .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[1656] C:\Windows\SYSTEM32\sechost.dll!ControlServiceExW + 1 000007fefdc08c39 11 bytes [B8, 79, 59, B5, 75, 00, 00, ...] .text C:\Windows\system32\svchost.exe[1680] C:\Windows\SYSTEM32\ntdll.dll!RtlEqualSid + 1 0000000077478731 11 bytes [B8, 39, 03, B6, 75, 00, 00, ...] .text C:\Windows\system32\svchost.exe[1680] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateProcessParametersEx + 1 0000000077486761 7 bytes [B8, 39, 69, B5, 75, 00, 00] .text C:\Windows\system32\svchost.exe[1680] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateProcessParametersEx + 10 000000007748676a 2 bytes [50, C3] .text C:\Windows\system32\svchost.exe[1680] C:\Windows\SYSTEM32\ntdll.dll!NtClose 000000007749dca0 6 bytes [48, B8, 79, C2, B5, 75] .text C:\Windows\system32\svchost.exe[1680] C:\Windows\SYSTEM32\ntdll.dll!NtClose + 8 000000007749dca8 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\svchost.exe[1680] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess 000000007749dd70 6 bytes [48, B8, 39, AF, B5, 75] .text C:\Windows\system32\svchost.exe[1680] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess + 8 000000007749dd78 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\svchost.exe[1680] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationToken 000000007749ddc0 6 bytes [48, B8, 79, 01, B6, 75] .text C:\Windows\system32\svchost.exe[1680] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationToken + 8 000000007749ddc8 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\svchost.exe[1680] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 000000007749de10 6 bytes [48, B8, F9, 32, B5, 75] .text C:\Windows\system32\svchost.exe[1680] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess + 8 000000007749de18 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\svchost.exe[1680] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 000000007749de30 6 bytes [48, B8, 39, 1C, B5, 75] .text C:\Windows\system32\svchost.exe[1680] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection + 8 000000007749de38 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\svchost.exe[1680] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection 000000007749de50 6 bytes [48, B8, F9, 1D, B5, 75] .text C:\Windows\system32\svchost.exe[1680] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection + 8 000000007749de58 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\svchost.exe[1680] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000000007749de70 6 bytes [48, B8, 79, AD, B5, 75] .text C:\Windows\system32\svchost.exe[1680] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess + 8 000000007749de78 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\svchost.exe[1680] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000000007749df50 6 bytes [48, B8, 79, 2F, B5, 75] .text C:\Windows\system32\svchost.exe[1680] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory + 8 000000007749df58 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\svchost.exe[1680] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 000000007749df70 6 bytes [48, B8, 79, 36, B5, 75] .text C:\Windows\system32\svchost.exe[1680] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject + 8 000000007749df78 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\svchost.exe[1680] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 000000007749e000 6 bytes [48, B8, B9, 34, B5, 75] .text C:\Windows\system32\svchost.exe[1680] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread + 8 000000007749e008 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\svchost.exe[1680] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcessEx 000000007749e080 6 bytes [48, B8, 39, 2A, B5, 75] .text C:\Windows\system32\svchost.exe[1680] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcessEx + 8 000000007749e088 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\svchost.exe[1680] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 000000007749e090 6 bytes [48, B8, B9, 26, B5, 75] .text C:\Windows\system32\svchost.exe[1680] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread + 8 000000007749e098 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\svchost.exe[1680] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 000000007749e100 6 bytes [48, B8, 79, DE, B5, 75] .text C:\Windows\system32\svchost.exe[1680] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile + 8 000000007749e108 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\svchost.exe[1680] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcess 000000007749e5d0 6 bytes [48, B8, 79, 28, B5, 75] .text C:\Windows\system32\svchost.exe[1680] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcess + 8 000000007749e5d8 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\svchost.exe[1680] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 000000007749e630 6 bytes [48, B8, F9, 24, B5, 75] .text C:\Windows\system32\svchost.exe[1680] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx + 8 000000007749e638 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\svchost.exe[1680] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 000000007749e9a0 6 bytes [48, B8, 39, C4, B5, 75] .text C:\Windows\system32\svchost.exe[1680] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver + 8 000000007749e9a8 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\svchost.exe[1680] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcessToken 000000007749eb70 6 bytes [48, B8, B9, FF, B5, 75] .text C:\Windows\system32\svchost.exe[1680] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcessToken + 8 000000007749eb78 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\svchost.exe[1680] C:\Windows\SYSTEM32\ntdll.dll!NtRaiseHardError 000000007749eee0 6 bytes [48, B8, 79, 83, B5, 75] .text C:\Windows\system32\svchost.exe[1680] C:\Windows\SYSTEM32\ntdll.dll!NtRaiseHardError + 8 000000007749eee8 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\svchost.exe[1680] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 000000007749f0e0 6 bytes [48, B8, 39, 31, B5, 75] .text C:\Windows\system32\svchost.exe[1680] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread + 8 000000007749f0e8 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\svchost.exe[1680] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 000000007749f2a0 6 bytes [48, B8, F9, C5, B5, 75] .text C:\Windows\system32\svchost.exe[1680] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation + 8 000000007749f2a8 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\svchost.exe[1680] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 000000007749f380 6 bytes [48, B8, 79, 3D, B5, 75] .text C:\Windows\system32\svchost.exe[1680] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess + 8 000000007749f388 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\svchost.exe[1680] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 000000007749f390 6 bytes [48, B8, B9, 3B, B5, 75] .text C:\Windows\system32\svchost.exe[1680] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread + 8 000000007749f398 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\svchost.exe[1680] C:\Windows\SYSTEM32\ntdll.dll!RtlReportException + 1 000000007750ed21 11 bytes [B8, 39, 85, B5, 75, 00, 00, ...] .text C:\Windows\system32\svchost.exe[1680] C:\Windows\system32\kernel32.dll!Process32NextW + 1 0000000077231b21 11 bytes [B8, B9, C0, B5, 75, 00, 00, ...] .text C:\Windows\system32\svchost.exe[1680] C:\Windows\system32\kernel32.dll!CreateToolhelp32Snapshot 0000000077231c10 12 bytes [48, B8, F9, 39, B5, 75, 00, ...] .text C:\Windows\system32\svchost.exe[1680] C:\Windows\system32\kernel32.dll!MoveFileExW + 1 0000000077232b61 8 bytes [B8, B9, D5, B5, 75, 00, 00, ...] .text C:\Windows\system32\svchost.exe[1680] C:\Windows\system32\kernel32.dll!MoveFileExW + 10 0000000077232b6a 2 bytes [50, C3] .text C:\Windows\system32\svchost.exe[1680] C:\Windows\system32\kernel32.dll!CreateProcessInternalW 000000007724dbc0 12 bytes [48, B8, B9, 2D, B5, 75, 00, ...] .text C:\Windows\system32\svchost.exe[1680] C:\Windows\system32\kernel32.dll!GetStartupInfoA + 1 0000000077250941 11 bytes [B8, B9, 06, B6, 75, 00, 00, ...] .text C:\Windows\system32\svchost.exe[1680] C:\Windows\system32\kernel32.dll!ReadConsoleInputW + 1 0000000077285321 11 bytes [B8, B9, 7A, B5, 75, 00, 00, ...] .text C:\Windows\system32\svchost.exe[1680] C:\Windows\system32\kernel32.dll!ReadConsoleInputA + 1 0000000077285341 11 bytes [B8, 39, 77, B5, 75, 00, 00, ...] .text C:\Windows\system32\svchost.exe[1680] C:\Windows\system32\kernel32.dll!ReadConsoleW 000000007729a650 12 bytes [48, B8, B9, 81, B5, 75, 00, ...] .text C:\Windows\system32\svchost.exe[1680] C:\Windows\system32\kernel32.dll!ReadConsoleA 000000007729a760 12 bytes [48, B8, 39, 7E, B5, 75, 00, ...] .text C:\Windows\system32\svchost.exe[1680] C:\Windows\system32\kernel32.dll!MoveFileWithProgressW + 1 00000000772bf501 11 bytes [B8, B9, DC, B5, 75, 00, 00, ...] .text C:\Windows\system32\svchost.exe[1680] C:\Windows\system32\kernel32.dll!MoveFileWithProgressA + 1 00000000772bf701 11 bytes [B8, 39, D9, B5, 75, 00, 00, ...] .text C:\Windows\system32\svchost.exe[1680] C:\Windows\system32\kernel32.dll!MoveFileExA + 1 00000000772bf731 8 bytes [B8, 39, D2, B5, 75, 00, 00, ...] .text C:\Windows\system32\svchost.exe[1680] C:\Windows\system32\kernel32.dll!MoveFileExA + 10 00000000772bf73a 2 bytes [50, C3] .text C:\Windows\system32\svchost.exe[1680] C:\Windows\system32\KERNELBASE.dll!CloseHandle + 1 000007fefd231861 11 bytes [B8, 79, 52, B5, 75, 00, 00, ...] .text C:\Windows\system32\svchost.exe[1680] C:\Windows\system32\KERNELBASE.dll!GetProcAddress + 1 000007fefd2330f1 11 bytes [B8, 39, B6, B5, 75, 00, 00, ...] .text C:\Windows\system32\svchost.exe[1680] C:\Windows\system32\KERNELBASE.dll!FindFirstFileExW 000007fefd235200 12 bytes [48, B8, F9, E1, B5, 75, 00, ...] .text C:\Windows\system32\svchost.exe[1680] C:\Windows\system32\KERNELBASE.dll!FindNextFileW + 1 000007fefd235b91 11 bytes [B8, B9, E3, B5, 75, 00, 00, ...] .text C:\Windows\system32\svchost.exe[1680] C:\Windows\system32\KERNELBASE.dll!CreateMutexW 000007fefd238c00 12 bytes [48, B8, B9, 50, B5, 75, 00, ...] .text C:\Windows\system32\svchost.exe[1680] C:\Windows\system32\KERNELBASE.dll!CreateWellKnownSid + 1 000007fefd239531 11 bytes [B8, F9, FD, B5, 75, 00, 00, ...] .text C:\Windows\system32\svchost.exe[1680] C:\Windows\system32\KERNELBASE.dll!DeviceIoControl + 1 000007fefd239e71 11 bytes [B8, 39, E0, B5, 75, 00, 00, ...] .text C:\Windows\system32\svchost.exe[1680] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExA + 1 000007fefd23b591 11 bytes [B8, F9, B0, B5, 75, 00, 00, ...] .text C:\Windows\system32\svchost.exe[1680] C:\Windows\system32\KERNELBASE.dll!OpenMutexW + 1 000007fefd242361 11 bytes [B8, F9, 4E, B5, 75, 00, 00, ...] .text C:\Windows\system32\svchost.exe[1680] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd24a590 12 bytes [48, B8, B9, B2, B5, 75, 00, ...] .text C:\Windows\system32\svchost.exe[1680] C:\Windows\system32\KERNELBASE.dll!FreeLibrary + 1 000007fefd24ac01 11 bytes [B8, 79, B4, B5, 75, 00, 00, ...] .text C:\Windows\system32\svchost.exe[1680] C:\Windows\system32\KERNELBASE.dll!WriteProcessMemory 000007fefd2642e0 12 bytes [48, B8, B9, 42, B5, 75, 00, ...] .text C:\Windows\system32\svchost.exe[1680] C:\Windows\system32\KERNELBASE.dll!DefineDosDeviceW + 1 000007fefd270ba1 11 bytes [B8, B9, CE, B5, 75, 00, 00, ...] .text C:\Windows\system32\svchost.exe[1680] C:\Windows\system32\KERNELBASE.dll!CreateRemoteThread + 1 000007fefd272801 8 bytes [B8, 39, 23, B5, 75, 00, 00, ...] .text C:\Windows\system32\svchost.exe[1680] C:\Windows\system32\KERNELBASE.dll!CreateRemoteThread + 10 000007fefd27280a 2 bytes [50, C3] .text C:\Windows\system32\svchost.exe[1680] C:\Windows\system32\KERNELBASE.dll!CreateThread + 1 000007fefd272841 11 bytes [B8, F9, 40, B5, 75, 00, 00, ...] .text C:\Windows\system32\svchost.exe[1680] C:\Windows\SYSTEM32\sechost.dll!ControlService + 1 000007fefdc0642d 11 bytes [B8, 39, 5B, B5, 75, 00, 00, ...] .text C:\Windows\system32\svchost.exe[1680] C:\Windows\SYSTEM32\sechost.dll!OpenServiceW 000007fefdc06484 12 bytes [48, B8, F9, 55, B5, 75, 00, ...] .text C:\Windows\system32\svchost.exe[1680] C:\Windows\SYSTEM32\sechost.dll!CloseServiceHandle + 1 000007fefdc06519 11 bytes [B8, 39, 62, B5, 75, 00, 00, ...] .text C:\Windows\system32\svchost.exe[1680] C:\Windows\SYSTEM32\sechost.dll!OpenServiceA 000007fefdc06c34 12 bytes [48, B8, 39, 54, B5, 75, 00, ...] .text C:\Windows\system32\svchost.exe[1680] C:\Windows\SYSTEM32\sechost.dll!DeleteService + 1 000007fefdc07ab5 11 bytes [B8, F9, 5C, B5, 75, 00, 00, ...] .text C:\Windows\system32\svchost.exe[1680] C:\Windows\SYSTEM32\sechost.dll!ControlServiceExA + 1 000007fefdc08b01 11 bytes [B8, B9, 57, B5, 75, 00, 00, ...] .text C:\Windows\system32\svchost.exe[1680] C:\Windows\SYSTEM32\sechost.dll!ControlServiceExW + 1 000007fefdc08c39 11 bytes [B8, 79, 59, B5, 75, 00, 00, ...] .text C:\Windows\system32\svchost.exe[1680] C:\Windows\system32\ADVAPI32.dll!CryptExportKey + 1 000007fefe3fae81 11 bytes [B8, F9, F6, B5, 75, 00, 00, ...] .text C:\Windows\system32\svchost.exe[1680] C:\Windows\system32\ADVAPI32.dll!CryptAcquireContextA + 1 000007fefe3faee1 11 bytes [B8, 79, E5, B5, 75, 00, 00, ...] .text C:\Windows\system32\svchost.exe[1680] C:\Windows\system32\ADVAPI32.dll!CryptImportKey + 1 000007fefe3fe6e9 11 bytes [B8, 39, FC, B5, 75, 00, 00, ...] .text C:\Windows\system32\svchost.exe[1680] C:\Windows\system32\ADVAPI32.dll!CryptAcquireContextW + 1 000007fefe40048d 11 bytes [B8, 39, E7, B5, 75, 00, 00, ...] .text C:\Windows\system32\svchost.exe[1680] C:\Windows\system32\ADVAPI32.dll!CryptCreateHash + 1 000007fefe400579 11 bytes [B8, 39, F5, B5, 75, 00, 00, ...] .text C:\Windows\system32\svchost.exe[1680] C:\Windows\system32\ADVAPI32.dll!CryptGetHashParam + 1 000007fefe4005b1 11 bytes [B8, B9, F8, B5, 75, 00, 00, ...] .text C:\Windows\system32\svchost.exe[1680] C:\Windows\system32\ADVAPI32.dll!CryptGetHashParam + 73 000007fefe4005f9 5 bytes [B8, 79, FA, B5, 75] .text ... * 2 .text C:\Windows\system32\svchost.exe[1680] C:\Windows\system32\ADVAPI32.dll!IsTextUnicode + 49 000007fefe414e21 11 bytes [B8, 39, 0A, B6, 75, 00, 00, ...] .text C:\Windows\system32\svchost.exe[1680] C:\Windows\system32\ADVAPI32.dll!CreateServiceW 000007fefe415538 12 bytes [48, B8, B9, 6C, B5, 75, 00, ...] .text C:\Windows\system32\svchost.exe[1680] C:\Windows\system32\ADVAPI32.dll!CryptEncrypt + 1 000007fefe42b9c1 7 bytes [B8, B9, EA, B5, 75, 00, 00] .text C:\Windows\system32\svchost.exe[1680] C:\Windows\system32\ADVAPI32.dll!CryptEncrypt + 10 000007fefe42b9ca 2 bytes [50, C3] .text C:\Windows\system32\svchost.exe[1680] C:\Windows\system32\ADVAPI32.dll!CreateServiceA 000007fefe42ba4c 12 bytes [48, B8, F9, 6A, B5, 75, 00, ...] .text C:\Windows\system32\svchost.exe[1680] C:\Windows\system32\ADVAPI32.dll!ChangeServiceConfigW 000007fefe42bbc0 12 bytes [48, B8, 79, 60, B5, 75, 00, ...] .text C:\Windows\system32\svchost.exe[1680] C:\Windows\system32\ADVAPI32.dll!ChangeServiceConfigA 000007fefe42bc2c 12 bytes [48, B8, B9, 5E, B5, 75, 00, ...] .text C:\Windows\system32\svchost.exe[1680] C:\Windows\system32\WS2_32.dll!WSASend + 1 000007fefdeb13b1 11 bytes [B8, B9, AB, B5, 75, 00, 00, ...] .text C:\Windows\system32\svchost.exe[1680] C:\Windows\system32\WS2_32.dll!closesocket 000007fefdeb18e0 12 bytes [48, B8, F9, A9, B5, 75, 00, ...] .text C:\Windows\system32\svchost.exe[1680] C:\Windows\system32\WS2_32.dll!WSASocketW + 1 000007fefdeb1bd1 11 bytes [B8, 39, A8, B5, 75, 00, 00, ...] .text C:\Windows\system32\svchost.exe[1680] C:\Windows\system32\WS2_32.dll!WSARecv + 1 000007fefdeb2201 11 bytes [B8, 79, F3, B5, 75, 00, 00, ...] .text C:\Windows\system32\svchost.exe[1680] C:\Windows\system32\WS2_32.dll!GetAddrInfoW 000007fefdeb23c0 12 bytes [48, B8, 39, 8C, B5, 75, 00, ...] .text C:\Windows\system32\svchost.exe[1680] C:\Windows\system32\WS2_32.dll!connect 000007fefdeb45c0 12 bytes [48, B8, 79, 67, B5, 75, 00, ...] .text C:\Windows\system32\svchost.exe[1680] C:\Windows\system32\WS2_32.dll!send + 1 000007fefdeb8001 11 bytes [B8, 79, A6, B5, 75, 00, 00, ...] .text C:\Windows\system32\svchost.exe[1680] C:\Windows\system32\WS2_32.dll!gethostbyname 000007fefdeb8df0 7 bytes [48, B8, B9, 8F, B5, 75, 00] .text C:\Windows\system32\svchost.exe[1680] C:\Windows\system32\WS2_32.dll!gethostbyname + 9 000007fefdeb8df9 3 bytes [00, 50, C3] .text C:\Windows\system32\svchost.exe[1680] C:\Windows\system32\WS2_32.dll!GetAddrInfoExW 000007fefdebc090 12 bytes [48, B8, F9, 8D, B5, 75, 00, ...] .text C:\Windows\system32\svchost.exe[1680] C:\Windows\system32\WS2_32.dll!socket + 1 000007fefdebde91 11 bytes [B8, 79, EC, B5, 75, 00, 00, ...] .text C:\Windows\system32\svchost.exe[1680] C:\Windows\system32\WS2_32.dll!recv + 1 000007fefdebdf41 11 bytes [B8, B9, F1, B5, 75, 00, 00, ...] .text C:\Windows\system32\svchost.exe[1680] C:\Windows\system32\WS2_32.dll!WSAConnect + 1 000007fefdede0f1 11 bytes [B8, F9, EF, B5, 75, 00, 00, ...] .text C:\Windows\system32\svchost.exe[1680] c:\windows\system32\DNSAPI.dll!DnsQuery_UTF8 000007fefc8256e0 12 bytes [48, B8, 39, CB, B5, 75, 00, ...] .text C:\Windows\system32\svchost.exe[1680] c:\windows\system32\DNSAPI.dll!DnsQuery_W 000007fefc83010c 12 bytes [48, B8, 79, C9, B5, 75, 00, ...] .text C:\Windows\system32\svchost.exe[1680] c:\windows\system32\DNSAPI.dll!DnsQuery_A 000007fefc84daa0 12 bytes [48, B8, B9, C7, B5, 75, 00, ...] .text C:\Windows\system32\svchost.exe[1680] c:\windows\system32\WINHTTP.dll!WinHttpCloseHandle 000007fefb3e22e0 12 bytes [48, B8, F9, A2, B5, 75, 00, ...] .text C:\Windows\system32\svchost.exe[1680] c:\windows\system32\WINHTTP.dll!WinHttpOpenRequest 000007fefb3e45f8 12 bytes [48, B8, 39, A1, B5, 75, 00, ...] .text C:\Windows\system32\svchost.exe[1680] c:\windows\system32\WINHTTP.dll!WinHttpConnect 000007fefb3f3e3c 12 bytes [48, B8, B9, A4, B5, 75, 00, ...] .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1856] C:\Windows\SYSTEM32\ntdll.dll!RtlEqualSid + 1 0000000077478731 11 bytes [B8, F9, 04, B6, 75, 00, 00, ...] .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1856] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateProcessParametersEx + 1 0000000077486761 7 bytes [B8, 39, 69, B5, 75, 00, 00] .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1856] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateProcessParametersEx + 10 000000007748676a 2 bytes [50, C3] .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1856] C:\Windows\SYSTEM32\ntdll.dll!NtClose 000000007749dca0 6 bytes [48, B8, 79, C2, B5, 75] .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1856] C:\Windows\SYSTEM32\ntdll.dll!NtClose + 8 000000007749dca8 4 bytes [00, 00, 50, C3] .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1856] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess 000000007749dd70 6 bytes [48, B8, 39, AF, B5, 75] .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1856] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess + 8 000000007749dd78 4 bytes [00, 00, 50, C3] .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1856] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationToken 000000007749ddc0 6 bytes [48, B8, 39, 03, B6, 75] .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1856] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationToken + 8 000000007749ddc8 4 bytes [00, 00, 50, C3] .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1856] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 000000007749de10 6 bytes [48, B8, F9, 32, B5, 75] .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1856] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess + 8 000000007749de18 4 bytes [00, 00, 50, C3] .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1856] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 000000007749de30 6 bytes [48, B8, 39, 1C, B5, 75] .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1856] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection + 8 000000007749de38 4 bytes [00, 00, 50, C3] .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1856] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection 000000007749de50 6 bytes [48, B8, F9, 1D, B5, 75] .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1856] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection + 8 000000007749de58 4 bytes [00, 00, 50, C3] .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1856] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000000007749de70 6 bytes [48, B8, 79, AD, B5, 75] .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1856] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess + 8 000000007749de78 4 bytes [00, 00, 50, C3] .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1856] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000000007749df50 6 bytes [48, B8, 79, 2F, B5, 75] .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1856] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory + 8 000000007749df58 4 bytes [00, 00, 50, C3] .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1856] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 000000007749df70 6 bytes [48, B8, 79, 36, B5, 75] .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1856] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject + 8 000000007749df78 4 bytes [00, 00, 50, C3] .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1856] C:\Windows\SYSTEM32\ntdll.dll!NtAdjustPrivilegesToken 000000007749dfc0 6 bytes [48, B8, 79, DE, B5, 75] .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1856] C:\Windows\SYSTEM32\ntdll.dll!NtAdjustPrivilegesToken + 8 000000007749dfc8 4 bytes [00, 00, 50, C3] .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1856] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 000000007749e000 6 bytes [48, B8, B9, 34, B5, 75] .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1856] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread + 8 000000007749e008 4 bytes [00, 00, 50, C3] .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1856] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcessEx 000000007749e080 6 bytes [48, B8, 39, 2A, B5, 75] .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1856] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcessEx + 8 000000007749e088 4 bytes [00, 00, 50, C3] .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1856] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 000000007749e090 6 bytes [48, B8, B9, 26, B5, 75] .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1856] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread + 8 000000007749e098 4 bytes [00, 00, 50, C3] .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1856] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 000000007749e100 6 bytes [48, B8, 39, E0, B5, 75] .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1856] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile + 8 000000007749e108 4 bytes [00, 00, 50, C3] .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1856] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcess 000000007749e5d0 6 bytes [48, B8, 79, 28, B5, 75] .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1856] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcess + 8 000000007749e5d8 4 bytes [00, 00, 50, C3] .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1856] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 000000007749e630 6 bytes [48, B8, F9, 24, B5, 75] .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1856] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx + 8 000000007749e638 4 bytes [00, 00, 50, C3] .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1856] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 000000007749e9a0 6 bytes [48, B8, 39, C4, B5, 75] .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1856] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver + 8 000000007749e9a8 4 bytes [00, 00, 50, C3] .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1856] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcessToken 000000007749eb70 6 bytes [48, B8, 79, 01, B6, 75] .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1856] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcessToken + 8 000000007749eb78 4 bytes [00, 00, 50, C3] .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1856] C:\Windows\SYSTEM32\ntdll.dll!NtRaiseHardError 000000007749eee0 6 bytes [48, B8, 79, 83, B5, 75] .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1856] C:\Windows\SYSTEM32\ntdll.dll!NtRaiseHardError + 8 000000007749eee8 4 bytes [00, 00, 50, C3] .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1856] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 000000007749f0e0 6 bytes [48, B8, 39, 31, B5, 75] .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1856] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread + 8 000000007749f0e8 4 bytes [00, 00, 50, C3] .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1856] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 000000007749f2a0 6 bytes [48, B8, F9, C5, B5, 75] .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1856] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation + 8 000000007749f2a8 4 bytes [00, 00, 50, C3] .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1856] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 000000007749f380 6 bytes [48, B8, 79, 3D, B5, 75] .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1856] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess + 8 000000007749f388 4 bytes [00, 00, 50, C3] .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1856] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 000000007749f390 6 bytes [48, B8, B9, 3B, B5, 75] .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1856] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread + 8 000000007749f398 4 bytes [00, 00, 50, C3] .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1856] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 000000007749f480 6 bytes [48, B8, 39, 0A, B6, 75] .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1856] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl + 8 000000007749f488 4 bytes [00, 00, 50, C3] .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1856] C:\Windows\SYSTEM32\ntdll.dll!RtlReportException + 1 000000007750ed21 11 bytes [B8, 39, 85, B5, 75, 00, 00, ...] .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1856] C:\Windows\system32\kernel32.dll!Process32NextW + 1 0000000077231b21 11 bytes [B8, B9, C0, B5, 75, 00, 00, ...] .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1856] C:\Windows\system32\kernel32.dll!CreateToolhelp32Snapshot 0000000077231c10 12 bytes [48, B8, F9, 39, B5, 75, 00, ...] .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1856] C:\Windows\system32\kernel32.dll!MoveFileExW + 1 0000000077232b61 8 bytes [B8, B9, D5, B5, 75, 00, 00, ...] .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1856] C:\Windows\system32\kernel32.dll!MoveFileExW + 10 0000000077232b6a 2 bytes [50, C3] .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1856] C:\Windows\system32\kernel32.dll!CreateProcessInternalW 000000007724dbc0 12 bytes [48, B8, B9, 2D, B5, 75, 00, ...] .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1856] C:\Windows\system32\kernel32.dll!GetStartupInfoA + 1 0000000077250941 11 bytes [B8, 79, 08, B6, 75, 00, 00, ...] .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1856] C:\Windows\system32\kernel32.dll!ReadConsoleInputW + 1 0000000077285321 11 bytes [B8, B9, 7A, B5, 75, 00, 00, ...] .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1856] C:\Windows\system32\kernel32.dll!ReadConsoleInputA + 1 0000000077285341 11 bytes [B8, 39, 77, B5, 75, 00, 00, ...] .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1856] C:\Windows\system32\kernel32.dll!ReadConsoleW 000000007729a650 12 bytes [48, B8, B9, 81, B5, 75, 00, ...] .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1856] C:\Windows\system32\kernel32.dll!ReadConsoleA 000000007729a760 12 bytes [48, B8, 39, 7E, B5, 75, 00, ...] .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1856] C:\Windows\system32\kernel32.dll!MoveFileWithProgressW + 1 00000000772bf501 11 bytes [B8, B9, DC, B5, 75, 00, 00, ...] .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1856] C:\Windows\system32\kernel32.dll!MoveFileWithProgressA + 1 00000000772bf701 11 bytes [B8, 39, D9, B5, 75, 00, 00, ...] .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1856] C:\Windows\system32\kernel32.dll!MoveFileExA + 1 00000000772bf731 8 bytes [B8, 39, D2, B5, 75, 00, 00, ...] .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1856] C:\Windows\system32\kernel32.dll!MoveFileExA + 10 00000000772bf73a 2 bytes [50, C3] .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1856] C:\Windows\system32\KERNELBASE.dll!CloseHandle + 1 000007fefd231861 11 bytes [B8, 79, 52, B5, 75, 00, 00, ...] .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1856] C:\Windows\system32\KERNELBASE.dll!GetProcAddress + 1 000007fefd2330f1 11 bytes [B8, 39, B6, B5, 75, 00, 00, ...] .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1856] C:\Windows\system32\KERNELBASE.dll!FindFirstFileExW 000007fefd235200 12 bytes [48, B8, B9, E3, B5, 75, 00, ...] .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1856] C:\Windows\system32\KERNELBASE.dll!FindNextFileW + 1 000007fefd235b91 11 bytes [B8, 79, E5, B5, 75, 00, 00, ...] .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1856] C:\Windows\system32\KERNELBASE.dll!CreateMutexW 000007fefd238c00 12 bytes [48, B8, B9, 50, B5, 75, 00, ...] .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1856] C:\Windows\system32\KERNELBASE.dll!CreateWellKnownSid + 1 000007fefd239531 11 bytes [B8, B9, FF, B5, 75, 00, 00, ...] .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1856] C:\Windows\system32\KERNELBASE.dll!DeviceIoControl + 1 000007fefd239e71 11 bytes [B8, F9, E1, B5, 75, 00, 00, ...] .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1856] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExA + 1 000007fefd23b591 11 bytes [B8, F9, B0, B5, 75, 00, 00, ...] .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1856] C:\Windows\system32\KERNELBASE.dll!OpenMutexW + 1 000007fefd242361 11 bytes [B8, F9, 4E, B5, 75, 00, 00, ...] .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1856] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd24a590 12 bytes [48, B8, B9, B2, B5, 75, 00, ...] .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1856] C:\Windows\system32\KERNELBASE.dll!FreeLibrary + 1 000007fefd24ac01 11 bytes [B8, 79, B4, B5, 75, 00, 00, ...] .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1856] C:\Windows\system32\KERNELBASE.dll!WriteProcessMemory 000007fefd2642e0 12 bytes [48, B8, B9, 42, B5, 75, 00, ...] .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1856] C:\Windows\system32\KERNELBASE.dll!DefineDosDeviceW + 1 000007fefd270ba1 11 bytes [B8, B9, CE, B5, 75, 00, 00, ...] .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1856] C:\Windows\system32\KERNELBASE.dll!CreateRemoteThread + 1 000007fefd272801 8 bytes [B8, 39, 23, B5, 75, 00, 00, ...] .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1856] C:\Windows\system32\KERNELBASE.dll!CreateRemoteThread + 10 000007fefd27280a 2 bytes [50, C3] .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1856] C:\Windows\system32\KERNELBASE.dll!CreateThread + 1 000007fefd272841 11 bytes [B8, F9, 40, B5, 75, 00, 00, ...] .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1856] C:\Windows\system32\ADVAPI32.dll!CryptExportKey + 1 000007fefe3fae81 11 bytes [B8, B9, F8, B5, 75, 00, 00, ...] .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1856] C:\Windows\system32\ADVAPI32.dll!CryptAcquireContextA + 1 000007fefe3faee1 11 bytes [B8, 39, E7, B5, 75, 00, 00, ...] .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1856] C:\Windows\system32\ADVAPI32.dll!CryptImportKey + 1 000007fefe3fe6e9 11 bytes [B8, F9, FD, B5, 75, 00, 00, ...] .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1856] C:\Windows\system32\ADVAPI32.dll!CryptAcquireContextW + 1 000007fefe40048d 11 bytes [B8, F9, E8, B5, 75, 00, 00, ...] .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1856] C:\Windows\system32\ADVAPI32.dll!CryptCreateHash + 1 000007fefe400579 11 bytes [B8, F9, F6, B5, 75, 00, 00, ...] .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1856] C:\Windows\system32\ADVAPI32.dll!CryptGetHashParam + 1 000007fefe4005b1 11 bytes [B8, 79, FA, B5, 75, 00, 00, ...] .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1856] C:\Windows\system32\ADVAPI32.dll!CryptGetHashParam + 73 000007fefe4005f9 5 bytes [B8, 39, FC, B5, 75] .text ... * 2 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1856] C:\Windows\system32\ADVAPI32.dll!IsTextUnicode + 49 000007fefe414e21 11 bytes [B8, 39, 11, B6, 75, 00, 00, ...] .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1856] C:\Windows\system32\ADVAPI32.dll!CreateServiceW 000007fefe415538 12 bytes [48, B8, B9, 6C, B5, 75, 00, ...] .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1856] C:\Windows\system32\ADVAPI32.dll!CryptEncrypt + 1 000007fefe42b9c1 7 bytes [B8, 79, EC, B5, 75, 00, 00] .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1856] C:\Windows\system32\ADVAPI32.dll!CryptEncrypt + 10 000007fefe42b9ca 2 bytes [50, C3] .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1856] C:\Windows\system32\ADVAPI32.dll!CreateServiceA 000007fefe42ba4c 12 bytes [48, B8, F9, 6A, B5, 75, 00, ...] .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1856] C:\Windows\system32\ADVAPI32.dll!ChangeServiceConfigW 000007fefe42bbc0 12 bytes [48, B8, 79, 60, B5, 75, 00, ...] .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1856] C:\Windows\system32\ADVAPI32.dll!ChangeServiceConfigA 000007fefe42bc2c 12 bytes [48, B8, B9, 5E, B5, 75, 00, ...] .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1856] C:\Windows\SYSTEM32\sechost.dll!ControlService + 1 000007fefdc0642d 11 bytes [B8, 39, 5B, B5, 75, 00, 00, ...] .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1856] C:\Windows\SYSTEM32\sechost.dll!OpenServiceW 000007fefdc06484 12 bytes [48, B8, F9, 55, B5, 75, 00, ...] .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1856] C:\Windows\SYSTEM32\sechost.dll!CloseServiceHandle + 1 000007fefdc06519 11 bytes [B8, 39, 62, B5, 75, 00, 00, ...] .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1856] C:\Windows\SYSTEM32\sechost.dll!OpenServiceA 000007fefdc06c34 12 bytes [48, B8, 39, 54, B5, 75, 00, ...] .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1856] C:\Windows\SYSTEM32\sechost.dll!DeleteService + 1 000007fefdc07ab5 11 bytes [B8, F9, 5C, B5, 75, 00, 00, ...] .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1856] C:\Windows\SYSTEM32\sechost.dll!ControlServiceExA + 1 000007fefdc08b01 11 bytes [B8, B9, 57, B5, 75, 00, 00, ...] .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1856] C:\Windows\SYSTEM32\sechost.dll!ControlServiceExW + 1 000007fefdc08c39 11 bytes [B8, 79, 59, B5, 75, 00, 00, ...] .text C:\Windows\system32\nvvsvc.exe[1924] C:\Windows\SYSTEM32\ntdll.dll!RtlEqualSid + 1 0000000077478731 11 bytes [B8, F9, 04, B6, 75, 00, 00, ...] .text C:\Windows\system32\nvvsvc.exe[1924] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateProcessParametersEx + 1 0000000077486761 7 bytes [B8, 39, 69, B5, 75, 00, 00] .text C:\Windows\system32\nvvsvc.exe[1924] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateProcessParametersEx + 10 000000007748676a 2 bytes [50, C3] .text C:\Windows\system32\nvvsvc.exe[1924] C:\Windows\SYSTEM32\ntdll.dll!NtClose 000000007749dca0 6 bytes [48, B8, 79, C2, B5, 75] .text C:\Windows\system32\nvvsvc.exe[1924] C:\Windows\SYSTEM32\ntdll.dll!NtClose + 8 000000007749dca8 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\nvvsvc.exe[1924] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess 000000007749dd70 6 bytes [48, B8, 39, AF, B5, 75] .text C:\Windows\system32\nvvsvc.exe[1924] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess + 8 000000007749dd78 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\nvvsvc.exe[1924] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationToken 000000007749ddc0 6 bytes [48, B8, 39, 03, B6, 75] .text C:\Windows\system32\nvvsvc.exe[1924] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationToken + 8 000000007749ddc8 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\nvvsvc.exe[1924] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 000000007749de10 6 bytes [48, B8, F9, 32, B5, 75] .text C:\Windows\system32\nvvsvc.exe[1924] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess + 8 000000007749de18 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\nvvsvc.exe[1924] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 000000007749de30 6 bytes [48, B8, 39, 1C, B5, 75] .text C:\Windows\system32\nvvsvc.exe[1924] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection + 8 000000007749de38 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\nvvsvc.exe[1924] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection 000000007749de50 6 bytes [48, B8, F9, 1D, B5, 75] .text C:\Windows\system32\nvvsvc.exe[1924] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection + 8 000000007749de58 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\nvvsvc.exe[1924] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000000007749de70 6 bytes [48, B8, 79, AD, B5, 75] .text C:\Windows\system32\nvvsvc.exe[1924] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess + 8 000000007749de78 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\nvvsvc.exe[1924] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000000007749df50 6 bytes [48, B8, 79, 2F, B5, 75] .text C:\Windows\system32\nvvsvc.exe[1924] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory + 8 000000007749df58 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\nvvsvc.exe[1924] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 000000007749df70 6 bytes [48, B8, 79, 36, B5, 75] .text C:\Windows\system32\nvvsvc.exe[1924] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject + 8 000000007749df78 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\nvvsvc.exe[1924] C:\Windows\SYSTEM32\ntdll.dll!NtAdjustPrivilegesToken 000000007749dfc0 6 bytes [48, B8, 79, DE, B5, 75] .text C:\Windows\system32\nvvsvc.exe[1924] C:\Windows\SYSTEM32\ntdll.dll!NtAdjustPrivilegesToken + 8 000000007749dfc8 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\nvvsvc.exe[1924] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 000000007749e000 6 bytes [48, B8, B9, 34, B5, 75] .text C:\Windows\system32\nvvsvc.exe[1924] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread + 8 000000007749e008 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\nvvsvc.exe[1924] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcessEx 000000007749e080 6 bytes [48, B8, 39, 2A, B5, 75] .text C:\Windows\system32\nvvsvc.exe[1924] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcessEx + 8 000000007749e088 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\nvvsvc.exe[1924] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 000000007749e090 6 bytes [48, B8, B9, 26, B5, 75] .text C:\Windows\system32\nvvsvc.exe[1924] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread + 8 000000007749e098 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\nvvsvc.exe[1924] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 000000007749e100 6 bytes [48, B8, 39, E0, B5, 75] .text C:\Windows\system32\nvvsvc.exe[1924] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile + 8 000000007749e108 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\nvvsvc.exe[1924] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcess 000000007749e5d0 6 bytes [48, B8, 79, 28, B5, 75] .text C:\Windows\system32\nvvsvc.exe[1924] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcess + 8 000000007749e5d8 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\nvvsvc.exe[1924] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 000000007749e630 6 bytes [48, B8, F9, 24, B5, 75] .text C:\Windows\system32\nvvsvc.exe[1924] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx + 8 000000007749e638 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\nvvsvc.exe[1924] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 000000007749e9a0 6 bytes [48, B8, 39, C4, B5, 75] .text C:\Windows\system32\nvvsvc.exe[1924] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver + 8 000000007749e9a8 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\nvvsvc.exe[1924] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcessToken 000000007749eb70 6 bytes [48, B8, 79, 01, B6, 75] .text C:\Windows\system32\nvvsvc.exe[1924] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcessToken + 8 000000007749eb78 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\nvvsvc.exe[1924] C:\Windows\SYSTEM32\ntdll.dll!NtRaiseHardError 000000007749eee0 6 bytes [48, B8, 79, 83, B5, 75] .text C:\Windows\system32\nvvsvc.exe[1924] C:\Windows\SYSTEM32\ntdll.dll!NtRaiseHardError + 8 000000007749eee8 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\nvvsvc.exe[1924] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 000000007749f0e0 6 bytes [48, B8, 39, 31, B5, 75] .text C:\Windows\system32\nvvsvc.exe[1924] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread + 8 000000007749f0e8 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\nvvsvc.exe[1924] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 000000007749f2a0 6 bytes [48, B8, F9, C5, B5, 75] .text C:\Windows\system32\nvvsvc.exe[1924] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation + 8 000000007749f2a8 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\nvvsvc.exe[1924] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 000000007749f380 6 bytes [48, B8, 79, 3D, B5, 75] .text C:\Windows\system32\nvvsvc.exe[1924] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess + 8 000000007749f388 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\nvvsvc.exe[1924] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 000000007749f390 6 bytes [48, B8, B9, 3B, B5, 75] .text C:\Windows\system32\nvvsvc.exe[1924] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread + 8 000000007749f398 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\nvvsvc.exe[1924] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 000000007749f480 6 bytes [48, B8, 39, 0A, B6, 75] .text C:\Windows\system32\nvvsvc.exe[1924] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl + 8 000000007749f488 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\nvvsvc.exe[1924] C:\Windows\SYSTEM32\ntdll.dll!RtlReportException + 1 000000007750ed21 11 bytes [B8, 39, 85, B5, 75, 00, 00, ...] .text C:\Windows\system32\nvvsvc.exe[1924] C:\Windows\system32\kernel32.dll!Process32NextW + 1 0000000077231b21 11 bytes [B8, B9, C0, B5, 75, 00, 00, ...] .text C:\Windows\system32\nvvsvc.exe[1924] C:\Windows\system32\kernel32.dll!CreateToolhelp32Snapshot 0000000077231c10 12 bytes [48, B8, F9, 39, B5, 75, 00, ...] .text C:\Windows\system32\nvvsvc.exe[1924] C:\Windows\system32\kernel32.dll!MoveFileExW + 1 0000000077232b61 8 bytes [B8, B9, D5, B5, 75, 00, 00, ...] .text C:\Windows\system32\nvvsvc.exe[1924] C:\Windows\system32\kernel32.dll!MoveFileExW + 10 0000000077232b6a 2 bytes [50, C3] .text C:\Windows\system32\nvvsvc.exe[1924] C:\Windows\system32\kernel32.dll!CreateProcessInternalW 000000007724dbc0 12 bytes [48, B8, B9, 2D, B5, 75, 00, ...] .text C:\Windows\system32\nvvsvc.exe[1924] C:\Windows\system32\kernel32.dll!GetStartupInfoA + 1 0000000077250941 11 bytes [B8, 79, 08, B6, 75, 00, 00, ...] .text C:\Windows\system32\nvvsvc.exe[1924] C:\Windows\system32\kernel32.dll!ReadConsoleInputW + 1 0000000077285321 11 bytes [B8, B9, 7A, B5, 75, 00, 00, ...] .text C:\Windows\system32\nvvsvc.exe[1924] C:\Windows\system32\kernel32.dll!ReadConsoleInputA + 1 0000000077285341 11 bytes [B8, 39, 77, B5, 75, 00, 00, ...] .text C:\Windows\system32\nvvsvc.exe[1924] C:\Windows\system32\kernel32.dll!ReadConsoleW 000000007729a650 12 bytes [48, B8, B9, 81, B5, 75, 00, ...] .text C:\Windows\system32\nvvsvc.exe[1924] C:\Windows\system32\kernel32.dll!ReadConsoleA 000000007729a760 12 bytes [48, B8, 39, 7E, B5, 75, 00, ...] .text C:\Windows\system32\nvvsvc.exe[1924] C:\Windows\system32\kernel32.dll!MoveFileWithProgressW + 1 00000000772bf501 11 bytes [B8, B9, DC, B5, 75, 00, 00, ...] .text C:\Windows\system32\nvvsvc.exe[1924] C:\Windows\system32\kernel32.dll!MoveFileWithProgressA + 1 00000000772bf701 11 bytes [B8, 39, D9, B5, 75, 00, 00, ...] .text C:\Windows\system32\nvvsvc.exe[1924] C:\Windows\system32\kernel32.dll!MoveFileExA + 1 00000000772bf731 8 bytes [B8, 39, D2, B5, 75, 00, 00, ...] .text C:\Windows\system32\nvvsvc.exe[1924] C:\Windows\system32\kernel32.dll!MoveFileExA + 10 00000000772bf73a 2 bytes [50, C3] .text C:\Windows\system32\nvvsvc.exe[1924] C:\Windows\system32\KERNELBASE.dll!CloseHandle + 1 000007fefd231861 11 bytes [B8, 79, 52, B5, 75, 00, 00, ...] .text C:\Windows\system32\nvvsvc.exe[1924] C:\Windows\system32\KERNELBASE.dll!GetProcAddress + 1 000007fefd2330f1 11 bytes [B8, 39, B6, B5, 75, 00, 00, ...] .text C:\Windows\system32\nvvsvc.exe[1924] C:\Windows\system32\KERNELBASE.dll!FindFirstFileExW 000007fefd235200 12 bytes [48, B8, B9, E3, B5, 75, 00, ...] .text C:\Windows\system32\nvvsvc.exe[1924] C:\Windows\system32\KERNELBASE.dll!FindNextFileW + 1 000007fefd235b91 11 bytes [B8, 79, E5, B5, 75, 00, 00, ...] .text C:\Windows\system32\nvvsvc.exe[1924] C:\Windows\system32\KERNELBASE.dll!CreateMutexW 000007fefd238c00 12 bytes [48, B8, B9, 50, B5, 75, 00, ...] .text C:\Windows\system32\nvvsvc.exe[1924] C:\Windows\system32\KERNELBASE.dll!CreateWellKnownSid + 1 000007fefd239531 11 bytes [B8, B9, FF, B5, 75, 00, 00, ...] .text C:\Windows\system32\nvvsvc.exe[1924] C:\Windows\system32\KERNELBASE.dll!DeviceIoControl + 1 000007fefd239e71 11 bytes [B8, F9, E1, B5, 75, 00, 00, ...] .text C:\Windows\system32\nvvsvc.exe[1924] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExA + 1 000007fefd23b591 11 bytes [B8, F9, B0, B5, 75, 00, 00, ...] .text C:\Windows\system32\nvvsvc.exe[1924] C:\Windows\system32\KERNELBASE.dll!OpenMutexW + 1 000007fefd242361 11 bytes [B8, F9, 4E, B5, 75, 00, 00, ...] .text C:\Windows\system32\nvvsvc.exe[1924] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd24a590 12 bytes [48, B8, B9, B2, B5, 75, 00, ...] .text C:\Windows\system32\nvvsvc.exe[1924] C:\Windows\system32\KERNELBASE.dll!FreeLibrary + 1 000007fefd24ac01 11 bytes [B8, 79, B4, B5, 75, 00, 00, ...] .text C:\Windows\system32\nvvsvc.exe[1924] C:\Windows\system32\KERNELBASE.dll!WriteProcessMemory 000007fefd2642e0 12 bytes [48, B8, B9, 42, B5, 75, 00, ...] .text C:\Windows\system32\nvvsvc.exe[1924] C:\Windows\system32\KERNELBASE.dll!DefineDosDeviceW + 1 000007fefd270ba1 11 bytes [B8, B9, CE, B5, 75, 00, 00, ...] .text C:\Windows\system32\nvvsvc.exe[1924] C:\Windows\system32\KERNELBASE.dll!CreateRemoteThread + 1 000007fefd272801 8 bytes [B8, 39, 23, B5, 75, 00, 00, ...] .text C:\Windows\system32\nvvsvc.exe[1924] C:\Windows\system32\KERNELBASE.dll!CreateRemoteThread + 10 000007fefd27280a 2 bytes [50, C3] .text C:\Windows\system32\nvvsvc.exe[1924] C:\Windows\system32\KERNELBASE.dll!CreateThread + 1 000007fefd272841 11 bytes [B8, F9, 40, B5, 75, 00, 00, ...] .text C:\Windows\system32\nvvsvc.exe[1924] C:\Windows\system32\ADVAPI32.dll!CryptExportKey + 1 000007fefe3fae81 11 bytes [B8, B9, F8, B5, 75, 00, 00, ...] .text C:\Windows\system32\nvvsvc.exe[1924] C:\Windows\system32\ADVAPI32.dll!CryptAcquireContextA + 1 000007fefe3faee1 11 bytes [B8, 39, E7, B5, 75, 00, 00, ...] .text C:\Windows\system32\nvvsvc.exe[1924] C:\Windows\system32\ADVAPI32.dll!CryptImportKey + 1 000007fefe3fe6e9 11 bytes [B8, F9, FD, B5, 75, 00, 00, ...] .text C:\Windows\system32\nvvsvc.exe[1924] C:\Windows\system32\ADVAPI32.dll!CryptAcquireContextW + 1 000007fefe40048d 11 bytes [B8, F9, E8, B5, 75, 00, 00, ...] .text C:\Windows\system32\nvvsvc.exe[1924] C:\Windows\system32\ADVAPI32.dll!CryptCreateHash + 1 000007fefe400579 11 bytes [B8, F9, F6, B5, 75, 00, 00, ...] .text C:\Windows\system32\nvvsvc.exe[1924] C:\Windows\system32\ADVAPI32.dll!CryptGetHashParam + 1 000007fefe4005b1 11 bytes [B8, 79, FA, B5, 75, 00, 00, ...] .text C:\Windows\system32\nvvsvc.exe[1924] C:\Windows\system32\ADVAPI32.dll!CryptGetHashParam + 73 000007fefe4005f9 5 bytes [B8, 39, FC, B5, 75] .text ... * 2 .text C:\Windows\system32\nvvsvc.exe[1924] C:\Windows\system32\ADVAPI32.dll!IsTextUnicode + 49 000007fefe414e21 11 bytes [B8, 39, 11, B6, 75, 00, 00, ...] .text C:\Windows\system32\nvvsvc.exe[1924] C:\Windows\system32\ADVAPI32.dll!CreateServiceW 000007fefe415538 12 bytes [48, B8, B9, 6C, B5, 75, 00, ...] .text C:\Windows\system32\nvvsvc.exe[1924] C:\Windows\system32\ADVAPI32.dll!CryptEncrypt + 1 000007fefe42b9c1 7 bytes [B8, 79, EC, B5, 75, 00, 00] .text C:\Windows\system32\nvvsvc.exe[1924] C:\Windows\system32\ADVAPI32.dll!CryptEncrypt + 10 000007fefe42b9ca 2 bytes [50, C3] .text C:\Windows\system32\nvvsvc.exe[1924] C:\Windows\system32\ADVAPI32.dll!CreateServiceA 000007fefe42ba4c 12 bytes [48, B8, F9, 6A, B5, 75, 00, ...] .text C:\Windows\system32\nvvsvc.exe[1924] C:\Windows\system32\ADVAPI32.dll!ChangeServiceConfigW 000007fefe42bbc0 12 bytes [48, B8, 79, 60, B5, 75, 00, ...] .text C:\Windows\system32\nvvsvc.exe[1924] C:\Windows\system32\ADVAPI32.dll!ChangeServiceConfigA 000007fefe42bc2c 12 bytes [48, B8, B9, 5E, B5, 75, 00, ...] .text C:\Windows\system32\nvvsvc.exe[1924] C:\Windows\SYSTEM32\sechost.dll!ControlService + 1 000007fefdc0642d 11 bytes [B8, 39, 5B, B5, 75, 00, 00, ...] .text C:\Windows\system32\nvvsvc.exe[1924] C:\Windows\SYSTEM32\sechost.dll!OpenServiceW 000007fefdc06484 12 bytes [48, B8, F9, 55, B5, 75, 00, ...] .text C:\Windows\system32\nvvsvc.exe[1924] C:\Windows\SYSTEM32\sechost.dll!CloseServiceHandle + 1 000007fefdc06519 11 bytes [B8, 39, 62, B5, 75, 00, 00, ...] .text C:\Windows\system32\nvvsvc.exe[1924] C:\Windows\SYSTEM32\sechost.dll!OpenServiceA 000007fefdc06c34 12 bytes [48, B8, 39, 54, B5, 75, 00, ...] .text C:\Windows\system32\nvvsvc.exe[1924] C:\Windows\SYSTEM32\sechost.dll!DeleteService + 1 000007fefdc07ab5 11 bytes [B8, F9, 5C, B5, 75, 00, 00, ...] .text C:\Windows\system32\nvvsvc.exe[1924] C:\Windows\SYSTEM32\sechost.dll!ControlServiceExA + 1 000007fefdc08b01 11 bytes [B8, B9, 57, B5, 75, 00, 00, ...] .text C:\Windows\system32\nvvsvc.exe[1924] C:\Windows\SYSTEM32\sechost.dll!ControlServiceExW + 1 000007fefdc08c39 11 bytes [B8, 79, 59, B5, 75, 00, 00, ...] .text C:\Windows\System32\spoolsv.exe[1964] C:\Windows\SYSTEM32\ntdll.dll!RtlEqualSid + 1 0000000077478731 11 bytes [B8, F9, 04, B6, 75, 00, 00, ...] .text C:\Windows\System32\spoolsv.exe[1964] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateProcessParametersEx + 1 0000000077486761 7 bytes [B8, 39, 69, B5, 75, 00, 00] .text C:\Windows\System32\spoolsv.exe[1964] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateProcessParametersEx + 10 000000007748676a 2 bytes [50, C3] .text C:\Windows\System32\spoolsv.exe[1964] C:\Windows\SYSTEM32\ntdll.dll!NtClose 000000007749dca0 6 bytes [48, B8, 79, C2, B5, 75] .text C:\Windows\System32\spoolsv.exe[1964] C:\Windows\SYSTEM32\ntdll.dll!NtClose + 8 000000007749dca8 4 bytes [00, 00, 50, C3] .text C:\Windows\System32\spoolsv.exe[1964] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess 000000007749dd70 6 bytes [48, B8, 39, AF, B5, 75] .text C:\Windows\System32\spoolsv.exe[1964] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess + 8 000000007749dd78 4 bytes [00, 00, 50, C3] .text C:\Windows\System32\spoolsv.exe[1964] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationToken 000000007749ddc0 6 bytes [48, B8, 39, 03, B6, 75] .text C:\Windows\System32\spoolsv.exe[1964] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationToken + 8 000000007749ddc8 4 bytes [00, 00, 50, C3] .text C:\Windows\System32\spoolsv.exe[1964] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 000000007749de10 6 bytes [48, B8, F9, 32, B5, 75] .text C:\Windows\System32\spoolsv.exe[1964] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess + 8 000000007749de18 4 bytes [00, 00, 50, C3] .text C:\Windows\System32\spoolsv.exe[1964] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 000000007749de30 6 bytes [48, B8, 39, 1C, B5, 75] .text C:\Windows\System32\spoolsv.exe[1964] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection + 8 000000007749de38 4 bytes [00, 00, 50, C3] .text C:\Windows\System32\spoolsv.exe[1964] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection 000000007749de50 6 bytes [48, B8, F9, 1D, B5, 75] .text C:\Windows\System32\spoolsv.exe[1964] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection + 8 000000007749de58 4 bytes [00, 00, 50, C3] .text C:\Windows\System32\spoolsv.exe[1964] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000000007749de70 6 bytes [48, B8, 79, AD, B5, 75] .text C:\Windows\System32\spoolsv.exe[1964] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess + 8 000000007749de78 4 bytes [00, 00, 50, C3] .text C:\Windows\System32\spoolsv.exe[1964] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000000007749df50 6 bytes [48, B8, 79, 2F, B5, 75] .text C:\Windows\System32\spoolsv.exe[1964] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory + 8 000000007749df58 4 bytes [00, 00, 50, C3] .text C:\Windows\System32\spoolsv.exe[1964] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 000000007749df70 6 bytes [48, B8, 79, 36, B5, 75] .text C:\Windows\System32\spoolsv.exe[1964] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject + 8 000000007749df78 4 bytes [00, 00, 50, C3] .text C:\Windows\System32\spoolsv.exe[1964] C:\Windows\SYSTEM32\ntdll.dll!NtAdjustPrivilegesToken 000000007749dfc0 6 bytes [48, B8, 79, DE, B5, 75] .text C:\Windows\System32\spoolsv.exe[1964] C:\Windows\SYSTEM32\ntdll.dll!NtAdjustPrivilegesToken + 8 000000007749dfc8 4 bytes [00, 00, 50, C3] .text C:\Windows\System32\spoolsv.exe[1964] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 000000007749e000 6 bytes [48, B8, B9, 34, B5, 75] .text C:\Windows\System32\spoolsv.exe[1964] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread + 8 000000007749e008 4 bytes [00, 00, 50, C3] .text C:\Windows\System32\spoolsv.exe[1964] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcessEx 000000007749e080 6 bytes [48, B8, 39, 2A, B5, 75] .text C:\Windows\System32\spoolsv.exe[1964] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcessEx + 8 000000007749e088 4 bytes [00, 00, 50, C3] .text C:\Windows\System32\spoolsv.exe[1964] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 000000007749e090 6 bytes [48, B8, B9, 26, B5, 75] .text C:\Windows\System32\spoolsv.exe[1964] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread + 8 000000007749e098 4 bytes [00, 00, 50, C3] .text C:\Windows\System32\spoolsv.exe[1964] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 000000007749e100 6 bytes [48, B8, 39, E0, B5, 75] .text C:\Windows\System32\spoolsv.exe[1964] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile + 8 000000007749e108 4 bytes [00, 00, 50, C3] .text C:\Windows\System32\spoolsv.exe[1964] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcess 000000007749e5d0 6 bytes [48, B8, 79, 28, B5, 75] .text C:\Windows\System32\spoolsv.exe[1964] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcess + 8 000000007749e5d8 4 bytes [00, 00, 50, C3] .text C:\Windows\System32\spoolsv.exe[1964] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 000000007749e630 6 bytes [48, B8, F9, 24, B5, 75] .text C:\Windows\System32\spoolsv.exe[1964] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx + 8 000000007749e638 4 bytes [00, 00, 50, C3] .text C:\Windows\System32\spoolsv.exe[1964] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 000000007749e9a0 6 bytes [48, B8, 39, C4, B5, 75] .text C:\Windows\System32\spoolsv.exe[1964] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver + 8 000000007749e9a8 4 bytes [00, 00, 50, C3] .text C:\Windows\System32\spoolsv.exe[1964] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcessToken 000000007749eb70 6 bytes [48, B8, 79, 01, B6, 75] .text C:\Windows\System32\spoolsv.exe[1964] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcessToken + 8 000000007749eb78 4 bytes [00, 00, 50, C3] .text C:\Windows\System32\spoolsv.exe[1964] C:\Windows\SYSTEM32\ntdll.dll!NtRaiseHardError 000000007749eee0 6 bytes [48, B8, 79, 83, B5, 75] .text C:\Windows\System32\spoolsv.exe[1964] C:\Windows\SYSTEM32\ntdll.dll!NtRaiseHardError + 8 000000007749eee8 4 bytes [00, 00, 50, C3] .text C:\Windows\System32\spoolsv.exe[1964] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 000000007749f0e0 6 bytes [48, B8, 39, 31, B5, 75] .text C:\Windows\System32\spoolsv.exe[1964] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread + 8 000000007749f0e8 4 bytes [00, 00, 50, C3] .text C:\Windows\System32\spoolsv.exe[1964] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 000000007749f2a0 6 bytes [48, B8, F9, C5, B5, 75] .text C:\Windows\System32\spoolsv.exe[1964] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation + 8 000000007749f2a8 4 bytes [00, 00, 50, C3] .text C:\Windows\System32\spoolsv.exe[1964] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 000000007749f380 6 bytes [48, B8, 79, 3D, B5, 75] .text C:\Windows\System32\spoolsv.exe[1964] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess + 8 000000007749f388 4 bytes [00, 00, 50, C3] .text C:\Windows\System32\spoolsv.exe[1964] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 000000007749f390 6 bytes [48, B8, B9, 3B, B5, 75] .text C:\Windows\System32\spoolsv.exe[1964] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread + 8 000000007749f398 4 bytes [00, 00, 50, C3] .text C:\Windows\System32\spoolsv.exe[1964] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 000000007749f480 6 bytes [48, B8, 39, 0A, B6, 75] .text C:\Windows\System32\spoolsv.exe[1964] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl + 8 000000007749f488 4 bytes [00, 00, 50, C3] .text C:\Windows\System32\spoolsv.exe[1964] C:\Windows\SYSTEM32\ntdll.dll!RtlReportException + 1 000000007750ed21 11 bytes [B8, 39, 85, B5, 75, 00, 00, ...] .text C:\Windows\System32\spoolsv.exe[1964] C:\Windows\system32\kernel32.dll!Process32NextW + 1 0000000077231b21 11 bytes [B8, B9, C0, B5, 75, 00, 00, ...] .text C:\Windows\System32\spoolsv.exe[1964] C:\Windows\system32\kernel32.dll!CreateToolhelp32Snapshot 0000000077231c10 12 bytes [48, B8, F9, 39, B5, 75, 00, ...] .text C:\Windows\System32\spoolsv.exe[1964] C:\Windows\system32\kernel32.dll!MoveFileExW + 1 0000000077232b61 8 bytes [B8, B9, D5, B5, 75, 00, 00, ...] .text C:\Windows\System32\spoolsv.exe[1964] C:\Windows\system32\kernel32.dll!MoveFileExW + 10 0000000077232b6a 2 bytes [50, C3] .text C:\Windows\System32\spoolsv.exe[1964] C:\Windows\system32\kernel32.dll!CreateProcessInternalW 000000007724dbc0 12 bytes [48, B8, B9, 2D, B5, 75, 00, ...] .text C:\Windows\System32\spoolsv.exe[1964] C:\Windows\system32\kernel32.dll!GetStartupInfoA + 1 0000000077250941 11 bytes [B8, 79, 08, B6, 75, 00, 00, ...] .text C:\Windows\System32\spoolsv.exe[1964] C:\Windows\system32\kernel32.dll!ReadConsoleInputW + 1 0000000077285321 11 bytes [B8, B9, 7A, B5, 75, 00, 00, ...] .text C:\Windows\System32\spoolsv.exe[1964] C:\Windows\system32\kernel32.dll!ReadConsoleInputA + 1 0000000077285341 11 bytes [B8, 39, 77, B5, 75, 00, 00, ...] .text C:\Windows\System32\spoolsv.exe[1964] C:\Windows\system32\kernel32.dll!ReadConsoleW 000000007729a650 12 bytes [48, B8, B9, 81, B5, 75, 00, ...] .text C:\Windows\System32\spoolsv.exe[1964] C:\Windows\system32\kernel32.dll!ReadConsoleA 000000007729a760 12 bytes [48, B8, 39, 7E, B5, 75, 00, ...] .text C:\Windows\System32\spoolsv.exe[1964] C:\Windows\system32\kernel32.dll!MoveFileWithProgressW + 1 00000000772bf501 11 bytes [B8, B9, DC, B5, 75, 00, 00, ...] .text C:\Windows\System32\spoolsv.exe[1964] C:\Windows\system32\kernel32.dll!MoveFileWithProgressA + 1 00000000772bf701 11 bytes [B8, 39, D9, B5, 75, 00, 00, ...] .text C:\Windows\System32\spoolsv.exe[1964] C:\Windows\system32\kernel32.dll!MoveFileExA + 1 00000000772bf731 8 bytes [B8, 39, D2, B5, 75, 00, 00, ...] .text C:\Windows\System32\spoolsv.exe[1964] C:\Windows\system32\kernel32.dll!MoveFileExA + 10 00000000772bf73a 2 bytes [50, C3] .text C:\Windows\System32\spoolsv.exe[1964] C:\Windows\system32\KERNELBASE.dll!CloseHandle + 1 000007fefd231861 11 bytes [B8, 79, 52, B5, 75, 00, 00, ...] .text C:\Windows\System32\spoolsv.exe[1964] C:\Windows\system32\KERNELBASE.dll!GetProcAddress + 1 000007fefd2330f1 11 bytes [B8, 39, B6, B5, 75, 00, 00, ...] .text C:\Windows\System32\spoolsv.exe[1964] C:\Windows\system32\KERNELBASE.dll!FindFirstFileExW 000007fefd235200 12 bytes [48, B8, B9, E3, B5, 75, 00, ...] .text C:\Windows\System32\spoolsv.exe[1964] C:\Windows\system32\KERNELBASE.dll!FindNextFileW + 1 000007fefd235b91 11 bytes [B8, 79, E5, B5, 75, 00, 00, ...] .text C:\Windows\System32\spoolsv.exe[1964] C:\Windows\system32\KERNELBASE.dll!CreateMutexW 000007fefd238c00 12 bytes [48, B8, B9, 50, B5, 75, 00, ...] .text C:\Windows\System32\spoolsv.exe[1964] C:\Windows\system32\KERNELBASE.dll!CreateWellKnownSid + 1 000007fefd239531 11 bytes [B8, B9, FF, B5, 75, 00, 00, ...] .text C:\Windows\System32\spoolsv.exe[1964] C:\Windows\system32\KERNELBASE.dll!DeviceIoControl + 1 000007fefd239e71 11 bytes [B8, F9, E1, B5, 75, 00, 00, ...] .text C:\Windows\System32\spoolsv.exe[1964] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExA + 1 000007fefd23b591 11 bytes [B8, F9, B0, B5, 75, 00, 00, ...] .text C:\Windows\System32\spoolsv.exe[1964] C:\Windows\system32\KERNELBASE.dll!OpenMutexW + 1 000007fefd242361 11 bytes [B8, F9, 4E, B5, 75, 00, 00, ...] .text C:\Windows\System32\spoolsv.exe[1964] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd24a590 12 bytes [48, B8, B9, B2, B5, 75, 00, ...] .text C:\Windows\System32\spoolsv.exe[1964] C:\Windows\system32\KERNELBASE.dll!FreeLibrary + 1 000007fefd24ac01 11 bytes [B8, 79, B4, B5, 75, 00, 00, ...] .text C:\Windows\System32\spoolsv.exe[1964] C:\Windows\system32\KERNELBASE.dll!WriteProcessMemory 000007fefd2642e0 12 bytes [48, B8, B9, 42, B5, 75, 00, ...] .text C:\Windows\System32\spoolsv.exe[1964] C:\Windows\system32\KERNELBASE.dll!DefineDosDeviceW + 1 000007fefd270ba1 11 bytes [B8, B9, CE, B5, 75, 00, 00, ...] .text C:\Windows\System32\spoolsv.exe[1964] C:\Windows\system32\KERNELBASE.dll!CreateRemoteThread + 1 000007fefd272801 8 bytes [B8, 39, 23, B5, 75, 00, 00, ...] .text C:\Windows\System32\spoolsv.exe[1964] C:\Windows\system32\KERNELBASE.dll!CreateRemoteThread + 10 000007fefd27280a 2 bytes [50, C3] .text C:\Windows\System32\spoolsv.exe[1964] C:\Windows\system32\KERNELBASE.dll!CreateThread + 1 000007fefd272841 11 bytes [B8, F9, 40, B5, 75, 00, 00, ...] .text C:\Windows\System32\spoolsv.exe[1964] C:\Windows\SYSTEM32\sechost.dll!ControlService + 1 000007fefdc0642d 11 bytes [B8, 39, 5B, B5, 75, 00, 00, ...] .text C:\Windows\System32\spoolsv.exe[1964] C:\Windows\SYSTEM32\sechost.dll!OpenServiceW 000007fefdc06484 12 bytes [48, B8, F9, 55, B5, 75, 00, ...] .text C:\Windows\System32\spoolsv.exe[1964] C:\Windows\SYSTEM32\sechost.dll!CloseServiceHandle + 1 000007fefdc06519 11 bytes [B8, 39, 62, B5, 75, 00, 00, ...] .text C:\Windows\System32\spoolsv.exe[1964] C:\Windows\SYSTEM32\sechost.dll!OpenServiceA 000007fefdc06c34 12 bytes [48, B8, 39, 54, B5, 75, 00, ...] .text C:\Windows\System32\spoolsv.exe[1964] C:\Windows\SYSTEM32\sechost.dll!DeleteService + 1 000007fefdc07ab5 11 bytes [B8, F9, 5C, B5, 75, 00, 00, ...] .text C:\Windows\System32\spoolsv.exe[1964] C:\Windows\SYSTEM32\sechost.dll!ControlServiceExA + 1 000007fefdc08b01 11 bytes [B8, B9, 57, B5, 75, 00, 00, ...] .text C:\Windows\System32\spoolsv.exe[1964] C:\Windows\SYSTEM32\sechost.dll!ControlServiceExW + 1 000007fefdc08c39 11 bytes [B8, 79, 59, B5, 75, 00, 00, ...] .text C:\Windows\System32\spoolsv.exe[1964] C:\Windows\system32\ADVAPI32.dll!CryptExportKey + 1 000007fefe3fae81 11 bytes [B8, B9, F8, B5, 75, 00, 00, ...] .text C:\Windows\System32\spoolsv.exe[1964] C:\Windows\system32\ADVAPI32.dll!CryptAcquireContextA + 1 000007fefe3faee1 11 bytes [B8, 39, E7, B5, 75, 00, 00, ...] .text C:\Windows\System32\spoolsv.exe[1964] C:\Windows\system32\ADVAPI32.dll!CryptImportKey + 1 000007fefe3fe6e9 11 bytes [B8, F9, FD, B5, 75, 00, 00, ...] .text C:\Windows\System32\spoolsv.exe[1964] C:\Windows\system32\ADVAPI32.dll!CryptAcquireContextW + 1 000007fefe40048d 11 bytes [B8, F9, E8, B5, 75, 00, 00, ...] .text C:\Windows\System32\spoolsv.exe[1964] C:\Windows\system32\ADVAPI32.dll!CryptCreateHash + 1 000007fefe400579 11 bytes [B8, F9, F6, B5, 75, 00, 00, ...] .text C:\Windows\System32\spoolsv.exe[1964] C:\Windows\system32\ADVAPI32.dll!CryptGetHashParam + 1 000007fefe4005b1 11 bytes [B8, 79, FA, B5, 75, 00, 00, ...] .text C:\Windows\System32\spoolsv.exe[1964] C:\Windows\system32\ADVAPI32.dll!CryptGetHashParam + 73 000007fefe4005f9 5 bytes [B8, 39, FC, B5, 75] .text ... * 2 .text C:\Windows\System32\spoolsv.exe[1964] C:\Windows\system32\ADVAPI32.dll!IsTextUnicode + 49 000007fefe414e21 11 bytes [B8, 39, 11, B6, 75, 00, 00, ...] .text C:\Windows\System32\spoolsv.exe[1964] C:\Windows\system32\ADVAPI32.dll!CreateServiceW 000007fefe415538 12 bytes [48, B8, B9, 6C, B5, 75, 00, ...] .text C:\Windows\System32\spoolsv.exe[1964] C:\Windows\system32\ADVAPI32.dll!CryptEncrypt + 1 000007fefe42b9c1 7 bytes [B8, 79, EC, B5, 75, 00, 00] .text C:\Windows\System32\spoolsv.exe[1964] C:\Windows\system32\ADVAPI32.dll!CryptEncrypt + 10 000007fefe42b9ca 2 bytes [50, C3] .text C:\Windows\System32\spoolsv.exe[1964] C:\Windows\system32\ADVAPI32.dll!CreateServiceA 000007fefe42ba4c 12 bytes [48, B8, F9, 6A, B5, 75, 00, ...] .text C:\Windows\System32\spoolsv.exe[1964] C:\Windows\system32\ADVAPI32.dll!ChangeServiceConfigW 000007fefe42bbc0 12 bytes [48, B8, 79, 60, B5, 75, 00, ...] .text C:\Windows\System32\spoolsv.exe[1964] C:\Windows\system32\ADVAPI32.dll!ChangeServiceConfigA 000007fefe42bc2c 12 bytes [48, B8, B9, 5E, B5, 75, 00, ...] .text C:\Windows\System32\spoolsv.exe[1964] C:\Windows\System32\DNSAPI.dll!DnsQuery_UTF8 000007fefc8256e0 12 bytes [48, B8, 39, CB, B5, 75, 00, ...] .text C:\Windows\System32\spoolsv.exe[1964] C:\Windows\System32\DNSAPI.dll!DnsQuery_W 000007fefc83010c 12 bytes [48, B8, 79, C9, B5, 75, 00, ...] .text C:\Windows\System32\spoolsv.exe[1964] C:\Windows\System32\DNSAPI.dll!DnsQuery_A 000007fefc84daa0 12 bytes [48, B8, B9, C7, B5, 75, 00, ...] .text C:\Windows\System32\spoolsv.exe[1964] C:\Windows\system32\WS2_32.dll!WSASend + 1 000007fefdeb13b1 11 bytes [B8, B9, AB, B5, 75, 00, 00, ...] .text C:\Windows\System32\spoolsv.exe[1964] C:\Windows\system32\WS2_32.dll!closesocket 000007fefdeb18e0 12 bytes [48, B8, F9, A9, B5, 75, 00, ...] .text C:\Windows\System32\spoolsv.exe[1964] C:\Windows\system32\WS2_32.dll!WSASocketW + 1 000007fefdeb1bd1 11 bytes [B8, 39, A8, B5, 75, 00, 00, ...] .text C:\Windows\System32\spoolsv.exe[1964] C:\Windows\system32\WS2_32.dll!WSARecv + 1 000007fefdeb2201 11 bytes [B8, 39, F5, B5, 75, 00, 00, ...] .text C:\Windows\System32\spoolsv.exe[1964] C:\Windows\system32\WS2_32.dll!GetAddrInfoW 000007fefdeb23c0 12 bytes [48, B8, 39, 8C, B5, 75, 00, ...] .text C:\Windows\System32\spoolsv.exe[1964] C:\Windows\system32\WS2_32.dll!connect 000007fefdeb45c0 12 bytes [48, B8, 79, 67, B5, 75, 00, ...] .text C:\Windows\System32\spoolsv.exe[1964] C:\Windows\system32\WS2_32.dll!send + 1 000007fefdeb8001 11 bytes [B8, 79, A6, B5, 75, 00, 00, ...] .text C:\Windows\System32\spoolsv.exe[1964] C:\Windows\system32\WS2_32.dll!gethostbyname 000007fefdeb8df0 7 bytes [48, B8, B9, 8F, B5, 75, 00] .text C:\Windows\System32\spoolsv.exe[1964] C:\Windows\system32\WS2_32.dll!gethostbyname + 9 000007fefdeb8df9 3 bytes [00, 50, C3] .text C:\Windows\System32\spoolsv.exe[1964] C:\Windows\system32\WS2_32.dll!GetAddrInfoExW 000007fefdebc090 12 bytes [48, B8, F9, 8D, B5, 75, 00, ...] .text C:\Windows\System32\spoolsv.exe[1964] C:\Windows\system32\WS2_32.dll!socket + 1 000007fefdebde91 11 bytes [B8, 39, EE, B5, 75, 00, 00, ...] .text C:\Windows\System32\spoolsv.exe[1964] C:\Windows\system32\WS2_32.dll!recv + 1 000007fefdebdf41 11 bytes [B8, 79, F3, B5, 75, 00, 00, ...] .text C:\Windows\System32\spoolsv.exe[1964] C:\Windows\system32\WS2_32.dll!WSAConnect + 1 000007fefdede0f1 11 bytes [B8, B9, F1, B5, 75, 00, 00, ...] .text C:\Windows\system32\svchost.exe[2016] C:\Windows\SYSTEM32\ntdll.dll!RtlEqualSid + 1 0000000077478731 11 bytes [B8, 39, 03, B6, 75, 00, 00, ...] .text C:\Windows\system32\svchost.exe[2016] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateProcessParametersEx + 1 0000000077486761 7 bytes [B8, 39, 69, B5, 75, 00, 00] .text C:\Windows\system32\svchost.exe[2016] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateProcessParametersEx + 10 000000007748676a 2 bytes [50, C3] .text C:\Windows\system32\svchost.exe[2016] C:\Windows\SYSTEM32\ntdll.dll!NtClose 000000007749dca0 6 bytes [48, B8, 79, C2, B5, 75] .text C:\Windows\system32\svchost.exe[2016] C:\Windows\SYSTEM32\ntdll.dll!NtClose + 8 000000007749dca8 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\svchost.exe[2016] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess 000000007749dd70 6 bytes [48, B8, 39, AF, B5, 75] .text C:\Windows\system32\svchost.exe[2016] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess + 8 000000007749dd78 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\svchost.exe[2016] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationToken 000000007749ddc0 6 bytes [48, B8, 79, 01, B6, 75] .text C:\Windows\system32\svchost.exe[2016] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationToken + 8 000000007749ddc8 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\svchost.exe[2016] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 000000007749de10 6 bytes [48, B8, F9, 32, B5, 75] .text C:\Windows\system32\svchost.exe[2016] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess + 8 000000007749de18 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\svchost.exe[2016] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 000000007749de30 6 bytes [48, B8, 39, 1C, B5, 75] .text C:\Windows\system32\svchost.exe[2016] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection + 8 000000007749de38 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\svchost.exe[2016] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection 000000007749de50 6 bytes [48, B8, F9, 1D, B5, 75] .text C:\Windows\system32\svchost.exe[2016] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection + 8 000000007749de58 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\svchost.exe[2016] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000000007749de70 6 bytes [48, B8, 79, AD, B5, 75] .text C:\Windows\system32\svchost.exe[2016] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess + 8 000000007749de78 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\svchost.exe[2016] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000000007749df50 6 bytes [48, B8, 79, 2F, B5, 75] .text C:\Windows\system32\svchost.exe[2016] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory + 8 000000007749df58 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\svchost.exe[2016] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 000000007749df70 6 bytes [48, B8, 79, 36, B5, 75] .text C:\Windows\system32\svchost.exe[2016] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject + 8 000000007749df78 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\svchost.exe[2016] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 000000007749e000 6 bytes [48, B8, B9, 34, B5, 75] .text C:\Windows\system32\svchost.exe[2016] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread + 8 000000007749e008 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\svchost.exe[2016] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcessEx 000000007749e080 6 bytes [48, B8, 39, 2A, B5, 75] .text C:\Windows\system32\svchost.exe[2016] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcessEx + 8 000000007749e088 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\svchost.exe[2016] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 000000007749e090 6 bytes [48, B8, B9, 26, B5, 75] .text C:\Windows\system32\svchost.exe[2016] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread + 8 000000007749e098 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\svchost.exe[2016] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 000000007749e100 6 bytes [48, B8, 79, DE, B5, 75] .text C:\Windows\system32\svchost.exe[2016] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile + 8 000000007749e108 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\svchost.exe[2016] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcess 000000007749e5d0 6 bytes [48, B8, 79, 28, B5, 75] .text C:\Windows\system32\svchost.exe[2016] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcess + 8 000000007749e5d8 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\svchost.exe[2016] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 000000007749e630 6 bytes [48, B8, F9, 24, B5, 75] .text C:\Windows\system32\svchost.exe[2016] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx + 8 000000007749e638 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\svchost.exe[2016] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 000000007749e9a0 6 bytes [48, B8, 39, C4, B5, 75] .text C:\Windows\system32\svchost.exe[2016] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver + 8 000000007749e9a8 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\svchost.exe[2016] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcessToken 000000007749eb70 6 bytes [48, B8, B9, FF, B5, 75] .text C:\Windows\system32\svchost.exe[2016] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcessToken + 8 000000007749eb78 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\svchost.exe[2016] C:\Windows\SYSTEM32\ntdll.dll!NtRaiseHardError 000000007749eee0 6 bytes [48, B8, 79, 83, B5, 75] .text C:\Windows\system32\svchost.exe[2016] C:\Windows\SYSTEM32\ntdll.dll!NtRaiseHardError + 8 000000007749eee8 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\svchost.exe[2016] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 000000007749f0e0 6 bytes [48, B8, 39, 31, B5, 75] .text C:\Windows\system32\svchost.exe[2016] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread + 8 000000007749f0e8 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\svchost.exe[2016] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 000000007749f2a0 6 bytes [48, B8, F9, C5, B5, 75] .text C:\Windows\system32\svchost.exe[2016] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation + 8 000000007749f2a8 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\svchost.exe[2016] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 000000007749f380 6 bytes [48, B8, 79, 3D, B5, 75] .text C:\Windows\system32\svchost.exe[2016] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess + 8 000000007749f388 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\svchost.exe[2016] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 000000007749f390 6 bytes [48, B8, B9, 3B, B5, 75] .text C:\Windows\system32\svchost.exe[2016] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread + 8 000000007749f398 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\svchost.exe[2016] C:\Windows\SYSTEM32\ntdll.dll!RtlReportException + 1 000000007750ed21 11 bytes [B8, 39, 85, B5, 75, 00, 00, ...] .text C:\Windows\system32\svchost.exe[2016] C:\Windows\system32\kernel32.dll!Process32NextW + 1 0000000077231b21 11 bytes [B8, B9, C0, B5, 75, 00, 00, ...] .text C:\Windows\system32\svchost.exe[2016] C:\Windows\system32\kernel32.dll!CreateToolhelp32Snapshot 0000000077231c10 12 bytes [48, B8, F9, 39, B5, 75, 00, ...] .text C:\Windows\system32\svchost.exe[2016] C:\Windows\system32\kernel32.dll!MoveFileExW + 1 0000000077232b61 8 bytes [B8, B9, D5, B5, 75, 00, 00, ...] .text C:\Windows\system32\svchost.exe[2016] C:\Windows\system32\kernel32.dll!MoveFileExW + 10 0000000077232b6a 2 bytes [50, C3] .text C:\Windows\system32\svchost.exe[2016] C:\Windows\system32\kernel32.dll!CreateProcessInternalW 000000007724dbc0 12 bytes [48, B8, B9, 2D, B5, 75, 00, ...] .text C:\Windows\system32\svchost.exe[2016] C:\Windows\system32\kernel32.dll!GetStartupInfoA + 1 0000000077250941 11 bytes [B8, B9, 06, B6, 75, 00, 00, ...] .text C:\Windows\system32\svchost.exe[2016] C:\Windows\system32\kernel32.dll!ReadConsoleInputW + 1 0000000077285321 11 bytes [B8, B9, 7A, B5, 75, 00, 00, ...] .text C:\Windows\system32\svchost.exe[2016] C:\Windows\system32\kernel32.dll!ReadConsoleInputA + 1 0000000077285341 11 bytes [B8, 39, 77, B5, 75, 00, 00, ...] .text C:\Windows\system32\svchost.exe[2016] C:\Windows\system32\kernel32.dll!ReadConsoleW 000000007729a650 12 bytes [48, B8, B9, 81, B5, 75, 00, ...] .text C:\Windows\system32\svchost.exe[2016] C:\Windows\system32\kernel32.dll!ReadConsoleA 000000007729a760 12 bytes [48, B8, 39, 7E, B5, 75, 00, ...] .text C:\Windows\system32\svchost.exe[2016] C:\Windows\system32\kernel32.dll!MoveFileWithProgressW + 1 00000000772bf501 11 bytes [B8, B9, DC, B5, 75, 00, 00, ...] .text C:\Windows\system32\svchost.exe[2016] C:\Windows\system32\kernel32.dll!MoveFileWithProgressA + 1 00000000772bf701 11 bytes [B8, 39, D9, B5, 75, 00, 00, ...] .text C:\Windows\system32\svchost.exe[2016] C:\Windows\system32\kernel32.dll!MoveFileExA + 1 00000000772bf731 8 bytes [B8, 39, D2, B5, 75, 00, 00, ...] .text C:\Windows\system32\svchost.exe[2016] C:\Windows\system32\kernel32.dll!MoveFileExA + 10 00000000772bf73a 2 bytes [50, C3] .text C:\Windows\system32\svchost.exe[2016] C:\Windows\system32\KERNELBASE.dll!CloseHandle + 1 000007fefd231861 11 bytes [B8, 79, 52, B5, 75, 00, 00, ...] .text C:\Windows\system32\svchost.exe[2016] C:\Windows\system32\KERNELBASE.dll!GetProcAddress + 1 000007fefd2330f1 11 bytes [B8, 39, B6, B5, 75, 00, 00, ...] .text C:\Windows\system32\svchost.exe[2016] C:\Windows\system32\KERNELBASE.dll!FindFirstFileExW 000007fefd235200 12 bytes [48, B8, F9, E1, B5, 75, 00, ...] .text C:\Windows\system32\svchost.exe[2016] C:\Windows\system32\KERNELBASE.dll!FindNextFileW + 1 000007fefd235b91 11 bytes [B8, B9, E3, B5, 75, 00, 00, ...] .text C:\Windows\system32\svchost.exe[2016] C:\Windows\system32\KERNELBASE.dll!CreateMutexW 000007fefd238c00 12 bytes [48, B8, B9, 50, B5, 75, 00, ...] .text C:\Windows\system32\svchost.exe[2016] C:\Windows\system32\KERNELBASE.dll!CreateWellKnownSid + 1 000007fefd239531 11 bytes [B8, F9, FD, B5, 75, 00, 00, ...] .text C:\Windows\system32\svchost.exe[2016] C:\Windows\system32\KERNELBASE.dll!DeviceIoControl + 1 000007fefd239e71 11 bytes [B8, 39, E0, B5, 75, 00, 00, ...] .text C:\Windows\system32\svchost.exe[2016] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExA + 1 000007fefd23b591 11 bytes [B8, F9, B0, B5, 75, 00, 00, ...] .text C:\Windows\system32\svchost.exe[2016] C:\Windows\system32\KERNELBASE.dll!OpenMutexW + 1 000007fefd242361 11 bytes [B8, F9, 4E, B5, 75, 00, 00, ...] .text C:\Windows\system32\svchost.exe[2016] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd24a590 12 bytes [48, B8, B9, B2, B5, 75, 00, ...] .text C:\Windows\system32\svchost.exe[2016] C:\Windows\system32\KERNELBASE.dll!FreeLibrary + 1 000007fefd24ac01 11 bytes [B8, 79, B4, B5, 75, 00, 00, ...] .text C:\Windows\system32\svchost.exe[2016] C:\Windows\system32\KERNELBASE.dll!WriteProcessMemory 000007fefd2642e0 12 bytes [48, B8, B9, 42, B5, 75, 00, ...] .text C:\Windows\system32\svchost.exe[2016] C:\Windows\system32\KERNELBASE.dll!DefineDosDeviceW + 1 000007fefd270ba1 11 bytes [B8, B9, CE, B5, 75, 00, 00, ...] .text C:\Windows\system32\svchost.exe[2016] C:\Windows\system32\KERNELBASE.dll!CreateRemoteThread + 1 000007fefd272801 8 bytes [B8, 39, 23, B5, 75, 00, 00, ...] .text C:\Windows\system32\svchost.exe[2016] C:\Windows\system32\KERNELBASE.dll!CreateRemoteThread + 10 000007fefd27280a 2 bytes [50, C3] .text C:\Windows\system32\svchost.exe[2016] C:\Windows\system32\KERNELBASE.dll!CreateThread + 1 000007fefd272841 11 bytes [B8, F9, 40, B5, 75, 00, 00, ...] .text C:\Windows\system32\svchost.exe[2016] C:\Windows\SYSTEM32\sechost.dll!ControlService + 1 000007fefdc0642d 11 bytes [B8, 39, 5B, B5, 75, 00, 00, ...] .text C:\Windows\system32\svchost.exe[2016] C:\Windows\SYSTEM32\sechost.dll!OpenServiceW 000007fefdc06484 12 bytes [48, B8, F9, 55, B5, 75, 00, ...] .text C:\Windows\system32\svchost.exe[2016] C:\Windows\SYSTEM32\sechost.dll!CloseServiceHandle + 1 000007fefdc06519 11 bytes [B8, 39, 62, B5, 75, 00, 00, ...] .text C:\Windows\system32\svchost.exe[2016] C:\Windows\SYSTEM32\sechost.dll!OpenServiceA 000007fefdc06c34 12 bytes [48, B8, 39, 54, B5, 75, 00, ...] .text C:\Windows\system32\svchost.exe[2016] C:\Windows\SYSTEM32\sechost.dll!DeleteService + 1 000007fefdc07ab5 11 bytes [B8, F9, 5C, B5, 75, 00, 00, ...] .text C:\Windows\system32\svchost.exe[2016] C:\Windows\SYSTEM32\sechost.dll!ControlServiceExA + 1 000007fefdc08b01 11 bytes [B8, B9, 57, B5, 75, 00, 00, ...] .text C:\Windows\system32\svchost.exe[2016] C:\Windows\SYSTEM32\sechost.dll!ControlServiceExW + 1 000007fefdc08c39 11 bytes [B8, 79, 59, B5, 75, 00, 00, ...] .text C:\Windows\system32\svchost.exe[2016] C:\Windows\system32\ADVAPI32.dll!CryptExportKey + 1 000007fefe3fae81 11 bytes [B8, F9, F6, B5, 75, 00, 00, ...] .text C:\Windows\system32\svchost.exe[2016] C:\Windows\system32\ADVAPI32.dll!CryptAcquireContextA + 1 000007fefe3faee1 11 bytes [B8, 79, E5, B5, 75, 00, 00, ...] .text C:\Windows\system32\svchost.exe[2016] C:\Windows\system32\ADVAPI32.dll!CryptImportKey + 1 000007fefe3fe6e9 11 bytes [B8, 39, FC, B5, 75, 00, 00, ...] .text C:\Windows\system32\svchost.exe[2016] C:\Windows\system32\ADVAPI32.dll!CryptAcquireContextW + 1 000007fefe40048d 11 bytes [B8, 39, E7, B5, 75, 00, 00, ...] .text C:\Windows\system32\svchost.exe[2016] C:\Windows\system32\ADVAPI32.dll!CryptCreateHash + 1 000007fefe400579 11 bytes [B8, 39, F5, B5, 75, 00, 00, ...] .text C:\Windows\system32\svchost.exe[2016] C:\Windows\system32\ADVAPI32.dll!CryptGetHashParam + 1 000007fefe4005b1 11 bytes [B8, B9, F8, B5, 75, 00, 00, ...] .text C:\Windows\system32\svchost.exe[2016] C:\Windows\system32\ADVAPI32.dll!CryptGetHashParam + 73 000007fefe4005f9 5 bytes [B8, 79, FA, B5, 75] .text ... * 2 .text C:\Windows\system32\svchost.exe[2016] C:\Windows\system32\ADVAPI32.dll!IsTextUnicode + 49 000007fefe414e21 11 bytes [B8, 39, 0A, B6, 75, 00, 00, ...] .text C:\Windows\system32\svchost.exe[2016] C:\Windows\system32\ADVAPI32.dll!CreateServiceW 000007fefe415538 12 bytes [48, B8, B9, 6C, B5, 75, 00, ...] .text C:\Windows\system32\svchost.exe[2016] C:\Windows\system32\ADVAPI32.dll!CryptEncrypt + 1 000007fefe42b9c1 7 bytes [B8, B9, EA, B5, 75, 00, 00] .text C:\Windows\system32\svchost.exe[2016] C:\Windows\system32\ADVAPI32.dll!CryptEncrypt + 10 000007fefe42b9ca 2 bytes [50, C3] .text C:\Windows\system32\svchost.exe[2016] C:\Windows\system32\ADVAPI32.dll!CreateServiceA 000007fefe42ba4c 12 bytes [48, B8, F9, 6A, B5, 75, 00, ...] .text C:\Windows\system32\svchost.exe[2016] C:\Windows\system32\ADVAPI32.dll!ChangeServiceConfigW 000007fefe42bbc0 12 bytes [48, B8, 79, 60, B5, 75, 00, ...] .text C:\Windows\system32\svchost.exe[2016] C:\Windows\system32\ADVAPI32.dll!ChangeServiceConfigA 000007fefe42bc2c 12 bytes [48, B8, B9, 5E, B5, 75, 00, ...] .text C:\Windows\system32\svchost.exe[2016] C:\Windows\system32\WS2_32.dll!WSASend + 1 000007fefdeb13b1 11 bytes [B8, B9, AB, B5, 75, 00, 00, ...] .text C:\Windows\system32\svchost.exe[2016] C:\Windows\system32\WS2_32.dll!closesocket 000007fefdeb18e0 12 bytes [48, B8, F9, A9, B5, 75, 00, ...] .text C:\Windows\system32\svchost.exe[2016] C:\Windows\system32\WS2_32.dll!WSASocketW + 1 000007fefdeb1bd1 11 bytes [B8, 39, A8, B5, 75, 00, 00, ...] .text C:\Windows\system32\svchost.exe[2016] C:\Windows\system32\WS2_32.dll!WSARecv + 1 000007fefdeb2201 11 bytes [B8, 79, F3, B5, 75, 00, 00, ...] .text C:\Windows\system32\svchost.exe[2016] C:\Windows\system32\WS2_32.dll!GetAddrInfoW 000007fefdeb23c0 12 bytes [48, B8, 39, 8C, B5, 75, 00, ...] .text C:\Windows\system32\svchost.exe[2016] C:\Windows\system32\WS2_32.dll!connect 000007fefdeb45c0 12 bytes [48, B8, 79, 67, B5, 75, 00, ...] .text C:\Windows\system32\svchost.exe[2016] C:\Windows\system32\WS2_32.dll!send + 1 000007fefdeb8001 11 bytes [B8, 79, A6, B5, 75, 00, 00, ...] .text C:\Windows\system32\svchost.exe[2016] C:\Windows\system32\WS2_32.dll!gethostbyname 000007fefdeb8df0 7 bytes [48, B8, B9, 8F, B5, 75, 00] .text C:\Windows\system32\svchost.exe[2016] C:\Windows\system32\WS2_32.dll!gethostbyname + 9 000007fefdeb8df9 3 bytes [00, 50, C3] .text C:\Windows\system32\svchost.exe[2016] C:\Windows\system32\WS2_32.dll!GetAddrInfoExW 000007fefdebc090 12 bytes [48, B8, F9, 8D, B5, 75, 00, ...] .text C:\Windows\system32\svchost.exe[2016] C:\Windows\system32\WS2_32.dll!socket + 1 000007fefdebde91 11 bytes [B8, 79, EC, B5, 75, 00, 00, ...] .text C:\Windows\system32\svchost.exe[2016] C:\Windows\system32\WS2_32.dll!recv + 1 000007fefdebdf41 11 bytes [B8, B9, F1, B5, 75, 00, 00, ...] .text C:\Windows\system32\svchost.exe[2016] C:\Windows\system32\WS2_32.dll!WSAConnect + 1 000007fefdede0f1 11 bytes [B8, F9, EF, B5, 75, 00, 00, ...] .text C:\Program Files (x86)\ASRock Utility\A-Tuning\Bin\IOMonitorSrv.exe[2104] C:\Windows\SysWOW64\ntdll.dll!NtClose 000000007764fa2c 5 bytes JMP 00000001737867e1 .text C:\Program Files (x86)\ASRock Utility\A-Tuning\Bin\IOMonitorSrv.exe[2104] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationProcess 000000007764fb74 5 bytes JMP 00000001737861f1 .text C:\Program Files (x86)\ASRock Utility\A-Tuning\Bin\IOMonitorSrv.exe[2104] C:\Windows\SysWOW64\ntdll.dll!NtQueryInformationToken 000000007764fbf4 5 bytes JMP 0000000173787d41 .text C:\Program Files (x86)\ASRock Utility\A-Tuning\Bin\IOMonitorSrv.exe[2104] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess 000000007764fc6c 5 bytes JMP 00000001737831d9 .text C:\Program Files (x86)\ASRock Utility\A-Tuning\Bin\IOMonitorSrv.exe[2104] C:\Windows\SysWOW64\ntdll.dll!NtMapViewOfSection 000000007764fc9c 5 bytes JMP 00000001737815f1 .text C:\Program Files (x86)\ASRock Utility\A-Tuning\Bin\IOMonitorSrv.exe[2104] C:\Windows\SysWOW64\ntdll.dll!NtUnmapViewOfSection 000000007764fccc 5 bytes JMP 0000000173781689 .text C:\Program Files (x86)\ASRock Utility\A-Tuning\Bin\IOMonitorSrv.exe[2104] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 000000007764fcfc 5 bytes JMP 0000000173786159 .text C:\Program Files (x86)\ASRock Utility\A-Tuning\Bin\IOMonitorSrv.exe[2104] C:\Windows\SysWOW64\ntdll.dll!NtWriteVirtualMemory 000000007764fe60 5 bytes JMP 00000001737830a9 .text C:\Program Files (x86)\ASRock Utility\A-Tuning\Bin\IOMonitorSrv.exe[2104] C:\Windows\SysWOW64\ntdll.dll!NtDuplicateObject 000000007764fe90 5 bytes JMP 0000000173783309 .text C:\Program Files (x86)\ASRock Utility\A-Tuning\Bin\IOMonitorSrv.exe[2104] C:\Windows\SysWOW64\ntdll.dll!NtAdjustPrivilegesToken 000000007764ff0c 5 bytes JMP 0000000173787161 .text C:\Program Files (x86)\ASRock Utility\A-Tuning\Bin\IOMonitorSrv.exe[2104] C:\Windows\SysWOW64\ntdll.dll!NtQueueApcThread 000000007764ff70 5 bytes JMP 0000000173783271 .text C:\Program Files (x86)\ASRock Utility\A-Tuning\Bin\IOMonitorSrv.exe[2104] C:\Windows\SysWOW64\ntdll.dll!NtCreateProcessEx 0000000077650038 5 bytes JMP 0000000173782ee1 .text C:\Program Files (x86)\ASRock Utility\A-Tuning\Bin\IOMonitorSrv.exe[2104] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread 0000000077650050 5 bytes JMP 0000000173782db1 .text C:\Program Files (x86)\ASRock Utility\A-Tuning\Bin\IOMonitorSrv.exe[2104] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile 0000000077650100 5 bytes JMP 0000000173781ed9 .text C:\Program Files (x86)\ASRock Utility\A-Tuning\Bin\IOMonitorSrv.exe[2104] C:\Windows\SysWOW64\ntdll.dll!NtSetValueKey 0000000077650210 5 bytes JMP 0000000173782301 .text C:\Program Files (x86)\ASRock Utility\A-Tuning\Bin\IOMonitorSrv.exe[2104] C:\Windows\SysWOW64\ntdll.dll!NtCreateProcess 0000000077650860 5 bytes JMP 0000000173782e49 .text C:\Program Files (x86)\ASRock Utility\A-Tuning\Bin\IOMonitorSrv.exe[2104] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx 00000000776508f0 5 bytes JMP 0000000173782d19 .text C:\Program Files (x86)\ASRock Utility\A-Tuning\Bin\IOMonitorSrv.exe[2104] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver 0000000077650e40 5 bytes JMP 0000000173786879 .text C:\Program Files (x86)\ASRock Utility\A-Tuning\Bin\IOMonitorSrv.exe[2104] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessToken 000000007765110c 5 bytes JMP 0000000173787ca9 .text C:\Program Files (x86)\ASRock Utility\A-Tuning\Bin\IOMonitorSrv.exe[2104] C:\Windows\SysWOW64\ntdll.dll!NtRaiseHardError 0000000077651650 5 bytes JMP 0000000173784ac9 .text C:\Program Files (x86)\ASRock Utility\A-Tuning\Bin\IOMonitorSrv.exe[2104] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread 000000007765196c 5 bytes JMP 0000000173783141 .text C:\Program Files (x86)\ASRock Utility\A-Tuning\Bin\IOMonitorSrv.exe[2104] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation 0000000077651c30 5 bytes JMP 0000000173786911 .text C:\Program Files (x86)\ASRock Utility\A-Tuning\Bin\IOMonitorSrv.exe[2104] C:\Windows\SysWOW64\ntdll.dll!NtSuspendProcess 0000000077651da0 5 bytes JMP 0000000173783439 .text C:\Program Files (x86)\ASRock Utility\A-Tuning\Bin\IOMonitorSrv.exe[2104] C:\Windows\SysWOW64\ntdll.dll!NtSuspendThread 0000000077651dbc 5 bytes JMP 00000001737833a1 .text C:\Program Files (x86)\ASRock Utility\A-Tuning\Bin\IOMonitorSrv.exe[2104] C:\Windows\SysWOW64\ntdll.dll!NtVdmControl 0000000077651f34 5 bytes JMP 0000000173787e71 .text C:\Program Files (x86)\ASRock Utility\A-Tuning\Bin\IOMonitorSrv.exe[2104] C:\Windows\SysWOW64\ntdll.dll!RtlQueryPerformanceCounter 0000000077664964 5 bytes JMP 0000000173781ab1 .text C:\Program Files (x86)\ASRock Utility\A-Tuning\Bin\IOMonitorSrv.exe[2104] C:\Windows\SysWOW64\ntdll.dll!RtlEqualSid 0000000077670fe1 5 bytes JMP 0000000173787dd9 .text C:\Program Files (x86)\ASRock Utility\A-Tuning\Bin\IOMonitorSrv.exe[2104] C:\Windows\SysWOW64\ntdll.dll!RtlCreateProcessParametersEx 0000000077690f4b 5 bytes JMP 0000000173782009 .text C:\Program Files (x86)\ASRock Utility\A-Tuning\Bin\IOMonitorSrv.exe[2104] C:\Windows\SysWOW64\ntdll.dll!RtlReportException 00000000776d88cf 5 bytes JMP 0000000173784b61 .text C:\Program Files (x86)\ASRock Utility\A-Tuning\Bin\IOMonitorSrv.exe[2104] C:\Windows\SysWOW64\ntdll.dll!RtlCreateProcessParameters 00000000776deb6b 5 bytes JMP 0000000173781f71 .text C:\Program Files (x86)\ASRock Utility\A-Tuning\Bin\IOMonitorSrv.exe[2104] C:\Windows\syswow64\kernel32.dll!GetStartupInfoA 0000000075440e00 5 bytes JMP 0000000173781da9 .text C:\Program Files (x86)\ASRock Utility\A-Tuning\Bin\IOMonitorSrv.exe[2104] C:\Windows\syswow64\kernel32.dll!CreateProcessA 0000000075441072 5 bytes JMP 0000000173782a21 .text C:\Program Files (x86)\ASRock Utility\A-Tuning\Bin\IOMonitorSrv.exe[2104] C:\Windows\syswow64\kernel32.dll!LoadLibraryA 000000007544498f 5 bytes JMP 00000001737825f9 .text C:\Program Files (x86)\ASRock Utility\A-Tuning\Bin\IOMonitorSrv.exe[2104] C:\Windows\syswow64\kernel32.dll!CreateProcessInternalW 0000000075453bab 5 bytes JMP 0000000173783011 .text C:\Program Files (x86)\ASRock Utility\A-Tuning\Bin\IOMonitorSrv.exe[2104] C:\Windows\syswow64\kernel32.dll!MoveFileWithProgressW 0000000075459aa4 5 bytes JMP 00000001737870c9 .text C:\Program Files (x86)\ASRock Utility\A-Tuning\Bin\IOMonitorSrv.exe[2104] C:\Windows\syswow64\kernel32.dll!MoveFileExW 0000000075459b05 5 bytes JMP 0000000173786e69 .text C:\Program Files (x86)\ASRock Utility\A-Tuning\Bin\IOMonitorSrv.exe[2104] C:\Windows\syswow64\kernel32.dll!CreateToolhelp32Snapshot 0000000075467327 5 bytes JMP 0000000173782729 .text C:\Program Files (x86)\ASRock Utility\A-Tuning\Bin\IOMonitorSrv.exe[2104] C:\Windows\syswow64\kernel32.dll!Process32NextW 00000000754688da 5 bytes JMP 0000000173786749 .text C:\Program Files (x86)\ASRock Utility\A-Tuning\Bin\IOMonitorSrv.exe[2104] C:\Windows\syswow64\kernel32.dll!MoveFileExA 000000007546ccb1 5 bytes JMP 0000000173786d39 .text C:\Program Files (x86)\ASRock Utility\A-Tuning\Bin\IOMonitorSrv.exe[2104] C:\Windows\syswow64\kernel32.dll!MoveFileWithProgressA 000000007546ccd1 5 bytes JMP 0000000173786f99 .text C:\Program Files (x86)\ASRock Utility\A-Tuning\Bin\IOMonitorSrv.exe[2104] C:\Windows\syswow64\kernel32.dll!WinExec 00000000754c3051 5 bytes JMP 00000001737828f1 .text C:\Program Files (x86)\ASRock Utility\A-Tuning\Bin\IOMonitorSrv.exe[2104] C:\Windows\syswow64\kernel32.dll!ReadConsoleInputA 00000000754e751b 5 bytes JMP 00000001737846a1 .text C:\Program Files (x86)\ASRock Utility\A-Tuning\Bin\IOMonitorSrv.exe[2104] C:\Windows\syswow64\kernel32.dll!ReadConsoleInputW 00000000754e753e 5 bytes JMP 00000001737847d1 .text C:\Program Files (x86)\ASRock Utility\A-Tuning\Bin\IOMonitorSrv.exe[2104] C:\Windows\syswow64\kernel32.dll!ReadConsoleA 00000000754e78e9 5 bytes JMP 0000000173784901 .text C:\Program Files (x86)\ASRock Utility\A-Tuning\Bin\IOMonitorSrv.exe[2104] C:\Windows\syswow64\kernel32.dll!ReadConsoleW 00000000754e7962 5 bytes JMP 0000000173784a31 .text C:\Program Files (x86)\ASRock Utility\A-Tuning\Bin\IOMonitorSrv.exe[2104] C:\Windows\syswow64\KERNELBASE.dll!GetSystemTimeAsFileTime 0000000077018f8d 5 bytes JMP 0000000173781a19 .text C:\Program Files (x86)\ASRock Utility\A-Tuning\Bin\IOMonitorSrv.exe[2104] C:\Windows\syswow64\KERNELBASE.dll!CloseHandle 000000007701c436 5 bytes JMP 0000000173783b59 .text C:\Program Files (x86)\ASRock Utility\A-Tuning\Bin\IOMonitorSrv.exe[2104] C:\Windows\syswow64\KERNELBASE.dll!DeviceIoControl 000000007701d0af 5 bytes JMP 00000001737871f9 .text C:\Program Files (x86)\ASRock Utility\A-Tuning\Bin\IOMonitorSrv.exe[2104] C:\Windows\syswow64\KERNELBASE.dll!WriteProcessMemory 000000007701eca6 5 bytes JMP 0000000173783601 .text C:\Program Files (x86)\ASRock Utility\A-Tuning\Bin\IOMonitorSrv.exe[2104] C:\Windows\syswow64\KERNELBASE.dll!ExitProcess 000000007701f206 5 bytes JMP 0000000173782399 .text C:\Program Files (x86)\ASRock Utility\A-Tuning\Bin\IOMonitorSrv.exe[2104] C:\Windows\syswow64\KERNELBASE.dll!GetStartupInfoW 000000007701fa89 5 bytes JMP 0000000173781e41 .text C:\Program Files (x86)\ASRock Utility\A-Tuning\Bin\IOMonitorSrv.exe[2104] C:\Windows\syswow64\KERNELBASE.dll!DefineDosDeviceW 000000007701fbb7 5 bytes JMP 0000000173786c09 .text C:\Program Files (x86)\ASRock Utility\A-Tuning\Bin\IOMonitorSrv.exe[2104] C:\Windows\syswow64\KERNELBASE.dll!CreateMutexW 0000000077021358 5 bytes JMP 0000000173783ac1 .text C:\Program Files (x86)\ASRock Utility\A-Tuning\Bin\IOMonitorSrv.exe[2104] C:\Windows\syswow64\KERNELBASE.dll!OpenMutexW 000000007702137f 5 bytes JMP 0000000173783a29 .text C:\Program Files (x86)\ASRock Utility\A-Tuning\Bin\IOMonitorSrv.exe[2104] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000077021d29 5 bytes JMP 0000000173781981 .text C:\Program Files (x86)\ASRock Utility\A-Tuning\Bin\IOMonitorSrv.exe[2104] C:\Windows\syswow64\KERNELBASE.dll!GetProcAddress 0000000077021e15 5 bytes JMP 00000001737824c9 .text C:\Program Files (x86)\ASRock Utility\A-Tuning\Bin\IOMonitorSrv.exe[2104] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000077022ab1 5 bytes JMP 0000000173786321 .text C:\Program Files (x86)\ASRock Utility\A-Tuning\Bin\IOMonitorSrv.exe[2104] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExA 0000000077022cd9 5 bytes JMP 0000000173786289 .text C:\Program Files (x86)\ASRock Utility\A-Tuning\Bin\IOMonitorSrv.exe[2104] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000077022d17 5 bytes JMP 00000001737863b9 .text C:\Program Files (x86)\ASRock Utility\A-Tuning\Bin\IOMonitorSrv.exe[2104] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleA 0000000077022e7a 5 bytes JMP 00000001737818e9 .text C:\Program Files (x86)\ASRock Utility\A-Tuning\Bin\IOMonitorSrv.exe[2104] C:\Windows\syswow64\KERNELBASE.dll!SleepEx 0000000077023b70 5 bytes JMP 0000000173782269 .text C:\Program Files (x86)\ASRock Utility\A-Tuning\Bin\IOMonitorSrv.exe[2104] C:\Windows\syswow64\KERNELBASE.dll!Sleep 0000000077024496 5 bytes JMP 0000000173782431 .text C:\Program Files (x86)\ASRock Utility\A-Tuning\Bin\IOMonitorSrv.exe[2104] C:\Windows\syswow64\KERNELBASE.dll!CreateThread 0000000077024608 5 bytes JMP 0000000173783569 .text C:\Program Files (x86)\ASRock Utility\A-Tuning\Bin\IOMonitorSrv.exe[2104] C:\Windows\syswow64\KERNELBASE.dll!CreateRemoteThread 0000000077024631 5 bytes JMP 0000000173782c81 .text C:\Program Files (x86)\ASRock Utility\A-Tuning\Bin\IOMonitorSrv.exe[2104] C:\Windows\syswow64\KERNELBASE.dll!FindNextFileW 000000007702a211 5 bytes JMP 0000000173787329 .text C:\Program Files (x86)\ASRock Utility\A-Tuning\Bin\IOMonitorSrv.exe[2104] C:\Windows\syswow64\KERNELBASE.dll!FindFirstFileExW 000000007702a4fa 5 bytes JMP 0000000173787291 .text C:\Program Files (x86)\ASRock Utility\A-Tuning\Bin\IOMonitorSrv.exe[2104] C:\Windows\syswow64\KERNELBASE.dll!CreateFileA 000000007702c734 5 bytes JMP 00000001737827c1 .text C:\Program Files (x86)\ASRock Utility\A-Tuning\Bin\IOMonitorSrv.exe[2104] C:\Windows\syswow64\KERNELBASE.dll!CreateWellKnownSid 000000007702e29d 5 bytes JMP 0000000173787c11 .text C:\Program Files (x86)\ASRock Utility\A-Tuning\Bin\IOMonitorSrv.exe[2104] C:\Windows\syswow64\USER32.dll!GetMessageW 00000000771478e2 5 bytes JMP 0000000173784441 .text C:\Program Files (x86)\ASRock Utility\A-Tuning\Bin\IOMonitorSrv.exe[2104] C:\Windows\syswow64\USER32.dll!GetMessageA 0000000077147bd3 5 bytes JMP 00000001737843a9 .text C:\Program Files (x86)\ASRock Utility\A-Tuning\Bin\IOMonitorSrv.exe[2104] C:\Windows\syswow64\USER32.dll!CreateWindowExW 0000000077148a29 5 bytes JMP 0000000173785909 .text C:\Program Files (x86)\ASRock Utility\A-Tuning\Bin\IOMonitorSrv.exe[2104] C:\Windows\syswow64\USER32.dll!FindWindowW 00000000771498fd 5 bytes JMP 0000000173786581 .text C:\Program Files (x86)\ASRock Utility\A-Tuning\Bin\IOMonitorSrv.exe[2104] C:\Windows\syswow64\USER32.dll!UserClientDllInitialize 000000007714b6ed 5 bytes JMP 0000000173788039 .text C:\Program Files (x86)\ASRock Utility\A-Tuning\Bin\IOMonitorSrv.exe[2104] C:\Windows\syswow64\USER32.dll!CreateWindowExA 000000007714d22e 5 bytes JMP 00000001737859a1 .text C:\Program Files (x86)\ASRock Utility\A-Tuning\Bin\IOMonitorSrv.exe[2104] C:\Windows\syswow64\USER32.dll!SetWinEventHook 000000007714ee09 5 bytes JMP 00000001737834d1 .text C:\Program Files (x86)\ASRock Utility\A-Tuning\Bin\IOMonitorSrv.exe[2104] C:\Windows\syswow64\USER32.dll!FindWindowA 000000007714ffe6 5 bytes JMP 0000000173786451 .text C:\Program Files (x86)\ASRock Utility\A-Tuning\Bin\IOMonitorSrv.exe[2104] C:\Windows\syswow64\USER32.dll!FindWindowExA 00000000771500d9 5 bytes JMP 00000001737864e9 .text C:\Program Files (x86)\ASRock Utility\A-Tuning\Bin\IOMonitorSrv.exe[2104] C:\Windows\syswow64\USER32.dll!PeekMessageW 00000000771505ba 5 bytes JMP 0000000173784571 .text C:\Program Files (x86)\ASRock Utility\A-Tuning\Bin\IOMonitorSrv.exe[2104] C:\Windows\syswow64\USER32.dll!ShowWindow 0000000077150dfb 5 bytes JMP 0000000173785a39 .text C:\Program Files (x86)\ASRock Utility\A-Tuning\Bin\IOMonitorSrv.exe[2104] C:\Windows\syswow64\USER32.dll!PostMessageW 00000000771512a5 5 bytes JMP 0000000173787fa1 .text C:\Program Files (x86)\ASRock Utility\A-Tuning\Bin\IOMonitorSrv.exe[2104] C:\Windows\syswow64\USER32.dll!SetWindowTextW 00000000771520ec 5 bytes JMP 0000000173785dc9 .text C:\Program Files (x86)\ASRock Utility\A-Tuning\Bin\IOMonitorSrv.exe[2104] C:\Windows\syswow64\USER32.dll!PostMessageA 0000000077153baa 5 bytes JMP 0000000173787f09 .text C:\Program Files (x86)\ASRock Utility\A-Tuning\Bin\IOMonitorSrv.exe[2104] C:\Windows\syswow64\USER32.dll!PeekMessageA 0000000077155f74 5 bytes JMP 00000001737844d9 .text C:\Program Files (x86)\ASRock Utility\A-Tuning\Bin\IOMonitorSrv.exe[2104] C:\Windows\syswow64\USER32.dll!CallNextHookEx 0000000077156285 5 bytes JMP 0000000173784bf9 .text C:\Program Files (x86)\ASRock Utility\A-Tuning\Bin\IOMonitorSrv.exe[2104] C:\Windows\syswow64\USER32.dll!SetWindowsHookExW 0000000077157603 5 bytes JMP 0000000173782be9 .text C:\Program Files (x86)\ASRock Utility\A-Tuning\Bin\IOMonitorSrv.exe[2104] C:\Windows\syswow64\USER32.dll!SetWindowTextA 0000000077157aee 5 bytes JMP 0000000173785d31 .text C:\Program Files (x86)\ASRock Utility\A-Tuning\Bin\IOMonitorSrv.exe[2104] C:\Windows\syswow64\USER32.dll!SetWindowsHookExA 000000007715835c 5 bytes JMP 0000000173782b51 .text C:\Program Files (x86)\ASRock Utility\A-Tuning\Bin\IOMonitorSrv.exe[2104] C:\Windows\syswow64\USER32.dll!DialogBoxIndirectParamAorW 000000007716ce54 5 bytes JMP 0000000173785b69 .text C:\Program Files (x86)\ASRock Utility\A-Tuning\Bin\IOMonitorSrv.exe[2104] C:\Windows\syswow64\USER32.dll!UnhookWindowsHookEx 000000007716f52b 5 bytes JMP 0000000173784c91 .text C:\Program Files (x86)\ASRock Utility\A-Tuning\Bin\IOMonitorSrv.exe[2104] C:\Windows\syswow64\USER32.dll!FindWindowExW 000000007716f588 5 bytes JMP 0000000173786619 .text C:\Program Files (x86)\ASRock Utility\A-Tuning\Bin\IOMonitorSrv.exe[2104] C:\Windows\syswow64\USER32.dll!CreateDialogIndirectParamAorW 00000000771710a0 5 bytes JMP 0000000173785ad1 .text C:\Program Files (x86)\ASRock Utility\A-Tuning\Bin\IOMonitorSrv.exe[2104] C:\Windows\syswow64\USER32.dll!MessageBoxExA 000000007719fcd6 5 bytes JMP 0000000173785c01 .text C:\Program Files (x86)\ASRock Utility\A-Tuning\Bin\IOMonitorSrv.exe[2104] C:\Windows\syswow64\USER32.dll!MessageBoxExW 000000007719fcfa 5 bytes JMP 0000000173785c99 .text C:\Program Files (x86)\ASRock Utility\A-Tuning\Bin\IOMonitorSrv.exe[2104] C:\Windows\syswow64\msvcrt.dll!_lock + 41 000000007504a472 5 bytes JMP 00000001737880d1 .text C:\Program Files (x86)\ASRock Utility\A-Tuning\Bin\IOMonitorSrv.exe[2104] C:\Windows\syswow64\msvcrt.dll!__p__fmode 00000000750527ce 5 bytes JMP 0000000173781be1 .text C:\Program Files (x86)\ASRock Utility\A-Tuning\Bin\IOMonitorSrv.exe[2104] C:\Windows\syswow64\msvcrt.dll!__p__environ 000000007505e6cf 5 bytes JMP 0000000173781b49 .text C:\Program Files (x86)\ASRock Utility\A-Tuning\Bin\IOMonitorSrv.exe[2104] C:\Windows\syswow64\ADVAPI32.dll!CryptGenKey 0000000076718e89 5 bytes JMP 00000001737874f1 .text C:\Program Files (x86)\ASRock Utility\A-Tuning\Bin\IOMonitorSrv.exe[2104] C:\Windows\syswow64\ADVAPI32.dll!CryptAcquireContextA 0000000076719179 5 bytes JMP 00000001737873c1 .text C:\Program Files (x86)\ASRock Utility\A-Tuning\Bin\IOMonitorSrv.exe[2104] C:\Windows\syswow64\ADVAPI32.dll!CryptExportKey 0000000076719186 5 bytes JMP 00000001737879b1 .text C:\Program Files (x86)\ASRock Utility\A-Tuning\Bin\IOMonitorSrv.exe[2104] C:\Windows\syswow64\ADVAPI32.dll!CryptImportKey 000000007671c4d2 5 bytes JMP 0000000173787b79 .text C:\Program Files (x86)\ASRock Utility\A-Tuning\Bin\IOMonitorSrv.exe[2104] C:\Windows\syswow64\ADVAPI32.dll!OpenServiceW 000000007671c9ec 5 bytes JMP 0000000173783c89 .text C:\Program Files (x86)\ASRock Utility\A-Tuning\Bin\IOMonitorSrv.exe[2104] C:\Windows\syswow64\ADVAPI32.dll!CryptAcquireContextW 000000007671deb4 5 bytes JMP 0000000173787459 .text C:\Program Files (x86)\ASRock Utility\A-Tuning\Bin\IOMonitorSrv.exe[2104] C:\Windows\syswow64\ADVAPI32.dll!CryptHashData 000000007671ded6 5 bytes JMP 0000000173787ae1 .text C:\Program Files (x86)\ASRock Utility\A-Tuning\Bin\IOMonitorSrv.exe[2104] C:\Windows\syswow64\ADVAPI32.dll!CryptCreateHash 000000007671deee 5 bytes JMP 0000000173787919 .text C:\Program Files (x86)\ASRock Utility\A-Tuning\Bin\IOMonitorSrv.exe[2104] C:\Windows\syswow64\ADVAPI32.dll!CryptGetHashParam 000000007671df1e 5 bytes JMP 0000000173787a49 .text C:\Program Files (x86)\ASRock Utility\A-Tuning\Bin\IOMonitorSrv.exe[2104] C:\Windows\syswow64\ADVAPI32.dll!OpenServiceA 0000000076722b50 5 bytes JMP 0000000173783bf1 .text C:\Program Files (x86)\ASRock Utility\A-Tuning\Bin\IOMonitorSrv.exe[2104] C:\Windows\syswow64\ADVAPI32.dll!CloseServiceHandle 00000000767235fc 5 bytes JMP 00000001737840b1 .text C:\Program Files (x86)\ASRock Utility\A-Tuning\Bin\IOMonitorSrv.exe[2104] C:\Windows\syswow64\ADVAPI32.dll!RegOpenKeyExA + 222 000000007672494d 5 bytes JMP 0000000173788169 .text C:\Program Files (x86)\ASRock Utility\A-Tuning\Bin\IOMonitorSrv.exe[2104] C:\Windows\syswow64\ADVAPI32.dll!CreateServiceW 0000000076737154 5 bytes JMP 0000000173784311 .text C:\Program Files (x86)\ASRock Utility\A-Tuning\Bin\IOMonitorSrv.exe[2104] C:\Windows\syswow64\ADVAPI32.dll!ControlService 000000007673716c 5 bytes JMP 0000000173783e51 .text C:\Program Files (x86)\ASRock Utility\A-Tuning\Bin\IOMonitorSrv.exe[2104] C:\Windows\syswow64\ADVAPI32.dll!DeleteService 0000000076737184 5 bytes JMP 0000000173783ee9 .text C:\Program Files (x86)\ASRock Utility\A-Tuning\Bin\IOMonitorSrv.exe[2104] C:\Windows\syswow64\ADVAPI32.dll!CryptEncrypt 00000000767377cb 5 bytes JMP 0000000173787589 .text C:\Program Files (x86)\ASRock Utility\A-Tuning\Bin\IOMonitorSrv.exe[2104] C:\Windows\syswow64\ADVAPI32.dll!ChangeServiceConfigA 00000000767533bc 5 bytes JMP 0000000173783f81 .text C:\Program Files (x86)\ASRock Utility\A-Tuning\Bin\IOMonitorSrv.exe[2104] C:\Windows\syswow64\ADVAPI32.dll!ChangeServiceConfigW 00000000767533cc 5 bytes JMP 0000000173784019 .text C:\Program Files (x86)\ASRock Utility\A-Tuning\Bin\IOMonitorSrv.exe[2104] C:\Windows\syswow64\ADVAPI32.dll!ControlServiceExA 00000000767533dc 5 bytes JMP 0000000173783d21 .text C:\Program Files (x86)\ASRock Utility\A-Tuning\Bin\IOMonitorSrv.exe[2104] C:\Windows\syswow64\ADVAPI32.dll!ControlServiceExW 00000000767533ec 5 bytes JMP 0000000173783db9 .text C:\Program Files (x86)\ASRock Utility\A-Tuning\Bin\IOMonitorSrv.exe[2104] C:\Windows\syswow64\ADVAPI32.dll!CreateServiceA 000000007675342c 5 bytes JMP 0000000173784279 .text C:\Windows\System32\svchost.exe[2172] C:\Windows\SYSTEM32\ntdll.dll!RtlEqualSid + 1 0000000077478731 11 bytes [B8, 39, 03, B6, 75, 00, 00, ...] .text C:\Windows\System32\svchost.exe[2172] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateProcessParametersEx + 1 0000000077486761 7 bytes [B8, 39, 69, B5, 75, 00, 00] .text C:\Windows\System32\svchost.exe[2172] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateProcessParametersEx + 10 000000007748676a 2 bytes [50, C3] .text C:\Windows\System32\svchost.exe[2172] C:\Windows\SYSTEM32\ntdll.dll!NtClose 000000007749dca0 6 bytes [48, B8, 79, C2, B5, 75] .text C:\Windows\System32\svchost.exe[2172] C:\Windows\SYSTEM32\ntdll.dll!NtClose + 8 000000007749dca8 4 bytes [00, 00, 50, C3] .text C:\Windows\System32\svchost.exe[2172] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess 000000007749dd70 6 bytes [48, B8, 39, AF, B5, 75] .text C:\Windows\System32\svchost.exe[2172] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess + 8 000000007749dd78 4 bytes [00, 00, 50, C3] .text C:\Windows\System32\svchost.exe[2172] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationToken 000000007749ddc0 6 bytes [48, B8, 79, 01, B6, 75] .text C:\Windows\System32\svchost.exe[2172] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationToken + 8 000000007749ddc8 4 bytes [00, 00, 50, C3] .text C:\Windows\System32\svchost.exe[2172] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 000000007749de10 6 bytes [48, B8, F9, 32, B5, 75] .text C:\Windows\System32\svchost.exe[2172] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess + 8 000000007749de18 4 bytes [00, 00, 50, C3] .text C:\Windows\System32\svchost.exe[2172] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 000000007749de30 6 bytes [48, B8, 39, 1C, B5, 75] .text C:\Windows\System32\svchost.exe[2172] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection + 8 000000007749de38 4 bytes [00, 00, 50, C3] .text C:\Windows\System32\svchost.exe[2172] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection 000000007749de50 6 bytes [48, B8, F9, 1D, B5, 75] .text C:\Windows\System32\svchost.exe[2172] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection + 8 000000007749de58 4 bytes [00, 00, 50, C3] .text C:\Windows\System32\svchost.exe[2172] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000000007749de70 6 bytes [48, B8, 79, AD, B5, 75] .text C:\Windows\System32\svchost.exe[2172] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess + 8 000000007749de78 4 bytes [00, 00, 50, C3] .text C:\Windows\System32\svchost.exe[2172] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000000007749df50 6 bytes [48, B8, 79, 2F, B5, 75] .text C:\Windows\System32\svchost.exe[2172] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory + 8 000000007749df58 4 bytes [00, 00, 50, C3] .text C:\Windows\System32\svchost.exe[2172] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 000000007749df70 6 bytes [48, B8, 79, 36, B5, 75] .text C:\Windows\System32\svchost.exe[2172] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject + 8 000000007749df78 4 bytes [00, 00, 50, C3] .text C:\Windows\System32\svchost.exe[2172] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 000000007749e000 6 bytes [48, B8, B9, 34, B5, 75] .text C:\Windows\System32\svchost.exe[2172] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread + 8 000000007749e008 4 bytes [00, 00, 50, C3] .text C:\Windows\System32\svchost.exe[2172] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcessEx 000000007749e080 6 bytes [48, B8, 39, 2A, B5, 75] .text C:\Windows\System32\svchost.exe[2172] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcessEx + 8 000000007749e088 4 bytes [00, 00, 50, C3] .text C:\Windows\System32\svchost.exe[2172] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 000000007749e090 6 bytes [48, B8, B9, 26, B5, 75] .text C:\Windows\System32\svchost.exe[2172] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread + 8 000000007749e098 4 bytes [00, 00, 50, C3] .text C:\Windows\System32\svchost.exe[2172] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 000000007749e100 6 bytes [48, B8, 79, DE, B5, 75] .text C:\Windows\System32\svchost.exe[2172] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile + 8 000000007749e108 4 bytes [00, 00, 50, C3] .text C:\Windows\System32\svchost.exe[2172] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcess 000000007749e5d0 6 bytes [48, B8, 79, 28, B5, 75] .text C:\Windows\System32\svchost.exe[2172] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcess + 8 000000007749e5d8 4 bytes [00, 00, 50, C3] .text C:\Windows\System32\svchost.exe[2172] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 000000007749e630 6 bytes [48, B8, F9, 24, B5, 75] .text C:\Windows\System32\svchost.exe[2172] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx + 8 000000007749e638 4 bytes [00, 00, 50, C3] .text C:\Windows\System32\svchost.exe[2172] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 000000007749e9a0 6 bytes [48, B8, 39, C4, B5, 75] .text C:\Windows\System32\svchost.exe[2172] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver + 8 000000007749e9a8 4 bytes [00, 00, 50, C3] .text C:\Windows\System32\svchost.exe[2172] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcessToken 000000007749eb70 6 bytes [48, B8, B9, FF, B5, 75] .text C:\Windows\System32\svchost.exe[2172] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcessToken + 8 000000007749eb78 4 bytes [00, 00, 50, C3] .text C:\Windows\System32\svchost.exe[2172] C:\Windows\SYSTEM32\ntdll.dll!NtRaiseHardError 000000007749eee0 6 bytes [48, B8, 79, 83, B5, 75] .text C:\Windows\System32\svchost.exe[2172] C:\Windows\SYSTEM32\ntdll.dll!NtRaiseHardError + 8 000000007749eee8 4 bytes [00, 00, 50, C3] .text C:\Windows\System32\svchost.exe[2172] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 000000007749f0e0 6 bytes [48, B8, 39, 31, B5, 75] .text C:\Windows\System32\svchost.exe[2172] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread + 8 000000007749f0e8 4 bytes [00, 00, 50, C3] .text C:\Windows\System32\svchost.exe[2172] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 000000007749f2a0 6 bytes [48, B8, F9, C5, B5, 75] .text C:\Windows\System32\svchost.exe[2172] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation + 8 000000007749f2a8 4 bytes [00, 00, 50, C3] .text C:\Windows\System32\svchost.exe[2172] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 000000007749f380 6 bytes [48, B8, 79, 3D, B5, 75] .text C:\Windows\System32\svchost.exe[2172] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess + 8 000000007749f388 4 bytes [00, 00, 50, C3] .text C:\Windows\System32\svchost.exe[2172] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 000000007749f390 6 bytes [48, B8, B9, 3B, B5, 75] .text C:\Windows\System32\svchost.exe[2172] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread + 8 000000007749f398 4 bytes [00, 00, 50, C3] .text C:\Windows\System32\svchost.exe[2172] C:\Windows\SYSTEM32\ntdll.dll!RtlReportException + 1 000000007750ed21 11 bytes [B8, 39, 85, B5, 75, 00, 00, ...] .text C:\Windows\System32\svchost.exe[2172] C:\Windows\system32\kernel32.dll!Process32NextW + 1 0000000077231b21 11 bytes [B8, B9, C0, B5, 75, 00, 00, ...] .text C:\Windows\System32\svchost.exe[2172] C:\Windows\system32\kernel32.dll!CreateToolhelp32Snapshot 0000000077231c10 12 bytes [48, B8, F9, 39, B5, 75, 00, ...] .text C:\Windows\System32\svchost.exe[2172] C:\Windows\system32\kernel32.dll!MoveFileExW + 1 0000000077232b61 8 bytes [B8, B9, D5, B5, 75, 00, 00, ...] .text C:\Windows\System32\svchost.exe[2172] C:\Windows\system32\kernel32.dll!MoveFileExW + 10 0000000077232b6a 2 bytes [50, C3] .text C:\Windows\System32\svchost.exe[2172] C:\Windows\system32\kernel32.dll!CreateProcessInternalW 000000007724dbc0 12 bytes [48, B8, B9, 2D, B5, 75, 00, ...] .text C:\Windows\System32\svchost.exe[2172] C:\Windows\system32\kernel32.dll!GetStartupInfoA + 1 0000000077250941 11 bytes [B8, B9, 06, B6, 75, 00, 00, ...] .text C:\Windows\System32\svchost.exe[2172] C:\Windows\system32\kernel32.dll!ReadConsoleInputW + 1 0000000077285321 11 bytes [B8, B9, 7A, B5, 75, 00, 00, ...] .text C:\Windows\System32\svchost.exe[2172] C:\Windows\system32\kernel32.dll!ReadConsoleInputA + 1 0000000077285341 11 bytes [B8, 39, 77, B5, 75, 00, 00, ...] .text C:\Windows\System32\svchost.exe[2172] C:\Windows\system32\kernel32.dll!ReadConsoleW 000000007729a650 12 bytes [48, B8, B9, 81, B5, 75, 00, ...] .text C:\Windows\System32\svchost.exe[2172] C:\Windows\system32\kernel32.dll!ReadConsoleA 000000007729a760 12 bytes [48, B8, 39, 7E, B5, 75, 00, ...] .text C:\Windows\System32\svchost.exe[2172] C:\Windows\system32\kernel32.dll!MoveFileWithProgressW + 1 00000000772bf501 11 bytes [B8, B9, DC, B5, 75, 00, 00, ...] .text C:\Windows\System32\svchost.exe[2172] C:\Windows\system32\kernel32.dll!MoveFileWithProgressA + 1 00000000772bf701 11 bytes [B8, 39, D9, B5, 75, 00, 00, ...] .text C:\Windows\System32\svchost.exe[2172] C:\Windows\system32\kernel32.dll!MoveFileExA + 1 00000000772bf731 8 bytes [B8, 39, D2, B5, 75, 00, 00, ...] .text C:\Windows\System32\svchost.exe[2172] C:\Windows\system32\kernel32.dll!MoveFileExA + 10 00000000772bf73a 2 bytes [50, C3] .text C:\Windows\System32\svchost.exe[2172] C:\Windows\system32\KERNELBASE.dll!CloseHandle + 1 000007fefd231861 11 bytes [B8, 79, 52, B5, 75, 00, 00, ...] .text C:\Windows\System32\svchost.exe[2172] C:\Windows\system32\KERNELBASE.dll!GetProcAddress + 1 000007fefd2330f1 11 bytes [B8, 39, B6, B5, 75, 00, 00, ...] .text C:\Windows\System32\svchost.exe[2172] C:\Windows\system32\KERNELBASE.dll!FindFirstFileExW 000007fefd235200 12 bytes [48, B8, F9, E1, B5, 75, 00, ...] .text C:\Windows\System32\svchost.exe[2172] C:\Windows\system32\KERNELBASE.dll!FindNextFileW + 1 000007fefd235b91 11 bytes [B8, B9, E3, B5, 75, 00, 00, ...] .text C:\Windows\System32\svchost.exe[2172] C:\Windows\system32\KERNELBASE.dll!CreateMutexW 000007fefd238c00 12 bytes [48, B8, B9, 50, B5, 75, 00, ...] .text C:\Windows\System32\svchost.exe[2172] C:\Windows\system32\KERNELBASE.dll!CreateWellKnownSid + 1 000007fefd239531 11 bytes [B8, F9, FD, B5, 75, 00, 00, ...] .text C:\Windows\System32\svchost.exe[2172] C:\Windows\system32\KERNELBASE.dll!DeviceIoControl + 1 000007fefd239e71 11 bytes [B8, 39, E0, B5, 75, 00, 00, ...] .text C:\Windows\System32\svchost.exe[2172] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExA + 1 000007fefd23b591 11 bytes [B8, F9, B0, B5, 75, 00, 00, ...] .text C:\Windows\System32\svchost.exe[2172] C:\Windows\system32\KERNELBASE.dll!OpenMutexW + 1 000007fefd242361 11 bytes [B8, F9, 4E, B5, 75, 00, 00, ...] .text C:\Windows\System32\svchost.exe[2172] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd24a590 12 bytes [48, B8, B9, B2, B5, 75, 00, ...] .text C:\Windows\System32\svchost.exe[2172] C:\Windows\system32\KERNELBASE.dll!FreeLibrary + 1 000007fefd24ac01 11 bytes [B8, 79, B4, B5, 75, 00, 00, ...] .text C:\Windows\System32\svchost.exe[2172] C:\Windows\system32\KERNELBASE.dll!WriteProcessMemory 000007fefd2642e0 12 bytes [48, B8, B9, 42, B5, 75, 00, ...] .text C:\Windows\System32\svchost.exe[2172] C:\Windows\system32\KERNELBASE.dll!DefineDosDeviceW + 1 000007fefd270ba1 11 bytes [B8, B9, CE, B5, 75, 00, 00, ...] .text C:\Windows\System32\svchost.exe[2172] C:\Windows\system32\KERNELBASE.dll!CreateRemoteThread + 1 000007fefd272801 8 bytes [B8, 39, 23, B5, 75, 00, 00, ...] .text C:\Windows\System32\svchost.exe[2172] C:\Windows\system32\KERNELBASE.dll!CreateRemoteThread + 10 000007fefd27280a 2 bytes [50, C3] .text C:\Windows\System32\svchost.exe[2172] C:\Windows\system32\KERNELBASE.dll!CreateThread + 1 000007fefd272841 11 bytes [B8, F9, 40, B5, 75, 00, 00, ...] .text C:\Windows\System32\svchost.exe[2172] C:\Windows\SYSTEM32\sechost.dll!ControlService + 1 000007fefdc0642d 11 bytes [B8, 39, 5B, B5, 75, 00, 00, ...] .text C:\Windows\System32\svchost.exe[2172] C:\Windows\SYSTEM32\sechost.dll!OpenServiceW 000007fefdc06484 12 bytes [48, B8, F9, 55, B5, 75, 00, ...] .text C:\Windows\System32\svchost.exe[2172] C:\Windows\SYSTEM32\sechost.dll!CloseServiceHandle + 1 000007fefdc06519 11 bytes [B8, 39, 62, B5, 75, 00, 00, ...] .text C:\Windows\System32\svchost.exe[2172] C:\Windows\SYSTEM32\sechost.dll!OpenServiceA 000007fefdc06c34 12 bytes [48, B8, 39, 54, B5, 75, 00, ...] .text C:\Windows\System32\svchost.exe[2172] C:\Windows\SYSTEM32\sechost.dll!DeleteService + 1 000007fefdc07ab5 11 bytes [B8, F9, 5C, B5, 75, 00, 00, ...] .text C:\Windows\System32\svchost.exe[2172] C:\Windows\SYSTEM32\sechost.dll!ControlServiceExA + 1 000007fefdc08b01 11 bytes [B8, B9, 57, B5, 75, 00, 00, ...] .text C:\Windows\System32\svchost.exe[2172] C:\Windows\SYSTEM32\sechost.dll!ControlServiceExW + 1 000007fefdc08c39 11 bytes [B8, 79, 59, B5, 75, 00, 00, ...] .text C:\Windows\System32\svchost.exe[2172] C:\Windows\system32\ADVAPI32.dll!CryptExportKey + 1 000007fefe3fae81 11 bytes [B8, F9, F6, B5, 75, 00, 00, ...] .text C:\Windows\System32\svchost.exe[2172] C:\Windows\system32\ADVAPI32.dll!CryptAcquireContextA + 1 000007fefe3faee1 11 bytes [B8, 79, E5, B5, 75, 00, 00, ...] .text C:\Windows\System32\svchost.exe[2172] C:\Windows\system32\ADVAPI32.dll!CryptImportKey + 1 000007fefe3fe6e9 11 bytes [B8, 39, FC, B5, 75, 00, 00, ...] .text C:\Windows\System32\svchost.exe[2172] C:\Windows\system32\ADVAPI32.dll!CryptAcquireContextW + 1 000007fefe40048d 11 bytes [B8, 39, E7, B5, 75, 00, 00, ...] .text C:\Windows\System32\svchost.exe[2172] C:\Windows\system32\ADVAPI32.dll!CryptCreateHash + 1 000007fefe400579 11 bytes [B8, 39, F5, B5, 75, 00, 00, ...] .text C:\Windows\System32\svchost.exe[2172] C:\Windows\system32\ADVAPI32.dll!CryptGetHashParam + 1 000007fefe4005b1 11 bytes [B8, B9, F8, B5, 75, 00, 00, ...] .text C:\Windows\System32\svchost.exe[2172] C:\Windows\system32\ADVAPI32.dll!CryptGetHashParam + 73 000007fefe4005f9 5 bytes [B8, 79, FA, B5, 75] .text ... * 2 .text C:\Windows\System32\svchost.exe[2172] C:\Windows\system32\ADVAPI32.dll!IsTextUnicode + 49 000007fefe414e21 11 bytes [B8, 39, 0A, B6, 75, 00, 00, ...] .text C:\Windows\System32\svchost.exe[2172] C:\Windows\system32\ADVAPI32.dll!CreateServiceW 000007fefe415538 12 bytes [48, B8, B9, 6C, B5, 75, 00, ...] .text C:\Windows\System32\svchost.exe[2172] C:\Windows\system32\ADVAPI32.dll!CryptEncrypt + 1 000007fefe42b9c1 7 bytes [B8, B9, EA, B5, 75, 00, 00] .text C:\Windows\System32\svchost.exe[2172] C:\Windows\system32\ADVAPI32.dll!CryptEncrypt + 10 000007fefe42b9ca 2 bytes [50, C3] .text C:\Windows\System32\svchost.exe[2172] C:\Windows\system32\ADVAPI32.dll!CreateServiceA 000007fefe42ba4c 12 bytes [48, B8, F9, 6A, B5, 75, 00, ...] .text C:\Windows\System32\svchost.exe[2172] C:\Windows\system32\ADVAPI32.dll!ChangeServiceConfigW 000007fefe42bbc0 12 bytes [48, B8, 79, 60, B5, 75, 00, ...] .text C:\Windows\System32\svchost.exe[2172] C:\Windows\system32\ADVAPI32.dll!ChangeServiceConfigA 000007fefe42bc2c 12 bytes [48, B8, B9, 5E, B5, 75, 00, ...] .text C:\Windows\System32\svchost.exe[2172] C:\Windows\system32\WS2_32.dll!WSASend + 1 000007fefdeb13b1 11 bytes [B8, B9, AB, B5, 75, 00, 00, ...] .text C:\Windows\System32\svchost.exe[2172] C:\Windows\system32\WS2_32.dll!closesocket 000007fefdeb18e0 12 bytes [48, B8, F9, A9, B5, 75, 00, ...] .text C:\Windows\System32\svchost.exe[2172] C:\Windows\system32\WS2_32.dll!WSASocketW + 1 000007fefdeb1bd1 11 bytes [B8, 39, A8, B5, 75, 00, 00, ...] .text C:\Windows\System32\svchost.exe[2172] C:\Windows\system32\WS2_32.dll!WSARecv + 1 000007fefdeb2201 11 bytes [B8, 79, F3, B5, 75, 00, 00, ...] .text C:\Windows\System32\svchost.exe[2172] C:\Windows\system32\WS2_32.dll!GetAddrInfoW 000007fefdeb23c0 12 bytes [48, B8, 39, 8C, B5, 75, 00, ...] .text C:\Windows\System32\svchost.exe[2172] C:\Windows\system32\WS2_32.dll!connect 000007fefdeb45c0 12 bytes [48, B8, 79, 67, B5, 75, 00, ...] .text C:\Windows\System32\svchost.exe[2172] C:\Windows\system32\WS2_32.dll!send + 1 000007fefdeb8001 11 bytes [B8, 79, A6, B5, 75, 00, 00, ...] .text C:\Windows\System32\svchost.exe[2172] C:\Windows\system32\WS2_32.dll!gethostbyname 000007fefdeb8df0 7 bytes [48, B8, B9, 8F, B5, 75, 00] .text C:\Windows\System32\svchost.exe[2172] C:\Windows\system32\WS2_32.dll!gethostbyname + 9 000007fefdeb8df9 3 bytes [00, 50, C3] .text C:\Windows\System32\svchost.exe[2172] C:\Windows\system32\WS2_32.dll!GetAddrInfoExW 000007fefdebc090 12 bytes [48, B8, F9, 8D, B5, 75, 00, ...] .text C:\Windows\System32\svchost.exe[2172] C:\Windows\system32\WS2_32.dll!socket + 1 000007fefdebde91 11 bytes [B8, 79, EC, B5, 75, 00, 00, ...] .text C:\Windows\System32\svchost.exe[2172] C:\Windows\system32\WS2_32.dll!recv + 1 000007fefdebdf41 11 bytes [B8, B9, F1, B5, 75, 00, 00, ...] .text C:\Windows\System32\svchost.exe[2172] C:\Windows\system32\WS2_32.dll!WSAConnect + 1 000007fefdede0f1 11 bytes [B8, F9, EF, B5, 75, 00, 00, ...] .text C:\Windows\System32\svchost.exe[2172] c:\windows\system32\WINHTTP.dll!WinHttpCloseHandle 000007fefb3e22e0 12 bytes [48, B8, F9, A2, B5, 75, 00, ...] .text C:\Windows\System32\svchost.exe[2172] c:\windows\system32\WINHTTP.dll!WinHttpOpenRequest 000007fefb3e45f8 12 bytes [48, B8, 39, A1, B5, 75, 00, ...] .text C:\Windows\System32\svchost.exe[2172] c:\windows\system32\WINHTTP.dll!WinHttpConnect 000007fefb3f3e3c 12 bytes [48, B8, B9, A4, B5, 75, 00, ...] .text C:\Windows\System32\svchost.exe[2172] C:\Windows\System32\DNSAPI.dll!DnsQuery_UTF8 000007fefc8256e0 12 bytes [48, B8, 39, CB, B5, 75, 00, ...] .text C:\Windows\System32\svchost.exe[2172] C:\Windows\System32\DNSAPI.dll!DnsQuery_W 000007fefc83010c 12 bytes [48, B8, 79, C9, B5, 75, 00, ...] .text C:\Windows\System32\svchost.exe[2172] C:\Windows\System32\DNSAPI.dll!DnsQuery_A 000007fefc84daa0 12 bytes [48, B8, B9, C7, B5, 75, 00, ...] .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[2212] C:\Windows\SYSTEM32\ntdll.dll!RtlEqualSid + 1 0000000077478731 11 bytes [B8, F9, 04, B6, 75, 00, 00, ...] .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[2212] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateProcessParametersEx + 1 0000000077486761 7 bytes [B8, 39, 69, B5, 75, 00, 00] .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[2212] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateProcessParametersEx + 10 000000007748676a 2 bytes [50, C3] .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[2212] C:\Windows\SYSTEM32\ntdll.dll!NtClose 000000007749dca0 6 bytes [48, B8, 79, C2, B5, 75] .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[2212] C:\Windows\SYSTEM32\ntdll.dll!NtClose + 8 000000007749dca8 4 bytes [00, 00, 50, C3] .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[2212] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess 000000007749dd70 6 bytes [48, B8, 39, AF, B5, 75] .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[2212] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess + 8 000000007749dd78 4 bytes [00, 00, 50, C3] .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[2212] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationToken 000000007749ddc0 6 bytes [48, B8, 39, 03, B6, 75] .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[2212] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationToken + 8 000000007749ddc8 4 bytes [00, 00, 50, C3] .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[2212] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 000000007749de10 6 bytes [48, B8, F9, 32, B5, 75] .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[2212] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess + 8 000000007749de18 4 bytes [00, 00, 50, C3] .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[2212] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 000000007749de30 6 bytes [48, B8, 39, 1C, B5, 75] .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[2212] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection + 8 000000007749de38 4 bytes [00, 00, 50, C3] .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[2212] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection 000000007749de50 6 bytes [48, B8, F9, 1D, B5, 75] .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[2212] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection + 8 000000007749de58 4 bytes [00, 00, 50, C3] .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[2212] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000000007749de70 6 bytes [48, B8, 79, AD, B5, 75] .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[2212] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess + 8 000000007749de78 4 bytes [00, 00, 50, C3] .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[2212] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000000007749df50 6 bytes [48, B8, 79, 2F, B5, 75] .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[2212] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory + 8 000000007749df58 4 bytes [00, 00, 50, C3] .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[2212] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 000000007749df70 6 bytes [48, B8, 79, 36, B5, 75] .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[2212] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject + 8 000000007749df78 4 bytes [00, 00, 50, C3] .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[2212] C:\Windows\SYSTEM32\ntdll.dll!NtAdjustPrivilegesToken 000000007749dfc0 6 bytes [48, B8, 79, DE, B5, 75] .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[2212] C:\Windows\SYSTEM32\ntdll.dll!NtAdjustPrivilegesToken + 8 000000007749dfc8 4 bytes [00, 00, 50, C3] .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[2212] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 000000007749e000 6 bytes [48, B8, B9, 34, B5, 75] .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[2212] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread + 8 000000007749e008 4 bytes [00, 00, 50, C3] .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[2212] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcessEx 000000007749e080 6 bytes [48, B8, 39, 2A, B5, 75] .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[2212] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcessEx + 8 000000007749e088 4 bytes [00, 00, 50, C3] .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[2212] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 000000007749e090 6 bytes [48, B8, B9, 26, B5, 75] .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[2212] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread + 8 000000007749e098 4 bytes [00, 00, 50, C3] .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[2212] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 000000007749e100 6 bytes [48, B8, 39, E0, B5, 75] .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[2212] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile + 8 000000007749e108 4 bytes [00, 00, 50, C3] .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[2212] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcess 000000007749e5d0 6 bytes [48, B8, 79, 28, B5, 75] .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[2212] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcess + 8 000000007749e5d8 4 bytes [00, 00, 50, C3] .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[2212] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 000000007749e630 6 bytes [48, B8, F9, 24, B5, 75] .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[2212] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx + 8 000000007749e638 4 bytes [00, 00, 50, C3] .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[2212] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 000000007749e9a0 6 bytes [48, B8, 39, C4, B5, 75] .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[2212] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver + 8 000000007749e9a8 4 bytes [00, 00, 50, C3] .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[2212] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcessToken 000000007749eb70 6 bytes [48, B8, 79, 01, B6, 75] .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[2212] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcessToken + 8 000000007749eb78 4 bytes [00, 00, 50, C3] .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[2212] C:\Windows\SYSTEM32\ntdll.dll!NtRaiseHardError 000000007749eee0 6 bytes [48, B8, 79, 83, B5, 75] .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[2212] C:\Windows\SYSTEM32\ntdll.dll!NtRaiseHardError + 8 000000007749eee8 4 bytes [00, 00, 50, C3] .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[2212] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 000000007749f0e0 6 bytes [48, B8, 39, 31, B5, 75] .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[2212] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread + 8 000000007749f0e8 4 bytes [00, 00, 50, C3] .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[2212] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 000000007749f2a0 6 bytes [48, B8, F9, C5, B5, 75] .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[2212] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation + 8 000000007749f2a8 4 bytes [00, 00, 50, C3] .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[2212] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 000000007749f380 6 bytes [48, B8, 79, 3D, B5, 75] .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[2212] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess + 8 000000007749f388 4 bytes [00, 00, 50, C3] .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[2212] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 000000007749f390 6 bytes [48, B8, B9, 3B, B5, 75] .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[2212] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread + 8 000000007749f398 4 bytes [00, 00, 50, C3] .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[2212] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 000000007749f480 6 bytes [48, B8, 39, 0A, B6, 75] .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[2212] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl + 8 000000007749f488 4 bytes [00, 00, 50, C3] .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[2212] C:\Windows\SYSTEM32\ntdll.dll!RtlReportException + 1 000000007750ed21 11 bytes [B8, 39, 85, B5, 75, 00, 00, ...] .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[2212] C:\Windows\system32\kernel32.dll!Process32NextW + 1 0000000077231b21 11 bytes [B8, B9, C0, B5, 75, 00, 00, ...] .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[2212] C:\Windows\system32\kernel32.dll!CreateToolhelp32Snapshot 0000000077231c10 12 bytes [48, B8, F9, 39, B5, 75, 00, ...] .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[2212] C:\Windows\system32\kernel32.dll!MoveFileExW + 1 0000000077232b61 8 bytes [B8, B9, D5, B5, 75, 00, 00, ...] .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[2212] C:\Windows\system32\kernel32.dll!MoveFileExW + 10 0000000077232b6a 2 bytes [50, C3] .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[2212] C:\Windows\system32\kernel32.dll!CreateProcessInternalW 000000007724dbc0 12 bytes [48, B8, B9, 2D, B5, 75, 00, ...] .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[2212] C:\Windows\system32\kernel32.dll!GetStartupInfoA + 1 0000000077250941 11 bytes [B8, 79, 08, B6, 75, 00, 00, ...] .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[2212] C:\Windows\system32\kernel32.dll!ReadConsoleInputW + 1 0000000077285321 11 bytes [B8, B9, 7A, B5, 75, 00, 00, ...] .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[2212] C:\Windows\system32\kernel32.dll!ReadConsoleInputA + 1 0000000077285341 11 bytes [B8, 39, 77, B5, 75, 00, 00, ...] .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[2212] C:\Windows\system32\kernel32.dll!ReadConsoleW 000000007729a650 12 bytes [48, B8, B9, 81, B5, 75, 00, ...] .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[2212] C:\Windows\system32\kernel32.dll!ReadConsoleA 000000007729a760 12 bytes [48, B8, 39, 7E, B5, 75, 00, ...] .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[2212] C:\Windows\system32\kernel32.dll!MoveFileWithProgressW + 1 00000000772bf501 11 bytes [B8, B9, DC, B5, 75, 00, 00, ...] .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[2212] C:\Windows\system32\kernel32.dll!MoveFileWithProgressA + 1 00000000772bf701 11 bytes [B8, 39, D9, B5, 75, 00, 00, ...] .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[2212] C:\Windows\system32\kernel32.dll!MoveFileExA + 1 00000000772bf731 8 bytes [B8, 39, D2, B5, 75, 00, 00, ...] .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[2212] C:\Windows\system32\kernel32.dll!MoveFileExA + 10 00000000772bf73a 2 bytes [50, C3] .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[2212] C:\Windows\system32\KERNELBASE.dll!CloseHandle + 1 000007fefd231861 11 bytes [B8, 79, 52, B5, 75, 00, 00, ...] .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[2212] C:\Windows\system32\KERNELBASE.dll!GetProcAddress + 1 000007fefd2330f1 11 bytes [B8, 39, B6, B5, 75, 00, 00, ...] .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[2212] C:\Windows\system32\KERNELBASE.dll!FindFirstFileExW 000007fefd235200 12 bytes [48, B8, B9, E3, B5, 75, 00, ...] .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[2212] C:\Windows\system32\KERNELBASE.dll!FindNextFileW + 1 000007fefd235b91 11 bytes [B8, 79, E5, B5, 75, 00, 00, ...] .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[2212] C:\Windows\system32\KERNELBASE.dll!CreateMutexW 000007fefd238c00 12 bytes [48, B8, B9, 50, B5, 75, 00, ...] .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[2212] C:\Windows\system32\KERNELBASE.dll!CreateWellKnownSid + 1 000007fefd239531 11 bytes [B8, B9, FF, B5, 75, 00, 00, ...] .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[2212] C:\Windows\system32\KERNELBASE.dll!DeviceIoControl + 1 000007fefd239e71 11 bytes [B8, F9, E1, B5, 75, 00, 00, ...] .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[2212] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExA + 1 000007fefd23b591 11 bytes [B8, F9, B0, B5, 75, 00, 00, ...] .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[2212] C:\Windows\system32\KERNELBASE.dll!OpenMutexW + 1 000007fefd242361 11 bytes [B8, F9, 4E, B5, 75, 00, 00, ...] .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[2212] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd24a590 12 bytes [48, B8, B9, B2, B5, 75, 00, ...] .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[2212] C:\Windows\system32\KERNELBASE.dll!FreeLibrary + 1 000007fefd24ac01 11 bytes [B8, 79, B4, B5, 75, 00, 00, ...] .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[2212] C:\Windows\system32\KERNELBASE.dll!WriteProcessMemory 000007fefd2642e0 12 bytes [48, B8, B9, 42, B5, 75, 00, ...] .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[2212] C:\Windows\system32\KERNELBASE.dll!DefineDosDeviceW + 1 000007fefd270ba1 11 bytes [B8, B9, CE, B5, 75, 00, 00, ...] .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[2212] C:\Windows\system32\KERNELBASE.dll!CreateRemoteThread + 1 000007fefd272801 8 bytes [B8, 39, 23, B5, 75, 00, 00, ...] .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[2212] C:\Windows\system32\KERNELBASE.dll!CreateRemoteThread + 10 000007fefd27280a 2 bytes [50, C3] .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[2212] C:\Windows\system32\KERNELBASE.dll!CreateThread + 1 000007fefd272841 11 bytes [B8, F9, 40, B5, 75, 00, 00, ...] .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[2212] C:\Windows\system32\ADVAPI32.dll!CryptExportKey + 1 000007fefe3fae81 11 bytes [B8, B9, F8, B5, 75, 00, 00, ...] .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[2212] C:\Windows\system32\ADVAPI32.dll!CryptAcquireContextA + 1 000007fefe3faee1 11 bytes [B8, 39, E7, B5, 75, 00, 00, ...] .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[2212] C:\Windows\system32\ADVAPI32.dll!CryptImportKey + 1 000007fefe3fe6e9 11 bytes [B8, F9, FD, B5, 75, 00, 00, ...] .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[2212] C:\Windows\system32\ADVAPI32.dll!CryptAcquireContextW + 1 000007fefe40048d 11 bytes [B8, F9, E8, B5, 75, 00, 00, ...] .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[2212] C:\Windows\system32\ADVAPI32.dll!CryptCreateHash + 1 000007fefe400579 11 bytes [B8, F9, F6, B5, 75, 00, 00, ...] .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[2212] C:\Windows\system32\ADVAPI32.dll!CryptGetHashParam + 1 000007fefe4005b1 11 bytes [B8, 79, FA, B5, 75, 00, 00, ...] .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[2212] C:\Windows\system32\ADVAPI32.dll!CryptGetHashParam + 73 000007fefe4005f9 5 bytes [B8, 39, FC, B5, 75] .text ... * 2 .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[2212] C:\Windows\system32\ADVAPI32.dll!IsTextUnicode + 49 000007fefe414e21 11 bytes [B8, 79, 0F, B6, 75, 00, 00, ...] .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[2212] C:\Windows\system32\ADVAPI32.dll!CreateServiceW 000007fefe415538 12 bytes [48, B8, B9, 6C, B5, 75, 00, ...] .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[2212] C:\Windows\system32\ADVAPI32.dll!CryptEncrypt + 1 000007fefe42b9c1 7 bytes [B8, 79, EC, B5, 75, 00, 00] .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[2212] C:\Windows\system32\ADVAPI32.dll!CryptEncrypt + 10 000007fefe42b9ca 2 bytes [50, C3] .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[2212] C:\Windows\system32\ADVAPI32.dll!CreateServiceA 000007fefe42ba4c 12 bytes [48, B8, F9, 6A, B5, 75, 00, ...] .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[2212] C:\Windows\system32\ADVAPI32.dll!ChangeServiceConfigW 000007fefe42bbc0 12 bytes [48, B8, 79, 60, B5, 75, 00, ...] .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[2212] C:\Windows\system32\ADVAPI32.dll!ChangeServiceConfigA 000007fefe42bc2c 12 bytes [48, B8, B9, 5E, B5, 75, 00, ...] .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[2212] C:\Windows\SYSTEM32\sechost.dll!ControlService + 1 000007fefdc0642d 11 bytes [B8, 39, 5B, B5, 75, 00, 00, ...] .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[2212] C:\Windows\SYSTEM32\sechost.dll!OpenServiceW 000007fefdc06484 12 bytes [48, B8, F9, 55, B5, 75, 00, ...] .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[2212] C:\Windows\SYSTEM32\sechost.dll!CloseServiceHandle + 1 000007fefdc06519 11 bytes [B8, 39, 62, B5, 75, 00, 00, ...] .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[2212] C:\Windows\SYSTEM32\sechost.dll!OpenServiceA 000007fefdc06c34 12 bytes [48, B8, 39, 54, B5, 75, 00, ...] .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[2212] C:\Windows\SYSTEM32\sechost.dll!DeleteService + 1 000007fefdc07ab5 11 bytes [B8, F9, 5C, B5, 75, 00, 00, ...] .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[2212] C:\Windows\SYSTEM32\sechost.dll!ControlServiceExA + 1 000007fefdc08b01 11 bytes [B8, B9, 57, B5, 75, 00, 00, ...] .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[2212] C:\Windows\SYSTEM32\sechost.dll!ControlServiceExW + 1 000007fefdc08c39 11 bytes [B8, 79, 59, B5, 75, 00, 00, ...] .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[2212] C:\Windows\system32\WS2_32.dll!WSASend + 1 000007fefdeb13b1 11 bytes [B8, B9, AB, B5, 75, 00, 00, ...] .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[2212] C:\Windows\system32\WS2_32.dll!closesocket 000007fefdeb18e0 12 bytes [48, B8, F9, A9, B5, 75, 00, ...] .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[2212] C:\Windows\system32\WS2_32.dll!WSASocketW + 1 000007fefdeb1bd1 11 bytes [B8, 39, A8, B5, 75, 00, 00, ...] .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[2212] C:\Windows\system32\WS2_32.dll!WSARecv + 1 000007fefdeb2201 11 bytes [B8, 39, F5, B5, 75, 00, 00, ...] .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[2212] C:\Windows\system32\WS2_32.dll!GetAddrInfoW 000007fefdeb23c0 12 bytes [48, B8, 39, 8C, B5, 75, 00, ...] .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[2212] C:\Windows\system32\WS2_32.dll!connect 000007fefdeb45c0 12 bytes [48, B8, 79, 67, B5, 75, 00, ...] .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[2212] C:\Windows\system32\WS2_32.dll!send + 1 000007fefdeb8001 11 bytes [B8, 79, A6, B5, 75, 00, 00, ...] .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[2212] C:\Windows\system32\WS2_32.dll!gethostbyname 000007fefdeb8df0 7 bytes [48, B8, B9, 8F, B5, 75, 00] .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[2212] C:\Windows\system32\WS2_32.dll!gethostbyname + 9 000007fefdeb8df9 3 bytes [00, 50, C3] .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[2212] C:\Windows\system32\WS2_32.dll!GetAddrInfoExW 000007fefdebc090 12 bytes [48, B8, F9, 8D, B5, 75, 00, ...] .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[2212] C:\Windows\system32\WS2_32.dll!socket + 1 000007fefdebde91 11 bytes [B8, 39, EE, B5, 75, 00, 00, ...] .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[2212] C:\Windows\system32\WS2_32.dll!recv + 1 000007fefdebdf41 11 bytes [B8, 79, F3, B5, 75, 00, 00, ...] .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[2212] C:\Windows\system32\WS2_32.dll!WSAConnect + 1 000007fefdede0f1 11 bytes [B8, B9, F1, B5, 75, 00, 00, ...] .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[2212] C:\Windows\system32\DNSAPI.dll!DnsQuery_UTF8 000007fefc8256e0 12 bytes [48, B8, 39, CB, B5, 75, 00, ...] .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[2212] C:\Windows\system32\DNSAPI.dll!DnsQuery_W 000007fefc83010c 12 bytes [48, B8, 79, C9, B5, 75, 00, ...] .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[2212] C:\Windows\system32\DNSAPI.dll!DnsQuery_A 000007fefc84daa0 12 bytes [48, B8, B9, C7, B5, 75, 00, ...] .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[2212] C:\Windows\system32\urlmon.dll!URLDownloadToCacheFileW 000007fefe579d90 12 bytes [48, B8, B9, 65, B5, 75, 00, ...] .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[2212] C:\Windows\system32\urlmon.dll!URLDownloadToFileW + 1 000007fefe584581 11 bytes [B8, F9, 63, B5, 75, 00, 00, ...] .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2456] C:\Windows\SYSTEM32\ntdll.dll!RtlEqualSid + 1 0000000077478731 11 bytes [B8, F9, 20, B6, 75, 00, 00, ...] .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2456] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateProcessParametersEx + 1 0000000077486761 7 bytes [B8, 39, 69, B5, 75, 00, 00] .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2456] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateProcessParametersEx + 10 000000007748676a 2 bytes [50, C3] .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2456] C:\Windows\SYSTEM32\ntdll.dll!NtClose 000000007749dca0 6 bytes [48, B8, 79, DE, B5, 75] .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2456] C:\Windows\SYSTEM32\ntdll.dll!NtClose + 8 000000007749dca8 4 bytes [00, 00, 50, C3] .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2456] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess 000000007749dd70 6 bytes [48, B8, 39, CB, B5, 75] .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2456] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess + 8 000000007749dd78 4 bytes [00, 00, 50, C3] .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2456] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationToken 000000007749ddc0 6 bytes [48, B8, 39, 1F, B6, 75] .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2456] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationToken + 8 000000007749ddc8 4 bytes [00, 00, 50, C3] .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2456] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 000000007749de10 6 bytes [48, B8, F9, 32, B5, 75] .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2456] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess + 8 000000007749de18 4 bytes [00, 00, 50, C3] .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2456] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 000000007749de30 6 bytes [48, B8, 39, 1C, B5, 75] .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2456] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection + 8 000000007749de38 4 bytes [00, 00, 50, C3] .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2456] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection 000000007749de50 6 bytes [48, B8, F9, 1D, B5, 75] .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2456] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection + 8 000000007749de58 4 bytes [00, 00, 50, C3] .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2456] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000000007749de70 6 bytes [48, B8, 79, C9, B5, 75] .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2456] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess + 8 000000007749de78 4 bytes [00, 00, 50, C3] .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2456] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000000007749df50 6 bytes [48, B8, 79, 2F, B5, 75] .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2456] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory + 8 000000007749df58 4 bytes [00, 00, 50, C3] .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2456] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 000000007749df70 6 bytes [48, B8, 79, 36, B5, 75] .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2456] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject + 8 000000007749df78 4 bytes [00, 00, 50, C3] .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2456] C:\Windows\SYSTEM32\ntdll.dll!NtAdjustPrivilegesToken 000000007749dfc0 6 bytes [48, B8, 79, FA, B5, 75] .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2456] C:\Windows\SYSTEM32\ntdll.dll!NtAdjustPrivilegesToken + 8 000000007749dfc8 4 bytes [00, 00, 50, C3] .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2456] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 000000007749e000 6 bytes [48, B8, B9, 34, B5, 75] .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2456] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread + 8 000000007749e008 4 bytes [00, 00, 50, C3] .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2456] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcessEx 000000007749e080 6 bytes [48, B8, 39, 2A, B5, 75] .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2456] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcessEx + 8 000000007749e088 4 bytes [00, 00, 50, C3] .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2456] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 000000007749e090 6 bytes [48, B8, B9, 26, B5, 75] .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2456] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread + 8 000000007749e098 4 bytes [00, 00, 50, C3] .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2456] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 000000007749e100 6 bytes [48, B8, 39, FC, B5, 75] .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2456] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile + 8 000000007749e108 4 bytes [00, 00, 50, C3] .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2456] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcess 000000007749e5d0 6 bytes [48, B8, 79, 28, B5, 75] .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2456] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcess + 8 000000007749e5d8 4 bytes [00, 00, 50, C3] .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2456] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 000000007749e630 6 bytes [48, B8, F9, 24, B5, 75] .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2456] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx + 8 000000007749e638 4 bytes [00, 00, 50, C3] .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2456] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 000000007749e9a0 6 bytes [48, B8, 39, E0, B5, 75] .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2456] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver + 8 000000007749e9a8 4 bytes [00, 00, 50, C3] .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2456] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcessToken 000000007749eb70 6 bytes [48, B8, 79, 1D, B6, 75] .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2456] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcessToken + 8 000000007749eb78 4 bytes [00, 00, 50, C3] .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2456] C:\Windows\SYSTEM32\ntdll.dll!NtRaiseHardError 000000007749eee0 6 bytes [48, B8, 79, 83, B5, 75] .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2456] C:\Windows\SYSTEM32\ntdll.dll!NtRaiseHardError + 8 000000007749eee8 4 bytes [00, 00, 50, C3] .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2456] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 000000007749f0e0 6 bytes [48, B8, 39, 31, B5, 75] .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2456] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread + 8 000000007749f0e8 4 bytes [00, 00, 50, C3] .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2456] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 000000007749f2a0 6 bytes [48, B8, F9, E1, B5, 75] .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2456] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation + 8 000000007749f2a8 4 bytes [00, 00, 50, C3] .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2456] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 000000007749f380 6 bytes [48, B8, 79, 3D, B5, 75] .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2456] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess + 8 000000007749f388 4 bytes [00, 00, 50, C3] .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2456] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 000000007749f390 6 bytes [48, B8, B9, 3B, B5, 75] .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2456] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread + 8 000000007749f398 4 bytes [00, 00, 50, C3] .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2456] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 000000007749f480 6 bytes [48, B8, 39, 26, B6, 75] .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2456] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl + 8 000000007749f488 4 bytes [00, 00, 50, C3] .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2456] C:\Windows\SYSTEM32\ntdll.dll!RtlReportException + 1 000000007750ed21 11 bytes [B8, 39, 85, B5, 75, 00, 00, ...] .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2456] C:\Windows\system32\kernel32.dll!Process32NextW + 1 0000000077231b21 11 bytes [B8, B9, DC, B5, 75, 00, 00, ...] .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2456] C:\Windows\system32\kernel32.dll!CreateToolhelp32Snapshot 0000000077231c10 12 bytes [48, B8, F9, 39, B5, 75, 00, ...] .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2456] C:\Windows\system32\kernel32.dll!MoveFileExW + 1 0000000077232b61 8 bytes [B8, B9, F1, B5, 75, 00, 00, ...] .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2456] C:\Windows\system32\kernel32.dll!MoveFileExW + 10 0000000077232b6a 2 bytes [50, C3] .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2456] C:\Windows\system32\kernel32.dll!CreateProcessInternalW 000000007724dbc0 12 bytes [48, B8, B9, 2D, B5, 75, 00, ...] .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2456] C:\Windows\system32\kernel32.dll!GetStartupInfoA + 1 0000000077250941 2 bytes [B8, 79] .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2456] C:\Windows\system32\kernel32.dll!GetStartupInfoA + 4 0000000077250944 8 bytes [B6, 75, 00, 00, 00, 00, 50, ...] .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2456] C:\Windows\system32\kernel32.dll!ReadConsoleInputW + 1 0000000077285321 11 bytes [B8, B9, 7A, B5, 75, 00, 00, ...] .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2456] C:\Windows\system32\kernel32.dll!ReadConsoleInputA + 1 0000000077285341 11 bytes [B8, 39, 77, B5, 75, 00, 00, ...] .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2456] C:\Windows\system32\kernel32.dll!ReadConsoleW 000000007729a650 12 bytes [48, B8, B9, 81, B5, 75, 00, ...] .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2456] C:\Windows\system32\kernel32.dll!ReadConsoleA 000000007729a760 12 bytes [48, B8, 39, 7E, B5, 75, 00, ...] .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2456] C:\Windows\system32\kernel32.dll!MoveFileWithProgressW + 1 00000000772bf501 11 bytes [B8, B9, F8, B5, 75, 00, 00, ...] .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2456] C:\Windows\system32\kernel32.dll!MoveFileWithProgressA + 1 00000000772bf701 11 bytes [B8, 39, F5, B5, 75, 00, 00, ...] .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2456] C:\Windows\system32\kernel32.dll!MoveFileExA + 1 00000000772bf731 8 bytes [B8, 39, EE, B5, 75, 00, 00, ...] .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2456] C:\Windows\system32\kernel32.dll!MoveFileExA + 10 00000000772bf73a 2 bytes [50, C3] .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2456] C:\Windows\system32\KERNELBASE.dll!CloseHandle + 1 000007fefd231861 11 bytes [B8, 79, 52, B5, 75, 00, 00, ...] .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2456] C:\Windows\system32\KERNELBASE.dll!GetProcAddress + 1 000007fefd2330f1 11 bytes [B8, 39, D2, B5, 75, 00, 00, ...] .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2456] C:\Windows\system32\KERNELBASE.dll!FindFirstFileExW 000007fefd235200 12 bytes [48, B8, B9, FF, B5, 75, 00, ...] .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2456] C:\Windows\system32\KERNELBASE.dll!FindNextFileW + 1 000007fefd235b91 11 bytes [B8, 79, 01, B6, 75, 00, 00, ...] .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2456] C:\Windows\system32\KERNELBASE.dll!CreateMutexW 000007fefd238c00 12 bytes [48, B8, B9, 50, B5, 75, 00, ...] .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2456] C:\Windows\system32\KERNELBASE.dll!CreateWellKnownSid + 1 000007fefd239531 11 bytes [B8, B9, 1B, B6, 75, 00, 00, ...] .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2456] C:\Windows\system32\KERNELBASE.dll!DeviceIoControl + 1 000007fefd239e71 11 bytes [B8, F9, FD, B5, 75, 00, 00, ...] .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2456] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExA + 1 000007fefd23b591 11 bytes [B8, F9, CC, B5, 75, 00, 00, ...] .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2456] C:\Windows\system32\KERNELBASE.dll!OpenMutexW + 1 000007fefd242361 11 bytes [B8, F9, 4E, B5, 75, 00, 00, ...] .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2456] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd24a590 12 bytes [48, B8, B9, CE, B5, 75, 00, ...] .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2456] C:\Windows\system32\KERNELBASE.dll!FreeLibrary + 1 000007fefd24ac01 11 bytes [B8, 79, D0, B5, 75, 00, 00, ...] .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2456] C:\Windows\system32\KERNELBASE.dll!WriteProcessMemory 000007fefd2642e0 12 bytes [48, B8, B9, 42, B5, 75, 00, ...] .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2456] C:\Windows\system32\KERNELBASE.dll!DefineDosDeviceW + 1 000007fefd270ba1 11 bytes [B8, B9, EA, B5, 75, 00, 00, ...] .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2456] C:\Windows\system32\KERNELBASE.dll!CreateRemoteThread + 1 000007fefd272801 8 bytes [B8, 39, 23, B5, 75, 00, 00, ...] .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2456] C:\Windows\system32\KERNELBASE.dll!CreateRemoteThread + 10 000007fefd27280a 2 bytes [50, C3] .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2456] C:\Windows\system32\KERNELBASE.dll!CreateThread + 1 000007fefd272841 11 bytes [B8, F9, 40, B5, 75, 00, 00, ...] .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2456] C:\Windows\system32\ADVAPI32.dll!CryptExportKey + 1 000007fefe3fae81 11 bytes [B8, B9, 14, B6, 75, 00, 00, ...] .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2456] C:\Windows\system32\ADVAPI32.dll!CryptAcquireContextA + 1 000007fefe3faee1 11 bytes [B8, 39, 03, B6, 75, 00, 00, ...] .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2456] C:\Windows\system32\ADVAPI32.dll!CryptImportKey + 1 000007fefe3fe6e9 11 bytes [B8, F9, 19, B6, 75, 00, 00, ...] .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2456] C:\Windows\system32\ADVAPI32.dll!CryptAcquireContextW + 1 000007fefe40048d 11 bytes [B8, F9, 04, B6, 75, 00, 00, ...] .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2456] C:\Windows\system32\ADVAPI32.dll!CryptCreateHash + 1 000007fefe400579 11 bytes [B8, F9, 12, B6, 75, 00, 00, ...] .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2456] C:\Windows\system32\ADVAPI32.dll!CryptGetHashParam + 1 000007fefe4005b1 11 bytes [B8, 79, 16, B6, 75, 00, 00, ...] .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2456] C:\Windows\system32\ADVAPI32.dll!CryptGetHashParam + 73 000007fefe4005f9 5 bytes [B8, 39, 18, B6, 75] .text ... * 2 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2456] C:\Windows\system32\ADVAPI32.dll!IsTextUnicode + 49 000007fefe414e21 11 bytes [B8, 39, 2D, B6, 75, 00, 00, ...] .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2456] C:\Windows\system32\ADVAPI32.dll!CreateServiceW 000007fefe415538 12 bytes [48, B8, B9, 6C, B5, 75, 00, ...] .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2456] C:\Windows\system32\ADVAPI32.dll!CryptEncrypt + 1 000007fefe42b9c1 7 bytes [B8, 79, 08, B6, 75, 00, 00] .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2456] C:\Windows\system32\ADVAPI32.dll!CryptEncrypt + 10 000007fefe42b9ca 2 bytes [50, C3] .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2456] C:\Windows\system32\ADVAPI32.dll!CreateServiceA 000007fefe42ba4c 12 bytes [48, B8, F9, 6A, B5, 75, 00, ...] .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2456] C:\Windows\system32\ADVAPI32.dll!ChangeServiceConfigW 000007fefe42bbc0 12 bytes [48, B8, 79, 60, B5, 75, 00, ...] .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2456] C:\Windows\system32\ADVAPI32.dll!ChangeServiceConfigA 000007fefe42bc2c 12 bytes [48, B8, B9, 5E, B5, 75, 00, ...] .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2456] C:\Windows\SYSTEM32\sechost.dll!ControlService + 1 000007fefdc0642d 11 bytes [B8, 39, 5B, B5, 75, 00, 00, ...] .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2456] C:\Windows\SYSTEM32\sechost.dll!OpenServiceW 000007fefdc06484 12 bytes [48, B8, F9, 55, B5, 75, 00, ...] .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2456] C:\Windows\SYSTEM32\sechost.dll!CloseServiceHandle + 1 000007fefdc06519 11 bytes [B8, 39, 62, B5, 75, 00, 00, ...] .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2456] C:\Windows\SYSTEM32\sechost.dll!OpenServiceA 000007fefdc06c34 12 bytes [48, B8, 39, 54, B5, 75, 00, ...] .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2456] C:\Windows\SYSTEM32\sechost.dll!DeleteService + 1 000007fefdc07ab5 11 bytes [B8, F9, 5C, B5, 75, 00, 00, ...] .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2456] C:\Windows\SYSTEM32\sechost.dll!ControlServiceExA + 1 000007fefdc08b01 11 bytes [B8, B9, 57, B5, 75, 00, 00, ...] .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2456] C:\Windows\SYSTEM32\sechost.dll!ControlServiceExW + 1 000007fefdc08c39 11 bytes [B8, 79, 59, B5, 75, 00, 00, ...] .text C:\Windows\system32\IProsetMonitor.exe[2500] C:\Windows\system32\kernel32.dll!Process32NextW + 1 0000000077231b21 11 bytes [B8, B9, C0, B5, 75, 00, 00, ...] .text C:\Windows\system32\IProsetMonitor.exe[2500] C:\Windows\system32\kernel32.dll!CreateToolhelp32Snapshot 0000000077231c10 12 bytes [48, B8, F9, 39, B5, 75, 00, ...] .text C:\Windows\system32\IProsetMonitor.exe[2500] C:\Windows\system32\kernel32.dll!MoveFileExW + 1 0000000077232b61 8 bytes [B8, B9, D5, B5, 75, 00, 00, ...] .text C:\Windows\system32\IProsetMonitor.exe[2500] C:\Windows\system32\kernel32.dll!MoveFileExW + 10 0000000077232b6a 2 bytes [50, C3] .text C:\Windows\system32\IProsetMonitor.exe[2500] C:\Windows\system32\kernel32.dll!CreateProcessInternalW 000000007724dbc0 12 bytes [48, B8, B9, 2D, B5, 75, 00, ...] .text C:\Windows\system32\IProsetMonitor.exe[2500] C:\Windows\system32\kernel32.dll!GetStartupInfoA + 1 0000000077250941 11 bytes [B8, 79, 08, B6, 75, 00, 00, ...] .text C:\Windows\system32\IProsetMonitor.exe[2500] C:\Windows\system32\kernel32.dll!ReadConsoleInputW + 1 0000000077285321 11 bytes [B8, B9, 7A, B5, 75, 00, 00, ...] .text C:\Windows\system32\IProsetMonitor.exe[2500] C:\Windows\system32\kernel32.dll!ReadConsoleInputA + 1 0000000077285341 11 bytes [B8, 39, 77, B5, 75, 00, 00, ...] .text C:\Windows\system32\IProsetMonitor.exe[2500] C:\Windows\system32\kernel32.dll!ReadConsoleW 000000007729a650 12 bytes [48, B8, B9, 81, B5, 75, 00, ...] .text C:\Windows\system32\IProsetMonitor.exe[2500] C:\Windows\system32\kernel32.dll!ReadConsoleA 000000007729a760 12 bytes [48, B8, 39, 7E, B5, 75, 00, ...] .text C:\Windows\system32\IProsetMonitor.exe[2500] C:\Windows\system32\kernel32.dll!MoveFileWithProgressW + 1 00000000772bf501 11 bytes [B8, B9, DC, B5, 75, 00, 00, ...] .text C:\Windows\system32\IProsetMonitor.exe[2500] C:\Windows\system32\kernel32.dll!MoveFileWithProgressA + 1 00000000772bf701 11 bytes [B8, 39, D9, B5, 75, 00, 00, ...] .text C:\Windows\system32\IProsetMonitor.exe[2500] C:\Windows\system32\kernel32.dll!MoveFileExA + 1 00000000772bf731 8 bytes [B8, 39, D2, B5, 75, 00, 00, ...] .text C:\Windows\system32\IProsetMonitor.exe[2500] C:\Windows\system32\kernel32.dll!MoveFileExA + 10 00000000772bf73a 2 bytes [50, C3] .text C:\Windows\system32\IProsetMonitor.exe[2500] C:\Windows\system32\KERNELBASE.dll!CloseHandle + 1 000007fefd231861 11 bytes [B8, 79, 52, B5, 75, 00, 00, ...] .text C:\Windows\system32\IProsetMonitor.exe[2500] C:\Windows\system32\KERNELBASE.dll!GetProcAddress + 1 000007fefd2330f1 11 bytes [B8, 39, B6, B5, 75, 00, 00, ...] .text C:\Windows\system32\IProsetMonitor.exe[2500] C:\Windows\system32\KERNELBASE.dll!FindFirstFileExW 000007fefd235200 12 bytes [48, B8, B9, E3, B5, 75, 00, ...] .text C:\Windows\system32\IProsetMonitor.exe[2500] C:\Windows\system32\KERNELBASE.dll!FindNextFileW + 1 000007fefd235b91 11 bytes [B8, 79, E5, B5, 75, 00, 00, ...] .text C:\Windows\system32\IProsetMonitor.exe[2500] C:\Windows\system32\KERNELBASE.dll!CreateMutexW 000007fefd238c00 12 bytes [48, B8, B9, 50, B5, 75, 00, ...] .text C:\Windows\system32\IProsetMonitor.exe[2500] C:\Windows\system32\KERNELBASE.dll!CreateWellKnownSid + 1 000007fefd239531 11 bytes [B8, B9, FF, B5, 75, 00, 00, ...] .text C:\Windows\system32\IProsetMonitor.exe[2500] C:\Windows\system32\KERNELBASE.dll!DeviceIoControl + 1 000007fefd239e71 11 bytes [B8, F9, E1, B5, 75, 00, 00, ...] .text C:\Windows\system32\IProsetMonitor.exe[2500] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExA + 1 000007fefd23b591 11 bytes [B8, F9, B0, B5, 75, 00, 00, ...] .text C:\Windows\system32\IProsetMonitor.exe[2500] C:\Windows\system32\KERNELBASE.dll!OpenMutexW + 1 000007fefd242361 11 bytes [B8, F9, 4E, B5, 75, 00, 00, ...] .text C:\Windows\system32\IProsetMonitor.exe[2500] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd24a590 12 bytes [48, B8, B9, B2, B5, 75, 00, ...] .text C:\Windows\system32\IProsetMonitor.exe[2500] C:\Windows\system32\KERNELBASE.dll!FreeLibrary + 1 000007fefd24ac01 11 bytes [B8, 79, B4, B5, 75, 00, 00, ...] .text C:\Windows\system32\IProsetMonitor.exe[2500] C:\Windows\system32\KERNELBASE.dll!WriteProcessMemory 000007fefd2642e0 12 bytes [48, B8, B9, 42, B5, 75, 00, ...] .text C:\Windows\system32\IProsetMonitor.exe[2500] C:\Windows\system32\KERNELBASE.dll!DefineDosDeviceW + 1 000007fefd270ba1 11 bytes [B8, B9, CE, B5, 75, 00, 00, ...] .text C:\Windows\system32\IProsetMonitor.exe[2500] C:\Windows\system32\KERNELBASE.dll!CreateRemoteThread + 1 000007fefd272801 8 bytes [B8, 39, 23, B5, 75, 00, 00, ...] .text C:\Windows\system32\IProsetMonitor.exe[2500] C:\Windows\system32\KERNELBASE.dll!CreateRemoteThread + 10 000007fefd27280a 2 bytes [50, C3] .text C:\Windows\system32\IProsetMonitor.exe[2500] C:\Windows\system32\KERNELBASE.dll!CreateThread + 1 000007fefd272841 11 bytes [B8, F9, 40, B5, 75, 00, 00, ...] .text C:\Windows\system32\IProsetMonitor.exe[2500] C:\Windows\system32\ADVAPI32.dll!CryptExportKey + 1 000007fefe3fae81 11 bytes [B8, B9, F8, B5, 75, 00, 00, ...] .text C:\Windows\system32\IProsetMonitor.exe[2500] C:\Windows\system32\ADVAPI32.dll!CryptAcquireContextA + 1 000007fefe3faee1 11 bytes [B8, 39, E7, B5, 75, 00, 00, ...] .text C:\Windows\system32\IProsetMonitor.exe[2500] C:\Windows\system32\ADVAPI32.dll!CryptImportKey + 1 000007fefe3fe6e9 11 bytes [B8, F9, FD, B5, 75, 00, 00, ...] .text C:\Windows\system32\IProsetMonitor.exe[2500] C:\Windows\system32\ADVAPI32.dll!CryptAcquireContextW + 1 000007fefe40048d 11 bytes [B8, F9, E8, B5, 75, 00, 00, ...] .text C:\Windows\system32\IProsetMonitor.exe[2500] C:\Windows\system32\ADVAPI32.dll!CryptCreateHash + 1 000007fefe400579 11 bytes [B8, F9, F6, B5, 75, 00, 00, ...] .text C:\Windows\system32\IProsetMonitor.exe[2500] C:\Windows\system32\ADVAPI32.dll!CryptGetHashParam + 1 000007fefe4005b1 11 bytes [B8, 79, FA, B5, 75, 00, 00, ...] .text C:\Windows\system32\IProsetMonitor.exe[2500] C:\Windows\system32\ADVAPI32.dll!CryptGetHashParam + 73 000007fefe4005f9 5 bytes [B8, 39, FC, B5, 75] .text ... * 2 .text C:\Windows\system32\IProsetMonitor.exe[2500] C:\Windows\system32\ADVAPI32.dll!IsTextUnicode + 49 000007fefe414e21 11 bytes [B8, 79, 0F, B6, 75, 00, 00, ...] .text C:\Windows\system32\IProsetMonitor.exe[2500] C:\Windows\system32\ADVAPI32.dll!CreateServiceW 000007fefe415538 12 bytes [48, B8, B9, 6C, B5, 75, 00, ...] .text C:\Windows\system32\IProsetMonitor.exe[2500] C:\Windows\system32\ADVAPI32.dll!CryptEncrypt + 1 000007fefe42b9c1 7 bytes [B8, 79, EC, B5, 75, 00, 00] .text C:\Windows\system32\IProsetMonitor.exe[2500] C:\Windows\system32\ADVAPI32.dll!CryptEncrypt + 10 000007fefe42b9ca 2 bytes [50, C3] .text C:\Windows\system32\IProsetMonitor.exe[2500] C:\Windows\system32\ADVAPI32.dll!CreateServiceA 000007fefe42ba4c 12 bytes [48, B8, F9, 6A, B5, 75, 00, ...] .text C:\Windows\system32\IProsetMonitor.exe[2500] C:\Windows\system32\ADVAPI32.dll!ChangeServiceConfigW 000007fefe42bbc0 12 bytes [48, B8, 79, 60, B5, 75, 00, ...] .text C:\Windows\system32\IProsetMonitor.exe[2500] C:\Windows\system32\ADVAPI32.dll!ChangeServiceConfigA 000007fefe42bc2c 12 bytes [48, B8, B9, 5E, B5, 75, 00, ...] .text C:\Windows\system32\IProsetMonitor.exe[2500] C:\Windows\SYSTEM32\sechost.dll!ControlService + 1 000007fefdc0642d 11 bytes [B8, 39, 5B, B5, 75, 00, 00, ...] .text C:\Windows\system32\IProsetMonitor.exe[2500] C:\Windows\SYSTEM32\sechost.dll!OpenServiceW 000007fefdc06484 12 bytes [48, B8, F9, 55, B5, 75, 00, ...] .text C:\Windows\system32\IProsetMonitor.exe[2500] C:\Windows\SYSTEM32\sechost.dll!CloseServiceHandle + 1 000007fefdc06519 11 bytes [B8, 39, 62, B5, 75, 00, 00, ...] .text C:\Windows\system32\IProsetMonitor.exe[2500] C:\Windows\SYSTEM32\sechost.dll!OpenServiceA 000007fefdc06c34 12 bytes [48, B8, 39, 54, B5, 75, 00, ...] .text C:\Windows\system32\IProsetMonitor.exe[2500] C:\Windows\SYSTEM32\sechost.dll!DeleteService + 1 000007fefdc07ab5 11 bytes [B8, F9, 5C, B5, 75, 00, 00, ...] .text C:\Windows\system32\IProsetMonitor.exe[2500] C:\Windows\SYSTEM32\sechost.dll!ControlServiceExA + 1 000007fefdc08b01 11 bytes [B8, B9, 57, B5, 75, 00, 00, ...] .text C:\Windows\system32\IProsetMonitor.exe[2500] C:\Windows\SYSTEM32\sechost.dll!ControlServiceExW + 1 000007fefdc08c39 11 bytes [B8, 79, 59, B5, 75, 00, 00, ...] .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe[2540] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000076cf1401 2 bytes JMP 7546b21b C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe[2540] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000076cf1419 2 bytes JMP 7546b346 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe[2540] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000076cf1431 2 bytes JMP 754e8f29 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe[2540] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000076cf144a 2 bytes CALL 7544489d C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe[2540] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000076cf14dd 2 bytes JMP 754e8822 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe[2540] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000076cf14f5 2 bytes JMP 754e89f8 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe[2540] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000076cf150d 2 bytes JMP 754e8718 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe[2540] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000076cf1525 2 bytes JMP 754e8ae2 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe[2540] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000076cf153d 2 bytes JMP 7545fca8 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe[2540] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000076cf1555 2 bytes JMP 754668ef C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe[2540] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000076cf156d 2 bytes JMP 754e8fe3 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe[2540] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000076cf1585 2 bytes JMP 754e8b42 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe[2540] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000076cf159d 2 bytes JMP 754e86dc C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe[2540] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000076cf15b5 2 bytes JMP 7545fd41 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe[2540] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000076cf15cd 2 bytes JMP 7546b2dc C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe[2540] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000076cf16b2 2 bytes JMP 754e8ea4 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe[2540] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000076cf16bd 2 bytes JMP 754e8671 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe[2632] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000076cf1401 2 bytes JMP 7546b21b C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe[2632] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000076cf1419 2 bytes JMP 7546b346 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe[2632] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000076cf1431 2 bytes JMP 754e8f29 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe[2632] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000076cf144a 2 bytes CALL 7544489d C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe[2632] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000076cf14dd 2 bytes JMP 754e8822 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe[2632] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000076cf14f5 2 bytes JMP 754e89f8 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe[2632] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000076cf150d 2 bytes JMP 754e8718 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe[2632] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000076cf1525 2 bytes JMP 754e8ae2 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe[2632] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000076cf153d 2 bytes JMP 7545fca8 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe[2632] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000076cf1555 2 bytes JMP 754668ef C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe[2632] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000076cf156d 2 bytes JMP 754e8fe3 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe[2632] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000076cf1585 2 bytes JMP 754e8b42 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe[2632] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000076cf159d 2 bytes JMP 754e86dc C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe[2632] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000076cf15b5 2 bytes JMP 7545fd41 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe[2632] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000076cf15cd 2 bytes JMP 7546b2dc C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe[2632] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000076cf16b2 2 bytes JMP 754e8ea4 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe[2632] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000076cf16bd 2 bytes JMP 754e8671 C:\Windows\syswow64\kernel32.dll .text C:\Windows\system32\taskhost.exe[2704] C:\Windows\SYSTEM32\ntdll.dll!RtlEqualSid + 1 0000000077478731 11 bytes [B8, F9, 04, B6, 75, 00, 00, ...] .text C:\Windows\system32\taskhost.exe[2704] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateProcessParametersEx + 1 0000000077486761 7 bytes [B8, 39, 69, B5, 75, 00, 00] .text C:\Windows\system32\taskhost.exe[2704] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateProcessParametersEx + 10 000000007748676a 2 bytes [50, C3] .text C:\Windows\system32\taskhost.exe[2704] C:\Windows\SYSTEM32\ntdll.dll!NtClose 000000007749dca0 6 bytes [48, B8, 79, C2, B5, 75] .text C:\Windows\system32\taskhost.exe[2704] C:\Windows\SYSTEM32\ntdll.dll!NtClose + 8 000000007749dca8 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\taskhost.exe[2704] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess 000000007749dd70 6 bytes [48, B8, 39, AF, B5, 75] .text C:\Windows\system32\taskhost.exe[2704] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess + 8 000000007749dd78 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\taskhost.exe[2704] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationToken 000000007749ddc0 6 bytes [48, B8, 39, 03, B6, 75] .text C:\Windows\system32\taskhost.exe[2704] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationToken + 8 000000007749ddc8 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\taskhost.exe[2704] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 000000007749de10 6 bytes [48, B8, F9, 32, B5, 75] .text C:\Windows\system32\taskhost.exe[2704] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess + 8 000000007749de18 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\taskhost.exe[2704] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 000000007749de30 6 bytes [48, B8, 39, 1C, B5, 75] .text C:\Windows\system32\taskhost.exe[2704] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection + 8 000000007749de38 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\taskhost.exe[2704] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection 000000007749de50 6 bytes [48, B8, F9, 1D, B5, 75] .text C:\Windows\system32\taskhost.exe[2704] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection + 8 000000007749de58 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\taskhost.exe[2704] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000000007749de70 6 bytes [48, B8, 79, AD, B5, 75] .text C:\Windows\system32\taskhost.exe[2704] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess + 8 000000007749de78 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\taskhost.exe[2704] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000000007749df50 6 bytes [48, B8, 79, 2F, B5, 75] .text C:\Windows\system32\taskhost.exe[2704] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory + 8 000000007749df58 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\taskhost.exe[2704] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 000000007749df70 6 bytes [48, B8, 79, 36, B5, 75] .text C:\Windows\system32\taskhost.exe[2704] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject + 8 000000007749df78 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\taskhost.exe[2704] C:\Windows\SYSTEM32\ntdll.dll!NtAdjustPrivilegesToken 000000007749dfc0 6 bytes [48, B8, 79, DE, B5, 75] .text C:\Windows\system32\taskhost.exe[2704] C:\Windows\SYSTEM32\ntdll.dll!NtAdjustPrivilegesToken + 8 000000007749dfc8 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\taskhost.exe[2704] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 000000007749e000 6 bytes [48, B8, B9, 34, B5, 75] .text C:\Windows\system32\taskhost.exe[2704] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread + 8 000000007749e008 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\taskhost.exe[2704] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcessEx 000000007749e080 6 bytes [48, B8, 39, 2A, B5, 75] .text C:\Windows\system32\taskhost.exe[2704] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcessEx + 8 000000007749e088 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\taskhost.exe[2704] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 000000007749e090 6 bytes [48, B8, B9, 26, B5, 75] .text C:\Windows\system32\taskhost.exe[2704] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread + 8 000000007749e098 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\taskhost.exe[2704] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 000000007749e100 6 bytes [48, B8, 39, E0, B5, 75] .text C:\Windows\system32\taskhost.exe[2704] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile + 8 000000007749e108 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\taskhost.exe[2704] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcess 000000007749e5d0 6 bytes [48, B8, 79, 28, B5, 75] .text C:\Windows\system32\taskhost.exe[2704] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcess + 8 000000007749e5d8 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\taskhost.exe[2704] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 000000007749e630 6 bytes [48, B8, F9, 24, B5, 75] .text C:\Windows\system32\taskhost.exe[2704] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx + 8 000000007749e638 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\taskhost.exe[2704] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 000000007749e9a0 6 bytes [48, B8, 39, C4, B5, 75] .text C:\Windows\system32\taskhost.exe[2704] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver + 8 000000007749e9a8 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\taskhost.exe[2704] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcessToken 000000007749eb70 6 bytes [48, B8, 79, 01, B6, 75] .text C:\Windows\system32\taskhost.exe[2704] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcessToken + 8 000000007749eb78 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\taskhost.exe[2704] C:\Windows\SYSTEM32\ntdll.dll!NtRaiseHardError 000000007749eee0 6 bytes [48, B8, 79, 83, B5, 75] .text C:\Windows\system32\taskhost.exe[2704] C:\Windows\SYSTEM32\ntdll.dll!NtRaiseHardError + 8 000000007749eee8 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\taskhost.exe[2704] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 000000007749f0e0 6 bytes [48, B8, 39, 31, B5, 75] .text C:\Windows\system32\taskhost.exe[2704] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread + 8 000000007749f0e8 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\taskhost.exe[2704] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 000000007749f2a0 6 bytes [48, B8, F9, C5, B5, 75] .text C:\Windows\system32\taskhost.exe[2704] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation + 8 000000007749f2a8 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\taskhost.exe[2704] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 000000007749f380 6 bytes [48, B8, 79, 3D, B5, 75] .text C:\Windows\system32\taskhost.exe[2704] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess + 8 000000007749f388 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\taskhost.exe[2704] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 000000007749f390 6 bytes [48, B8, B9, 3B, B5, 75] .text C:\Windows\system32\taskhost.exe[2704] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread + 8 000000007749f398 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\taskhost.exe[2704] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 000000007749f480 6 bytes [48, B8, 39, 0A, B6, 75] .text C:\Windows\system32\taskhost.exe[2704] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl + 8 000000007749f488 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\taskhost.exe[2704] C:\Windows\SYSTEM32\ntdll.dll!RtlReportException + 1 000000007750ed21 11 bytes [B8, 39, 85, B5, 75, 00, 00, ...] .text C:\Windows\system32\taskhost.exe[2704] C:\Windows\system32\kernel32.dll!Process32NextW + 1 0000000077231b21 11 bytes [B8, B9, C0, B5, 75, 00, 00, ...] .text C:\Windows\system32\taskhost.exe[2704] C:\Windows\system32\kernel32.dll!CreateToolhelp32Snapshot 0000000077231c10 12 bytes [48, B8, F9, 39, B5, 75, 00, ...] .text C:\Windows\system32\taskhost.exe[2704] C:\Windows\system32\kernel32.dll!MoveFileExW + 1 0000000077232b61 8 bytes [B8, B9, D5, B5, 75, 00, 00, ...] .text C:\Windows\system32\taskhost.exe[2704] C:\Windows\system32\kernel32.dll!MoveFileExW + 10 0000000077232b6a 2 bytes [50, C3] .text C:\Windows\system32\taskhost.exe[2704] C:\Windows\system32\kernel32.dll!CreateProcessInternalW 000000007724dbc0 12 bytes [48, B8, B9, 2D, B5, 75, 00, ...] .text C:\Windows\system32\taskhost.exe[2704] C:\Windows\system32\kernel32.dll!GetStartupInfoA + 1 0000000077250941 11 bytes [B8, 79, 08, B6, 75, 00, 00, ...] .text C:\Windows\system32\taskhost.exe[2704] C:\Windows\system32\kernel32.dll!ReadConsoleInputW + 1 0000000077285321 11 bytes [B8, B9, 7A, B5, 75, 00, 00, ...] .text C:\Windows\system32\taskhost.exe[2704] C:\Windows\system32\kernel32.dll!ReadConsoleInputA + 1 0000000077285341 11 bytes [B8, 39, 77, B5, 75, 00, 00, ...] .text C:\Windows\system32\taskhost.exe[2704] C:\Windows\system32\kernel32.dll!ReadConsoleW 000000007729a650 12 bytes [48, B8, B9, 81, B5, 75, 00, ...] .text C:\Windows\system32\taskhost.exe[2704] C:\Windows\system32\kernel32.dll!ReadConsoleA 000000007729a760 12 bytes [48, B8, 39, 7E, B5, 75, 00, ...] .text C:\Windows\system32\taskhost.exe[2704] C:\Windows\system32\kernel32.dll!MoveFileWithProgressW + 1 00000000772bf501 11 bytes [B8, B9, DC, B5, 75, 00, 00, ...] .text C:\Windows\system32\taskhost.exe[2704] C:\Windows\system32\kernel32.dll!MoveFileWithProgressA + 1 00000000772bf701 11 bytes [B8, 39, D9, B5, 75, 00, 00, ...] .text C:\Windows\system32\taskhost.exe[2704] C:\Windows\system32\kernel32.dll!MoveFileExA + 1 00000000772bf731 8 bytes [B8, 39, D2, B5, 75, 00, 00, ...] .text C:\Windows\system32\taskhost.exe[2704] C:\Windows\system32\kernel32.dll!MoveFileExA + 10 00000000772bf73a 2 bytes [50, C3] .text C:\Windows\system32\taskhost.exe[2704] C:\Windows\system32\KERNELBASE.dll!CloseHandle + 1 000007fefd231861 11 bytes [B8, 79, 52, B5, 75, 00, 00, ...] .text C:\Windows\system32\taskhost.exe[2704] C:\Windows\system32\KERNELBASE.dll!GetProcAddress + 1 000007fefd2330f1 11 bytes [B8, 39, B6, B5, 75, 00, 00, ...] .text C:\Windows\system32\taskhost.exe[2704] C:\Windows\system32\KERNELBASE.dll!FindFirstFileExW 000007fefd235200 12 bytes [48, B8, B9, E3, B5, 75, 00, ...] .text C:\Windows\system32\taskhost.exe[2704] C:\Windows\system32\KERNELBASE.dll!FindNextFileW + 1 000007fefd235b91 11 bytes [B8, 79, E5, B5, 75, 00, 00, ...] .text C:\Windows\system32\taskhost.exe[2704] C:\Windows\system32\KERNELBASE.dll!CreateMutexW 000007fefd238c00 12 bytes [48, B8, B9, 50, B5, 75, 00, ...] .text C:\Windows\system32\taskhost.exe[2704] C:\Windows\system32\KERNELBASE.dll!CreateWellKnownSid + 1 000007fefd239531 11 bytes [B8, B9, FF, B5, 75, 00, 00, ...] .text C:\Windows\system32\taskhost.exe[2704] C:\Windows\system32\KERNELBASE.dll!DeviceIoControl + 1 000007fefd239e71 11 bytes [B8, F9, E1, B5, 75, 00, 00, ...] .text C:\Windows\system32\taskhost.exe[2704] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExA + 1 000007fefd23b591 11 bytes [B8, F9, B0, B5, 75, 00, 00, ...] .text C:\Windows\system32\taskhost.exe[2704] C:\Windows\system32\KERNELBASE.dll!OpenMutexW + 1 000007fefd242361 11 bytes [B8, F9, 4E, B5, 75, 00, 00, ...] .text C:\Windows\system32\taskhost.exe[2704] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd24a590 12 bytes [48, B8, B9, B2, B5, 75, 00, ...] .text C:\Windows\system32\taskhost.exe[2704] C:\Windows\system32\KERNELBASE.dll!FreeLibrary + 1 000007fefd24ac01 11 bytes [B8, 79, B4, B5, 75, 00, 00, ...] .text C:\Windows\system32\taskhost.exe[2704] C:\Windows\system32\KERNELBASE.dll!WriteProcessMemory 000007fefd2642e0 12 bytes [48, B8, B9, 42, B5, 75, 00, ...] .text C:\Windows\system32\taskhost.exe[2704] C:\Windows\system32\KERNELBASE.dll!DefineDosDeviceW + 1 000007fefd270ba1 11 bytes [B8, B9, CE, B5, 75, 00, 00, ...] .text C:\Windows\system32\taskhost.exe[2704] C:\Windows\system32\KERNELBASE.dll!CreateRemoteThread + 1 000007fefd272801 8 bytes [B8, 39, 23, B5, 75, 00, 00, ...] .text C:\Windows\system32\taskhost.exe[2704] C:\Windows\system32\KERNELBASE.dll!CreateRemoteThread + 10 000007fefd27280a 2 bytes [50, C3] .text C:\Windows\system32\taskhost.exe[2704] C:\Windows\system32\KERNELBASE.dll!CreateThread + 1 000007fefd272841 11 bytes [B8, F9, 40, B5, 75, 00, 00, ...] .text C:\Windows\system32\taskhost.exe[2704] C:\Windows\SYSTEM32\sechost.dll!ControlService + 1 000007fefdc0642d 11 bytes [B8, 39, 5B, B5, 75, 00, 00, ...] .text C:\Windows\system32\taskhost.exe[2704] C:\Windows\SYSTEM32\sechost.dll!OpenServiceW 000007fefdc06484 12 bytes [48, B8, F9, 55, B5, 75, 00, ...] .text C:\Windows\system32\taskhost.exe[2704] C:\Windows\SYSTEM32\sechost.dll!CloseServiceHandle + 1 000007fefdc06519 11 bytes [B8, 39, 62, B5, 75, 00, 00, ...] .text C:\Windows\system32\taskhost.exe[2704] C:\Windows\SYSTEM32\sechost.dll!OpenServiceA 000007fefdc06c34 12 bytes [48, B8, 39, 54, B5, 75, 00, ...] .text C:\Windows\system32\taskhost.exe[2704] C:\Windows\SYSTEM32\sechost.dll!DeleteService + 1 000007fefdc07ab5 11 bytes [B8, F9, 5C, B5, 75, 00, 00, ...] .text C:\Windows\system32\taskhost.exe[2704] C:\Windows\SYSTEM32\sechost.dll!ControlServiceExA + 1 000007fefdc08b01 11 bytes [B8, B9, 57, B5, 75, 00, 00, ...] .text C:\Windows\system32\taskhost.exe[2704] C:\Windows\SYSTEM32\sechost.dll!ControlServiceExW + 1 000007fefdc08c39 11 bytes [B8, 79, 59, B5, 75, 00, 00, ...] .text C:\Windows\system32\taskhost.exe[2704] C:\Windows\system32\ADVAPI32.dll!CryptExportKey + 1 000007fefe3fae81 11 bytes [B8, B9, F8, B5, 75, 00, 00, ...] .text C:\Windows\system32\taskhost.exe[2704] C:\Windows\system32\ADVAPI32.dll!CryptAcquireContextA + 1 000007fefe3faee1 11 bytes [B8, 39, E7, B5, 75, 00, 00, ...] .text C:\Windows\system32\taskhost.exe[2704] C:\Windows\system32\ADVAPI32.dll!CryptImportKey + 1 000007fefe3fe6e9 11 bytes [B8, F9, FD, B5, 75, 00, 00, ...] .text C:\Windows\system32\taskhost.exe[2704] C:\Windows\system32\ADVAPI32.dll!CryptAcquireContextW + 1 000007fefe40048d 11 bytes [B8, F9, E8, B5, 75, 00, 00, ...] .text C:\Windows\system32\taskhost.exe[2704] C:\Windows\system32\ADVAPI32.dll!CryptCreateHash + 1 000007fefe400579 11 bytes [B8, F9, F6, B5, 75, 00, 00, ...] .text C:\Windows\system32\taskhost.exe[2704] C:\Windows\system32\ADVAPI32.dll!CryptGetHashParam + 1 000007fefe4005b1 11 bytes [B8, 79, FA, B5, 75, 00, 00, ...] .text C:\Windows\system32\taskhost.exe[2704] C:\Windows\system32\ADVAPI32.dll!CryptGetHashParam + 73 000007fefe4005f9 5 bytes [B8, 39, FC, B5, 75] .text ... * 2 .text C:\Windows\system32\taskhost.exe[2704] C:\Windows\system32\ADVAPI32.dll!IsTextUnicode + 49 000007fefe414e21 11 bytes [B8, 39, 11, B6, 75, 00, 00, ...] .text C:\Windows\system32\taskhost.exe[2704] C:\Windows\system32\ADVAPI32.dll!CreateServiceW 000007fefe415538 12 bytes [48, B8, B9, 6C, B5, 75, 00, ...] .text C:\Windows\system32\taskhost.exe[2704] C:\Windows\system32\ADVAPI32.dll!CryptEncrypt + 1 000007fefe42b9c1 7 bytes [B8, 79, EC, B5, 75, 00, 00] .text C:\Windows\system32\taskhost.exe[2704] C:\Windows\system32\ADVAPI32.dll!CryptEncrypt + 10 000007fefe42b9ca 2 bytes [50, C3] .text C:\Windows\system32\taskhost.exe[2704] C:\Windows\system32\ADVAPI32.dll!CreateServiceA 000007fefe42ba4c 12 bytes [48, B8, F9, 6A, B5, 75, 00, ...] .text C:\Windows\system32\taskhost.exe[2704] C:\Windows\system32\ADVAPI32.dll!ChangeServiceConfigW 000007fefe42bbc0 12 bytes [48, B8, 79, 60, B5, 75, 00, ...] .text C:\Windows\system32\taskhost.exe[2704] C:\Windows\system32\ADVAPI32.dll!ChangeServiceConfigA 000007fefe42bc2c 12 bytes [48, B8, B9, 5E, B5, 75, 00, ...] .text C:\Windows\Explorer.EXE[2916] C:\Windows\SYSTEM32\ntdll.dll!RtlEqualSid + 1 0000000077478731 11 bytes [B8, B9, 8F, B5, 75, 00, 00, ...] .text C:\Windows\Explorer.EXE[2916] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateProcessParametersEx + 1 0000000077486761 7 bytes [B8, F9, 55, B5, 75, 00, 00] .text C:\Windows\Explorer.EXE[2916] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateProcessParametersEx + 10 000000007748676a 2 bytes [50, C3] .text C:\Windows\Explorer.EXE[2916] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess 000000007749dd70 6 bytes [48, B8, F9, 5C, B5, 75] .text C:\Windows\Explorer.EXE[2916] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess + 8 000000007749dd78 4 bytes [00, 00, 50, C3] .text C:\Windows\Explorer.EXE[2916] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationToken 000000007749ddc0 6 bytes [48, B8, F9, 8D, B5, 75] .text C:\Windows\Explorer.EXE[2916] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationToken + 8 000000007749ddc8 4 bytes [00, 00, 50, C3] .text C:\Windows\Explorer.EXE[2916] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 000000007749de10 6 bytes [48, B8, F9, 32, B5, 75] .text C:\Windows\Explorer.EXE[2916] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess + 8 000000007749de18 4 bytes [00, 00, 50, C3] .text C:\Windows\Explorer.EXE[2916] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 000000007749de30 6 bytes [48, B8, 39, 1C, B5, 75] .text C:\Windows\Explorer.EXE[2916] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection + 8 000000007749de38 4 bytes [00, 00, 50, C3] .text C:\Windows\Explorer.EXE[2916] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection 000000007749de50 6 bytes [48, B8, F9, 1D, B5, 75] .text C:\Windows\Explorer.EXE[2916] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection + 8 000000007749de58 4 bytes [00, 00, 50, C3] .text C:\Windows\Explorer.EXE[2916] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000000007749de70 6 bytes [48, B8, 39, 5B, B5, 75] .text C:\Windows\Explorer.EXE[2916] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess + 8 000000007749de78 4 bytes [00, 00, 50, C3] .text C:\Windows\Explorer.EXE[2916] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000000007749df50 6 bytes [48, B8, 79, 2F, B5, 75] .text C:\Windows\Explorer.EXE[2916] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory + 8 000000007749df58 4 bytes [00, 00, 50, C3] .text C:\Windows\Explorer.EXE[2916] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 000000007749df70 6 bytes [48, B8, 79, 36, B5, 75] .text C:\Windows\Explorer.EXE[2916] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject + 8 000000007749df78 4 bytes [00, 00, 50, C3] .text C:\Windows\Explorer.EXE[2916] C:\Windows\SYSTEM32\ntdll.dll!NtAdjustPrivilegesToken 000000007749dfc0 6 bytes [48, B8, F9, 71, B5, 75] .text C:\Windows\Explorer.EXE[2916] C:\Windows\SYSTEM32\ntdll.dll!NtAdjustPrivilegesToken + 8 000000007749dfc8 4 bytes [00, 00, 50, C3] .text C:\Windows\Explorer.EXE[2916] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 000000007749e000 6 bytes [48, B8, B9, 34, B5, 75] .text C:\Windows\Explorer.EXE[2916] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread + 8 000000007749e008 4 bytes [00, 00, 50, C3] .text C:\Windows\Explorer.EXE[2916] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcessEx 000000007749e080 6 bytes [48, B8, 39, 2A, B5, 75] .text C:\Windows\Explorer.EXE[2916] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcessEx + 8 000000007749e088 4 bytes [00, 00, 50, C3] .text C:\Windows\Explorer.EXE[2916] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 000000007749e090 6 bytes [48, B8, B9, 26, B5, 75] .text C:\Windows\Explorer.EXE[2916] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread + 8 000000007749e098 4 bytes [00, 00, 50, C3] .text C:\Windows\Explorer.EXE[2916] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 000000007749e100 6 bytes [48, B8, B9, 73, B5, 75] .text C:\Windows\Explorer.EXE[2916] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile + 8 000000007749e108 4 bytes [00, 00, 50, C3] .text C:\Windows\Explorer.EXE[2916] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcess 000000007749e5d0 6 bytes [48, B8, 79, 28, B5, 75] .text C:\Windows\Explorer.EXE[2916] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcess + 8 000000007749e5d8 4 bytes [00, 00, 50, C3] .text C:\Windows\Explorer.EXE[2916] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 000000007749e630 6 bytes [48, B8, F9, 24, B5, 75] .text C:\Windows\Explorer.EXE[2916] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx + 8 000000007749e638 4 bytes [00, 00, 50, C3] .text C:\Windows\Explorer.EXE[2916] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 000000007749e9a0 6 bytes [48, B8, B9, 5E, B5, 75] .text C:\Windows\Explorer.EXE[2916] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver + 8 000000007749e9a8 4 bytes [00, 00, 50, C3] .text C:\Windows\Explorer.EXE[2916] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcessToken 000000007749eb70 6 bytes [48, B8, 39, 8C, B5, 75] .text C:\Windows\Explorer.EXE[2916] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcessToken + 8 000000007749eb78 4 bytes [00, 00, 50, C3] .text C:\Windows\Explorer.EXE[2916] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 000000007749f0e0 6 bytes [48, B8, 39, 31, B5, 75] .text C:\Windows\Explorer.EXE[2916] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread + 8 000000007749f0e8 4 bytes [00, 00, 50, C3] .text C:\Windows\Explorer.EXE[2916] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 000000007749f2a0 6 bytes [48, B8, 79, 60, B5, 75] .text C:\Windows\Explorer.EXE[2916] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation + 8 000000007749f2a8 4 bytes [00, 00, 50, C3] .text C:\Windows\Explorer.EXE[2916] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 000000007749f380 6 bytes [48, B8, 79, 3D, B5, 75] .text C:\Windows\Explorer.EXE[2916] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess + 8 000000007749f388 4 bytes [00, 00, 50, C3] .text C:\Windows\Explorer.EXE[2916] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 000000007749f390 6 bytes [48, B8, B9, 3B, B5, 75] .text C:\Windows\Explorer.EXE[2916] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread + 8 000000007749f398 4 bytes [00, 00, 50, C3] .text C:\Windows\Explorer.EXE[2916] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 000000007749f480 6 bytes [48, B8, F9, 94, B5, 75] .text C:\Windows\Explorer.EXE[2916] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl + 8 000000007749f488 4 bytes [00, 00, 50, C3] .text C:\Windows\Explorer.EXE[2916] C:\Windows\system32\kernel32.dll!CreateToolhelp32Snapshot 0000000077231c10 12 bytes [48, B8, F9, 39, B5, 75, 00, ...] .text C:\Windows\Explorer.EXE[2916] C:\Windows\system32\kernel32.dll!MoveFileExW + 1 0000000077232b61 8 bytes [B8, 39, 69, B5, 75, 00, 00, ...] .text C:\Windows\Explorer.EXE[2916] C:\Windows\system32\kernel32.dll!MoveFileExW + 10 0000000077232b6a 2 bytes [50, C3] .text C:\Windows\Explorer.EXE[2916] C:\Windows\system32\kernel32.dll!CreateProcessInternalW 000000007724dbc0 12 bytes [48, B8, B9, 2D, B5, 75, 00, ...] .text C:\Windows\Explorer.EXE[2916] C:\Windows\system32\kernel32.dll!GetStartupInfoA + 1 0000000077250941 11 bytes [B8, 39, 93, B5, 75, 00, 00, ...] .text C:\Windows\Explorer.EXE[2916] C:\Windows\system32\kernel32.dll!MoveFileWithProgressW + 1 00000000772bf501 11 bytes [B8, 39, 70, B5, 75, 00, 00, ...] .text C:\Windows\Explorer.EXE[2916] C:\Windows\system32\kernel32.dll!MoveFileWithProgressA + 1 00000000772bf701 11 bytes [B8, B9, 6C, B5, 75, 00, 00, ...] .text C:\Windows\Explorer.EXE[2916] C:\Windows\system32\kernel32.dll!MoveFileExA + 1 00000000772bf731 8 bytes [B8, B9, 65, B5, 75, 00, 00, ...] .text C:\Windows\Explorer.EXE[2916] C:\Windows\system32\kernel32.dll!MoveFileExA + 10 00000000772bf73a 2 bytes [50, C3] .text C:\Windows\Explorer.EXE[2916] C:\Windows\system32\KERNELBASE.dll!FindFirstFileExW 000007fefd235200 12 bytes [48, B8, 39, 77, B5, 75, 00, ...] .text C:\Windows\Explorer.EXE[2916] C:\Windows\system32\KERNELBASE.dll!FindNextFileW + 1 000007fefd235b91 11 bytes [B8, F9, 78, B5, 75, 00, 00, ...] .text C:\Windows\Explorer.EXE[2916] C:\Windows\system32\KERNELBASE.dll!CreateWellKnownSid + 1 000007fefd239531 11 bytes [B8, 79, 8A, B5, 75, 00, 00, ...] .text C:\Windows\Explorer.EXE[2916] C:\Windows\system32\KERNELBASE.dll!DeviceIoControl + 1 000007fefd239e71 11 bytes [B8, 79, 75, B5, 75, 00, 00, ...] .text C:\Windows\Explorer.EXE[2916] C:\Windows\system32\KERNELBASE.dll!WriteProcessMemory 000007fefd2642e0 12 bytes [48, B8, B9, 42, B5, 75, 00, ...] .text C:\Windows\Explorer.EXE[2916] C:\Windows\system32\KERNELBASE.dll!DefineDosDeviceW + 1 000007fefd270ba1 11 bytes [B8, 39, 62, B5, 75, 00, 00, ...] .text C:\Windows\Explorer.EXE[2916] C:\Windows\system32\KERNELBASE.dll!CreateRemoteThread + 1 000007fefd272801 8 bytes [B8, 39, 23, B5, 75, 00, 00, ...] .text C:\Windows\Explorer.EXE[2916] C:\Windows\system32\KERNELBASE.dll!CreateRemoteThread + 10 000007fefd27280a 2 bytes [50, C3] .text C:\Windows\Explorer.EXE[2916] C:\Windows\system32\KERNELBASE.dll!CreateThread + 1 000007fefd272841 11 bytes [B8, F9, 40, B5, 75, 00, 00, ...] .text C:\Windows\Explorer.EXE[2916] C:\Windows\system32\ADVAPI32.dll!CryptExportKey + 1 000007fefe3fae81 11 bytes [B8, 79, 83, B5, 75, 00, 00, ...] .text C:\Windows\Explorer.EXE[2916] C:\Windows\system32\ADVAPI32.dll!CryptAcquireContextA + 1 000007fefe3faee1 11 bytes [B8, B9, 7A, B5, 75, 00, 00, ...] .text C:\Windows\Explorer.EXE[2916] C:\Windows\system32\ADVAPI32.dll!CryptImportKey + 1 000007fefe3fe6e9 11 bytes [B8, B9, 88, B5, 75, 00, 00, ...] .text C:\Windows\Explorer.EXE[2916] C:\Windows\system32\ADVAPI32.dll!CryptAcquireContextW + 1 000007fefe40048d 11 bytes [B8, 79, 7C, B5, 75, 00, 00, ...] .text C:\Windows\Explorer.EXE[2916] C:\Windows\system32\ADVAPI32.dll!CryptCreateHash + 1 000007fefe400579 11 bytes [B8, B9, 81, B5, 75, 00, 00, ...] .text C:\Windows\Explorer.EXE[2916] C:\Windows\system32\ADVAPI32.dll!CryptGetHashParam + 1 000007fefe4005b1 11 bytes [B8, 39, 85, B5, 75, 00, 00, ...] .text C:\Windows\Explorer.EXE[2916] C:\Windows\system32\ADVAPI32.dll!CryptGetHashParam + 73 000007fefe4005f9 5 bytes [B8, F9, 86, B5, 75] .text ... * 2 .text C:\Windows\Explorer.EXE[2916] C:\Windows\system32\ADVAPI32.dll!IsTextUnicode + 49 000007fefe414e21 11 bytes [B8, B9, 9D, B5, 75, 00, 00, ...] .text C:\Windows\Explorer.EXE[2916] C:\Windows\system32\ADVAPI32.dll!CreateServiceW 000007fefe415538 12 bytes [48, B8, 79, 59, B5, 75, 00, ...] .text C:\Windows\Explorer.EXE[2916] C:\Windows\system32\ADVAPI32.dll!CryptEncrypt + 1 000007fefe42b9c1 7 bytes [B8, F9, 7F, B5, 75, 00, 00] .text C:\Windows\Explorer.EXE[2916] C:\Windows\system32\ADVAPI32.dll!CryptEncrypt + 10 000007fefe42b9ca 2 bytes [50, C3] .text C:\Windows\Explorer.EXE[2916] C:\Windows\system32\ADVAPI32.dll!CreateServiceA 000007fefe42ba4c 12 bytes [48, B8, B9, 57, B5, 75, 00, ...] .text C:\Windows\Explorer.EXE[2916] C:\Windows\system32\ADVAPI32.dll!ChangeServiceConfigW 000007fefe42bbc0 12 bytes [48, B8, B9, 50, B5, 75, 00, ...] .text C:\Windows\Explorer.EXE[2916] C:\Windows\system32\ADVAPI32.dll!ChangeServiceConfigA 000007fefe42bc2c 12 bytes [48, B8, F9, 4E, B5, 75, 00, ...] .text C:\Windows\Explorer.EXE[2916] C:\Windows\SYSTEM32\sechost.dll!ControlService + 1 000007fefdc0642d 11 bytes [B8, 79, 4B, B5, 75, 00, 00, ...] .text C:\Windows\Explorer.EXE[2916] C:\Windows\SYSTEM32\sechost.dll!OpenServiceW 000007fefdc06484 12 bytes [48, B8, 39, 46, B5, 75, 00, ...] .text C:\Windows\Explorer.EXE[2916] C:\Windows\SYSTEM32\sechost.dll!CloseServiceHandle + 1 000007fefdc06519 11 bytes [B8, 79, 52, B5, 75, 00, 00, ...] .text C:\Windows\Explorer.EXE[2916] C:\Windows\SYSTEM32\sechost.dll!OpenServiceA 000007fefdc06c34 12 bytes [48, B8, 79, 44, B5, 75, 00, ...] .text C:\Windows\Explorer.EXE[2916] C:\Windows\SYSTEM32\sechost.dll!DeleteService + 1 000007fefdc07ab5 11 bytes [B8, 39, 4D, B5, 75, 00, 00, ...] .text C:\Windows\Explorer.EXE[2916] C:\Windows\SYSTEM32\sechost.dll!ControlServiceExA + 1 000007fefdc08b01 11 bytes [B8, F9, 47, B5, 75, 00, 00, ...] .text C:\Windows\Explorer.EXE[2916] C:\Windows\SYSTEM32\sechost.dll!ControlServiceExW + 1 000007fefdc08c39 11 bytes [B8, B9, 49, B5, 75, 00, 00, ...] .text C:\Windows\Explorer.EXE[2916] C:\Windows\system32\WS2_32.dll!connect 000007fefdeb45c0 12 bytes [48, B8, 39, 54, B5, 75, 00, ...] .text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[2972] C:\Windows\SysWOW64\ntdll.dll!NtClose 000000007764fa2c 5 bytes JMP 0000000173785e61 .text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[2972] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationProcess 000000007764fb74 5 bytes JMP 0000000173785871 .text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[2972] C:\Windows\SysWOW64\ntdll.dll!NtQueryInformationToken 000000007764fbf4 5 bytes JMP 00000001737873c1 .text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[2972] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess 000000007764fc6c 5 bytes JMP 00000001737831d9 .text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[2972] C:\Windows\SysWOW64\ntdll.dll!NtMapViewOfSection 000000007764fc9c 5 bytes JMP 00000001737815f1 .text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[2972] C:\Windows\SysWOW64\ntdll.dll!NtUnmapViewOfSection 000000007764fccc 5 bytes JMP 0000000173781689 .text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[2972] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 000000007764fcfc 5 bytes JMP 00000001737857d9 .text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[2972] C:\Windows\SysWOW64\ntdll.dll!NtWriteVirtualMemory 000000007764fe60 5 bytes JMP 00000001737830a9 .text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[2972] C:\Windows\SysWOW64\ntdll.dll!NtDuplicateObject 000000007764fe90 5 bytes JMP 0000000173783309 .text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[2972] C:\Windows\SysWOW64\ntdll.dll!NtAdjustPrivilegesToken 000000007764ff0c 5 bytes JMP 00000001737867e1 .text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[2972] C:\Windows\SysWOW64\ntdll.dll!NtQueueApcThread 000000007764ff70 5 bytes JMP 0000000173783271 .text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[2972] C:\Windows\SysWOW64\ntdll.dll!NtCreateProcessEx 0000000077650038 5 bytes JMP 0000000173782ee1 .text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[2972] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread 0000000077650050 5 bytes JMP 0000000173782db1 .text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[2972] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile 0000000077650100 5 bytes JMP 0000000173781ed9 .text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[2972] C:\Windows\SysWOW64\ntdll.dll!NtSetValueKey 0000000077650210 5 bytes JMP 0000000173782301 .text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[2972] C:\Windows\SysWOW64\ntdll.dll!NtCreateProcess 0000000077650860 5 bytes JMP 0000000173782e49 .text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[2972] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx 00000000776508f0 5 bytes JMP 0000000173782d19 .text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[2972] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver 0000000077650e40 5 bytes JMP 0000000173785ef9 .text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[2972] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessToken 000000007765110c 5 bytes JMP 0000000173787329 .text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[2972] C:\Windows\SysWOW64\ntdll.dll!NtRaiseHardError 0000000077651650 5 bytes JMP 0000000173784ac9 .text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[2972] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread 000000007765196c 5 bytes JMP 0000000173783141 .text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[2972] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation 0000000077651c30 5 bytes JMP 0000000173785f91 .text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[2972] C:\Windows\SysWOW64\ntdll.dll!NtSuspendProcess 0000000077651da0 5 bytes JMP 0000000173783439 .text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[2972] C:\Windows\SysWOW64\ntdll.dll!NtSuspendThread 0000000077651dbc 5 bytes JMP 00000001737833a1 .text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[2972] C:\Windows\SysWOW64\ntdll.dll!NtVdmControl 0000000077651f34 5 bytes JMP 00000001737874f1 .text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[2972] C:\Windows\SysWOW64\ntdll.dll!RtlQueryPerformanceCounter 0000000077664964 5 bytes JMP 0000000173781ab1 .text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[2972] C:\Windows\SysWOW64\ntdll.dll!RtlEqualSid 0000000077670fe1 5 bytes JMP 0000000173787459 .text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[2972] C:\Windows\SysWOW64\ntdll.dll!RtlCreateProcessParametersEx 0000000077690f4b 5 bytes JMP 0000000173782009 .text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[2972] C:\Windows\SysWOW64\ntdll.dll!RtlReportException 00000000776d88cf 5 bytes JMP 0000000173784b61 .text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[2972] C:\Windows\SysWOW64\ntdll.dll!RtlCreateProcessParameters 00000000776deb6b 5 bytes JMP 0000000173781f71 .text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[2972] C:\Windows\syswow64\kernel32.dll!GetStartupInfoA 0000000075440e00 5 bytes JMP 0000000173781da9 .text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[2972] C:\Windows\syswow64\kernel32.dll!CreateProcessA 0000000075441072 5 bytes JMP 0000000173782a21 .text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[2972] C:\Windows\syswow64\kernel32.dll!LoadLibraryA 000000007544498f 5 bytes JMP 00000001737825f9 .text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[2972] C:\Windows\syswow64\kernel32.dll!CreateProcessInternalW 0000000075453bab 5 bytes JMP 0000000173783011 .text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[2972] C:\Windows\syswow64\kernel32.dll!MoveFileWithProgressW 0000000075459aa4 5 bytes JMP 0000000173786749 .text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[2972] C:\Windows\syswow64\kernel32.dll!MoveFileExW 0000000075459b05 5 bytes JMP 00000001737864e9 .text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[2972] C:\Windows\syswow64\kernel32.dll!CreateToolhelp32Snapshot 0000000075467327 5 bytes JMP 0000000173782729 .text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[2972] C:\Windows\syswow64\kernel32.dll!Process32NextW 00000000754688da 5 bytes JMP 0000000173785dc9 .text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[2972] C:\Windows\syswow64\kernel32.dll!MoveFileExA 000000007546ccb1 5 bytes JMP 00000001737863b9 .text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[2972] C:\Windows\syswow64\kernel32.dll!MoveFileWithProgressA 000000007546ccd1 5 bytes JMP 0000000173786619 .text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[2972] C:\Windows\syswow64\kernel32.dll!WinExec 00000000754c3051 5 bytes JMP 00000001737828f1 .text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[2972] C:\Windows\syswow64\kernel32.dll!ReadConsoleInputA 00000000754e751b 5 bytes JMP 00000001737846a1 .text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[2972] C:\Windows\syswow64\kernel32.dll!ReadConsoleInputW 00000000754e753e 5 bytes JMP 00000001737847d1 .text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[2972] C:\Windows\syswow64\kernel32.dll!ReadConsoleA 00000000754e78e9 5 bytes JMP 0000000173784901 .text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[2972] C:\Windows\syswow64\kernel32.dll!ReadConsoleW 00000000754e7962 5 bytes JMP 0000000173784a31 .text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[2972] C:\Windows\syswow64\KERNELBASE.dll!GetSystemTimeAsFileTime 0000000077018f8d 5 bytes JMP 0000000173781a19 .text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[2972] C:\Windows\syswow64\KERNELBASE.dll!CloseHandle 000000007701c436 5 bytes JMP 0000000173783b59 .text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[2972] C:\Windows\syswow64\KERNELBASE.dll!DeviceIoControl 000000007701d0af 5 bytes JMP 0000000173786879 .text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[2972] C:\Windows\syswow64\KERNELBASE.dll!WriteProcessMemory 000000007701eca6 5 bytes JMP 0000000173783601 .text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[2972] C:\Windows\syswow64\KERNELBASE.dll!ExitProcess 000000007701f206 5 bytes JMP 0000000173782399 .text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[2972] C:\Windows\syswow64\KERNELBASE.dll!GetStartupInfoW 000000007701fa89 5 bytes JMP 0000000173781e41 .text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[2972] C:\Windows\syswow64\KERNELBASE.dll!DefineDosDeviceW 000000007701fbb7 5 bytes JMP 0000000173786289 .text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[2972] C:\Windows\syswow64\KERNELBASE.dll!CreateMutexW 0000000077021358 5 bytes JMP 0000000173783ac1 .text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[2972] C:\Windows\syswow64\KERNELBASE.dll!OpenMutexW 000000007702137f 5 bytes JMP 0000000173783a29 .text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[2972] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000077021d29 5 bytes JMP 0000000173781981 .text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[2972] C:\Windows\syswow64\KERNELBASE.dll!GetProcAddress 0000000077021e15 5 bytes JMP 00000001737824c9 .text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[2972] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000077022ab1 5 bytes JMP 00000001737859a1 .text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[2972] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExA 0000000077022cd9 5 bytes JMP 0000000173785909 .text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[2972] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000077022d17 5 bytes JMP 0000000173785a39 .text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[2972] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleA 0000000077022e7a 5 bytes JMP 00000001737818e9 .text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[2972] C:\Windows\syswow64\KERNELBASE.dll!SleepEx 0000000077023b70 5 bytes JMP 0000000173782269 .text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[2972] C:\Windows\syswow64\KERNELBASE.dll!Sleep 0000000077024496 5 bytes JMP 0000000173782431 .text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[2972] C:\Windows\syswow64\KERNELBASE.dll!CreateThread 0000000077024608 5 bytes JMP 0000000173783569 .text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[2972] C:\Windows\syswow64\KERNELBASE.dll!CreateRemoteThread 0000000077024631 5 bytes JMP 0000000173782c81 .text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[2972] C:\Windows\syswow64\KERNELBASE.dll!FindNextFileW 000000007702a211 5 bytes JMP 00000001737869a9 .text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[2972] C:\Windows\syswow64\KERNELBASE.dll!FindFirstFileExW 000000007702a4fa 5 bytes JMP 0000000173786911 .text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[2972] C:\Windows\syswow64\KERNELBASE.dll!CreateFileA 000000007702c734 5 bytes JMP 00000001737827c1 .text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[2972] C:\Windows\syswow64\KERNELBASE.dll!CreateWellKnownSid 000000007702e29d 5 bytes JMP 0000000173787291 .text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[2972] C:\Windows\syswow64\msvcrt.dll!_lock + 41 000000007504a472 5 bytes JMP 00000001737876b9 .text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[2972] C:\Windows\syswow64\msvcrt.dll!__p__fmode 00000000750527ce 5 bytes JMP 0000000173781be1 .text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[2972] C:\Windows\syswow64\msvcrt.dll!__p__environ 000000007505e6cf 5 bytes JMP 0000000173781b49 .text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[2972] C:\Windows\syswow64\USER32.dll!GetMessageW 00000000771478e2 5 bytes JMP 0000000173784441 .text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[2972] C:\Windows\syswow64\USER32.dll!GetMessageA 0000000077147bd3 5 bytes JMP 00000001737843a9 .text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[2972] C:\Windows\syswow64\USER32.dll!CreateWindowExW 0000000077148a29 5 bytes JMP 0000000173784f89 .text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[2972] C:\Windows\syswow64\USER32.dll!FindWindowW 00000000771498fd 1 byte JMP 0000000173785c01 .text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[2972] C:\Windows\syswow64\USER32.dll!FindWindowW + 2 00000000771498ff 3 bytes {JMP 0xfffffffffc63c304} .text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[2972] C:\Windows\syswow64\USER32.dll!UserClientDllInitialize 000000007714b6ed 5 bytes JMP 0000000173787751 .text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[2972] C:\Windows\syswow64\USER32.dll!CreateWindowExA 000000007714d22e 5 bytes JMP 0000000173785021 .text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[2972] C:\Windows\syswow64\USER32.dll!SetWinEventHook 000000007714ee09 5 bytes JMP 00000001737834d1 .text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[2972] C:\Windows\syswow64\USER32.dll!FindWindowA 000000007714ffe6 5 bytes JMP 0000000173785ad1 .text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[2972] C:\Windows\syswow64\USER32.dll!FindWindowExA 00000000771500d9 5 bytes JMP 0000000173785b69 .text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[2972] C:\Windows\syswow64\USER32.dll!PeekMessageW 00000000771505ba 5 bytes JMP 0000000173784571 .text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[2972] C:\Windows\syswow64\USER32.dll!ShowWindow 0000000077150dfb 5 bytes JMP 00000001737850b9 .text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[2972] C:\Windows\syswow64\USER32.dll!PostMessageW 00000000771512a5 5 bytes JMP 0000000173787621 .text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[2972] C:\Windows\syswow64\USER32.dll!SetWindowTextW 00000000771520ec 5 bytes JMP 0000000173785449 .text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[2972] C:\Windows\syswow64\USER32.dll!PostMessageA 0000000077153baa 5 bytes JMP 0000000173787589 .text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[2972] C:\Windows\syswow64\USER32.dll!PeekMessageA 0000000077155f74 5 bytes JMP 00000001737844d9 .text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[2972] C:\Windows\syswow64\USER32.dll!CallNextHookEx 0000000077156285 5 bytes JMP 0000000173784bf9 .text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[2972] C:\Windows\syswow64\USER32.dll!SetWindowsHookExW 0000000077157603 5 bytes JMP 0000000173782be9 .text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[2972] C:\Windows\syswow64\USER32.dll!SetWindowTextA 0000000077157aee 5 bytes JMP 00000001737853b1 .text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[2972] C:\Windows\syswow64\USER32.dll!SetWindowsHookExA 000000007715835c 5 bytes JMP 0000000173782b51 .text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[2972] C:\Windows\syswow64\USER32.dll!DialogBoxIndirectParamAorW 000000007716ce54 5 bytes JMP 00000001737851e9 .text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[2972] C:\Windows\syswow64\USER32.dll!UnhookWindowsHookEx 000000007716f52b 5 bytes JMP 0000000173784c91 .text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[2972] C:\Windows\syswow64\USER32.dll!FindWindowExW 000000007716f588 5 bytes JMP 0000000173785c99 .text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[2972] C:\Windows\syswow64\USER32.dll!CreateDialogIndirectParamAorW 00000000771710a0 5 bytes JMP 0000000173785151 .text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[2972] C:\Windows\syswow64\USER32.dll!MessageBoxExA 000000007719fcd6 2 bytes JMP 0000000173785281 .text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[2972] C:\Windows\syswow64\USER32.dll!MessageBoxExA + 3 000000007719fcd9 2 bytes [5E, FC] .text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[2972] C:\Windows\syswow64\USER32.dll!MessageBoxExW 000000007719fcfa 5 bytes JMP 0000000173785319 .text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[2972] C:\Windows\syswow64\ADVAPI32.dll!CryptGenKey 0000000076718e89 5 bytes JMP 0000000173786b71 .text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[2972] C:\Windows\syswow64\ADVAPI32.dll!CryptAcquireContextA 0000000076719179 5 bytes JMP 0000000173786a41 .text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[2972] C:\Windows\syswow64\ADVAPI32.dll!CryptExportKey 0000000076719186 5 bytes JMP 0000000173787031 .text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[2972] C:\Windows\syswow64\ADVAPI32.dll!CryptImportKey 000000007671c4d2 5 bytes JMP 00000001737871f9 .text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[2972] C:\Windows\syswow64\ADVAPI32.dll!OpenServiceW 000000007671c9ec 5 bytes JMP 0000000173783c89 .text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[2972] C:\Windows\syswow64\ADVAPI32.dll!CryptAcquireContextW 000000007671deb4 5 bytes JMP 0000000173786ad9 .text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[2972] C:\Windows\syswow64\ADVAPI32.dll!CryptHashData 000000007671ded6 5 bytes JMP 0000000173787161 .text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[2972] C:\Windows\syswow64\ADVAPI32.dll!CryptCreateHash 000000007671deee 5 bytes JMP 0000000173786f99 .text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[2972] C:\Windows\syswow64\ADVAPI32.dll!CryptGetHashParam 000000007671df1e 5 bytes JMP 00000001737870c9 .text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[2972] C:\Windows\syswow64\ADVAPI32.dll!OpenServiceA 0000000076722b50 5 bytes JMP 0000000173783bf1 .text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[2972] C:\Windows\syswow64\ADVAPI32.dll!CloseServiceHandle 00000000767235fc 5 bytes JMP 00000001737840b1 .text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[2972] C:\Windows\syswow64\ADVAPI32.dll!RegOpenKeyExA + 222 000000007672494d 5 bytes JMP 00000001737877e9 .text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[2972] C:\Windows\syswow64\ADVAPI32.dll!CreateServiceW 0000000076737154 5 bytes JMP 0000000173784311 .text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[2972] C:\Windows\syswow64\ADVAPI32.dll!ControlService 000000007673716c 5 bytes JMP 0000000173783e51 .text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[2972] C:\Windows\syswow64\ADVAPI32.dll!DeleteService 0000000076737184 5 bytes JMP 0000000173783ee9 .text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[2972] C:\Windows\syswow64\ADVAPI32.dll!CryptEncrypt 00000000767377cb 5 bytes JMP 0000000173786c09 .text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[2972] C:\Windows\syswow64\ADVAPI32.dll!ChangeServiceConfigA 00000000767533bc 5 bytes JMP 0000000173783f81 .text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[2972] C:\Windows\syswow64\ADVAPI32.dll!ChangeServiceConfigW 00000000767533cc 5 bytes JMP 0000000173784019 .text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[2972] C:\Windows\syswow64\ADVAPI32.dll!ControlServiceExA 00000000767533dc 5 bytes JMP 0000000173783d21 .text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[2972] C:\Windows\syswow64\ADVAPI32.dll!ControlServiceExW 00000000767533ec 5 bytes JMP 0000000173783db9 .text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[2972] C:\Windows\syswow64\ADVAPI32.dll!CreateServiceA 000000007675342c 5 bytes JMP 0000000173784279 .text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[2972] C:\Windows\syswow64\WS2_32.dll!closesocket 00000000767f3918 5 bytes JMP 0000000173785741 .text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[2972] C:\Windows\syswow64\WS2_32.dll!WSASocketW 00000000767f3cd3 5 bytes JMP 00000001737856a9 .text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[2972] C:\Windows\syswow64\WS2_32.dll!socket 00000000767f3eb8 5 bytes JMP 0000000173786ca1 .text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[2972] C:\Windows\syswow64\WS2_32.dll!WSASend 00000000767f4406 5 bytes JMP 0000000173782139 .text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[2972] C:\Windows\syswow64\WS2_32.dll!GetAddrInfoW 00000000767f4889 5 bytes JMP 0000000173784dc1 .text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[2972] C:\Windows\syswow64\WS2_32.dll!recv 00000000767f6b0e 5 bytes JMP 0000000173786e69 .text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[2972] C:\Windows\syswow64\WS2_32.dll!connect 00000000767f6bdd 1 byte JMP 00000001737841e1 .text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[2972] C:\Windows\syswow64\WS2_32.dll!connect + 2 00000000767f6bdf 3 bytes {CALL RBP} .text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[2972] C:\Windows\syswow64\WS2_32.dll!send 00000000767f6f01 5 bytes JMP 00000001737820a1 .text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[2972] C:\Windows\syswow64\WS2_32.dll!WSARecv 00000000767f7089 5 bytes JMP 0000000173786f01 .text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[2972] C:\Windows\syswow64\WS2_32.dll!WSAConnect 00000000767fcc3f 5 bytes JMP 0000000173786dd1 .text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[2972] C:\Windows\syswow64\WS2_32.dll!GetAddrInfoExW 00000000767fd1ea 5 bytes JMP 0000000173784e59 .text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[2972] C:\Windows\syswow64\WS2_32.dll!gethostbyname 0000000076807673 5 bytes JMP 0000000173784ef1 .text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[2972] C:\Windows\syswow64\SHELL32.dll!Shell_NotifyIconW 0000000075900179 5 bytes JMP 0000000173784d29 .text C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe[3016] C:\Windows\SysWOW64\ntdll.dll!NtClose 000000007764fa2c 5 bytes JMP 00000001737867e1 .text C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe[3016] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationProcess 000000007764fb74 5 bytes JMP 00000001737861f1 .text C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe[3016] C:\Windows\SysWOW64\ntdll.dll!NtQueryInformationToken 000000007764fbf4 5 bytes JMP 0000000173787d41 .text C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe[3016] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess 000000007764fc6c 5 bytes JMP 00000001737831d9 .text C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe[3016] C:\Windows\SysWOW64\ntdll.dll!NtMapViewOfSection 000000007764fc9c 5 bytes JMP 00000001737815f1 .text C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe[3016] C:\Windows\SysWOW64\ntdll.dll!NtUnmapViewOfSection 000000007764fccc 5 bytes JMP 0000000173781689 .text C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe[3016] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 000000007764fcfc 5 bytes JMP 0000000173786159 .text C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe[3016] C:\Windows\SysWOW64\ntdll.dll!NtWriteVirtualMemory 000000007764fe60 5 bytes JMP 00000001737830a9 .text C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe[3016] C:\Windows\SysWOW64\ntdll.dll!NtDuplicateObject 000000007764fe90 5 bytes JMP 0000000173783309 .text C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe[3016] C:\Windows\SysWOW64\ntdll.dll!NtAdjustPrivilegesToken 000000007764ff0c 5 bytes JMP 0000000173787161 .text C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe[3016] C:\Windows\SysWOW64\ntdll.dll!NtQueueApcThread 000000007764ff70 5 bytes JMP 0000000173783271 .text C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe[3016] C:\Windows\SysWOW64\ntdll.dll!NtCreateProcessEx 0000000077650038 5 bytes JMP 0000000173782ee1 .text C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe[3016] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread 0000000077650050 5 bytes JMP 0000000173782db1 .text C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe[3016] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile 0000000077650100 5 bytes JMP 0000000173781ed9 .text C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe[3016] C:\Windows\SysWOW64\ntdll.dll!NtSetValueKey 0000000077650210 5 bytes JMP 0000000173782301 .text C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe[3016] C:\Windows\SysWOW64\ntdll.dll!NtCreateProcess 0000000077650860 5 bytes JMP 0000000173782e49 .text C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe[3016] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx 00000000776508f0 5 bytes JMP 0000000173782d19 .text C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe[3016] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver 0000000077650e40 5 bytes JMP 0000000173786879 .text C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe[3016] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessToken 000000007765110c 5 bytes JMP 0000000173787ca9 .text C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe[3016] C:\Windows\SysWOW64\ntdll.dll!NtRaiseHardError 0000000077651650 5 bytes JMP 0000000173784ac9 .text C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe[3016] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread 000000007765196c 5 bytes JMP 0000000173783141 .text C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe[3016] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation 0000000077651c30 5 bytes JMP 0000000173786911 .text C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe[3016] C:\Windows\SysWOW64\ntdll.dll!NtSuspendProcess 0000000077651da0 5 bytes JMP 0000000173783439 .text C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe[3016] C:\Windows\SysWOW64\ntdll.dll!NtSuspendThread 0000000077651dbc 5 bytes JMP 00000001737833a1 .text C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe[3016] C:\Windows\SysWOW64\ntdll.dll!NtVdmControl 0000000077651f34 5 bytes JMP 0000000173787e71 .text C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe[3016] C:\Windows\SysWOW64\ntdll.dll!RtlQueryPerformanceCounter 0000000077664964 5 bytes JMP 0000000173781ab1 .text C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe[3016] C:\Windows\SysWOW64\ntdll.dll!RtlEqualSid 0000000077670fe1 5 bytes JMP 0000000173787dd9 .text C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe[3016] C:\Windows\SysWOW64\ntdll.dll!RtlCreateProcessParametersEx 0000000077690f4b 5 bytes JMP 0000000173782009 .text C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe[3016] C:\Windows\SysWOW64\ntdll.dll!RtlReportException 00000000776d88cf 5 bytes JMP 0000000173784b61 .text C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe[3016] C:\Windows\SysWOW64\ntdll.dll!RtlCreateProcessParameters 00000000776deb6b 5 bytes JMP 0000000173781f71 .text C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe[3016] C:\Windows\syswow64\kernel32.dll!GetStartupInfoA 0000000075440e00 5 bytes JMP 0000000173781da9 .text C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe[3016] C:\Windows\syswow64\kernel32.dll!CreateProcessA 0000000075441072 5 bytes JMP 0000000173782a21 .text C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe[3016] C:\Windows\syswow64\kernel32.dll!LoadLibraryA 000000007544498f 5 bytes JMP 00000001737825f9 .text C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe[3016] C:\Windows\syswow64\kernel32.dll!CreateProcessInternalW 0000000075453bab 5 bytes JMP 0000000173783011 .text C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe[3016] C:\Windows\syswow64\kernel32.dll!MoveFileWithProgressW 0000000075459aa4 5 bytes JMP 00000001737870c9 .text C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe[3016] C:\Windows\syswow64\kernel32.dll!MoveFileExW 0000000075459b05 5 bytes JMP 0000000173786e69 .text C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe[3016] C:\Windows\syswow64\kernel32.dll!CreateToolhelp32Snapshot 0000000075467327 5 bytes JMP 0000000173782729 .text C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe[3016] C:\Windows\syswow64\kernel32.dll!Process32NextW 00000000754688da 5 bytes JMP 0000000173786749 .text C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe[3016] C:\Windows\syswow64\kernel32.dll!MoveFileExA 000000007546ccb1 5 bytes JMP 0000000173786d39 .text C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe[3016] C:\Windows\syswow64\kernel32.dll!MoveFileWithProgressA 000000007546ccd1 5 bytes JMP 0000000173786f99 .text C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe[3016] C:\Windows\syswow64\kernel32.dll!WinExec 00000000754c3051 5 bytes JMP 00000001737828f1 .text C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe[3016] C:\Windows\syswow64\kernel32.dll!ReadConsoleInputA 00000000754e751b 5 bytes JMP 00000001737846a1 .text C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe[3016] C:\Windows\syswow64\kernel32.dll!ReadConsoleInputW 00000000754e753e 5 bytes JMP 00000001737847d1 .text C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe[3016] C:\Windows\syswow64\kernel32.dll!ReadConsoleA 00000000754e78e9 5 bytes JMP 0000000173784901 .text C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe[3016] C:\Windows\syswow64\kernel32.dll!ReadConsoleW 00000000754e7962 5 bytes JMP 0000000173784a31 .text C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe[3016] C:\Windows\syswow64\KERNELBASE.dll!GetSystemTimeAsFileTime 0000000077018f8d 5 bytes JMP 0000000173781a19 .text C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe[3016] C:\Windows\syswow64\KERNELBASE.dll!CloseHandle 000000007701c436 5 bytes JMP 0000000173783b59 .text C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe[3016] C:\Windows\syswow64\KERNELBASE.dll!DeviceIoControl 000000007701d0af 5 bytes JMP 00000001737871f9 .text C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe[3016] C:\Windows\syswow64\KERNELBASE.dll!WriteProcessMemory 000000007701eca6 5 bytes JMP 0000000173783601 .text C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe[3016] C:\Windows\syswow64\KERNELBASE.dll!ExitProcess 000000007701f206 5 bytes JMP 0000000173782399 .text C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe[3016] C:\Windows\syswow64\KERNELBASE.dll!GetStartupInfoW 000000007701fa89 5 bytes JMP 0000000173781e41 .text C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe[3016] C:\Windows\syswow64\KERNELBASE.dll!DefineDosDeviceW 000000007701fbb7 5 bytes JMP 0000000173786c09 .text C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe[3016] C:\Windows\syswow64\KERNELBASE.dll!CreateMutexW 0000000077021358 5 bytes JMP 0000000173783ac1 .text C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe[3016] C:\Windows\syswow64\KERNELBASE.dll!OpenMutexW 000000007702137f 5 bytes JMP 0000000173783a29 .text C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe[3016] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000077021d29 5 bytes JMP 0000000173781981 .text C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe[3016] C:\Windows\syswow64\KERNELBASE.dll!GetProcAddress 0000000077021e15 5 bytes JMP 00000001737824c9 .text C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe[3016] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000077022ab1 5 bytes JMP 0000000173786321 .text C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe[3016] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExA 0000000077022cd9 5 bytes JMP 0000000173786289 .text C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe[3016] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000077022d17 5 bytes JMP 00000001737863b9 .text C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe[3016] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleA 0000000077022e7a 5 bytes JMP 00000001737818e9 .text C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe[3016] C:\Windows\syswow64\KERNELBASE.dll!SleepEx 0000000077023b70 5 bytes JMP 0000000173782269 .text C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe[3016] C:\Windows\syswow64\KERNELBASE.dll!Sleep 0000000077024496 5 bytes JMP 0000000173782431 .text C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe[3016] C:\Windows\syswow64\KERNELBASE.dll!CreateThread 0000000077024608 5 bytes JMP 0000000173783569 .text C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe[3016] C:\Windows\syswow64\KERNELBASE.dll!CreateRemoteThread 0000000077024631 5 bytes JMP 0000000173782c81 .text C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe[3016] C:\Windows\syswow64\KERNELBASE.dll!FindNextFileW 000000007702a211 5 bytes JMP 0000000173787329 .text C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe[3016] C:\Windows\syswow64\KERNELBASE.dll!FindFirstFileExW 000000007702a4fa 5 bytes JMP 0000000173787291 .text C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe[3016] C:\Windows\syswow64\KERNELBASE.dll!CreateFileA 000000007702c734 5 bytes JMP 00000001737827c1 .text C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe[3016] C:\Windows\syswow64\KERNELBASE.dll!CreateWellKnownSid 000000007702e29d 5 bytes JMP 0000000173787c11 .text C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe[3016] C:\Windows\syswow64\WS2_32.dll!closesocket 00000000767f3918 5 bytes JMP 00000001737860c1 .text C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe[3016] C:\Windows\syswow64\WS2_32.dll!WSASocketW 00000000767f3cd3 5 bytes JMP 0000000173786029 .text C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe[3016] C:\Windows\syswow64\WS2_32.dll!socket 00000000767f3eb8 5 bytes JMP 0000000173787621 .text C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe[3016] C:\Windows\syswow64\WS2_32.dll!WSASend 00000000767f4406 5 bytes JMP 0000000173782139 .text C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe[3016] C:\Windows\syswow64\WS2_32.dll!GetAddrInfoW 00000000767f4889 5 bytes JMP 0000000173785741 .text C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe[3016] C:\Windows\syswow64\WS2_32.dll!recv 00000000767f6b0e 5 bytes JMP 00000001737877e9 .text C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe[3016] C:\Windows\syswow64\WS2_32.dll!connect 00000000767f6bdd 1 byte JMP 00000001737841e1 .text C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe[3016] C:\Windows\syswow64\WS2_32.dll!connect + 2 00000000767f6bdf 3 bytes {CALL RBP} .text C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe[3016] C:\Windows\syswow64\WS2_32.dll!send 00000000767f6f01 5 bytes JMP 00000001737820a1 .text C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe[3016] C:\Windows\syswow64\WS2_32.dll!WSARecv 00000000767f7089 5 bytes JMP 0000000173787881 .text C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe[3016] C:\Windows\syswow64\WS2_32.dll!WSAConnect 00000000767fcc3f 5 bytes JMP 0000000173787751 .text C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe[3016] C:\Windows\syswow64\WS2_32.dll!GetAddrInfoExW 00000000767fd1ea 5 bytes JMP 00000001737857d9 .text C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe[3016] C:\Windows\syswow64\WS2_32.dll!gethostbyname 0000000076807673 5 bytes JMP 0000000173785871 .text C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe[3016] C:\Windows\syswow64\msvcrt.dll!_lock + 41 000000007504a472 5 bytes JMP 00000001737880d1 .text C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe[3016] C:\Windows\syswow64\msvcrt.dll!__p__fmode 00000000750527ce 5 bytes JMP 0000000173781be1 .text C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe[3016] C:\Windows\syswow64\msvcrt.dll!__p__environ 000000007505e6cf 5 bytes JMP 0000000173781b49 .text C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe[3016] C:\Windows\syswow64\ADVAPI32.dll!CryptGenKey 0000000076718e89 5 bytes JMP 00000001737874f1 .text C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe[3016] C:\Windows\syswow64\ADVAPI32.dll!CryptAcquireContextA 0000000076719179 5 bytes JMP 00000001737873c1 .text C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe[3016] C:\Windows\syswow64\ADVAPI32.dll!CryptExportKey 0000000076719186 5 bytes JMP 00000001737879b1 .text C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe[3016] C:\Windows\syswow64\ADVAPI32.dll!CryptImportKey 000000007671c4d2 5 bytes JMP 0000000173787b79 .text C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe[3016] C:\Windows\syswow64\ADVAPI32.dll!OpenServiceW 000000007671c9ec 5 bytes JMP 0000000173783c89 .text C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe[3016] C:\Windows\syswow64\ADVAPI32.dll!CryptAcquireContextW 000000007671deb4 5 bytes JMP 0000000173787459 .text C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe[3016] C:\Windows\syswow64\ADVAPI32.dll!CryptHashData 000000007671ded6 5 bytes JMP 0000000173787ae1 .text C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe[3016] C:\Windows\syswow64\ADVAPI32.dll!CryptCreateHash 000000007671deee 5 bytes JMP 0000000173787919 .text C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe[3016] C:\Windows\syswow64\ADVAPI32.dll!CryptGetHashParam 000000007671df1e 5 bytes JMP 0000000173787a49 .text C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe[3016] C:\Windows\syswow64\ADVAPI32.dll!OpenServiceA 0000000076722b50 5 bytes JMP 0000000173783bf1 .text C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe[3016] C:\Windows\syswow64\ADVAPI32.dll!CloseServiceHandle 00000000767235fc 5 bytes JMP 00000001737840b1 .text C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe[3016] C:\Windows\syswow64\ADVAPI32.dll!RegOpenKeyExA + 222 000000007672494d 5 bytes JMP 0000000173788169 .text C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe[3016] C:\Windows\syswow64\ADVAPI32.dll!CreateServiceW 0000000076737154 5 bytes JMP 0000000173784311 .text C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe[3016] C:\Windows\syswow64\ADVAPI32.dll!ControlService 000000007673716c 5 bytes JMP 0000000173783e51 .text C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe[3016] C:\Windows\syswow64\ADVAPI32.dll!DeleteService 0000000076737184 5 bytes JMP 0000000173783ee9 .text C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe[3016] C:\Windows\syswow64\ADVAPI32.dll!CryptEncrypt 00000000767377cb 5 bytes JMP 0000000173787589 .text C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe[3016] C:\Windows\syswow64\ADVAPI32.dll!ChangeServiceConfigA 00000000767533bc 5 bytes JMP 0000000173783f81 .text C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe[3016] C:\Windows\syswow64\ADVAPI32.dll!ChangeServiceConfigW 00000000767533cc 5 bytes JMP 0000000173784019 .text C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe[3016] C:\Windows\syswow64\ADVAPI32.dll!ControlServiceExA 00000000767533dc 5 bytes JMP 0000000173783d21 .text C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe[3016] C:\Windows\syswow64\ADVAPI32.dll!ControlServiceExW 00000000767533ec 5 bytes JMP 0000000173783db9 .text C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe[3016] C:\Windows\syswow64\ADVAPI32.dll!CreateServiceA 000000007675342c 5 bytes JMP 0000000173784279 .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe[3036] C:\Windows\SysWOW64\ntdll.dll!NtClose 000000007764fa2c 5 bytes JMP 00000001737867e1 .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe[3036] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationProcess 000000007764fb74 5 bytes JMP 00000001737861f1 .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe[3036] C:\Windows\SysWOW64\ntdll.dll!NtQueryInformationToken 000000007764fbf4 5 bytes JMP 0000000173787ca9 .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe[3036] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess 000000007764fc6c 5 bytes JMP 00000001737831d9 .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe[3036] C:\Windows\SysWOW64\ntdll.dll!NtMapViewOfSection 000000007764fc9c 5 bytes JMP 00000001737815f1 .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe[3036] C:\Windows\SysWOW64\ntdll.dll!NtUnmapViewOfSection 000000007764fccc 5 bytes JMP 0000000173781689 .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe[3036] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 000000007764fcfc 5 bytes JMP 0000000173786159 .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe[3036] C:\Windows\SysWOW64\ntdll.dll!NtWriteVirtualMemory 000000007764fe60 5 bytes JMP 00000001737830a9 .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe[3036] C:\Windows\SysWOW64\ntdll.dll!NtDuplicateObject 000000007764fe90 5 bytes JMP 0000000173783309 .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe[3036] C:\Windows\SysWOW64\ntdll.dll!NtQueueApcThread 000000007764ff70 5 bytes JMP 0000000173783271 .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe[3036] C:\Windows\SysWOW64\ntdll.dll!NtCreateProcessEx 0000000077650038 5 bytes JMP 0000000173782ee1 .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe[3036] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread 0000000077650050 5 bytes JMP 0000000173782db1 .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe[3036] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile 0000000077650100 5 bytes JMP 0000000173781ed9 .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe[3036] C:\Windows\SysWOW64\ntdll.dll!NtSetValueKey 0000000077650210 5 bytes JMP 0000000173782301 .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe[3036] C:\Windows\SysWOW64\ntdll.dll!NtCreateProcess 0000000077650860 5 bytes JMP 0000000173782e49 .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe[3036] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx 00000000776508f0 5 bytes JMP 0000000173782d19 .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe[3036] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver 0000000077650e40 5 bytes JMP 0000000173786879 .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe[3036] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessToken 000000007765110c 5 bytes JMP 0000000173787c11 .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe[3036] C:\Windows\SysWOW64\ntdll.dll!NtRaiseHardError 0000000077651650 5 bytes JMP 0000000173784ac9 .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe[3036] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread 000000007765196c 5 bytes JMP 0000000173783141 .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe[3036] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation 0000000077651c30 5 bytes JMP 0000000173786911 .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe[3036] C:\Windows\SysWOW64\ntdll.dll!NtSuspendProcess 0000000077651da0 5 bytes JMP 0000000173783439 .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe[3036] C:\Windows\SysWOW64\ntdll.dll!NtSuspendThread 0000000077651dbc 5 bytes JMP 00000001737833a1 .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe[3036] C:\Windows\SysWOW64\ntdll.dll!NtVdmControl 0000000077651f34 5 bytes JMP 0000000173787dd9 .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe[3036] C:\Windows\SysWOW64\ntdll.dll!RtlQueryPerformanceCounter 0000000077664964 5 bytes JMP 0000000173781ab1 .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe[3036] C:\Windows\SysWOW64\ntdll.dll!RtlEqualSid 0000000077670fe1 5 bytes JMP 0000000173787d41 .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe[3036] C:\Windows\SysWOW64\ntdll.dll!RtlCreateProcessParametersEx 0000000077690f4b 5 bytes JMP 0000000173782009 .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe[3036] C:\Windows\SysWOW64\ntdll.dll!RtlReportException 00000000776d88cf 5 bytes JMP 0000000173784b61 .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe[3036] C:\Windows\SysWOW64\ntdll.dll!RtlCreateProcessParameters 00000000776deb6b 5 bytes JMP 0000000173781f71 .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe[3036] C:\Windows\syswow64\kernel32.dll!GetStartupInfoA 0000000075440e00 5 bytes JMP 0000000173781da9 .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe[3036] C:\Windows\syswow64\kernel32.dll!CreateProcessA 0000000075441072 5 bytes JMP 0000000173782a21 .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe[3036] C:\Windows\syswow64\kernel32.dll!LoadLibraryA 000000007544498f 5 bytes JMP 00000001737825f9 .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe[3036] C:\Windows\syswow64\kernel32.dll!CreateProcessInternalW 0000000075453bab 5 bytes JMP 0000000173783011 .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe[3036] C:\Windows\syswow64\kernel32.dll!MoveFileWithProgressW 0000000075459aa4 5 bytes JMP 00000001737870c9 .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe[3036] C:\Windows\syswow64\kernel32.dll!MoveFileExW 0000000075459b05 5 bytes JMP 0000000173786e69 .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe[3036] C:\Windows\syswow64\kernel32.dll!CreateToolhelp32Snapshot 0000000075467327 5 bytes JMP 0000000173782729 .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe[3036] C:\Windows\syswow64\kernel32.dll!Process32NextW 00000000754688da 5 bytes JMP 0000000173786749 .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe[3036] C:\Windows\syswow64\kernel32.dll!MoveFileExA 000000007546ccb1 5 bytes JMP 0000000173786d39 .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe[3036] C:\Windows\syswow64\kernel32.dll!MoveFileWithProgressA 000000007546ccd1 5 bytes JMP 0000000173786f99 .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe[3036] C:\Windows\syswow64\kernel32.dll!WinExec 00000000754c3051 5 bytes JMP 00000001737828f1 .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe[3036] C:\Windows\syswow64\kernel32.dll!ReadConsoleInputA 00000000754e751b 5 bytes JMP 00000001737846a1 .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe[3036] C:\Windows\syswow64\kernel32.dll!ReadConsoleInputW 00000000754e753e 5 bytes JMP 00000001737847d1 .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe[3036] C:\Windows\syswow64\kernel32.dll!ReadConsoleA 00000000754e78e9 5 bytes JMP 0000000173784901 .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe[3036] C:\Windows\syswow64\kernel32.dll!ReadConsoleW 00000000754e7962 5 bytes JMP 0000000173784a31 .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe[3036] C:\Windows\syswow64\KERNELBASE.dll!GetSystemTimeAsFileTime 0000000077018f8d 5 bytes JMP 0000000173781a19 .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe[3036] C:\Windows\syswow64\KERNELBASE.dll!CloseHandle 000000007701c436 5 bytes JMP 0000000173783b59 .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe[3036] C:\Windows\syswow64\KERNELBASE.dll!DeviceIoControl 000000007701d0af 5 bytes JMP 0000000173787161 .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe[3036] C:\Windows\syswow64\KERNELBASE.dll!WriteProcessMemory 000000007701eca6 5 bytes JMP 0000000173783601 .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe[3036] C:\Windows\syswow64\KERNELBASE.dll!ExitProcess 000000007701f206 5 bytes JMP 0000000173782399 .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe[3036] C:\Windows\syswow64\KERNELBASE.dll!GetStartupInfoW 000000007701fa89 5 bytes JMP 0000000173781e41 .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe[3036] C:\Windows\syswow64\KERNELBASE.dll!DefineDosDeviceW 000000007701fbb7 5 bytes JMP 0000000173786c09 .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe[3036] C:\Windows\syswow64\KERNELBASE.dll!CreateMutexW 0000000077021358 5 bytes JMP 0000000173783ac1 .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe[3036] C:\Windows\syswow64\KERNELBASE.dll!OpenMutexW 000000007702137f 5 bytes JMP 0000000173783a29 .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe[3036] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000077021d29 5 bytes JMP 0000000173781981 .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe[3036] C:\Windows\syswow64\KERNELBASE.dll!GetProcAddress 0000000077021e15 5 bytes JMP 00000001737824c9 .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe[3036] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000077022ab1 5 bytes JMP 0000000173786321 .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe[3036] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExA 0000000077022cd9 5 bytes JMP 0000000173786289 .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe[3036] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000077022d17 5 bytes JMP 00000001737863b9 .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe[3036] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleA 0000000077022e7a 5 bytes JMP 00000001737818e9 .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe[3036] C:\Windows\syswow64\KERNELBASE.dll!SleepEx 0000000077023b70 5 bytes JMP 0000000173782269 .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe[3036] C:\Windows\syswow64\KERNELBASE.dll!Sleep 0000000077024496 5 bytes JMP 0000000173782431 .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe[3036] C:\Windows\syswow64\KERNELBASE.dll!CreateThread 0000000077024608 5 bytes JMP 0000000173783569 .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe[3036] C:\Windows\syswow64\KERNELBASE.dll!CreateRemoteThread 0000000077024631 5 bytes JMP 0000000173782c81 .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe[3036] C:\Windows\syswow64\KERNELBASE.dll!FindNextFileW 000000007702a211 5 bytes JMP 0000000173787291 .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe[3036] C:\Windows\syswow64\KERNELBASE.dll!FindFirstFileExW 000000007702a4fa 5 bytes JMP 00000001737871f9 .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe[3036] C:\Windows\syswow64\KERNELBASE.dll!CreateFileA 000000007702c734 5 bytes JMP 00000001737827c1 .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe[3036] C:\Windows\syswow64\KERNELBASE.dll!CreateWellKnownSid 000000007702e29d 5 bytes JMP 0000000173787b79 .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe[3036] C:\Windows\syswow64\msvcrt.dll!_lock + 41 000000007504a472 5 bytes JMP 0000000173787fa1 .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe[3036] C:\Windows\syswow64\msvcrt.dll!__p__fmode 00000000750527ce 5 bytes JMP 0000000173781be1 .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe[3036] C:\Windows\syswow64\msvcrt.dll!__p__environ 000000007505e6cf 5 bytes JMP 0000000173781b49 .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe[3036] C:\Windows\syswow64\USER32.dll!GetMessageW 00000000771478e2 5 bytes JMP 0000000173784441 .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe[3036] C:\Windows\syswow64\USER32.dll!GetMessageA 0000000077147bd3 5 bytes JMP 00000001737843a9 .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe[3036] C:\Windows\syswow64\USER32.dll!CreateWindowExW 0000000077148a29 5 bytes JMP 0000000173785909 .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe[3036] C:\Windows\syswow64\USER32.dll!FindWindowW 00000000771498fd 5 bytes JMP 0000000173786581 .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe[3036] C:\Windows\syswow64\USER32.dll!UserClientDllInitialize 000000007714b6ed 5 bytes JMP 0000000173788039 .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe[3036] C:\Windows\syswow64\USER32.dll!CreateWindowExA 000000007714d22e 5 bytes JMP 00000001737859a1 .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe[3036] C:\Windows\syswow64\USER32.dll!SetWinEventHook 000000007714ee09 5 bytes JMP 00000001737834d1 .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe[3036] C:\Windows\syswow64\USER32.dll!FindWindowA 000000007714ffe6 5 bytes JMP 0000000173786451 .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe[3036] C:\Windows\syswow64\USER32.dll!FindWindowExA 00000000771500d9 5 bytes JMP 00000001737864e9 .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe[3036] C:\Windows\syswow64\USER32.dll!PeekMessageW 00000000771505ba 5 bytes JMP 0000000173784571 .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe[3036] C:\Windows\syswow64\USER32.dll!ShowWindow 0000000077150dfb 5 bytes JMP 0000000173785a39 .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe[3036] C:\Windows\syswow64\USER32.dll!PostMessageW 00000000771512a5 5 bytes JMP 0000000173787f09 .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe[3036] C:\Windows\syswow64\USER32.dll!SetWindowTextW 00000000771520ec 5 bytes JMP 0000000173785dc9 .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe[3036] C:\Windows\syswow64\USER32.dll!PostMessageA 0000000077153baa 5 bytes JMP 0000000173787e71 .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe[3036] C:\Windows\syswow64\USER32.dll!PeekMessageA 0000000077155f74 5 bytes JMP 00000001737844d9 .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe[3036] C:\Windows\syswow64\USER32.dll!CallNextHookEx 0000000077156285 5 bytes JMP 0000000173784bf9 .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe[3036] C:\Windows\syswow64\USER32.dll!SetWindowsHookExW 0000000077157603 5 bytes JMP 0000000173782be9 .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe[3036] C:\Windows\syswow64\USER32.dll!SetWindowTextA 0000000077157aee 5 bytes JMP 0000000173785d31 .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe[3036] C:\Windows\syswow64\USER32.dll!SetWindowsHookExA 000000007715835c 5 bytes JMP 0000000173782b51 .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe[3036] C:\Windows\syswow64\USER32.dll!DialogBoxIndirectParamAorW 000000007716ce54 5 bytes JMP 0000000173785b69 .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe[3036] C:\Windows\syswow64\USER32.dll!UnhookWindowsHookEx 000000007716f52b 5 bytes JMP 0000000173784c91 .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe[3036] C:\Windows\syswow64\USER32.dll!FindWindowExW 000000007716f588 5 bytes JMP 0000000173786619 .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe[3036] C:\Windows\syswow64\USER32.dll!CreateDialogIndirectParamAorW 00000000771710a0 5 bytes JMP 0000000173785ad1 .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe[3036] C:\Windows\syswow64\USER32.dll!MessageBoxExA 000000007719fcd6 5 bytes JMP 0000000173785c01 .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe[3036] C:\Windows\syswow64\USER32.dll!MessageBoxExW 000000007719fcfa 5 bytes JMP 0000000173785c99 .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe[3036] C:\Windows\syswow64\ADVAPI32.dll!CryptGenKey 0000000076718e89 5 bytes JMP 0000000173787459 .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe[3036] C:\Windows\syswow64\ADVAPI32.dll!CryptAcquireContextA 0000000076719179 5 bytes JMP 0000000173787329 .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe[3036] C:\Windows\syswow64\ADVAPI32.dll!CryptExportKey 0000000076719186 5 bytes JMP 0000000173787919 .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe[3036] C:\Windows\syswow64\ADVAPI32.dll!CryptImportKey 000000007671c4d2 5 bytes JMP 0000000173787ae1 .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe[3036] C:\Windows\syswow64\ADVAPI32.dll!OpenServiceW 000000007671c9ec 5 bytes JMP 0000000173783c89 .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe[3036] C:\Windows\syswow64\ADVAPI32.dll!CryptAcquireContextW 000000007671deb4 5 bytes JMP 00000001737873c1 .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe[3036] C:\Windows\syswow64\ADVAPI32.dll!CryptHashData 000000007671ded6 5 bytes JMP 0000000173787a49 .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe[3036] C:\Windows\syswow64\ADVAPI32.dll!CryptCreateHash 000000007671deee 5 bytes JMP 0000000173787881 .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe[3036] C:\Windows\syswow64\ADVAPI32.dll!CryptGetHashParam 000000007671df1e 5 bytes JMP 00000001737879b1 .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe[3036] C:\Windows\syswow64\ADVAPI32.dll!OpenServiceA 0000000076722b50 5 bytes JMP 0000000173783bf1 .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe[3036] C:\Windows\syswow64\ADVAPI32.dll!CloseServiceHandle 00000000767235fc 5 bytes JMP 00000001737840b1 .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe[3036] C:\Windows\syswow64\ADVAPI32.dll!RegOpenKeyExA + 222 000000007672494d 5 bytes JMP 00000001737880d1 .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe[3036] C:\Windows\syswow64\ADVAPI32.dll!CreateServiceW 0000000076737154 5 bytes JMP 0000000173784311 .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe[3036] C:\Windows\syswow64\ADVAPI32.dll!ControlService 000000007673716c 5 bytes JMP 0000000173783e51 .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe[3036] C:\Windows\syswow64\ADVAPI32.dll!DeleteService 0000000076737184 5 bytes JMP 0000000173783ee9 .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe[3036] C:\Windows\syswow64\ADVAPI32.dll!CryptEncrypt 00000000767377cb 5 bytes JMP 00000001737874f1 .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe[3036] C:\Windows\syswow64\ADVAPI32.dll!ChangeServiceConfigA 00000000767533bc 5 bytes JMP 0000000173783f81 .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe[3036] C:\Windows\syswow64\ADVAPI32.dll!ChangeServiceConfigW 00000000767533cc 5 bytes JMP 0000000173784019 .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe[3036] C:\Windows\syswow64\ADVAPI32.dll!ControlServiceExA 00000000767533dc 5 bytes JMP 0000000173783d21 .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe[3036] C:\Windows\syswow64\ADVAPI32.dll!ControlServiceExW 00000000767533ec 5 bytes JMP 0000000173783db9 .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe[3036] C:\Windows\syswow64\ADVAPI32.dll!CreateServiceA 000000007675342c 5 bytes JMP 0000000173784279 .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe[3036] C:\Windows\syswow64\SHELL32.dll!Shell_NotifyIconW 0000000075900179 5 bytes JMP 0000000173784d29 .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe[3036] C:\Windows\syswow64\WS2_32.dll!closesocket 00000000767f3918 5 bytes JMP 00000001737860c1 .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe[3036] C:\Windows\syswow64\WS2_32.dll!WSASocketW 00000000767f3cd3 5 bytes JMP 0000000173786029 .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe[3036] C:\Windows\syswow64\WS2_32.dll!socket 00000000767f3eb8 5 bytes JMP 0000000173787589 .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe[3036] C:\Windows\syswow64\WS2_32.dll!WSASend 00000000767f4406 5 bytes JMP 0000000173782139 .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe[3036] C:\Windows\syswow64\WS2_32.dll!GetAddrInfoW 00000000767f4889 5 bytes JMP 0000000173785741 .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe[3036] C:\Windows\syswow64\WS2_32.dll!recv 00000000767f6b0e 5 bytes JMP 0000000173787751 .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe[3036] C:\Windows\syswow64\WS2_32.dll!connect 00000000767f6bdd 1 byte JMP 00000001737841e1 .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe[3036] C:\Windows\syswow64\WS2_32.dll!connect + 2 00000000767f6bdf 3 bytes {CALL RBP} .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe[3036] C:\Windows\syswow64\WS2_32.dll!send 00000000767f6f01 5 bytes JMP 00000001737820a1 .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe[3036] C:\Windows\syswow64\WS2_32.dll!WSARecv 00000000767f7089 5 bytes JMP 00000001737877e9 .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe[3036] C:\Windows\syswow64\WS2_32.dll!WSAConnect 00000000767fcc3f 5 bytes JMP 00000001737876b9 .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe[3036] C:\Windows\syswow64\WS2_32.dll!GetAddrInfoExW 00000000767fd1ea 5 bytes JMP 00000001737857d9 .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe[3036] C:\Windows\syswow64\WS2_32.dll!gethostbyname 0000000076807673 5 bytes JMP 0000000173785871 .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe[3036] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000076cf1401 2 bytes JMP 7546b21b C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe[3036] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000076cf1419 2 bytes JMP 7546b346 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe[3036] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000076cf1431 2 bytes JMP 754e8f29 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe[3036] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000076cf144a 2 bytes CALL 7544489d C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe[3036] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000076cf14dd 2 bytes JMP 754e8822 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe[3036] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000076cf14f5 2 bytes JMP 754e89f8 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe[3036] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000076cf150d 2 bytes JMP 754e8718 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe[3036] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000076cf1525 2 bytes JMP 754e8ae2 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe[3036] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000076cf153d 2 bytes JMP 7545fca8 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe[3036] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000076cf1555 2 bytes JMP 754668ef C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe[3036] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000076cf156d 2 bytes JMP 754e8fe3 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe[3036] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000076cf1585 2 bytes JMP 754e8b42 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe[3036] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000076cf159d 2 bytes JMP 754e86dc C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe[3036] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000076cf15b5 2 bytes JMP 7545fd41 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe[3036] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000076cf15cd 2 bytes JMP 7546b2dc C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe[3036] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000076cf16b2 2 bytes JMP 754e8ea4 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe[3036] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000076cf16bd 2 bytes JMP 754e8671 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe[3036] C:\Windows\syswow64\urlmon.dll!CreateUri + 128 00000000752e2b40 5 bytes JMP 00000001737883c9 .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe[3036] C:\Windows\syswow64\urlmon.dll!URLDownloadToCacheFileW 000000007531a490 5 bytes JMP 0000000173784149 .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe[3036] C:\Windows\syswow64\urlmon.dll!URLDownloadToFileW 000000007531ac50 5 bytes JMP 00000001737821d1 .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe[3036] C:\Windows\syswow64\urlmon.dll!URLDownloadToFileA 000000007539eb50 5 bytes JMP 0000000173782ab9 .text C:\Windows\system32\svchost.exe[2340] C:\Windows\system32\kernel32.dll!Process32NextW + 1 0000000077231b21 11 bytes [B8, B9, C0, B5, 75, 00, 00, ...] .text C:\Windows\system32\svchost.exe[2340] C:\Windows\system32\kernel32.dll!CreateToolhelp32Snapshot 0000000077231c10 12 bytes [48, B8, F9, 39, B5, 75, 00, ...] .text C:\Windows\system32\svchost.exe[2340] C:\Windows\system32\kernel32.dll!MoveFileExW + 1 0000000077232b61 8 bytes [B8, B9, D5, B5, 75, 00, 00, ...] .text C:\Windows\system32\svchost.exe[2340] C:\Windows\system32\kernel32.dll!MoveFileExW + 10 0000000077232b6a 2 bytes [50, C3] .text C:\Windows\system32\svchost.exe[2340] C:\Windows\system32\kernel32.dll!CreateProcessInternalW 000000007724dbc0 12 bytes [48, B8, B9, 2D, B5, 75, 00, ...] .text C:\Windows\system32\svchost.exe[2340] C:\Windows\system32\kernel32.dll!GetStartupInfoA + 1 0000000077250941 11 bytes [B8, B9, 06, B6, 75, 00, 00, ...] .text C:\Windows\system32\svchost.exe[2340] C:\Windows\system32\kernel32.dll!ReadConsoleInputW + 1 0000000077285321 11 bytes [B8, B9, 7A, B5, 75, 00, 00, ...] .text C:\Windows\system32\svchost.exe[2340] C:\Windows\system32\kernel32.dll!ReadConsoleInputA + 1 0000000077285341 11 bytes [B8, 39, 77, B5, 75, 00, 00, ...] .text C:\Windows\system32\svchost.exe[2340] C:\Windows\system32\kernel32.dll!ReadConsoleW 000000007729a650 12 bytes [48, B8, B9, 81, B5, 75, 00, ...] .text C:\Windows\system32\svchost.exe[2340] C:\Windows\system32\kernel32.dll!ReadConsoleA 000000007729a760 12 bytes [48, B8, 39, 7E, B5, 75, 00, ...] .text C:\Windows\system32\svchost.exe[2340] C:\Windows\system32\kernel32.dll!MoveFileWithProgressW + 1 00000000772bf501 11 bytes [B8, B9, DC, B5, 75, 00, 00, ...] .text C:\Windows\system32\svchost.exe[2340] C:\Windows\system32\kernel32.dll!MoveFileWithProgressA + 1 00000000772bf701 11 bytes [B8, 39, D9, B5, 75, 00, 00, ...] .text C:\Windows\system32\svchost.exe[2340] C:\Windows\system32\kernel32.dll!MoveFileExA + 1 00000000772bf731 8 bytes [B8, 39, D2, B5, 75, 00, 00, ...] .text C:\Windows\system32\svchost.exe[2340] C:\Windows\system32\kernel32.dll!MoveFileExA + 10 00000000772bf73a 2 bytes [50, C3] .text C:\Windows\system32\svchost.exe[2340] C:\Windows\system32\KERNELBASE.dll!CloseHandle + 1 000007fefd231861 11 bytes [B8, 79, 52, B5, 75, 00, 00, ...] .text C:\Windows\system32\svchost.exe[2340] C:\Windows\system32\KERNELBASE.dll!GetProcAddress + 1 000007fefd2330f1 11 bytes [B8, 39, B6, B5, 75, 00, 00, ...] .text C:\Windows\system32\svchost.exe[2340] C:\Windows\system32\KERNELBASE.dll!FindFirstFileExW 000007fefd235200 12 bytes [48, B8, F9, E1, B5, 75, 00, ...] .text C:\Windows\system32\svchost.exe[2340] C:\Windows\system32\KERNELBASE.dll!FindNextFileW + 1 000007fefd235b91 11 bytes [B8, B9, E3, B5, 75, 00, 00, ...] .text C:\Windows\system32\svchost.exe[2340] C:\Windows\system32\KERNELBASE.dll!CreateMutexW 000007fefd238c00 12 bytes [48, B8, B9, 50, B5, 75, 00, ...] .text C:\Windows\system32\svchost.exe[2340] C:\Windows\system32\KERNELBASE.dll!CreateWellKnownSid + 1 000007fefd239531 11 bytes [B8, F9, FD, B5, 75, 00, 00, ...] .text C:\Windows\system32\svchost.exe[2340] C:\Windows\system32\KERNELBASE.dll!DeviceIoControl + 1 000007fefd239e71 11 bytes [B8, 39, E0, B5, 75, 00, 00, ...] .text C:\Windows\system32\svchost.exe[2340] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExA + 1 000007fefd23b591 11 bytes [B8, F9, B0, B5, 75, 00, 00, ...] .text C:\Windows\system32\svchost.exe[2340] C:\Windows\system32\KERNELBASE.dll!OpenMutexW + 1 000007fefd242361 11 bytes [B8, F9, 4E, B5, 75, 00, 00, ...] .text C:\Windows\system32\svchost.exe[2340] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd24a590 12 bytes [48, B8, B9, B2, B5, 75, 00, ...] .text C:\Windows\system32\svchost.exe[2340] C:\Windows\system32\KERNELBASE.dll!FreeLibrary + 1 000007fefd24ac01 11 bytes [B8, 79, B4, B5, 75, 00, 00, ...] .text C:\Windows\system32\svchost.exe[2340] C:\Windows\system32\KERNELBASE.dll!WriteProcessMemory 000007fefd2642e0 12 bytes [48, B8, B9, 42, B5, 75, 00, ...] .text C:\Windows\system32\svchost.exe[2340] C:\Windows\system32\KERNELBASE.dll!DefineDosDeviceW + 1 000007fefd270ba1 11 bytes [B8, B9, CE, B5, 75, 00, 00, ...] .text C:\Windows\system32\svchost.exe[2340] C:\Windows\system32\KERNELBASE.dll!CreateRemoteThread + 1 000007fefd272801 8 bytes [B8, 39, 23, B5, 75, 00, 00, ...] .text C:\Windows\system32\svchost.exe[2340] C:\Windows\system32\KERNELBASE.dll!CreateRemoteThread + 10 000007fefd27280a 2 bytes [50, C3] .text C:\Windows\system32\svchost.exe[2340] C:\Windows\system32\KERNELBASE.dll!CreateThread + 1 000007fefd272841 11 bytes [B8, F9, 40, B5, 75, 00, 00, ...] .text C:\Windows\system32\svchost.exe[2340] C:\Windows\SYSTEM32\sechost.dll!ControlService + 1 000007fefdc0642d 11 bytes [B8, 39, 5B, B5, 75, 00, 00, ...] .text C:\Windows\system32\svchost.exe[2340] C:\Windows\SYSTEM32\sechost.dll!OpenServiceW 000007fefdc06484 12 bytes [48, B8, F9, 55, B5, 75, 00, ...] .text C:\Windows\system32\svchost.exe[2340] C:\Windows\SYSTEM32\sechost.dll!CloseServiceHandle + 1 000007fefdc06519 11 bytes [B8, 39, 62, B5, 75, 00, 00, ...] .text C:\Windows\system32\svchost.exe[2340] C:\Windows\SYSTEM32\sechost.dll!OpenServiceA 000007fefdc06c34 12 bytes [48, B8, 39, 54, B5, 75, 00, ...] .text C:\Windows\system32\svchost.exe[2340] C:\Windows\SYSTEM32\sechost.dll!DeleteService + 1 000007fefdc07ab5 11 bytes [B8, F9, 5C, B5, 75, 00, 00, ...] .text C:\Windows\system32\svchost.exe[2340] C:\Windows\SYSTEM32\sechost.dll!ControlServiceExA + 1 000007fefdc08b01 11 bytes [B8, B9, 57, B5, 75, 00, 00, ...] .text C:\Windows\system32\svchost.exe[2340] C:\Windows\SYSTEM32\sechost.dll!ControlServiceExW + 1 000007fefdc08c39 11 bytes [B8, 79, 59, B5, 75, 00, 00, ...] .text C:\Windows\system32\svchost.exe[2340] C:\Windows\system32\ADVAPI32.dll!CryptExportKey + 1 000007fefe3fae81 11 bytes [B8, F9, F6, B5, 75, 00, 00, ...] .text C:\Windows\system32\svchost.exe[2340] C:\Windows\system32\ADVAPI32.dll!CryptAcquireContextA + 1 000007fefe3faee1 11 bytes [B8, 79, E5, B5, 75, 00, 00, ...] .text C:\Windows\system32\svchost.exe[2340] C:\Windows\system32\ADVAPI32.dll!CryptImportKey + 1 000007fefe3fe6e9 11 bytes [B8, 39, FC, B5, 75, 00, 00, ...] .text C:\Windows\system32\svchost.exe[2340] C:\Windows\system32\ADVAPI32.dll!CryptAcquireContextW + 1 000007fefe40048d 11 bytes [B8, 39, E7, B5, 75, 00, 00, ...] .text C:\Windows\system32\svchost.exe[2340] C:\Windows\system32\ADVAPI32.dll!CryptCreateHash + 1 000007fefe400579 11 bytes [B8, 39, F5, B5, 75, 00, 00, ...] .text C:\Windows\system32\svchost.exe[2340] C:\Windows\system32\ADVAPI32.dll!CryptGetHashParam + 1 000007fefe4005b1 11 bytes [B8, B9, F8, B5, 75, 00, 00, ...] .text C:\Windows\system32\svchost.exe[2340] C:\Windows\system32\ADVAPI32.dll!CryptGetHashParam + 73 000007fefe4005f9 5 bytes [B8, 79, FA, B5, 75] .text ... * 2 .text C:\Windows\system32\svchost.exe[2340] C:\Windows\system32\ADVAPI32.dll!IsTextUnicode + 49 000007fefe414e21 11 bytes [B8, 79, 08, B6, 75, 00, 00, ...] .text C:\Windows\system32\svchost.exe[2340] C:\Windows\system32\ADVAPI32.dll!CreateServiceW 000007fefe415538 12 bytes [48, B8, B9, 6C, B5, 75, 00, ...] .text C:\Windows\system32\svchost.exe[2340] C:\Windows\system32\ADVAPI32.dll!CryptEncrypt + 1 000007fefe42b9c1 7 bytes [B8, B9, EA, B5, 75, 00, 00] .text C:\Windows\system32\svchost.exe[2340] C:\Windows\system32\ADVAPI32.dll!CryptEncrypt + 10 000007fefe42b9ca 2 bytes [50, C3] .text C:\Windows\system32\svchost.exe[2340] C:\Windows\system32\ADVAPI32.dll!CreateServiceA 000007fefe42ba4c 12 bytes [48, B8, F9, 6A, B5, 75, 00, ...] .text C:\Windows\system32\svchost.exe[2340] C:\Windows\system32\ADVAPI32.dll!ChangeServiceConfigW 000007fefe42bbc0 12 bytes [48, B8, 79, 60, B5, 75, 00, ...] .text C:\Windows\system32\svchost.exe[2340] C:\Windows\system32\ADVAPI32.dll!ChangeServiceConfigA 000007fefe42bc2c 12 bytes [48, B8, B9, 5E, B5, 75, 00, ...] .text C:\Program Files\Bitdefender\Bitdefender 2015\updatesrv.exe[2668] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000000007749de70 6 bytes [48, B8, F0, 12, 7A, 01] .text C:\Program Files\Bitdefender\Bitdefender 2015\updatesrv.exe[2668] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess + 8 000000007749de78 4 bytes [00, 00, 50, C3] .text C:\Program Files\Bitdefender\Bitdefender 2015\updatesrv.exe[2668] C:\Windows\system32\kernel32.dll!UnhandledExceptionFilter + 1 00000000772cb851 11 bytes [B8, F0, 12, 93, 01, 00, 00, ...] .text C:\Windows\system32\svchost.exe[3508] C:\Windows\system32\kernel32.dll!Process32NextW + 1 0000000077231b21 11 bytes [B8, B9, C0, B5, 75, 00, 00, ...] .text C:\Windows\system32\svchost.exe[3508] C:\Windows\system32\kernel32.dll!CreateToolhelp32Snapshot 0000000077231c10 12 bytes [48, B8, F9, 39, B5, 75, 00, ...] .text C:\Windows\system32\svchost.exe[3508] C:\Windows\system32\kernel32.dll!MoveFileExW + 1 0000000077232b61 8 bytes [B8, B9, D5, B5, 75, 00, 00, ...] .text C:\Windows\system32\svchost.exe[3508] C:\Windows\system32\kernel32.dll!MoveFileExW + 10 0000000077232b6a 2 bytes [50, C3] .text C:\Windows\system32\svchost.exe[3508] C:\Windows\system32\kernel32.dll!CreateProcessInternalW 000000007724dbc0 12 bytes [48, B8, B9, 2D, B5, 75, 00, ...] .text C:\Windows\system32\svchost.exe[3508] C:\Windows\system32\kernel32.dll!GetStartupInfoA + 1 0000000077250941 11 bytes [B8, B9, 06, B6, 75, 00, 00, ...] .text C:\Windows\system32\svchost.exe[3508] C:\Windows\system32\kernel32.dll!ReadConsoleInputW + 1 0000000077285321 11 bytes [B8, B9, 7A, B5, 75, 00, 00, ...] .text C:\Windows\system32\svchost.exe[3508] C:\Windows\system32\kernel32.dll!ReadConsoleInputA + 1 0000000077285341 11 bytes [B8, 39, 77, B5, 75, 00, 00, ...] .text C:\Windows\system32\svchost.exe[3508] C:\Windows\system32\kernel32.dll!ReadConsoleW 000000007729a650 12 bytes [48, B8, B9, 81, B5, 75, 00, ...] .text C:\Windows\system32\svchost.exe[3508] C:\Windows\system32\kernel32.dll!ReadConsoleA 000000007729a760 12 bytes [48, B8, 39, 7E, B5, 75, 00, ...] .text C:\Windows\system32\svchost.exe[3508] C:\Windows\system32\kernel32.dll!MoveFileWithProgressW + 1 00000000772bf501 11 bytes [B8, B9, DC, B5, 75, 00, 00, ...] .text C:\Windows\system32\svchost.exe[3508] C:\Windows\system32\kernel32.dll!MoveFileWithProgressA + 1 00000000772bf701 11 bytes [B8, 39, D9, B5, 75, 00, 00, ...] .text C:\Windows\system32\svchost.exe[3508] C:\Windows\system32\kernel32.dll!MoveFileExA + 1 00000000772bf731 8 bytes [B8, 39, D2, B5, 75, 00, 00, ...] .text C:\Windows\system32\svchost.exe[3508] C:\Windows\system32\kernel32.dll!MoveFileExA + 10 00000000772bf73a 2 bytes [50, C3] .text C:\Windows\system32\svchost.exe[3508] C:\Windows\system32\KERNELBASE.dll!CloseHandle + 1 000007fefd231861 11 bytes [B8, 79, 52, B5, 75, 00, 00, ...] .text C:\Windows\system32\svchost.exe[3508] C:\Windows\system32\KERNELBASE.dll!GetProcAddress + 1 000007fefd2330f1 11 bytes [B8, 39, B6, B5, 75, 00, 00, ...] .text C:\Windows\system32\svchost.exe[3508] C:\Windows\system32\KERNELBASE.dll!FindFirstFileExW 000007fefd235200 12 bytes [48, B8, F9, E1, B5, 75, 00, ...] .text C:\Windows\system32\svchost.exe[3508] C:\Windows\system32\KERNELBASE.dll!FindNextFileW + 1 000007fefd235b91 11 bytes [B8, B9, E3, B5, 75, 00, 00, ...] .text C:\Windows\system32\svchost.exe[3508] C:\Windows\system32\KERNELBASE.dll!CreateMutexW 000007fefd238c00 12 bytes [48, B8, B9, 50, B5, 75, 00, ...] .text C:\Windows\system32\svchost.exe[3508] C:\Windows\system32\KERNELBASE.dll!CreateWellKnownSid + 1 000007fefd239531 11 bytes [B8, F9, FD, B5, 75, 00, 00, ...] .text C:\Windows\system32\svchost.exe[3508] C:\Windows\system32\KERNELBASE.dll!DeviceIoControl + 1 000007fefd239e71 11 bytes [B8, 39, E0, B5, 75, 00, 00, ...] .text C:\Windows\system32\svchost.exe[3508] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExA + 1 000007fefd23b591 11 bytes [B8, F9, B0, B5, 75, 00, 00, ...] .text C:\Windows\system32\svchost.exe[3508] C:\Windows\system32\KERNELBASE.dll!OpenMutexW + 1 000007fefd242361 11 bytes [B8, F9, 4E, B5, 75, 00, 00, ...] .text C:\Windows\system32\svchost.exe[3508] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd24a590 12 bytes [48, B8, B9, B2, B5, 75, 00, ...] .text C:\Windows\system32\svchost.exe[3508] C:\Windows\system32\KERNELBASE.dll!FreeLibrary + 1 000007fefd24ac01 11 bytes [B8, 79, B4, B5, 75, 00, 00, ...] .text C:\Windows\system32\svchost.exe[3508] C:\Windows\system32\KERNELBASE.dll!WriteProcessMemory 000007fefd2642e0 12 bytes [48, B8, B9, 42, B5, 75, 00, ...] .text C:\Windows\system32\svchost.exe[3508] C:\Windows\system32\KERNELBASE.dll!DefineDosDeviceW + 1 000007fefd270ba1 11 bytes [B8, B9, CE, B5, 75, 00, 00, ...] .text C:\Windows\system32\svchost.exe[3508] C:\Windows\system32\KERNELBASE.dll!CreateRemoteThread + 1 000007fefd272801 8 bytes [B8, 39, 23, B5, 75, 00, 00, ...] .text C:\Windows\system32\svchost.exe[3508] C:\Windows\system32\KERNELBASE.dll!CreateRemoteThread + 10 000007fefd27280a 2 bytes [50, C3] .text C:\Windows\system32\svchost.exe[3508] C:\Windows\system32\KERNELBASE.dll!CreateThread + 1 000007fefd272841 11 bytes [B8, F9, 40, B5, 75, 00, 00, ...] .text C:\Windows\system32\svchost.exe[3508] C:\Windows\SYSTEM32\sechost.dll!ControlService + 1 000007fefdc0642d 11 bytes [B8, 39, 5B, B5, 75, 00, 00, ...] .text C:\Windows\system32\svchost.exe[3508] C:\Windows\SYSTEM32\sechost.dll!OpenServiceW 000007fefdc06484 12 bytes [48, B8, F9, 55, B5, 75, 00, ...] .text C:\Windows\system32\svchost.exe[3508] C:\Windows\SYSTEM32\sechost.dll!CloseServiceHandle + 1 000007fefdc06519 11 bytes [B8, 39, 62, B5, 75, 00, 00, ...] .text C:\Windows\system32\svchost.exe[3508] C:\Windows\SYSTEM32\sechost.dll!OpenServiceA 000007fefdc06c34 12 bytes [48, B8, 39, 54, B5, 75, 00, ...] .text C:\Windows\system32\svchost.exe[3508] C:\Windows\SYSTEM32\sechost.dll!DeleteService + 1 000007fefdc07ab5 11 bytes [B8, F9, 5C, B5, 75, 00, 00, ...] .text C:\Windows\system32\svchost.exe[3508] C:\Windows\SYSTEM32\sechost.dll!ControlServiceExA + 1 000007fefdc08b01 11 bytes [B8, B9, 57, B5, 75, 00, 00, ...] .text C:\Windows\system32\svchost.exe[3508] C:\Windows\SYSTEM32\sechost.dll!ControlServiceExW + 1 000007fefdc08c39 11 bytes [B8, 79, 59, B5, 75, 00, 00, ...] .text C:\Windows\system32\svchost.exe[3508] C:\Windows\system32\ADVAPI32.dll!CryptExportKey + 1 000007fefe3fae81 11 bytes [B8, F9, F6, B5, 75, 00, 00, ...] .text C:\Windows\system32\svchost.exe[3508] C:\Windows\system32\ADVAPI32.dll!CryptAcquireContextA + 1 000007fefe3faee1 11 bytes [B8, 79, E5, B5, 75, 00, 00, ...] .text C:\Windows\system32\svchost.exe[3508] C:\Windows\system32\ADVAPI32.dll!CryptImportKey + 1 000007fefe3fe6e9 11 bytes [B8, 39, FC, B5, 75, 00, 00, ...] .text C:\Windows\system32\svchost.exe[3508] C:\Windows\system32\ADVAPI32.dll!CryptAcquireContextW + 1 000007fefe40048d 11 bytes [B8, 39, E7, B5, 75, 00, 00, ...] .text C:\Windows\system32\svchost.exe[3508] C:\Windows\system32\ADVAPI32.dll!CryptCreateHash + 1 000007fefe400579 11 bytes [B8, 39, F5, B5, 75, 00, 00, ...] .text C:\Windows\system32\svchost.exe[3508] C:\Windows\system32\ADVAPI32.dll!CryptGetHashParam + 1 000007fefe4005b1 11 bytes [B8, B9, F8, B5, 75, 00, 00, ...] .text C:\Windows\system32\svchost.exe[3508] C:\Windows\system32\ADVAPI32.dll!CryptGetHashParam + 73 000007fefe4005f9 5 bytes [B8, 79, FA, B5, 75] .text ... * 2 .text C:\Windows\system32\svchost.exe[3508] C:\Windows\system32\ADVAPI32.dll!IsTextUnicode + 49 000007fefe414e21 11 bytes [B8, 79, 08, B6, 75, 00, 00, ...] .text C:\Windows\system32\svchost.exe[3508] C:\Windows\system32\ADVAPI32.dll!CreateServiceW 000007fefe415538 12 bytes [48, B8, B9, 6C, B5, 75, 00, ...] .text C:\Windows\system32\svchost.exe[3508] C:\Windows\system32\ADVAPI32.dll!CryptEncrypt + 1 000007fefe42b9c1 7 bytes [B8, B9, EA, B5, 75, 00, 00] .text C:\Windows\system32\svchost.exe[3508] C:\Windows\system32\ADVAPI32.dll!CryptEncrypt + 10 000007fefe42b9ca 2 bytes [50, C3] .text C:\Windows\system32\svchost.exe[3508] C:\Windows\system32\ADVAPI32.dll!CreateServiceA 000007fefe42ba4c 12 bytes [48, B8, F9, 6A, B5, 75, 00, ...] .text C:\Windows\system32\svchost.exe[3508] C:\Windows\system32\ADVAPI32.dll!ChangeServiceConfigW 000007fefe42bbc0 12 bytes [48, B8, 79, 60, B5, 75, 00, ...] .text C:\Windows\system32\svchost.exe[3508] C:\Windows\system32\ADVAPI32.dll!ChangeServiceConfigA 000007fefe42bc2c 12 bytes [48, B8, B9, 5E, B5, 75, 00, ...] .text C:\Windows\system32\svchost.exe[3508] C:\Windows\system32\WS2_32.dll!WSASend + 1 000007fefdeb13b1 11 bytes [B8, B9, AB, B5, 75, 00, 00, ...] .text C:\Windows\system32\svchost.exe[3508] C:\Windows\system32\WS2_32.dll!closesocket 000007fefdeb18e0 12 bytes [48, B8, F9, A9, B5, 75, 00, ...] .text C:\Windows\system32\svchost.exe[3508] C:\Windows\system32\WS2_32.dll!WSASocketW + 1 000007fefdeb1bd1 11 bytes [B8, 39, A8, B5, 75, 00, 00, ...] .text C:\Windows\system32\svchost.exe[3508] C:\Windows\system32\WS2_32.dll!WSARecv + 1 000007fefdeb2201 11 bytes [B8, 79, F3, B5, 75, 00, 00, ...] .text C:\Windows\system32\svchost.exe[3508] C:\Windows\system32\WS2_32.dll!GetAddrInfoW 000007fefdeb23c0 12 bytes [48, B8, 39, 8C, B5, 75, 00, ...] .text C:\Windows\system32\svchost.exe[3508] C:\Windows\system32\WS2_32.dll!connect 000007fefdeb45c0 12 bytes [48, B8, 79, 67, B5, 75, 00, ...] .text C:\Windows\system32\svchost.exe[3508] C:\Windows\system32\WS2_32.dll!send + 1 000007fefdeb8001 11 bytes [B8, 79, A6, B5, 75, 00, 00, ...] .text C:\Windows\system32\svchost.exe[3508] C:\Windows\system32\WS2_32.dll!gethostbyname 000007fefdeb8df0 7 bytes [48, B8, B9, 8F, B5, 75, 00] .text C:\Windows\system32\svchost.exe[3508] C:\Windows\system32\WS2_32.dll!gethostbyname + 9 000007fefdeb8df9 3 bytes [00, 50, C3] .text C:\Windows\system32\svchost.exe[3508] C:\Windows\system32\WS2_32.dll!GetAddrInfoExW 000007fefdebc090 12 bytes [48, B8, F9, 8D, B5, 75, 00, ...] .text C:\Windows\system32\svchost.exe[3508] C:\Windows\system32\WS2_32.dll!socket + 1 000007fefdebde91 11 bytes [B8, 79, EC, B5, 75, 00, 00, ...] .text C:\Windows\system32\svchost.exe[3508] C:\Windows\system32\WS2_32.dll!recv + 1 000007fefdebdf41 11 bytes [B8, B9, F1, B5, 75, 00, 00, ...] .text C:\Windows\system32\svchost.exe[3508] C:\Windows\system32\WS2_32.dll!WSAConnect + 1 000007fefdede0f1 11 bytes [B8, F9, EF, B5, 75, 00, 00, ...] .text C:\Windows\system32\SearchIndexer.exe[4040] C:\Windows\SYSTEM32\ntdll.dll!RtlEqualSid + 1 0000000077478731 11 bytes [B8, F9, 04, B6, 75, 00, 00, ...] .text C:\Windows\system32\SearchIndexer.exe[4040] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateProcessParametersEx + 1 0000000077486761 7 bytes [B8, 39, 69, B5, 75, 00, 00] .text C:\Windows\system32\SearchIndexer.exe[4040] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateProcessParametersEx + 10 000000007748676a 2 bytes [50, C3] .text C:\Windows\system32\SearchIndexer.exe[4040] C:\Windows\SYSTEM32\ntdll.dll!NtClose 000000007749dca0 6 bytes [48, B8, 79, C2, B5, 75] .text C:\Windows\system32\SearchIndexer.exe[4040] C:\Windows\SYSTEM32\ntdll.dll!NtClose + 8 000000007749dca8 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\SearchIndexer.exe[4040] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess 000000007749dd70 6 bytes [48, B8, 39, AF, B5, 75] .text C:\Windows\system32\SearchIndexer.exe[4040] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess + 8 000000007749dd78 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\SearchIndexer.exe[4040] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationToken 000000007749ddc0 6 bytes [48, B8, 39, 03, B6, 75] .text C:\Windows\system32\SearchIndexer.exe[4040] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationToken + 8 000000007749ddc8 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\SearchIndexer.exe[4040] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 000000007749de10 6 bytes [48, B8, F9, 32, B5, 75] .text C:\Windows\system32\SearchIndexer.exe[4040] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess + 8 000000007749de18 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\SearchIndexer.exe[4040] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 000000007749de30 6 bytes [48, B8, 39, 1C, B5, 75] .text C:\Windows\system32\SearchIndexer.exe[4040] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection + 8 000000007749de38 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\SearchIndexer.exe[4040] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection 000000007749de50 6 bytes [48, B8, F9, 1D, B5, 75] .text C:\Windows\system32\SearchIndexer.exe[4040] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection + 8 000000007749de58 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\SearchIndexer.exe[4040] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000000007749de70 6 bytes [48, B8, 79, AD, B5, 75] .text C:\Windows\system32\SearchIndexer.exe[4040] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess + 8 000000007749de78 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\SearchIndexer.exe[4040] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000000007749df50 6 bytes [48, B8, 79, 2F, B5, 75] .text C:\Windows\system32\SearchIndexer.exe[4040] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory + 8 000000007749df58 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\SearchIndexer.exe[4040] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 000000007749df70 6 bytes [48, B8, 79, 36, B5, 75] .text C:\Windows\system32\SearchIndexer.exe[4040] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject + 8 000000007749df78 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\SearchIndexer.exe[4040] C:\Windows\SYSTEM32\ntdll.dll!NtAdjustPrivilegesToken 000000007749dfc0 6 bytes [48, B8, 79, DE, B5, 75] .text C:\Windows\system32\SearchIndexer.exe[4040] C:\Windows\SYSTEM32\ntdll.dll!NtAdjustPrivilegesToken + 8 000000007749dfc8 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\SearchIndexer.exe[4040] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 000000007749e000 6 bytes [48, B8, B9, 34, B5, 75] .text C:\Windows\system32\SearchIndexer.exe[4040] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread + 8 000000007749e008 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\SearchIndexer.exe[4040] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcessEx 000000007749e080 6 bytes [48, B8, 39, 2A, B5, 75] .text C:\Windows\system32\SearchIndexer.exe[4040] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcessEx + 8 000000007749e088 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\SearchIndexer.exe[4040] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 000000007749e090 6 bytes [48, B8, B9, 26, B5, 75] .text C:\Windows\system32\SearchIndexer.exe[4040] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread + 8 000000007749e098 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\SearchIndexer.exe[4040] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 000000007749e100 6 bytes [48, B8, 39, E0, B5, 75] .text C:\Windows\system32\SearchIndexer.exe[4040] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile + 8 000000007749e108 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\SearchIndexer.exe[4040] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcess 000000007749e5d0 6 bytes [48, B8, 79, 28, B5, 75] .text C:\Windows\system32\SearchIndexer.exe[4040] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcess + 8 000000007749e5d8 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\SearchIndexer.exe[4040] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 000000007749e630 6 bytes [48, B8, F9, 24, B5, 75] .text C:\Windows\system32\SearchIndexer.exe[4040] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx + 8 000000007749e638 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\SearchIndexer.exe[4040] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 000000007749e9a0 6 bytes [48, B8, 39, C4, B5, 75] .text C:\Windows\system32\SearchIndexer.exe[4040] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver + 8 000000007749e9a8 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\SearchIndexer.exe[4040] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcessToken 000000007749eb70 6 bytes [48, B8, 79, 01, B6, 75] .text C:\Windows\system32\SearchIndexer.exe[4040] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcessToken + 8 000000007749eb78 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\SearchIndexer.exe[4040] C:\Windows\SYSTEM32\ntdll.dll!NtRaiseHardError 000000007749eee0 6 bytes [48, B8, 79, 83, B5, 75] .text C:\Windows\system32\SearchIndexer.exe[4040] C:\Windows\SYSTEM32\ntdll.dll!NtRaiseHardError + 8 000000007749eee8 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\SearchIndexer.exe[4040] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 000000007749f0e0 6 bytes [48, B8, 39, 31, B5, 75] .text C:\Windows\system32\SearchIndexer.exe[4040] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread + 8 000000007749f0e8 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\SearchIndexer.exe[4040] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 000000007749f2a0 6 bytes [48, B8, F9, C5, B5, 75] .text C:\Windows\system32\SearchIndexer.exe[4040] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation + 8 000000007749f2a8 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\SearchIndexer.exe[4040] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 000000007749f380 6 bytes [48, B8, 79, 3D, B5, 75] .text C:\Windows\system32\SearchIndexer.exe[4040] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess + 8 000000007749f388 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\SearchIndexer.exe[4040] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 000000007749f390 6 bytes [48, B8, B9, 3B, B5, 75] .text C:\Windows\system32\SearchIndexer.exe[4040] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread + 8 000000007749f398 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\SearchIndexer.exe[4040] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 000000007749f480 6 bytes [48, B8, 39, 0A, B6, 75] .text C:\Windows\system32\SearchIndexer.exe[4040] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl + 8 000000007749f488 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\SearchIndexer.exe[4040] C:\Windows\SYSTEM32\ntdll.dll!RtlReportException + 1 000000007750ed21 11 bytes [B8, 39, 85, B5, 75, 00, 00, ...] .text C:\Windows\system32\SearchIndexer.exe[4040] C:\Windows\system32\KERNELBASE.dll!CloseHandle + 1 000007fefd231861 11 bytes [B8, 79, 52, B5, 75, 00, 00, ...] .text C:\Windows\system32\SearchIndexer.exe[4040] C:\Windows\system32\KERNELBASE.dll!GetProcAddress + 1 000007fefd2330f1 11 bytes [B8, 39, B6, B5, 75, 00, 00, ...] .text C:\Windows\system32\SearchIndexer.exe[4040] C:\Windows\system32\KERNELBASE.dll!FindFirstFileExW 000007fefd235200 12 bytes [48, B8, B9, E3, B5, 75, 00, ...] .text C:\Windows\system32\SearchIndexer.exe[4040] C:\Windows\system32\KERNELBASE.dll!FindNextFileW + 1 000007fefd235b91 11 bytes [B8, 79, E5, B5, 75, 00, 00, ...] .text C:\Windows\system32\SearchIndexer.exe[4040] C:\Windows\system32\KERNELBASE.dll!CreateMutexW 000007fefd238c00 12 bytes [48, B8, B9, 50, B5, 75, 00, ...] .text C:\Windows\system32\SearchIndexer.exe[4040] C:\Windows\system32\KERNELBASE.dll!CreateWellKnownSid + 1 000007fefd239531 11 bytes [B8, B9, FF, B5, 75, 00, 00, ...] .text C:\Windows\system32\SearchIndexer.exe[4040] C:\Windows\system32\KERNELBASE.dll!DeviceIoControl + 1 000007fefd239e71 11 bytes [B8, F9, E1, B5, 75, 00, 00, ...] .text C:\Windows\system32\SearchIndexer.exe[4040] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExA + 1 000007fefd23b591 11 bytes [B8, F9, B0, B5, 75, 00, 00, ...] .text C:\Windows\system32\SearchIndexer.exe[4040] C:\Windows\system32\KERNELBASE.dll!OpenMutexW + 1 000007fefd242361 11 bytes [B8, F9, 4E, B5, 75, 00, 00, ...] .text C:\Windows\system32\SearchIndexer.exe[4040] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd24a590 12 bytes [48, B8, B9, B2, B5, 75, 00, ...] .text C:\Windows\system32\SearchIndexer.exe[4040] C:\Windows\system32\KERNELBASE.dll!FreeLibrary + 1 000007fefd24ac01 11 bytes [B8, 79, B4, B5, 75, 00, 00, ...] .text C:\Windows\system32\SearchIndexer.exe[4040] C:\Windows\system32\KERNELBASE.dll!WriteProcessMemory 000007fefd2642e0 12 bytes [48, B8, B9, 42, B5, 75, 00, ...] .text C:\Windows\system32\SearchIndexer.exe[4040] C:\Windows\system32\KERNELBASE.dll!DefineDosDeviceW + 1 000007fefd270ba1 11 bytes [B8, B9, CE, B5, 75, 00, 00, ...] .text C:\Windows\system32\SearchIndexer.exe[4040] C:\Windows\system32\KERNELBASE.dll!CreateRemoteThread + 1 000007fefd272801 8 bytes [B8, 39, 23, B5, 75, 00, 00, ...] .text C:\Windows\system32\SearchIndexer.exe[4040] C:\Windows\system32\KERNELBASE.dll!CreateRemoteThread + 10 000007fefd27280a 2 bytes [50, C3] .text C:\Windows\system32\SearchIndexer.exe[4040] C:\Windows\system32\KERNELBASE.dll!CreateThread + 1 000007fefd272841 11 bytes [B8, F9, 40, B5, 75, 00, 00, ...] .text C:\Windows\system32\SearchIndexer.exe[4040] C:\Windows\SYSTEM32\sechost.dll!ControlService + 1 000007fefdc0642d 11 bytes [B8, 39, 5B, B5, 75, 00, 00, ...] .text C:\Windows\system32\SearchIndexer.exe[4040] C:\Windows\SYSTEM32\sechost.dll!OpenServiceW 000007fefdc06484 12 bytes [48, B8, F9, 55, B5, 75, 00, ...] .text C:\Windows\system32\SearchIndexer.exe[4040] C:\Windows\SYSTEM32\sechost.dll!CloseServiceHandle + 1 000007fefdc06519 11 bytes [B8, 39, 62, B5, 75, 00, 00, ...] .text C:\Windows\system32\SearchIndexer.exe[4040] C:\Windows\SYSTEM32\sechost.dll!OpenServiceA 000007fefdc06c34 12 bytes [48, B8, 39, 54, B5, 75, 00, ...] .text C:\Windows\system32\SearchIndexer.exe[4040] C:\Windows\SYSTEM32\sechost.dll!DeleteService + 1 000007fefdc07ab5 11 bytes [B8, F9, 5C, B5, 75, 00, 00, ...] .text C:\Windows\system32\SearchIndexer.exe[4040] C:\Windows\SYSTEM32\sechost.dll!ControlServiceExA + 1 000007fefdc08b01 11 bytes [B8, B9, 57, B5, 75, 00, 00, ...] .text C:\Windows\system32\SearchIndexer.exe[4040] C:\Windows\SYSTEM32\sechost.dll!ControlServiceExW + 1 000007fefdc08c39 11 bytes [B8, 79, 59, B5, 75, 00, 00, ...] .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[1416] C:\Windows\SYSTEM32\ntdll.dll!RtlEqualSid + 1 0000000077478731 11 bytes [B8, F9, 20, B6, 75, 00, 00, ...] .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[1416] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateProcessParametersEx + 1 0000000077486761 7 bytes [B8, 39, 69, B5, 75, 00, 00] .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[1416] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateProcessParametersEx + 10 000000007748676a 2 bytes [50, C3] .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[1416] C:\Windows\SYSTEM32\ntdll.dll!NtClose 000000007749dca0 6 bytes [48, B8, 79, DE, B5, 75] .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[1416] C:\Windows\SYSTEM32\ntdll.dll!NtClose + 8 000000007749dca8 4 bytes [00, 00, 50, C3] .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[1416] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess 000000007749dd70 6 bytes [48, B8, 39, CB, B5, 75] .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[1416] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess + 8 000000007749dd78 4 bytes [00, 00, 50, C3] .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[1416] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationToken 000000007749ddc0 6 bytes [48, B8, 39, 1F, B6, 75] .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[1416] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationToken + 8 000000007749ddc8 4 bytes [00, 00, 50, C3] .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[1416] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 000000007749de10 6 bytes [48, B8, F9, 32, B5, 75] .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[1416] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess + 8 000000007749de18 4 bytes [00, 00, 50, C3] .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[1416] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 000000007749de30 6 bytes [48, B8, 39, 1C, B5, 75] .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[1416] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection + 8 000000007749de38 4 bytes [00, 00, 50, C3] .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[1416] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection 000000007749de50 6 bytes [48, B8, F9, 1D, B5, 75] .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[1416] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection + 8 000000007749de58 4 bytes [00, 00, 50, C3] .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[1416] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000000007749de70 6 bytes [48, B8, 79, C9, B5, 75] .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[1416] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess + 8 000000007749de78 4 bytes [00, 00, 50, C3] .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[1416] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000000007749df50 6 bytes [48, B8, 79, 2F, B5, 75] .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[1416] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory + 8 000000007749df58 4 bytes [00, 00, 50, C3] .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[1416] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 000000007749df70 6 bytes [48, B8, 79, 36, B5, 75] .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[1416] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject + 8 000000007749df78 4 bytes [00, 00, 50, C3] .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[1416] C:\Windows\SYSTEM32\ntdll.dll!NtAdjustPrivilegesToken 000000007749dfc0 6 bytes [48, B8, 79, FA, B5, 75] .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[1416] C:\Windows\SYSTEM32\ntdll.dll!NtAdjustPrivilegesToken + 8 000000007749dfc8 4 bytes [00, 00, 50, C3] .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[1416] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 000000007749e000 6 bytes [48, B8, B9, 34, B5, 75] .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[1416] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread + 8 000000007749e008 4 bytes [00, 00, 50, C3] .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[1416] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcessEx 000000007749e080 6 bytes [48, B8, 39, 2A, B5, 75] .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[1416] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcessEx + 8 000000007749e088 4 bytes [00, 00, 50, C3] .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[1416] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 000000007749e090 6 bytes [48, B8, B9, 26, B5, 75] .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[1416] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread + 8 000000007749e098 4 bytes [00, 00, 50, C3] .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[1416] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 000000007749e100 6 bytes [48, B8, 39, FC, B5, 75] .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[1416] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile + 8 000000007749e108 4 bytes [00, 00, 50, C3] .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[1416] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcess 000000007749e5d0 6 bytes [48, B8, 79, 28, B5, 75] .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[1416] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcess + 8 000000007749e5d8 4 bytes [00, 00, 50, C3] .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[1416] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 000000007749e630 6 bytes [48, B8, F9, 24, B5, 75] .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[1416] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx + 8 000000007749e638 4 bytes [00, 00, 50, C3] .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[1416] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 000000007749e9a0 6 bytes [48, B8, 39, E0, B5, 75] .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[1416] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver + 8 000000007749e9a8 4 bytes [00, 00, 50, C3] .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[1416] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcessToken 000000007749eb70 6 bytes [48, B8, 79, 1D, B6, 75] .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[1416] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcessToken + 8 000000007749eb78 4 bytes [00, 00, 50, C3] .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[1416] C:\Windows\SYSTEM32\ntdll.dll!NtRaiseHardError 000000007749eee0 6 bytes [48, B8, 79, 83, B5, 75] .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[1416] C:\Windows\SYSTEM32\ntdll.dll!NtRaiseHardError + 8 000000007749eee8 4 bytes [00, 00, 50, C3] .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[1416] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 000000007749f0e0 6 bytes [48, B8, 39, 31, B5, 75] .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[1416] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread + 8 000000007749f0e8 4 bytes [00, 00, 50, C3] .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[1416] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 000000007749f2a0 6 bytes [48, B8, F9, E1, B5, 75] .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[1416] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation + 8 000000007749f2a8 4 bytes [00, 00, 50, C3] .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[1416] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 000000007749f380 6 bytes [48, B8, 79, 3D, B5, 75] .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[1416] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess + 8 000000007749f388 4 bytes [00, 00, 50, C3] .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[1416] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 000000007749f390 6 bytes [48, B8, B9, 3B, B5, 75] .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[1416] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread + 8 000000007749f398 4 bytes [00, 00, 50, C3] .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[1416] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 000000007749f480 6 bytes [48, B8, 39, 26, B6, 75] .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[1416] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl + 8 000000007749f488 4 bytes [00, 00, 50, C3] .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[1416] C:\Windows\SYSTEM32\ntdll.dll!RtlReportException + 1 000000007750ed21 11 bytes [B8, 39, 85, B5, 75, 00, 00, ...] .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[1416] C:\Windows\system32\kernel32.dll!Process32NextW + 1 0000000077231b21 11 bytes [B8, B9, DC, B5, 75, 00, 00, ...] .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[1416] C:\Windows\system32\kernel32.dll!CreateToolhelp32Snapshot 0000000077231c10 12 bytes [48, B8, F9, 39, B5, 75, 00, ...] .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[1416] C:\Windows\system32\kernel32.dll!MoveFileExW + 1 0000000077232b61 8 bytes [B8, B9, F1, B5, 75, 00, 00, ...] .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[1416] C:\Windows\system32\kernel32.dll!MoveFileExW + 10 0000000077232b6a 2 bytes [50, C3] .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[1416] C:\Windows\system32\kernel32.dll!CreateProcessInternalW 000000007724dbc0 12 bytes [48, B8, B9, 2D, B5, 75, 00, ...] .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[1416] C:\Windows\system32\kernel32.dll!GetStartupInfoA + 1 0000000077250941 2 bytes [B8, 79] .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[1416] C:\Windows\system32\kernel32.dll!GetStartupInfoA + 4 0000000077250944 8 bytes [B6, 75, 00, 00, 00, 00, 50, ...] .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[1416] C:\Windows\system32\kernel32.dll!ReadConsoleInputW + 1 0000000077285321 11 bytes [B8, B9, 7A, B5, 75, 00, 00, ...] .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[1416] C:\Windows\system32\kernel32.dll!ReadConsoleInputA + 1 0000000077285341 11 bytes [B8, 39, 77, B5, 75, 00, 00, ...] .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[1416] C:\Windows\system32\kernel32.dll!ReadConsoleW 000000007729a650 12 bytes [48, B8, B9, 81, B5, 75, 00, ...] .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[1416] C:\Windows\system32\kernel32.dll!ReadConsoleA 000000007729a760 12 bytes [48, B8, 39, 7E, B5, 75, 00, ...] .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[1416] C:\Windows\system32\kernel32.dll!MoveFileWithProgressW + 1 00000000772bf501 11 bytes [B8, B9, F8, B5, 75, 00, 00, ...] .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[1416] C:\Windows\system32\kernel32.dll!MoveFileWithProgressA + 1 00000000772bf701 11 bytes [B8, 39, F5, B5, 75, 00, 00, ...] .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[1416] C:\Windows\system32\kernel32.dll!MoveFileExA + 1 00000000772bf731 8 bytes [B8, 39, EE, B5, 75, 00, 00, ...] .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[1416] C:\Windows\system32\kernel32.dll!MoveFileExA + 10 00000000772bf73a 2 bytes [50, C3] .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[1416] C:\Windows\system32\KERNELBASE.dll!CloseHandle + 1 000007fefd231861 11 bytes [B8, 79, 52, B5, 75, 00, 00, ...] .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[1416] C:\Windows\system32\KERNELBASE.dll!GetProcAddress + 1 000007fefd2330f1 11 bytes [B8, 39, D2, B5, 75, 00, 00, ...] .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[1416] C:\Windows\system32\KERNELBASE.dll!FindFirstFileExW 000007fefd235200 12 bytes [48, B8, B9, FF, B5, 75, 00, ...] .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[1416] C:\Windows\system32\KERNELBASE.dll!FindNextFileW + 1 000007fefd235b91 11 bytes [B8, 79, 01, B6, 75, 00, 00, ...] .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[1416] C:\Windows\system32\KERNELBASE.dll!CreateMutexW 000007fefd238c00 12 bytes [48, B8, B9, 50, B5, 75, 00, ...] .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[1416] C:\Windows\system32\KERNELBASE.dll!CreateWellKnownSid + 1 000007fefd239531 11 bytes [B8, B9, 1B, B6, 75, 00, 00, ...] .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[1416] C:\Windows\system32\KERNELBASE.dll!DeviceIoControl + 1 000007fefd239e71 11 bytes [B8, F9, FD, B5, 75, 00, 00, ...] .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[1416] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExA + 1 000007fefd23b591 11 bytes [B8, F9, CC, B5, 75, 00, 00, ...] .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[1416] C:\Windows\system32\KERNELBASE.dll!OpenMutexW + 1 000007fefd242361 11 bytes [B8, F9, 4E, B5, 75, 00, 00, ...] .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[1416] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd24a590 12 bytes [48, B8, B9, CE, B5, 75, 00, ...] .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[1416] C:\Windows\system32\KERNELBASE.dll!FreeLibrary + 1 000007fefd24ac01 11 bytes [B8, 79, D0, B5, 75, 00, 00, ...] .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[1416] C:\Windows\system32\KERNELBASE.dll!WriteProcessMemory 000007fefd2642e0 12 bytes [48, B8, B9, 42, B5, 75, 00, ...] .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[1416] C:\Windows\system32\KERNELBASE.dll!DefineDosDeviceW + 1 000007fefd270ba1 11 bytes [B8, B9, EA, B5, 75, 00, 00, ...] .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[1416] C:\Windows\system32\KERNELBASE.dll!CreateRemoteThread + 1 000007fefd272801 8 bytes [B8, 39, 23, B5, 75, 00, 00, ...] .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[1416] C:\Windows\system32\KERNELBASE.dll!CreateRemoteThread + 10 000007fefd27280a 2 bytes [50, C3] .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[1416] C:\Windows\system32\KERNELBASE.dll!CreateThread + 1 000007fefd272841 11 bytes [B8, F9, 40, B5, 75, 00, 00, ...] .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[1416] C:\Windows\system32\ADVAPI32.dll!CryptExportKey + 1 000007fefe3fae81 11 bytes [B8, B9, 14, B6, 75, 00, 00, ...] .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[1416] C:\Windows\system32\ADVAPI32.dll!CryptAcquireContextA + 1 000007fefe3faee1 11 bytes [B8, 39, 03, B6, 75, 00, 00, ...] .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[1416] C:\Windows\system32\ADVAPI32.dll!CryptImportKey + 1 000007fefe3fe6e9 11 bytes [B8, F9, 19, B6, 75, 00, 00, ...] .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[1416] C:\Windows\system32\ADVAPI32.dll!CryptAcquireContextW + 1 000007fefe40048d 11 bytes [B8, F9, 04, B6, 75, 00, 00, ...] .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[1416] C:\Windows\system32\ADVAPI32.dll!CryptCreateHash + 1 000007fefe400579 11 bytes [B8, F9, 12, B6, 75, 00, 00, ...] .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[1416] C:\Windows\system32\ADVAPI32.dll!CryptGetHashParam + 1 000007fefe4005b1 11 bytes [B8, 79, 16, B6, 75, 00, 00, ...] .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[1416] C:\Windows\system32\ADVAPI32.dll!CryptGetHashParam + 73 000007fefe4005f9 5 bytes [B8, 39, 18, B6, 75] .text ... * 2 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[1416] C:\Windows\system32\ADVAPI32.dll!IsTextUnicode + 49 000007fefe414e21 11 bytes [B8, 79, 2B, B6, 75, 00, 00, ...] .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[1416] C:\Windows\system32\ADVAPI32.dll!CreateServiceW 000007fefe415538 12 bytes [48, B8, B9, 6C, B5, 75, 00, ...] .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[1416] C:\Windows\system32\ADVAPI32.dll!CryptEncrypt + 1 000007fefe42b9c1 7 bytes [B8, 79, 08, B6, 75, 00, 00] .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[1416] C:\Windows\system32\ADVAPI32.dll!CryptEncrypt + 10 000007fefe42b9ca 2 bytes [50, C3] .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[1416] C:\Windows\system32\ADVAPI32.dll!CreateServiceA 000007fefe42ba4c 12 bytes [48, B8, F9, 6A, B5, 75, 00, ...] .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[1416] C:\Windows\system32\ADVAPI32.dll!ChangeServiceConfigW 000007fefe42bbc0 12 bytes [48, B8, 79, 60, B5, 75, 00, ...] .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[1416] C:\Windows\system32\ADVAPI32.dll!ChangeServiceConfigA 000007fefe42bc2c 12 bytes [48, B8, B9, 5E, B5, 75, 00, ...] .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[1416] C:\Windows\SYSTEM32\sechost.dll!ControlService + 1 000007fefdc0642d 11 bytes [B8, 39, 5B, B5, 75, 00, 00, ...] .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[1416] C:\Windows\SYSTEM32\sechost.dll!OpenServiceW 000007fefdc06484 12 bytes [48, B8, F9, 55, B5, 75, 00, ...] .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[1416] C:\Windows\SYSTEM32\sechost.dll!CloseServiceHandle + 1 000007fefdc06519 11 bytes [B8, 39, 62, B5, 75, 00, 00, ...] .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[1416] C:\Windows\SYSTEM32\sechost.dll!OpenServiceA 000007fefdc06c34 12 bytes [48, B8, 39, 54, B5, 75, 00, ...] .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[1416] C:\Windows\SYSTEM32\sechost.dll!DeleteService + 1 000007fefdc07ab5 11 bytes [B8, F9, 5C, B5, 75, 00, 00, ...] .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[1416] C:\Windows\SYSTEM32\sechost.dll!ControlServiceExA + 1 000007fefdc08b01 11 bytes [B8, B9, 57, B5, 75, 00, 00, ...] .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[1416] C:\Windows\SYSTEM32\sechost.dll!ControlServiceExW + 1 000007fefdc08c39 11 bytes [B8, 79, 59, B5, 75, 00, 00, ...] .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3980] C:\Windows\SysWOW64\ntdll.dll!NtClose 000000007764fa2c 5 bytes JMP 0000000173785e61 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3980] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationProcess 000000007764fb74 5 bytes JMP 0000000173785871 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3980] C:\Windows\SysWOW64\ntdll.dll!NtQueryInformationToken 000000007764fbf4 5 bytes JMP 00000001737873c1 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3980] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess 000000007764fc6c 5 bytes JMP 00000001737831d9 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3980] C:\Windows\SysWOW64\ntdll.dll!NtMapViewOfSection 000000007764fc9c 5 bytes JMP 00000001737815f1 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3980] C:\Windows\SysWOW64\ntdll.dll!NtUnmapViewOfSection 000000007764fccc 5 bytes JMP 0000000173781689 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3980] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 000000007764fcfc 5 bytes JMP 00000001737857d9 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3980] C:\Windows\SysWOW64\ntdll.dll!NtWriteVirtualMemory 000000007764fe60 5 bytes JMP 00000001737830a9 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3980] C:\Windows\SysWOW64\ntdll.dll!NtDuplicateObject 000000007764fe90 5 bytes JMP 0000000173783309 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3980] C:\Windows\SysWOW64\ntdll.dll!NtAdjustPrivilegesToken 000000007764ff0c 5 bytes JMP 00000001737867e1 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3980] C:\Windows\SysWOW64\ntdll.dll!NtQueueApcThread 000000007764ff70 5 bytes JMP 0000000173783271 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3980] C:\Windows\SysWOW64\ntdll.dll!NtCreateProcessEx 0000000077650038 5 bytes JMP 0000000173782ee1 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3980] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread 0000000077650050 5 bytes JMP 0000000173782db1 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3980] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile 0000000077650100 5 bytes JMP 0000000173781ed9 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3980] C:\Windows\SysWOW64\ntdll.dll!NtSetValueKey 0000000077650210 5 bytes JMP 0000000173782301 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3980] C:\Windows\SysWOW64\ntdll.dll!NtCreateProcess 0000000077650860 5 bytes JMP 0000000173782e49 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3980] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx 00000000776508f0 5 bytes JMP 0000000173782d19 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3980] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver 0000000077650e40 5 bytes JMP 0000000173785ef9 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3980] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessToken 000000007765110c 5 bytes JMP 0000000173787329 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3980] C:\Windows\SysWOW64\ntdll.dll!NtRaiseHardError 0000000077651650 5 bytes JMP 0000000173784ac9 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3980] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread 000000007765196c 5 bytes JMP 0000000173783141 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3980] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation 0000000077651c30 5 bytes JMP 0000000173785f91 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3980] C:\Windows\SysWOW64\ntdll.dll!NtSuspendProcess 0000000077651da0 5 bytes JMP 0000000173783439 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3980] C:\Windows\SysWOW64\ntdll.dll!NtSuspendThread 0000000077651dbc 5 bytes JMP 00000001737833a1 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3980] C:\Windows\SysWOW64\ntdll.dll!NtVdmControl 0000000077651f34 5 bytes JMP 00000001737874f1 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3980] C:\Windows\SysWOW64\ntdll.dll!RtlQueryPerformanceCounter 0000000077664964 5 bytes JMP 0000000173781ab1 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3980] C:\Windows\SysWOW64\ntdll.dll!RtlEqualSid 0000000077670fe1 5 bytes JMP 0000000173787459 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3980] C:\Windows\SysWOW64\ntdll.dll!RtlCreateProcessParametersEx 0000000077690f4b 5 bytes JMP 0000000173782009 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3980] C:\Windows\SysWOW64\ntdll.dll!RtlReportException 00000000776d88cf 5 bytes JMP 0000000173784b61 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3980] C:\Windows\SysWOW64\ntdll.dll!RtlCreateProcessParameters 00000000776deb6b 5 bytes JMP 0000000173781f71 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3980] C:\Windows\syswow64\kernel32.dll!GetStartupInfoA 0000000075440e00 5 bytes JMP 0000000173781da9 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3980] C:\Windows\syswow64\kernel32.dll!CreateProcessA 0000000075441072 5 bytes JMP 0000000173782a21 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3980] C:\Windows\syswow64\kernel32.dll!LoadLibraryA 000000007544498f 5 bytes JMP 00000001737825f9 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3980] C:\Windows\syswow64\kernel32.dll!CreateProcessInternalW 0000000075453bab 5 bytes JMP 0000000173783011 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3980] C:\Windows\syswow64\kernel32.dll!MoveFileWithProgressW 0000000075459aa4 5 bytes JMP 0000000173786749 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3980] C:\Windows\syswow64\kernel32.dll!MoveFileExW 0000000075459b05 5 bytes JMP 00000001737864e9 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3980] C:\Windows\syswow64\kernel32.dll!CreateToolhelp32Snapshot 0000000075467327 5 bytes JMP 0000000173782729 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3980] C:\Windows\syswow64\kernel32.dll!Process32NextW 00000000754688da 5 bytes JMP 0000000173785dc9 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3980] C:\Windows\syswow64\kernel32.dll!MoveFileExA 000000007546ccb1 5 bytes JMP 00000001737863b9 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3980] C:\Windows\syswow64\kernel32.dll!MoveFileWithProgressA 000000007546ccd1 5 bytes JMP 0000000173786619 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3980] C:\Windows\syswow64\kernel32.dll!WinExec 00000000754c3051 5 bytes JMP 00000001737828f1 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3980] C:\Windows\syswow64\kernel32.dll!ReadConsoleInputA 00000000754e751b 5 bytes JMP 00000001737846a1 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3980] C:\Windows\syswow64\kernel32.dll!ReadConsoleInputW 00000000754e753e 5 bytes JMP 00000001737847d1 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3980] C:\Windows\syswow64\kernel32.dll!ReadConsoleA 00000000754e78e9 5 bytes JMP 0000000173784901 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3980] C:\Windows\syswow64\kernel32.dll!ReadConsoleW 00000000754e7962 5 bytes JMP 0000000173784a31 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3980] C:\Windows\syswow64\KERNELBASE.dll!GetSystemTimeAsFileTime 0000000077018f8d 5 bytes JMP 0000000173781a19 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3980] C:\Windows\syswow64\KERNELBASE.dll!CloseHandle 000000007701c436 5 bytes JMP 0000000173783b59 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3980] C:\Windows\syswow64\KERNELBASE.dll!DeviceIoControl 000000007701d0af 5 bytes JMP 0000000173786879 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3980] C:\Windows\syswow64\KERNELBASE.dll!WriteProcessMemory 000000007701eca6 5 bytes JMP 0000000173783601 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3980] C:\Windows\syswow64\KERNELBASE.dll!ExitProcess 000000007701f206 5 bytes JMP 0000000173782399 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3980] C:\Windows\syswow64\KERNELBASE.dll!GetStartupInfoW 000000007701fa89 5 bytes JMP 0000000173781e41 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3980] C:\Windows\syswow64\KERNELBASE.dll!DefineDosDeviceW 000000007701fbb7 5 bytes JMP 0000000173786289 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3980] C:\Windows\syswow64\KERNELBASE.dll!CreateMutexW 0000000077021358 5 bytes JMP 0000000173783ac1 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3980] C:\Windows\syswow64\KERNELBASE.dll!OpenMutexW 000000007702137f 5 bytes JMP 0000000173783a29 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3980] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000077021d29 5 bytes JMP 0000000173781981 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3980] C:\Windows\syswow64\KERNELBASE.dll!GetProcAddress 0000000077021e15 5 bytes JMP 00000001737824c9 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3980] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000077022ab1 5 bytes JMP 00000001001df046 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3980] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExA 0000000077022cd9 5 bytes JMP 0000000173785909 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3980] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000077022d17 5 bytes JMP 0000000173785a39 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3980] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleA 0000000077022e7a 5 bytes JMP 00000001737818e9 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3980] C:\Windows\syswow64\KERNELBASE.dll!SleepEx 0000000077023b70 5 bytes JMP 0000000173782269 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3980] C:\Windows\syswow64\KERNELBASE.dll!Sleep 0000000077024496 5 bytes JMP 0000000173782431 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3980] C:\Windows\syswow64\KERNELBASE.dll!CreateThread 0000000077024608 5 bytes JMP 0000000173783569 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3980] C:\Windows\syswow64\KERNELBASE.dll!CreateRemoteThread 0000000077024631 5 bytes JMP 0000000173782c81 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3980] C:\Windows\syswow64\KERNELBASE.dll!FindNextFileW 000000007702a211 5 bytes JMP 00000001737869a9 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3980] C:\Windows\syswow64\KERNELBASE.dll!FindFirstFileExW 000000007702a4fa 5 bytes JMP 0000000173786911 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3980] C:\Windows\syswow64\KERNELBASE.dll!CreateFileA 000000007702c734 5 bytes JMP 00000001737827c1 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3980] C:\Windows\syswow64\KERNELBASE.dll!CreateWellKnownSid 000000007702e29d 5 bytes JMP 0000000173787291 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3980] C:\Windows\syswow64\msvcrt.dll!_lock + 41 000000007504a472 5 bytes JMP 00000001737876b9 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3980] C:\Windows\syswow64\msvcrt.dll!__p__fmode 00000000750527ce 5 bytes JMP 0000000173781be1 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3980] C:\Windows\syswow64\msvcrt.dll!__p__environ 000000007505e6cf 5 bytes JMP 0000000173781b49 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3980] C:\Windows\syswow64\WS2_32.dll!closesocket 00000000767f3918 5 bytes JMP 0000000173785741 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3980] C:\Windows\syswow64\WS2_32.dll!WSASocketW 00000000767f3cd3 5 bytes JMP 00000001737856a9 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3980] C:\Windows\syswow64\WS2_32.dll!socket 00000000767f3eb8 5 bytes JMP 0000000173786ca1 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3980] C:\Windows\syswow64\WS2_32.dll!WSASend 00000000767f4406 5 bytes JMP 0000000173782139 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3980] C:\Windows\syswow64\WS2_32.dll!GetAddrInfoW 00000000767f4889 5 bytes JMP 0000000173784dc1 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3980] C:\Windows\syswow64\WS2_32.dll!recv 00000000767f6b0e 5 bytes JMP 0000000173786e69 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3980] C:\Windows\syswow64\WS2_32.dll!connect 00000000767f6bdd 1 byte JMP 00000001737841e1 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3980] C:\Windows\syswow64\WS2_32.dll!connect + 2 00000000767f6bdf 3 bytes {CALL RBP} .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3980] C:\Windows\syswow64\WS2_32.dll!send 00000000767f6f01 5 bytes JMP 00000001737820a1 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3980] C:\Windows\syswow64\WS2_32.dll!WSARecv 00000000767f7089 5 bytes JMP 0000000173786f01 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3980] C:\Windows\syswow64\WS2_32.dll!WSAConnect 00000000767fcc3f 5 bytes JMP 0000000173786dd1 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3980] C:\Windows\syswow64\WS2_32.dll!GetAddrInfoExW 00000000767fd1ea 5 bytes JMP 0000000173784e59 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3980] C:\Windows\syswow64\WS2_32.dll!gethostbyname 0000000076807673 5 bytes JMP 0000000173784ef1 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3980] C:\Windows\syswow64\USER32.dll!GetMessageW 00000000771478e2 5 bytes JMP 0000000173784441 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3980] C:\Windows\syswow64\USER32.dll!GetMessageA 0000000077147bd3 5 bytes JMP 00000001737843a9 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3980] C:\Windows\syswow64\USER32.dll!CreateWindowExW 0000000077148a29 5 bytes JMP 0000000173784f89 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3980] C:\Windows\syswow64\USER32.dll!FindWindowW 00000000771498fd 1 byte JMP 0000000173785c01 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3980] C:\Windows\syswow64\USER32.dll!FindWindowW + 2 00000000771498ff 3 bytes {JMP 0xfffffffffc63c304} .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3980] C:\Windows\syswow64\USER32.dll!UserClientDllInitialize 000000007714b6ed 5 bytes JMP 00000001737877e9 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3980] C:\Windows\syswow64\USER32.dll!CreateWindowExA 000000007714d22e 5 bytes JMP 0000000173785021 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3980] C:\Windows\syswow64\USER32.dll!SetWinEventHook 000000007714ee09 5 bytes JMP 00000001737834d1 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3980] C:\Windows\syswow64\USER32.dll!FindWindowA 000000007714ffe6 5 bytes JMP 0000000173785ad1 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3980] C:\Windows\syswow64\USER32.dll!FindWindowExA 00000000771500d9 5 bytes JMP 0000000173785b69 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3980] C:\Windows\syswow64\USER32.dll!PeekMessageW 00000000771505ba 5 bytes JMP 0000000173784571 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3980] C:\Windows\syswow64\USER32.dll!ShowWindow 0000000077150dfb 5 bytes JMP 00000001737850b9 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3980] C:\Windows\syswow64\USER32.dll!PostMessageW 00000000771512a5 5 bytes JMP 0000000173787621 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3980] C:\Windows\syswow64\USER32.dll!SetWindowTextW 00000000771520ec 5 bytes JMP 0000000173785449 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3980] C:\Windows\syswow64\USER32.dll!PostMessageA 0000000077153baa 5 bytes JMP 0000000173787589 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3980] C:\Windows\syswow64\USER32.dll!PeekMessageA 0000000077155f74 5 bytes JMP 00000001737844d9 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3980] C:\Windows\syswow64\USER32.dll!CallNextHookEx 0000000077156285 5 bytes JMP 0000000173784bf9 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3980] C:\Windows\syswow64\USER32.dll!SetWindowsHookExW 0000000077157603 5 bytes JMP 0000000173782be9 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3980] C:\Windows\syswow64\USER32.dll!SetWindowTextA 0000000077157aee 5 bytes JMP 00000001737853b1 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3980] C:\Windows\syswow64\USER32.dll!SetWindowsHookExA 000000007715835c 5 bytes JMP 0000000173782b51 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3980] C:\Windows\syswow64\USER32.dll!DialogBoxIndirectParamAorW 000000007716ce54 5 bytes JMP 00000001737851e9 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3980] C:\Windows\syswow64\USER32.dll!UnhookWindowsHookEx 000000007716f52b 5 bytes JMP 0000000173784c91 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3980] C:\Windows\syswow64\USER32.dll!FindWindowExW 000000007716f588 5 bytes JMP 0000000173785c99 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3980] C:\Windows\syswow64\USER32.dll!CreateDialogIndirectParamAorW 00000000771710a0 5 bytes JMP 0000000173785151 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3980] C:\Windows\syswow64\USER32.dll!MessageBoxExA 000000007719fcd6 2 bytes JMP 0000000173785281 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3980] C:\Windows\syswow64\USER32.dll!MessageBoxExA + 3 000000007719fcd9 2 bytes [5E, FC] .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3980] C:\Windows\syswow64\USER32.dll!MessageBoxExW 000000007719fcfa 5 bytes JMP 0000000173785319 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3980] C:\Windows\syswow64\ADVAPI32.dll!CryptGenKey 0000000076718e89 5 bytes JMP 0000000173786b71 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3980] C:\Windows\syswow64\ADVAPI32.dll!CryptAcquireContextA 0000000076719179 5 bytes JMP 0000000173786a41 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3980] C:\Windows\syswow64\ADVAPI32.dll!CryptExportKey 0000000076719186 5 bytes JMP 0000000173787031 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3980] C:\Windows\syswow64\ADVAPI32.dll!CryptImportKey 000000007671c4d2 5 bytes JMP 00000001737871f9 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3980] C:\Windows\syswow64\ADVAPI32.dll!OpenServiceW 000000007671c9ec 5 bytes JMP 0000000173783c89 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3980] C:\Windows\syswow64\ADVAPI32.dll!CryptAcquireContextW 000000007671deb4 5 bytes JMP 0000000173786ad9 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3980] C:\Windows\syswow64\ADVAPI32.dll!CryptHashData 000000007671ded6 5 bytes JMP 0000000173787161 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3980] C:\Windows\syswow64\ADVAPI32.dll!CryptCreateHash 000000007671deee 5 bytes JMP 0000000173786f99 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3980] C:\Windows\syswow64\ADVAPI32.dll!CryptGetHashParam 000000007671df1e 5 bytes JMP 00000001737870c9 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3980] C:\Windows\syswow64\ADVAPI32.dll!OpenServiceA 0000000076722b50 5 bytes JMP 0000000173783bf1 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3980] C:\Windows\syswow64\ADVAPI32.dll!CloseServiceHandle 00000000767235fc 5 bytes JMP 00000001737840b1 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3980] C:\Windows\syswow64\ADVAPI32.dll!RegOpenKeyExA + 222 000000007672494d 5 bytes JMP 0000000173787881 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3980] C:\Windows\syswow64\ADVAPI32.dll!CreateServiceW 0000000076737154 5 bytes JMP 0000000173784311 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3980] C:\Windows\syswow64\ADVAPI32.dll!ControlService 000000007673716c 5 bytes JMP 0000000173783e51 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3980] C:\Windows\syswow64\ADVAPI32.dll!DeleteService 0000000076737184 5 bytes JMP 0000000173783ee9 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3980] C:\Windows\syswow64\ADVAPI32.dll!CryptEncrypt 00000000767377cb 5 bytes JMP 0000000173786c09 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3980] C:\Windows\syswow64\ADVAPI32.dll!ChangeServiceConfigA 00000000767533bc 5 bytes JMP 0000000173783f81 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3980] C:\Windows\syswow64\ADVAPI32.dll!ChangeServiceConfigW 00000000767533cc 5 bytes JMP 0000000173784019 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3980] C:\Windows\syswow64\ADVAPI32.dll!ControlServiceExA 00000000767533dc 5 bytes JMP 0000000173783d21 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3980] C:\Windows\syswow64\ADVAPI32.dll!ControlServiceExW 00000000767533ec 5 bytes JMP 0000000173783db9 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3980] C:\Windows\syswow64\ADVAPI32.dll!CreateServiceA 000000007675342c 5 bytes JMP 0000000173784279 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3980] C:\Windows\syswow64\SHELL32.dll!Shell_NotifyIconW 0000000075900179 5 bytes JMP 0000000173784d29 .text C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe[3652] C:\Windows\SYSTEM32\ntdll.dll!RtlEqualSid + 1 0000000077478731 11 bytes [B8, F9, 04, B6, 75, 00, 00, ...] .text C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe[3652] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateProcessParametersEx + 1 0000000077486761 7 bytes [B8, 39, 69, B5, 75, 00, 00] .text C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe[3652] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateProcessParametersEx + 10 000000007748676a 2 bytes [50, C3] .text C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe[3652] C:\Windows\SYSTEM32\ntdll.dll!NtClose 000000007749dca0 6 bytes [48, B8, 79, C2, B5, 75] .text C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe[3652] C:\Windows\SYSTEM32\ntdll.dll!NtClose + 8 000000007749dca8 4 bytes [00, 00, 50, C3] .text C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe[3652] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess 000000007749dd70 6 bytes [48, B8, 39, AF, B5, 75] .text C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe[3652] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess + 8 000000007749dd78 4 bytes [00, 00, 50, C3] .text C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe[3652] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationToken 000000007749ddc0 6 bytes [48, B8, 39, 03, B6, 75] .text C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe[3652] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationToken + 8 000000007749ddc8 4 bytes [00, 00, 50, C3] .text C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe[3652] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 000000007749de10 6 bytes [48, B8, F9, 32, B5, 75] .text C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe[3652] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess + 8 000000007749de18 4 bytes [00, 00, 50, C3] .text C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe[3652] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 000000007749de30 6 bytes [48, B8, 39, 1C, B5, 75] .text C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe[3652] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection + 8 000000007749de38 4 bytes [00, 00, 50, C3] .text C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe[3652] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection 000000007749de50 6 bytes [48, B8, F9, 1D, B5, 75] .text C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe[3652] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection + 8 000000007749de58 4 bytes [00, 00, 50, C3] .text C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe[3652] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000000007749de70 6 bytes [48, B8, 79, AD, B5, 75] .text C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe[3652] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess + 8 000000007749de78 4 bytes [00, 00, 50, C3] .text C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe[3652] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000000007749df50 6 bytes [48, B8, 79, 2F, B5, 75] .text C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe[3652] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory + 8 000000007749df58 4 bytes [00, 00, 50, C3] .text C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe[3652] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 000000007749df70 6 bytes [48, B8, 79, 36, B5, 75] .text C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe[3652] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject + 8 000000007749df78 4 bytes [00, 00, 50, C3] .text C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe[3652] C:\Windows\SYSTEM32\ntdll.dll!NtAdjustPrivilegesToken 000000007749dfc0 6 bytes [48, B8, 79, DE, B5, 75] .text C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe[3652] C:\Windows\SYSTEM32\ntdll.dll!NtAdjustPrivilegesToken + 8 000000007749dfc8 4 bytes [00, 00, 50, C3] .text C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe[3652] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 000000007749e000 6 bytes [48, B8, B9, 34, B5, 75] .text C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe[3652] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread + 8 000000007749e008 4 bytes [00, 00, 50, C3] .text C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe[3652] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcessEx 000000007749e080 6 bytes [48, B8, 39, 2A, B5, 75] .text C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe[3652] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcessEx + 8 000000007749e088 4 bytes [00, 00, 50, C3] .text C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe[3652] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 000000007749e090 6 bytes [48, B8, B9, 26, B5, 75] .text C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe[3652] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread + 8 000000007749e098 4 bytes [00, 00, 50, C3] .text C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe[3652] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 000000007749e100 6 bytes [48, B8, 39, E0, B5, 75] .text C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe[3652] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile + 8 000000007749e108 4 bytes [00, 00, 50, C3] .text C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe[3652] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcess 000000007749e5d0 6 bytes [48, B8, 79, 28, B5, 75] .text C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe[3652] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcess + 8 000000007749e5d8 4 bytes [00, 00, 50, C3] .text C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe[3652] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 000000007749e630 6 bytes [48, B8, F9, 24, B5, 75] .text C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe[3652] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx + 8 000000007749e638 4 bytes [00, 00, 50, C3] .text C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe[3652] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 000000007749e9a0 6 bytes [48, B8, 39, C4, B5, 75] .text C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe[3652] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver + 8 000000007749e9a8 4 bytes [00, 00, 50, C3] .text C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe[3652] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcessToken 000000007749eb70 6 bytes [48, B8, 79, 01, B6, 75] .text C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe[3652] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcessToken + 8 000000007749eb78 4 bytes [00, 00, 50, C3] .text C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe[3652] C:\Windows\SYSTEM32\ntdll.dll!NtRaiseHardError 000000007749eee0 6 bytes [48, B8, 79, 83, B5, 75] .text C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe[3652] C:\Windows\SYSTEM32\ntdll.dll!NtRaiseHardError + 8 000000007749eee8 4 bytes [00, 00, 50, C3] .text C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe[3652] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 000000007749f0e0 6 bytes [48, B8, 39, 31, B5, 75] .text C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe[3652] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread + 8 000000007749f0e8 4 bytes [00, 00, 50, C3] .text C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe[3652] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 000000007749f2a0 6 bytes [48, B8, F9, C5, B5, 75] .text C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe[3652] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation + 8 000000007749f2a8 4 bytes [00, 00, 50, C3] .text C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe[3652] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 000000007749f380 6 bytes [48, B8, 79, 3D, B5, 75] .text C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe[3652] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess + 8 000000007749f388 4 bytes [00, 00, 50, C3] .text C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe[3652] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 000000007749f390 6 bytes [48, B8, B9, 3B, B5, 75] .text C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe[3652] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread + 8 000000007749f398 4 bytes [00, 00, 50, C3] .text C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe[3652] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 000000007749f480 6 bytes [48, B8, 39, 0A, B6, 75] .text C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe[3652] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl + 8 000000007749f488 4 bytes [00, 00, 50, C3] .text C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe[3652] C:\Windows\SYSTEM32\ntdll.dll!RtlReportException + 1 000000007750ed21 11 bytes [B8, 39, 85, B5, 75, 00, 00, ...] .text C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe[3652] C:\Windows\system32\kernel32.dll!Process32NextW + 1 0000000077231b21 11 bytes [B8, B9, C0, B5, 75, 00, 00, ...] .text C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe[3652] C:\Windows\system32\kernel32.dll!CreateToolhelp32Snapshot 0000000077231c10 12 bytes [48, B8, F9, 39, B5, 75, 00, ...] .text C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe[3652] C:\Windows\system32\kernel32.dll!MoveFileExW + 1 0000000077232b61 8 bytes [B8, B9, D5, B5, 75, 00, 00, ...] .text C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe[3652] C:\Windows\system32\kernel32.dll!MoveFileExW + 10 0000000077232b6a 2 bytes [50, C3] .text C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe[3652] C:\Windows\system32\kernel32.dll!CreateProcessInternalW 000000007724dbc0 12 bytes [48, B8, B9, 2D, B5, 75, 00, ...] .text C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe[3652] C:\Windows\system32\kernel32.dll!GetStartupInfoA + 1 0000000077250941 11 bytes [B8, 79, 08, B6, 75, 00, 00, ...] .text C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe[3652] C:\Windows\system32\kernel32.dll!ReadConsoleInputW + 1 0000000077285321 11 bytes [B8, B9, 7A, B5, 75, 00, 00, ...] .text C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe[3652] C:\Windows\system32\kernel32.dll!ReadConsoleInputA + 1 0000000077285341 11 bytes [B8, 39, 77, B5, 75, 00, 00, ...] .text C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe[3652] C:\Windows\system32\kernel32.dll!ReadConsoleW 000000007729a650 12 bytes [48, B8, B9, 81, B5, 75, 00, ...] .text C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe[3652] C:\Windows\system32\kernel32.dll!ReadConsoleA 000000007729a760 12 bytes [48, B8, 39, 7E, B5, 75, 00, ...] .text C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe[3652] C:\Windows\system32\kernel32.dll!MoveFileWithProgressW + 1 00000000772bf501 11 bytes [B8, B9, DC, B5, 75, 00, 00, ...] .text C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe[3652] C:\Windows\system32\kernel32.dll!MoveFileWithProgressA + 1 00000000772bf701 11 bytes [B8, 39, D9, B5, 75, 00, 00, ...] .text C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe[3652] C:\Windows\system32\kernel32.dll!MoveFileExA + 1 00000000772bf731 8 bytes [B8, 39, D2, B5, 75, 00, 00, ...] .text C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe[3652] C:\Windows\system32\kernel32.dll!MoveFileExA + 10 00000000772bf73a 2 bytes [50, C3] .text C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe[3652] C:\Windows\system32\KERNELBASE.dll!CloseHandle + 1 000007fefd231861 11 bytes [B8, 79, 52, B5, 75, 00, 00, ...] .text C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe[3652] C:\Windows\system32\KERNELBASE.dll!GetProcAddress + 1 000007fefd2330f1 11 bytes [B8, 39, B6, B5, 75, 00, 00, ...] .text C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe[3652] C:\Windows\system32\KERNELBASE.dll!FindFirstFileExW 000007fefd235200 12 bytes [48, B8, B9, E3, B5, 75, 00, ...] .text C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe[3652] C:\Windows\system32\KERNELBASE.dll!FindNextFileW + 1 000007fefd235b91 11 bytes [B8, 79, E5, B5, 75, 00, 00, ...] .text C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe[3652] C:\Windows\system32\KERNELBASE.dll!CreateMutexW 000007fefd238c00 12 bytes [48, B8, B9, 50, B5, 75, 00, ...] .text C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe[3652] C:\Windows\system32\KERNELBASE.dll!CreateWellKnownSid + 1 000007fefd239531 11 bytes [B8, B9, FF, B5, 75, 00, 00, ...] .text C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe[3652] C:\Windows\system32\KERNELBASE.dll!DeviceIoControl + 1 000007fefd239e71 11 bytes [B8, F9, E1, B5, 75, 00, 00, ...] .text C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe[3652] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExA + 1 000007fefd23b591 11 bytes [B8, F9, B0, B5, 75, 00, 00, ...] .text C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe[3652] C:\Windows\system32\KERNELBASE.dll!OpenMutexW + 1 000007fefd242361 11 bytes [B8, F9, 4E, B5, 75, 00, 00, ...] .text C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe[3652] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd24a590 12 bytes [48, B8, B9, B2, B5, 75, 00, ...] .text C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe[3652] C:\Windows\system32\KERNELBASE.dll!FreeLibrary + 1 000007fefd24ac01 11 bytes [B8, 79, B4, B5, 75, 00, 00, ...] .text C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe[3652] C:\Windows\system32\KERNELBASE.dll!WriteProcessMemory 000007fefd2642e0 12 bytes [48, B8, B9, 42, B5, 75, 00, ...] .text C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe[3652] C:\Windows\system32\KERNELBASE.dll!DefineDosDeviceW + 1 000007fefd270ba1 11 bytes [B8, B9, CE, B5, 75, 00, 00, ...] .text C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe[3652] C:\Windows\system32\KERNELBASE.dll!CreateRemoteThread + 1 000007fefd272801 8 bytes [B8, 39, 23, B5, 75, 00, 00, ...] .text C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe[3652] C:\Windows\system32\KERNELBASE.dll!CreateRemoteThread + 10 000007fefd27280a 2 bytes [50, C3] .text C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe[3652] C:\Windows\system32\KERNELBASE.dll!CreateThread + 1 000007fefd272841 11 bytes [B8, F9, 40, B5, 75, 00, 00, ...] .text C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe[3652] C:\Windows\system32\ADVAPI32.dll!CryptExportKey + 1 000007fefe3fae81 11 bytes [B8, B9, F8, B5, 75, 00, 00, ...] .text C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe[3652] C:\Windows\system32\ADVAPI32.dll!CryptAcquireContextA + 1 000007fefe3faee1 11 bytes [B8, 39, E7, B5, 75, 00, 00, ...] .text C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe[3652] C:\Windows\system32\ADVAPI32.dll!CryptImportKey + 1 000007fefe3fe6e9 11 bytes [B8, F9, FD, B5, 75, 00, 00, ...] .text C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe[3652] C:\Windows\system32\ADVAPI32.dll!CryptAcquireContextW + 1 000007fefe40048d 11 bytes [B8, F9, E8, B5, 75, 00, 00, ...] .text C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe[3652] C:\Windows\system32\ADVAPI32.dll!CryptCreateHash + 1 000007fefe400579 11 bytes [B8, F9, F6, B5, 75, 00, 00, ...] .text C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe[3652] C:\Windows\system32\ADVAPI32.dll!CryptGetHashParam + 1 000007fefe4005b1 11 bytes [B8, 79, FA, B5, 75, 00, 00, ...] .text C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe[3652] C:\Windows\system32\ADVAPI32.dll!CryptGetHashParam + 73 000007fefe4005f9 5 bytes [B8, 39, FC, B5, 75] .text ... * 2 .text C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe[3652] C:\Windows\system32\ADVAPI32.dll!IsTextUnicode + 49 000007fefe414e21 11 bytes [B8, 39, 11, B6, 75, 00, 00, ...] .text C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe[3652] C:\Windows\system32\ADVAPI32.dll!CreateServiceW 000007fefe415538 12 bytes [48, B8, B9, 6C, B5, 75, 00, ...] .text C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe[3652] C:\Windows\system32\ADVAPI32.dll!CryptEncrypt + 1 000007fefe42b9c1 7 bytes [B8, 79, EC, B5, 75, 00, 00] .text C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe[3652] C:\Windows\system32\ADVAPI32.dll!CryptEncrypt + 10 000007fefe42b9ca 2 bytes [50, C3] .text C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe[3652] C:\Windows\system32\ADVAPI32.dll!CreateServiceA 000007fefe42ba4c 12 bytes [48, B8, F9, 6A, B5, 75, 00, ...] .text C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe[3652] C:\Windows\system32\ADVAPI32.dll!ChangeServiceConfigW 000007fefe42bbc0 12 bytes [48, B8, 79, 60, B5, 75, 00, ...] .text C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe[3652] C:\Windows\system32\ADVAPI32.dll!ChangeServiceConfigA 000007fefe42bc2c 12 bytes [48, B8, B9, 5E, B5, 75, 00, ...] .text C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe[3652] C:\Windows\SYSTEM32\sechost.dll!ControlService + 1 000007fefdc0642d 11 bytes [B8, 39, 5B, B5, 75, 00, 00, ...] .text C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe[3652] C:\Windows\SYSTEM32\sechost.dll!OpenServiceW 000007fefdc06484 12 bytes [48, B8, F9, 55, B5, 75, 00, ...] .text C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe[3652] C:\Windows\SYSTEM32\sechost.dll!CloseServiceHandle + 1 000007fefdc06519 11 bytes [B8, 39, 62, B5, 75, 00, 00, ...] .text C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe[3652] C:\Windows\SYSTEM32\sechost.dll!OpenServiceA 000007fefdc06c34 12 bytes [48, B8, 39, 54, B5, 75, 00, ...] .text C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe[3652] C:\Windows\SYSTEM32\sechost.dll!DeleteService + 1 000007fefdc07ab5 11 bytes [B8, F9, 5C, B5, 75, 00, 00, ...] .text C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe[3652] C:\Windows\SYSTEM32\sechost.dll!ControlServiceExA + 1 000007fefdc08b01 11 bytes [B8, B9, 57, B5, 75, 00, 00, ...] .text C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe[3652] C:\Windows\SYSTEM32\sechost.dll!ControlServiceExW + 1 000007fefdc08c39 11 bytes [B8, 79, 59, B5, 75, 00, 00, ...] .text C:\Program Files\Bitdefender\Bitdefender 2015\bdwtxag.exe[3660] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000000007749de70 6 bytes [48, B8, F0, 12, 2C, 02] .text C:\Program Files\Bitdefender\Bitdefender 2015\bdwtxag.exe[3660] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess + 8 000000007749de78 4 bytes [00, 00, 50, C3] .text C:\Program Files\Bitdefender\Bitdefender 2015\bdwtxag.exe[3660] C:\Windows\system32\kernel32.dll!UnhandledExceptionFilter + 1 00000000772cb851 11 bytes [B8, F0, 12, 48, 02, 00, 00, ...] .text C:\Programy\Modecom GMX1\Monitor.EXE[3604] C:\Windows\SysWOW64\ntdll.dll!NtReadFile 000000007764f93c 5 bytes JMP 0000000173787291 .text C:\Programy\Modecom GMX1\Monitor.EXE[3604] C:\Windows\SysWOW64\ntdll.dll!NtClose 000000007764fa2c 5 bytes JMP 00000001737867e1 .text C:\Programy\Modecom GMX1\Monitor.EXE[3604] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationProcess 000000007764fb74 5 bytes JMP 00000001737861f1 .text C:\Programy\Modecom GMX1\Monitor.EXE[3604] C:\Windows\SysWOW64\ntdll.dll!NtQueryInformationToken 000000007764fbf4 5 bytes JMP 0000000173787dd9 .text C:\Programy\Modecom GMX1\Monitor.EXE[3604] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess 000000007764fc6c 5 bytes JMP 00000001737831d9 .text C:\Programy\Modecom GMX1\Monitor.EXE[3604] C:\Windows\SysWOW64\ntdll.dll!NtMapViewOfSection 000000007764fc9c 5 bytes JMP 00000001737815f1 .text C:\Programy\Modecom GMX1\Monitor.EXE[3604] C:\Windows\SysWOW64\ntdll.dll!NtUnmapViewOfSection 000000007764fccc 5 bytes JMP 0000000173781689 .text C:\Programy\Modecom GMX1\Monitor.EXE[3604] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 000000007764fcfc 5 bytes JMP 0000000173786159 .text C:\Programy\Modecom GMX1\Monitor.EXE[3604] C:\Windows\SysWOW64\ntdll.dll!NtWriteVirtualMemory 000000007764fe60 5 bytes JMP 00000001737830a9 .text C:\Programy\Modecom GMX1\Monitor.EXE[3604] C:\Windows\SysWOW64\ntdll.dll!NtDuplicateObject 000000007764fe90 5 bytes JMP 0000000173783309 .text C:\Programy\Modecom GMX1\Monitor.EXE[3604] C:\Windows\SysWOW64\ntdll.dll!NtAdjustPrivilegesToken 000000007764ff0c 5 bytes JMP 0000000173787161 .text C:\Programy\Modecom GMX1\Monitor.EXE[3604] C:\Windows\SysWOW64\ntdll.dll!NtQueueApcThread 000000007764ff70 5 bytes JMP 0000000173783271 .text C:\Programy\Modecom GMX1\Monitor.EXE[3604] C:\Windows\SysWOW64\ntdll.dll!NtCreateProcessEx 0000000077650038 5 bytes JMP 0000000173782ee1 .text C:\Programy\Modecom GMX1\Monitor.EXE[3604] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread 0000000077650050 5 bytes JMP 0000000173782db1 .text C:\Programy\Modecom GMX1\Monitor.EXE[3604] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile 0000000077650100 5 bytes JMP 0000000173781ed9 .text C:\Programy\Modecom GMX1\Monitor.EXE[3604] C:\Windows\SysWOW64\ntdll.dll!NtSetValueKey 0000000077650210 5 bytes JMP 0000000173782301 .text C:\Programy\Modecom GMX1\Monitor.EXE[3604] C:\Windows\SysWOW64\ntdll.dll!NtCreateProcess 0000000077650860 5 bytes JMP 0000000173782e49 .text C:\Programy\Modecom GMX1\Monitor.EXE[3604] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx 00000000776508f0 5 bytes JMP 0000000173782d19 .text C:\Programy\Modecom GMX1\Monitor.EXE[3604] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver 0000000077650e40 5 bytes JMP 0000000173786879 .text C:\Programy\Modecom GMX1\Monitor.EXE[3604] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessToken 000000007765110c 5 bytes JMP 0000000173787d41 .text C:\Programy\Modecom GMX1\Monitor.EXE[3604] C:\Windows\SysWOW64\ntdll.dll!NtRaiseHardError 0000000077651650 5 bytes JMP 0000000173784ac9 .text C:\Programy\Modecom GMX1\Monitor.EXE[3604] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread 000000007765196c 5 bytes JMP 0000000173783141 .text C:\Programy\Modecom GMX1\Monitor.EXE[3604] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation 0000000077651c30 5 bytes JMP 0000000173786911 .text C:\Programy\Modecom GMX1\Monitor.EXE[3604] C:\Windows\SysWOW64\ntdll.dll!NtSuspendProcess 0000000077651da0 5 bytes JMP 0000000173783439 .text C:\Programy\Modecom GMX1\Monitor.EXE[3604] C:\Windows\SysWOW64\ntdll.dll!NtSuspendThread 0000000077651dbc 5 bytes JMP 00000001737833a1 .text C:\Programy\Modecom GMX1\Monitor.EXE[3604] C:\Windows\SysWOW64\ntdll.dll!NtVdmControl 0000000077651f34 5 bytes JMP 0000000173787f09 .text C:\Programy\Modecom GMX1\Monitor.EXE[3604] C:\Windows\SysWOW64\ntdll.dll!RtlQueryPerformanceCounter 0000000077664964 5 bytes JMP 0000000173781ab1 .text C:\Programy\Modecom GMX1\Monitor.EXE[3604] C:\Windows\SysWOW64\ntdll.dll!RtlEqualSid 0000000077670fe1 5 bytes JMP 0000000173787e71 .text C:\Programy\Modecom GMX1\Monitor.EXE[3604] C:\Windows\SysWOW64\ntdll.dll!RtlCreateProcessParametersEx 0000000077690f4b 5 bytes JMP 0000000173782009 .text C:\Programy\Modecom GMX1\Monitor.EXE[3604] C:\Windows\SysWOW64\ntdll.dll!RtlReportException 00000000776d88cf 5 bytes JMP 0000000173784b61 .text C:\Programy\Modecom GMX1\Monitor.EXE[3604] C:\Windows\SysWOW64\ntdll.dll!RtlCreateProcessParameters 00000000776deb6b 5 bytes JMP 0000000173781f71 .text C:\Programy\Modecom GMX1\Monitor.EXE[3604] C:\Windows\syswow64\kernel32.dll!GetStartupInfoA 0000000075440e00 5 bytes JMP 0000000173781da9 .text C:\Programy\Modecom GMX1\Monitor.EXE[3604] C:\Windows\syswow64\kernel32.dll!CreateProcessA 0000000075441072 5 bytes JMP 0000000173782a21 .text C:\Programy\Modecom GMX1\Monitor.EXE[3604] C:\Windows\syswow64\kernel32.dll!LoadLibraryA 000000007544498f 5 bytes JMP 00000001737825f9 .text C:\Programy\Modecom GMX1\Monitor.EXE[3604] C:\Windows\syswow64\kernel32.dll!CreateProcessInternalW 0000000075453bab 5 bytes JMP 0000000173783011 .text C:\Programy\Modecom GMX1\Monitor.EXE[3604] C:\Windows\syswow64\kernel32.dll!MoveFileWithProgressW 0000000075459aa4 5 bytes JMP 00000001737870c9 .text C:\Programy\Modecom GMX1\Monitor.EXE[3604] C:\Windows\syswow64\kernel32.dll!MoveFileExW 0000000075459b05 5 bytes JMP 0000000173786e69 .text C:\Programy\Modecom GMX1\Monitor.EXE[3604] C:\Windows\syswow64\kernel32.dll!CreateToolhelp32Snapshot 0000000075467327 5 bytes JMP 0000000173782729 .text C:\Programy\Modecom GMX1\Monitor.EXE[3604] C:\Windows\syswow64\kernel32.dll!Process32NextW 00000000754688da 5 bytes JMP 0000000173786749 .text C:\Programy\Modecom GMX1\Monitor.EXE[3604] C:\Windows\syswow64\kernel32.dll!MoveFileExA 000000007546ccb1 5 bytes JMP 0000000173786d39 .text C:\Programy\Modecom GMX1\Monitor.EXE[3604] C:\Windows\syswow64\kernel32.dll!MoveFileWithProgressA 000000007546ccd1 5 bytes JMP 0000000173786f99 .text C:\Programy\Modecom GMX1\Monitor.EXE[3604] C:\Windows\syswow64\kernel32.dll!WinExec 00000000754c3051 5 bytes JMP 00000001737828f1 .text C:\Programy\Modecom GMX1\Monitor.EXE[3604] C:\Windows\syswow64\kernel32.dll!ReadConsoleInputA 00000000754e751b 5 bytes JMP 00000001737846a1 .text C:\Programy\Modecom GMX1\Monitor.EXE[3604] C:\Windows\syswow64\kernel32.dll!ReadConsoleInputW 00000000754e753e 5 bytes JMP 00000001737847d1 .text C:\Programy\Modecom GMX1\Monitor.EXE[3604] C:\Windows\syswow64\kernel32.dll!ReadConsoleA 00000000754e78e9 5 bytes JMP 0000000173784901 .text C:\Programy\Modecom GMX1\Monitor.EXE[3604] C:\Windows\syswow64\kernel32.dll!ReadConsoleW 00000000754e7962 5 bytes JMP 0000000173784a31 .text C:\Programy\Modecom GMX1\Monitor.EXE[3604] C:\Windows\syswow64\KERNELBASE.dll!GetSystemTimeAsFileTime 0000000077018f8d 5 bytes JMP 0000000173781a19 .text C:\Programy\Modecom GMX1\Monitor.EXE[3604] C:\Windows\syswow64\KERNELBASE.dll!CloseHandle 000000007701c436 5 bytes JMP 0000000173783b59 .text C:\Programy\Modecom GMX1\Monitor.EXE[3604] C:\Windows\syswow64\KERNELBASE.dll!DeviceIoControl 000000007701d0af 5 bytes JMP 00000001737871f9 .text C:\Programy\Modecom GMX1\Monitor.EXE[3604] C:\Windows\syswow64\KERNELBASE.dll!WriteProcessMemory 000000007701eca6 5 bytes JMP 0000000173783601 .text C:\Programy\Modecom GMX1\Monitor.EXE[3604] C:\Windows\syswow64\KERNELBASE.dll!ExitProcess 000000007701f206 5 bytes JMP 0000000173782399 .text C:\Programy\Modecom GMX1\Monitor.EXE[3604] C:\Windows\syswow64\KERNELBASE.dll!GetStartupInfoW 000000007701fa89 5 bytes JMP 0000000173781e41 .text C:\Programy\Modecom GMX1\Monitor.EXE[3604] C:\Windows\syswow64\KERNELBASE.dll!DefineDosDeviceW 000000007701fbb7 5 bytes JMP 0000000173786c09 .text C:\Programy\Modecom GMX1\Monitor.EXE[3604] C:\Windows\syswow64\KERNELBASE.dll!CreateMutexW 0000000077021358 5 bytes JMP 0000000173783ac1 .text C:\Programy\Modecom GMX1\Monitor.EXE[3604] C:\Windows\syswow64\KERNELBASE.dll!OpenMutexW 000000007702137f 5 bytes JMP 0000000173783a29 .text C:\Programy\Modecom GMX1\Monitor.EXE[3604] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000077021d29 5 bytes JMP 0000000173781981 .text C:\Programy\Modecom GMX1\Monitor.EXE[3604] C:\Windows\syswow64\KERNELBASE.dll!GetProcAddress 0000000077021e15 5 bytes JMP 00000001737824c9 .text C:\Programy\Modecom GMX1\Monitor.EXE[3604] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000077022ab1 5 bytes JMP 0000000173786321 .text C:\Programy\Modecom GMX1\Monitor.EXE[3604] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExA 0000000077022cd9 5 bytes JMP 0000000173786289 .text C:\Programy\Modecom GMX1\Monitor.EXE[3604] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000077022d17 5 bytes JMP 00000001737863b9 .text C:\Programy\Modecom GMX1\Monitor.EXE[3604] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleA 0000000077022e7a 5 bytes JMP 00000001737818e9 .text C:\Programy\Modecom GMX1\Monitor.EXE[3604] C:\Windows\syswow64\KERNELBASE.dll!SleepEx 0000000077023b70 5 bytes JMP 0000000173782269 .text C:\Programy\Modecom GMX1\Monitor.EXE[3604] C:\Windows\syswow64\KERNELBASE.dll!Sleep 0000000077024496 5 bytes JMP 0000000173782431 .text C:\Programy\Modecom GMX1\Monitor.EXE[3604] C:\Windows\syswow64\KERNELBASE.dll!CreateThread 0000000077024608 5 bytes JMP 0000000173783569 .text C:\Programy\Modecom GMX1\Monitor.EXE[3604] C:\Windows\syswow64\KERNELBASE.dll!CreateRemoteThread 0000000077024631 5 bytes JMP 0000000173782c81 .text C:\Programy\Modecom GMX1\Monitor.EXE[3604] C:\Windows\syswow64\KERNELBASE.dll!FindNextFileW 000000007702a211 5 bytes JMP 00000001737873c1 .text C:\Programy\Modecom GMX1\Monitor.EXE[3604] C:\Windows\syswow64\KERNELBASE.dll!FindFirstFileExW 000000007702a4fa 5 bytes JMP 0000000173787329 .text C:\Programy\Modecom GMX1\Monitor.EXE[3604] C:\Windows\syswow64\KERNELBASE.dll!CreateFileA 000000007702c734 5 bytes JMP 00000001737827c1 .text C:\Programy\Modecom GMX1\Monitor.EXE[3604] C:\Windows\syswow64\KERNELBASE.dll!CreateWellKnownSid 000000007702e29d 5 bytes JMP 0000000173787ca9 .text C:\Programy\Modecom GMX1\Monitor.EXE[3604] C:\Windows\syswow64\USER32.dll!GetMessageW 00000000771478e2 5 bytes JMP 0000000173784441 .text C:\Programy\Modecom GMX1\Monitor.EXE[3604] C:\Windows\syswow64\USER32.dll!GetMessageA 0000000077147bd3 5 bytes JMP 00000001737843a9 .text C:\Programy\Modecom GMX1\Monitor.EXE[3604] C:\Windows\syswow64\USER32.dll!CreateWindowExW 0000000077148a29 5 bytes JMP 0000000173785909 .text C:\Programy\Modecom GMX1\Monitor.EXE[3604] C:\Windows\syswow64\USER32.dll!FindWindowW 00000000771498fd 5 bytes JMP 0000000173786581 .text C:\Programy\Modecom GMX1\Monitor.EXE[3604] C:\Windows\syswow64\USER32.dll!UserClientDllInitialize 000000007714b6ed 5 bytes JMP 00000001737880d1 .text C:\Programy\Modecom GMX1\Monitor.EXE[3604] C:\Windows\syswow64\USER32.dll!CreateWindowExA 000000007714d22e 5 bytes JMP 00000001737859a1 .text C:\Programy\Modecom GMX1\Monitor.EXE[3604] C:\Windows\syswow64\USER32.dll!SetWinEventHook 000000007714ee09 5 bytes JMP 00000001737834d1 .text C:\Programy\Modecom GMX1\Monitor.EXE[3604] C:\Windows\syswow64\USER32.dll!FindWindowA 000000007714ffe6 5 bytes JMP 0000000173786451 .text C:\Programy\Modecom GMX1\Monitor.EXE[3604] C:\Windows\syswow64\USER32.dll!FindWindowExA 00000000771500d9 5 bytes JMP 00000001737864e9 .text C:\Programy\Modecom GMX1\Monitor.EXE[3604] C:\Windows\syswow64\USER32.dll!PeekMessageW 00000000771505ba 5 bytes JMP 0000000173784571 .text C:\Programy\Modecom GMX1\Monitor.EXE[3604] C:\Windows\syswow64\USER32.dll!ShowWindow 0000000077150dfb 5 bytes JMP 0000000173785a39 .text C:\Programy\Modecom GMX1\Monitor.EXE[3604] C:\Windows\syswow64\USER32.dll!PostMessageW 00000000771512a5 5 bytes JMP 0000000173788039 .text C:\Programy\Modecom GMX1\Monitor.EXE[3604] C:\Windows\syswow64\USER32.dll!SetWindowTextW 00000000771520ec 5 bytes JMP 0000000173785dc9 .text C:\Programy\Modecom GMX1\Monitor.EXE[3604] C:\Windows\syswow64\USER32.dll!PostMessageA 0000000077153baa 5 bytes JMP 0000000173787fa1 .text C:\Programy\Modecom GMX1\Monitor.EXE[3604] C:\Windows\syswow64\USER32.dll!PeekMessageA 0000000077155f74 5 bytes JMP 00000001737844d9 .text C:\Programy\Modecom GMX1\Monitor.EXE[3604] C:\Windows\syswow64\USER32.dll!CallNextHookEx 0000000077156285 5 bytes JMP 0000000173784bf9 .text C:\Programy\Modecom GMX1\Monitor.EXE[3604] C:\Windows\syswow64\USER32.dll!SetWindowsHookExW 0000000077157603 5 bytes JMP 0000000173782be9 .text C:\Programy\Modecom GMX1\Monitor.EXE[3604] C:\Windows\syswow64\USER32.dll!SetWindowTextA 0000000077157aee 5 bytes JMP 0000000173785d31 .text C:\Programy\Modecom GMX1\Monitor.EXE[3604] C:\Windows\syswow64\USER32.dll!SetWindowsHookExA 000000007715835c 5 bytes JMP 0000000173782b51 .text C:\Programy\Modecom GMX1\Monitor.EXE[3604] C:\Windows\syswow64\USER32.dll!DialogBoxIndirectParamAorW 000000007716ce54 5 bytes JMP 0000000173785b69 .text C:\Programy\Modecom GMX1\Monitor.EXE[3604] C:\Windows\syswow64\USER32.dll!UnhookWindowsHookEx 000000007716f52b 5 bytes JMP 0000000173784c91 .text C:\Programy\Modecom GMX1\Monitor.EXE[3604] C:\Windows\syswow64\USER32.dll!FindWindowExW 000000007716f588 5 bytes JMP 0000000173786619 .text C:\Programy\Modecom GMX1\Monitor.EXE[3604] C:\Windows\syswow64\USER32.dll!CreateDialogIndirectParamAorW 00000000771710a0 5 bytes JMP 0000000173785ad1 .text C:\Programy\Modecom GMX1\Monitor.EXE[3604] C:\Windows\syswow64\USER32.dll!MessageBoxExA 000000007719fcd6 5 bytes JMP 0000000173785c01 .text C:\Programy\Modecom GMX1\Monitor.EXE[3604] C:\Windows\syswow64\USER32.dll!MessageBoxExW 000000007719fcfa 5 bytes JMP 0000000173785c99 .text C:\Programy\Modecom GMX1\Monitor.EXE[3604] C:\Windows\syswow64\msvcrt.dll!_lock + 41 000000007504a472 5 bytes JMP 0000000173788169 .text C:\Programy\Modecom GMX1\Monitor.EXE[3604] C:\Windows\syswow64\msvcrt.dll!__p__fmode 00000000750527ce 5 bytes JMP 0000000173781be1 .text C:\Programy\Modecom GMX1\Monitor.EXE[3604] C:\Windows\syswow64\msvcrt.dll!__p__environ 000000007505e6cf 5 bytes JMP 0000000173781b49 .text C:\Programy\Modecom GMX1\Monitor.EXE[3604] C:\Windows\syswow64\ADVAPI32.dll!CryptGenKey 0000000076718e89 5 bytes JMP 0000000173787589 .text C:\Programy\Modecom GMX1\Monitor.EXE[3604] C:\Windows\syswow64\ADVAPI32.dll!CryptAcquireContextA 0000000076719179 5 bytes JMP 0000000173787459 .text C:\Programy\Modecom GMX1\Monitor.EXE[3604] C:\Windows\syswow64\ADVAPI32.dll!CryptExportKey 0000000076719186 5 bytes JMP 0000000173787a49 .text C:\Programy\Modecom GMX1\Monitor.EXE[3604] C:\Windows\syswow64\ADVAPI32.dll!CryptImportKey 000000007671c4d2 5 bytes JMP 0000000173787c11 .text C:\Programy\Modecom GMX1\Monitor.EXE[3604] C:\Windows\syswow64\ADVAPI32.dll!OpenServiceW 000000007671c9ec 5 bytes JMP 0000000173783c89 .text C:\Programy\Modecom GMX1\Monitor.EXE[3604] C:\Windows\syswow64\ADVAPI32.dll!CryptAcquireContextW 000000007671deb4 5 bytes JMP 00000001737874f1 .text C:\Programy\Modecom GMX1\Monitor.EXE[3604] C:\Windows\syswow64\ADVAPI32.dll!CryptHashData 000000007671ded6 5 bytes JMP 0000000173787b79 .text C:\Programy\Modecom GMX1\Monitor.EXE[3604] C:\Windows\syswow64\ADVAPI32.dll!CryptCreateHash 000000007671deee 5 bytes JMP 00000001737879b1 .text C:\Programy\Modecom GMX1\Monitor.EXE[3604] C:\Windows\syswow64\ADVAPI32.dll!CryptGetHashParam 000000007671df1e 5 bytes JMP 0000000173787ae1 .text C:\Programy\Modecom GMX1\Monitor.EXE[3604] C:\Windows\syswow64\ADVAPI32.dll!OpenServiceA 0000000076722b50 5 bytes JMP 0000000173783bf1 .text C:\Programy\Modecom GMX1\Monitor.EXE[3604] C:\Windows\syswow64\ADVAPI32.dll!CloseServiceHandle 00000000767235fc 5 bytes JMP 00000001737840b1 .text C:\Programy\Modecom GMX1\Monitor.EXE[3604] C:\Windows\syswow64\ADVAPI32.dll!RegOpenKeyExA + 222 000000007672494d 5 bytes JMP 0000000173788201 .text C:\Programy\Modecom GMX1\Monitor.EXE[3604] C:\Windows\syswow64\ADVAPI32.dll!CreateServiceW 0000000076737154 5 bytes JMP 0000000173784311 .text C:\Programy\Modecom GMX1\Monitor.EXE[3604] C:\Windows\syswow64\ADVAPI32.dll!ControlService 000000007673716c 5 bytes JMP 0000000173783e51 .text C:\Programy\Modecom GMX1\Monitor.EXE[3604] C:\Windows\syswow64\ADVAPI32.dll!DeleteService 0000000076737184 5 bytes JMP 0000000173783ee9 .text C:\Programy\Modecom GMX1\Monitor.EXE[3604] C:\Windows\syswow64\ADVAPI32.dll!CryptEncrypt 00000000767377cb 5 bytes JMP 0000000173787621 .text C:\Programy\Modecom GMX1\Monitor.EXE[3604] C:\Windows\syswow64\ADVAPI32.dll!ChangeServiceConfigA 00000000767533bc 5 bytes JMP 0000000173783f81 .text C:\Programy\Modecom GMX1\Monitor.EXE[3604] C:\Windows\syswow64\ADVAPI32.dll!ChangeServiceConfigW 00000000767533cc 5 bytes JMP 0000000173784019 .text C:\Programy\Modecom GMX1\Monitor.EXE[3604] C:\Windows\syswow64\ADVAPI32.dll!ControlServiceExA 00000000767533dc 5 bytes JMP 0000000173783d21 .text C:\Programy\Modecom GMX1\Monitor.EXE[3604] C:\Windows\syswow64\ADVAPI32.dll!ControlServiceExW 00000000767533ec 5 bytes JMP 0000000173783db9 .text C:\Programy\Modecom GMX1\Monitor.EXE[3604] C:\Windows\syswow64\ADVAPI32.dll!CreateServiceA 000000007675342c 5 bytes JMP 0000000173784279 .text C:\Programy\Modecom GMX1\Monitor.EXE[3604] C:\Windows\syswow64\SHELL32.dll!Shell_NotifyIconW 0000000075900179 5 bytes JMP 0000000173784d29 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4140] C:\Windows\SYSTEM32\ntdll.dll!RtlEqualSid + 1 0000000077478731 11 bytes [B8, F9, 04, B6, 75, 00, 00, ...] .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4140] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateProcessParametersEx + 1 0000000077486761 7 bytes [B8, 39, 69, B5, 75, 00, 00] .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4140] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateProcessParametersEx + 10 000000007748676a 2 bytes [50, C3] .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4140] C:\Windows\SYSTEM32\ntdll.dll!NtClose 000000007749dca0 6 bytes [48, B8, 79, C2, B5, 75] .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4140] C:\Windows\SYSTEM32\ntdll.dll!NtClose + 8 000000007749dca8 4 bytes [00, 00, 50, C3] .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4140] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess 000000007749dd70 6 bytes [48, B8, 39, AF, B5, 75] .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4140] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess + 8 000000007749dd78 4 bytes [00, 00, 50, C3] .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4140] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationToken 000000007749ddc0 6 bytes [48, B8, 39, 03, B6, 75] .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4140] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationToken + 8 000000007749ddc8 4 bytes [00, 00, 50, C3] .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4140] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 000000007749de10 6 bytes [48, B8, F9, 32, B5, 75] .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4140] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess + 8 000000007749de18 4 bytes [00, 00, 50, C3] .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4140] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 000000007749de30 6 bytes [48, B8, 39, 1C, B5, 75] .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4140] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection + 8 000000007749de38 4 bytes [00, 00, 50, C3] .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4140] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection 000000007749de50 6 bytes [48, B8, F9, 1D, B5, 75] .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4140] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection + 8 000000007749de58 4 bytes [00, 00, 50, C3] .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4140] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000000007749de70 6 bytes [48, B8, 79, AD, B5, 75] .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4140] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess + 8 000000007749de78 4 bytes [00, 00, 50, C3] .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4140] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000000007749df50 6 bytes [48, B8, 79, 2F, B5, 75] .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4140] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory + 8 000000007749df58 4 bytes [00, 00, 50, C3] .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4140] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 000000007749df70 6 bytes [48, B8, 79, 36, B5, 75] .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4140] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject + 8 000000007749df78 4 bytes [00, 00, 50, C3] .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4140] C:\Windows\SYSTEM32\ntdll.dll!NtAdjustPrivilegesToken 000000007749dfc0 6 bytes [48, B8, 79, DE, B5, 75] .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4140] C:\Windows\SYSTEM32\ntdll.dll!NtAdjustPrivilegesToken + 8 000000007749dfc8 4 bytes [00, 00, 50, C3] .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4140] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 000000007749e000 6 bytes [48, B8, B9, 34, B5, 75] .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4140] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread + 8 000000007749e008 4 bytes [00, 00, 50, C3] .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4140] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcessEx 000000007749e080 6 bytes [48, B8, 39, 2A, B5, 75] .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4140] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcessEx + 8 000000007749e088 4 bytes [00, 00, 50, C3] .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4140] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 000000007749e090 6 bytes [48, B8, B9, 26, B5, 75] .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4140] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread + 8 000000007749e098 4 bytes [00, 00, 50, C3] .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4140] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 000000007749e100 6 bytes [48, B8, 39, E0, B5, 75] .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4140] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile + 8 000000007749e108 4 bytes [00, 00, 50, C3] .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4140] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcess 000000007749e5d0 6 bytes [48, B8, 79, 28, B5, 75] .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4140] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcess + 8 000000007749e5d8 4 bytes [00, 00, 50, C3] .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4140] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 000000007749e630 6 bytes [48, B8, F9, 24, B5, 75] .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4140] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx + 8 000000007749e638 4 bytes [00, 00, 50, C3] .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4140] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 000000007749e9a0 6 bytes [48, B8, 39, C4, B5, 75] .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4140] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver + 8 000000007749e9a8 4 bytes [00, 00, 50, C3] .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4140] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcessToken 000000007749eb70 6 bytes [48, B8, 79, 01, B6, 75] .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4140] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcessToken + 8 000000007749eb78 4 bytes [00, 00, 50, C3] .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4140] C:\Windows\SYSTEM32\ntdll.dll!NtRaiseHardError 000000007749eee0 6 bytes [48, B8, 79, 83, B5, 75] .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4140] C:\Windows\SYSTEM32\ntdll.dll!NtRaiseHardError + 8 000000007749eee8 4 bytes [00, 00, 50, C3] .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4140] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 000000007749f0e0 6 bytes [48, B8, 39, 31, B5, 75] .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4140] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread + 8 000000007749f0e8 4 bytes [00, 00, 50, C3] .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4140] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 000000007749f2a0 6 bytes [48, B8, F9, C5, B5, 75] .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4140] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation + 8 000000007749f2a8 4 bytes [00, 00, 50, C3] .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4140] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 000000007749f380 6 bytes [48, B8, 79, 3D, B5, 75] .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4140] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess + 8 000000007749f388 4 bytes [00, 00, 50, C3] .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4140] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 000000007749f390 6 bytes [48, B8, B9, 3B, B5, 75] .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4140] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread + 8 000000007749f398 4 bytes [00, 00, 50, C3] .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4140] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 000000007749f480 6 bytes [48, B8, 39, 0A, B6, 75] .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4140] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl + 8 000000007749f488 4 bytes [00, 00, 50, C3] .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4140] C:\Windows\SYSTEM32\ntdll.dll!RtlReportException + 1 000000007750ed21 11 bytes [B8, 39, 85, B5, 75, 00, 00, ...] .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4140] C:\Windows\system32\kernel32.dll!Process32NextW + 1 0000000077231b21 11 bytes [B8, B9, C0, B5, 75, 00, 00, ...] .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4140] C:\Windows\system32\kernel32.dll!CreateToolhelp32Snapshot 0000000077231c10 12 bytes [48, B8, F9, 39, B5, 75, 00, ...] .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4140] C:\Windows\system32\kernel32.dll!MoveFileExW + 1 0000000077232b61 8 bytes [B8, B9, D5, B5, 75, 00, 00, ...] .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4140] C:\Windows\system32\kernel32.dll!MoveFileExW + 10 0000000077232b6a 2 bytes [50, C3] .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4140] C:\Windows\system32\kernel32.dll!CreateProcessInternalW 000000007724dbc0 12 bytes [48, B8, B9, 2D, B5, 75, 00, ...] .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4140] C:\Windows\system32\kernel32.dll!GetStartupInfoA + 1 0000000077250941 11 bytes [B8, 79, 08, B6, 75, 00, 00, ...] .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4140] C:\Windows\system32\kernel32.dll!ReadConsoleInputW + 1 0000000077285321 11 bytes [B8, B9, 7A, B5, 75, 00, 00, ...] .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4140] C:\Windows\system32\kernel32.dll!ReadConsoleInputA + 1 0000000077285341 11 bytes [B8, 39, 77, B5, 75, 00, 00, ...] .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4140] C:\Windows\system32\kernel32.dll!ReadConsoleW 000000007729a650 12 bytes [48, B8, B9, 81, B5, 75, 00, ...] .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4140] C:\Windows\system32\kernel32.dll!ReadConsoleA 000000007729a760 12 bytes [48, B8, 39, 7E, B5, 75, 00, ...] .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4140] C:\Windows\system32\kernel32.dll!MoveFileWithProgressW + 1 00000000772bf501 11 bytes [B8, B9, DC, B5, 75, 00, 00, ...] .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4140] C:\Windows\system32\kernel32.dll!MoveFileWithProgressA + 1 00000000772bf701 11 bytes [B8, 39, D9, B5, 75, 00, 00, ...] .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4140] C:\Windows\system32\kernel32.dll!MoveFileExA + 1 00000000772bf731 8 bytes [B8, 39, D2, B5, 75, 00, 00, ...] .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4140] C:\Windows\system32\kernel32.dll!MoveFileExA + 10 00000000772bf73a 2 bytes [50, C3] .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4140] C:\Windows\system32\KERNELBASE.dll!CloseHandle + 1 000007fefd231861 11 bytes [B8, 79, 52, B5, 75, 00, 00, ...] .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4140] C:\Windows\system32\KERNELBASE.dll!GetProcAddress + 1 000007fefd2330f1 11 bytes [B8, 39, B6, B5, 75, 00, 00, ...] .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4140] C:\Windows\system32\KERNELBASE.dll!FindFirstFileExW 000007fefd235200 12 bytes [48, B8, B9, E3, B5, 75, 00, ...] .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4140] C:\Windows\system32\KERNELBASE.dll!FindNextFileW + 1 000007fefd235b91 11 bytes [B8, 79, E5, B5, 75, 00, 00, ...] .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4140] C:\Windows\system32\KERNELBASE.dll!CreateMutexW 000007fefd238c00 12 bytes [48, B8, B9, 50, B5, 75, 00, ...] .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4140] C:\Windows\system32\KERNELBASE.dll!CreateWellKnownSid + 1 000007fefd239531 11 bytes [B8, B9, FF, B5, 75, 00, 00, ...] .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4140] C:\Windows\system32\KERNELBASE.dll!DeviceIoControl + 1 000007fefd239e71 11 bytes [B8, F9, E1, B5, 75, 00, 00, ...] .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4140] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExA + 1 000007fefd23b591 11 bytes [B8, F9, B0, B5, 75, 00, 00, ...] .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4140] C:\Windows\system32\KERNELBASE.dll!OpenMutexW + 1 000007fefd242361 11 bytes [B8, F9, 4E, B5, 75, 00, 00, ...] .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4140] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd24a590 12 bytes [48, B8, B9, B2, B5, 75, 00, ...] .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4140] C:\Windows\system32\KERNELBASE.dll!FreeLibrary + 1 000007fefd24ac01 11 bytes [B8, 79, B4, B5, 75, 00, 00, ...] .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4140] C:\Windows\system32\KERNELBASE.dll!WriteProcessMemory 000007fefd2642e0 12 bytes [48, B8, B9, 42, B5, 75, 00, ...] .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4140] C:\Windows\system32\KERNELBASE.dll!DefineDosDeviceW + 1 000007fefd270ba1 11 bytes [B8, B9, CE, B5, 75, 00, 00, ...] .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4140] C:\Windows\system32\KERNELBASE.dll!CreateRemoteThread + 1 000007fefd272801 8 bytes [B8, 39, 23, B5, 75, 00, 00, ...] .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4140] C:\Windows\system32\KERNELBASE.dll!CreateRemoteThread + 10 000007fefd27280a 2 bytes [50, C3] .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4140] C:\Windows\system32\KERNELBASE.dll!CreateThread + 1 000007fefd272841 11 bytes [B8, F9, 40, B5, 75, 00, 00, ...] .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4140] C:\Windows\system32\ADVAPI32.dll!CryptExportKey + 1 000007fefe3fae81 11 bytes [B8, B9, F8, B5, 75, 00, 00, ...] .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4140] C:\Windows\system32\ADVAPI32.dll!CryptAcquireContextA + 1 000007fefe3faee1 11 bytes [B8, 39, E7, B5, 75, 00, 00, ...] .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4140] C:\Windows\system32\ADVAPI32.dll!CryptImportKey + 1 000007fefe3fe6e9 11 bytes [B8, F9, FD, B5, 75, 00, 00, ...] .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4140] C:\Windows\system32\ADVAPI32.dll!CryptAcquireContextW + 1 000007fefe40048d 11 bytes [B8, F9, E8, B5, 75, 00, 00, ...] .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4140] C:\Windows\system32\ADVAPI32.dll!CryptCreateHash + 1 000007fefe400579 11 bytes [B8, F9, F6, B5, 75, 00, 00, ...] .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4140] C:\Windows\system32\ADVAPI32.dll!CryptGetHashParam + 1 000007fefe4005b1 11 bytes [B8, 79, FA, B5, 75, 00, 00, ...] .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4140] C:\Windows\system32\ADVAPI32.dll!CryptGetHashParam + 73 000007fefe4005f9 5 bytes [B8, 39, FC, B5, 75] .text ... * 2 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4140] C:\Windows\system32\ADVAPI32.dll!IsTextUnicode + 49 000007fefe414e21 11 bytes [B8, 79, 0F, B6, 75, 00, 00, ...] .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4140] C:\Windows\system32\ADVAPI32.dll!CreateServiceW 000007fefe415538 12 bytes [48, B8, B9, 6C, B5, 75, 00, ...] .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4140] C:\Windows\system32\ADVAPI32.dll!CryptEncrypt + 1 000007fefe42b9c1 7 bytes [B8, 79, EC, B5, 75, 00, 00] .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4140] C:\Windows\system32\ADVAPI32.dll!CryptEncrypt + 10 000007fefe42b9ca 2 bytes [50, C3] .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4140] C:\Windows\system32\ADVAPI32.dll!CreateServiceA 000007fefe42ba4c 12 bytes [48, B8, F9, 6A, B5, 75, 00, ...] .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4140] C:\Windows\system32\ADVAPI32.dll!ChangeServiceConfigW 000007fefe42bbc0 12 bytes [48, B8, 79, 60, B5, 75, 00, ...] .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4140] C:\Windows\system32\ADVAPI32.dll!ChangeServiceConfigA 000007fefe42bc2c 12 bytes [48, B8, B9, 5E, B5, 75, 00, ...] .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4140] C:\Windows\SYSTEM32\sechost.dll!ControlService + 1 000007fefdc0642d 11 bytes [B8, 39, 5B, B5, 75, 00, 00, ...] .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4140] C:\Windows\SYSTEM32\sechost.dll!OpenServiceW 000007fefdc06484 12 bytes [48, B8, F9, 55, B5, 75, 00, ...] .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4140] C:\Windows\SYSTEM32\sechost.dll!CloseServiceHandle + 1 000007fefdc06519 11 bytes [B8, 39, 62, B5, 75, 00, 00, ...] .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4140] C:\Windows\SYSTEM32\sechost.dll!OpenServiceA 000007fefdc06c34 12 bytes [48, B8, 39, 54, B5, 75, 00, ...] .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4140] C:\Windows\SYSTEM32\sechost.dll!DeleteService + 1 000007fefdc07ab5 11 bytes [B8, F9, 5C, B5, 75, 00, 00, ...] .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4140] C:\Windows\SYSTEM32\sechost.dll!ControlServiceExA + 1 000007fefdc08b01 11 bytes [B8, B9, 57, B5, 75, 00, 00, ...] .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4140] C:\Windows\SYSTEM32\sechost.dll!ControlServiceExW + 1 000007fefdc08c39 11 bytes [B8, 79, 59, B5, 75, 00, 00, ...] .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4140] C:\Windows\system32\WS2_32.dll!WSASend + 1 000007fefdeb13b1 11 bytes [B8, B9, AB, B5, 75, 00, 00, ...] .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4140] C:\Windows\system32\WS2_32.dll!closesocket 000007fefdeb18e0 12 bytes [48, B8, F9, A9, B5, 75, 00, ...] .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4140] C:\Windows\system32\WS2_32.dll!WSASocketW + 1 000007fefdeb1bd1 11 bytes [B8, 39, A8, B5, 75, 00, 00, ...] .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4140] C:\Windows\system32\WS2_32.dll!WSARecv + 1 000007fefdeb2201 11 bytes [B8, 39, F5, B5, 75, 00, 00, ...] .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4140] C:\Windows\system32\WS2_32.dll!GetAddrInfoW 000007fefdeb23c0 12 bytes [48, B8, 39, 8C, B5, 75, 00, ...] .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4140] C:\Windows\system32\WS2_32.dll!connect 000007fefdeb45c0 12 bytes [48, B8, 79, 67, B5, 75, 00, ...] .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4140] C:\Windows\system32\WS2_32.dll!send + 1 000007fefdeb8001 11 bytes [B8, 79, A6, B5, 75, 00, 00, ...] .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4140] C:\Windows\system32\WS2_32.dll!gethostbyname 000007fefdeb8df0 7 bytes [48, B8, B9, 8F, B5, 75, 00] .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4140] C:\Windows\system32\WS2_32.dll!gethostbyname + 9 000007fefdeb8df9 3 bytes [00, 50, C3] .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4140] C:\Windows\system32\WS2_32.dll!GetAddrInfoExW 000007fefdebc090 12 bytes [48, B8, F9, 8D, B5, 75, 00, ...] .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4140] C:\Windows\system32\WS2_32.dll!socket + 1 000007fefdebde91 11 bytes [B8, 39, EE, B5, 75, 00, 00, ...] .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4140] C:\Windows\system32\WS2_32.dll!recv + 1 000007fefdebdf41 11 bytes [B8, 79, F3, B5, 75, 00, 00, ...] .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4140] C:\Windows\system32\WS2_32.dll!WSAConnect + 1 000007fefdede0f1 11 bytes [B8, B9, F1, B5, 75, 00, 00, ...] .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4140] C:\Windows\system32\DNSAPI.dll!DnsQuery_UTF8 000007fefc8256e0 12 bytes [48, B8, 39, CB, B5, 75, 00, ...] .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4140] C:\Windows\system32\DNSAPI.dll!DnsQuery_W 000007fefc83010c 12 bytes [48, B8, 79, C9, B5, 75, 00, ...] .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4140] C:\Windows\system32\DNSAPI.dll!DnsQuery_A 000007fefc84daa0 12 bytes [48, B8, B9, C7, B5, 75, 00, ...] .text C:\Windows\system32\svchost.exe[4132] C:\Windows\SYSTEM32\ntdll.dll!RtlEqualSid + 1 0000000077478731 11 bytes [B8, 39, 03, B6, 75, 00, 00, ...] .text C:\Windows\system32\svchost.exe[4132] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateProcessParametersEx + 1 0000000077486761 7 bytes [B8, 39, 69, B5, 75, 00, 00] .text C:\Windows\system32\svchost.exe[4132] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateProcessParametersEx + 10 000000007748676a 2 bytes [50, C3] .text C:\Windows\system32\svchost.exe[4132] C:\Windows\SYSTEM32\ntdll.dll!NtClose 000000007749dca0 6 bytes [48, B8, 79, C2, B5, 75] .text C:\Windows\system32\svchost.exe[4132] C:\Windows\SYSTEM32\ntdll.dll!NtClose + 8 000000007749dca8 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\svchost.exe[4132] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess 000000007749dd70 6 bytes [48, B8, 39, AF, B5, 75] .text C:\Windows\system32\svchost.exe[4132] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess + 8 000000007749dd78 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\svchost.exe[4132] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationToken 000000007749ddc0 6 bytes [48, B8, 79, 01, B6, 75] .text C:\Windows\system32\svchost.exe[4132] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationToken + 8 000000007749ddc8 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\svchost.exe[4132] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 000000007749de10 6 bytes [48, B8, F9, 32, B5, 75] .text C:\Windows\system32\svchost.exe[4132] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess + 8 000000007749de18 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\svchost.exe[4132] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 000000007749de30 6 bytes [48, B8, 39, 1C, B5, 75] .text C:\Windows\system32\svchost.exe[4132] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection + 8 000000007749de38 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\svchost.exe[4132] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection 000000007749de50 6 bytes [48, B8, F9, 1D, B5, 75] .text C:\Windows\system32\svchost.exe[4132] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection + 8 000000007749de58 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\svchost.exe[4132] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000000007749de70 6 bytes [48, B8, 79, AD, B5, 75] .text C:\Windows\system32\svchost.exe[4132] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess + 8 000000007749de78 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\svchost.exe[4132] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000000007749df50 6 bytes [48, B8, 79, 2F, B5, 75] .text C:\Windows\system32\svchost.exe[4132] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory + 8 000000007749df58 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\svchost.exe[4132] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 000000007749df70 6 bytes [48, B8, 79, 36, B5, 75] .text C:\Windows\system32\svchost.exe[4132] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject + 8 000000007749df78 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\svchost.exe[4132] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 000000007749e000 6 bytes [48, B8, B9, 34, B5, 75] .text C:\Windows\system32\svchost.exe[4132] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread + 8 000000007749e008 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\svchost.exe[4132] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcessEx 000000007749e080 6 bytes [48, B8, 39, 2A, B5, 75] .text C:\Windows\system32\svchost.exe[4132] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcessEx + 8 000000007749e088 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\svchost.exe[4132] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 000000007749e090 6 bytes [48, B8, B9, 26, B5, 75] .text C:\Windows\system32\svchost.exe[4132] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread + 8 000000007749e098 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\svchost.exe[4132] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 000000007749e100 6 bytes [48, B8, 79, DE, B5, 75] .text C:\Windows\system32\svchost.exe[4132] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile + 8 000000007749e108 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\svchost.exe[4132] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcess 000000007749e5d0 6 bytes [48, B8, 79, 28, B5, 75] .text C:\Windows\system32\svchost.exe[4132] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcess + 8 000000007749e5d8 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\svchost.exe[4132] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 000000007749e630 6 bytes [48, B8, F9, 24, B5, 75] .text C:\Windows\system32\svchost.exe[4132] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx + 8 000000007749e638 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\svchost.exe[4132] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 000000007749e9a0 6 bytes [48, B8, 39, C4, B5, 75] .text C:\Windows\system32\svchost.exe[4132] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver + 8 000000007749e9a8 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\svchost.exe[4132] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcessToken 000000007749eb70 6 bytes [48, B8, B9, FF, B5, 75] .text C:\Windows\system32\svchost.exe[4132] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcessToken + 8 000000007749eb78 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\svchost.exe[4132] C:\Windows\SYSTEM32\ntdll.dll!NtRaiseHardError 000000007749eee0 6 bytes [48, B8, 79, 83, B5, 75] .text C:\Windows\system32\svchost.exe[4132] C:\Windows\SYSTEM32\ntdll.dll!NtRaiseHardError + 8 000000007749eee8 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\svchost.exe[4132] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 000000007749f0e0 6 bytes [48, B8, 39, 31, B5, 75] .text C:\Windows\system32\svchost.exe[4132] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread + 8 000000007749f0e8 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\svchost.exe[4132] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 000000007749f2a0 6 bytes [48, B8, F9, C5, B5, 75] .text C:\Windows\system32\svchost.exe[4132] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation + 8 000000007749f2a8 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\svchost.exe[4132] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 000000007749f380 6 bytes [48, B8, 79, 3D, B5, 75] .text C:\Windows\system32\svchost.exe[4132] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess + 8 000000007749f388 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\svchost.exe[4132] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 000000007749f390 6 bytes [48, B8, B9, 3B, B5, 75] .text C:\Windows\system32\svchost.exe[4132] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread + 8 000000007749f398 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\svchost.exe[4132] C:\Windows\SYSTEM32\ntdll.dll!RtlReportException + 1 000000007750ed21 11 bytes [B8, 39, 85, B5, 75, 00, 00, ...] .text C:\Windows\system32\svchost.exe[4132] C:\Windows\system32\kernel32.dll!Process32NextW + 1 0000000077231b21 11 bytes [B8, B9, C0, B5, 75, 00, 00, ...] .text C:\Windows\system32\svchost.exe[4132] C:\Windows\system32\kernel32.dll!CreateToolhelp32Snapshot 0000000077231c10 12 bytes [48, B8, F9, 39, B5, 75, 00, ...] .text C:\Windows\system32\svchost.exe[4132] C:\Windows\system32\kernel32.dll!MoveFileExW + 1 0000000077232b61 8 bytes [B8, B9, D5, B5, 75, 00, 00, ...] .text C:\Windows\system32\svchost.exe[4132] C:\Windows\system32\kernel32.dll!MoveFileExW + 10 0000000077232b6a 2 bytes [50, C3] .text C:\Windows\system32\svchost.exe[4132] C:\Windows\system32\kernel32.dll!CreateProcessInternalW 000000007724dbc0 12 bytes [48, B8, B9, 2D, B5, 75, 00, ...] .text C:\Windows\system32\svchost.exe[4132] C:\Windows\system32\kernel32.dll!GetStartupInfoA + 1 0000000077250941 11 bytes [B8, B9, 06, B6, 75, 00, 00, ...] .text C:\Windows\system32\svchost.exe[4132] C:\Windows\system32\kernel32.dll!ReadConsoleInputW + 1 0000000077285321 11 bytes [B8, B9, 7A, B5, 75, 00, 00, ...] .text C:\Windows\system32\svchost.exe[4132] C:\Windows\system32\kernel32.dll!ReadConsoleInputA + 1 0000000077285341 11 bytes [B8, 39, 77, B5, 75, 00, 00, ...] .text C:\Windows\system32\svchost.exe[4132] C:\Windows\system32\kernel32.dll!ReadConsoleW 000000007729a650 12 bytes [48, B8, B9, 81, B5, 75, 00, ...] .text C:\Windows\system32\svchost.exe[4132] C:\Windows\system32\kernel32.dll!ReadConsoleA 000000007729a760 12 bytes [48, B8, 39, 7E, B5, 75, 00, ...] .text C:\Windows\system32\svchost.exe[4132] C:\Windows\system32\kernel32.dll!MoveFileWithProgressW + 1 00000000772bf501 11 bytes [B8, B9, DC, B5, 75, 00, 00, ...] .text C:\Windows\system32\svchost.exe[4132] C:\Windows\system32\kernel32.dll!MoveFileWithProgressA + 1 00000000772bf701 11 bytes [B8, 39, D9, B5, 75, 00, 00, ...] .text C:\Windows\system32\svchost.exe[4132] C:\Windows\system32\kernel32.dll!MoveFileExA + 1 00000000772bf731 8 bytes [B8, 39, D2, B5, 75, 00, 00, ...] .text C:\Windows\system32\svchost.exe[4132] C:\Windows\system32\kernel32.dll!MoveFileExA + 10 00000000772bf73a 2 bytes [50, C3] .text C:\Windows\system32\svchost.exe[4132] C:\Windows\system32\KERNELBASE.dll!CloseHandle + 1 000007fefd231861 11 bytes [B8, 79, 52, B5, 75, 00, 00, ...] .text C:\Windows\system32\svchost.exe[4132] C:\Windows\system32\KERNELBASE.dll!GetProcAddress + 1 000007fefd2330f1 11 bytes [B8, 39, B6, B5, 75, 00, 00, ...] .text C:\Windows\system32\svchost.exe[4132] C:\Windows\system32\KERNELBASE.dll!FindFirstFileExW 000007fefd235200 12 bytes [48, B8, F9, E1, B5, 75, 00, ...] .text C:\Windows\system32\svchost.exe[4132] C:\Windows\system32\KERNELBASE.dll!FindNextFileW + 1 000007fefd235b91 11 bytes [B8, B9, E3, B5, 75, 00, 00, ...] .text C:\Windows\system32\svchost.exe[4132] C:\Windows\system32\KERNELBASE.dll!CreateMutexW 000007fefd238c00 12 bytes [48, B8, B9, 50, B5, 75, 00, ...] .text C:\Windows\system32\svchost.exe[4132] C:\Windows\system32\KERNELBASE.dll!CreateWellKnownSid + 1 000007fefd239531 11 bytes [B8, F9, FD, B5, 75, 00, 00, ...] .text C:\Windows\system32\svchost.exe[4132] C:\Windows\system32\KERNELBASE.dll!DeviceIoControl + 1 000007fefd239e71 11 bytes [B8, 39, E0, B5, 75, 00, 00, ...] .text C:\Windows\system32\svchost.exe[4132] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExA + 1 000007fefd23b591 11 bytes [B8, F9, B0, B5, 75, 00, 00, ...] .text C:\Windows\system32\svchost.exe[4132] C:\Windows\system32\KERNELBASE.dll!OpenMutexW + 1 000007fefd242361 11 bytes [B8, F9, 4E, B5, 75, 00, 00, ...] .text C:\Windows\system32\svchost.exe[4132] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd24a590 12 bytes [48, B8, B9, B2, B5, 75, 00, ...] .text C:\Windows\system32\svchost.exe[4132] C:\Windows\system32\KERNELBASE.dll!FreeLibrary + 1 000007fefd24ac01 11 bytes [B8, 79, B4, B5, 75, 00, 00, ...] .text C:\Windows\system32\svchost.exe[4132] C:\Windows\system32\KERNELBASE.dll!WriteProcessMemory 000007fefd2642e0 12 bytes [48, B8, B9, 42, B5, 75, 00, ...] .text C:\Windows\system32\svchost.exe[4132] C:\Windows\system32\KERNELBASE.dll!DefineDosDeviceW + 1 000007fefd270ba1 11 bytes [B8, B9, CE, B5, 75, 00, 00, ...] .text C:\Windows\system32\svchost.exe[4132] C:\Windows\system32\KERNELBASE.dll!CreateRemoteThread + 1 000007fefd272801 8 bytes [B8, 39, 23, B5, 75, 00, 00, ...] .text C:\Windows\system32\svchost.exe[4132] C:\Windows\system32\KERNELBASE.dll!CreateRemoteThread + 10 000007fefd27280a 2 bytes [50, C3] .text C:\Windows\system32\svchost.exe[4132] C:\Windows\system32\KERNELBASE.dll!CreateThread + 1 000007fefd272841 11 bytes [B8, F9, 40, B5, 75, 00, 00, ...] .text C:\Windows\system32\svchost.exe[4132] C:\Windows\SYSTEM32\sechost.dll!ControlService + 1 000007fefdc0642d 11 bytes [B8, 39, 5B, B5, 75, 00, 00, ...] .text C:\Windows\system32\svchost.exe[4132] C:\Windows\SYSTEM32\sechost.dll!OpenServiceW 000007fefdc06484 12 bytes [48, B8, F9, 55, B5, 75, 00, ...] .text C:\Windows\system32\svchost.exe[4132] C:\Windows\SYSTEM32\sechost.dll!CloseServiceHandle + 1 000007fefdc06519 11 bytes [B8, 39, 62, B5, 75, 00, 00, ...] .text C:\Windows\system32\svchost.exe[4132] C:\Windows\SYSTEM32\sechost.dll!OpenServiceA 000007fefdc06c34 12 bytes [48, B8, 39, 54, B5, 75, 00, ...] .text C:\Windows\system32\svchost.exe[4132] C:\Windows\SYSTEM32\sechost.dll!DeleteService + 1 000007fefdc07ab5 11 bytes [B8, F9, 5C, B5, 75, 00, 00, ...] .text C:\Windows\system32\svchost.exe[4132] C:\Windows\SYSTEM32\sechost.dll!ControlServiceExA + 1 000007fefdc08b01 11 bytes [B8, B9, 57, B5, 75, 00, 00, ...] .text C:\Windows\system32\svchost.exe[4132] C:\Windows\SYSTEM32\sechost.dll!ControlServiceExW + 1 000007fefdc08c39 11 bytes [B8, 79, 59, B5, 75, 00, 00, ...] .text C:\Windows\system32\svchost.exe[4132] C:\Windows\system32\ADVAPI32.dll!CryptExportKey + 1 000007fefe3fae81 11 bytes [B8, F9, F6, B5, 75, 00, 00, ...] .text C:\Windows\system32\svchost.exe[4132] C:\Windows\system32\ADVAPI32.dll!CryptAcquireContextA + 1 000007fefe3faee1 11 bytes [B8, 79, E5, B5, 75, 00, 00, ...] .text C:\Windows\system32\svchost.exe[4132] C:\Windows\system32\ADVAPI32.dll!CryptImportKey + 1 000007fefe3fe6e9 11 bytes [B8, 39, FC, B5, 75, 00, 00, ...] .text C:\Windows\system32\svchost.exe[4132] C:\Windows\system32\ADVAPI32.dll!CryptAcquireContextW + 1 000007fefe40048d 11 bytes [B8, 39, E7, B5, 75, 00, 00, ...] .text C:\Windows\system32\svchost.exe[4132] C:\Windows\system32\ADVAPI32.dll!CryptCreateHash + 1 000007fefe400579 11 bytes [B8, 39, F5, B5, 75, 00, 00, ...] .text C:\Windows\system32\svchost.exe[4132] C:\Windows\system32\ADVAPI32.dll!CryptGetHashParam + 1 000007fefe4005b1 11 bytes [B8, B9, F8, B5, 75, 00, 00, ...] .text C:\Windows\system32\svchost.exe[4132] C:\Windows\system32\ADVAPI32.dll!CryptGetHashParam + 73 000007fefe4005f9 5 bytes [B8, 79, FA, B5, 75] .text ... * 2 .text C:\Windows\system32\svchost.exe[4132] C:\Windows\system32\ADVAPI32.dll!IsTextUnicode + 49 000007fefe414e21 11 bytes [B8, 39, 0A, B6, 75, 00, 00, ...] .text C:\Windows\system32\svchost.exe[4132] C:\Windows\system32\ADVAPI32.dll!CreateServiceW 000007fefe415538 12 bytes [48, B8, B9, 6C, B5, 75, 00, ...] .text C:\Windows\system32\svchost.exe[4132] C:\Windows\system32\ADVAPI32.dll!CryptEncrypt + 1 000007fefe42b9c1 7 bytes [B8, B9, EA, B5, 75, 00, 00] .text C:\Windows\system32\svchost.exe[4132] C:\Windows\system32\ADVAPI32.dll!CryptEncrypt + 10 000007fefe42b9ca 2 bytes [50, C3] .text C:\Windows\system32\svchost.exe[4132] C:\Windows\system32\ADVAPI32.dll!CreateServiceA 000007fefe42ba4c 12 bytes [48, B8, F9, 6A, B5, 75, 00, ...] .text C:\Windows\system32\svchost.exe[4132] C:\Windows\system32\ADVAPI32.dll!ChangeServiceConfigW 000007fefe42bbc0 12 bytes [48, B8, 79, 60, B5, 75, 00, ...] .text C:\Windows\system32\svchost.exe[4132] C:\Windows\system32\ADVAPI32.dll!ChangeServiceConfigA 000007fefe42bc2c 12 bytes [48, B8, B9, 5E, B5, 75, 00, ...] .text C:\Windows\system32\svchost.exe[4132] C:\Windows\system32\WS2_32.dll!WSASend + 1 000007fefdeb13b1 11 bytes [B8, B9, AB, B5, 75, 00, 00, ...] .text C:\Windows\system32\svchost.exe[4132] C:\Windows\system32\WS2_32.dll!closesocket 000007fefdeb18e0 12 bytes [48, B8, F9, A9, B5, 75, 00, ...] .text C:\Windows\system32\svchost.exe[4132] C:\Windows\system32\WS2_32.dll!WSASocketW + 1 000007fefdeb1bd1 11 bytes [B8, 39, A8, B5, 75, 00, 00, ...] .text C:\Windows\system32\svchost.exe[4132] C:\Windows\system32\WS2_32.dll!WSARecv + 1 000007fefdeb2201 11 bytes [B8, 79, F3, B5, 75, 00, 00, ...] .text C:\Windows\system32\svchost.exe[4132] C:\Windows\system32\WS2_32.dll!GetAddrInfoW 000007fefdeb23c0 12 bytes [48, B8, 39, 8C, B5, 75, 00, ...] .text C:\Windows\system32\svchost.exe[4132] C:\Windows\system32\WS2_32.dll!connect 000007fefdeb45c0 12 bytes [48, B8, 79, 67, B5, 75, 00, ...] .text C:\Windows\system32\svchost.exe[4132] C:\Windows\system32\WS2_32.dll!send + 1 000007fefdeb8001 11 bytes [B8, 79, A6, B5, 75, 00, 00, ...] .text C:\Windows\system32\svchost.exe[4132] C:\Windows\system32\WS2_32.dll!gethostbyname 000007fefdeb8df0 7 bytes [48, B8, B9, 8F, B5, 75, 00] .text C:\Windows\system32\svchost.exe[4132] C:\Windows\system32\WS2_32.dll!gethostbyname + 9 000007fefdeb8df9 3 bytes [00, 50, C3] .text C:\Windows\system32\svchost.exe[4132] C:\Windows\system32\WS2_32.dll!GetAddrInfoExW 000007fefdebc090 12 bytes [48, B8, F9, 8D, B5, 75, 00, ...] .text C:\Windows\system32\svchost.exe[4132] C:\Windows\system32\WS2_32.dll!socket + 1 000007fefdebde91 11 bytes [B8, 79, EC, B5, 75, 00, 00, ...] .text C:\Windows\system32\svchost.exe[4132] C:\Windows\system32\WS2_32.dll!recv + 1 000007fefdebdf41 11 bytes [B8, B9, F1, B5, 75, 00, 00, ...] .text C:\Windows\system32\svchost.exe[4132] C:\Windows\system32\WS2_32.dll!WSAConnect + 1 000007fefdede0f1 11 bytes [B8, F9, EF, B5, 75, 00, 00, ...] .text C:\Windows\system32\svchost.exe[4132] C:\Windows\system32\WINHTTP.dll!WinHttpCloseHandle 000007fefb3e22e0 12 bytes [48, B8, F9, A2, B5, 75, 00, ...] .text C:\Windows\system32\svchost.exe[4132] C:\Windows\system32\WINHTTP.dll!WinHttpOpenRequest 000007fefb3e45f8 12 bytes [48, B8, 39, A1, B5, 75, 00, ...] .text C:\Windows\system32\svchost.exe[4132] C:\Windows\system32\WINHTTP.dll!WinHttpConnect 000007fefb3f3e3c 12 bytes [48, B8, B9, A4, B5, 75, 00, ...] .text C:\Windows\System32\svchost.exe[4460] C:\Windows\SYSTEM32\ntdll.dll!RtlEqualSid + 1 0000000077478731 11 bytes [B8, 39, 03, B6, 75, 00, 00, ...] .text C:\Windows\System32\svchost.exe[4460] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateProcessParametersEx + 1 0000000077486761 7 bytes [B8, 39, 69, B5, 75, 00, 00] .text C:\Windows\System32\svchost.exe[4460] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateProcessParametersEx + 10 000000007748676a 2 bytes [50, C3] .text C:\Windows\System32\svchost.exe[4460] C:\Windows\SYSTEM32\ntdll.dll!NtClose 000000007749dca0 6 bytes [48, B8, 79, C2, B5, 75] .text C:\Windows\System32\svchost.exe[4460] C:\Windows\SYSTEM32\ntdll.dll!NtClose + 8 000000007749dca8 4 bytes [00, 00, 50, C3] .text C:\Windows\System32\svchost.exe[4460] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess 000000007749dd70 6 bytes [48, B8, 39, AF, B5, 75] .text C:\Windows\System32\svchost.exe[4460] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess + 8 000000007749dd78 4 bytes [00, 00, 50, C3] .text C:\Windows\System32\svchost.exe[4460] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationToken 000000007749ddc0 6 bytes [48, B8, 79, 01, B6, 75] .text C:\Windows\System32\svchost.exe[4460] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationToken + 8 000000007749ddc8 4 bytes [00, 00, 50, C3] .text C:\Windows\System32\svchost.exe[4460] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 000000007749de10 6 bytes [48, B8, F9, 32, B5, 75] .text C:\Windows\System32\svchost.exe[4460] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess + 8 000000007749de18 4 bytes [00, 00, 50, C3] .text C:\Windows\System32\svchost.exe[4460] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 000000007749de30 6 bytes [48, B8, 39, 1C, B5, 75] .text C:\Windows\System32\svchost.exe[4460] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection + 8 000000007749de38 4 bytes [00, 00, 50, C3] .text C:\Windows\System32\svchost.exe[4460] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection 000000007749de50 6 bytes [48, B8, F9, 1D, B5, 75] .text C:\Windows\System32\svchost.exe[4460] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection + 8 000000007749de58 4 bytes [00, 00, 50, C3] .text C:\Windows\System32\svchost.exe[4460] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000000007749de70 6 bytes [48, B8, 79, AD, B5, 75] .text C:\Windows\System32\svchost.exe[4460] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess + 8 000000007749de78 4 bytes [00, 00, 50, C3] .text C:\Windows\System32\svchost.exe[4460] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000000007749df50 6 bytes [48, B8, 79, 2F, B5, 75] .text C:\Windows\System32\svchost.exe[4460] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory + 8 000000007749df58 4 bytes [00, 00, 50, C3] .text C:\Windows\System32\svchost.exe[4460] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 000000007749df70 6 bytes [48, B8, 79, 36, B5, 75] .text C:\Windows\System32\svchost.exe[4460] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject + 8 000000007749df78 4 bytes [00, 00, 50, C3] .text C:\Windows\System32\svchost.exe[4460] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 000000007749e000 6 bytes [48, B8, B9, 34, B5, 75] .text C:\Windows\System32\svchost.exe[4460] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread + 8 000000007749e008 4 bytes [00, 00, 50, C3] .text C:\Windows\System32\svchost.exe[4460] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcessEx 000000007749e080 6 bytes [48, B8, 39, 2A, B5, 75] .text C:\Windows\System32\svchost.exe[4460] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcessEx + 8 000000007749e088 4 bytes [00, 00, 50, C3] .text C:\Windows\System32\svchost.exe[4460] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 000000007749e090 6 bytes [48, B8, B9, 26, B5, 75] .text C:\Windows\System32\svchost.exe[4460] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread + 8 000000007749e098 4 bytes [00, 00, 50, C3] .text C:\Windows\System32\svchost.exe[4460] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 000000007749e100 6 bytes [48, B8, 79, DE, B5, 75] .text C:\Windows\System32\svchost.exe[4460] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile + 8 000000007749e108 4 bytes [00, 00, 50, C3] .text C:\Windows\System32\svchost.exe[4460] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcess 000000007749e5d0 6 bytes [48, B8, 79, 28, B5, 75] .text C:\Windows\System32\svchost.exe[4460] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcess + 8 000000007749e5d8 4 bytes [00, 00, 50, C3] .text C:\Windows\System32\svchost.exe[4460] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 000000007749e630 6 bytes [48, B8, F9, 24, B5, 75] .text C:\Windows\System32\svchost.exe[4460] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx + 8 000000007749e638 4 bytes [00, 00, 50, C3] .text C:\Windows\System32\svchost.exe[4460] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 000000007749e9a0 6 bytes [48, B8, 39, C4, B5, 75] .text C:\Windows\System32\svchost.exe[4460] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver + 8 000000007749e9a8 4 bytes [00, 00, 50, C3] .text C:\Windows\System32\svchost.exe[4460] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcessToken 000000007749eb70 6 bytes [48, B8, B9, FF, B5, 75] .text C:\Windows\System32\svchost.exe[4460] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcessToken + 8 000000007749eb78 4 bytes [00, 00, 50, C3] .text C:\Windows\System32\svchost.exe[4460] C:\Windows\SYSTEM32\ntdll.dll!NtRaiseHardError 000000007749eee0 6 bytes [48, B8, 79, 83, B5, 75] .text C:\Windows\System32\svchost.exe[4460] C:\Windows\SYSTEM32\ntdll.dll!NtRaiseHardError + 8 000000007749eee8 4 bytes [00, 00, 50, C3] .text C:\Windows\System32\svchost.exe[4460] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 000000007749f0e0 6 bytes [48, B8, 39, 31, B5, 75] .text C:\Windows\System32\svchost.exe[4460] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread + 8 000000007749f0e8 4 bytes [00, 00, 50, C3] .text C:\Windows\System32\svchost.exe[4460] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 000000007749f2a0 6 bytes [48, B8, F9, C5, B5, 75] .text C:\Windows\System32\svchost.exe[4460] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation + 8 000000007749f2a8 4 bytes [00, 00, 50, C3] .text C:\Windows\System32\svchost.exe[4460] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 000000007749f380 6 bytes [48, B8, 79, 3D, B5, 75] .text C:\Windows\System32\svchost.exe[4460] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess + 8 000000007749f388 4 bytes [00, 00, 50, C3] .text C:\Windows\System32\svchost.exe[4460] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 000000007749f390 6 bytes [48, B8, B9, 3B, B5, 75] .text C:\Windows\System32\svchost.exe[4460] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread + 8 000000007749f398 4 bytes [00, 00, 50, C3] .text C:\Windows\System32\svchost.exe[4460] C:\Windows\SYSTEM32\ntdll.dll!RtlReportException + 1 000000007750ed21 11 bytes [B8, 39, 85, B5, 75, 00, 00, ...] .text C:\Windows\System32\svchost.exe[4460] C:\Windows\system32\kernel32.dll!Process32NextW + 1 0000000077231b21 11 bytes [B8, B9, C0, B5, 75, 00, 00, ...] .text C:\Windows\System32\svchost.exe[4460] C:\Windows\system32\kernel32.dll!CreateToolhelp32Snapshot 0000000077231c10 12 bytes [48, B8, F9, 39, B5, 75, 00, ...] .text C:\Windows\System32\svchost.exe[4460] C:\Windows\system32\kernel32.dll!MoveFileExW + 1 0000000077232b61 8 bytes [B8, B9, D5, B5, 75, 00, 00, ...] .text C:\Windows\System32\svchost.exe[4460] C:\Windows\system32\kernel32.dll!MoveFileExW + 10 0000000077232b6a 2 bytes [50, C3] .text C:\Windows\System32\svchost.exe[4460] C:\Windows\system32\kernel32.dll!CreateProcessInternalW 000000007724dbc0 12 bytes [48, B8, B9, 2D, B5, 75, 00, ...] .text C:\Windows\System32\svchost.exe[4460] C:\Windows\system32\kernel32.dll!GetStartupInfoA + 1 0000000077250941 11 bytes [B8, B9, 06, B6, 75, 00, 00, ...] .text C:\Windows\System32\svchost.exe[4460] C:\Windows\system32\kernel32.dll!ReadConsoleInputW + 1 0000000077285321 11 bytes [B8, B9, 7A, B5, 75, 00, 00, ...] .text C:\Windows\System32\svchost.exe[4460] C:\Windows\system32\kernel32.dll!ReadConsoleInputA + 1 0000000077285341 11 bytes [B8, 39, 77, B5, 75, 00, 00, ...] .text C:\Windows\System32\svchost.exe[4460] C:\Windows\system32\kernel32.dll!ReadConsoleW 000000007729a650 12 bytes [48, B8, B9, 81, B5, 75, 00, ...] .text C:\Windows\System32\svchost.exe[4460] C:\Windows\system32\kernel32.dll!ReadConsoleA 000000007729a760 12 bytes [48, B8, 39, 7E, B5, 75, 00, ...] .text C:\Windows\System32\svchost.exe[4460] C:\Windows\system32\kernel32.dll!MoveFileWithProgressW + 1 00000000772bf501 11 bytes [B8, B9, DC, B5, 75, 00, 00, ...] .text C:\Windows\System32\svchost.exe[4460] C:\Windows\system32\kernel32.dll!MoveFileWithProgressA + 1 00000000772bf701 11 bytes [B8, 39, D9, B5, 75, 00, 00, ...] .text C:\Windows\System32\svchost.exe[4460] C:\Windows\system32\kernel32.dll!MoveFileExA + 1 00000000772bf731 8 bytes [B8, 39, D2, B5, 75, 00, 00, ...] .text C:\Windows\System32\svchost.exe[4460] C:\Windows\system32\kernel32.dll!MoveFileExA + 10 00000000772bf73a 2 bytes [50, C3] .text C:\Windows\System32\svchost.exe[4460] C:\Windows\system32\KERNELBASE.dll!CloseHandle + 1 000007fefd231861 11 bytes [B8, 79, 52, B5, 75, 00, 00, ...] .text C:\Windows\System32\svchost.exe[4460] C:\Windows\system32\KERNELBASE.dll!GetProcAddress + 1 000007fefd2330f1 11 bytes [B8, 39, B6, B5, 75, 00, 00, ...] .text C:\Windows\System32\svchost.exe[4460] C:\Windows\system32\KERNELBASE.dll!FindFirstFileExW 000007fefd235200 12 bytes [48, B8, F9, E1, B5, 75, 00, ...] .text C:\Windows\System32\svchost.exe[4460] C:\Windows\system32\KERNELBASE.dll!FindNextFileW + 1 000007fefd235b91 11 bytes [B8, B9, E3, B5, 75, 00, 00, ...] .text C:\Windows\System32\svchost.exe[4460] C:\Windows\system32\KERNELBASE.dll!CreateMutexW 000007fefd238c00 12 bytes [48, B8, B9, 50, B5, 75, 00, ...] .text C:\Windows\System32\svchost.exe[4460] C:\Windows\system32\KERNELBASE.dll!CreateWellKnownSid + 1 000007fefd239531 11 bytes [B8, F9, FD, B5, 75, 00, 00, ...] .text C:\Windows\System32\svchost.exe[4460] C:\Windows\system32\KERNELBASE.dll!DeviceIoControl + 1 000007fefd239e71 11 bytes [B8, 39, E0, B5, 75, 00, 00, ...] .text C:\Windows\System32\svchost.exe[4460] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExA + 1 000007fefd23b591 11 bytes [B8, F9, B0, B5, 75, 00, 00, ...] .text C:\Windows\System32\svchost.exe[4460] C:\Windows\system32\KERNELBASE.dll!OpenMutexW + 1 000007fefd242361 11 bytes [B8, F9, 4E, B5, 75, 00, 00, ...] .text C:\Windows\System32\svchost.exe[4460] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd24a590 12 bytes [48, B8, B9, B2, B5, 75, 00, ...] .text C:\Windows\System32\svchost.exe[4460] C:\Windows\system32\KERNELBASE.dll!FreeLibrary + 1 000007fefd24ac01 11 bytes [B8, 79, B4, B5, 75, 00, 00, ...] .text C:\Windows\System32\svchost.exe[4460] C:\Windows\system32\KERNELBASE.dll!WriteProcessMemory 000007fefd2642e0 12 bytes [48, B8, B9, 42, B5, 75, 00, ...] .text C:\Windows\System32\svchost.exe[4460] C:\Windows\system32\KERNELBASE.dll!DefineDosDeviceW + 1 000007fefd270ba1 11 bytes [B8, B9, CE, B5, 75, 00, 00, ...] .text C:\Windows\System32\svchost.exe[4460] C:\Windows\system32\KERNELBASE.dll!CreateRemoteThread + 1 000007fefd272801 8 bytes [B8, 39, 23, B5, 75, 00, 00, ...] .text C:\Windows\System32\svchost.exe[4460] C:\Windows\system32\KERNELBASE.dll!CreateRemoteThread + 10 000007fefd27280a 2 bytes [50, C3] .text C:\Windows\System32\svchost.exe[4460] C:\Windows\system32\KERNELBASE.dll!CreateThread + 1 000007fefd272841 11 bytes [B8, F9, 40, B5, 75, 00, 00, ...] .text C:\Windows\System32\svchost.exe[4460] C:\Windows\SYSTEM32\sechost.dll!ControlService + 1 000007fefdc0642d 11 bytes [B8, 39, 5B, B5, 75, 00, 00, ...] .text C:\Windows\System32\svchost.exe[4460] C:\Windows\SYSTEM32\sechost.dll!OpenServiceW 000007fefdc06484 12 bytes [48, B8, F9, 55, B5, 75, 00, ...] .text C:\Windows\System32\svchost.exe[4460] C:\Windows\SYSTEM32\sechost.dll!CloseServiceHandle + 1 000007fefdc06519 11 bytes [B8, 39, 62, B5, 75, 00, 00, ...] .text C:\Windows\System32\svchost.exe[4460] C:\Windows\SYSTEM32\sechost.dll!OpenServiceA 000007fefdc06c34 12 bytes [48, B8, 39, 54, B5, 75, 00, ...] .text C:\Windows\System32\svchost.exe[4460] C:\Windows\SYSTEM32\sechost.dll!DeleteService + 1 000007fefdc07ab5 11 bytes [B8, F9, 5C, B5, 75, 00, 00, ...] .text C:\Windows\System32\svchost.exe[4460] C:\Windows\SYSTEM32\sechost.dll!ControlServiceExA + 1 000007fefdc08b01 11 bytes [B8, B9, 57, B5, 75, 00, 00, ...] .text C:\Windows\System32\svchost.exe[4460] C:\Windows\SYSTEM32\sechost.dll!ControlServiceExW + 1 000007fefdc08c39 11 bytes [B8, 79, 59, B5, 75, 00, 00, ...] .text C:\Windows\System32\svchost.exe[4460] C:\Windows\system32\WS2_32.dll!WSASend + 1 000007fefdeb13b1 11 bytes [B8, B9, AB, B5, 75, 00, 00, ...] .text C:\Windows\System32\svchost.exe[4460] C:\Windows\system32\WS2_32.dll!closesocket 000007fefdeb18e0 12 bytes [48, B8, F9, A9, B5, 75, 00, ...] .text C:\Windows\System32\svchost.exe[4460] C:\Windows\system32\WS2_32.dll!WSASocketW + 1 000007fefdeb1bd1 11 bytes [B8, 39, A8, B5, 75, 00, 00, ...] .text C:\Windows\System32\svchost.exe[4460] C:\Windows\system32\WS2_32.dll!WSARecv + 1 000007fefdeb2201 11 bytes [B8, 79, F3, B5, 75, 00, 00, ...] .text C:\Windows\System32\svchost.exe[4460] C:\Windows\system32\WS2_32.dll!GetAddrInfoW 000007fefdeb23c0 12 bytes [48, B8, 39, 8C, B5, 75, 00, ...] .text C:\Windows\System32\svchost.exe[4460] C:\Windows\system32\WS2_32.dll!connect 000007fefdeb45c0 12 bytes [48, B8, 79, 67, B5, 75, 00, ...] .text C:\Windows\System32\svchost.exe[4460] C:\Windows\system32\WS2_32.dll!send + 1 000007fefdeb8001 11 bytes [B8, 79, A6, B5, 75, 00, 00, ...] .text C:\Windows\System32\svchost.exe[4460] C:\Windows\system32\WS2_32.dll!gethostbyname 000007fefdeb8df0 7 bytes [48, B8, B9, 8F, B5, 75, 00] .text C:\Windows\System32\svchost.exe[4460] C:\Windows\system32\WS2_32.dll!gethostbyname + 9 000007fefdeb8df9 3 bytes [00, 50, C3] .text C:\Windows\System32\svchost.exe[4460] C:\Windows\system32\WS2_32.dll!GetAddrInfoExW 000007fefdebc090 12 bytes [48, B8, F9, 8D, B5, 75, 00, ...] .text C:\Windows\System32\svchost.exe[4460] C:\Windows\system32\WS2_32.dll!socket + 1 000007fefdebde91 11 bytes [B8, 79, EC, B5, 75, 00, 00, ...] .text C:\Windows\System32\svchost.exe[4460] C:\Windows\system32\WS2_32.dll!recv + 1 000007fefdebdf41 11 bytes [B8, B9, F1, B5, 75, 00, 00, ...] .text C:\Windows\System32\svchost.exe[4460] C:\Windows\system32\WS2_32.dll!WSAConnect + 1 000007fefdede0f1 11 bytes [B8, F9, EF, B5, 75, 00, 00, ...] .text C:\Windows\System32\svchost.exe[4460] C:\Windows\system32\ADVAPI32.dll!CryptExportKey + 1 000007fefe3fae81 11 bytes [B8, F9, F6, B5, 75, 00, 00, ...] .text C:\Windows\System32\svchost.exe[4460] C:\Windows\system32\ADVAPI32.dll!CryptAcquireContextA + 1 000007fefe3faee1 11 bytes [B8, 79, E5, B5, 75, 00, 00, ...] .text C:\Windows\System32\svchost.exe[4460] C:\Windows\system32\ADVAPI32.dll!CryptImportKey + 1 000007fefe3fe6e9 11 bytes [B8, 39, FC, B5, 75, 00, 00, ...] .text C:\Windows\System32\svchost.exe[4460] C:\Windows\system32\ADVAPI32.dll!CryptAcquireContextW + 1 000007fefe40048d 11 bytes [B8, 39, E7, B5, 75, 00, 00, ...] .text C:\Windows\System32\svchost.exe[4460] C:\Windows\system32\ADVAPI32.dll!CryptCreateHash + 1 000007fefe400579 11 bytes [B8, 39, F5, B5, 75, 00, 00, ...] .text C:\Windows\System32\svchost.exe[4460] C:\Windows\system32\ADVAPI32.dll!CryptGetHashParam + 1 000007fefe4005b1 11 bytes [B8, B9, F8, B5, 75, 00, 00, ...] .text C:\Windows\System32\svchost.exe[4460] C:\Windows\system32\ADVAPI32.dll!CryptGetHashParam + 73 000007fefe4005f9 5 bytes [B8, 79, FA, B5, 75] .text ... * 2 .text C:\Windows\System32\svchost.exe[4460] C:\Windows\system32\ADVAPI32.dll!IsTextUnicode + 49 000007fefe414e21 11 bytes [B8, F9, 0B, B6, 75, 00, 00, ...] .text C:\Windows\System32\svchost.exe[4460] C:\Windows\system32\ADVAPI32.dll!CreateServiceW 000007fefe415538 12 bytes [48, B8, B9, 6C, B5, 75, 00, ...] .text C:\Windows\System32\svchost.exe[4460] C:\Windows\system32\ADVAPI32.dll!CryptEncrypt + 1 000007fefe42b9c1 7 bytes [B8, B9, EA, B5, 75, 00, 00] .text C:\Windows\System32\svchost.exe[4460] C:\Windows\system32\ADVAPI32.dll!CryptEncrypt + 10 000007fefe42b9ca 2 bytes [50, C3] .text C:\Windows\System32\svchost.exe[4460] C:\Windows\system32\ADVAPI32.dll!CreateServiceA 000007fefe42ba4c 12 bytes [48, B8, F9, 6A, B5, 75, 00, ...] .text C:\Windows\System32\svchost.exe[4460] C:\Windows\system32\ADVAPI32.dll!ChangeServiceConfigW 000007fefe42bbc0 12 bytes [48, B8, 79, 60, B5, 75, 00, ...] .text C:\Windows\System32\svchost.exe[4460] C:\Windows\system32\ADVAPI32.dll!ChangeServiceConfigA 000007fefe42bc2c 12 bytes [48, B8, B9, 5E, B5, 75, 00, ...] .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[5552] C:\Windows\SysWOW64\ntdll.dll!NtClose 000000007764fa2c 5 bytes JMP 00000001737867e1 .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[5552] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationProcess 000000007764fb74 5 bytes JMP 00000001737861f1 .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[5552] C:\Windows\SysWOW64\ntdll.dll!NtQueryInformationToken 000000007764fbf4 5 bytes JMP 0000000173787d41 .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[5552] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess 000000007764fc6c 5 bytes JMP 00000001737831d9 .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[5552] C:\Windows\SysWOW64\ntdll.dll!NtMapViewOfSection 000000007764fc9c 5 bytes JMP 00000001737815f1 .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[5552] C:\Windows\SysWOW64\ntdll.dll!NtUnmapViewOfSection 000000007764fccc 5 bytes JMP 0000000173781689 .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[5552] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 000000007764fcfc 5 bytes JMP 0000000173786159 .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[5552] C:\Windows\SysWOW64\ntdll.dll!NtWriteVirtualMemory 000000007764fe60 5 bytes JMP 00000001737830a9 .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[5552] C:\Windows\SysWOW64\ntdll.dll!NtDuplicateObject 000000007764fe90 5 bytes JMP 0000000173783309 .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[5552] C:\Windows\SysWOW64\ntdll.dll!NtAdjustPrivilegesToken 000000007764ff0c 5 bytes JMP 0000000173787161 .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[5552] C:\Windows\SysWOW64\ntdll.dll!NtQueueApcThread 000000007764ff70 5 bytes JMP 0000000173783271 .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[5552] C:\Windows\SysWOW64\ntdll.dll!NtCreateProcessEx 0000000077650038 5 bytes JMP 0000000173782ee1 .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[5552] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread 0000000077650050 5 bytes JMP 0000000173782db1 .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[5552] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile 0000000077650100 5 bytes JMP 0000000173781ed9 .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[5552] C:\Windows\SysWOW64\ntdll.dll!NtSetValueKey 0000000077650210 5 bytes JMP 0000000173782301 .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[5552] C:\Windows\SysWOW64\ntdll.dll!NtCreateProcess 0000000077650860 5 bytes JMP 0000000173782e49 .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[5552] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx 00000000776508f0 5 bytes JMP 0000000173782d19 .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[5552] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver 0000000077650e40 5 bytes JMP 0000000173786879 .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[5552] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessToken 000000007765110c 5 bytes JMP 0000000173787ca9 .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[5552] C:\Windows\SysWOW64\ntdll.dll!NtRaiseHardError 0000000077651650 5 bytes JMP 0000000173784ac9 .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[5552] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread 000000007765196c 5 bytes JMP 0000000173783141 .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[5552] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation 0000000077651c30 5 bytes JMP 0000000173786911 .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[5552] C:\Windows\SysWOW64\ntdll.dll!NtSuspendProcess 0000000077651da0 5 bytes JMP 0000000173783439 .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[5552] C:\Windows\SysWOW64\ntdll.dll!NtSuspendThread 0000000077651dbc 5 bytes JMP 00000001737833a1 .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[5552] C:\Windows\SysWOW64\ntdll.dll!NtVdmControl 0000000077651f34 5 bytes JMP 0000000173787e71 .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[5552] C:\Windows\SysWOW64\ntdll.dll!RtlQueryPerformanceCounter 0000000077664964 5 bytes JMP 0000000173781ab1 .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[5552] C:\Windows\SysWOW64\ntdll.dll!RtlEqualSid 0000000077670fe1 5 bytes JMP 0000000173787dd9 .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[5552] C:\Windows\SysWOW64\ntdll.dll!RtlCreateProcessParametersEx 0000000077690f4b 5 bytes JMP 0000000173782009 .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[5552] C:\Windows\SysWOW64\ntdll.dll!RtlReportException 00000000776d88cf 5 bytes JMP 0000000173784b61 .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[5552] C:\Windows\SysWOW64\ntdll.dll!RtlCreateProcessParameters 00000000776deb6b 5 bytes JMP 0000000173781f71 .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[5552] C:\Windows\syswow64\KERNEL32.dll!GetStartupInfoA 0000000075440e00 5 bytes JMP 0000000173781da9 .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[5552] C:\Windows\syswow64\KERNEL32.dll!CreateProcessA 0000000075441072 5 bytes JMP 0000000173782a21 .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[5552] C:\Windows\syswow64\KERNEL32.dll!LoadLibraryA 000000007544498f 5 bytes JMP 00000001737825f9 .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[5552] C:\Windows\syswow64\KERNEL32.dll!CreateProcessInternalW 0000000075453bab 5 bytes JMP 0000000173783011 .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[5552] C:\Windows\syswow64\KERNEL32.dll!MoveFileWithProgressW 0000000075459aa4 5 bytes JMP 00000001737870c9 .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[5552] C:\Windows\syswow64\KERNEL32.dll!MoveFileExW 0000000075459b05 5 bytes JMP 0000000173786e69 .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[5552] C:\Windows\syswow64\KERNEL32.dll!CreateToolhelp32Snapshot 0000000075467327 5 bytes JMP 0000000173782729 .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[5552] C:\Windows\syswow64\KERNEL32.dll!Process32NextW 00000000754688da 5 bytes JMP 0000000173786749 .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[5552] C:\Windows\syswow64\KERNEL32.dll!MoveFileExA 000000007546ccb1 5 bytes JMP 0000000173786d39 .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[5552] C:\Windows\syswow64\KERNEL32.dll!MoveFileWithProgressA 000000007546ccd1 5 bytes JMP 0000000173786f99 .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[5552] C:\Windows\syswow64\KERNEL32.dll!WinExec 00000000754c3051 5 bytes JMP 00000001737828f1 .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[5552] C:\Windows\syswow64\KERNEL32.dll!ReadConsoleInputA 00000000754e751b 5 bytes JMP 00000001737846a1 .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[5552] C:\Windows\syswow64\KERNEL32.dll!ReadConsoleInputW 00000000754e753e 5 bytes JMP 00000001737847d1 .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[5552] C:\Windows\syswow64\KERNEL32.dll!ReadConsoleA 00000000754e78e9 5 bytes JMP 0000000173784901 .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[5552] C:\Windows\syswow64\KERNEL32.dll!ReadConsoleW 00000000754e7962 5 bytes JMP 0000000173784a31 .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[5552] C:\Windows\syswow64\KERNELBASE.dll!GetSystemTimeAsFileTime 0000000077018f8d 5 bytes JMP 0000000173781a19 .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[5552] C:\Windows\syswow64\KERNELBASE.dll!CloseHandle 000000007701c436 5 bytes JMP 0000000173783b59 .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[5552] C:\Windows\syswow64\KERNELBASE.dll!DeviceIoControl 000000007701d0af 5 bytes JMP 00000001737871f9 .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[5552] C:\Windows\syswow64\KERNELBASE.dll!WriteProcessMemory 000000007701eca6 5 bytes JMP 0000000173783601 .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[5552] C:\Windows\syswow64\KERNELBASE.dll!ExitProcess 000000007701f206 5 bytes JMP 0000000173782399 .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[5552] C:\Windows\syswow64\KERNELBASE.dll!GetStartupInfoW 000000007701fa89 5 bytes JMP 0000000173781e41 .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[5552] C:\Windows\syswow64\KERNELBASE.dll!DefineDosDeviceW 000000007701fbb7 5 bytes JMP 0000000173786c09 .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[5552] C:\Windows\syswow64\KERNELBASE.dll!CreateMutexW 0000000077021358 5 bytes JMP 0000000173783ac1 .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[5552] C:\Windows\syswow64\KERNELBASE.dll!OpenMutexW 000000007702137f 5 bytes JMP 0000000173783a29 .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[5552] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000077021d29 5 bytes JMP 0000000173781981 .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[5552] C:\Windows\syswow64\KERNELBASE.dll!GetProcAddress 0000000077021e15 5 bytes JMP 00000001737824c9 .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[5552] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000077022ab1 5 bytes JMP 0000000173786321 .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[5552] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExA 0000000077022cd9 5 bytes JMP 0000000173786289 .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[5552] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000077022d17 5 bytes JMP 00000001737863b9 .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[5552] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleA 0000000077022e7a 5 bytes JMP 00000001737818e9 .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[5552] C:\Windows\syswow64\KERNELBASE.dll!SleepEx 0000000077023b70 5 bytes JMP 0000000173782269 .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[5552] C:\Windows\syswow64\KERNELBASE.dll!Sleep 0000000077024496 5 bytes JMP 0000000173782431 .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[5552] C:\Windows\syswow64\KERNELBASE.dll!CreateThread 0000000077024608 5 bytes JMP 0000000173783569 .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[5552] C:\Windows\syswow64\KERNELBASE.dll!CreateRemoteThread 0000000077024631 5 bytes JMP 0000000173782c81 .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[5552] C:\Windows\syswow64\KERNELBASE.dll!FindNextFileW 000000007702a211 5 bytes JMP 0000000173787329 .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[5552] C:\Windows\syswow64\KERNELBASE.dll!FindFirstFileExW 000000007702a4fa 5 bytes JMP 0000000173787291 .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[5552] C:\Windows\syswow64\KERNELBASE.dll!CreateFileA 000000007702c734 5 bytes JMP 00000001737827c1 .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[5552] C:\Windows\syswow64\KERNELBASE.dll!CreateWellKnownSid 000000007702e29d 5 bytes JMP 0000000173787c11 .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[5552] C:\Windows\syswow64\ADVAPI32.dll!CryptGenKey 0000000076718e89 5 bytes JMP 00000001737874f1 .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[5552] C:\Windows\syswow64\ADVAPI32.dll!CryptAcquireContextA 0000000076719179 5 bytes JMP 00000001737873c1 .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[5552] C:\Windows\syswow64\ADVAPI32.dll!CryptExportKey 0000000076719186 5 bytes JMP 00000001737879b1 .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[5552] C:\Windows\syswow64\ADVAPI32.dll!CryptImportKey 000000007671c4d2 5 bytes JMP 0000000173787b79 .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[5552] C:\Windows\syswow64\ADVAPI32.dll!OpenServiceW 000000007671c9ec 5 bytes JMP 0000000173783c89 .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[5552] C:\Windows\syswow64\ADVAPI32.dll!CryptAcquireContextW 000000007671deb4 5 bytes JMP 0000000173787459 .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[5552] C:\Windows\syswow64\ADVAPI32.dll!CryptHashData 000000007671ded6 5 bytes JMP 0000000173787ae1 .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[5552] C:\Windows\syswow64\ADVAPI32.dll!CryptCreateHash 000000007671deee 5 bytes JMP 0000000173787919 .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[5552] C:\Windows\syswow64\ADVAPI32.dll!CryptGetHashParam 000000007671df1e 5 bytes JMP 0000000173787a49 .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[5552] C:\Windows\syswow64\ADVAPI32.dll!OpenServiceA 0000000076722b50 5 bytes JMP 0000000173783bf1 .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[5552] C:\Windows\syswow64\ADVAPI32.dll!CloseServiceHandle 00000000767235fc 5 bytes JMP 00000001737840b1 .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[5552] C:\Windows\syswow64\ADVAPI32.dll!RegOpenKeyExA + 222 000000007672494d 5 bytes JMP 0000000173788039 .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[5552] C:\Windows\syswow64\ADVAPI32.dll!CreateServiceW 0000000076737154 5 bytes JMP 0000000173784311 .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[5552] C:\Windows\syswow64\ADVAPI32.dll!ControlService 000000007673716c 5 bytes JMP 0000000173783e51 .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[5552] C:\Windows\syswow64\ADVAPI32.dll!DeleteService 0000000076737184 5 bytes JMP 0000000173783ee9 .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[5552] C:\Windows\syswow64\ADVAPI32.dll!CryptEncrypt 00000000767377cb 5 bytes JMP 0000000173787589 .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[5552] C:\Windows\syswow64\ADVAPI32.dll!ChangeServiceConfigA 00000000767533bc 5 bytes JMP 0000000173783f81 .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[5552] C:\Windows\syswow64\ADVAPI32.dll!ChangeServiceConfigW 00000000767533cc 5 bytes JMP 0000000173784019 .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[5552] C:\Windows\syswow64\ADVAPI32.dll!ControlServiceExA 00000000767533dc 5 bytes JMP 0000000173783d21 .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[5552] C:\Windows\syswow64\ADVAPI32.dll!ControlServiceExW 00000000767533ec 5 bytes JMP 0000000173783db9 .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[5552] C:\Windows\syswow64\ADVAPI32.dll!CreateServiceA 000000007675342c 5 bytes JMP 0000000173784279 .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[5552] C:\Windows\syswow64\msvcrt.dll!_lock + 41 000000007504a472 5 bytes JMP 00000001737880d1 .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[5552] C:\Windows\syswow64\msvcrt.dll!__p__fmode 00000000750527ce 5 bytes JMP 0000000173781be1 .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[5552] C:\Windows\syswow64\msvcrt.dll!__p__environ 000000007505e6cf 5 bytes JMP 0000000173781b49 .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[5552] C:\Windows\syswow64\USER32.dll!GetMessageW 00000000771478e2 5 bytes JMP 0000000173784441 .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[5552] C:\Windows\syswow64\USER32.dll!GetMessageA 0000000077147bd3 5 bytes JMP 00000001737843a9 .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[5552] C:\Windows\syswow64\USER32.dll!CreateWindowExW 0000000077148a29 5 bytes JMP 0000000173785909 .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[5552] C:\Windows\syswow64\USER32.dll!FindWindowW 00000000771498fd 5 bytes JMP 0000000173786581 .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[5552] C:\Windows\syswow64\USER32.dll!UserClientDllInitialize 000000007714b6ed 5 bytes JMP 0000000173788169 .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[5552] C:\Windows\syswow64\USER32.dll!CreateWindowExA 000000007714d22e 5 bytes JMP 00000001737859a1 .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[5552] C:\Windows\syswow64\USER32.dll!SetWinEventHook 000000007714ee09 5 bytes JMP 00000001737834d1 .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[5552] C:\Windows\syswow64\USER32.dll!FindWindowA 000000007714ffe6 5 bytes JMP 0000000173786451 .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[5552] C:\Windows\syswow64\USER32.dll!FindWindowExA 00000000771500d9 5 bytes JMP 00000001737864e9 .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[5552] C:\Windows\syswow64\USER32.dll!PeekMessageW 00000000771505ba 5 bytes JMP 0000000173784571 .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[5552] C:\Windows\syswow64\USER32.dll!ShowWindow 0000000077150dfb 5 bytes JMP 0000000173785a39 .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[5552] C:\Windows\syswow64\USER32.dll!PostMessageW 00000000771512a5 5 bytes JMP 0000000173787fa1 .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[5552] C:\Windows\syswow64\USER32.dll!SetWindowTextW 00000000771520ec 5 bytes JMP 0000000173785dc9 .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[5552] C:\Windows\syswow64\USER32.dll!PostMessageA 0000000077153baa 5 bytes JMP 0000000173787f09 .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[5552] C:\Windows\syswow64\USER32.dll!PeekMessageA 0000000077155f74 5 bytes JMP 00000001737844d9 .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[5552] C:\Windows\syswow64\USER32.dll!CallNextHookEx 0000000077156285 5 bytes JMP 0000000173784bf9 .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[5552] C:\Windows\syswow64\USER32.dll!SetWindowsHookExW 0000000077157603 5 bytes JMP 0000000173782be9 .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[5552] C:\Windows\syswow64\USER32.dll!SetWindowTextA 0000000077157aee 5 bytes JMP 0000000173785d31 .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[5552] C:\Windows\syswow64\USER32.dll!SetWindowsHookExA 000000007715835c 5 bytes JMP 0000000173782b51 .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[5552] C:\Windows\syswow64\USER32.dll!DialogBoxIndirectParamAorW 000000007716ce54 5 bytes JMP 0000000173785b69 .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[5552] C:\Windows\syswow64\USER32.dll!UnhookWindowsHookEx 000000007716f52b 5 bytes JMP 0000000173784c91 .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[5552] C:\Windows\syswow64\USER32.dll!FindWindowExW 000000007716f588 5 bytes JMP 0000000173786619 .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[5552] C:\Windows\syswow64\USER32.dll!CreateDialogIndirectParamAorW 00000000771710a0 5 bytes JMP 0000000173785ad1 .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[5552] C:\Windows\syswow64\USER32.dll!MessageBoxExA 000000007719fcd6 5 bytes JMP 0000000173785c01 .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[5552] C:\Windows\syswow64\USER32.dll!MessageBoxExW 000000007719fcfa 5 bytes JMP 0000000173785c99 .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[5552] C:\Windows\syswow64\WS2_32.dll!closesocket 00000000767f3918 5 bytes JMP 00000001737860c1 .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[5552] C:\Windows\syswow64\WS2_32.dll!WSASocketW 00000000767f3cd3 5 bytes JMP 0000000173786029 .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[5552] C:\Windows\syswow64\WS2_32.dll!socket 00000000767f3eb8 5 bytes JMP 0000000173787621 .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[5552] C:\Windows\syswow64\WS2_32.dll!WSASend 00000000767f4406 5 bytes JMP 0000000173782139 .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[5552] C:\Windows\syswow64\WS2_32.dll!GetAddrInfoW 00000000767f4889 5 bytes JMP 0000000173785741 .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[5552] C:\Windows\syswow64\WS2_32.dll!recv 00000000767f6b0e 5 bytes JMP 00000001737877e9 .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[5552] C:\Windows\syswow64\WS2_32.dll!connect 00000000767f6bdd 1 byte JMP 00000001737841e1 .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[5552] C:\Windows\syswow64\WS2_32.dll!connect + 2 00000000767f6bdf 3 bytes {CALL RBP} .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[5552] C:\Windows\syswow64\WS2_32.dll!send 00000000767f6f01 5 bytes JMP 00000001737820a1 .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[5552] C:\Windows\syswow64\WS2_32.dll!WSARecv 00000000767f7089 5 bytes JMP 0000000173787881 .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[5552] C:\Windows\syswow64\WS2_32.dll!WSAConnect 00000000767fcc3f 5 bytes JMP 0000000173787751 .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[5552] C:\Windows\syswow64\WS2_32.dll!GetAddrInfoExW 00000000767fd1ea 5 bytes JMP 00000001737857d9 .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[5552] C:\Windows\syswow64\WS2_32.dll!gethostbyname 0000000076807673 5 bytes JMP 0000000173785871 .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[5552] C:\Windows\syswow64\urlmon.dll!CreateUri + 128 00000000752e2b40 5 bytes JMP 0000000173788299 .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[5552] C:\Windows\syswow64\urlmon.dll!URLDownloadToCacheFileW 000000007531a490 5 bytes JMP 0000000173784149 .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[5552] C:\Windows\syswow64\urlmon.dll!URLDownloadToFileW 000000007531ac50 5 bytes JMP 00000001737821d1 .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[5552] C:\Windows\syswow64\urlmon.dll!URLDownloadToFileA 000000007539eb50 5 bytes JMP 0000000173782ab9 .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[5552] C:\Windows\syswow64\SHELL32.dll!Shell_NotifyIconW 0000000075900179 5 bytes JMP 0000000173784d29 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe[3828] C:\Windows\SysWOW64\ntdll.dll!NtClose 000000007764fa2c 5 bytes JMP 00000001737867e1 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe[3828] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationProcess 000000007764fb74 5 bytes JMP 00000001737861f1 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe[3828] C:\Windows\SysWOW64\ntdll.dll!NtQueryInformationToken 000000007764fbf4 5 bytes JMP 0000000173787d41 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe[3828] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess 000000007764fc6c 5 bytes JMP 00000001737831d9 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe[3828] C:\Windows\SysWOW64\ntdll.dll!NtMapViewOfSection 000000007764fc9c 5 bytes JMP 00000001737815f1 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe[3828] C:\Windows\SysWOW64\ntdll.dll!NtUnmapViewOfSection 000000007764fccc 5 bytes JMP 0000000173781689 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe[3828] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 000000007764fcfc 5 bytes JMP 0000000173786159 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe[3828] C:\Windows\SysWOW64\ntdll.dll!NtWriteVirtualMemory 000000007764fe60 5 bytes JMP 00000001737830a9 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe[3828] C:\Windows\SysWOW64\ntdll.dll!NtDuplicateObject 000000007764fe90 5 bytes JMP 0000000173783309 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe[3828] C:\Windows\SysWOW64\ntdll.dll!NtAdjustPrivilegesToken 000000007764ff0c 5 bytes JMP 0000000173787161 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe[3828] C:\Windows\SysWOW64\ntdll.dll!NtQueueApcThread 000000007764ff70 5 bytes JMP 0000000173783271 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe[3828] C:\Windows\SysWOW64\ntdll.dll!NtCreateProcessEx 0000000077650038 5 bytes JMP 0000000173782ee1 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe[3828] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread 0000000077650050 5 bytes JMP 0000000173782db1 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe[3828] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile 0000000077650100 5 bytes JMP 0000000173781ed9 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe[3828] C:\Windows\SysWOW64\ntdll.dll!NtSetValueKey 0000000077650210 5 bytes JMP 0000000173782301 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe[3828] C:\Windows\SysWOW64\ntdll.dll!NtCreateProcess 0000000077650860 5 bytes JMP 0000000173782e49 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe[3828] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx 00000000776508f0 5 bytes JMP 0000000173782d19 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe[3828] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver 0000000077650e40 5 bytes JMP 0000000173786879 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe[3828] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessToken 000000007765110c 5 bytes JMP 0000000173787ca9 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe[3828] C:\Windows\SysWOW64\ntdll.dll!NtRaiseHardError 0000000077651650 5 bytes JMP 0000000173784ac9 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe[3828] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread 000000007765196c 5 bytes JMP 0000000173783141 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe[3828] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation 0000000077651c30 5 bytes JMP 0000000173786911 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe[3828] C:\Windows\SysWOW64\ntdll.dll!NtSuspendProcess 0000000077651da0 5 bytes JMP 0000000173783439 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe[3828] C:\Windows\SysWOW64\ntdll.dll!NtSuspendThread 0000000077651dbc 5 bytes JMP 00000001737833a1 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe[3828] C:\Windows\SysWOW64\ntdll.dll!NtVdmControl 0000000077651f34 5 bytes JMP 0000000173787e71 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe[3828] C:\Windows\SysWOW64\ntdll.dll!RtlQueryPerformanceCounter 0000000077664964 5 bytes JMP 0000000173781ab1 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe[3828] C:\Windows\SysWOW64\ntdll.dll!RtlEqualSid 0000000077670fe1 5 bytes JMP 0000000173787dd9 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe[3828] C:\Windows\SysWOW64\ntdll.dll!RtlCreateProcessParametersEx 0000000077690f4b 5 bytes JMP 0000000173782009 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe[3828] C:\Windows\SysWOW64\ntdll.dll!RtlReportException 00000000776d88cf 5 bytes JMP 0000000173784b61 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe[3828] C:\Windows\SysWOW64\ntdll.dll!RtlCreateProcessParameters 00000000776deb6b 5 bytes JMP 0000000173781f71 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe[3828] C:\Windows\syswow64\kernel32.dll!GetStartupInfoA 0000000075440e00 5 bytes JMP 0000000173781da9 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe[3828] C:\Windows\syswow64\kernel32.dll!CreateProcessA 0000000075441072 5 bytes JMP 0000000173782a21 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe[3828] C:\Windows\syswow64\kernel32.dll!LoadLibraryA 000000007544498f 5 bytes JMP 00000001737825f9 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe[3828] C:\Windows\syswow64\kernel32.dll!CreateProcessInternalW 0000000075453bab 5 bytes JMP 0000000173783011 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe[3828] C:\Windows\syswow64\kernel32.dll!MoveFileWithProgressW 0000000075459aa4 5 bytes JMP 00000001737870c9 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe[3828] C:\Windows\syswow64\kernel32.dll!MoveFileExW 0000000075459b05 5 bytes JMP 0000000173786e69 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe[3828] C:\Windows\syswow64\kernel32.dll!CreateToolhelp32Snapshot 0000000075467327 5 bytes JMP 0000000173782729 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe[3828] C:\Windows\syswow64\kernel32.dll!Process32NextW 00000000754688da 5 bytes JMP 0000000173786749 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe[3828] C:\Windows\syswow64\kernel32.dll!MoveFileExA 000000007546ccb1 5 bytes JMP 0000000173786d39 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe[3828] C:\Windows\syswow64\kernel32.dll!MoveFileWithProgressA 000000007546ccd1 5 bytes JMP 0000000173786f99 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe[3828] C:\Windows\syswow64\kernel32.dll!WinExec 00000000754c3051 5 bytes JMP 00000001737828f1 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe[3828] C:\Windows\syswow64\kernel32.dll!ReadConsoleInputA 00000000754e751b 5 bytes JMP 00000001737846a1 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe[3828] C:\Windows\syswow64\kernel32.dll!ReadConsoleInputW 00000000754e753e 5 bytes JMP 00000001737847d1 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe[3828] C:\Windows\syswow64\kernel32.dll!ReadConsoleA 00000000754e78e9 5 bytes JMP 0000000173784901 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe[3828] C:\Windows\syswow64\kernel32.dll!ReadConsoleW 00000000754e7962 5 bytes JMP 0000000173784a31 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe[3828] C:\Windows\syswow64\KERNELBASE.dll!GetSystemTimeAsFileTime 0000000077018f8d 5 bytes JMP 0000000173781a19 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe[3828] C:\Windows\syswow64\KERNELBASE.dll!CloseHandle 000000007701c436 5 bytes JMP 0000000173783b59 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe[3828] C:\Windows\syswow64\KERNELBASE.dll!DeviceIoControl 000000007701d0af 5 bytes JMP 00000001737871f9 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe[3828] C:\Windows\syswow64\KERNELBASE.dll!WriteProcessMemory 000000007701eca6 5 bytes JMP 0000000173783601 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe[3828] C:\Windows\syswow64\KERNELBASE.dll!ExitProcess 000000007701f206 5 bytes JMP 0000000173782399 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe[3828] C:\Windows\syswow64\KERNELBASE.dll!GetStartupInfoW 000000007701fa89 5 bytes JMP 0000000173781e41 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe[3828] C:\Windows\syswow64\KERNELBASE.dll!DefineDosDeviceW 000000007701fbb7 5 bytes JMP 0000000173786c09 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe[3828] C:\Windows\syswow64\KERNELBASE.dll!CreateMutexW 0000000077021358 5 bytes JMP 0000000173783ac1 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe[3828] C:\Windows\syswow64\KERNELBASE.dll!OpenMutexW 000000007702137f 5 bytes JMP 0000000173783a29 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe[3828] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000077021d29 5 bytes JMP 0000000173781981 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe[3828] C:\Windows\syswow64\KERNELBASE.dll!GetProcAddress 0000000077021e15 5 bytes JMP 00000001737824c9 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe[3828] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000077022ab1 5 bytes JMP 0000000173786321 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe[3828] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExA 0000000077022cd9 5 bytes JMP 0000000173786289 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe[3828] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000077022d17 5 bytes JMP 00000001737863b9 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe[3828] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleA 0000000077022e7a 5 bytes JMP 00000001737818e9 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe[3828] C:\Windows\syswow64\KERNELBASE.dll!SleepEx 0000000077023b70 5 bytes JMP 0000000173782269 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe[3828] C:\Windows\syswow64\KERNELBASE.dll!Sleep 0000000077024496 5 bytes JMP 0000000173782431 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe[3828] C:\Windows\syswow64\KERNELBASE.dll!CreateThread 0000000077024608 5 bytes JMP 0000000173783569 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe[3828] C:\Windows\syswow64\KERNELBASE.dll!CreateRemoteThread 0000000077024631 5 bytes JMP 0000000173782c81 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe[3828] C:\Windows\syswow64\KERNELBASE.dll!FindNextFileW 000000007702a211 5 bytes JMP 0000000173787329 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe[3828] C:\Windows\syswow64\KERNELBASE.dll!FindFirstFileExW 000000007702a4fa 5 bytes JMP 0000000173787291 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe[3828] C:\Windows\syswow64\KERNELBASE.dll!CreateFileA 000000007702c734 5 bytes JMP 00000001737827c1 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe[3828] C:\Windows\syswow64\KERNELBASE.dll!CreateWellKnownSid 000000007702e29d 5 bytes JMP 0000000173787c11 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe[3828] C:\Windows\syswow64\msvcrt.dll!_lock + 41 000000007504a472 5 bytes JMP 0000000173788039 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe[3828] C:\Windows\syswow64\msvcrt.dll!__p__fmode 00000000750527ce 5 bytes JMP 0000000173781be1 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe[3828] C:\Windows\syswow64\msvcrt.dll!__p__environ 000000007505e6cf 5 bytes JMP 0000000173781b49 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe[3828] C:\Windows\syswow64\ADVAPI32.dll!CryptGenKey 0000000076718e89 5 bytes JMP 00000001737874f1 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe[3828] C:\Windows\syswow64\ADVAPI32.dll!CryptAcquireContextA 0000000076719179 5 bytes JMP 00000001737873c1 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe[3828] C:\Windows\syswow64\ADVAPI32.dll!CryptExportKey 0000000076719186 5 bytes JMP 00000001737879b1 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe[3828] C:\Windows\syswow64\ADVAPI32.dll!CryptImportKey 000000007671c4d2 5 bytes JMP 0000000173787b79 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe[3828] C:\Windows\syswow64\ADVAPI32.dll!OpenServiceW 000000007671c9ec 5 bytes JMP 0000000173783c89 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe[3828] C:\Windows\syswow64\ADVAPI32.dll!CryptAcquireContextW 000000007671deb4 5 bytes JMP 0000000173787459 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe[3828] C:\Windows\syswow64\ADVAPI32.dll!CryptHashData 000000007671ded6 5 bytes JMP 0000000173787ae1 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe[3828] C:\Windows\syswow64\ADVAPI32.dll!CryptCreateHash 000000007671deee 5 bytes JMP 0000000173787919 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe[3828] C:\Windows\syswow64\ADVAPI32.dll!CryptGetHashParam 000000007671df1e 5 bytes JMP 0000000173787a49 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe[3828] C:\Windows\syswow64\ADVAPI32.dll!OpenServiceA 0000000076722b50 5 bytes JMP 0000000173783bf1 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe[3828] C:\Windows\syswow64\ADVAPI32.dll!CloseServiceHandle 00000000767235fc 5 bytes JMP 00000001737840b1 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe[3828] C:\Windows\syswow64\ADVAPI32.dll!RegOpenKeyExA + 222 000000007672494d 5 bytes JMP 00000001737880d1 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe[3828] C:\Windows\syswow64\ADVAPI32.dll!CreateServiceW 0000000076737154 5 bytes JMP 0000000173784311 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe[3828] C:\Windows\syswow64\ADVAPI32.dll!ControlService 000000007673716c 5 bytes JMP 0000000173783e51 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe[3828] C:\Windows\syswow64\ADVAPI32.dll!DeleteService 0000000076737184 5 bytes JMP 0000000173783ee9 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe[3828] C:\Windows\syswow64\ADVAPI32.dll!CryptEncrypt 00000000767377cb 5 bytes JMP 0000000173787589 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe[3828] C:\Windows\syswow64\ADVAPI32.dll!ChangeServiceConfigA 00000000767533bc 5 bytes JMP 0000000173783f81 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe[3828] C:\Windows\syswow64\ADVAPI32.dll!ChangeServiceConfigW 00000000767533cc 5 bytes JMP 0000000173784019 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe[3828] C:\Windows\syswow64\ADVAPI32.dll!ControlServiceExA 00000000767533dc 5 bytes JMP 0000000173783d21 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe[3828] C:\Windows\syswow64\ADVAPI32.dll!ControlServiceExW 00000000767533ec 5 bytes JMP 0000000173783db9 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe[3828] C:\Windows\syswow64\ADVAPI32.dll!CreateServiceA 000000007675342c 5 bytes JMP 0000000173784279 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe[3828] C:\Windows\syswow64\USER32.dll!GetMessageW 00000000771478e2 5 bytes JMP 0000000173784441 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe[3828] C:\Windows\syswow64\USER32.dll!GetMessageA 0000000077147bd3 5 bytes JMP 00000001737843a9 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe[3828] C:\Windows\syswow64\USER32.dll!CreateWindowExW 0000000077148a29 5 bytes JMP 0000000173785909 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe[3828] C:\Windows\syswow64\USER32.dll!FindWindowW 00000000771498fd 5 bytes JMP 0000000173786581 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe[3828] C:\Windows\syswow64\USER32.dll!UserClientDllInitialize 000000007714b6ed 5 bytes JMP 0000000173788169 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe[3828] C:\Windows\syswow64\USER32.dll!CreateWindowExA 000000007714d22e 5 bytes JMP 00000001737859a1 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe[3828] C:\Windows\syswow64\USER32.dll!SetWinEventHook 000000007714ee09 5 bytes JMP 00000001737834d1 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe[3828] C:\Windows\syswow64\USER32.dll!FindWindowA 000000007714ffe6 5 bytes JMP 0000000173786451 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe[3828] C:\Windows\syswow64\USER32.dll!FindWindowExA 00000000771500d9 5 bytes JMP 00000001737864e9 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe[3828] C:\Windows\syswow64\USER32.dll!PeekMessageW 00000000771505ba 5 bytes JMP 0000000173784571 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe[3828] C:\Windows\syswow64\USER32.dll!ShowWindow 0000000077150dfb 5 bytes JMP 0000000173785a39 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe[3828] C:\Windows\syswow64\USER32.dll!PostMessageW 00000000771512a5 5 bytes JMP 0000000173787fa1 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe[3828] C:\Windows\syswow64\USER32.dll!SetWindowTextW 00000000771520ec 5 bytes JMP 0000000173785dc9 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe[3828] C:\Windows\syswow64\USER32.dll!PostMessageA 0000000077153baa 5 bytes JMP 0000000173787f09 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe[3828] C:\Windows\syswow64\USER32.dll!PeekMessageA 0000000077155f74 5 bytes JMP 00000001737844d9 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe[3828] C:\Windows\syswow64\USER32.dll!CallNextHookEx 0000000077156285 5 bytes JMP 0000000173784bf9 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe[3828] C:\Windows\syswow64\USER32.dll!SetWindowsHookExW 0000000077157603 5 bytes JMP 0000000173782be9 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe[3828] C:\Windows\syswow64\USER32.dll!SetWindowTextA 0000000077157aee 5 bytes JMP 0000000173785d31 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe[3828] C:\Windows\syswow64\USER32.dll!SetWindowsHookExA 000000007715835c 5 bytes JMP 0000000173782b51 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe[3828] C:\Windows\syswow64\USER32.dll!DialogBoxIndirectParamAorW 000000007716ce54 5 bytes JMP 0000000173785b69 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe[3828] C:\Windows\syswow64\USER32.dll!UnhookWindowsHookEx 000000007716f52b 5 bytes JMP 0000000173784c91 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe[3828] C:\Windows\syswow64\USER32.dll!FindWindowExW 000000007716f588 5 bytes JMP 0000000173786619 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe[3828] C:\Windows\syswow64\USER32.dll!CreateDialogIndirectParamAorW 00000000771710a0 5 bytes JMP 0000000173785ad1 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe[3828] C:\Windows\syswow64\USER32.dll!MessageBoxExA 000000007719fcd6 5 bytes JMP 0000000173785c01 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe[3828] C:\Windows\syswow64\USER32.dll!MessageBoxExW 000000007719fcfa 5 bytes JMP 0000000173785c99 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[5740] C:\Windows\SysWOW64\ntdll.dll!NtClose 000000007764fa2c 5 bytes JMP 00000001737867e1 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[5740] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationProcess 000000007764fb74 5 bytes JMP 00000001737861f1 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[5740] C:\Windows\SysWOW64\ntdll.dll!NtQueryInformationToken 000000007764fbf4 5 bytes JMP 0000000173787d41 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[5740] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess 000000007764fc6c 5 bytes JMP 00000001737831d9 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[5740] C:\Windows\SysWOW64\ntdll.dll!NtMapViewOfSection 000000007764fc9c 5 bytes JMP 00000001737815f1 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[5740] C:\Windows\SysWOW64\ntdll.dll!NtUnmapViewOfSection 000000007764fccc 5 bytes JMP 0000000173781689 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[5740] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 000000007764fcfc 5 bytes JMP 0000000173786159 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[5740] C:\Windows\SysWOW64\ntdll.dll!NtWriteVirtualMemory 000000007764fe60 5 bytes JMP 00000001737830a9 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[5740] C:\Windows\SysWOW64\ntdll.dll!NtDuplicateObject 000000007764fe90 5 bytes JMP 0000000173783309 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[5740] C:\Windows\SysWOW64\ntdll.dll!NtAdjustPrivilegesToken 000000007764ff0c 5 bytes JMP 0000000173787161 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[5740] C:\Windows\SysWOW64\ntdll.dll!NtQueueApcThread 000000007764ff70 5 bytes JMP 0000000173783271 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[5740] C:\Windows\SysWOW64\ntdll.dll!NtCreateProcessEx 0000000077650038 5 bytes JMP 0000000173782ee1 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[5740] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread 0000000077650050 5 bytes JMP 0000000173782db1 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[5740] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile 0000000077650100 5 bytes JMP 0000000173781ed9 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[5740] C:\Windows\SysWOW64\ntdll.dll!NtSetValueKey 0000000077650210 5 bytes JMP 0000000173782301 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[5740] C:\Windows\SysWOW64\ntdll.dll!NtCreateProcess 0000000077650860 5 bytes JMP 0000000173782e49 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[5740] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx 00000000776508f0 5 bytes JMP 0000000173782d19 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[5740] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver 0000000077650e40 5 bytes JMP 0000000173786879 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[5740] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessToken 000000007765110c 5 bytes JMP 0000000173787ca9 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[5740] C:\Windows\SysWOW64\ntdll.dll!NtRaiseHardError 0000000077651650 5 bytes JMP 0000000173784ac9 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[5740] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread 000000007765196c 5 bytes JMP 0000000173783141 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[5740] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation 0000000077651c30 5 bytes JMP 0000000173786911 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[5740] C:\Windows\SysWOW64\ntdll.dll!NtSuspendProcess 0000000077651da0 5 bytes JMP 0000000173783439 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[5740] C:\Windows\SysWOW64\ntdll.dll!NtSuspendThread 0000000077651dbc 5 bytes JMP 00000001737833a1 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[5740] C:\Windows\SysWOW64\ntdll.dll!NtVdmControl 0000000077651f34 5 bytes JMP 0000000173787e71 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[5740] C:\Windows\SysWOW64\ntdll.dll!RtlQueryPerformanceCounter 0000000077664964 5 bytes JMP 0000000173781ab1 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[5740] C:\Windows\SysWOW64\ntdll.dll!RtlEqualSid 0000000077670fe1 5 bytes JMP 0000000173787dd9 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[5740] C:\Windows\SysWOW64\ntdll.dll!RtlCreateProcessParametersEx 0000000077690f4b 5 bytes JMP 0000000173782009 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[5740] C:\Windows\SysWOW64\ntdll.dll!RtlReportException 00000000776d88cf 5 bytes JMP 0000000173784b61 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[5740] C:\Windows\SysWOW64\ntdll.dll!RtlCreateProcessParameters 00000000776deb6b 5 bytes JMP 0000000173781f71 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[5740] C:\Windows\syswow64\kernel32.dll!GetStartupInfoA 0000000075440e00 5 bytes JMP 0000000173781da9 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[5740] C:\Windows\syswow64\kernel32.dll!CreateProcessA 0000000075441072 5 bytes JMP 0000000173782a21 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[5740] C:\Windows\syswow64\kernel32.dll!LoadLibraryA 000000007544498f 5 bytes JMP 00000001737825f9 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[5740] C:\Windows\syswow64\kernel32.dll!CreateProcessInternalW 0000000075453bab 5 bytes JMP 0000000173783011 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[5740] C:\Windows\syswow64\kernel32.dll!MoveFileWithProgressW 0000000075459aa4 5 bytes JMP 00000001737870c9 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[5740] C:\Windows\syswow64\kernel32.dll!MoveFileExW 0000000075459b05 5 bytes JMP 0000000173786e69 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[5740] C:\Windows\syswow64\kernel32.dll!CreateToolhelp32Snapshot 0000000075467327 5 bytes JMP 0000000173782729 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[5740] C:\Windows\syswow64\kernel32.dll!Process32NextW 00000000754688da 5 bytes JMP 0000000173786749 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[5740] C:\Windows\syswow64\kernel32.dll!MoveFileExA 000000007546ccb1 5 bytes JMP 0000000173786d39 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[5740] C:\Windows\syswow64\kernel32.dll!MoveFileWithProgressA 000000007546ccd1 5 bytes JMP 0000000173786f99 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[5740] C:\Windows\syswow64\kernel32.dll!WinExec 00000000754c3051 5 bytes JMP 00000001737828f1 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[5740] C:\Windows\syswow64\kernel32.dll!ReadConsoleInputA 00000000754e751b 5 bytes JMP 00000001737846a1 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[5740] C:\Windows\syswow64\kernel32.dll!ReadConsoleInputW 00000000754e753e 5 bytes JMP 00000001737847d1 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[5740] C:\Windows\syswow64\kernel32.dll!ReadConsoleA 00000000754e78e9 5 bytes JMP 0000000173784901 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[5740] C:\Windows\syswow64\kernel32.dll!ReadConsoleW 00000000754e7962 5 bytes JMP 0000000173784a31 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[5740] C:\Windows\syswow64\KERNELBASE.dll!GetSystemTimeAsFileTime 0000000077018f8d 5 bytes JMP 0000000173781a19 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[5740] C:\Windows\syswow64\KERNELBASE.dll!CloseHandle 000000007701c436 5 bytes JMP 0000000173783b59 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[5740] C:\Windows\syswow64\KERNELBASE.dll!DeviceIoControl 000000007701d0af 5 bytes JMP 00000001737871f9 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[5740] C:\Windows\syswow64\KERNELBASE.dll!WriteProcessMemory 000000007701eca6 5 bytes JMP 0000000173783601 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[5740] C:\Windows\syswow64\KERNELBASE.dll!ExitProcess 000000007701f206 5 bytes JMP 0000000173782399 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[5740] C:\Windows\syswow64\KERNELBASE.dll!GetStartupInfoW 000000007701fa89 5 bytes JMP 0000000173781e41 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[5740] C:\Windows\syswow64\KERNELBASE.dll!DefineDosDeviceW 000000007701fbb7 5 bytes JMP 0000000173786c09 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[5740] C:\Windows\syswow64\KERNELBASE.dll!CreateMutexW 0000000077021358 5 bytes JMP 0000000173783ac1 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[5740] C:\Windows\syswow64\KERNELBASE.dll!OpenMutexW 000000007702137f 5 bytes JMP 0000000173783a29 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[5740] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000077021d29 5 bytes JMP 0000000173781981 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[5740] C:\Windows\syswow64\KERNELBASE.dll!GetProcAddress 0000000077021e15 5 bytes JMP 00000001737824c9 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[5740] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000077022ab1 5 bytes JMP 0000000173786321 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[5740] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExA 0000000077022cd9 5 bytes JMP 0000000173786289 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[5740] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000077022d17 5 bytes JMP 00000001737863b9 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[5740] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleA 0000000077022e7a 5 bytes JMP 00000001737818e9 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[5740] C:\Windows\syswow64\KERNELBASE.dll!SleepEx 0000000077023b70 5 bytes JMP 0000000173782269 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[5740] C:\Windows\syswow64\KERNELBASE.dll!Sleep 0000000077024496 5 bytes JMP 0000000173782431 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[5740] C:\Windows\syswow64\KERNELBASE.dll!CreateThread 0000000077024608 5 bytes JMP 0000000173783569 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[5740] C:\Windows\syswow64\KERNELBASE.dll!CreateRemoteThread 0000000077024631 5 bytes JMP 0000000173782c81 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[5740] C:\Windows\syswow64\KERNELBASE.dll!FindNextFileW 000000007702a211 5 bytes JMP 0000000173787329 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[5740] C:\Windows\syswow64\KERNELBASE.dll!FindFirstFileExW 000000007702a4fa 5 bytes JMP 0000000173787291 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[5740] C:\Windows\syswow64\KERNELBASE.dll!CreateFileA 000000007702c734 5 bytes JMP 00000001737827c1 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[5740] C:\Windows\syswow64\KERNELBASE.dll!CreateWellKnownSid 000000007702e29d 5 bytes JMP 0000000173787c11 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[5740] C:\Windows\syswow64\USER32.dll!GetMessageW 00000000771478e2 5 bytes JMP 0000000173784441 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[5740] C:\Windows\syswow64\USER32.dll!GetMessageA 0000000077147bd3 5 bytes JMP 00000001737843a9 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[5740] C:\Windows\syswow64\USER32.dll!CreateWindowExW 0000000077148a29 5 bytes JMP 0000000173785909 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[5740] C:\Windows\syswow64\USER32.dll!FindWindowW 00000000771498fd 5 bytes JMP 0000000173786581 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[5740] C:\Windows\syswow64\USER32.dll!UserClientDllInitialize 000000007714b6ed 5 bytes JMP 0000000173788039 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[5740] C:\Windows\syswow64\USER32.dll!CreateWindowExA 000000007714d22e 5 bytes JMP 00000001737859a1 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[5740] C:\Windows\syswow64\USER32.dll!SetWinEventHook 000000007714ee09 5 bytes JMP 00000001737834d1 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[5740] C:\Windows\syswow64\USER32.dll!FindWindowA 000000007714ffe6 5 bytes JMP 0000000173786451 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[5740] C:\Windows\syswow64\USER32.dll!FindWindowExA 00000000771500d9 5 bytes JMP 00000001737864e9 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[5740] C:\Windows\syswow64\USER32.dll!PeekMessageW 00000000771505ba 5 bytes JMP 0000000173784571 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[5740] C:\Windows\syswow64\USER32.dll!ShowWindow 0000000077150dfb 5 bytes JMP 0000000173785a39 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[5740] C:\Windows\syswow64\USER32.dll!PostMessageW 00000000771512a5 5 bytes JMP 0000000173787fa1 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[5740] C:\Windows\syswow64\USER32.dll!SetWindowTextW 00000000771520ec 5 bytes JMP 0000000173785dc9 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[5740] C:\Windows\syswow64\USER32.dll!PostMessageA 0000000077153baa 5 bytes JMP 0000000173787f09 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[5740] C:\Windows\syswow64\USER32.dll!PeekMessageA 0000000077155f74 5 bytes JMP 00000001737844d9 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[5740] C:\Windows\syswow64\USER32.dll!CallNextHookEx 0000000077156285 5 bytes JMP 0000000173784bf9 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[5740] C:\Windows\syswow64\USER32.dll!SetWindowsHookExW 0000000077157603 5 bytes JMP 0000000173782be9 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[5740] C:\Windows\syswow64\USER32.dll!SetWindowTextA 0000000077157aee 5 bytes JMP 0000000173785d31 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[5740] C:\Windows\syswow64\USER32.dll!SetWindowsHookExA 000000007715835c 5 bytes JMP 0000000173782b51 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[5740] C:\Windows\syswow64\USER32.dll!DialogBoxIndirectParamAorW 000000007716ce54 5 bytes JMP 0000000173785b69 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[5740] C:\Windows\syswow64\USER32.dll!UnhookWindowsHookEx 000000007716f52b 5 bytes JMP 0000000173784c91 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[5740] C:\Windows\syswow64\USER32.dll!FindWindowExW 000000007716f588 5 bytes JMP 0000000173786619 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[5740] C:\Windows\syswow64\USER32.dll!CreateDialogIndirectParamAorW 00000000771710a0 5 bytes JMP 0000000173785ad1 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[5740] C:\Windows\syswow64\USER32.dll!MessageBoxExA 000000007719fcd6 5 bytes JMP 0000000173785c01 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[5740] C:\Windows\syswow64\USER32.dll!MessageBoxExW 000000007719fcfa 5 bytes JMP 0000000173785c99 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[5740] C:\Windows\syswow64\msvcrt.dll!_lock + 41 000000007504a472 5 bytes JMP 00000001737880d1 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[5740] C:\Windows\syswow64\msvcrt.dll!__p__fmode 00000000750527ce 5 bytes JMP 0000000173781be1 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[5740] C:\Windows\syswow64\msvcrt.dll!__p__environ 000000007505e6cf 5 bytes JMP 0000000173781b49 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[5740] C:\Windows\syswow64\ADVAPI32.dll!CryptGenKey 0000000076718e89 5 bytes JMP 00000001737874f1 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[5740] C:\Windows\syswow64\ADVAPI32.dll!CryptAcquireContextA 0000000076719179 5 bytes JMP 00000001737873c1 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[5740] C:\Windows\syswow64\ADVAPI32.dll!CryptExportKey 0000000076719186 5 bytes JMP 00000001737879b1 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[5740] C:\Windows\syswow64\ADVAPI32.dll!CryptImportKey 000000007671c4d2 5 bytes JMP 0000000173787b79 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[5740] C:\Windows\syswow64\ADVAPI32.dll!OpenServiceW 000000007671c9ec 5 bytes JMP 0000000173783c89 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[5740] C:\Windows\syswow64\ADVAPI32.dll!CryptAcquireContextW 000000007671deb4 5 bytes JMP 0000000173787459 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[5740] C:\Windows\syswow64\ADVAPI32.dll!CryptHashData 000000007671ded6 5 bytes JMP 0000000173787ae1 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[5740] C:\Windows\syswow64\ADVAPI32.dll!CryptCreateHash 000000007671deee 5 bytes JMP 0000000173787919 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[5740] C:\Windows\syswow64\ADVAPI32.dll!CryptGetHashParam 000000007671df1e 5 bytes JMP 0000000173787a49 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[5740] C:\Windows\syswow64\ADVAPI32.dll!OpenServiceA 0000000076722b50 5 bytes JMP 0000000173783bf1 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[5740] C:\Windows\syswow64\ADVAPI32.dll!CloseServiceHandle 00000000767235fc 5 bytes JMP 00000001737840b1 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[5740] C:\Windows\syswow64\ADVAPI32.dll!RegOpenKeyExA + 222 000000007672494d 5 bytes JMP 0000000173788169 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[5740] C:\Windows\syswow64\ADVAPI32.dll!CreateServiceW 0000000076737154 5 bytes JMP 0000000173784311 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[5740] C:\Windows\syswow64\ADVAPI32.dll!ControlService 000000007673716c 5 bytes JMP 0000000173783e51 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[5740] C:\Windows\syswow64\ADVAPI32.dll!DeleteService 0000000076737184 5 bytes JMP 0000000173783ee9 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[5740] C:\Windows\syswow64\ADVAPI32.dll!CryptEncrypt 00000000767377cb 5 bytes JMP 0000000173787589 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[5740] C:\Windows\syswow64\ADVAPI32.dll!ChangeServiceConfigA 00000000767533bc 5 bytes JMP 0000000173783f81 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[5740] C:\Windows\syswow64\ADVAPI32.dll!ChangeServiceConfigW 00000000767533cc 5 bytes JMP 0000000173784019 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[5740] C:\Windows\syswow64\ADVAPI32.dll!ControlServiceExA 00000000767533dc 5 bytes JMP 0000000173783d21 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[5740] C:\Windows\syswow64\ADVAPI32.dll!ControlServiceExW 00000000767533ec 5 bytes JMP 0000000173783db9 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[5740] C:\Windows\syswow64\ADVAPI32.dll!CreateServiceA 000000007675342c 5 bytes JMP 0000000173784279 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[5740] C:\Windows\syswow64\WS2_32.dll!closesocket 00000000767f3918 5 bytes JMP 00000001737860c1 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[5740] C:\Windows\syswow64\WS2_32.dll!WSASocketW 00000000767f3cd3 5 bytes JMP 0000000173786029 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[5740] C:\Windows\syswow64\WS2_32.dll!socket 00000000767f3eb8 5 bytes JMP 0000000173787621 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[5740] C:\Windows\syswow64\WS2_32.dll!WSASend 00000000767f4406 5 bytes JMP 0000000173782139 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[5740] C:\Windows\syswow64\WS2_32.dll!GetAddrInfoW 00000000767f4889 5 bytes JMP 0000000173785741 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[5740] C:\Windows\syswow64\WS2_32.dll!recv 00000000767f6b0e 5 bytes JMP 00000001737877e9 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[5740] C:\Windows\syswow64\WS2_32.dll!connect 00000000767f6bdd 1 byte JMP 00000001737841e1 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[5740] C:\Windows\syswow64\WS2_32.dll!connect + 2 00000000767f6bdf 3 bytes {CALL RBP} .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[5740] C:\Windows\syswow64\WS2_32.dll!send 00000000767f6f01 5 bytes JMP 00000001737820a1 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[5740] C:\Windows\syswow64\WS2_32.dll!WSARecv 00000000767f7089 5 bytes JMP 0000000173787881 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[5740] C:\Windows\syswow64\WS2_32.dll!WSAConnect 00000000767fcc3f 5 bytes JMP 0000000173787751 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[5740] C:\Windows\syswow64\WS2_32.dll!GetAddrInfoExW 00000000767fd1ea 5 bytes JMP 00000001737857d9 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[5740] C:\Windows\syswow64\WS2_32.dll!gethostbyname 0000000076807673 5 bytes JMP 0000000173785871 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[4472] C:\Windows\SysWOW64\ntdll.dll!NtClose 000000007764fa2c 5 bytes JMP 00000001737867e1 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[4472] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationProcess 000000007764fb74 5 bytes JMP 00000001737861f1 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[4472] C:\Windows\SysWOW64\ntdll.dll!NtQueryInformationToken 000000007764fbf4 5 bytes JMP 0000000173787d41 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[4472] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess 000000007764fc6c 5 bytes JMP 00000001737831d9 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[4472] C:\Windows\SysWOW64\ntdll.dll!NtMapViewOfSection 000000007764fc9c 5 bytes JMP 00000001737815f1 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[4472] C:\Windows\SysWOW64\ntdll.dll!NtUnmapViewOfSection 000000007764fccc 5 bytes JMP 0000000173781689 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[4472] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 000000007764fcfc 5 bytes JMP 0000000173786159 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[4472] C:\Windows\SysWOW64\ntdll.dll!NtWriteVirtualMemory 000000007764fe60 5 bytes JMP 00000001737830a9 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[4472] C:\Windows\SysWOW64\ntdll.dll!NtDuplicateObject 000000007764fe90 5 bytes JMP 0000000173783309 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[4472] C:\Windows\SysWOW64\ntdll.dll!NtAdjustPrivilegesToken 000000007764ff0c 5 bytes JMP 0000000173787161 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[4472] C:\Windows\SysWOW64\ntdll.dll!NtQueueApcThread 000000007764ff70 5 bytes JMP 0000000173783271 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[4472] C:\Windows\SysWOW64\ntdll.dll!NtCreateProcessEx 0000000077650038 5 bytes JMP 0000000173782ee1 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[4472] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread 0000000077650050 5 bytes JMP 0000000173782db1 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[4472] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile 0000000077650100 5 bytes JMP 0000000173781ed9 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[4472] C:\Windows\SysWOW64\ntdll.dll!NtSetValueKey 0000000077650210 5 bytes JMP 0000000173782301 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[4472] C:\Windows\SysWOW64\ntdll.dll!NtCreateProcess 0000000077650860 5 bytes JMP 0000000173782e49 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[4472] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx 00000000776508f0 5 bytes JMP 0000000173782d19 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[4472] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver 0000000077650e40 5 bytes JMP 0000000173786879 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[4472] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessToken 000000007765110c 5 bytes JMP 0000000173787ca9 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[4472] C:\Windows\SysWOW64\ntdll.dll!NtRaiseHardError 0000000077651650 5 bytes JMP 0000000173784ac9 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[4472] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread 000000007765196c 5 bytes JMP 0000000173783141 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[4472] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation 0000000077651c30 5 bytes JMP 0000000173786911 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[4472] C:\Windows\SysWOW64\ntdll.dll!NtSuspendProcess 0000000077651da0 5 bytes JMP 0000000173783439 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[4472] C:\Windows\SysWOW64\ntdll.dll!NtSuspendThread 0000000077651dbc 5 bytes JMP 00000001737833a1 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[4472] C:\Windows\SysWOW64\ntdll.dll!NtVdmControl 0000000077651f34 5 bytes JMP 0000000173787e71 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[4472] C:\Windows\SysWOW64\ntdll.dll!RtlQueryPerformanceCounter 0000000077664964 5 bytes JMP 0000000173781ab1 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[4472] C:\Windows\SysWOW64\ntdll.dll!RtlEqualSid 0000000077670fe1 5 bytes JMP 0000000173787dd9 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[4472] C:\Windows\SysWOW64\ntdll.dll!RtlCreateProcessParametersEx 0000000077690f4b 5 bytes JMP 0000000173782009 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[4472] C:\Windows\SysWOW64\ntdll.dll!RtlReportException 00000000776d88cf 5 bytes JMP 0000000173784b61 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[4472] C:\Windows\SysWOW64\ntdll.dll!RtlCreateProcessParameters 00000000776deb6b 5 bytes JMP 0000000173781f71 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[4472] C:\Windows\syswow64\kernel32.dll!GetStartupInfoA 0000000075440e00 5 bytes JMP 0000000173781da9 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[4472] C:\Windows\syswow64\kernel32.dll!CreateProcessA 0000000075441072 5 bytes JMP 0000000173782a21 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[4472] C:\Windows\syswow64\kernel32.dll!LoadLibraryA 000000007544498f 5 bytes JMP 00000001737825f9 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[4472] C:\Windows\syswow64\kernel32.dll!CreateProcessInternalW 0000000075453bab 5 bytes JMP 0000000173783011 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[4472] C:\Windows\syswow64\kernel32.dll!MoveFileWithProgressW 0000000075459aa4 5 bytes JMP 00000001737870c9 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[4472] C:\Windows\syswow64\kernel32.dll!MoveFileExW 0000000075459b05 5 bytes JMP 0000000173786e69 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[4472] C:\Windows\syswow64\kernel32.dll!CreateToolhelp32Snapshot 0000000075467327 5 bytes JMP 0000000173782729 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[4472] C:\Windows\syswow64\kernel32.dll!Process32NextW 00000000754688da 5 bytes JMP 0000000173786749 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[4472] C:\Windows\syswow64\kernel32.dll!MoveFileExA 000000007546ccb1 5 bytes JMP 0000000173786d39 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[4472] C:\Windows\syswow64\kernel32.dll!MoveFileWithProgressA 000000007546ccd1 5 bytes JMP 0000000173786f99 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[4472] C:\Windows\syswow64\kernel32.dll!WinExec 00000000754c3051 5 bytes JMP 00000001737828f1 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[4472] C:\Windows\syswow64\kernel32.dll!ReadConsoleInputA 00000000754e751b 5 bytes JMP 00000001737846a1 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[4472] C:\Windows\syswow64\kernel32.dll!ReadConsoleInputW 00000000754e753e 5 bytes JMP 00000001737847d1 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[4472] C:\Windows\syswow64\kernel32.dll!ReadConsoleA 00000000754e78e9 5 bytes JMP 0000000173784901 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[4472] C:\Windows\syswow64\kernel32.dll!ReadConsoleW 00000000754e7962 5 bytes JMP 0000000173784a31 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[4472] C:\Windows\syswow64\KERNELBASE.dll!GetSystemTimeAsFileTime 0000000077018f8d 5 bytes JMP 0000000173781a19 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[4472] C:\Windows\syswow64\KERNELBASE.dll!CloseHandle 000000007701c436 5 bytes JMP 0000000173783b59 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[4472] C:\Windows\syswow64\KERNELBASE.dll!DeviceIoControl 000000007701d0af 5 bytes JMP 00000001737871f9 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[4472] C:\Windows\syswow64\KERNELBASE.dll!WriteProcessMemory 000000007701eca6 5 bytes JMP 0000000173783601 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[4472] C:\Windows\syswow64\KERNELBASE.dll!ExitProcess 000000007701f206 5 bytes JMP 0000000173782399 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[4472] C:\Windows\syswow64\KERNELBASE.dll!GetStartupInfoW 000000007701fa89 5 bytes JMP 0000000173781e41 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[4472] C:\Windows\syswow64\KERNELBASE.dll!DefineDosDeviceW 000000007701fbb7 5 bytes JMP 0000000173786c09 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[4472] C:\Windows\syswow64\KERNELBASE.dll!CreateMutexW 0000000077021358 5 bytes JMP 0000000173783ac1 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[4472] C:\Windows\syswow64\KERNELBASE.dll!OpenMutexW 000000007702137f 5 bytes JMP 0000000173783a29 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[4472] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000077021d29 5 bytes JMP 0000000173781981 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[4472] C:\Windows\syswow64\KERNELBASE.dll!GetProcAddress 0000000077021e15 5 bytes JMP 00000001737824c9 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[4472] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000077022ab1 5 bytes JMP 0000000173786321 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[4472] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExA 0000000077022cd9 5 bytes JMP 0000000173786289 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[4472] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000077022d17 5 bytes JMP 00000001737863b9 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[4472] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleA 0000000077022e7a 5 bytes JMP 00000001737818e9 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[4472] C:\Windows\syswow64\KERNELBASE.dll!SleepEx 0000000077023b70 5 bytes JMP 0000000173782269 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[4472] C:\Windows\syswow64\KERNELBASE.dll!Sleep 0000000077024496 5 bytes JMP 0000000173782431 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[4472] C:\Windows\syswow64\KERNELBASE.dll!CreateThread 0000000077024608 5 bytes JMP 0000000173783569 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[4472] C:\Windows\syswow64\KERNELBASE.dll!CreateRemoteThread 0000000077024631 5 bytes JMP 0000000173782c81 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[4472] C:\Windows\syswow64\KERNELBASE.dll!FindNextFileW 000000007702a211 5 bytes JMP 0000000173787329 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[4472] C:\Windows\syswow64\KERNELBASE.dll!FindFirstFileExW 000000007702a4fa 5 bytes JMP 0000000173787291 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[4472] C:\Windows\syswow64\KERNELBASE.dll!CreateFileA 000000007702c734 5 bytes JMP 00000001737827c1 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[4472] C:\Windows\syswow64\KERNELBASE.dll!CreateWellKnownSid 000000007702e29d 5 bytes JMP 0000000173787c11 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[4472] C:\Windows\syswow64\WS2_32.dll!closesocket 00000000767f3918 5 bytes JMP 00000001737860c1 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[4472] C:\Windows\syswow64\WS2_32.dll!WSASocketW 00000000767f3cd3 5 bytes JMP 0000000173786029 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[4472] C:\Windows\syswow64\WS2_32.dll!socket 00000000767f3eb8 5 bytes JMP 0000000173787621 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[4472] C:\Windows\syswow64\WS2_32.dll!WSASend 00000000767f4406 5 bytes JMP 0000000173782139 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[4472] C:\Windows\syswow64\WS2_32.dll!GetAddrInfoW 00000000767f4889 5 bytes JMP 0000000173785741 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[4472] C:\Windows\syswow64\WS2_32.dll!recv 00000000767f6b0e 5 bytes JMP 00000001737877e9 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[4472] C:\Windows\syswow64\WS2_32.dll!connect 00000000767f6bdd 1 byte JMP 00000001737841e1 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[4472] C:\Windows\syswow64\WS2_32.dll!connect + 2 00000000767f6bdf 3 bytes {CALL RBP} .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[4472] C:\Windows\syswow64\WS2_32.dll!send 00000000767f6f01 5 bytes JMP 00000001737820a1 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[4472] C:\Windows\syswow64\WS2_32.dll!WSARecv 00000000767f7089 5 bytes JMP 0000000173787881 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[4472] C:\Windows\syswow64\WS2_32.dll!WSAConnect 00000000767fcc3f 5 bytes JMP 0000000173787751 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[4472] C:\Windows\syswow64\WS2_32.dll!GetAddrInfoExW 00000000767fd1ea 5 bytes JMP 00000001737857d9 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[4472] C:\Windows\syswow64\WS2_32.dll!gethostbyname 0000000076807673 5 bytes JMP 0000000173785871 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[4472] C:\Windows\syswow64\msvcrt.dll!_lock + 41 000000007504a472 5 bytes JMP 00000001737880d1 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[4472] C:\Windows\syswow64\msvcrt.dll!__p__fmode 00000000750527ce 5 bytes JMP 0000000173781be1 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[4472] C:\Windows\syswow64\msvcrt.dll!__p__environ 000000007505e6cf 5 bytes JMP 0000000173781b49 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[4472] C:\Windows\syswow64\ADVAPI32.dll!CryptGenKey 0000000076718e89 5 bytes JMP 00000001737874f1 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[4472] C:\Windows\syswow64\ADVAPI32.dll!CryptAcquireContextA 0000000076719179 5 bytes JMP 00000001737873c1 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[4472] C:\Windows\syswow64\ADVAPI32.dll!CryptExportKey 0000000076719186 5 bytes JMP 00000001737879b1 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[4472] C:\Windows\syswow64\ADVAPI32.dll!CryptImportKey 000000007671c4d2 5 bytes JMP 0000000173787b79 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[4472] C:\Windows\syswow64\ADVAPI32.dll!OpenServiceW 000000007671c9ec 5 bytes JMP 0000000173783c89 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[4472] C:\Windows\syswow64\ADVAPI32.dll!CryptAcquireContextW 000000007671deb4 5 bytes JMP 0000000173787459 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[4472] C:\Windows\syswow64\ADVAPI32.dll!CryptHashData 000000007671ded6 5 bytes JMP 0000000173787ae1 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[4472] C:\Windows\syswow64\ADVAPI32.dll!CryptCreateHash 000000007671deee 5 bytes JMP 0000000173787919 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[4472] C:\Windows\syswow64\ADVAPI32.dll!CryptGetHashParam 000000007671df1e 5 bytes JMP 0000000173787a49 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[4472] C:\Windows\syswow64\ADVAPI32.dll!OpenServiceA 0000000076722b50 5 bytes JMP 0000000173783bf1 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[4472] C:\Windows\syswow64\ADVAPI32.dll!CloseServiceHandle 00000000767235fc 5 bytes JMP 00000001737840b1 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[4472] C:\Windows\syswow64\ADVAPI32.dll!RegOpenKeyExA + 222 000000007672494d 5 bytes JMP 0000000173788169 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[4472] C:\Windows\syswow64\ADVAPI32.dll!CreateServiceW 0000000076737154 5 bytes JMP 0000000173784311 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[4472] C:\Windows\syswow64\ADVAPI32.dll!ControlService 000000007673716c 5 bytes JMP 0000000173783e51 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[4472] C:\Windows\syswow64\ADVAPI32.dll!DeleteService 0000000076737184 5 bytes JMP 0000000173783ee9 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[4472] C:\Windows\syswow64\ADVAPI32.dll!CryptEncrypt 00000000767377cb 5 bytes JMP 0000000173787589 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[4472] C:\Windows\syswow64\ADVAPI32.dll!ChangeServiceConfigA 00000000767533bc 5 bytes JMP 0000000173783f81 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[4472] C:\Windows\syswow64\ADVAPI32.dll!ChangeServiceConfigW 00000000767533cc 5 bytes JMP 0000000173784019 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[4472] C:\Windows\syswow64\ADVAPI32.dll!ControlServiceExA 00000000767533dc 5 bytes JMP 0000000173783d21 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[4472] C:\Windows\syswow64\ADVAPI32.dll!ControlServiceExW 00000000767533ec 5 bytes JMP 0000000173783db9 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[4472] C:\Windows\syswow64\ADVAPI32.dll!CreateServiceA 000000007675342c 5 bytes JMP 0000000173784279 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[4472] C:\Windows\syswow64\USER32.dll!GetMessageW 00000000771478e2 5 bytes JMP 0000000173784441 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[4472] C:\Windows\syswow64\USER32.dll!GetMessageA 0000000077147bd3 5 bytes JMP 00000001737843a9 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[4472] C:\Windows\syswow64\USER32.dll!CreateWindowExW 0000000077148a29 5 bytes JMP 0000000173785909 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[4472] C:\Windows\syswow64\USER32.dll!FindWindowW 00000000771498fd 5 bytes JMP 0000000173786581 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[4472] C:\Windows\syswow64\USER32.dll!UserClientDllInitialize 000000007714b6ed 5 bytes JMP 0000000173788201 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[4472] C:\Windows\syswow64\USER32.dll!CreateWindowExA 000000007714d22e 5 bytes JMP 00000001737859a1 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[4472] C:\Windows\syswow64\USER32.dll!SetWinEventHook 000000007714ee09 5 bytes JMP 00000001737834d1 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[4472] C:\Windows\syswow64\USER32.dll!FindWindowA 000000007714ffe6 5 bytes JMP 0000000173786451 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[4472] C:\Windows\syswow64\USER32.dll!FindWindowExA 00000000771500d9 5 bytes JMP 00000001737864e9 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[4472] C:\Windows\syswow64\USER32.dll!PeekMessageW 00000000771505ba 5 bytes JMP 0000000173784571 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[4472] C:\Windows\syswow64\USER32.dll!ShowWindow 0000000077150dfb 5 bytes JMP 0000000173785a39 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[4472] C:\Windows\syswow64\USER32.dll!PostMessageW 00000000771512a5 5 bytes JMP 0000000173787fa1 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[4472] C:\Windows\syswow64\USER32.dll!SetWindowTextW 00000000771520ec 5 bytes JMP 0000000173785dc9 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[4472] C:\Windows\syswow64\USER32.dll!PostMessageA 0000000077153baa 5 bytes JMP 0000000173787f09 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[4472] C:\Windows\syswow64\USER32.dll!PeekMessageA 0000000077155f74 5 bytes JMP 00000001737844d9 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[4472] C:\Windows\syswow64\USER32.dll!CallNextHookEx 0000000077156285 5 bytes JMP 0000000173784bf9 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[4472] C:\Windows\syswow64\USER32.dll!SetWindowsHookExW 0000000077157603 5 bytes JMP 0000000173782be9 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[4472] C:\Windows\syswow64\USER32.dll!SetWindowTextA 0000000077157aee 5 bytes JMP 0000000173785d31 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[4472] C:\Windows\syswow64\USER32.dll!SetWindowsHookExA 000000007715835c 5 bytes JMP 0000000173782b51 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[4472] C:\Windows\syswow64\USER32.dll!DialogBoxIndirectParamAorW 000000007716ce54 5 bytes JMP 0000000173785b69 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[4472] C:\Windows\syswow64\USER32.dll!UnhookWindowsHookEx 000000007716f52b 5 bytes JMP 0000000173784c91 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[4472] C:\Windows\syswow64\USER32.dll!FindWindowExW 000000007716f588 5 bytes JMP 0000000173786619 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[4472] C:\Windows\syswow64\USER32.dll!CreateDialogIndirectParamAorW 00000000771710a0 5 bytes JMP 0000000173785ad1 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[4472] C:\Windows\syswow64\USER32.dll!MessageBoxExA 000000007719fcd6 5 bytes JMP 0000000173785c01 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[4472] C:\Windows\syswow64\USER32.dll!MessageBoxExW 000000007719fcfa 5 bytes JMP 0000000173785c99 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[4472] C:\Windows\syswow64\SHELL32.dll!Shell_NotifyIconW 0000000075900179 5 bytes JMP 0000000173784d29 .text C:\Users\Ja\Desktop\13e48xtt.exe[2088] C:\Windows\SysWOW64\ntdll.dll!NtReadFile 000000007764f93c 5 bytes JMP 0000000173786911 .text C:\Users\Ja\Desktop\13e48xtt.exe[2088] C:\Windows\SysWOW64\ntdll.dll!NtClose 000000007764fa2c 5 bytes JMP 0000000173785e61 .text C:\Users\Ja\Desktop\13e48xtt.exe[2088] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationProcess 000000007764fb74 5 bytes JMP 0000000173785871 .text C:\Users\Ja\Desktop\13e48xtt.exe[2088] C:\Windows\SysWOW64\ntdll.dll!NtQueryInformationToken 000000007764fbf4 5 bytes JMP 0000000173787459 .text C:\Users\Ja\Desktop\13e48xtt.exe[2088] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess 000000007764fc6c 5 bytes JMP 00000001737831d9 .text C:\Users\Ja\Desktop\13e48xtt.exe[2088] C:\Windows\SysWOW64\ntdll.dll!NtMapViewOfSection 000000007764fc9c 5 bytes JMP 00000001737815f1 .text C:\Users\Ja\Desktop\13e48xtt.exe[2088] C:\Windows\SysWOW64\ntdll.dll!NtUnmapViewOfSection 000000007764fccc 5 bytes JMP 0000000173781689 .text C:\Users\Ja\Desktop\13e48xtt.exe[2088] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 000000007764fcfc 5 bytes JMP 00000001737857d9 .text C:\Users\Ja\Desktop\13e48xtt.exe[2088] C:\Windows\SysWOW64\ntdll.dll!NtWriteVirtualMemory 000000007764fe60 5 bytes JMP 00000001737830a9 .text C:\Users\Ja\Desktop\13e48xtt.exe[2088] C:\Windows\SysWOW64\ntdll.dll!NtDuplicateObject 000000007764fe90 5 bytes JMP 0000000173783309 .text C:\Users\Ja\Desktop\13e48xtt.exe[2088] C:\Windows\SysWOW64\ntdll.dll!NtAdjustPrivilegesToken 000000007764ff0c 5 bytes JMP 00000001737867e1 .text C:\Users\Ja\Desktop\13e48xtt.exe[2088] C:\Windows\SysWOW64\ntdll.dll!NtQueueApcThread 000000007764ff70 5 bytes JMP 0000000173783271 .text C:\Users\Ja\Desktop\13e48xtt.exe[2088] C:\Windows\SysWOW64\ntdll.dll!NtCreateProcessEx 0000000077650038 5 bytes JMP 0000000173782ee1 .text C:\Users\Ja\Desktop\13e48xtt.exe[2088] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread 0000000077650050 5 bytes JMP 0000000173782db1 .text C:\Users\Ja\Desktop\13e48xtt.exe[2088] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile 0000000077650100 5 bytes JMP 0000000173781ed9 .text C:\Users\Ja\Desktop\13e48xtt.exe[2088] C:\Windows\SysWOW64\ntdll.dll!NtSetValueKey 0000000077650210 5 bytes JMP 0000000173782301 .text C:\Users\Ja\Desktop\13e48xtt.exe[2088] C:\Windows\SysWOW64\ntdll.dll!NtCreateProcess 0000000077650860 5 bytes JMP 0000000173782e49 .text C:\Users\Ja\Desktop\13e48xtt.exe[2088] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx 00000000776508f0 5 bytes JMP 0000000173782d19 .text C:\Users\Ja\Desktop\13e48xtt.exe[2088] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver 0000000077650e40 5 bytes JMP 0000000173785ef9 .text C:\Users\Ja\Desktop\13e48xtt.exe[2088] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessToken 000000007765110c 5 bytes JMP 00000001737873c1 .text C:\Users\Ja\Desktop\13e48xtt.exe[2088] C:\Windows\SysWOW64\ntdll.dll!NtRaiseHardError 0000000077651650 5 bytes JMP 0000000173784ac9 .text C:\Users\Ja\Desktop\13e48xtt.exe[2088] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread 000000007765196c 5 bytes JMP 0000000173783141 .text C:\Users\Ja\Desktop\13e48xtt.exe[2088] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation 0000000077651c30 5 bytes JMP 0000000173785f91 .text C:\Users\Ja\Desktop\13e48xtt.exe[2088] C:\Windows\SysWOW64\ntdll.dll!NtSuspendProcess 0000000077651da0 5 bytes JMP 0000000173783439 .text C:\Users\Ja\Desktop\13e48xtt.exe[2088] C:\Windows\SysWOW64\ntdll.dll!NtSuspendThread 0000000077651dbc 5 bytes JMP 00000001737833a1 .text C:\Users\Ja\Desktop\13e48xtt.exe[2088] C:\Windows\SysWOW64\ntdll.dll!NtVdmControl 0000000077651f34 5 bytes JMP 0000000173787589 .text C:\Users\Ja\Desktop\13e48xtt.exe[2088] C:\Windows\SysWOW64\ntdll.dll!RtlQueryPerformanceCounter 0000000077664964 5 bytes JMP 0000000173781ab1 .text C:\Users\Ja\Desktop\13e48xtt.exe[2088] C:\Windows\SysWOW64\ntdll.dll!RtlEqualSid 0000000077670fe1 5 bytes JMP 00000001737874f1 .text C:\Users\Ja\Desktop\13e48xtt.exe[2088] C:\Windows\SysWOW64\ntdll.dll!RtlCreateProcessParametersEx 0000000077690f4b 5 bytes JMP 0000000173782009 .text C:\Users\Ja\Desktop\13e48xtt.exe[2088] C:\Windows\SysWOW64\ntdll.dll!RtlReportException 00000000776d88cf 5 bytes JMP 0000000173784b61 .text C:\Users\Ja\Desktop\13e48xtt.exe[2088] C:\Windows\SysWOW64\ntdll.dll!RtlCreateProcessParameters 00000000776deb6b 5 bytes JMP 0000000173781f71 .text C:\Users\Ja\Desktop\13e48xtt.exe[2088] C:\Windows\syswow64\kernel32.dll!GetStartupInfoA 0000000075440e00 5 bytes JMP 0000000173781da9 .text C:\Users\Ja\Desktop\13e48xtt.exe[2088] C:\Windows\syswow64\kernel32.dll!CreateProcessA 0000000075441072 5 bytes JMP 0000000173782a21 .text C:\Users\Ja\Desktop\13e48xtt.exe[2088] C:\Windows\syswow64\kernel32.dll!LoadLibraryA 000000007544498f 5 bytes JMP 00000001737825f9 .text C:\Users\Ja\Desktop\13e48xtt.exe[2088] C:\Windows\syswow64\kernel32.dll!CreateProcessInternalW 0000000075453bab 5 bytes JMP 0000000173783011 .text C:\Users\Ja\Desktop\13e48xtt.exe[2088] C:\Windows\syswow64\kernel32.dll!MoveFileWithProgressW 0000000075459aa4 5 bytes JMP 0000000173786749 .text C:\Users\Ja\Desktop\13e48xtt.exe[2088] C:\Windows\syswow64\kernel32.dll!MoveFileExW 0000000075459b05 5 bytes JMP 00000001737864e9 .text C:\Users\Ja\Desktop\13e48xtt.exe[2088] C:\Windows\syswow64\kernel32.dll!CreateToolhelp32Snapshot 0000000075467327 5 bytes JMP 0000000173782729 .text C:\Users\Ja\Desktop\13e48xtt.exe[2088] C:\Windows\syswow64\kernel32.dll!Process32NextW 00000000754688da 5 bytes JMP 0000000173785dc9 .text C:\Users\Ja\Desktop\13e48xtt.exe[2088] C:\Windows\syswow64\kernel32.dll!MoveFileExA 000000007546ccb1 5 bytes JMP 00000001737863b9 .text C:\Users\Ja\Desktop\13e48xtt.exe[2088] C:\Windows\syswow64\kernel32.dll!MoveFileWithProgressA 000000007546ccd1 5 bytes JMP 0000000173786619 .text C:\Users\Ja\Desktop\13e48xtt.exe[2088] C:\Windows\syswow64\kernel32.dll!WinExec 00000000754c3051 5 bytes JMP 00000001737828f1 .text C:\Users\Ja\Desktop\13e48xtt.exe[2088] C:\Windows\syswow64\kernel32.dll!ReadConsoleInputA 00000000754e751b 5 bytes JMP 00000001737846a1 .text C:\Users\Ja\Desktop\13e48xtt.exe[2088] C:\Windows\syswow64\kernel32.dll!ReadConsoleInputW 00000000754e753e 5 bytes JMP 00000001737847d1 .text C:\Users\Ja\Desktop\13e48xtt.exe[2088] C:\Windows\syswow64\kernel32.dll!ReadConsoleA 00000000754e78e9 5 bytes JMP 0000000173784901 .text C:\Users\Ja\Desktop\13e48xtt.exe[2088] C:\Windows\syswow64\kernel32.dll!ReadConsoleW 00000000754e7962 5 bytes JMP 0000000173784a31 .text C:\Users\Ja\Desktop\13e48xtt.exe[2088] C:\Windows\syswow64\KERNELBASE.dll!GetSystemTimeAsFileTime 0000000077018f8d 5 bytes JMP 0000000173781a19 .text C:\Users\Ja\Desktop\13e48xtt.exe[2088] C:\Windows\syswow64\KERNELBASE.dll!CloseHandle 000000007701c436 5 bytes JMP 0000000173783b59 .text C:\Users\Ja\Desktop\13e48xtt.exe[2088] C:\Windows\syswow64\KERNELBASE.dll!DeviceIoControl 000000007701d0af 5 bytes JMP 0000000173786879 .text C:\Users\Ja\Desktop\13e48xtt.exe[2088] C:\Windows\syswow64\KERNELBASE.dll!WriteProcessMemory 000000007701eca6 5 bytes JMP 0000000173783601 .text C:\Users\Ja\Desktop\13e48xtt.exe[2088] C:\Windows\syswow64\KERNELBASE.dll!ExitProcess 000000007701f206 5 bytes JMP 0000000173782399 .text C:\Users\Ja\Desktop\13e48xtt.exe[2088] C:\Windows\syswow64\KERNELBASE.dll!GetStartupInfoW 000000007701fa89 5 bytes JMP 0000000173781e41 .text C:\Users\Ja\Desktop\13e48xtt.exe[2088] C:\Windows\syswow64\KERNELBASE.dll!DefineDosDeviceW 000000007701fbb7 5 bytes JMP 0000000173786289 .text C:\Users\Ja\Desktop\13e48xtt.exe[2088] C:\Windows\syswow64\KERNELBASE.dll!CreateMutexW 0000000077021358 5 bytes JMP 0000000173783ac1 .text C:\Users\Ja\Desktop\13e48xtt.exe[2088] C:\Windows\syswow64\KERNELBASE.dll!OpenMutexW 000000007702137f 5 bytes JMP 0000000173783a29 .text C:\Users\Ja\Desktop\13e48xtt.exe[2088] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000077021d29 5 bytes JMP 0000000173781981 .text C:\Users\Ja\Desktop\13e48xtt.exe[2088] C:\Windows\syswow64\KERNELBASE.dll!GetProcAddress 0000000077021e15 5 bytes JMP 00000001737824c9 .text C:\Users\Ja\Desktop\13e48xtt.exe[2088] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000077022ab1 5 bytes JMP 00000001737859a1 .text C:\Users\Ja\Desktop\13e48xtt.exe[2088] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExA 0000000077022cd9 5 bytes JMP 0000000173785909 .text C:\Users\Ja\Desktop\13e48xtt.exe[2088] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000077022d17 5 bytes JMP 0000000173785a39 .text C:\Users\Ja\Desktop\13e48xtt.exe[2088] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleA 0000000077022e7a 5 bytes JMP 00000001737818e9 .text C:\Users\Ja\Desktop\13e48xtt.exe[2088] C:\Windows\syswow64\KERNELBASE.dll!SleepEx 0000000077023b70 5 bytes JMP 0000000173782269 .text C:\Users\Ja\Desktop\13e48xtt.exe[2088] C:\Windows\syswow64\KERNELBASE.dll!Sleep 0000000077024496 5 bytes JMP 0000000173782431 .text C:\Users\Ja\Desktop\13e48xtt.exe[2088] C:\Windows\syswow64\KERNELBASE.dll!CreateThread 0000000077024608 5 bytes JMP 0000000173783569 .text C:\Users\Ja\Desktop\13e48xtt.exe[2088] C:\Windows\syswow64\KERNELBASE.dll!CreateRemoteThread 0000000077024631 5 bytes JMP 0000000173782c81 .text C:\Users\Ja\Desktop\13e48xtt.exe[2088] C:\Windows\syswow64\KERNELBASE.dll!FindNextFileW 000000007702a211 5 bytes JMP 0000000173786a41 .text C:\Users\Ja\Desktop\13e48xtt.exe[2088] C:\Windows\syswow64\KERNELBASE.dll!FindFirstFileExW 000000007702a4fa 5 bytes JMP 00000001737869a9 .text C:\Users\Ja\Desktop\13e48xtt.exe[2088] C:\Windows\syswow64\KERNELBASE.dll!CreateFileA 000000007702c734 5 bytes JMP 00000001737827c1 .text C:\Users\Ja\Desktop\13e48xtt.exe[2088] C:\Windows\syswow64\KERNELBASE.dll!CreateWellKnownSid 000000007702e29d 5 bytes JMP 0000000173787329 .text C:\Users\Ja\Desktop\13e48xtt.exe[2088] C:\Windows\syswow64\ADVAPI32.dll!CryptGenKey 0000000076718e89 5 bytes JMP 0000000173786c09 .text C:\Users\Ja\Desktop\13e48xtt.exe[2088] C:\Windows\syswow64\ADVAPI32.dll!CryptAcquireContextA 0000000076719179 5 bytes JMP 0000000173786ad9 .text C:\Users\Ja\Desktop\13e48xtt.exe[2088] C:\Windows\syswow64\ADVAPI32.dll!CryptExportKey 0000000076719186 5 bytes JMP 00000001737870c9 .text C:\Users\Ja\Desktop\13e48xtt.exe[2088] C:\Windows\syswow64\ADVAPI32.dll!CryptImportKey 000000007671c4d2 5 bytes JMP 0000000173787291 .text C:\Users\Ja\Desktop\13e48xtt.exe[2088] C:\Windows\syswow64\ADVAPI32.dll!OpenServiceW 000000007671c9ec 5 bytes JMP 0000000173783c89 .text C:\Users\Ja\Desktop\13e48xtt.exe[2088] C:\Windows\syswow64\ADVAPI32.dll!CryptAcquireContextW 000000007671deb4 5 bytes JMP 0000000173786b71 .text C:\Users\Ja\Desktop\13e48xtt.exe[2088] C:\Windows\syswow64\ADVAPI32.dll!CryptHashData 000000007671ded6 5 bytes JMP 00000001737871f9 .text C:\Users\Ja\Desktop\13e48xtt.exe[2088] C:\Windows\syswow64\ADVAPI32.dll!CryptCreateHash 000000007671deee 5 bytes JMP 0000000173787031 .text C:\Users\Ja\Desktop\13e48xtt.exe[2088] C:\Windows\syswow64\ADVAPI32.dll!CryptGetHashParam 000000007671df1e 5 bytes JMP 0000000173787161 .text C:\Users\Ja\Desktop\13e48xtt.exe[2088] C:\Windows\syswow64\ADVAPI32.dll!OpenServiceA 0000000076722b50 5 bytes JMP 0000000173783bf1 .text C:\Users\Ja\Desktop\13e48xtt.exe[2088] C:\Windows\syswow64\ADVAPI32.dll!CloseServiceHandle 00000000767235fc 5 bytes JMP 00000001737840b1 .text C:\Users\Ja\Desktop\13e48xtt.exe[2088] C:\Windows\syswow64\ADVAPI32.dll!RegOpenKeyExA + 222 000000007672494d 1 byte JMP 0000000173787751 .text C:\Users\Ja\Desktop\13e48xtt.exe[2088] C:\Windows\syswow64\ADVAPI32.dll!RegOpenKeyExA + 224 000000007672494f 3 bytes {JMP 0xfffffffffd062e04} .text C:\Users\Ja\Desktop\13e48xtt.exe[2088] C:\Windows\syswow64\ADVAPI32.dll!CreateServiceW 0000000076737154 5 bytes JMP 0000000173784311 .text C:\Users\Ja\Desktop\13e48xtt.exe[2088] C:\Windows\syswow64\ADVAPI32.dll!ControlService 000000007673716c 5 bytes JMP 0000000173783e51 .text C:\Users\Ja\Desktop\13e48xtt.exe[2088] C:\Windows\syswow64\ADVAPI32.dll!DeleteService 0000000076737184 5 bytes JMP 0000000173783ee9 .text C:\Users\Ja\Desktop\13e48xtt.exe[2088] C:\Windows\syswow64\ADVAPI32.dll!CryptEncrypt 00000000767377cb 5 bytes JMP 0000000173786ca1 .text C:\Users\Ja\Desktop\13e48xtt.exe[2088] C:\Windows\syswow64\ADVAPI32.dll!ChangeServiceConfigA 00000000767533bc 5 bytes JMP 0000000173783f81 .text C:\Users\Ja\Desktop\13e48xtt.exe[2088] C:\Windows\syswow64\ADVAPI32.dll!ChangeServiceConfigW 00000000767533cc 5 bytes JMP 0000000173784019 .text C:\Users\Ja\Desktop\13e48xtt.exe[2088] C:\Windows\syswow64\ADVAPI32.dll!ControlServiceExA 00000000767533dc 5 bytes JMP 0000000173783d21 .text C:\Users\Ja\Desktop\13e48xtt.exe[2088] C:\Windows\syswow64\ADVAPI32.dll!ControlServiceExW 00000000767533ec 5 bytes JMP 0000000173783db9 .text C:\Users\Ja\Desktop\13e48xtt.exe[2088] C:\Windows\syswow64\ADVAPI32.dll!CreateServiceA 000000007675342c 5 bytes JMP 0000000173784279 .text C:\Users\Ja\Desktop\13e48xtt.exe[2088] C:\Windows\syswow64\msvcrt.dll!_lock + 41 000000007504a472 5 bytes JMP 00000001737877e9 .text C:\Users\Ja\Desktop\13e48xtt.exe[2088] C:\Windows\syswow64\msvcrt.dll!__p__fmode 00000000750527ce 5 bytes JMP 0000000173781be1 .text C:\Users\Ja\Desktop\13e48xtt.exe[2088] C:\Windows\syswow64\msvcrt.dll!__p__environ 000000007505e6cf 5 bytes JMP 0000000173781b49 .text C:\Users\Ja\Desktop\13e48xtt.exe[2088] C:\Windows\syswow64\USER32.dll!GetMessageW 00000000771478e2 5 bytes JMP 0000000173784441 .text C:\Users\Ja\Desktop\13e48xtt.exe[2088] C:\Windows\syswow64\USER32.dll!GetMessageA 0000000077147bd3 5 bytes JMP 00000001737843a9 .text C:\Users\Ja\Desktop\13e48xtt.exe[2088] C:\Windows\syswow64\USER32.dll!CreateWindowExW 0000000077148a29 5 bytes JMP 0000000173784f89 .text C:\Users\Ja\Desktop\13e48xtt.exe[2088] C:\Windows\syswow64\USER32.dll!FindWindowW 00000000771498fd 1 byte JMP 0000000173785c01 .text C:\Users\Ja\Desktop\13e48xtt.exe[2088] C:\Windows\syswow64\USER32.dll!FindWindowW + 2 00000000771498ff 3 bytes {JMP 0xfffffffffc63c304} .text C:\Users\Ja\Desktop\13e48xtt.exe[2088] C:\Windows\syswow64\USER32.dll!UserClientDllInitialize 000000007714b6ed 5 bytes JMP 0000000173787881 .text C:\Users\Ja\Desktop\13e48xtt.exe[2088] C:\Windows\syswow64\USER32.dll!CreateWindowExA 000000007714d22e 5 bytes JMP 0000000173785021 .text C:\Users\Ja\Desktop\13e48xtt.exe[2088] C:\Windows\syswow64\USER32.dll!SetWinEventHook 000000007714ee09 5 bytes JMP 00000001737834d1 .text C:\Users\Ja\Desktop\13e48xtt.exe[2088] C:\Windows\syswow64\USER32.dll!FindWindowA 000000007714ffe6 5 bytes JMP 0000000173785ad1 .text C:\Users\Ja\Desktop\13e48xtt.exe[2088] C:\Windows\syswow64\USER32.dll!FindWindowExA 00000000771500d9 5 bytes JMP 0000000173785b69 .text C:\Users\Ja\Desktop\13e48xtt.exe[2088] C:\Windows\syswow64\USER32.dll!PeekMessageW 00000000771505ba 5 bytes JMP 0000000173784571 .text C:\Users\Ja\Desktop\13e48xtt.exe[2088] C:\Windows\syswow64\USER32.dll!ShowWindow 0000000077150dfb 5 bytes JMP 00000001737850b9 .text C:\Users\Ja\Desktop\13e48xtt.exe[2088] C:\Windows\syswow64\USER32.dll!PostMessageW 00000000771512a5 5 bytes JMP 00000001737876b9 .text C:\Users\Ja\Desktop\13e48xtt.exe[2088] C:\Windows\syswow64\USER32.dll!SetWindowTextW 00000000771520ec 5 bytes JMP 0000000173785449 .text C:\Users\Ja\Desktop\13e48xtt.exe[2088] C:\Windows\syswow64\USER32.dll!PostMessageA 0000000077153baa 5 bytes JMP 0000000173787621 .text C:\Users\Ja\Desktop\13e48xtt.exe[2088] C:\Windows\syswow64\USER32.dll!PeekMessageA 0000000077155f74 5 bytes JMP 00000001737844d9 .text C:\Users\Ja\Desktop\13e48xtt.exe[2088] C:\Windows\syswow64\USER32.dll!CallNextHookEx 0000000077156285 5 bytes JMP 0000000173784bf9 .text C:\Users\Ja\Desktop\13e48xtt.exe[2088] C:\Windows\syswow64\USER32.dll!SetWindowsHookExW 0000000077157603 5 bytes JMP 0000000173782be9 .text C:\Users\Ja\Desktop\13e48xtt.exe[2088] C:\Windows\syswow64\USER32.dll!SetWindowTextA 0000000077157aee 5 bytes JMP 00000001737853b1 .text C:\Users\Ja\Desktop\13e48xtt.exe[2088] C:\Windows\syswow64\USER32.dll!SetWindowsHookExA 000000007715835c 5 bytes JMP 0000000173782b51 .text C:\Users\Ja\Desktop\13e48xtt.exe[2088] C:\Windows\syswow64\USER32.dll!DialogBoxIndirectParamAorW 000000007716ce54 5 bytes JMP 00000001737851e9 .text C:\Users\Ja\Desktop\13e48xtt.exe[2088] C:\Windows\syswow64\USER32.dll!UnhookWindowsHookEx 000000007716f52b 5 bytes JMP 0000000173784c91 .text C:\Users\Ja\Desktop\13e48xtt.exe[2088] C:\Windows\syswow64\USER32.dll!FindWindowExW 000000007716f588 5 bytes JMP 0000000173785c99 .text C:\Users\Ja\Desktop\13e48xtt.exe[2088] C:\Windows\syswow64\USER32.dll!CreateDialogIndirectParamAorW 00000000771710a0 5 bytes JMP 0000000173785151 .text C:\Users\Ja\Desktop\13e48xtt.exe[2088] C:\Windows\syswow64\USER32.dll!MessageBoxExA 000000007719fcd6 2 bytes JMP 0000000173785281 .text C:\Users\Ja\Desktop\13e48xtt.exe[2088] C:\Windows\syswow64\USER32.dll!MessageBoxExA + 3 000000007719fcd9 2 bytes [5E, FC] .text C:\Users\Ja\Desktop\13e48xtt.exe[2088] C:\Windows\syswow64\USER32.dll!MessageBoxExW 000000007719fcfa 5 bytes JMP 0000000173785319 ---- Modules - GMER 2.1 ---- Module \SystemRoot\System32\drivers\vpgua.sys fffff88000de6000-fffff88000dfc000 (90112 bytes) ---- Threads - GMER 2.1 ---- Thread C:\Program Files\Windows Media Player\wmpnetwk.exe [5048:4808] 000007fefdc30168 Thread C:\Program Files\Windows Media Player\wmpnetwk.exe [5048:4428] 000007fefa212bf8 Thread C:\Program Files\Windows Media Player\wmpnetwk.exe [5048:4768] 000007fee67ccf60 Thread C:\Program Files\Windows Media Player\wmpnetwk.exe [5048:4760] 000007feeff35124 ---- Processes - GMER 2.1 ---- Library \\?\C:\Program Files\Common Files\Bitdefender\Bitdefender Threat Scanner\trufos.dll (*** suspicious ***) @ C:\Program Files\Bitdefender\Bitdefender 2015\vsserv.exe [156] (FILE NOT FOUND) 000007fefb680000 ---- Registry - GMER 2.1 ---- Reg HKLM\SYSTEM\ControlSet002\Control@PreshutdownOrder wuauserv?gpsvc?trustedinstaller? Reg HKLM\SYSTEM\ControlSet002\Control@WaitToKillServiceTimeout 12000 Reg HKLM\SYSTEM\ControlSet002\Control@CurrentUser USERNAME Reg HKLM\SYSTEM\ControlSet002\Control@BootDriverFlags 0 Reg HKLM\SYSTEM\ControlSet002\Control@ServiceControlManagerExtension %systemroot%\system32\scext.dll Reg HKLM\SYSTEM\ControlSet002\Control@SystemStartOptions NOEXECUTE=OPTIN Reg HKLM\SYSTEM\ControlSet002\Control@SystemBootDevice multi(0)disk(0)rdisk(0)partition(2) Reg HKLM\SYSTEM\ControlSet002\Control@FirmwareBootDevice multi(0)disk(0)rdisk(0)partition(1) Reg HKLM\SYSTEM\ControlSet002\Control\Session Manager@CriticalSectionTimeout 2592000 Reg HKLM\SYSTEM\ControlSet002\Control\Session Manager@GlobalFlag 0 Reg HKLM\SYSTEM\ControlSet002\Control\Session Manager@HeapDeCommitFreeBlockThreshold 0 Reg HKLM\SYSTEM\ControlSet002\Control\Session Manager@HeapDeCommitTotalFreeThreshold 0 Reg HKLM\SYSTEM\ControlSet002\Control\Session Manager@HeapSegmentCommit 0 Reg HKLM\SYSTEM\ControlSet002\Control\Session Manager@HeapSegmentReserve 0 Reg HKLM\SYSTEM\ControlSet002\Control\Session Manager@ProcessorControl 2 Reg HKLM\SYSTEM\ControlSet002\Control\Session Manager@ResourceTimeoutCount 648000 Reg HKLM\SYSTEM\ControlSet002\Control\Session Manager@BootExecute autocheck autochk *? Reg HKLM\SYSTEM\ControlSet002\Control\Session Manager@ExcludeFromKnownDlls Reg HKLM\SYSTEM\ControlSet002\Control\Session Manager@ObjectDirectories \Windows?\RPC Control? Reg HKLM\SYSTEM\ControlSet002\Control\Session Manager@ProtectionMode 1 Reg HKLM\SYSTEM\ControlSet002\Control\Session Manager@NumberOfInitialSessions 2 Reg HKLM\SYSTEM\ControlSet002\Control\Session Manager@SetupExecute Reg HKLM\SYSTEM\ControlSet002\Control\Session Manager@PendingFileRenameOperations \??\C:\ProgramData\Malwarebytes\Malwarebytes Anti-Malware\cleanup.old??\??\C:\ProgramData\Malwarebytes\Malwarebytes Anti-Malware??\??\C:\ProgramData\Malwarebytes\Malwarebytes Anti-Malware\mbamdor.old?? Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\StartPage\NewShortcuts@C:\Users\Ja\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\GOG.com\WiedŸmin 3\xae - Dziki Gon\Usuñ WiedŸmin 3\xae - Dziki Gon.lnk 1 Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\StartPage\NewShortcuts@C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GOG.com\WiedŸmin 3\xae - Dziki Gon\Usuñ WiedŸmin 3\xae - Dziki Gon.lnk 1 ---- EOF - GMER 2.1 ----