GMER 2.1.19163 - http://www.gmer.net Rootkit scan 2013-05-11 16:52:08 Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 WDC_WD10EZRX-00A8LB0 rev.01.01A01 931,51GB Running: 5q0v8tkz.exe; Driver: C:\Users\Olka\AppData\Local\Temp\kwtcapow.sys ---- Kernel code sections - GMER 2.1 ---- INITKDBG C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 698 fffff800029b808a 6 bytes [00, 00, 00, 00, 00, 00] INITKDBG C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 706 fffff800029b8092 4 bytes [00, 00, 00, 00] ---- User code sections - GMER 2.1 ---- .text C:\ProgramData\eSafe\eGdpSvc.exe[1452] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000077641465 2 bytes [64, 77] .text C:\ProgramData\eSafe\eGdpSvc.exe[1452] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000776414bb 2 bytes [64, 77] .text ... * 2 .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1200] C:\Windows\SysWOW64\ntdll.dll!NtClose 000000007768f9c0 5 bytes JMP 0000000174156271 .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1200] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationProcess 000000007768fb08 5 bytes JMP 0000000174155cd1 .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1200] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess 000000007768fc00 5 bytes JMP 00000001741533c1 .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1200] C:\Windows\SysWOW64\ntdll.dll!NtMapViewOfSection 000000007768fc30 5 bytes JMP 00000001741515f1 .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1200] C:\Windows\SysWOW64\ntdll.dll!NtUnmapViewOfSection 000000007768fc60 5 bytes JMP 0000000174151681 .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1200] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 000000007768fc90 5 bytes JMP 0000000174155c41 .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1200] C:\Windows\SysWOW64\ntdll.dll!NtOpenSection 000000007768fda8 5 bytes JMP 0000000174156661 .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1200] C:\Windows\SysWOW64\ntdll.dll!NtWriteVirtualMemory 000000007768fdf4 5 bytes JMP 00000001741532a1 .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1200] C:\Windows\SysWOW64\ntdll.dll!NtDuplicateObject 000000007768fe24 5 bytes JMP 00000001741534e1 .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1200] C:\Windows\SysWOW64\ntdll.dll!NtQueueApcThread 000000007768ff04 5 bytes JMP 0000000174153451 .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1200] C:\Windows\SysWOW64\ntdll.dll!NtCreateSection 000000007768ff84 5 bytes JMP 00000001741566f1 .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1200] C:\Windows\SysWOW64\ntdll.dll!NtCreateProcessEx 000000007768ffcc 5 bytes JMP 00000001741530f1 .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1200] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread 000000007768ffe4 5 bytes JMP 0000000174152fd1 .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1200] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile 0000000077690094 5 bytes JMP 00000001741521c1 .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1200] C:\Windows\SysWOW64\ntdll.dll!NtSetValueKey 00000000776901a4 5 bytes JMP 00000001741525b1 .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1200] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant 000000007769077c 5 bytes JMP 00000001741564b1 .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1200] C:\Windows\SysWOW64\ntdll.dll!NtCreateProcess 00000000776907f4 5 bytes JMP 0000000174153061 .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1200] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx 0000000077690884 5 bytes JMP 0000000174152f41 .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1200] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver 0000000077690dd4 5 bytes JMP 0000000174156541 .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1200] C:\Windows\SysWOW64\ntdll.dll!NtRaiseHardError 00000000776915e4 5 bytes JMP 00000001741549b1 .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1200] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread 0000000077691900 5 bytes JMP 0000000174153331 .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1200] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation 0000000077691bc4 5 bytes JMP 00000001741565d1 .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1200] C:\Windows\SysWOW64\ntdll.dll!NtSystemDebugControl 0000000077691d6c 5 bytes JMP 0000000174156781 .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1200] C:\Windows\SysWOW64\ntdll.dll!NtVdmControl 0000000077691ec8 5 bytes JMP 0000000174156301 .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1200] C:\Windows\SysWOW64\ntdll.dll!RtlQueryPerformanceCounter 00000000776a88a4 5 bytes JMP 0000000174151dd1 .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1200] C:\Windows\SysWOW64\ntdll.dll!RtlCreateProcessParametersEx 00000000776d0cfb 5 bytes JMP 00000001741522e1 .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1200] C:\Windows\SysWOW64\ntdll.dll!RtlReportException 000000007771857f 5 bytes JMP 0000000174154a41 .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1200] C:\Windows\SysWOW64\ntdll.dll!RtlCreateProcessParameters 000000007771e81b 5 bytes JMP 0000000174152251 .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1200] C:\Windows\syswow64\kernel32.dll!GetStartupInfoA 00000000751a0e00 5 bytes JMP 00000001741520a1 .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1200] C:\Windows\syswow64\kernel32.dll!CreateProcessA 00000000751a1072 5 bytes JMP 0000000174152c71 .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1200] C:\Windows\syswow64\kernel32.dll!LoadLibraryA 00000000751a49bf 5 bytes JMP 0000000174152881 .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1200] C:\Windows\syswow64\kernel32.dll!CreateProcessInternalW 00000000751b3bdb 5 bytes JMP 0000000174153211 .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1200] C:\Windows\syswow64\kernel32.dll!MoveFileWithProgressW 00000000751b9ab4 5 bytes JMP 00000001741519e1 .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1200] C:\Windows\syswow64\kernel32.dll!CopyFileExW 00000000751c3b7a 5 bytes JMP 00000001741517a1 .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1200] C:\Windows\syswow64\kernel32.dll!CreateToolhelp32Snapshot 00000000751c7347 5 bytes JMP 00000001741529a1 .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1200] C:\Windows\syswow64\kernel32.dll!Process32NextW 00000000751c8954 5 bytes JMP 00000001741561e1 .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1200] C:\Windows\syswow64\kernel32.dll!WinExec 0000000075222c91 5 bytes JMP 0000000174152b51 .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1200] C:\Windows\syswow64\kernel32.dll!ReadConsoleInputA 0000000075246f6b 5 bytes JMP 00000001741545c1 .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1200] C:\Windows\syswow64\kernel32.dll!ReadConsoleInputW 0000000075246f8e 5 bytes JMP 00000001741546e1 .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1200] C:\Windows\syswow64\kernel32.dll!ReadConsoleA 0000000075247339 5 bytes JMP 0000000174154801 .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1200] C:\Windows\syswow64\kernel32.dll!ReadConsoleW 00000000752473b2 5 bytes JMP 0000000174154921 .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1200] C:\Windows\syswow64\KERNELBASE.dll!GetSystemTimeAsFileTime 0000000076648f7d 5 bytes JMP 0000000174151d41 .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1200] C:\Windows\syswow64\KERNELBASE.dll!CloseHandle 000000007664c428 5 bytes JMP 0000000174153b11 .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1200] C:\Windows\syswow64\KERNELBASE.dll!WriteProcessMemory 000000007664ec98 5 bytes JMP 0000000174153601 .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1200] C:\Windows\syswow64\KERNELBASE.dll!ExitProcess 000000007664f1f8 5 bytes JMP 0000000174152641 .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1200] C:\Windows\syswow64\KERNELBASE.dll!GetStartupInfoW 000000007664fa7b 5 bytes JMP 0000000174152131 .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1200] C:\Windows\syswow64\KERNELBASE.dll!CreateMutexW 000000007665134a 5 bytes JMP 0000000174153a81 .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1200] C:\Windows\syswow64\KERNELBASE.dll!OpenMutexW 0000000076651371 5 bytes JMP 00000001741539f1 .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1200] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000076651d1b 5 bytes JMP 0000000174151cb1 .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1200] C:\Windows\syswow64\KERNELBASE.dll!GetProcAddress 0000000076651e07 5 bytes JMP 0000000174152761 .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1200] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000076652aa4 5 bytes JMP 0000000174155df1 .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1200] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExA 0000000076652ccc 5 bytes JMP 0000000174155d61 .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1200] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000076652d0a 5 bytes JMP 0000000174155e81 .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1200] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleA 0000000076652e6d 5 bytes JMP 0000000174151c21 .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1200] C:\Windows\syswow64\KERNELBASE.dll!SleepEx 0000000076653b63 5 bytes JMP 0000000174152521 .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1200] C:\Windows\syswow64\KERNELBASE.dll!Sleep 0000000076654489 5 bytes JMP 00000001741526d1 .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1200] C:\Windows\syswow64\KERNELBASE.dll!CreateThread 00000000766545fb 5 bytes JMP 0000000174153571 .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1200] C:\Windows\syswow64\KERNELBASE.dll!CreateRemoteThread 0000000076654624 5 bytes JMP 0000000174152eb1 .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1200] C:\Windows\syswow64\KERNELBASE.dll!CreateFileA 000000007665c72c 5 bytes JMP 0000000174152a31 .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1200] C:\Windows\syswow64\USER32.dll!GetMessageW 0000000074dc78e2 5 bytes JMP 0000000174154381 .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1200] C:\Windows\syswow64\USER32.dll!GetMessageA 0000000074dc7bd3 5 bytes JMP 00000001741542f1 .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1200] C:\Windows\syswow64\USER32.dll!CreateWindowExW 0000000074dc8a29 5 bytes JMP 0000000174155611 .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1200] C:\Windows\syswow64\USER32.dll!FindWindowW 0000000074dc98fd 5 bytes JMP 0000000174156031 .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1200] C:\Windows\syswow64\USER32.dll!UserClientDllInitialize 0000000074dcb6ed 5 bytes JMP 0000000174156811 .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1200] C:\Windows\syswow64\USER32.dll!CreateWindowExA 0000000074dcd22e 5 bytes JMP 00000001741556a1 .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1200] C:\Windows\syswow64\USER32.dll!FindWindowA 0000000074dcffe6 5 bytes JMP 0000000174155f11 .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1200] C:\Windows\syswow64\USER32.dll!FindWindowExA 0000000074dd00d9 5 bytes JMP 0000000174155fa1 .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1200] C:\Windows\syswow64\USER32.dll!PeekMessageW 0000000074dd05ba 5 bytes JMP 00000001741544a1 .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1200] C:\Windows\syswow64\USER32.dll!ShowWindow 0000000074dd0dfb 5 bytes JMP 0000000174155731 .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1200] C:\Windows\syswow64\USER32.dll!PostMessageW 0000000074dd12a5 5 bytes JMP 0000000174156421 .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1200] C:\Windows\syswow64\USER32.dll!SetWindowTextW 0000000074dd20ec 5 bytes JMP 0000000174155a91 .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1200] C:\Windows\syswow64\USER32.dll!PostMessageA 0000000074dd3baa 5 bytes JMP 0000000174156391 .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1200] C:\Windows\syswow64\USER32.dll!PeekMessageA 0000000074dd5f74 5 bytes JMP 0000000174154411 .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1200] C:\Windows\syswow64\USER32.dll!CallNextHookEx 0000000074dd6285 5 bytes JMP 0000000174154ad1 .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1200] C:\Windows\syswow64\USER32.dll!SetWindowsHookExW 0000000074dd7603 5 bytes JMP 0000000174152e21 .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1200] C:\Windows\syswow64\USER32.dll!SetWindowTextA 0000000074dd7aee 5 bytes JMP 0000000174155a01 .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1200] C:\Windows\syswow64\USER32.dll!SetWindowsHookExA 0000000074dd835c 5 bytes JMP 0000000174152d91 .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1200] C:\Windows\syswow64\USER32.dll!DialogBoxIndirectParamAorW 0000000074dece54 5 bytes JMP 0000000174155851 .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1200] C:\Windows\syswow64\USER32.dll!UnhookWindowsHookEx 0000000074def52b 5 bytes JMP 0000000174154b61 .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1200] C:\Windows\syswow64\USER32.dll!FindWindowExW 0000000074def588 5 bytes JMP 00000001741560c1 .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1200] C:\Windows\syswow64\USER32.dll!CreateDialogIndirectParamAorW 0000000074df10a0 5 bytes JMP 00000001741557c1 .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1200] C:\Windows\syswow64\USER32.dll!MessageBoxExA 0000000074e1fcd6 5 bytes JMP 00000001741558e1 .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1200] C:\Windows\syswow64\USER32.dll!MessageBoxExW 0000000074e1fcfa 5 bytes JMP 0000000174155971 .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1200] C:\Windows\syswow64\msvcrt.dll!_lock + 41 000000007508a472 5 bytes JMP 00000001741568a1 .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1200] C:\Windows\syswow64\msvcrt.dll!__p__fmode 00000000750927ce 5 bytes JMP 0000000174151ef1 .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1200] C:\Windows\syswow64\msvcrt.dll!__p__environ 000000007509e6cf 5 bytes JMP 0000000174151e61 .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1200] C:\Windows\syswow64\ADVAPI32.dll!OpenServiceW 0000000075f8ca4c 5 bytes JMP 0000000174153c31 .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1200] C:\Windows\syswow64\ADVAPI32.dll!OpenServiceA 0000000075f92bf0 5 bytes JMP 0000000174153ba1 .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1200] C:\Windows\syswow64\ADVAPI32.dll!CloseServiceHandle 0000000075f9369c 5 bytes JMP 0000000174154021 .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1200] C:\Windows\syswow64\ADVAPI32.dll!RegOpenKeyExA + 222 0000000075f949e5 5 bytes JMP 0000000174156931 .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1200] C:\Windows\syswow64\ADVAPI32.dll!CreateServiceW 0000000075fa712c 5 bytes JMP 0000000174154261 .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1200] C:\Windows\syswow64\ADVAPI32.dll!ControlService 0000000075fa7144 5 bytes JMP 0000000174153de1 .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1200] C:\Windows\syswow64\ADVAPI32.dll!DeleteService 0000000075fa715c 5 bytes JMP 0000000174153e71 .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1200] C:\Windows\syswow64\ADVAPI32.dll!ChangeServiceConfigA 0000000075fc30e8 5 bytes JMP 0000000174153f01 .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1200] C:\Windows\syswow64\ADVAPI32.dll!ChangeServiceConfigW 0000000075fc30f8 5 bytes JMP 0000000174153f91 .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1200] C:\Windows\syswow64\ADVAPI32.dll!ControlServiceExA 0000000075fc3108 5 bytes JMP 0000000174153cc1 .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1200] C:\Windows\syswow64\ADVAPI32.dll!ControlServiceExW 0000000075fc3118 5 bytes JMP 0000000174153d51 .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1200] C:\Windows\syswow64\ADVAPI32.dll!CreateServiceA 0000000075fc3158 5 bytes JMP 00000001741541d1 .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1200] C:\Windows\syswow64\SHELL32.dll!Shell_NotifyIconW 0000000075350171 5 bytes JMP 0000000174154bf1 .text C:\Windows\system32\svchost.exe[2100] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateProcessParametersEx + 1 00000000774c92a1 5 bytes [B8, 79, 6E, 1D, 74] .text C:\Windows\system32\svchost.exe[2100] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateProcessParametersEx + 7 00000000774c92a7 5 bytes [00, 00, 00, 50, C3] .text C:\Windows\system32\svchost.exe[2100] C:\Windows\SYSTEM32\ntdll.dll!NtClose 00000000774e1400 6 bytes [48, B8, F9, DA, 1D, 74] .text C:\Windows\system32\svchost.exe[2100] C:\Windows\SYSTEM32\ntdll.dll!NtClose + 8 00000000774e1408 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\svchost.exe[2100] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess 00000000774e14d0 6 bytes [48, B8, B9, C7, 1D, 74] .text C:\Windows\system32\svchost.exe[2100] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess + 8 00000000774e14d8 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\svchost.exe[2100] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000774e1570 6 bytes [48, B8, 79, 3D, 1D, 74] .text C:\Windows\system32\svchost.exe[2100] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess + 8 00000000774e1578 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\svchost.exe[2100] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 00000000774e1590 6 bytes [48, B8, 39, 1C, 1D, 74] .text C:\Windows\system32\svchost.exe[2100] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection + 8 00000000774e1598 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\svchost.exe[2100] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection 00000000774e15b0 6 bytes [48, B8, F9, 1D, 1D, 74] .text C:\Windows\system32\svchost.exe[2100] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection + 8 00000000774e15b8 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\svchost.exe[2100] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000774e15d0 6 bytes [48, B8, F9, C5, 1D, 74] .text C:\Windows\system32\svchost.exe[2100] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess + 8 00000000774e15d8 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\svchost.exe[2100] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000774e1680 6 bytes [48, B8, B9, EA, 1D, 74] .text C:\Windows\system32\svchost.exe[2100] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection + 8 00000000774e1688 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\svchost.exe[2100] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000774e16b0 6 bytes [48, B8, F9, 39, 1D, 74] .text C:\Windows\system32\svchost.exe[2100] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory + 8 00000000774e16b8 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\svchost.exe[2100] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000774e16d0 6 bytes [48, B8, F9, 40, 1D, 74] .text C:\Windows\system32\svchost.exe[2100] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject + 8 00000000774e16d8 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\svchost.exe[2100] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 00000000774e1760 6 bytes [48, B8, 39, 3F, 1D, 74] .text C:\Windows\system32\svchost.exe[2100] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread + 8 00000000774e1768 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\svchost.exe[2100] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000774e17b0 6 bytes [48, B8, 79, EC, 1D, 74] .text C:\Windows\system32\svchost.exe[2100] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection + 8 00000000774e17b8 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\svchost.exe[2100] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcessEx 00000000774e17e0 6 bytes [48, B8, B9, 34, 1D, 74] .text C:\Windows\system32\svchost.exe[2100] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcessEx + 8 00000000774e17e8 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\svchost.exe[2100] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000774e17f0 6 bytes [48, B8, 39, 31, 1D, 74] .text C:\Windows\system32\svchost.exe[2100] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread + 8 00000000774e17f8 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\svchost.exe[2100] C:\Windows\SYSTEM32\ntdll.dll!NtSetValueKey 00000000774e1910 6 bytes [48, B8, F9, EF, 1D, 74] .text C:\Windows\system32\svchost.exe[2100] C:\Windows\SYSTEM32\ntdll.dll!NtSetValueKey + 8 00000000774e1918 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\svchost.exe[2100] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000774e1ce0 6 bytes [48, B8, 79, E5, 1D, 74] .text C:\Windows\system32\svchost.exe[2100] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant + 8 00000000774e1ce8 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\svchost.exe[2100] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcess 00000000774e1d30 6 bytes [48, B8, F9, 32, 1D, 74] .text C:\Windows\system32\svchost.exe[2100] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcess + 8 00000000774e1d38 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\svchost.exe[2100] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000774e1d90 6 bytes [48, B8, 79, 2F, 1D, 74] .text C:\Windows\system32\svchost.exe[2100] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx + 8 00000000774e1d98 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\svchost.exe[2100] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000774e2100 6 bytes [48, B8, 39, E7, 1D, 74] .text C:\Windows\system32\svchost.exe[2100] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver + 8 00000000774e2108 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\svchost.exe[2100] C:\Windows\SYSTEM32\ntdll.dll!NtRaiseHardError 00000000774e2640 6 bytes [48, B8, B9, 88, 1D, 74] .text C:\Windows\system32\svchost.exe[2100] C:\Windows\SYSTEM32\ntdll.dll!NtRaiseHardError + 8 00000000774e2648 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\svchost.exe[2100] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000774e2840 6 bytes [48, B8, B9, 3B, 1D, 74] .text C:\Windows\system32\svchost.exe[2100] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread + 8 00000000774e2848 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\svchost.exe[2100] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000774e2a00 6 bytes [48, B8, F9, E8, 1D, 74] .text C:\Windows\system32\svchost.exe[2100] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation + 8 00000000774e2a08 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\svchost.exe[2100] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000774e2b00 6 bytes [48, B8, 39, EE, 1D, 74] .text C:\Windows\system32\svchost.exe[2100] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl + 8 00000000774e2b08 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\svchost.exe[2100] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000774e2be0 6 bytes [48, B8, 39, E0, 1D, 74] .text C:\Windows\system32\svchost.exe[2100] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl + 8 00000000774e2be8 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\svchost.exe[2100] C:\Windows\SYSTEM32\ntdll.dll!RtlReportException + 1 00000000775531f1 11 bytes [B8, 79, 8A, 1D, 74, 00, 00, ...] .text C:\Windows\system32\svchost.exe[2100] C:\Windows\system32\kernel32.dll!Process32NextW + 1 0000000076fc20f1 11 bytes [B8, 39, D9, 1D, 74, 00, 00, ...] .text C:\Windows\system32\svchost.exe[2100] C:\Windows\system32\kernel32.dll!CreateToolhelp32Snapshot 0000000076fc21e0 12 bytes [48, B8, 79, 44, 1D, 74, 00, ...] .text C:\Windows\system32\svchost.exe[2100] C:\Windows\system32\kernel32.dll!CopyFileExW + 1 0000000076fd23d1 11 bytes [B8, 79, 21, 1D, 74, 00, 00, ...] .text C:\Windows\system32\svchost.exe[2100] C:\Windows\system32\kernel32.dll!CreateProcessInternalW 0000000076fde750 12 bytes [48, B8, 39, 38, 1D, 74, 00, ...] .text C:\Windows\system32\svchost.exe[2100] C:\Windows\system32\kernel32.dll!GetStartupInfoA + 1 0000000076fe1e31 11 bytes [B8, 79, DE, 1D, 74, 00, 00, ...] .text C:\Windows\system32\svchost.exe[2100] C:\Windows\system32\kernel32.dll!ReadConsoleInputW + 1 0000000077015011 11 bytes [B8, F9, 7F, 1D, 74, 00, 00, ...] .text C:\Windows\system32\svchost.exe[2100] C:\Windows\system32\kernel32.dll!ReadConsoleInputA + 1 0000000077015031 11 bytes [B8, 79, 7C, 1D, 74, 00, 00, ...] .text C:\Windows\system32\svchost.exe[2100] C:\Windows\system32\kernel32.dll!ReadConsoleW 000000007702a560 12 bytes [48, B8, F9, 86, 1D, 74, 00, ...] .text C:\Windows\system32\svchost.exe[2100] C:\Windows\system32\kernel32.dll!ReadConsoleA 000000007702a670 12 bytes [48, B8, 79, 83, 1D, 74, 00, ...] .text C:\Windows\system32\svchost.exe[2100] C:\Windows\system32\kernel32.dll!MoveFileWithProgressW + 1 000000007704f6c1 11 bytes [B8, 79, 28, 1D, 74, 00, 00, ...] .text C:\Windows\system32\svchost.exe[2100] C:\Windows\system32\KERNELBASE.dll!CloseHandle + 1 000007fefdbb1861 11 bytes [B8, B9, 57, 1D, 74, 00, 00, ...] .text C:\Windows\system32\svchost.exe[2100] C:\Windows\system32\KERNELBASE.dll!GetProcAddress + 1 000007fefdbb30f1 11 bytes [B8, B9, CE, 1D, 74, 00, 00, ...] .text C:\Windows\system32\svchost.exe[2100] C:\Windows\system32\KERNELBASE.dll!CreateMutexW 000007fefdbb8b80 12 bytes [48, B8, F9, 55, 1D, 74, 00, ...] .text C:\Windows\system32\svchost.exe[2100] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefdbb9940 12 bytes [48, B8, 39, CB, 1D, 74, 00, ...] .text C:\Windows\system32\svchost.exe[2100] C:\Windows\system32\KERNELBASE.dll!FreeLibrary + 1 000007fefdbb9fb1 11 bytes [B8, F9, CC, 1D, 74, 00, 00, ...] .text C:\Windows\system32\svchost.exe[2100] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExA + 1 000007fefdbbbbb1 11 bytes [B8, 79, C9, 1D, 74, 00, 00, ...] .text C:\Windows\system32\svchost.exe[2100] C:\Windows\system32\KERNELBASE.dll!OpenMutexW + 1 000007fefdbc29c1 11 bytes [B8, 39, 54, 1D, 74, 00, 00, ...] .text C:\Windows\system32\svchost.exe[2100] C:\Windows\system32\KERNELBASE.dll!WriteProcessMemory 000007fefdbe4320 12 bytes [48, B8, F9, 47, 1D, 74, 00, ...] .text C:\Windows\system32\svchost.exe[2100] C:\Windows\system32\KERNELBASE.dll!CreateRemoteThread + 1 000007fefdbf2841 8 bytes [B8, B9, 2D, 1D, 74, 00, 00, ...] .text C:\Windows\system32\svchost.exe[2100] C:\Windows\system32\KERNELBASE.dll!CreateRemoteThread + 10 000007fefdbf284a 2 bytes [50, C3] .text C:\Windows\system32\svchost.exe[2100] C:\Windows\system32\KERNELBASE.dll!CreateThread + 1 000007fefdbf2881 11 bytes [B8, 39, 46, 1D, 74, 00, 00, ...] .text C:\Windows\system32\svchost.exe[2100] C:\Windows\SYSTEM32\sechost.dll!ControlService + 1 000007fefdf3642d 11 bytes [B8, 79, 60, 1D, 74, 00, 00, ...] .text C:\Windows\system32\svchost.exe[2100] C:\Windows\SYSTEM32\sechost.dll!OpenServiceW 000007fefdf36484 12 bytes [48, B8, 39, 5B, 1D, 74, 00, ...] .text C:\Windows\system32\svchost.exe[2100] C:\Windows\SYSTEM32\sechost.dll!CloseServiceHandle + 1 000007fefdf36519 11 bytes [B8, 79, 67, 1D, 74, 00, 00, ...] .text C:\Windows\system32\svchost.exe[2100] C:\Windows\SYSTEM32\sechost.dll!OpenServiceA 000007fefdf36c34 12 bytes [48, B8, 79, 59, 1D, 74, 00, ...] .text C:\Windows\system32\svchost.exe[2100] C:\Windows\SYSTEM32\sechost.dll!DeleteService + 1 000007fefdf37ab5 11 bytes [B8, 39, 62, 1D, 74, 00, 00, ...] .text C:\Windows\system32\svchost.exe[2100] C:\Windows\SYSTEM32\sechost.dll!ControlServiceExA + 1 000007fefdf38b01 11 bytes [B8, F9, 5C, 1D, 74, 00, 00, ...] .text C:\Windows\system32\svchost.exe[2100] C:\Windows\SYSTEM32\sechost.dll!ControlServiceExW + 1 000007fefdf38c39 11 bytes [B8, B9, 5E, 1D, 74, 00, 00, ...] .text C:\Windows\system32\svchost.exe[2100] C:\Windows\system32\USER32.dll!CreateWindowExA 000000007739a2e0 12 bytes [48, B8, F9, B0, 1D, 74, 00, ...] .text C:\Windows\system32\svchost.exe[2100] C:\Windows\system32\USER32.dll!PostMessageA + 1 000000007739a405 11 bytes [B8, F9, E1, 1D, 74, 00, 00, ...] .text C:\Windows\system32\svchost.exe[2100] C:\Windows\system32\USER32.dll!CallNextHookEx + 1 000000007739bae1 11 bytes [B8, 39, 8C, 1D, 74, 00, 00, ...] .text C:\Windows\system32\svchost.exe[2100] C:\Windows\system32\USER32.dll!FindWindowW + 1 000000007739d265 7 bytes [B8, F9, D3, 1D, 74, 00, 00] .text C:\Windows\system32\svchost.exe[2100] C:\Windows\system32\USER32.dll!FindWindowW + 9 000000007739d26d 3 bytes [00, 50, C3] .text C:\Windows\system32\svchost.exe[2100] C:\Windows\system32\USER32.dll!UnhookWindowsHookEx 000000007739d440 6 bytes [48, B8, F9, 8D, 1D, 74] .text C:\Windows\system32\svchost.exe[2100] C:\Windows\system32\USER32.dll!UnhookWindowsHookEx + 8 000000007739d448 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\svchost.exe[2100] C:\Windows\system32\USER32.dll!SetWindowsHookExW + 1 000000007739f875 7 bytes [B8, F9, 2B, 1D, 74, 00, 00] .text C:\Windows\system32\svchost.exe[2100] C:\Windows\system32\USER32.dll!SetWindowsHookExW + 9 000000007739f87d 3 bytes [00, 50, C3] .text C:\Windows\system32\svchost.exe[2100] C:\Windows\system32\USER32.dll!CreateWindowExW 00000000773a0810 12 bytes [48, B8, 39, AF, 1D, 74, 00, ...] .text C:\Windows\system32\svchost.exe[2100] C:\Windows\system32\USER32.dll!ShowWindow 00000000773a1930 6 bytes [48, B8, B9, B2, 1D, 74] .text C:\Windows\system32\svchost.exe[2100] C:\Windows\system32\USER32.dll!ShowWindow + 8 00000000773a1938 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\svchost.exe[2100] C:\Windows\system32\USER32.dll!PeekMessageA + 1 00000000773a3a19 11 bytes [B8, 39, 77, 1D, 74, 00, 00, ...] .text C:\Windows\system32\svchost.exe[2100] C:\Windows\system32\USER32.dll!GetMessageA + 1 00000000773a6111 11 bytes [B8, B9, 73, 1D, 74, 00, 00, ...] .text C:\Windows\system32\svchost.exe[2100] C:\Windows\system32\USER32.dll!SetWindowTextW + 1 00000000773a7055 11 bytes [B8, 39, BD, 1D, 74, 00, 00, ...] .text C:\Windows\system32\svchost.exe[2100] C:\Windows\system32\USER32.dll!PostMessageW + 1 00000000773a76e5 11 bytes [B8, B9, E3, 1D, 74, 00, 00, ...] .text C:\Windows\system32\svchost.exe[2100] C:\Windows\system32\USER32.dll!PeekMessageW + 1 00000000773a8fd1 11 bytes [B8, F9, 78, 1D, 74, 00, 00, ...] .text C:\Windows\system32\svchost.exe[2100] C:\Windows\system32\USER32.dll!GetMessageW 00000000773a9e74 12 bytes [48, B8, 79, 75, 1D, 74, 00, ...] .text C:\Windows\system32\svchost.exe[2100] C:\Windows\system32\USER32.dll!UserClientDllInitialize + 1 00000000773aa2c9 11 bytes [B8, B9, F1, 1D, 74, 00, 00, ...] .text C:\Windows\system32\svchost.exe[2100] C:\Windows\system32\USER32.dll!DialogBoxIndirectParamAorW + 1 00000000773b4efd 11 bytes [B8, 39, B6, 1D, 74, 00, 00, ...] .text C:\Windows\system32\svchost.exe[2100] C:\Windows\system32\USER32.dll!CreateDialogIndirectParamAorW + 1 00000000773b7469 11 bytes [B8, 79, B4, 1D, 74, 00, 00, ...] .text C:\Windows\system32\svchost.exe[2100] C:\Windows\system32\USER32.dll!FindWindowA + 1 00000000773b8271 7 bytes [B8, 79, D0, 1D, 74, 00, 00] .text C:\Windows\system32\svchost.exe[2100] C:\Windows\system32\USER32.dll!FindWindowA + 9 00000000773b8279 3 bytes [00, 50, C3] .text C:\Windows\system32\svchost.exe[2100] C:\Windows\system32\USER32.dll!SetWindowsHookExA + 1 00000000773b8c21 8 bytes [B8, 39, 2A, 1D, 74, 00, 00, ...] .text C:\Windows\system32\svchost.exe[2100] C:\Windows\system32\USER32.dll!SetWindowsHookExA + 10 00000000773b8c2a 2 bytes [50, C3] .text C:\Windows\system32\svchost.exe[2100] C:\Windows\system32\USER32.dll!FindWindowExW + 1 00000000773b8d21 7 bytes [B8, B9, D5, 1D, 74, 00, 00] .text C:\Windows\system32\svchost.exe[2100] C:\Windows\system32\USER32.dll!FindWindowExW + 9 00000000773b8d29 3 bytes [00, 50, C3] .text C:\Windows\system32\svchost.exe[2100] C:\Windows\system32\USER32.dll!MessageBoxExA + 1 0000000077401371 11 bytes [B8, F9, B7, 1D, 74, 00, 00, ...] .text C:\Windows\system32\svchost.exe[2100] C:\Windows\system32\USER32.dll!MessageBoxExW + 1 0000000077401395 11 bytes [B8, B9, B9, 1D, 74, 00, 00, ...] .text C:\Windows\system32\svchost.exe[2100] C:\Windows\system32\USER32.dll!SetWindowTextA + 1 000000007740d379 11 bytes [B8, 79, BB, 1D, 74, 00, 00, ...] .text C:\Windows\system32\svchost.exe[2100] C:\Windows\system32\USER32.dll!FindWindowExA + 1 000000007740dae1 7 bytes [B8, 39, D2, 1D, 74, 00, 00] .text C:\Windows\system32\svchost.exe[2100] C:\Windows\system32\USER32.dll!FindWindowExA + 9 000000007740dae9 3 bytes [00, 50, C3] .text C:\Windows\system32\svchost.exe[2100] C:\Windows\system32\ADVAPI32.dll!IsTextUnicode + 65 000007fefe550761 11 bytes [B8, 79, F3, 1D, 74, 00, 00, ...] .text C:\Windows\system32\svchost.exe[2100] C:\Windows\system32\ADVAPI32.dll!CreateServiceW 000007fefe553b44 12 bytes [48, B8, F9, 71, 1D, 74, 00, ...] .text C:\Windows\system32\svchost.exe[2100] C:\Windows\system32\ADVAPI32.dll!CreateServiceA 000007fefe56b704 12 bytes [48, B8, 39, 70, 1D, 74, 00, ...] .text C:\Windows\system32\svchost.exe[2100] C:\Windows\system32\ADVAPI32.dll!ChangeServiceConfigW 000007fefe56b870 12 bytes [48, B8, B9, 65, 1D, 74, 00, ...] .text C:\Windows\system32\svchost.exe[2100] C:\Windows\system32\ADVAPI32.dll!ChangeServiceConfigA 000007fefe56b8dc 12 bytes [48, B8, F9, 63, 1D, 74, 00, ...] .text C:\Windows\system32\svchost.exe[2100] C:\Windows\system32\WS2_32.dll!WSASend + 1 000007fefe4d13b1 11 bytes [B8, 39, C4, 1D, 74, 00, 00, ...] .text C:\Windows\system32\svchost.exe[2100] C:\Windows\system32\WS2_32.dll!closesocket 000007fefe4d18e0 12 bytes [48, B8, 79, C2, 1D, 74, 00, ...] .text C:\Windows\system32\svchost.exe[2100] C:\Windows\system32\WS2_32.dll!WSASocketW + 1 000007fefe4d1bd1 11 bytes [B8, B9, C0, 1D, 74, 00, 00, ...] .text C:\Windows\system32\svchost.exe[2100] C:\Windows\system32\WS2_32.dll!GetAddrInfoW 000007fefe4d23c0 12 bytes [48, B8, B9, AB, 1D, 74, 00, ...] .text C:\Windows\system32\svchost.exe[2100] C:\Windows\system32\WS2_32.dll!connect 000007fefe4d45c0 12 bytes [48, B8, B9, 6C, 1D, 74, 00, ...] .text C:\Windows\system32\svchost.exe[2100] C:\Windows\system32\WS2_32.dll!send + 1 000007fefe4d8001 11 bytes [B8, F9, BE, 1D, 74, 00, 00, ...] .text C:\Windows\system32\svchost.exe[2100] C:\Windows\system32\WS2_32.dll!gethostbyname 000007fefe4d8df0 7 bytes [48, B8, 79, AD, 1D, 74, 00] .text C:\Windows\system32\svchost.exe[2100] C:\Windows\system32\WS2_32.dll!gethostbyname + 9 000007fefe4d8df9 3 bytes [00, 50, C3] .text C:\Windows\system32\svchost.exe[2100] C:\Windows\system32\SHELL32.dll!Shell_NotifyIconW + 1 000007fefea2dc51 11 bytes [B8, B9, 8F, 1D, 74, 00, 00, ...] .text C:\Windows\system32\svchost.exe[2176] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateProcessParametersEx + 1 00000000774c92a1 5 bytes [B8, 79, 6E, 1D, 74] .text C:\Windows\system32\svchost.exe[2176] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateProcessParametersEx + 7 00000000774c92a7 5 bytes [00, 00, 00, 50, C3] .text C:\Windows\system32\svchost.exe[2176] C:\Windows\SYSTEM32\ntdll.dll!NtClose 00000000774e1400 6 bytes [48, B8, F9, DA, 1D, 74] .text C:\Windows\system32\svchost.exe[2176] C:\Windows\SYSTEM32\ntdll.dll!NtClose + 8 00000000774e1408 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\svchost.exe[2176] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess 00000000774e14d0 6 bytes [48, B8, B9, C7, 1D, 74] .text C:\Windows\system32\svchost.exe[2176] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess + 8 00000000774e14d8 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\svchost.exe[2176] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000774e1570 6 bytes [48, B8, 79, 3D, 1D, 74] .text C:\Windows\system32\svchost.exe[2176] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess + 8 00000000774e1578 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\svchost.exe[2176] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 00000000774e1590 6 bytes [48, B8, 39, 1C, 1D, 74] .text C:\Windows\system32\svchost.exe[2176] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection + 8 00000000774e1598 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\svchost.exe[2176] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection 00000000774e15b0 6 bytes [48, B8, F9, 1D, 1D, 74] .text C:\Windows\system32\svchost.exe[2176] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection + 8 00000000774e15b8 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\svchost.exe[2176] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000774e15d0 6 bytes [48, B8, F9, C5, 1D, 74] .text C:\Windows\system32\svchost.exe[2176] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess + 8 00000000774e15d8 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\svchost.exe[2176] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000774e1680 6 bytes [48, B8, B9, EA, 1D, 74] .text C:\Windows\system32\svchost.exe[2176] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection + 8 00000000774e1688 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\svchost.exe[2176] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000774e16b0 6 bytes [48, B8, F9, 39, 1D, 74] .text C:\Windows\system32\svchost.exe[2176] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory + 8 00000000774e16b8 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\svchost.exe[2176] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000774e16d0 6 bytes [48, B8, F9, 40, 1D, 74] .text C:\Windows\system32\svchost.exe[2176] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject + 8 00000000774e16d8 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\svchost.exe[2176] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 00000000774e1760 6 bytes [48, B8, 39, 3F, 1D, 74] .text C:\Windows\system32\svchost.exe[2176] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread + 8 00000000774e1768 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\svchost.exe[2176] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000774e17b0 6 bytes [48, B8, 79, EC, 1D, 74] .text C:\Windows\system32\svchost.exe[2176] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection + 8 00000000774e17b8 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\svchost.exe[2176] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcessEx 00000000774e17e0 6 bytes [48, B8, B9, 34, 1D, 74] .text C:\Windows\system32\svchost.exe[2176] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcessEx + 8 00000000774e17e8 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\svchost.exe[2176] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000774e17f0 6 bytes [48, B8, 39, 31, 1D, 74] .text C:\Windows\system32\svchost.exe[2176] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread + 8 00000000774e17f8 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\svchost.exe[2176] C:\Windows\SYSTEM32\ntdll.dll!NtSetValueKey 00000000774e1910 6 bytes [48, B8, F9, EF, 1D, 74] .text C:\Windows\system32\svchost.exe[2176] C:\Windows\SYSTEM32\ntdll.dll!NtSetValueKey + 8 00000000774e1918 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\svchost.exe[2176] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000774e1ce0 6 bytes [48, B8, 79, E5, 1D, 74] .text C:\Windows\system32\svchost.exe[2176] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant + 8 00000000774e1ce8 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\svchost.exe[2176] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcess 00000000774e1d30 6 bytes [48, B8, F9, 32, 1D, 74] .text C:\Windows\system32\svchost.exe[2176] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcess + 8 00000000774e1d38 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\svchost.exe[2176] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000774e1d90 6 bytes [48, B8, 79, 2F, 1D, 74] .text C:\Windows\system32\svchost.exe[2176] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx + 8 00000000774e1d98 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\svchost.exe[2176] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000774e2100 6 bytes [48, B8, 39, E7, 1D, 74] .text C:\Windows\system32\svchost.exe[2176] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver + 8 00000000774e2108 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\svchost.exe[2176] C:\Windows\SYSTEM32\ntdll.dll!NtRaiseHardError 00000000774e2640 6 bytes [48, B8, B9, 88, 1D, 74] .text C:\Windows\system32\svchost.exe[2176] C:\Windows\SYSTEM32\ntdll.dll!NtRaiseHardError + 8 00000000774e2648 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\svchost.exe[2176] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000774e2840 6 bytes [48, B8, B9, 3B, 1D, 74] .text C:\Windows\system32\svchost.exe[2176] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread + 8 00000000774e2848 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\svchost.exe[2176] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000774e2a00 6 bytes [48, B8, F9, E8, 1D, 74] .text C:\Windows\system32\svchost.exe[2176] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation + 8 00000000774e2a08 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\svchost.exe[2176] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000774e2b00 6 bytes [48, B8, 39, EE, 1D, 74] .text C:\Windows\system32\svchost.exe[2176] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl + 8 00000000774e2b08 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\svchost.exe[2176] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000774e2be0 6 bytes [48, B8, 39, E0, 1D, 74] .text C:\Windows\system32\svchost.exe[2176] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl + 8 00000000774e2be8 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\svchost.exe[2176] C:\Windows\SYSTEM32\ntdll.dll!RtlReportException + 1 00000000775531f1 11 bytes [B8, 79, 8A, 1D, 74, 00, 00, ...] .text C:\Windows\system32\svchost.exe[2176] C:\Windows\system32\kernel32.dll!Process32NextW + 1 0000000076fc20f1 11 bytes [B8, 39, D9, 1D, 74, 00, 00, ...] .text C:\Windows\system32\svchost.exe[2176] C:\Windows\system32\kernel32.dll!CreateToolhelp32Snapshot 0000000076fc21e0 12 bytes [48, B8, 79, 44, 1D, 74, 00, ...] .text C:\Windows\system32\svchost.exe[2176] C:\Windows\system32\kernel32.dll!CopyFileExW + 1 0000000076fd23d1 11 bytes [B8, 79, 21, 1D, 74, 00, 00, ...] .text C:\Windows\system32\svchost.exe[2176] C:\Windows\system32\kernel32.dll!CreateProcessInternalW 0000000076fde750 12 bytes [48, B8, 39, 38, 1D, 74, 00, ...] .text C:\Windows\system32\svchost.exe[2176] C:\Windows\system32\kernel32.dll!GetStartupInfoA + 1 0000000076fe1e31 11 bytes [B8, 79, DE, 1D, 74, 00, 00, ...] .text C:\Windows\system32\svchost.exe[2176] C:\Windows\system32\kernel32.dll!ReadConsoleInputW + 1 0000000077015011 11 bytes [B8, F9, 7F, 1D, 74, 00, 00, ...] .text C:\Windows\system32\svchost.exe[2176] C:\Windows\system32\kernel32.dll!ReadConsoleInputA + 1 0000000077015031 11 bytes [B8, 79, 7C, 1D, 74, 00, 00, ...] .text C:\Windows\system32\svchost.exe[2176] C:\Windows\system32\kernel32.dll!ReadConsoleW 000000007702a560 12 bytes [48, B8, F9, 86, 1D, 74, 00, ...] .text C:\Windows\system32\svchost.exe[2176] C:\Windows\system32\kernel32.dll!ReadConsoleA 000000007702a670 12 bytes [48, B8, 79, 83, 1D, 74, 00, ...] .text C:\Windows\system32\svchost.exe[2176] C:\Windows\system32\kernel32.dll!MoveFileWithProgressW + 1 000000007704f6c1 11 bytes [B8, 79, 28, 1D, 74, 00, 00, ...] .text C:\Windows\system32\svchost.exe[2176] C:\Windows\system32\KERNELBASE.dll!CloseHandle + 1 000007fefdbb1861 11 bytes [B8, B9, 57, 1D, 74, 00, 00, ...] .text C:\Windows\system32\svchost.exe[2176] C:\Windows\system32\KERNELBASE.dll!GetProcAddress + 1 000007fefdbb30f1 11 bytes [B8, B9, CE, 1D, 74, 00, 00, ...] .text C:\Windows\system32\svchost.exe[2176] C:\Windows\system32\KERNELBASE.dll!CreateMutexW 000007fefdbb8b80 12 bytes [48, B8, F9, 55, 1D, 74, 00, ...] .text C:\Windows\system32\svchost.exe[2176] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefdbb9940 12 bytes [48, B8, 39, CB, 1D, 74, 00, ...] .text C:\Windows\system32\svchost.exe[2176] C:\Windows\system32\KERNELBASE.dll!FreeLibrary + 1 000007fefdbb9fb1 11 bytes [B8, F9, CC, 1D, 74, 00, 00, ...] .text C:\Windows\system32\svchost.exe[2176] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExA + 1 000007fefdbbbbb1 11 bytes [B8, 79, C9, 1D, 74, 00, 00, ...] .text C:\Windows\system32\svchost.exe[2176] C:\Windows\system32\KERNELBASE.dll!OpenMutexW + 1 000007fefdbc29c1 11 bytes [B8, 39, 54, 1D, 74, 00, 00, ...] .text C:\Windows\system32\svchost.exe[2176] C:\Windows\system32\KERNELBASE.dll!WriteProcessMemory 000007fefdbe4320 12 bytes [48, B8, F9, 47, 1D, 74, 00, ...] .text C:\Windows\system32\svchost.exe[2176] C:\Windows\system32\KERNELBASE.dll!CreateRemoteThread + 1 000007fefdbf2841 8 bytes [B8, B9, 2D, 1D, 74, 00, 00, ...] .text C:\Windows\system32\svchost.exe[2176] C:\Windows\system32\KERNELBASE.dll!CreateRemoteThread + 10 000007fefdbf284a 2 bytes [50, C3] .text C:\Windows\system32\svchost.exe[2176] C:\Windows\system32\KERNELBASE.dll!CreateThread + 1 000007fefdbf2881 11 bytes [B8, 39, 46, 1D, 74, 00, 00, ...] .text C:\Windows\system32\svchost.exe[2176] C:\Windows\SYSTEM32\sechost.dll!ControlService + 1 000007fefdf3642d 11 bytes [B8, 79, 60, 1D, 74, 00, 00, ...] .text C:\Windows\system32\svchost.exe[2176] C:\Windows\SYSTEM32\sechost.dll!OpenServiceW 000007fefdf36484 12 bytes [48, B8, 39, 5B, 1D, 74, 00, ...] .text C:\Windows\system32\svchost.exe[2176] C:\Windows\SYSTEM32\sechost.dll!CloseServiceHandle + 1 000007fefdf36519 11 bytes [B8, 79, 67, 1D, 74, 00, 00, ...] .text C:\Windows\system32\svchost.exe[2176] C:\Windows\SYSTEM32\sechost.dll!OpenServiceA 000007fefdf36c34 12 bytes [48, B8, 79, 59, 1D, 74, 00, ...] .text C:\Windows\system32\svchost.exe[2176] C:\Windows\SYSTEM32\sechost.dll!DeleteService + 1 000007fefdf37ab5 11 bytes [B8, 39, 62, 1D, 74, 00, 00, ...] .text C:\Windows\system32\svchost.exe[2176] C:\Windows\SYSTEM32\sechost.dll!ControlServiceExA + 1 000007fefdf38b01 11 bytes [B8, F9, 5C, 1D, 74, 00, 00, ...] .text C:\Windows\system32\svchost.exe[2176] C:\Windows\SYSTEM32\sechost.dll!ControlServiceExW + 1 000007fefdf38c39 11 bytes [B8, B9, 5E, 1D, 74, 00, 00, ...] .text C:\Windows\system32\svchost.exe[2176] C:\Windows\system32\ADVAPI32.dll!IsTextUnicode + 65 000007fefe550761 11 bytes [B8, B9, F1, 1D, 74, 00, 00, ...] .text C:\Windows\system32\svchost.exe[2176] C:\Windows\system32\ADVAPI32.dll!CreateServiceW 000007fefe553b44 12 bytes [48, B8, F9, 71, 1D, 74, 00, ...] .text C:\Windows\system32\svchost.exe[2176] C:\Windows\system32\ADVAPI32.dll!CreateServiceA 000007fefe56b704 12 bytes [48, B8, 39, 70, 1D, 74, 00, ...] .text C:\Windows\system32\svchost.exe[2176] C:\Windows\system32\ADVAPI32.dll!ChangeServiceConfigW 000007fefe56b870 12 bytes [48, B8, B9, 65, 1D, 74, 00, ...] .text C:\Windows\system32\svchost.exe[2176] C:\Windows\system32\ADVAPI32.dll!ChangeServiceConfigA 000007fefe56b8dc 12 bytes [48, B8, F9, 63, 1D, 74, 00, ...] .text C:\Windows\system32\svchost.exe[2176] C:\Windows\system32\USER32.dll!CreateWindowExA 000000007739a2e0 12 bytes [48, B8, F9, B0, 1D, 74, 00, ...] .text C:\Windows\system32\svchost.exe[2176] C:\Windows\system32\USER32.dll!PostMessageA + 1 000000007739a405 11 bytes [B8, F9, E1, 1D, 74, 00, 00, ...] .text C:\Windows\system32\svchost.exe[2176] C:\Windows\system32\USER32.dll!CallNextHookEx + 1 000000007739bae1 11 bytes [B8, 39, 8C, 1D, 74, 00, 00, ...] .text C:\Windows\system32\svchost.exe[2176] C:\Windows\system32\USER32.dll!FindWindowW + 1 000000007739d265 7 bytes [B8, F9, D3, 1D, 74, 00, 00] .text C:\Windows\system32\svchost.exe[2176] C:\Windows\system32\USER32.dll!FindWindowW + 9 000000007739d26d 3 bytes [00, 50, C3] .text C:\Windows\system32\svchost.exe[2176] C:\Windows\system32\USER32.dll!UnhookWindowsHookEx 000000007739d440 6 bytes [48, B8, F9, 8D, 1D, 74] .text C:\Windows\system32\svchost.exe[2176] C:\Windows\system32\USER32.dll!UnhookWindowsHookEx + 8 000000007739d448 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\svchost.exe[2176] C:\Windows\system32\USER32.dll!SetWindowsHookExW + 1 000000007739f875 7 bytes [B8, F9, 2B, 1D, 74, 00, 00] .text C:\Windows\system32\svchost.exe[2176] C:\Windows\system32\USER32.dll!SetWindowsHookExW + 9 000000007739f87d 3 bytes [00, 50, C3] .text C:\Windows\system32\svchost.exe[2176] C:\Windows\system32\USER32.dll!CreateWindowExW 00000000773a0810 12 bytes [48, B8, 39, AF, 1D, 74, 00, ...] .text C:\Windows\system32\svchost.exe[2176] C:\Windows\system32\USER32.dll!ShowWindow 00000000773a1930 6 bytes [48, B8, B9, B2, 1D, 74] .text C:\Windows\system32\svchost.exe[2176] C:\Windows\system32\USER32.dll!ShowWindow + 8 00000000773a1938 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\svchost.exe[2176] C:\Windows\system32\USER32.dll!PeekMessageA + 1 00000000773a3a19 11 bytes [B8, 39, 77, 1D, 74, 00, 00, ...] .text C:\Windows\system32\svchost.exe[2176] C:\Windows\system32\USER32.dll!GetMessageA + 1 00000000773a6111 11 bytes [B8, B9, 73, 1D, 74, 00, 00, ...] .text C:\Windows\system32\svchost.exe[2176] C:\Windows\system32\USER32.dll!SetWindowTextW + 1 00000000773a7055 11 bytes [B8, 39, BD, 1D, 74, 00, 00, ...] .text C:\Windows\system32\svchost.exe[2176] C:\Windows\system32\USER32.dll!PostMessageW + 1 00000000773a76e5 11 bytes [B8, B9, E3, 1D, 74, 00, 00, ...] .text C:\Windows\system32\svchost.exe[2176] C:\Windows\system32\USER32.dll!PeekMessageW + 1 00000000773a8fd1 11 bytes [B8, F9, 78, 1D, 74, 00, 00, ...] .text C:\Windows\system32\svchost.exe[2176] C:\Windows\system32\USER32.dll!GetMessageW 00000000773a9e74 12 bytes [48, B8, 79, 75, 1D, 74, 00, ...] .text C:\Windows\system32\svchost.exe[2176] C:\Windows\system32\USER32.dll!UserClientDllInitialize + 1 00000000773aa2c9 11 bytes [B8, 79, F3, 1D, 74, 00, 00, ...] .text C:\Windows\system32\svchost.exe[2176] C:\Windows\system32\USER32.dll!DialogBoxIndirectParamAorW + 1 00000000773b4efd 11 bytes [B8, 39, B6, 1D, 74, 00, 00, ...] .text C:\Windows\system32\svchost.exe[2176] C:\Windows\system32\USER32.dll!CreateDialogIndirectParamAorW + 1 00000000773b7469 11 bytes [B8, 79, B4, 1D, 74, 00, 00, ...] .text C:\Windows\system32\svchost.exe[2176] C:\Windows\system32\USER32.dll!FindWindowA + 1 00000000773b8271 7 bytes [B8, 79, D0, 1D, 74, 00, 00] .text C:\Windows\system32\svchost.exe[2176] C:\Windows\system32\USER32.dll!FindWindowA + 9 00000000773b8279 3 bytes [00, 50, C3] .text C:\Windows\system32\svchost.exe[2176] C:\Windows\system32\USER32.dll!SetWindowsHookExA + 1 00000000773b8c21 8 bytes [B8, 39, 2A, 1D, 74, 00, 00, ...] .text C:\Windows\system32\svchost.exe[2176] C:\Windows\system32\USER32.dll!SetWindowsHookExA + 10 00000000773b8c2a 2 bytes [50, C3] .text C:\Windows\system32\svchost.exe[2176] C:\Windows\system32\USER32.dll!FindWindowExW + 1 00000000773b8d21 7 bytes [B8, B9, D5, 1D, 74, 00, 00] .text C:\Windows\system32\svchost.exe[2176] C:\Windows\system32\USER32.dll!FindWindowExW + 9 00000000773b8d29 3 bytes [00, 50, C3] .text C:\Windows\system32\svchost.exe[2176] C:\Windows\system32\USER32.dll!MessageBoxExA + 1 0000000077401371 11 bytes [B8, F9, B7, 1D, 74, 00, 00, ...] .text C:\Windows\system32\svchost.exe[2176] C:\Windows\system32\USER32.dll!MessageBoxExW + 1 0000000077401395 11 bytes [B8, B9, B9, 1D, 74, 00, 00, ...] .text C:\Windows\system32\svchost.exe[2176] C:\Windows\system32\USER32.dll!SetWindowTextA + 1 000000007740d379 11 bytes [B8, 79, BB, 1D, 74, 00, 00, ...] .text C:\Windows\system32\svchost.exe[2176] C:\Windows\system32\USER32.dll!FindWindowExA + 1 000000007740dae1 7 bytes [B8, 39, D2, 1D, 74, 00, 00] .text C:\Windows\system32\svchost.exe[2176] C:\Windows\system32\USER32.dll!FindWindowExA + 9 000000007740dae9 3 bytes [00, 50, C3] .text C:\Windows\system32\svchost.exe[2176] C:\Windows\system32\SHELL32.dll!Shell_NotifyIconW + 1 000007fefea2dc51 11 bytes [B8, B9, 8F, 1D, 74, 00, 00, ...] .text C:\Windows\system32\SearchIndexer.exe[2824] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateProcessParametersEx + 1 00000000774c92a1 5 bytes [B8, 79, 6E, 1D, 74] .text C:\Windows\system32\SearchIndexer.exe[2824] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateProcessParametersEx + 7 00000000774c92a7 5 bytes [00, 00, 00, 50, C3] .text C:\Windows\system32\SearchIndexer.exe[2824] C:\Windows\SYSTEM32\ntdll.dll!NtClose 00000000774e1400 6 bytes [48, B8, F9, DA, 1D, 74] .text C:\Windows\system32\SearchIndexer.exe[2824] C:\Windows\SYSTEM32\ntdll.dll!NtClose + 8 00000000774e1408 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\SearchIndexer.exe[2824] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess 00000000774e14d0 6 bytes [48, B8, B9, C7, 1D, 74] .text C:\Windows\system32\SearchIndexer.exe[2824] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess + 8 00000000774e14d8 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\SearchIndexer.exe[2824] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000774e1570 6 bytes [48, B8, 79, 3D, 1D, 74] .text C:\Windows\system32\SearchIndexer.exe[2824] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess + 8 00000000774e1578 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\SearchIndexer.exe[2824] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 00000000774e1590 6 bytes [48, B8, 39, 1C, 1D, 74] .text C:\Windows\system32\SearchIndexer.exe[2824] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection + 8 00000000774e1598 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\SearchIndexer.exe[2824] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection 00000000774e15b0 6 bytes [48, B8, F9, 1D, 1D, 74] .text C:\Windows\system32\SearchIndexer.exe[2824] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection + 8 00000000774e15b8 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\SearchIndexer.exe[2824] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000774e15d0 6 bytes [48, B8, F9, C5, 1D, 74] .text C:\Windows\system32\SearchIndexer.exe[2824] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess + 8 00000000774e15d8 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\SearchIndexer.exe[2824] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000774e1680 6 bytes [48, B8, B9, EA, 1D, 74] .text C:\Windows\system32\SearchIndexer.exe[2824] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection + 8 00000000774e1688 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\SearchIndexer.exe[2824] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000774e16b0 6 bytes [48, B8, F9, 39, 1D, 74] .text C:\Windows\system32\SearchIndexer.exe[2824] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory + 8 00000000774e16b8 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\SearchIndexer.exe[2824] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000774e16d0 6 bytes [48, B8, F9, 40, 1D, 74] .text C:\Windows\system32\SearchIndexer.exe[2824] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject + 8 00000000774e16d8 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\SearchIndexer.exe[2824] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 00000000774e1760 6 bytes [48, B8, 39, 3F, 1D, 74] .text C:\Windows\system32\SearchIndexer.exe[2824] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread + 8 00000000774e1768 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\SearchIndexer.exe[2824] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000774e17b0 6 bytes [48, B8, 79, EC, 1D, 74] .text C:\Windows\system32\SearchIndexer.exe[2824] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection + 8 00000000774e17b8 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\SearchIndexer.exe[2824] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcessEx 00000000774e17e0 6 bytes [48, B8, B9, 34, 1D, 74] .text C:\Windows\system32\SearchIndexer.exe[2824] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcessEx + 8 00000000774e17e8 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\SearchIndexer.exe[2824] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000774e17f0 6 bytes [48, B8, 39, 31, 1D, 74] .text C:\Windows\system32\SearchIndexer.exe[2824] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread + 8 00000000774e17f8 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\SearchIndexer.exe[2824] C:\Windows\SYSTEM32\ntdll.dll!NtSetValueKey 00000000774e1910 6 bytes [48, B8, F9, EF, 1D, 74] .text C:\Windows\system32\SearchIndexer.exe[2824] C:\Windows\SYSTEM32\ntdll.dll!NtSetValueKey + 8 00000000774e1918 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\SearchIndexer.exe[2824] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000774e1ce0 6 bytes [48, B8, 79, E5, 1D, 74] .text C:\Windows\system32\SearchIndexer.exe[2824] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant + 8 00000000774e1ce8 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\SearchIndexer.exe[2824] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcess 00000000774e1d30 6 bytes [48, B8, F9, 32, 1D, 74] .text C:\Windows\system32\SearchIndexer.exe[2824] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcess + 8 00000000774e1d38 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\SearchIndexer.exe[2824] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000774e1d90 6 bytes [48, B8, 79, 2F, 1D, 74] .text C:\Windows\system32\SearchIndexer.exe[2824] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx + 8 00000000774e1d98 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\SearchIndexer.exe[2824] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000774e2100 6 bytes [48, B8, 39, E7, 1D, 74] .text C:\Windows\system32\SearchIndexer.exe[2824] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver + 8 00000000774e2108 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\SearchIndexer.exe[2824] C:\Windows\SYSTEM32\ntdll.dll!NtRaiseHardError 00000000774e2640 6 bytes [48, B8, B9, 88, 1D, 74] .text C:\Windows\system32\SearchIndexer.exe[2824] C:\Windows\SYSTEM32\ntdll.dll!NtRaiseHardError + 8 00000000774e2648 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\SearchIndexer.exe[2824] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000774e2840 6 bytes [48, B8, B9, 3B, 1D, 74] .text C:\Windows\system32\SearchIndexer.exe[2824] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread + 8 00000000774e2848 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\SearchIndexer.exe[2824] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000774e2a00 6 bytes [48, B8, F9, E8, 1D, 74] .text C:\Windows\system32\SearchIndexer.exe[2824] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation + 8 00000000774e2a08 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\SearchIndexer.exe[2824] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000774e2b00 6 bytes [48, B8, 39, EE, 1D, 74] .text C:\Windows\system32\SearchIndexer.exe[2824] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl + 8 00000000774e2b08 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\SearchIndexer.exe[2824] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000774e2be0 6 bytes [48, B8, 39, E0, 1D, 74] .text C:\Windows\system32\SearchIndexer.exe[2824] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl + 8 00000000774e2be8 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\SearchIndexer.exe[2824] C:\Windows\SYSTEM32\ntdll.dll!RtlReportException + 1 00000000775531f1 11 bytes [B8, 79, 8A, 1D, 74, 00, 00, ...] .text C:\Windows\system32\SearchIndexer.exe[2824] C:\Windows\system32\kernel32.dll!Process32NextW + 1 0000000076fc20f1 11 bytes [B8, 39, D9, 1D, 74, 00, 00, ...] .text C:\Windows\system32\SearchIndexer.exe[2824] C:\Windows\system32\kernel32.dll!CreateToolhelp32Snapshot 0000000076fc21e0 12 bytes [48, B8, 79, 44, 1D, 74, 00, ...] .text C:\Windows\system32\SearchIndexer.exe[2824] C:\Windows\system32\kernel32.dll!CopyFileExW + 1 0000000076fd23d1 11 bytes [B8, 79, 21, 1D, 74, 00, 00, ...] .text C:\Windows\system32\SearchIndexer.exe[2824] C:\Windows\system32\kernel32.dll!CreateProcessInternalW 0000000076fde750 12 bytes [48, B8, 39, 38, 1D, 74, 00, ...] .text C:\Windows\system32\SearchIndexer.exe[2824] C:\Windows\system32\kernel32.dll!GetStartupInfoA + 1 0000000076fe1e31 11 bytes [B8, 79, DE, 1D, 74, 00, 00, ...] .text C:\Windows\system32\SearchIndexer.exe[2824] C:\Windows\system32\kernel32.dll!ReadConsoleInputW + 1 0000000077015011 11 bytes [B8, F9, 7F, 1D, 74, 00, 00, ...] .text C:\Windows\system32\SearchIndexer.exe[2824] C:\Windows\system32\kernel32.dll!ReadConsoleInputA + 1 0000000077015031 11 bytes [B8, 79, 7C, 1D, 74, 00, 00, ...] .text C:\Windows\system32\SearchIndexer.exe[2824] C:\Windows\system32\kernel32.dll!ReadConsoleW 000000007702a560 12 bytes [48, B8, F9, 86, 1D, 74, 00, ...] .text C:\Windows\system32\SearchIndexer.exe[2824] C:\Windows\system32\kernel32.dll!ReadConsoleA 000000007702a670 12 bytes [48, B8, 79, 83, 1D, 74, 00, ...] .text C:\Windows\system32\SearchIndexer.exe[2824] C:\Windows\system32\kernel32.dll!MoveFileWithProgressW + 1 000000007704f6c1 11 bytes [B8, 79, 28, 1D, 74, 00, 00, ...] .text C:\Windows\system32\SearchIndexer.exe[2824] C:\Windows\system32\KERNELBASE.dll!CloseHandle + 1 000007fefdbb1861 11 bytes [B8, B9, 57, 1D, 74, 00, 00, ...] .text C:\Windows\system32\SearchIndexer.exe[2824] C:\Windows\system32\KERNELBASE.dll!GetProcAddress + 1 000007fefdbb30f1 11 bytes [B8, B9, CE, 1D, 74, 00, 00, ...] .text C:\Windows\system32\SearchIndexer.exe[2824] C:\Windows\system32\KERNELBASE.dll!CreateMutexW 000007fefdbb8b80 12 bytes [48, B8, F9, 55, 1D, 74, 00, ...] .text C:\Windows\system32\SearchIndexer.exe[2824] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefdbb9940 12 bytes [48, B8, 39, CB, 1D, 74, 00, ...] .text C:\Windows\system32\SearchIndexer.exe[2824] C:\Windows\system32\KERNELBASE.dll!FreeLibrary + 1 000007fefdbb9fb1 11 bytes [B8, F9, CC, 1D, 74, 00, 00, ...] .text C:\Windows\system32\SearchIndexer.exe[2824] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExA + 1 000007fefdbbbbb1 11 bytes [B8, 79, C9, 1D, 74, 00, 00, ...] .text C:\Windows\system32\SearchIndexer.exe[2824] C:\Windows\system32\KERNELBASE.dll!OpenMutexW + 1 000007fefdbc29c1 11 bytes [B8, 39, 54, 1D, 74, 00, 00, ...] .text C:\Windows\system32\SearchIndexer.exe[2824] C:\Windows\system32\KERNELBASE.dll!WriteProcessMemory 000007fefdbe4320 12 bytes [48, B8, F9, 47, 1D, 74, 00, ...] .text C:\Windows\system32\SearchIndexer.exe[2824] C:\Windows\system32\KERNELBASE.dll!CreateRemoteThread + 1 000007fefdbf2841 8 bytes [B8, B9, 2D, 1D, 74, 00, 00, ...] .text C:\Windows\system32\SearchIndexer.exe[2824] C:\Windows\system32\KERNELBASE.dll!CreateRemoteThread + 10 000007fefdbf284a 2 bytes [50, C3] .text C:\Windows\system32\SearchIndexer.exe[2824] C:\Windows\system32\KERNELBASE.dll!CreateThread + 1 000007fefdbf2881 11 bytes [B8, 39, 46, 1D, 74, 00, 00, ...] .text C:\Windows\system32\SearchIndexer.exe[2824] C:\Windows\system32\ADVAPI32.dll!IsTextUnicode + 65 000007fefe550761 11 bytes [B8, B9, F1, 1D, 74, 00, 00, ...] .text C:\Windows\system32\SearchIndexer.exe[2824] C:\Windows\system32\ADVAPI32.dll!CreateServiceW 000007fefe553b44 12 bytes [48, B8, F9, 71, 1D, 74, 00, ...] .text C:\Windows\system32\SearchIndexer.exe[2824] C:\Windows\system32\ADVAPI32.dll!CreateServiceA 000007fefe56b704 12 bytes [48, B8, 39, 70, 1D, 74, 00, ...] .text C:\Windows\system32\SearchIndexer.exe[2824] C:\Windows\system32\ADVAPI32.dll!ChangeServiceConfigW 000007fefe56b870 12 bytes [48, B8, B9, 65, 1D, 74, 00, ...] .text C:\Windows\system32\SearchIndexer.exe[2824] C:\Windows\system32\ADVAPI32.dll!ChangeServiceConfigA 000007fefe56b8dc 12 bytes [48, B8, F9, 63, 1D, 74, 00, ...] .text C:\Windows\system32\SearchIndexer.exe[2824] C:\Windows\SYSTEM32\sechost.dll!ControlService + 1 000007fefdf3642d 11 bytes [B8, 79, 60, 1D, 74, 00, 00, ...] .text C:\Windows\system32\SearchIndexer.exe[2824] C:\Windows\SYSTEM32\sechost.dll!OpenServiceW 000007fefdf36484 12 bytes [48, B8, 39, 5B, 1D, 74, 00, ...] .text C:\Windows\system32\SearchIndexer.exe[2824] C:\Windows\SYSTEM32\sechost.dll!CloseServiceHandle + 1 000007fefdf36519 11 bytes [B8, 79, 67, 1D, 74, 00, 00, ...] .text C:\Windows\system32\SearchIndexer.exe[2824] C:\Windows\SYSTEM32\sechost.dll!OpenServiceA 000007fefdf36c34 12 bytes [48, B8, 79, 59, 1D, 74, 00, ...] .text C:\Windows\system32\SearchIndexer.exe[2824] C:\Windows\SYSTEM32\sechost.dll!DeleteService + 1 000007fefdf37ab5 11 bytes [B8, 39, 62, 1D, 74, 00, 00, ...] .text C:\Windows\system32\SearchIndexer.exe[2824] C:\Windows\SYSTEM32\sechost.dll!ControlServiceExA + 1 000007fefdf38b01 11 bytes [B8, F9, 5C, 1D, 74, 00, 00, ...] .text C:\Windows\system32\SearchIndexer.exe[2824] C:\Windows\SYSTEM32\sechost.dll!ControlServiceExW + 1 000007fefdf38c39 11 bytes [B8, B9, 5E, 1D, 74, 00, 00, ...] .text C:\Windows\system32\SearchIndexer.exe[2824] C:\Windows\system32\USER32.dll!CreateWindowExA 000000007739a2e0 12 bytes [48, B8, F9, B0, 1D, 74, 00, ...] .text C:\Windows\system32\SearchIndexer.exe[2824] C:\Windows\system32\USER32.dll!PostMessageA + 1 000000007739a405 11 bytes [B8, F9, E1, 1D, 74, 00, 00, ...] .text C:\Windows\system32\SearchIndexer.exe[2824] C:\Windows\system32\USER32.dll!CallNextHookEx + 1 000000007739bae1 11 bytes [B8, 39, 8C, 1D, 74, 00, 00, ...] .text C:\Windows\system32\SearchIndexer.exe[2824] C:\Windows\system32\USER32.dll!FindWindowW + 1 000000007739d265 7 bytes [B8, F9, D3, 1D, 74, 00, 00] .text C:\Windows\system32\SearchIndexer.exe[2824] C:\Windows\system32\USER32.dll!FindWindowW + 9 000000007739d26d 3 bytes [00, 50, C3] .text C:\Windows\system32\SearchIndexer.exe[2824] C:\Windows\system32\USER32.dll!UnhookWindowsHookEx 000000007739d440 6 bytes [48, B8, F9, 8D, 1D, 74] .text C:\Windows\system32\SearchIndexer.exe[2824] C:\Windows\system32\USER32.dll!UnhookWindowsHookEx + 8 000000007739d448 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\SearchIndexer.exe[2824] C:\Windows\system32\USER32.dll!SetWindowsHookExW + 1 000000007739f875 7 bytes [B8, F9, 2B, 1D, 74, 00, 00] .text C:\Windows\system32\SearchIndexer.exe[2824] C:\Windows\system32\USER32.dll!SetWindowsHookExW + 9 000000007739f87d 3 bytes [00, 50, C3] .text C:\Windows\system32\SearchIndexer.exe[2824] C:\Windows\system32\USER32.dll!CreateWindowExW 00000000773a0810 12 bytes [48, B8, 39, AF, 1D, 74, 00, ...] .text C:\Windows\system32\SearchIndexer.exe[2824] C:\Windows\system32\USER32.dll!ShowWindow 00000000773a1930 6 bytes [48, B8, B9, B2, 1D, 74] .text C:\Windows\system32\SearchIndexer.exe[2824] C:\Windows\system32\USER32.dll!ShowWindow + 8 00000000773a1938 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\SearchIndexer.exe[2824] C:\Windows\system32\USER32.dll!PeekMessageA + 1 00000000773a3a19 11 bytes [B8, 39, 77, 1D, 74, 00, 00, ...] .text C:\Windows\system32\SearchIndexer.exe[2824] C:\Windows\system32\USER32.dll!GetMessageA + 1 00000000773a6111 11 bytes [B8, B9, 73, 1D, 74, 00, 00, ...] .text C:\Windows\system32\SearchIndexer.exe[2824] C:\Windows\system32\USER32.dll!SetWindowTextW + 1 00000000773a7055 11 bytes [B8, 39, BD, 1D, 74, 00, 00, ...] .text C:\Windows\system32\SearchIndexer.exe[2824] C:\Windows\system32\USER32.dll!PostMessageW + 1 00000000773a76e5 11 bytes [B8, B9, E3, 1D, 74, 00, 00, ...] .text C:\Windows\system32\SearchIndexer.exe[2824] C:\Windows\system32\USER32.dll!PeekMessageW + 1 00000000773a8fd1 11 bytes [B8, F9, 78, 1D, 74, 00, 00, ...] .text C:\Windows\system32\SearchIndexer.exe[2824] C:\Windows\system32\USER32.dll!GetMessageW 00000000773a9e74 12 bytes [48, B8, 79, 75, 1D, 74, 00, ...] .text C:\Windows\system32\SearchIndexer.exe[2824] C:\Windows\system32\USER32.dll!UserClientDllInitialize + 1 00000000773aa2c9 11 bytes [B8, 79, F3, 1D, 74, 00, 00, ...] .text C:\Windows\system32\SearchIndexer.exe[2824] C:\Windows\system32\USER32.dll!DialogBoxIndirectParamAorW + 1 00000000773b4efd 11 bytes [B8, 39, B6, 1D, 74, 00, 00, ...] .text C:\Windows\system32\SearchIndexer.exe[2824] C:\Windows\system32\USER32.dll!CreateDialogIndirectParamAorW + 1 00000000773b7469 11 bytes [B8, 79, B4, 1D, 74, 00, 00, ...] .text C:\Windows\system32\SearchIndexer.exe[2824] C:\Windows\system32\USER32.dll!FindWindowA + 1 00000000773b8271 7 bytes [B8, 79, D0, 1D, 74, 00, 00] .text C:\Windows\system32\SearchIndexer.exe[2824] C:\Windows\system32\USER32.dll!FindWindowA + 9 00000000773b8279 3 bytes [00, 50, C3] .text C:\Windows\system32\SearchIndexer.exe[2824] C:\Windows\system32\USER32.dll!SetWindowsHookExA + 1 00000000773b8c21 8 bytes [B8, 39, 2A, 1D, 74, 00, 00, ...] .text C:\Windows\system32\SearchIndexer.exe[2824] C:\Windows\system32\USER32.dll!SetWindowsHookExA + 10 00000000773b8c2a 2 bytes [50, C3] .text C:\Windows\system32\SearchIndexer.exe[2824] C:\Windows\system32\USER32.dll!FindWindowExW + 1 00000000773b8d21 7 bytes [B8, B9, D5, 1D, 74, 00, 00] .text C:\Windows\system32\SearchIndexer.exe[2824] C:\Windows\system32\USER32.dll!FindWindowExW + 9 00000000773b8d29 3 bytes [00, 50, C3] .text C:\Windows\system32\SearchIndexer.exe[2824] C:\Windows\system32\USER32.dll!MessageBoxExA + 1 0000000077401371 11 bytes [B8, F9, B7, 1D, 74, 00, 00, ...] .text C:\Windows\system32\SearchIndexer.exe[2824] C:\Windows\system32\USER32.dll!MessageBoxExW + 1 0000000077401395 11 bytes [B8, B9, B9, 1D, 74, 00, 00, ...] .text C:\Windows\system32\SearchIndexer.exe[2824] C:\Windows\system32\USER32.dll!SetWindowTextA + 1 000000007740d379 11 bytes [B8, 79, BB, 1D, 74, 00, 00, ...] .text C:\Windows\system32\SearchIndexer.exe[2824] C:\Windows\system32\USER32.dll!FindWindowExA + 1 000000007740dae1 7 bytes [B8, 39, D2, 1D, 74, 00, 00] .text C:\Windows\system32\SearchIndexer.exe[2824] C:\Windows\system32\USER32.dll!FindWindowExA + 9 000000007740dae9 3 bytes [00, 50, C3] .text C:\Windows\system32\SearchIndexer.exe[2824] C:\Windows\system32\SHELL32.dll!Shell_NotifyIconW + 1 000007fefea2dc51 11 bytes [B8, B9, 8F, 1D, 74, 00, 00, ...] .text C:\Windows\system32\svchost.exe[2872] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateProcessParametersEx + 1 00000000774c92a1 5 bytes [B8, 79, 6E, 1D, 74] .text C:\Windows\system32\svchost.exe[2872] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateProcessParametersEx + 7 00000000774c92a7 5 bytes [00, 00, 00, 50, C3] .text C:\Windows\system32\svchost.exe[2872] C:\Windows\SYSTEM32\ntdll.dll!NtClose 00000000774e1400 6 bytes [48, B8, F9, DA, 1D, 74] .text C:\Windows\system32\svchost.exe[2872] C:\Windows\SYSTEM32\ntdll.dll!NtClose + 8 00000000774e1408 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\svchost.exe[2872] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess 00000000774e14d0 6 bytes [48, B8, B9, C7, 1D, 74] .text C:\Windows\system32\svchost.exe[2872] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess + 8 00000000774e14d8 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\svchost.exe[2872] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000774e1570 6 bytes [48, B8, 79, 3D, 1D, 74] .text C:\Windows\system32\svchost.exe[2872] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess + 8 00000000774e1578 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\svchost.exe[2872] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 00000000774e1590 6 bytes [48, B8, 39, 1C, 1D, 74] .text C:\Windows\system32\svchost.exe[2872] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection + 8 00000000774e1598 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\svchost.exe[2872] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection 00000000774e15b0 6 bytes [48, B8, F9, 1D, 1D, 74] .text C:\Windows\system32\svchost.exe[2872] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection + 8 00000000774e15b8 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\svchost.exe[2872] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000774e15d0 6 bytes [48, B8, F9, C5, 1D, 74] .text C:\Windows\system32\svchost.exe[2872] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess + 8 00000000774e15d8 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\svchost.exe[2872] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000774e1680 6 bytes [48, B8, B9, EA, 1D, 74] .text C:\Windows\system32\svchost.exe[2872] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection + 8 00000000774e1688 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\svchost.exe[2872] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000774e16b0 6 bytes [48, B8, F9, 39, 1D, 74] .text C:\Windows\system32\svchost.exe[2872] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory + 8 00000000774e16b8 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\svchost.exe[2872] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000774e16d0 6 bytes [48, B8, F9, 40, 1D, 74] .text C:\Windows\system32\svchost.exe[2872] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject + 8 00000000774e16d8 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\svchost.exe[2872] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 00000000774e1760 6 bytes [48, B8, 39, 3F, 1D, 74] .text C:\Windows\system32\svchost.exe[2872] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread + 8 00000000774e1768 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\svchost.exe[2872] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000774e17b0 6 bytes [48, B8, 79, EC, 1D, 74] .text C:\Windows\system32\svchost.exe[2872] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection + 8 00000000774e17b8 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\svchost.exe[2872] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcessEx 00000000774e17e0 6 bytes [48, B8, B9, 34, 1D, 74] .text C:\Windows\system32\svchost.exe[2872] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcessEx + 8 00000000774e17e8 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\svchost.exe[2872] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000774e17f0 6 bytes [48, B8, 39, 31, 1D, 74] .text C:\Windows\system32\svchost.exe[2872] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread + 8 00000000774e17f8 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\svchost.exe[2872] C:\Windows\SYSTEM32\ntdll.dll!NtSetValueKey 00000000774e1910 6 bytes [48, B8, F9, EF, 1D, 74] .text C:\Windows\system32\svchost.exe[2872] C:\Windows\SYSTEM32\ntdll.dll!NtSetValueKey + 8 00000000774e1918 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\svchost.exe[2872] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000774e1ce0 6 bytes [48, B8, 79, E5, 1D, 74] .text C:\Windows\system32\svchost.exe[2872] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant + 8 00000000774e1ce8 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\svchost.exe[2872] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcess 00000000774e1d30 6 bytes [48, B8, F9, 32, 1D, 74] .text C:\Windows\system32\svchost.exe[2872] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcess + 8 00000000774e1d38 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\svchost.exe[2872] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000774e1d90 6 bytes [48, B8, 79, 2F, 1D, 74] .text C:\Windows\system32\svchost.exe[2872] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx + 8 00000000774e1d98 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\svchost.exe[2872] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000774e2100 6 bytes [48, B8, 39, E7, 1D, 74] .text C:\Windows\system32\svchost.exe[2872] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver + 8 00000000774e2108 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\svchost.exe[2872] C:\Windows\SYSTEM32\ntdll.dll!NtRaiseHardError 00000000774e2640 6 bytes [48, B8, B9, 88, 1D, 74] .text C:\Windows\system32\svchost.exe[2872] C:\Windows\SYSTEM32\ntdll.dll!NtRaiseHardError + 8 00000000774e2648 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\svchost.exe[2872] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000774e2840 6 bytes [48, B8, B9, 3B, 1D, 74] .text C:\Windows\system32\svchost.exe[2872] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread + 8 00000000774e2848 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\svchost.exe[2872] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000774e2a00 6 bytes [48, B8, F9, E8, 1D, 74] .text C:\Windows\system32\svchost.exe[2872] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation + 8 00000000774e2a08 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\svchost.exe[2872] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000774e2b00 6 bytes [48, B8, 39, EE, 1D, 74] .text C:\Windows\system32\svchost.exe[2872] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl + 8 00000000774e2b08 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\svchost.exe[2872] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000774e2be0 6 bytes [48, B8, 39, E0, 1D, 74] .text C:\Windows\system32\svchost.exe[2872] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl + 8 00000000774e2be8 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\svchost.exe[2872] C:\Windows\SYSTEM32\ntdll.dll!RtlReportException + 1 00000000775531f1 11 bytes [B8, 79, 8A, 1D, 74, 00, 00, ...] .text C:\Windows\system32\svchost.exe[2872] C:\Windows\system32\kernel32.dll!Process32NextW + 1 0000000076fc20f1 11 bytes [B8, 39, D9, 1D, 74, 00, 00, ...] .text C:\Windows\system32\svchost.exe[2872] C:\Windows\system32\kernel32.dll!CreateToolhelp32Snapshot 0000000076fc21e0 12 bytes [48, B8, 79, 44, 1D, 74, 00, ...] .text C:\Windows\system32\svchost.exe[2872] C:\Windows\system32\kernel32.dll!CopyFileExW + 1 0000000076fd23d1 11 bytes [B8, 79, 21, 1D, 74, 00, 00, ...] .text C:\Windows\system32\svchost.exe[2872] C:\Windows\system32\kernel32.dll!CreateProcessInternalW 0000000076fde750 12 bytes [48, B8, 39, 38, 1D, 74, 00, ...] .text C:\Windows\system32\svchost.exe[2872] C:\Windows\system32\kernel32.dll!GetStartupInfoA + 1 0000000076fe1e31 11 bytes [B8, 79, DE, 1D, 74, 00, 00, ...] .text C:\Windows\system32\svchost.exe[2872] C:\Windows\system32\kernel32.dll!ReadConsoleInputW + 1 0000000077015011 11 bytes [B8, F9, 7F, 1D, 74, 00, 00, ...] .text C:\Windows\system32\svchost.exe[2872] C:\Windows\system32\kernel32.dll!ReadConsoleInputA + 1 0000000077015031 11 bytes [B8, 79, 7C, 1D, 74, 00, 00, ...] .text C:\Windows\system32\svchost.exe[2872] C:\Windows\system32\kernel32.dll!ReadConsoleW 000000007702a560 12 bytes [48, B8, F9, 86, 1D, 74, 00, ...] .text C:\Windows\system32\svchost.exe[2872] C:\Windows\system32\kernel32.dll!ReadConsoleA 000000007702a670 12 bytes [48, B8, 79, 83, 1D, 74, 00, ...] .text C:\Windows\system32\svchost.exe[2872] C:\Windows\system32\kernel32.dll!MoveFileWithProgressW + 1 000000007704f6c1 11 bytes [B8, 79, 28, 1D, 74, 00, 00, ...] .text C:\Windows\system32\svchost.exe[2872] C:\Windows\system32\KERNELBASE.dll!CloseHandle + 1 000007fefdbb1861 11 bytes [B8, B9, 57, 1D, 74, 00, 00, ...] .text C:\Windows\system32\svchost.exe[2872] C:\Windows\system32\KERNELBASE.dll!GetProcAddress + 1 000007fefdbb30f1 11 bytes [B8, B9, CE, 1D, 74, 00, 00, ...] .text C:\Windows\system32\svchost.exe[2872] C:\Windows\system32\KERNELBASE.dll!CreateMutexW 000007fefdbb8b80 12 bytes [48, B8, F9, 55, 1D, 74, 00, ...] .text C:\Windows\system32\svchost.exe[2872] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefdbb9940 12 bytes [48, B8, 39, CB, 1D, 74, 00, ...] .text C:\Windows\system32\svchost.exe[2872] C:\Windows\system32\KERNELBASE.dll!FreeLibrary + 1 000007fefdbb9fb1 11 bytes [B8, F9, CC, 1D, 74, 00, 00, ...] .text C:\Windows\system32\svchost.exe[2872] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExA + 1 000007fefdbbbbb1 11 bytes [B8, 79, C9, 1D, 74, 00, 00, ...] .text C:\Windows\system32\svchost.exe[2872] C:\Windows\system32\KERNELBASE.dll!OpenMutexW + 1 000007fefdbc29c1 11 bytes [B8, 39, 54, 1D, 74, 00, 00, ...] .text C:\Windows\system32\svchost.exe[2872] C:\Windows\system32\KERNELBASE.dll!WriteProcessMemory 000007fefdbe4320 12 bytes [48, B8, F9, 47, 1D, 74, 00, ...] .text C:\Windows\system32\svchost.exe[2872] C:\Windows\system32\KERNELBASE.dll!CreateRemoteThread + 1 000007fefdbf2841 8 bytes [B8, B9, 2D, 1D, 74, 00, 00, ...] .text C:\Windows\system32\svchost.exe[2872] C:\Windows\system32\KERNELBASE.dll!CreateRemoteThread + 10 000007fefdbf284a 2 bytes [50, C3] .text C:\Windows\system32\svchost.exe[2872] C:\Windows\system32\KERNELBASE.dll!CreateThread + 1 000007fefdbf2881 11 bytes [B8, 39, 46, 1D, 74, 00, 00, ...] .text C:\Windows\system32\svchost.exe[2872] C:\Windows\SYSTEM32\sechost.dll!ControlService + 1 000007fefdf3642d 11 bytes [B8, 79, 60, 1D, 74, 00, 00, ...] .text C:\Windows\system32\svchost.exe[2872] C:\Windows\SYSTEM32\sechost.dll!OpenServiceW 000007fefdf36484 12 bytes [48, B8, 39, 5B, 1D, 74, 00, ...] .text C:\Windows\system32\svchost.exe[2872] C:\Windows\SYSTEM32\sechost.dll!CloseServiceHandle + 1 000007fefdf36519 11 bytes [B8, 79, 67, 1D, 74, 00, 00, ...] .text C:\Windows\system32\svchost.exe[2872] C:\Windows\SYSTEM32\sechost.dll!OpenServiceA 000007fefdf36c34 12 bytes [48, B8, 79, 59, 1D, 74, 00, ...] .text C:\Windows\system32\svchost.exe[2872] C:\Windows\SYSTEM32\sechost.dll!DeleteService + 1 000007fefdf37ab5 11 bytes [B8, 39, 62, 1D, 74, 00, 00, ...] .text C:\Windows\system32\svchost.exe[2872] C:\Windows\SYSTEM32\sechost.dll!ControlServiceExA + 1 000007fefdf38b01 11 bytes [B8, F9, 5C, 1D, 74, 00, 00, ...] .text C:\Windows\system32\svchost.exe[2872] C:\Windows\SYSTEM32\sechost.dll!ControlServiceExW + 1 000007fefdf38c39 11 bytes [B8, B9, 5E, 1D, 74, 00, 00, ...] .text C:\Windows\system32\svchost.exe[2872] C:\Windows\system32\ADVAPI32.dll!IsTextUnicode + 65 000007fefe550761 11 bytes [B8, B9, F1, 1D, 74, 00, 00, ...] .text C:\Windows\system32\svchost.exe[2872] C:\Windows\system32\ADVAPI32.dll!CreateServiceW 000007fefe553b44 12 bytes [48, B8, F9, 71, 1D, 74, 00, ...] .text C:\Windows\system32\svchost.exe[2872] C:\Windows\system32\ADVAPI32.dll!CreateServiceA 000007fefe56b704 12 bytes [48, B8, 39, 70, 1D, 74, 00, ...] .text C:\Windows\system32\svchost.exe[2872] C:\Windows\system32\ADVAPI32.dll!ChangeServiceConfigW 000007fefe56b870 12 bytes [48, B8, B9, 65, 1D, 74, 00, ...] .text C:\Windows\system32\svchost.exe[2872] C:\Windows\system32\ADVAPI32.dll!ChangeServiceConfigA 000007fefe56b8dc 12 bytes [48, B8, F9, 63, 1D, 74, 00, ...] .text C:\Windows\system32\svchost.exe[2872] C:\Windows\system32\USER32.dll!CreateWindowExA 000000007739a2e0 12 bytes [48, B8, F9, B0, 1D, 74, 00, ...] .text C:\Windows\system32\svchost.exe[2872] C:\Windows\system32\USER32.dll!PostMessageA + 1 000000007739a405 11 bytes [B8, F9, E1, 1D, 74, 00, 00, ...] .text C:\Windows\system32\svchost.exe[2872] C:\Windows\system32\USER32.dll!CallNextHookEx + 1 000000007739bae1 11 bytes [B8, 39, 8C, 1D, 74, 00, 00, ...] .text C:\Windows\system32\svchost.exe[2872] C:\Windows\system32\USER32.dll!FindWindowW + 1 000000007739d265 7 bytes [B8, F9, D3, 1D, 74, 00, 00] .text C:\Windows\system32\svchost.exe[2872] C:\Windows\system32\USER32.dll!FindWindowW + 9 000000007739d26d 3 bytes [00, 50, C3] .text C:\Windows\system32\svchost.exe[2872] C:\Windows\system32\USER32.dll!UnhookWindowsHookEx 000000007739d440 6 bytes [48, B8, F9, 8D, 1D, 74] .text C:\Windows\system32\svchost.exe[2872] C:\Windows\system32\USER32.dll!UnhookWindowsHookEx + 8 000000007739d448 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\svchost.exe[2872] C:\Windows\system32\USER32.dll!SetWindowsHookExW + 1 000000007739f875 7 bytes [B8, F9, 2B, 1D, 74, 00, 00] .text C:\Windows\system32\svchost.exe[2872] C:\Windows\system32\USER32.dll!SetWindowsHookExW + 9 000000007739f87d 3 bytes [00, 50, C3] .text C:\Windows\system32\svchost.exe[2872] C:\Windows\system32\USER32.dll!CreateWindowExW 00000000773a0810 12 bytes [48, B8, 39, AF, 1D, 74, 00, ...] .text C:\Windows\system32\svchost.exe[2872] C:\Windows\system32\USER32.dll!ShowWindow 00000000773a1930 6 bytes [48, B8, B9, B2, 1D, 74] .text C:\Windows\system32\svchost.exe[2872] C:\Windows\system32\USER32.dll!ShowWindow + 8 00000000773a1938 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\svchost.exe[2872] C:\Windows\system32\USER32.dll!PeekMessageA + 1 00000000773a3a19 11 bytes [B8, 39, 77, 1D, 74, 00, 00, ...] .text C:\Windows\system32\svchost.exe[2872] C:\Windows\system32\USER32.dll!GetMessageA + 1 00000000773a6111 11 bytes [B8, B9, 73, 1D, 74, 00, 00, ...] .text C:\Windows\system32\svchost.exe[2872] C:\Windows\system32\USER32.dll!SetWindowTextW + 1 00000000773a7055 11 bytes [B8, 39, BD, 1D, 74, 00, 00, ...] .text C:\Windows\system32\svchost.exe[2872] C:\Windows\system32\USER32.dll!PostMessageW + 1 00000000773a76e5 11 bytes [B8, B9, E3, 1D, 74, 00, 00, ...] .text C:\Windows\system32\svchost.exe[2872] C:\Windows\system32\USER32.dll!PeekMessageW + 1 00000000773a8fd1 11 bytes [B8, F9, 78, 1D, 74, 00, 00, ...] .text C:\Windows\system32\svchost.exe[2872] C:\Windows\system32\USER32.dll!GetMessageW 00000000773a9e74 12 bytes [48, B8, 79, 75, 1D, 74, 00, ...] .text C:\Windows\system32\svchost.exe[2872] C:\Windows\system32\USER32.dll!UserClientDllInitialize + 1 00000000773aa2c9 11 bytes [B8, 79, F3, 1D, 74, 00, 00, ...] .text C:\Windows\system32\svchost.exe[2872] C:\Windows\system32\USER32.dll!DialogBoxIndirectParamAorW + 1 00000000773b4efd 11 bytes [B8, 39, B6, 1D, 74, 00, 00, ...] .text C:\Windows\system32\svchost.exe[2872] C:\Windows\system32\USER32.dll!CreateDialogIndirectParamAorW + 1 00000000773b7469 11 bytes [B8, 79, B4, 1D, 74, 00, 00, ...] .text C:\Windows\system32\svchost.exe[2872] C:\Windows\system32\USER32.dll!FindWindowA + 1 00000000773b8271 7 bytes [B8, 79, D0, 1D, 74, 00, 00] .text C:\Windows\system32\svchost.exe[2872] C:\Windows\system32\USER32.dll!FindWindowA + 9 00000000773b8279 3 bytes [00, 50, C3] .text C:\Windows\system32\svchost.exe[2872] C:\Windows\system32\USER32.dll!SetWindowsHookExA + 1 00000000773b8c21 8 bytes [B8, 39, 2A, 1D, 74, 00, 00, ...] .text C:\Windows\system32\svchost.exe[2872] C:\Windows\system32\USER32.dll!SetWindowsHookExA + 10 00000000773b8c2a 2 bytes [50, C3] .text C:\Windows\system32\svchost.exe[2872] C:\Windows\system32\USER32.dll!FindWindowExW + 1 00000000773b8d21 7 bytes [B8, B9, D5, 1D, 74, 00, 00] .text C:\Windows\system32\svchost.exe[2872] C:\Windows\system32\USER32.dll!FindWindowExW + 9 00000000773b8d29 3 bytes [00, 50, C3] .text C:\Windows\system32\svchost.exe[2872] C:\Windows\system32\USER32.dll!MessageBoxExA + 1 0000000077401371 11 bytes [B8, F9, B7, 1D, 74, 00, 00, ...] .text C:\Windows\system32\svchost.exe[2872] C:\Windows\system32\USER32.dll!MessageBoxExW + 1 0000000077401395 11 bytes [B8, B9, B9, 1D, 74, 00, 00, ...] .text C:\Windows\system32\svchost.exe[2872] C:\Windows\system32\USER32.dll!SetWindowTextA + 1 000000007740d379 11 bytes [B8, 79, BB, 1D, 74, 00, 00, ...] .text C:\Windows\system32\svchost.exe[2872] C:\Windows\system32\USER32.dll!FindWindowExA + 1 000000007740dae1 7 bytes [B8, 39, D2, 1D, 74, 00, 00] .text C:\Windows\system32\svchost.exe[2872] C:\Windows\system32\USER32.dll!FindWindowExA + 9 000000007740dae9 3 bytes [00, 50, C3] .text C:\Windows\system32\svchost.exe[2872] C:\Windows\system32\WS2_32.dll!WSASend + 1 000007fefe4d13b1 11 bytes [B8, 39, C4, 1D, 74, 00, 00, ...] .text C:\Windows\system32\svchost.exe[2872] C:\Windows\system32\WS2_32.dll!closesocket 000007fefe4d18e0 12 bytes [48, B8, 79, C2, 1D, 74, 00, ...] .text C:\Windows\system32\svchost.exe[2872] C:\Windows\system32\WS2_32.dll!WSASocketW + 1 000007fefe4d1bd1 11 bytes [B8, B9, C0, 1D, 74, 00, 00, ...] .text C:\Windows\system32\svchost.exe[2872] C:\Windows\system32\WS2_32.dll!GetAddrInfoW 000007fefe4d23c0 12 bytes [48, B8, B9, AB, 1D, 74, 00, ...] .text C:\Windows\system32\svchost.exe[2872] C:\Windows\system32\WS2_32.dll!connect 000007fefe4d45c0 12 bytes [48, B8, B9, 6C, 1D, 74, 00, ...] .text C:\Windows\system32\svchost.exe[2872] C:\Windows\system32\WS2_32.dll!send + 1 000007fefe4d8001 11 bytes [B8, F9, BE, 1D, 74, 00, 00, ...] .text C:\Windows\system32\svchost.exe[2872] C:\Windows\system32\WS2_32.dll!gethostbyname 000007fefe4d8df0 7 bytes [48, B8, 79, AD, 1D, 74, 00] .text C:\Windows\system32\svchost.exe[2872] C:\Windows\system32\WS2_32.dll!gethostbyname + 9 000007fefe4d8df9 3 bytes [00, 50, C3] .text C:\Program Files\Windows Sidebar\sidebar.exe[3048] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateProcessParametersEx + 1 00000000774c92a1 5 bytes [B8, 79, 6E, 1D, 74] .text C:\Program Files\Windows Sidebar\sidebar.exe[3048] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateProcessParametersEx + 7 00000000774c92a7 5 bytes [00, 00, 00, 50, C3] .text C:\Program Files\Windows Sidebar\sidebar.exe[3048] C:\Windows\SYSTEM32\ntdll.dll!NtClose 00000000774e1400 6 bytes [48, B8, F9, DA, 1D, 74] .text C:\Program Files\Windows Sidebar\sidebar.exe[3048] C:\Windows\SYSTEM32\ntdll.dll!NtClose + 8 00000000774e1408 4 bytes [00, 00, 50, C3] .text C:\Program Files\Windows Sidebar\sidebar.exe[3048] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess 00000000774e14d0 6 bytes [48, B8, B9, C7, 1D, 74] .text C:\Program Files\Windows Sidebar\sidebar.exe[3048] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess + 8 00000000774e14d8 4 bytes [00, 00, 50, C3] .text C:\Program Files\Windows Sidebar\sidebar.exe[3048] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000774e1570 6 bytes [48, B8, 79, 3D, 1D, 74] .text C:\Program Files\Windows Sidebar\sidebar.exe[3048] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess + 8 00000000774e1578 4 bytes [00, 00, 50, C3] .text C:\Program Files\Windows Sidebar\sidebar.exe[3048] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 00000000774e1590 6 bytes [48, B8, 39, 1C, 1D, 74] .text C:\Program Files\Windows Sidebar\sidebar.exe[3048] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection + 8 00000000774e1598 4 bytes [00, 00, 50, C3] .text C:\Program Files\Windows Sidebar\sidebar.exe[3048] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection 00000000774e15b0 6 bytes [48, B8, F9, 1D, 1D, 74] .text C:\Program Files\Windows Sidebar\sidebar.exe[3048] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection + 8 00000000774e15b8 4 bytes [00, 00, 50, C3] .text C:\Program Files\Windows Sidebar\sidebar.exe[3048] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000774e15d0 6 bytes [48, B8, F9, C5, 1D, 74] .text C:\Program Files\Windows Sidebar\sidebar.exe[3048] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess + 8 00000000774e15d8 4 bytes [00, 00, 50, C3] .text C:\Program Files\Windows Sidebar\sidebar.exe[3048] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000774e1680 6 bytes [48, B8, B9, EA, 1D, 74] .text C:\Program Files\Windows Sidebar\sidebar.exe[3048] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection + 8 00000000774e1688 4 bytes [00, 00, 50, C3] .text C:\Program Files\Windows Sidebar\sidebar.exe[3048] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000774e16b0 6 bytes [48, B8, F9, 39, 1D, 74] .text C:\Program Files\Windows Sidebar\sidebar.exe[3048] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory + 8 00000000774e16b8 4 bytes [00, 00, 50, C3] .text C:\Program Files\Windows Sidebar\sidebar.exe[3048] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000774e16d0 6 bytes [48, B8, F9, 40, 1D, 74] .text C:\Program Files\Windows Sidebar\sidebar.exe[3048] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject + 8 00000000774e16d8 4 bytes [00, 00, 50, C3] .text C:\Program Files\Windows Sidebar\sidebar.exe[3048] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 00000000774e1760 6 bytes [48, B8, 39, 3F, 1D, 74] .text C:\Program Files\Windows Sidebar\sidebar.exe[3048] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread + 8 00000000774e1768 4 bytes [00, 00, 50, C3] .text C:\Program Files\Windows Sidebar\sidebar.exe[3048] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000774e17b0 6 bytes [48, B8, 79, EC, 1D, 74] .text C:\Program Files\Windows Sidebar\sidebar.exe[3048] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection + 8 00000000774e17b8 4 bytes [00, 00, 50, C3] .text C:\Program Files\Windows Sidebar\sidebar.exe[3048] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcessEx 00000000774e17e0 6 bytes [48, B8, B9, 34, 1D, 74] .text C:\Program Files\Windows Sidebar\sidebar.exe[3048] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcessEx + 8 00000000774e17e8 4 bytes [00, 00, 50, C3] .text C:\Program Files\Windows Sidebar\sidebar.exe[3048] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000774e17f0 6 bytes [48, B8, 39, 31, 1D, 74] .text C:\Program Files\Windows Sidebar\sidebar.exe[3048] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread + 8 00000000774e17f8 4 bytes [00, 00, 50, C3] .text C:\Program Files\Windows Sidebar\sidebar.exe[3048] C:\Windows\SYSTEM32\ntdll.dll!NtSetValueKey 00000000774e1910 6 bytes [48, B8, F9, EF, 1D, 74] .text C:\Program Files\Windows Sidebar\sidebar.exe[3048] C:\Windows\SYSTEM32\ntdll.dll!NtSetValueKey + 8 00000000774e1918 4 bytes [00, 00, 50, C3] .text C:\Program Files\Windows Sidebar\sidebar.exe[3048] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000774e1ce0 6 bytes [48, B8, 79, E5, 1D, 74] .text C:\Program Files\Windows Sidebar\sidebar.exe[3048] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant + 8 00000000774e1ce8 4 bytes [00, 00, 50, C3] .text C:\Program Files\Windows Sidebar\sidebar.exe[3048] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcess 00000000774e1d30 6 bytes [48, B8, F9, 32, 1D, 74] .text C:\Program Files\Windows Sidebar\sidebar.exe[3048] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcess + 8 00000000774e1d38 4 bytes [00, 00, 50, C3] .text C:\Program Files\Windows Sidebar\sidebar.exe[3048] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000774e1d90 6 bytes [48, B8, 79, 2F, 1D, 74] .text C:\Program Files\Windows Sidebar\sidebar.exe[3048] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx + 8 00000000774e1d98 4 bytes [00, 00, 50, C3] .text C:\Program Files\Windows Sidebar\sidebar.exe[3048] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000774e2100 6 bytes [48, B8, 39, E7, 1D, 74] .text C:\Program Files\Windows Sidebar\sidebar.exe[3048] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver + 8 00000000774e2108 4 bytes [00, 00, 50, C3] .text C:\Program Files\Windows Sidebar\sidebar.exe[3048] C:\Windows\SYSTEM32\ntdll.dll!NtRaiseHardError 00000000774e2640 6 bytes [48, B8, B9, 88, 1D, 74] .text C:\Program Files\Windows Sidebar\sidebar.exe[3048] C:\Windows\SYSTEM32\ntdll.dll!NtRaiseHardError + 8 00000000774e2648 4 bytes [00, 00, 50, C3] .text C:\Program Files\Windows Sidebar\sidebar.exe[3048] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000774e2840 6 bytes [48, B8, B9, 3B, 1D, 74] .text C:\Program Files\Windows Sidebar\sidebar.exe[3048] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread + 8 00000000774e2848 4 bytes [00, 00, 50, C3] .text C:\Program Files\Windows Sidebar\sidebar.exe[3048] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000774e2a00 6 bytes [48, B8, F9, E8, 1D, 74] .text C:\Program Files\Windows Sidebar\sidebar.exe[3048] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation + 8 00000000774e2a08 4 bytes [00, 00, 50, C3] .text C:\Program Files\Windows Sidebar\sidebar.exe[3048] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000774e2b00 6 bytes [48, B8, 39, EE, 1D, 74] .text C:\Program Files\Windows Sidebar\sidebar.exe[3048] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl + 8 00000000774e2b08 4 bytes [00, 00, 50, C3] .text C:\Program Files\Windows Sidebar\sidebar.exe[3048] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000774e2be0 6 bytes [48, B8, 39, E0, 1D, 74] .text C:\Program Files\Windows Sidebar\sidebar.exe[3048] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl + 8 00000000774e2be8 4 bytes [00, 00, 50, C3] .text C:\Program Files\Windows Sidebar\sidebar.exe[3048] C:\Windows\SYSTEM32\ntdll.dll!RtlReportException + 1 00000000775531f1 11 bytes [B8, 79, 8A, 1D, 74, 00, 00, ...] .text C:\Program Files\Windows Sidebar\sidebar.exe[3048] C:\Windows\system32\kernel32.dll!Process32NextW + 1 0000000076fc20f1 11 bytes [B8, 39, D9, 1D, 74, 00, 00, ...] .text C:\Program Files\Windows Sidebar\sidebar.exe[3048] C:\Windows\system32\kernel32.dll!CreateToolhelp32Snapshot 0000000076fc21e0 12 bytes [48, B8, 79, 44, 1D, 74, 00, ...] .text C:\Program Files\Windows Sidebar\sidebar.exe[3048] C:\Windows\system32\kernel32.dll!CopyFileExW + 1 0000000076fd23d1 11 bytes [B8, 79, 21, 1D, 74, 00, 00, ...] .text C:\Program Files\Windows Sidebar\sidebar.exe[3048] C:\Windows\system32\kernel32.dll!CreateProcessInternalW 0000000076fde750 12 bytes [48, B8, 39, 38, 1D, 74, 00, ...] .text C:\Program Files\Windows Sidebar\sidebar.exe[3048] C:\Windows\system32\kernel32.dll!GetStartupInfoA + 1 0000000076fe1e31 11 bytes [B8, 79, DE, 1D, 74, 00, 00, ...] .text C:\Program Files\Windows Sidebar\sidebar.exe[3048] C:\Windows\system32\kernel32.dll!ReadConsoleInputW + 1 0000000077015011 11 bytes [B8, F9, 7F, 1D, 74, 00, 00, ...] .text C:\Program Files\Windows Sidebar\sidebar.exe[3048] C:\Windows\system32\kernel32.dll!ReadConsoleInputA + 1 0000000077015031 11 bytes [B8, 79, 7C, 1D, 74, 00, 00, ...] .text C:\Program Files\Windows Sidebar\sidebar.exe[3048] C:\Windows\system32\kernel32.dll!ReadConsoleW 000000007702a560 12 bytes [48, B8, F9, 86, 1D, 74, 00, ...] .text C:\Program Files\Windows Sidebar\sidebar.exe[3048] C:\Windows\system32\kernel32.dll!ReadConsoleA 000000007702a670 12 bytes [48, B8, 79, 83, 1D, 74, 00, ...] .text C:\Program Files\Windows Sidebar\sidebar.exe[3048] C:\Windows\system32\kernel32.dll!MoveFileWithProgressW + 1 000000007704f6c1 11 bytes [B8, 79, 28, 1D, 74, 00, 00, ...] .text C:\Program Files\Windows Sidebar\sidebar.exe[3048] C:\Windows\system32\KERNELBASE.dll!CloseHandle + 1 000007fefdbb1861 11 bytes [B8, B9, 57, 1D, 74, 00, 00, ...] .text C:\Program Files\Windows Sidebar\sidebar.exe[3048] C:\Windows\system32\KERNELBASE.dll!GetProcAddress + 1 000007fefdbb30f1 11 bytes [B8, B9, CE, 1D, 74, 00, 00, ...] .text C:\Program Files\Windows Sidebar\sidebar.exe[3048] C:\Windows\system32\KERNELBASE.dll!CreateMutexW 000007fefdbb8b80 12 bytes [48, B8, F9, 55, 1D, 74, 00, ...] .text C:\Program Files\Windows Sidebar\sidebar.exe[3048] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefdbb9940 12 bytes [48, B8, 39, CB, 1D, 74, 00, ...] .text C:\Program Files\Windows Sidebar\sidebar.exe[3048] C:\Windows\system32\KERNELBASE.dll!FreeLibrary + 1 000007fefdbb9fb1 11 bytes [B8, F9, CC, 1D, 74, 00, 00, ...] .text C:\Program Files\Windows Sidebar\sidebar.exe[3048] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExA + 1 000007fefdbbbbb1 11 bytes [B8, 79, C9, 1D, 74, 00, 00, ...] .text C:\Program Files\Windows Sidebar\sidebar.exe[3048] C:\Windows\system32\KERNELBASE.dll!OpenMutexW + 1 000007fefdbc29c1 11 bytes [B8, 39, 54, 1D, 74, 00, 00, ...] .text C:\Program Files\Windows Sidebar\sidebar.exe[3048] C:\Windows\system32\KERNELBASE.dll!WriteProcessMemory 000007fefdbe4320 12 bytes [48, B8, F9, 47, 1D, 74, 00, ...] .text C:\Program Files\Windows Sidebar\sidebar.exe[3048] C:\Windows\system32\KERNELBASE.dll!CreateRemoteThread + 1 000007fefdbf2841 8 bytes [B8, B9, 2D, 1D, 74, 00, 00, ...] .text C:\Program Files\Windows Sidebar\sidebar.exe[3048] C:\Windows\system32\KERNELBASE.dll!CreateRemoteThread + 10 000007fefdbf284a 2 bytes [50, C3] .text C:\Program Files\Windows Sidebar\sidebar.exe[3048] C:\Windows\system32\KERNELBASE.dll!CreateThread + 1 000007fefdbf2881 11 bytes [B8, 39, 46, 1D, 74, 00, 00, ...] .text C:\Program Files\Windows Sidebar\sidebar.exe[3048] C:\Windows\system32\ADVAPI32.dll!IsTextUnicode + 65 000007fefe550761 11 bytes [B8, B9, F1, 1D, 74, 00, 00, ...] .text C:\Program Files\Windows Sidebar\sidebar.exe[3048] C:\Windows\system32\ADVAPI32.dll!CreateServiceW 000007fefe553b44 12 bytes [48, B8, F9, 71, 1D, 74, 00, ...] .text C:\Program Files\Windows Sidebar\sidebar.exe[3048] C:\Windows\system32\ADVAPI32.dll!CreateServiceA 000007fefe56b704 12 bytes [48, B8, 39, 70, 1D, 74, 00, ...] .text C:\Program Files\Windows Sidebar\sidebar.exe[3048] C:\Windows\system32\ADVAPI32.dll!ChangeServiceConfigW 000007fefe56b870 12 bytes [48, B8, B9, 65, 1D, 74, 00, ...] .text C:\Program Files\Windows Sidebar\sidebar.exe[3048] C:\Windows\system32\ADVAPI32.dll!ChangeServiceConfigA 000007fefe56b8dc 12 bytes [48, B8, F9, 63, 1D, 74, 00, ...] .text C:\Program Files\Windows Sidebar\sidebar.exe[3048] C:\Windows\SYSTEM32\sechost.dll!ControlService + 1 000007fefdf3642d 11 bytes [B8, 79, 60, 1D, 74, 00, 00, ...] .text C:\Program Files\Windows Sidebar\sidebar.exe[3048] C:\Windows\SYSTEM32\sechost.dll!OpenServiceW 000007fefdf36484 12 bytes [48, B8, 39, 5B, 1D, 74, 00, ...] .text C:\Program Files\Windows Sidebar\sidebar.exe[3048] C:\Windows\SYSTEM32\sechost.dll!CloseServiceHandle + 1 000007fefdf36519 11 bytes [B8, 79, 67, 1D, 74, 00, 00, ...] .text C:\Program Files\Windows Sidebar\sidebar.exe[3048] C:\Windows\SYSTEM32\sechost.dll!OpenServiceA 000007fefdf36c34 12 bytes [48, B8, 79, 59, 1D, 74, 00, ...] .text C:\Program Files\Windows Sidebar\sidebar.exe[3048] C:\Windows\SYSTEM32\sechost.dll!DeleteService + 1 000007fefdf37ab5 11 bytes [B8, 39, 62, 1D, 74, 00, 00, ...] .text C:\Program Files\Windows Sidebar\sidebar.exe[3048] C:\Windows\SYSTEM32\sechost.dll!ControlServiceExA + 1 000007fefdf38b01 11 bytes [B8, F9, 5C, 1D, 74, 00, 00, ...] .text C:\Program Files\Windows Sidebar\sidebar.exe[3048] C:\Windows\SYSTEM32\sechost.dll!ControlServiceExW + 1 000007fefdf38c39 11 bytes [B8, B9, 5E, 1D, 74, 00, 00, ...] .text C:\Program Files\Windows Sidebar\sidebar.exe[3048] C:\Windows\system32\USER32.dll!CreateWindowExA 000000007739a2e0 12 bytes [48, B8, F9, B0, 1D, 74, 00, ...] .text C:\Program Files\Windows Sidebar\sidebar.exe[3048] C:\Windows\system32\USER32.dll!PostMessageA + 1 000000007739a405 11 bytes [B8, F9, E1, 1D, 74, 00, 00, ...] .text C:\Program Files\Windows Sidebar\sidebar.exe[3048] C:\Windows\system32\USER32.dll!CallNextHookEx + 1 000000007739bae1 11 bytes [B8, 39, 8C, 1D, 74, 00, 00, ...] .text C:\Program Files\Windows Sidebar\sidebar.exe[3048] C:\Windows\system32\USER32.dll!FindWindowW + 1 000000007739d265 7 bytes [B8, F9, D3, 1D, 74, 00, 00] .text C:\Program Files\Windows Sidebar\sidebar.exe[3048] C:\Windows\system32\USER32.dll!FindWindowW + 9 000000007739d26d 3 bytes [00, 50, C3] .text C:\Program Files\Windows Sidebar\sidebar.exe[3048] C:\Windows\system32\USER32.dll!UnhookWindowsHookEx 000000007739d440 6 bytes [48, B8, F9, 8D, 1D, 74] .text C:\Program Files\Windows Sidebar\sidebar.exe[3048] C:\Windows\system32\USER32.dll!UnhookWindowsHookEx + 8 000000007739d448 4 bytes [00, 00, 50, C3] .text C:\Program Files\Windows Sidebar\sidebar.exe[3048] C:\Windows\system32\USER32.dll!SetWindowsHookExW + 1 000000007739f875 7 bytes [B8, F9, 2B, 1D, 74, 00, 00] .text C:\Program Files\Windows Sidebar\sidebar.exe[3048] C:\Windows\system32\USER32.dll!SetWindowsHookExW + 9 000000007739f87d 3 bytes [00, 50, C3] .text C:\Program Files\Windows Sidebar\sidebar.exe[3048] C:\Windows\system32\USER32.dll!CreateWindowExW 00000000773a0810 12 bytes [48, B8, 39, AF, 1D, 74, 00, ...] .text C:\Program Files\Windows Sidebar\sidebar.exe[3048] C:\Windows\system32\USER32.dll!ShowWindow 00000000773a1930 6 bytes [48, B8, B9, B2, 1D, 74] .text C:\Program Files\Windows Sidebar\sidebar.exe[3048] C:\Windows\system32\USER32.dll!ShowWindow + 8 00000000773a1938 4 bytes [00, 00, 50, C3] .text C:\Program Files\Windows Sidebar\sidebar.exe[3048] C:\Windows\system32\USER32.dll!PeekMessageA + 1 00000000773a3a19 11 bytes [B8, 39, 77, 1D, 74, 00, 00, ...] .text C:\Program Files\Windows Sidebar\sidebar.exe[3048] C:\Windows\system32\USER32.dll!GetMessageA + 1 00000000773a6111 11 bytes [B8, B9, 73, 1D, 74, 00, 00, ...] .text C:\Program Files\Windows Sidebar\sidebar.exe[3048] C:\Windows\system32\USER32.dll!SetWindowTextW + 1 00000000773a7055 11 bytes [B8, 39, BD, 1D, 74, 00, 00, ...] .text C:\Program Files\Windows Sidebar\sidebar.exe[3048] C:\Windows\system32\USER32.dll!PostMessageW + 1 00000000773a76e5 11 bytes [B8, B9, E3, 1D, 74, 00, 00, ...] .text C:\Program Files\Windows Sidebar\sidebar.exe[3048] C:\Windows\system32\USER32.dll!PeekMessageW + 1 00000000773a8fd1 11 bytes [B8, F9, 78, 1D, 74, 00, 00, ...] .text C:\Program Files\Windows Sidebar\sidebar.exe[3048] C:\Windows\system32\USER32.dll!GetMessageW 00000000773a9e74 12 bytes [48, B8, 79, 75, 1D, 74, 00, ...] .text C:\Program Files\Windows Sidebar\sidebar.exe[3048] C:\Windows\system32\USER32.dll!UserClientDllInitialize + 1 00000000773aa2c9 11 bytes [B8, 79, F3, 1D, 74, 00, 00, ...] .text C:\Program Files\Windows Sidebar\sidebar.exe[3048] C:\Windows\system32\USER32.dll!DialogBoxIndirectParamAorW + 1 00000000773b4efd 11 bytes [B8, 39, B6, 1D, 74, 00, 00, ...] .text C:\Program Files\Windows Sidebar\sidebar.exe[3048] C:\Windows\system32\USER32.dll!CreateDialogIndirectParamAorW + 1 00000000773b7469 11 bytes [B8, 79, B4, 1D, 74, 00, 00, ...] .text C:\Program Files\Windows Sidebar\sidebar.exe[3048] C:\Windows\system32\USER32.dll!FindWindowA + 1 00000000773b8271 7 bytes [B8, 79, D0, 1D, 74, 00, 00] .text C:\Program Files\Windows Sidebar\sidebar.exe[3048] C:\Windows\system32\USER32.dll!FindWindowA + 9 00000000773b8279 3 bytes [00, 50, C3] .text C:\Program Files\Windows Sidebar\sidebar.exe[3048] C:\Windows\system32\USER32.dll!SetWindowsHookExA + 1 00000000773b8c21 8 bytes [B8, 39, 2A, 1D, 74, 00, 00, ...] .text C:\Program Files\Windows Sidebar\sidebar.exe[3048] C:\Windows\system32\USER32.dll!SetWindowsHookExA + 10 00000000773b8c2a 2 bytes [50, C3] .text C:\Program Files\Windows Sidebar\sidebar.exe[3048] C:\Windows\system32\USER32.dll!FindWindowExW + 1 00000000773b8d21 7 bytes [B8, B9, D5, 1D, 74, 00, 00] .text C:\Program Files\Windows Sidebar\sidebar.exe[3048] C:\Windows\system32\USER32.dll!FindWindowExW + 9 00000000773b8d29 3 bytes [00, 50, C3] .text C:\Program Files\Windows Sidebar\sidebar.exe[3048] C:\Windows\system32\USER32.dll!MessageBoxExA + 1 0000000077401371 11 bytes [B8, F9, B7, 1D, 74, 00, 00, ...] .text C:\Program Files\Windows Sidebar\sidebar.exe[3048] C:\Windows\system32\USER32.dll!MessageBoxExW + 1 0000000077401395 11 bytes [B8, B9, B9, 1D, 74, 00, 00, ...] .text C:\Program Files\Windows Sidebar\sidebar.exe[3048] C:\Windows\system32\USER32.dll!SetWindowTextA + 1 000000007740d379 11 bytes [B8, 79, BB, 1D, 74, 00, 00, ...] .text C:\Program Files\Windows Sidebar\sidebar.exe[3048] C:\Windows\system32\USER32.dll!FindWindowExA + 1 000000007740dae1 7 bytes [B8, 39, D2, 1D, 74, 00, 00] .text C:\Program Files\Windows Sidebar\sidebar.exe[3048] C:\Windows\system32\USER32.dll!FindWindowExA + 9 000000007740dae9 3 bytes [00, 50, C3] .text C:\Program Files\Windows Sidebar\sidebar.exe[3048] C:\Windows\system32\SHELL32.dll!Shell_NotifyIconW + 1 000007fefea2dc51 11 bytes [B8, B9, 8F, 1D, 74, 00, 00, ...] .text C:\Program Files\Windows Sidebar\sidebar.exe[3048] C:\Windows\system32\urlmon.dll!URLDownloadToCacheFileW 0000000077272e40 12 bytes [48, B8, F9, 6A, 1D, 74, 00, ...] .text C:\Program Files\Windows Sidebar\sidebar.exe[3048] C:\Windows\system32\urlmon.dll!URLDownloadToFileW + 1 0000000077276001 11 bytes [B8, 39, 69, 1D, 74, 00, 00, ...] .text C:\Program Files\Windows Sidebar\sidebar.exe[3048] C:\Windows\system32\WS2_32.dll!WSASend + 1 000007fefe4d13b1 11 bytes [B8, 39, C4, 1D, 74, 00, 00, ...] .text C:\Program Files\Windows Sidebar\sidebar.exe[3048] C:\Windows\system32\WS2_32.dll!closesocket 000007fefe4d18e0 12 bytes [48, B8, 79, C2, 1D, 74, 00, ...] .text C:\Program Files\Windows Sidebar\sidebar.exe[3048] C:\Windows\system32\WS2_32.dll!WSASocketW + 1 000007fefe4d1bd1 11 bytes [B8, B9, C0, 1D, 74, 00, 00, ...] .text C:\Program Files\Windows Sidebar\sidebar.exe[3048] C:\Windows\system32\WS2_32.dll!GetAddrInfoW 000007fefe4d23c0 12 bytes [48, B8, B9, AB, 1D, 74, 00, ...] .text C:\Program Files\Windows Sidebar\sidebar.exe[3048] C:\Windows\system32\WS2_32.dll!connect 000007fefe4d45c0 12 bytes [48, B8, B9, 6C, 1D, 74, 00, ...] .text C:\Program Files\Windows Sidebar\sidebar.exe[3048] C:\Windows\system32\WS2_32.dll!send + 1 000007fefe4d8001 11 bytes [B8, F9, BE, 1D, 74, 00, 00, ...] .text C:\Program Files\Windows Sidebar\sidebar.exe[3048] C:\Windows\system32\WS2_32.dll!gethostbyname 000007fefe4d8df0 7 bytes [48, B8, 79, AD, 1D, 74, 00] .text C:\Program Files\Windows Sidebar\sidebar.exe[3048] C:\Windows\system32\WS2_32.dll!gethostbyname + 9 000007fefe4d8df9 3 bytes [00, 50, C3] .text C:\Program Files\Windows Sidebar\sidebar.exe[3048] C:\Windows\system32\d3d10.dll!D3D10CreateDeviceAndSwapChain 000007fef02db448 12 bytes [48, B8, F9, 94, 1D, 74, 00, ...] .text C:\Windows\System32\WUDFHost.exe[2532] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateProcessParametersEx + 1 00000000774c92a1 5 bytes [B8, 79, 6E, 1D, 74] .text C:\Windows\System32\WUDFHost.exe[2532] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateProcessParametersEx + 7 00000000774c92a7 5 bytes [00, 00, 00, 50, C3] .text C:\Windows\System32\WUDFHost.exe[2532] C:\Windows\SYSTEM32\ntdll.dll!NtClose 00000000774e1400 6 bytes [48, B8, F9, DA, 1D, 74] .text C:\Windows\System32\WUDFHost.exe[2532] C:\Windows\SYSTEM32\ntdll.dll!NtClose + 8 00000000774e1408 4 bytes [00, 00, 50, C3] .text C:\Windows\System32\WUDFHost.exe[2532] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess 00000000774e14d0 6 bytes [48, B8, B9, C7, 1D, 74] .text C:\Windows\System32\WUDFHost.exe[2532] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess + 8 00000000774e14d8 4 bytes [00, 00, 50, C3] .text C:\Windows\System32\WUDFHost.exe[2532] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000774e1570 6 bytes [48, B8, 79, 3D, 1D, 74] .text C:\Windows\System32\WUDFHost.exe[2532] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess + 8 00000000774e1578 4 bytes [00, 00, 50, C3] .text C:\Windows\System32\WUDFHost.exe[2532] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 00000000774e1590 6 bytes [48, B8, 39, 1C, 1D, 74] .text C:\Windows\System32\WUDFHost.exe[2532] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection + 8 00000000774e1598 4 bytes [00, 00, 50, C3] .text C:\Windows\System32\WUDFHost.exe[2532] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection 00000000774e15b0 6 bytes [48, B8, F9, 1D, 1D, 74] .text C:\Windows\System32\WUDFHost.exe[2532] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection + 8 00000000774e15b8 4 bytes [00, 00, 50, C3] .text C:\Windows\System32\WUDFHost.exe[2532] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000774e15d0 6 bytes [48, B8, F9, C5, 1D, 74] .text C:\Windows\System32\WUDFHost.exe[2532] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess + 8 00000000774e15d8 4 bytes [00, 00, 50, C3] .text C:\Windows\System32\WUDFHost.exe[2532] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000774e1680 6 bytes [48, B8, B9, EA, 1D, 74] .text C:\Windows\System32\WUDFHost.exe[2532] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection + 8 00000000774e1688 4 bytes [00, 00, 50, C3] .text C:\Windows\System32\WUDFHost.exe[2532] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000774e16b0 6 bytes [48, B8, F9, 39, 1D, 74] .text C:\Windows\System32\WUDFHost.exe[2532] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory + 8 00000000774e16b8 4 bytes [00, 00, 50, C3] .text C:\Windows\System32\WUDFHost.exe[2532] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000774e16d0 6 bytes [48, B8, F9, 40, 1D, 74] .text C:\Windows\System32\WUDFHost.exe[2532] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject + 8 00000000774e16d8 4 bytes [00, 00, 50, C3] .text C:\Windows\System32\WUDFHost.exe[2532] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 00000000774e1760 6 bytes [48, B8, 39, 3F, 1D, 74] .text C:\Windows\System32\WUDFHost.exe[2532] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread + 8 00000000774e1768 4 bytes [00, 00, 50, C3] .text C:\Windows\System32\WUDFHost.exe[2532] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000774e17b0 6 bytes [48, B8, 79, EC, 1D, 74] .text C:\Windows\System32\WUDFHost.exe[2532] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection + 8 00000000774e17b8 4 bytes [00, 00, 50, C3] .text C:\Windows\System32\WUDFHost.exe[2532] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcessEx 00000000774e17e0 6 bytes [48, B8, B9, 34, 1D, 74] .text C:\Windows\System32\WUDFHost.exe[2532] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcessEx + 8 00000000774e17e8 4 bytes [00, 00, 50, C3] .text C:\Windows\System32\WUDFHost.exe[2532] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000774e17f0 6 bytes [48, B8, 39, 31, 1D, 74] .text C:\Windows\System32\WUDFHost.exe[2532] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread + 8 00000000774e17f8 4 bytes [00, 00, 50, C3] .text C:\Windows\System32\WUDFHost.exe[2532] C:\Windows\SYSTEM32\ntdll.dll!NtSetValueKey 00000000774e1910 6 bytes [48, B8, F9, EF, 1D, 74] .text C:\Windows\System32\WUDFHost.exe[2532] C:\Windows\SYSTEM32\ntdll.dll!NtSetValueKey + 8 00000000774e1918 4 bytes [00, 00, 50, C3] .text C:\Windows\System32\WUDFHost.exe[2532] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000774e1ce0 6 bytes [48, B8, 79, E5, 1D, 74] .text C:\Windows\System32\WUDFHost.exe[2532] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant + 8 00000000774e1ce8 4 bytes [00, 00, 50, C3] .text C:\Windows\System32\WUDFHost.exe[2532] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcess 00000000774e1d30 6 bytes [48, B8, F9, 32, 1D, 74] .text C:\Windows\System32\WUDFHost.exe[2532] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcess + 8 00000000774e1d38 4 bytes [00, 00, 50, C3] .text C:\Windows\System32\WUDFHost.exe[2532] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000774e1d90 6 bytes [48, B8, 79, 2F, 1D, 74] .text C:\Windows\System32\WUDFHost.exe[2532] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx + 8 00000000774e1d98 4 bytes [00, 00, 50, C3] .text C:\Windows\System32\WUDFHost.exe[2532] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000774e2100 6 bytes [48, B8, 39, E7, 1D, 74] .text C:\Windows\System32\WUDFHost.exe[2532] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver + 8 00000000774e2108 4 bytes [00, 00, 50, C3] .text C:\Windows\System32\WUDFHost.exe[2532] C:\Windows\SYSTEM32\ntdll.dll!NtRaiseHardError 00000000774e2640 6 bytes [48, B8, B9, 88, 1D, 74] .text C:\Windows\System32\WUDFHost.exe[2532] C:\Windows\SYSTEM32\ntdll.dll!NtRaiseHardError + 8 00000000774e2648 4 bytes [00, 00, 50, C3] .text C:\Windows\System32\WUDFHost.exe[2532] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000774e2840 6 bytes [48, B8, B9, 3B, 1D, 74] .text C:\Windows\System32\WUDFHost.exe[2532] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread + 8 00000000774e2848 4 bytes [00, 00, 50, C3] .text C:\Windows\System32\WUDFHost.exe[2532] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000774e2a00 6 bytes [48, B8, F9, E8, 1D, 74] .text C:\Windows\System32\WUDFHost.exe[2532] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation + 8 00000000774e2a08 4 bytes [00, 00, 50, C3] .text C:\Windows\System32\WUDFHost.exe[2532] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000774e2b00 6 bytes [48, B8, 39, EE, 1D, 74] .text C:\Windows\System32\WUDFHost.exe[2532] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl + 8 00000000774e2b08 4 bytes [00, 00, 50, C3] .text C:\Windows\System32\WUDFHost.exe[2532] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000774e2be0 6 bytes [48, B8, 39, E0, 1D, 74] .text C:\Windows\System32\WUDFHost.exe[2532] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl + 8 00000000774e2be8 4 bytes [00, 00, 50, C3] .text C:\Windows\System32\WUDFHost.exe[2532] C:\Windows\SYSTEM32\ntdll.dll!RtlReportException + 1 00000000775531f1 11 bytes [B8, 79, 8A, 1D, 74, 00, 00, ...] .text C:\Windows\System32\WUDFHost.exe[2532] C:\Windows\system32\kernel32.dll!Process32NextW + 1 0000000076fc20f1 11 bytes [B8, 39, D9, 1D, 74, 00, 00, ...] .text C:\Windows\System32\WUDFHost.exe[2532] C:\Windows\system32\kernel32.dll!CreateToolhelp32Snapshot 0000000076fc21e0 12 bytes [48, B8, 79, 44, 1D, 74, 00, ...] .text C:\Windows\System32\WUDFHost.exe[2532] C:\Windows\system32\kernel32.dll!CopyFileExW + 1 0000000076fd23d1 11 bytes [B8, 79, 21, 1D, 74, 00, 00, ...] .text C:\Windows\System32\WUDFHost.exe[2532] C:\Windows\system32\kernel32.dll!CreateProcessInternalW 0000000076fde750 12 bytes [48, B8, 39, 38, 1D, 74, 00, ...] .text C:\Windows\System32\WUDFHost.exe[2532] C:\Windows\system32\kernel32.dll!GetStartupInfoA + 1 0000000076fe1e31 11 bytes [B8, 79, DE, 1D, 74, 00, 00, ...] .text C:\Windows\System32\WUDFHost.exe[2532] C:\Windows\system32\kernel32.dll!ReadConsoleInputW + 1 0000000077015011 11 bytes [B8, F9, 7F, 1D, 74, 00, 00, ...] .text C:\Windows\System32\WUDFHost.exe[2532] C:\Windows\system32\kernel32.dll!ReadConsoleInputA + 1 0000000077015031 11 bytes [B8, 79, 7C, 1D, 74, 00, 00, ...] .text C:\Windows\System32\WUDFHost.exe[2532] C:\Windows\system32\kernel32.dll!ReadConsoleW 000000007702a560 12 bytes [48, B8, F9, 86, 1D, 74, 00, ...] .text C:\Windows\System32\WUDFHost.exe[2532] C:\Windows\system32\kernel32.dll!ReadConsoleA 000000007702a670 12 bytes [48, B8, 79, 83, 1D, 74, 00, ...] .text C:\Windows\System32\WUDFHost.exe[2532] C:\Windows\system32\kernel32.dll!MoveFileWithProgressW + 1 000000007704f6c1 11 bytes [B8, 79, 28, 1D, 74, 00, 00, ...] .text C:\Windows\System32\WUDFHost.exe[2532] C:\Windows\system32\KERNELBASE.dll!CloseHandle + 1 000007fefdbb1861 11 bytes [B8, B9, 57, 1D, 74, 00, 00, ...] .text C:\Windows\System32\WUDFHost.exe[2532] C:\Windows\system32\KERNELBASE.dll!GetProcAddress + 1 000007fefdbb30f1 11 bytes [B8, B9, CE, 1D, 74, 00, 00, ...] .text C:\Windows\System32\WUDFHost.exe[2532] C:\Windows\system32\KERNELBASE.dll!CreateMutexW 000007fefdbb8b80 12 bytes [48, B8, F9, 55, 1D, 74, 00, ...] .text C:\Windows\System32\WUDFHost.exe[2532] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefdbb9940 12 bytes [48, B8, 39, CB, 1D, 74, 00, ...] .text C:\Windows\System32\WUDFHost.exe[2532] C:\Windows\system32\KERNELBASE.dll!FreeLibrary + 1 000007fefdbb9fb1 11 bytes [B8, F9, CC, 1D, 74, 00, 00, ...] .text C:\Windows\System32\WUDFHost.exe[2532] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExA + 1 000007fefdbbbbb1 11 bytes [B8, 79, C9, 1D, 74, 00, 00, ...] .text C:\Windows\System32\WUDFHost.exe[2532] C:\Windows\system32\KERNELBASE.dll!OpenMutexW + 1 000007fefdbc29c1 11 bytes [B8, 39, 54, 1D, 74, 00, 00, ...] .text C:\Windows\System32\WUDFHost.exe[2532] C:\Windows\system32\KERNELBASE.dll!WriteProcessMemory 000007fefdbe4320 12 bytes [48, B8, F9, 47, 1D, 74, 00, ...] .text C:\Windows\System32\WUDFHost.exe[2532] C:\Windows\system32\KERNELBASE.dll!CreateRemoteThread + 1 000007fefdbf2841 8 bytes [B8, B9, 2D, 1D, 74, 00, 00, ...] .text C:\Windows\System32\WUDFHost.exe[2532] C:\Windows\system32\KERNELBASE.dll!CreateRemoteThread + 10 000007fefdbf284a 2 bytes [50, C3] .text C:\Windows\System32\WUDFHost.exe[2532] C:\Windows\system32\KERNELBASE.dll!CreateThread + 1 000007fefdbf2881 11 bytes [B8, 39, 46, 1D, 74, 00, 00, ...] .text C:\Windows\System32\WUDFHost.exe[2532] C:\Windows\system32\ADVAPI32.dll!IsTextUnicode + 65 000007fefe550761 11 bytes [B8, B9, F1, 1D, 74, 00, 00, ...] .text C:\Windows\System32\WUDFHost.exe[2532] C:\Windows\system32\ADVAPI32.dll!CreateServiceW 000007fefe553b44 12 bytes [48, B8, F9, 71, 1D, 74, 00, ...] .text C:\Windows\System32\WUDFHost.exe[2532] C:\Windows\system32\ADVAPI32.dll!CreateServiceA 000007fefe56b704 12 bytes [48, B8, 39, 70, 1D, 74, 00, ...] .text C:\Windows\System32\WUDFHost.exe[2532] C:\Windows\system32\ADVAPI32.dll!ChangeServiceConfigW 000007fefe56b870 12 bytes [48, B8, B9, 65, 1D, 74, 00, ...] .text C:\Windows\System32\WUDFHost.exe[2532] C:\Windows\system32\ADVAPI32.dll!ChangeServiceConfigA 000007fefe56b8dc 12 bytes [48, B8, F9, 63, 1D, 74, 00, ...] .text C:\Windows\System32\WUDFHost.exe[2532] C:\Windows\SYSTEM32\sechost.dll!ControlService + 1 000007fefdf3642d 11 bytes [B8, 79, 60, 1D, 74, 00, 00, ...] .text C:\Windows\System32\WUDFHost.exe[2532] C:\Windows\SYSTEM32\sechost.dll!OpenServiceW 000007fefdf36484 12 bytes [48, B8, 39, 5B, 1D, 74, 00, ...] .text C:\Windows\System32\WUDFHost.exe[2532] C:\Windows\SYSTEM32\sechost.dll!CloseServiceHandle + 1 000007fefdf36519 11 bytes [B8, 79, 67, 1D, 74, 00, 00, ...] .text C:\Windows\System32\WUDFHost.exe[2532] C:\Windows\SYSTEM32\sechost.dll!OpenServiceA 000007fefdf36c34 12 bytes [48, B8, 79, 59, 1D, 74, 00, ...] .text C:\Windows\System32\WUDFHost.exe[2532] C:\Windows\SYSTEM32\sechost.dll!DeleteService + 1 000007fefdf37ab5 11 bytes [B8, 39, 62, 1D, 74, 00, 00, ...] .text C:\Windows\System32\WUDFHost.exe[2532] C:\Windows\SYSTEM32\sechost.dll!ControlServiceExA + 1 000007fefdf38b01 11 bytes [B8, F9, 5C, 1D, 74, 00, 00, ...] .text C:\Windows\System32\WUDFHost.exe[2532] C:\Windows\SYSTEM32\sechost.dll!ControlServiceExW + 1 000007fefdf38c39 11 bytes [B8, B9, 5E, 1D, 74, 00, 00, ...] .text C:\Windows\System32\WUDFHost.exe[2532] C:\Windows\system32\USER32.dll!CreateWindowExA 000000007739a2e0 12 bytes [48, B8, F9, B0, 1D, 74, 00, ...] .text C:\Windows\System32\WUDFHost.exe[2532] C:\Windows\system32\USER32.dll!PostMessageA + 1 000000007739a405 11 bytes [B8, F9, E1, 1D, 74, 00, 00, ...] .text C:\Windows\System32\WUDFHost.exe[2532] C:\Windows\system32\USER32.dll!CallNextHookEx + 1 000000007739bae1 11 bytes [B8, 39, 8C, 1D, 74, 00, 00, ...] .text C:\Windows\System32\WUDFHost.exe[2532] C:\Windows\system32\USER32.dll!FindWindowW + 1 000000007739d265 7 bytes [B8, F9, D3, 1D, 74, 00, 00] .text C:\Windows\System32\WUDFHost.exe[2532] C:\Windows\system32\USER32.dll!FindWindowW + 9 000000007739d26d 3 bytes [00, 50, C3] .text C:\Windows\System32\WUDFHost.exe[2532] C:\Windows\system32\USER32.dll!UnhookWindowsHookEx 000000007739d440 6 bytes [48, B8, F9, 8D, 1D, 74] .text C:\Windows\System32\WUDFHost.exe[2532] C:\Windows\system32\USER32.dll!UnhookWindowsHookEx + 8 000000007739d448 4 bytes [00, 00, 50, C3] .text C:\Windows\System32\WUDFHost.exe[2532] C:\Windows\system32\USER32.dll!SetWindowsHookExW + 1 000000007739f875 7 bytes [B8, F9, 2B, 1D, 74, 00, 00] .text C:\Windows\System32\WUDFHost.exe[2532] C:\Windows\system32\USER32.dll!SetWindowsHookExW + 9 000000007739f87d 3 bytes [00, 50, C3] .text C:\Windows\System32\WUDFHost.exe[2532] C:\Windows\system32\USER32.dll!CreateWindowExW 00000000773a0810 12 bytes [48, B8, 39, AF, 1D, 74, 00, ...] .text C:\Windows\System32\WUDFHost.exe[2532] C:\Windows\system32\USER32.dll!ShowWindow 00000000773a1930 6 bytes [48, B8, B9, B2, 1D, 74] .text C:\Windows\System32\WUDFHost.exe[2532] C:\Windows\system32\USER32.dll!ShowWindow + 8 00000000773a1938 4 bytes [00, 00, 50, C3] .text C:\Windows\System32\WUDFHost.exe[2532] C:\Windows\system32\USER32.dll!PeekMessageA + 1 00000000773a3a19 11 bytes [B8, 39, 77, 1D, 74, 00, 00, ...] .text C:\Windows\System32\WUDFHost.exe[2532] C:\Windows\system32\USER32.dll!GetMessageA + 1 00000000773a6111 11 bytes [B8, B9, 73, 1D, 74, 00, 00, ...] .text C:\Windows\System32\WUDFHost.exe[2532] C:\Windows\system32\USER32.dll!SetWindowTextW + 1 00000000773a7055 11 bytes [B8, 39, BD, 1D, 74, 00, 00, ...] .text C:\Windows\System32\WUDFHost.exe[2532] C:\Windows\system32\USER32.dll!PostMessageW + 1 00000000773a76e5 11 bytes [B8, B9, E3, 1D, 74, 00, 00, ...] .text C:\Windows\System32\WUDFHost.exe[2532] C:\Windows\system32\USER32.dll!PeekMessageW + 1 00000000773a8fd1 11 bytes [B8, F9, 78, 1D, 74, 00, 00, ...] .text C:\Windows\System32\WUDFHost.exe[2532] C:\Windows\system32\USER32.dll!GetMessageW 00000000773a9e74 12 bytes [48, B8, 79, 75, 1D, 74, 00, ...] .text C:\Windows\System32\WUDFHost.exe[2532] C:\Windows\system32\USER32.dll!UserClientDllInitialize + 1 00000000773aa2c9 11 bytes [B8, 79, F3, 1D, 74, 00, 00, ...] .text C:\Windows\System32\WUDFHost.exe[2532] C:\Windows\system32\USER32.dll!DialogBoxIndirectParamAorW + 1 00000000773b4efd 11 bytes [B8, 39, B6, 1D, 74, 00, 00, ...] .text C:\Windows\System32\WUDFHost.exe[2532] C:\Windows\system32\USER32.dll!CreateDialogIndirectParamAorW + 1 00000000773b7469 11 bytes [B8, 79, B4, 1D, 74, 00, 00, ...] .text C:\Windows\System32\WUDFHost.exe[2532] C:\Windows\system32\USER32.dll!FindWindowA + 1 00000000773b8271 7 bytes [B8, 79, D0, 1D, 74, 00, 00] .text C:\Windows\System32\WUDFHost.exe[2532] C:\Windows\system32\USER32.dll!FindWindowA + 9 00000000773b8279 3 bytes [00, 50, C3] .text C:\Windows\System32\WUDFHost.exe[2532] C:\Windows\system32\USER32.dll!SetWindowsHookExA + 1 00000000773b8c21 8 bytes [B8, 39, 2A, 1D, 74, 00, 00, ...] .text C:\Windows\System32\WUDFHost.exe[2532] C:\Windows\system32\USER32.dll!SetWindowsHookExA + 10 00000000773b8c2a 2 bytes [50, C3] .text C:\Windows\System32\WUDFHost.exe[2532] C:\Windows\system32\USER32.dll!FindWindowExW + 1 00000000773b8d21 7 bytes [B8, B9, D5, 1D, 74, 00, 00] .text C:\Windows\System32\WUDFHost.exe[2532] C:\Windows\system32\USER32.dll!FindWindowExW + 9 00000000773b8d29 3 bytes [00, 50, C3] .text C:\Windows\System32\WUDFHost.exe[2532] C:\Windows\system32\USER32.dll!MessageBoxExA + 1 0000000077401371 11 bytes [B8, F9, B7, 1D, 74, 00, 00, ...] .text C:\Windows\System32\WUDFHost.exe[2532] C:\Windows\system32\USER32.dll!MessageBoxExW + 1 0000000077401395 11 bytes [B8, B9, B9, 1D, 74, 00, 00, ...] .text C:\Windows\System32\WUDFHost.exe[2532] C:\Windows\system32\USER32.dll!SetWindowTextA + 1 000000007740d379 11 bytes [B8, 79, BB, 1D, 74, 00, 00, ...] .text C:\Windows\System32\WUDFHost.exe[2532] C:\Windows\system32\USER32.dll!FindWindowExA + 1 000000007740dae1 7 bytes [B8, 39, D2, 1D, 74, 00, 00] .text C:\Windows\System32\WUDFHost.exe[2532] C:\Windows\system32\USER32.dll!FindWindowExA + 9 000000007740dae9 3 bytes [00, 50, C3] .text C:\Program Files\Windows Media Player\wmpnetwk.exe[3996] C:\Windows\system32\kernel32.dll!Process32NextW + 1 0000000076fc20f1 11 bytes [B8, 39, D9, 1D, 74, 00, 00, ...] .text C:\Program Files\Windows Media Player\wmpnetwk.exe[3996] C:\Windows\system32\kernel32.dll!CreateToolhelp32Snapshot 0000000076fc21e0 12 bytes [48, B8, 79, 44, 1D, 74, 00, ...] .text C:\Program Files\Windows Media Player\wmpnetwk.exe[3996] C:\Windows\system32\kernel32.dll!CopyFileExW + 1 0000000076fd23d1 11 bytes [B8, 79, 21, 1D, 74, 00, 00, ...] .text C:\Program Files\Windows Media Player\wmpnetwk.exe[3996] C:\Windows\system32\kernel32.dll!CreateProcessInternalW 0000000076fde750 12 bytes [48, B8, 39, 38, 1D, 74, 00, ...] .text C:\Program Files\Windows Media Player\wmpnetwk.exe[3996] C:\Windows\system32\kernel32.dll!GetStartupInfoA + 1 0000000076fe1e31 11 bytes [B8, 79, DE, 1D, 74, 00, 00, ...] .text C:\Program Files\Windows Media Player\wmpnetwk.exe[3996] C:\Windows\system32\kernel32.dll!ReadConsoleInputW + 1 0000000077015011 11 bytes [B8, F9, 7F, 1D, 74, 00, 00, ...] .text C:\Program Files\Windows Media Player\wmpnetwk.exe[3996] C:\Windows\system32\kernel32.dll!ReadConsoleInputA + 1 0000000077015031 11 bytes [B8, 79, 7C, 1D, 74, 00, 00, ...] .text C:\Program Files\Windows Media Player\wmpnetwk.exe[3996] C:\Windows\system32\kernel32.dll!ReadConsoleW 000000007702a560 12 bytes [48, B8, F9, 86, 1D, 74, 00, ...] .text C:\Program Files\Windows Media Player\wmpnetwk.exe[3996] C:\Windows\system32\kernel32.dll!ReadConsoleA 000000007702a670 12 bytes [48, B8, 79, 83, 1D, 74, 00, ...] .text C:\Program Files\Windows Media Player\wmpnetwk.exe[3996] C:\Windows\system32\kernel32.dll!MoveFileWithProgressW + 1 000000007704f6c1 11 bytes [B8, 79, 28, 1D, 74, 00, 00, ...] .text C:\Windows\System32\svchost.exe[3120] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateProcessParametersEx + 1 00000000774c92a1 5 bytes [B8, 79, 6E, 1D, 74] .text C:\Windows\System32\svchost.exe[3120] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateProcessParametersEx + 7 00000000774c92a7 5 bytes [00, 00, 00, 50, C3] .text C:\Windows\System32\svchost.exe[3120] C:\Windows\SYSTEM32\ntdll.dll!NtClose 00000000774e1400 6 bytes [48, B8, F9, DA, 1D, 74] .text C:\Windows\System32\svchost.exe[3120] C:\Windows\SYSTEM32\ntdll.dll!NtClose + 8 00000000774e1408 4 bytes [00, 00, 50, C3] .text C:\Windows\System32\svchost.exe[3120] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess 00000000774e14d0 6 bytes [48, B8, B9, C7, 1D, 74] .text C:\Windows\System32\svchost.exe[3120] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess + 8 00000000774e14d8 4 bytes [00, 00, 50, C3] .text C:\Windows\System32\svchost.exe[3120] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000774e1570 6 bytes [48, B8, 79, 3D, 1D, 74] .text C:\Windows\System32\svchost.exe[3120] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess + 8 00000000774e1578 4 bytes [00, 00, 50, C3] .text C:\Windows\System32\svchost.exe[3120] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 00000000774e1590 6 bytes [48, B8, 39, 1C, 1D, 74] .text C:\Windows\System32\svchost.exe[3120] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection + 8 00000000774e1598 4 bytes [00, 00, 50, C3] .text C:\Windows\System32\svchost.exe[3120] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection 00000000774e15b0 6 bytes [48, B8, F9, 1D, 1D, 74] .text C:\Windows\System32\svchost.exe[3120] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection + 8 00000000774e15b8 4 bytes [00, 00, 50, C3] .text C:\Windows\System32\svchost.exe[3120] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000774e15d0 6 bytes [48, B8, F9, C5, 1D, 74] .text C:\Windows\System32\svchost.exe[3120] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess + 8 00000000774e15d8 4 bytes [00, 00, 50, C3] .text C:\Windows\System32\svchost.exe[3120] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000774e1680 6 bytes [48, B8, B9, EA, 1D, 74] .text C:\Windows\System32\svchost.exe[3120] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection + 8 00000000774e1688 4 bytes [00, 00, 50, C3] .text C:\Windows\System32\svchost.exe[3120] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000774e16b0 6 bytes [48, B8, F9, 39, 1D, 74] .text C:\Windows\System32\svchost.exe[3120] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory + 8 00000000774e16b8 4 bytes [00, 00, 50, C3] .text C:\Windows\System32\svchost.exe[3120] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000774e16d0 6 bytes [48, B8, F9, 40, 1D, 74] .text C:\Windows\System32\svchost.exe[3120] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject + 8 00000000774e16d8 4 bytes [00, 00, 50, C3] .text C:\Windows\System32\svchost.exe[3120] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 00000000774e1760 6 bytes [48, B8, 39, 3F, 1D, 74] .text C:\Windows\System32\svchost.exe[3120] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread + 8 00000000774e1768 4 bytes [00, 00, 50, C3] .text C:\Windows\System32\svchost.exe[3120] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000774e17b0 6 bytes [48, B8, 79, EC, 1D, 74] .text C:\Windows\System32\svchost.exe[3120] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection + 8 00000000774e17b8 4 bytes [00, 00, 50, C3] .text C:\Windows\System32\svchost.exe[3120] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcessEx 00000000774e17e0 6 bytes [48, B8, B9, 34, 1D, 74] .text C:\Windows\System32\svchost.exe[3120] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcessEx + 8 00000000774e17e8 4 bytes [00, 00, 50, C3] .text C:\Windows\System32\svchost.exe[3120] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000774e17f0 6 bytes [48, B8, 39, 31, 1D, 74] .text C:\Windows\System32\svchost.exe[3120] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread + 8 00000000774e17f8 4 bytes [00, 00, 50, C3] .text C:\Windows\System32\svchost.exe[3120] C:\Windows\SYSTEM32\ntdll.dll!NtSetValueKey 00000000774e1910 6 bytes [48, B8, F9, EF, 1D, 74] .text C:\Windows\System32\svchost.exe[3120] C:\Windows\SYSTEM32\ntdll.dll!NtSetValueKey + 8 00000000774e1918 4 bytes [00, 00, 50, C3] .text C:\Windows\System32\svchost.exe[3120] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000774e1ce0 6 bytes [48, B8, 79, E5, 1D, 74] .text C:\Windows\System32\svchost.exe[3120] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant + 8 00000000774e1ce8 4 bytes [00, 00, 50, C3] .text C:\Windows\System32\svchost.exe[3120] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcess 00000000774e1d30 6 bytes [48, B8, F9, 32, 1D, 74] .text C:\Windows\System32\svchost.exe[3120] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcess + 8 00000000774e1d38 4 bytes [00, 00, 50, C3] .text C:\Windows\System32\svchost.exe[3120] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000774e1d90 6 bytes [48, B8, 79, 2F, 1D, 74] .text C:\Windows\System32\svchost.exe[3120] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx + 8 00000000774e1d98 4 bytes [00, 00, 50, C3] .text C:\Windows\System32\svchost.exe[3120] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000774e2100 6 bytes [48, B8, 39, E7, 1D, 74] .text C:\Windows\System32\svchost.exe[3120] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver + 8 00000000774e2108 4 bytes [00, 00, 50, C3] .text C:\Windows\System32\svchost.exe[3120] C:\Windows\SYSTEM32\ntdll.dll!NtRaiseHardError 00000000774e2640 6 bytes [48, B8, B9, 88, 1D, 74] .text C:\Windows\System32\svchost.exe[3120] C:\Windows\SYSTEM32\ntdll.dll!NtRaiseHardError + 8 00000000774e2648 4 bytes [00, 00, 50, C3] .text C:\Windows\System32\svchost.exe[3120] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000774e2840 6 bytes [48, B8, B9, 3B, 1D, 74] .text C:\Windows\System32\svchost.exe[3120] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread + 8 00000000774e2848 4 bytes [00, 00, 50, C3] .text C:\Windows\System32\svchost.exe[3120] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000774e2a00 6 bytes [48, B8, F9, E8, 1D, 74] .text C:\Windows\System32\svchost.exe[3120] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation + 8 00000000774e2a08 4 bytes [00, 00, 50, C3] .text C:\Windows\System32\svchost.exe[3120] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000774e2b00 6 bytes [48, B8, 39, EE, 1D, 74] .text C:\Windows\System32\svchost.exe[3120] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl + 8 00000000774e2b08 4 bytes [00, 00, 50, C3] .text C:\Windows\System32\svchost.exe[3120] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000774e2be0 6 bytes [48, B8, 39, E0, 1D, 74] .text C:\Windows\System32\svchost.exe[3120] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl + 8 00000000774e2be8 4 bytes [00, 00, 50, C3] .text C:\Windows\System32\svchost.exe[3120] C:\Windows\SYSTEM32\ntdll.dll!RtlReportException + 1 00000000775531f1 11 bytes [B8, 79, 8A, 1D, 74, 00, 00, ...] .text C:\Windows\System32\svchost.exe[3120] C:\Windows\system32\kernel32.dll!Process32NextW + 1 0000000076fc20f1 11 bytes [B8, 39, D9, 1D, 74, 00, 00, ...] .text C:\Windows\System32\svchost.exe[3120] C:\Windows\system32\kernel32.dll!CreateToolhelp32Snapshot 0000000076fc21e0 12 bytes [48, B8, 79, 44, 1D, 74, 00, ...] .text C:\Windows\System32\svchost.exe[3120] C:\Windows\system32\kernel32.dll!CopyFileExW + 1 0000000076fd23d1 11 bytes [B8, 79, 21, 1D, 74, 00, 00, ...] .text C:\Windows\System32\svchost.exe[3120] C:\Windows\system32\kernel32.dll!CreateProcessInternalW 0000000076fde750 12 bytes [48, B8, 39, 38, 1D, 74, 00, ...] .text C:\Windows\System32\svchost.exe[3120] C:\Windows\system32\kernel32.dll!GetStartupInfoA + 1 0000000076fe1e31 11 bytes [B8, 79, DE, 1D, 74, 00, 00, ...] .text C:\Windows\System32\svchost.exe[3120] C:\Windows\system32\kernel32.dll!ReadConsoleInputW + 1 0000000077015011 11 bytes [B8, F9, 7F, 1D, 74, 00, 00, ...] .text C:\Windows\System32\svchost.exe[3120] C:\Windows\system32\kernel32.dll!ReadConsoleInputA + 1 0000000077015031 11 bytes [B8, 79, 7C, 1D, 74, 00, 00, ...] .text C:\Windows\System32\svchost.exe[3120] C:\Windows\system32\kernel32.dll!ReadConsoleW 000000007702a560 12 bytes [48, B8, F9, 86, 1D, 74, 00, ...] .text C:\Windows\System32\svchost.exe[3120] C:\Windows\system32\kernel32.dll!ReadConsoleA 000000007702a670 12 bytes [48, B8, 79, 83, 1D, 74, 00, ...] .text C:\Windows\System32\svchost.exe[3120] C:\Windows\system32\kernel32.dll!MoveFileWithProgressW + 1 000000007704f6c1 11 bytes [B8, 79, 28, 1D, 74, 00, 00, ...] .text C:\Windows\System32\svchost.exe[3120] C:\Windows\system32\KERNELBASE.dll!CloseHandle + 1 000007fefdbb1861 11 bytes [B8, B9, 57, 1D, 74, 00, 00, ...] .text C:\Windows\System32\svchost.exe[3120] C:\Windows\system32\KERNELBASE.dll!GetProcAddress + 1 000007fefdbb30f1 11 bytes [B8, B9, CE, 1D, 74, 00, 00, ...] .text C:\Windows\System32\svchost.exe[3120] C:\Windows\system32\KERNELBASE.dll!CreateMutexW 000007fefdbb8b80 12 bytes [48, B8, F9, 55, 1D, 74, 00, ...] .text C:\Windows\System32\svchost.exe[3120] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefdbb9940 12 bytes [48, B8, 39, CB, 1D, 74, 00, ...] .text C:\Windows\System32\svchost.exe[3120] C:\Windows\system32\KERNELBASE.dll!FreeLibrary + 1 000007fefdbb9fb1 11 bytes [B8, F9, CC, 1D, 74, 00, 00, ...] .text C:\Windows\System32\svchost.exe[3120] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExA + 1 000007fefdbbbbb1 11 bytes [B8, 79, C9, 1D, 74, 00, 00, ...] .text C:\Windows\System32\svchost.exe[3120] C:\Windows\system32\KERNELBASE.dll!OpenMutexW + 1 000007fefdbc29c1 11 bytes [B8, 39, 54, 1D, 74, 00, 00, ...] .text C:\Windows\System32\svchost.exe[3120] C:\Windows\system32\KERNELBASE.dll!WriteProcessMemory 000007fefdbe4320 12 bytes [48, B8, F9, 47, 1D, 74, 00, ...] .text C:\Windows\System32\svchost.exe[3120] C:\Windows\system32\KERNELBASE.dll!CreateRemoteThread + 1 000007fefdbf2841 8 bytes [B8, B9, 2D, 1D, 74, 00, 00, ...] .text C:\Windows\System32\svchost.exe[3120] C:\Windows\system32\KERNELBASE.dll!CreateRemoteThread + 10 000007fefdbf284a 2 bytes [50, C3] .text C:\Windows\System32\svchost.exe[3120] C:\Windows\system32\KERNELBASE.dll!CreateThread + 1 000007fefdbf2881 11 bytes [B8, 39, 46, 1D, 74, 00, 00, ...] .text C:\Windows\System32\svchost.exe[3120] C:\Windows\SYSTEM32\sechost.dll!ControlService + 1 000007fefdf3642d 11 bytes [B8, 79, 60, 1D, 74, 00, 00, ...] .text C:\Windows\System32\svchost.exe[3120] C:\Windows\SYSTEM32\sechost.dll!OpenServiceW 000007fefdf36484 12 bytes [48, B8, 39, 5B, 1D, 74, 00, ...] .text C:\Windows\System32\svchost.exe[3120] C:\Windows\SYSTEM32\sechost.dll!CloseServiceHandle + 1 000007fefdf36519 11 bytes [B8, 79, 67, 1D, 74, 00, 00, ...] .text C:\Windows\System32\svchost.exe[3120] C:\Windows\SYSTEM32\sechost.dll!OpenServiceA 000007fefdf36c34 12 bytes [48, B8, 79, 59, 1D, 74, 00, ...] .text C:\Windows\System32\svchost.exe[3120] C:\Windows\SYSTEM32\sechost.dll!DeleteService + 1 000007fefdf37ab5 11 bytes [B8, 39, 62, 1D, 74, 00, 00, ...] .text C:\Windows\System32\svchost.exe[3120] C:\Windows\SYSTEM32\sechost.dll!ControlServiceExA + 1 000007fefdf38b01 11 bytes [B8, F9, 5C, 1D, 74, 00, 00, ...] .text C:\Windows\System32\svchost.exe[3120] C:\Windows\SYSTEM32\sechost.dll!ControlServiceExW + 1 000007fefdf38c39 11 bytes [B8, B9, 5E, 1D, 74, 00, 00, ...] .text C:\Windows\System32\svchost.exe[3120] C:\Windows\system32\WS2_32.dll!WSASend + 1 000007fefe4d13b1 11 bytes [B8, 39, C4, 1D, 74, 00, 00, ...] .text C:\Windows\System32\svchost.exe[3120] C:\Windows\system32\WS2_32.dll!closesocket 000007fefe4d18e0 12 bytes [48, B8, 79, C2, 1D, 74, 00, ...] .text C:\Windows\System32\svchost.exe[3120] C:\Windows\system32\WS2_32.dll!WSASocketW + 1 000007fefe4d1bd1 11 bytes [B8, B9, C0, 1D, 74, 00, 00, ...] .text C:\Windows\System32\svchost.exe[3120] C:\Windows\system32\WS2_32.dll!GetAddrInfoW 000007fefe4d23c0 12 bytes [48, B8, B9, AB, 1D, 74, 00, ...] .text C:\Windows\System32\svchost.exe[3120] C:\Windows\system32\WS2_32.dll!connect 000007fefe4d45c0 12 bytes [48, B8, B9, 6C, 1D, 74, 00, ...] .text C:\Windows\System32\svchost.exe[3120] C:\Windows\system32\WS2_32.dll!send + 1 000007fefe4d8001 11 bytes [B8, F9, BE, 1D, 74, 00, 00, ...] .text C:\Windows\System32\svchost.exe[3120] C:\Windows\system32\WS2_32.dll!gethostbyname 000007fefe4d8df0 7 bytes [48, B8, 79, AD, 1D, 74, 00] .text C:\Windows\System32\svchost.exe[3120] C:\Windows\system32\WS2_32.dll!gethostbyname + 9 000007fefe4d8df9 3 bytes [00, 50, C3] .text C:\Windows\System32\svchost.exe[3120] C:\Windows\system32\USER32.dll!CreateWindowExA 000000007739a2e0 12 bytes [48, B8, F9, B0, 1D, 74, 00, ...] .text C:\Windows\System32\svchost.exe[3120] C:\Windows\system32\USER32.dll!PostMessageA + 1 000000007739a405 11 bytes [B8, F9, E1, 1D, 74, 00, 00, ...] .text C:\Windows\System32\svchost.exe[3120] C:\Windows\system32\USER32.dll!CallNextHookEx + 1 000000007739bae1 11 bytes [B8, 39, 8C, 1D, 74, 00, 00, ...] .text C:\Windows\System32\svchost.exe[3120] C:\Windows\system32\USER32.dll!FindWindowW + 1 000000007739d265 7 bytes [B8, F9, D3, 1D, 74, 00, 00] .text C:\Windows\System32\svchost.exe[3120] C:\Windows\system32\USER32.dll!FindWindowW + 9 000000007739d26d 3 bytes [00, 50, C3] .text C:\Windows\System32\svchost.exe[3120] C:\Windows\system32\USER32.dll!UnhookWindowsHookEx 000000007739d440 6 bytes [48, B8, F9, 8D, 1D, 74] .text C:\Windows\System32\svchost.exe[3120] C:\Windows\system32\USER32.dll!UnhookWindowsHookEx + 8 000000007739d448 4 bytes [00, 00, 50, C3] .text C:\Windows\System32\svchost.exe[3120] C:\Windows\system32\USER32.dll!SetWindowsHookExW + 1 000000007739f875 7 bytes [B8, F9, 2B, 1D, 74, 00, 00] .text C:\Windows\System32\svchost.exe[3120] C:\Windows\system32\USER32.dll!SetWindowsHookExW + 9 000000007739f87d 3 bytes [00, 50, C3] .text C:\Windows\System32\svchost.exe[3120] C:\Windows\system32\USER32.dll!CreateWindowExW 00000000773a0810 12 bytes [48, B8, 39, AF, 1D, 74, 00, ...] .text C:\Windows\System32\svchost.exe[3120] C:\Windows\system32\USER32.dll!ShowWindow 00000000773a1930 6 bytes [48, B8, B9, B2, 1D, 74] .text C:\Windows\System32\svchost.exe[3120] C:\Windows\system32\USER32.dll!ShowWindow + 8 00000000773a1938 4 bytes [00, 00, 50, C3] .text C:\Windows\System32\svchost.exe[3120] C:\Windows\system32\USER32.dll!PeekMessageA + 1 00000000773a3a19 11 bytes [B8, 39, 77, 1D, 74, 00, 00, ...] .text C:\Windows\System32\svchost.exe[3120] C:\Windows\system32\USER32.dll!GetMessageA + 1 00000000773a6111 11 bytes [B8, B9, 73, 1D, 74, 00, 00, ...] .text C:\Windows\System32\svchost.exe[3120] C:\Windows\system32\USER32.dll!SetWindowTextW + 1 00000000773a7055 11 bytes [B8, 39, BD, 1D, 74, 00, 00, ...] .text C:\Windows\System32\svchost.exe[3120] C:\Windows\system32\USER32.dll!PostMessageW + 1 00000000773a76e5 11 bytes [B8, B9, E3, 1D, 74, 00, 00, ...] .text C:\Windows\System32\svchost.exe[3120] C:\Windows\system32\USER32.dll!PeekMessageW + 1 00000000773a8fd1 11 bytes [B8, F9, 78, 1D, 74, 00, 00, ...] .text C:\Windows\System32\svchost.exe[3120] C:\Windows\system32\USER32.dll!GetMessageW 00000000773a9e74 12 bytes [48, B8, 79, 75, 1D, 74, 00, ...] .text C:\Windows\System32\svchost.exe[3120] C:\Windows\system32\USER32.dll!UserClientDllInitialize + 1 00000000773aa2c9 11 bytes [B8, 79, F3, 1D, 74, 00, 00, ...] .text C:\Windows\System32\svchost.exe[3120] C:\Windows\system32\USER32.dll!DialogBoxIndirectParamAorW + 1 00000000773b4efd 11 bytes [B8, 39, B6, 1D, 74, 00, 00, ...] .text C:\Windows\System32\svchost.exe[3120] C:\Windows\system32\USER32.dll!CreateDialogIndirectParamAorW + 1 00000000773b7469 11 bytes [B8, 79, B4, 1D, 74, 00, 00, ...] .text C:\Windows\System32\svchost.exe[3120] C:\Windows\system32\USER32.dll!FindWindowA + 1 00000000773b8271 7 bytes [B8, 79, D0, 1D, 74, 00, 00] .text C:\Windows\System32\svchost.exe[3120] C:\Windows\system32\USER32.dll!FindWindowA + 9 00000000773b8279 3 bytes [00, 50, C3] .text C:\Windows\System32\svchost.exe[3120] C:\Windows\system32\USER32.dll!SetWindowsHookExA + 1 00000000773b8c21 8 bytes [B8, 39, 2A, 1D, 74, 00, 00, ...] .text C:\Windows\System32\svchost.exe[3120] C:\Windows\system32\USER32.dll!SetWindowsHookExA + 10 00000000773b8c2a 2 bytes [50, C3] .text C:\Windows\System32\svchost.exe[3120] C:\Windows\system32\USER32.dll!FindWindowExW + 1 00000000773b8d21 7 bytes [B8, B9, D5, 1D, 74, 00, 00] .text C:\Windows\System32\svchost.exe[3120] C:\Windows\system32\USER32.dll!FindWindowExW + 9 00000000773b8d29 3 bytes [00, 50, C3] .text C:\Windows\System32\svchost.exe[3120] C:\Windows\system32\USER32.dll!MessageBoxExA + 1 0000000077401371 11 bytes [B8, F9, B7, 1D, 74, 00, 00, ...] .text C:\Windows\System32\svchost.exe[3120] C:\Windows\system32\USER32.dll!MessageBoxExW + 1 0000000077401395 11 bytes [B8, B9, B9, 1D, 74, 00, 00, ...] .text C:\Windows\System32\svchost.exe[3120] C:\Windows\system32\USER32.dll!SetWindowTextA + 1 000000007740d379 11 bytes [B8, 79, BB, 1D, 74, 00, 00, ...] .text C:\Windows\System32\svchost.exe[3120] C:\Windows\system32\USER32.dll!FindWindowExA + 1 000000007740dae1 7 bytes [B8, 39, D2, 1D, 74, 00, 00] .text C:\Windows\System32\svchost.exe[3120] C:\Windows\system32\USER32.dll!FindWindowExA + 9 000000007740dae9 3 bytes [00, 50, C3] .text C:\Windows\System32\svchost.exe[3120] C:\Windows\system32\ADVAPI32.dll!IsTextUnicode + 65 000007fefe550761 11 bytes [B8, 39, F5, 1D, 74, 00, 00, ...] .text C:\Windows\System32\svchost.exe[3120] C:\Windows\system32\ADVAPI32.dll!CreateServiceW 000007fefe553b44 12 bytes [48, B8, F9, 71, 1D, 74, 00, ...] .text C:\Windows\System32\svchost.exe[3120] C:\Windows\system32\ADVAPI32.dll!CreateServiceA 000007fefe56b704 12 bytes [48, B8, 39, 70, 1D, 74, 00, ...] .text C:\Windows\System32\svchost.exe[3120] C:\Windows\system32\ADVAPI32.dll!ChangeServiceConfigW 000007fefe56b870 12 bytes [48, B8, B9, 65, 1D, 74, 00, ...] .text C:\Windows\System32\svchost.exe[3120] C:\Windows\system32\ADVAPI32.dll!ChangeServiceConfigA 000007fefe56b8dc 12 bytes [48, B8, F9, 63, 1D, 74, 00, ...] .text C:\Windows\System32\svchost.exe[3120] C:\Windows\system32\SHELL32.dll!Shell_NotifyIconW + 1 000007fefea2dc51 11 bytes [B8, B9, 8F, 1D, 74, 00, 00, ...] .text C:\Users\Olka\Desktop\Nowy folder\OTL.exe[552] C:\Windows\SysWOW64\ntdll.dll!NtReadFile 000000007768f8d0 5 bytes JMP 00000001748360c1 .text C:\Users\Olka\Desktop\Nowy folder\OTL.exe[552] C:\Windows\SysWOW64\ntdll.dll!NtWriteFile 000000007768f908 5 bytes JMP 00000001748366f1 .text C:\Users\Olka\Desktop\Nowy folder\OTL.exe[552] C:\Windows\SysWOW64\ntdll.dll!NtClose 000000007768f9c0 5 bytes JMP 0000000174835f11 .text C:\Users\Olka\Desktop\Nowy folder\OTL.exe[552] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationProcess 000000007768fb08 5 bytes JMP 0000000174835971 .text C:\Users\Olka\Desktop\Nowy folder\OTL.exe[552] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess 000000007768fc00 5 bytes JMP 0000000174833061 .text C:\Users\Olka\Desktop\Nowy folder\OTL.exe[552] C:\Windows\SysWOW64\ntdll.dll!NtMapViewOfSection 000000007768fc30 5 bytes JMP 00000001748315f1 .text C:\Users\Olka\Desktop\Nowy folder\OTL.exe[552] C:\Windows\SysWOW64\ntdll.dll!NtUnmapViewOfSection 000000007768fc60 5 bytes JMP 0000000174831681 .text C:\Users\Olka\Desktop\Nowy folder\OTL.exe[552] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 000000007768fc90 5 bytes JMP 00000001748358e1 .text C:\Users\Olka\Desktop\Nowy folder\OTL.exe[552] C:\Windows\SysWOW64\ntdll.dll!NtOpenSection 000000007768fda8 5 bytes JMP 0000000174836661 .text C:\Users\Olka\Desktop\Nowy folder\OTL.exe[552] C:\Windows\SysWOW64\ntdll.dll!NtWriteVirtualMemory 000000007768fdf4 5 bytes JMP 0000000174832f41 .text C:\Users\Olka\Desktop\Nowy folder\OTL.exe[552] C:\Windows\SysWOW64\ntdll.dll!NtDuplicateObject 000000007768fe24 5 bytes JMP 0000000174833181 .text C:\Users\Olka\Desktop\Nowy folder\OTL.exe[552] C:\Windows\SysWOW64\ntdll.dll!NtQueueApcThread 000000007768ff04 5 bytes JMP 00000001748330f1 .text C:\Users\Olka\Desktop\Nowy folder\OTL.exe[552] C:\Windows\SysWOW64\ntdll.dll!NtCreateSection 000000007768ff84 5 bytes JMP 0000000174836781 .text C:\Users\Olka\Desktop\Nowy folder\OTL.exe[552] C:\Windows\SysWOW64\ntdll.dll!NtCreateProcessEx 000000007768ffcc 5 bytes JMP 0000000174832d91 .text C:\Users\Olka\Desktop\Nowy folder\OTL.exe[552] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread 000000007768ffe4 5 bytes JMP 0000000174832c71 .text C:\Users\Olka\Desktop\Nowy folder\OTL.exe[552] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile 0000000077690094 5 bytes JMP 0000000174831e61 .text C:\Users\Olka\Desktop\Nowy folder\OTL.exe[552] C:\Windows\SysWOW64\ntdll.dll!NtSetValueKey 00000000776901a4 5 bytes JMP 0000000174832251 .text C:\Users\Olka\Desktop\Nowy folder\OTL.exe[552] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant 000000007769077c 5 bytes JMP 00000001748365d1 .text C:\Users\Olka\Desktop\Nowy folder\OTL.exe[552] C:\Windows\SysWOW64\ntdll.dll!NtCreateProcess 00000000776907f4 5 bytes JMP 0000000174832d01 .text C:\Users\Olka\Desktop\Nowy folder\OTL.exe[552] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx 0000000077690884 5 bytes JMP 0000000174832be1 .text C:\Users\Olka\Desktop\Nowy folder\OTL.exe[552] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver 0000000077690dd4 5 bytes JMP 0000000174835fa1 .text C:\Users\Olka\Desktop\Nowy folder\OTL.exe[552] C:\Windows\SysWOW64\ntdll.dll!NtRaiseHardError 00000000776915e4 5 bytes JMP 0000000174834651 .text C:\Users\Olka\Desktop\Nowy folder\OTL.exe[552] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread 0000000077691900 5 bytes JMP 0000000174832fd1 .text C:\Users\Olka\Desktop\Nowy folder\OTL.exe[552] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation 0000000077691bc4 5 bytes JMP 0000000174836031 .text C:\Users\Olka\Desktop\Nowy folder\OTL.exe[552] C:\Windows\SysWOW64\ntdll.dll!NtSystemDebugControl 0000000077691d6c 5 bytes JMP 0000000174836811 .text C:\Users\Olka\Desktop\Nowy folder\OTL.exe[552] C:\Windows\SysWOW64\ntdll.dll!NtVdmControl 0000000077691ec8 5 bytes JMP 0000000174836421 .text C:\Users\Olka\Desktop\Nowy folder\OTL.exe[552] C:\Windows\SysWOW64\ntdll.dll!RtlQueryPerformanceCounter 00000000776a88a4 5 bytes JMP 0000000174831a71 .text C:\Users\Olka\Desktop\Nowy folder\OTL.exe[552] C:\Windows\SysWOW64\ntdll.dll!RtlCreateProcessParametersEx 00000000776d0cfb 5 bytes JMP 0000000174831f81 .text C:\Users\Olka\Desktop\Nowy folder\OTL.exe[552] C:\Windows\SysWOW64\ntdll.dll!RtlReportException 000000007771857f 5 bytes JMP 00000001748346e1 .text C:\Users\Olka\Desktop\Nowy folder\OTL.exe[552] C:\Windows\SysWOW64\ntdll.dll!RtlCreateProcessParameters 000000007771e81b 5 bytes JMP 0000000174831ef1 .text C:\Users\Olka\Desktop\Nowy folder\OTL.exe[552] C:\Windows\syswow64\kernel32.dll!GetStartupInfoA 00000000751a0e00 5 bytes JMP 0000000174831d41 .text C:\Users\Olka\Desktop\Nowy folder\OTL.exe[552] C:\Windows\syswow64\kernel32.dll!CreateProcessA 00000000751a1072 5 bytes JMP 0000000174832911 .text C:\Users\Olka\Desktop\Nowy folder\OTL.exe[552] C:\Windows\syswow64\kernel32.dll!LoadLibraryA 00000000751a49bf 5 bytes JMP 0000000174832521 .text C:\Users\Olka\Desktop\Nowy folder\OTL.exe[552] C:\Windows\syswow64\kernel32.dll!CreateProcessInternalW 00000000751b3bdb 5 bytes JMP 0000000174832eb1 .text C:\Users\Olka\Desktop\Nowy folder\OTL.exe[552] C:\Windows\syswow64\kernel32.dll!CreateToolhelp32Snapshot 00000000751c7347 5 bytes JMP 0000000174832641 .text C:\Users\Olka\Desktop\Nowy folder\OTL.exe[552] C:\Windows\syswow64\kernel32.dll!Process32NextW 00000000751c8954 5 bytes JMP 0000000174835e81 .text C:\Users\Olka\Desktop\Nowy folder\OTL.exe[552] C:\Windows\syswow64\kernel32.dll!WinExec 0000000075222c91 5 bytes JMP 00000001748327f1 .text C:\Users\Olka\Desktop\Nowy folder\OTL.exe[552] C:\Windows\syswow64\kernel32.dll!ReadConsoleInputA 0000000075246f6b 5 bytes JMP 0000000174834261 .text C:\Users\Olka\Desktop\Nowy folder\OTL.exe[552] C:\Windows\syswow64\kernel32.dll!ReadConsoleInputW 0000000075246f8e 5 bytes JMP 0000000174834381 .text C:\Users\Olka\Desktop\Nowy folder\OTL.exe[552] C:\Windows\syswow64\kernel32.dll!ReadConsoleA 0000000075247339 5 bytes JMP 00000001748344a1 .text C:\Users\Olka\Desktop\Nowy folder\OTL.exe[552] C:\Windows\syswow64\kernel32.dll!ReadConsoleW 00000000752473b2 5 bytes JMP 00000001748345c1 .text C:\Users\Olka\Desktop\Nowy folder\OTL.exe[552] C:\Windows\syswow64\KERNELBASE.dll!GetSystemTimeAsFileTime 0000000076648f7d 5 bytes JMP 00000001748319e1 .text C:\Users\Olka\Desktop\Nowy folder\OTL.exe[552] C:\Windows\syswow64\KERNELBASE.dll!CloseHandle 000000007664c428 5 bytes JMP 00000001748337b1 .text C:\Users\Olka\Desktop\Nowy folder\OTL.exe[552] C:\Windows\syswow64\KERNELBASE.dll!WriteProcessMemory 000000007664ec98 5 bytes JMP 00000001748332a1 .text C:\Users\Olka\Desktop\Nowy folder\OTL.exe[552] C:\Windows\syswow64\KERNELBASE.dll!ExitProcess 000000007664f1f8 5 bytes JMP 00000001748322e1 .text C:\Users\Olka\Desktop\Nowy folder\OTL.exe[552] C:\Windows\syswow64\KERNELBASE.dll!GetStartupInfoW 000000007664fa7b 5 bytes JMP 0000000174831dd1 .text C:\Users\Olka\Desktop\Nowy folder\OTL.exe[552] C:\Windows\syswow64\KERNELBASE.dll!CreateMutexW 000000007665134a 5 bytes JMP 0000000174833721 .text C:\Users\Olka\Desktop\Nowy folder\OTL.exe[552] C:\Windows\syswow64\KERNELBASE.dll!OpenMutexW 0000000076651371 5 bytes JMP 0000000174833691 .text C:\Users\Olka\Desktop\Nowy folder\OTL.exe[552] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000076651d1b 5 bytes JMP 0000000174831951 .text C:\Users\Olka\Desktop\Nowy folder\OTL.exe[552] C:\Windows\syswow64\KERNELBASE.dll!GetProcAddress 0000000076651e07 5 bytes JMP 0000000174832401 .text C:\Users\Olka\Desktop\Nowy folder\OTL.exe[552] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000076652aa4 5 bytes JMP 0000000174835a91 .text C:\Users\Olka\Desktop\Nowy folder\OTL.exe[552] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExA 0000000076652ccc 5 bytes JMP 0000000174835a01 .text C:\Users\Olka\Desktop\Nowy folder\OTL.exe[552] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000076652d0a 5 bytes JMP 0000000174835b21 .text C:\Users\Olka\Desktop\Nowy folder\OTL.exe[552] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleA 0000000076652e6d 5 bytes JMP 00000001748318c1 .text C:\Users\Olka\Desktop\Nowy folder\OTL.exe[552] C:\Windows\syswow64\KERNELBASE.dll!SleepEx 0000000076653b63 5 bytes JMP 00000001748321c1 .text C:\Users\Olka\Desktop\Nowy folder\OTL.exe[552] C:\Windows\syswow64\KERNELBASE.dll!Sleep 0000000076654489 5 bytes JMP 0000000174832371 .text C:\Users\Olka\Desktop\Nowy folder\OTL.exe[552] C:\Windows\syswow64\KERNELBASE.dll!CreateThread 00000000766545fb 5 bytes JMP 0000000174833211 .text C:\Users\Olka\Desktop\Nowy folder\OTL.exe[552] C:\Windows\syswow64\KERNELBASE.dll!CreateRemoteThread 0000000076654624 5 bytes JMP 0000000174832b51 .text C:\Users\Olka\Desktop\Nowy folder\OTL.exe[552] C:\Windows\syswow64\KERNELBASE.dll!CreateFileA 000000007665c72c 5 bytes JMP 00000001748326d1 .text C:\Users\Olka\Desktop\Nowy folder\OTL.exe[552] C:\Windows\syswow64\user32.DLL!GetMessageW 0000000074dc78e2 5 bytes JMP 0000000174834021 .text C:\Users\Olka\Desktop\Nowy folder\OTL.exe[552] C:\Windows\syswow64\user32.DLL!GetMessageA 0000000074dc7bd3 5 bytes JMP 0000000174833f91 .text C:\Users\Olka\Desktop\Nowy folder\OTL.exe[552] C:\Windows\syswow64\user32.DLL!CreateWindowExW 0000000074dc8a29 5 bytes JMP 00000001748352b1 .text C:\Users\Olka\Desktop\Nowy folder\OTL.exe[552] C:\Windows\syswow64\user32.DLL!FindWindowW 0000000074dc98fd 5 bytes JMP 0000000174835cd1 .text C:\Users\Olka\Desktop\Nowy folder\OTL.exe[552] C:\Windows\syswow64\user32.DLL!UserClientDllInitialize 0000000074dcb6ed 5 bytes JMP 00000001748368a1 .text C:\Users\Olka\Desktop\Nowy folder\OTL.exe[552] C:\Windows\syswow64\user32.DLL!CreateWindowExA 0000000074dcd22e 5 bytes JMP 0000000174835341 .text C:\Users\Olka\Desktop\Nowy folder\OTL.exe[552] C:\Windows\syswow64\user32.DLL!FindWindowA 0000000074dcffe6 5 bytes JMP 0000000174835bb1 .text C:\Users\Olka\Desktop\Nowy folder\OTL.exe[552] C:\Windows\syswow64\user32.DLL!FindWindowExA 0000000074dd00d9 5 bytes JMP 0000000174835c41 .text C:\Users\Olka\Desktop\Nowy folder\OTL.exe[552] C:\Windows\syswow64\user32.DLL!PeekMessageW 0000000074dd05ba 5 bytes JMP 0000000174834141 .text C:\Users\Olka\Desktop\Nowy folder\OTL.exe[552] C:\Windows\syswow64\user32.DLL!ShowWindow 0000000074dd0dfb 5 bytes JMP 00000001748353d1 .text C:\Users\Olka\Desktop\Nowy folder\OTL.exe[552] C:\Windows\syswow64\user32.DLL!PostMessageW 0000000074dd12a5 5 bytes JMP 0000000174836541 .text C:\Users\Olka\Desktop\Nowy folder\OTL.exe[552] C:\Windows\syswow64\user32.DLL!SetWindowTextW 0000000074dd20ec 5 bytes JMP 0000000174835731 .text C:\Users\Olka\Desktop\Nowy folder\OTL.exe[552] C:\Windows\syswow64\user32.DLL!PostMessageA 0000000074dd3baa 5 bytes JMP 00000001748364b1 .text C:\Users\Olka\Desktop\Nowy folder\OTL.exe[552] C:\Windows\syswow64\user32.DLL!PeekMessageA 0000000074dd5f74 5 bytes JMP 00000001748340b1 .text C:\Users\Olka\Desktop\Nowy folder\OTL.exe[552] C:\Windows\syswow64\user32.DLL!CallNextHookEx 0000000074dd6285 5 bytes JMP 0000000174834771 .text C:\Users\Olka\Desktop\Nowy folder\OTL.exe[552] C:\Windows\syswow64\user32.DLL!SetWindowsHookExW 0000000074dd7603 5 bytes JMP 0000000174832ac1 .text C:\Users\Olka\Desktop\Nowy folder\OTL.exe[552] C:\Windows\syswow64\user32.DLL!SetWindowTextA 0000000074dd7aee 5 bytes JMP 00000001748356a1 .text C:\Users\Olka\Desktop\Nowy folder\OTL.exe[552] C:\Windows\syswow64\user32.DLL!SetWindowsHookExA 0000000074dd835c 5 bytes JMP 0000000174832a31 .text C:\Users\Olka\Desktop\Nowy folder\OTL.exe[552] C:\Windows\syswow64\user32.DLL!DialogBoxIndirectParamAorW 0000000074dece54 5 bytes JMP 00000001748354f1 .text C:\Users\Olka\Desktop\Nowy folder\OTL.exe[552] C:\Windows\syswow64\user32.DLL!UnhookWindowsHookEx 0000000074def52b 5 bytes JMP 0000000174834801 .text C:\Users\Olka\Desktop\Nowy folder\OTL.exe[552] C:\Windows\syswow64\user32.DLL!FindWindowExW 0000000074def588 5 bytes JMP 0000000174835d61 .text C:\Users\Olka\Desktop\Nowy folder\OTL.exe[552] C:\Windows\syswow64\user32.DLL!CreateDialogIndirectParamAorW 0000000074df10a0 5 bytes JMP 0000000174835461 .text C:\Users\Olka\Desktop\Nowy folder\OTL.exe[552] C:\Windows\syswow64\user32.DLL!MessageBoxExA 0000000074e1fcd6 5 bytes JMP 0000000174835581 .text C:\Users\Olka\Desktop\Nowy folder\OTL.exe[552] C:\Windows\syswow64\user32.DLL!MessageBoxExW 0000000074e1fcfa 5 bytes JMP 0000000174835611 .text C:\Users\Olka\Desktop\Nowy folder\OTL.exe[552] C:\Windows\syswow64\msvcrt.dll!_lock + 41 000000007508a472 5 bytes JMP 0000000174836931 .text C:\Users\Olka\Desktop\Nowy folder\OTL.exe[552] C:\Windows\syswow64\msvcrt.dll!__p__fmode 00000000750927ce 5 bytes JMP 0000000174831b91 .text C:\Users\Olka\Desktop\Nowy folder\OTL.exe[552] C:\Windows\syswow64\msvcrt.dll!__p__environ 000000007509e6cf 5 bytes JMP 0000000174831b01 .text C:\Users\Olka\Desktop\Nowy folder\OTL.exe[552] C:\Windows\syswow64\ADVAPI32.dll!OpenServiceW 0000000075f8ca4c 5 bytes JMP 00000001748338d1 .text C:\Users\Olka\Desktop\Nowy folder\OTL.exe[552] C:\Windows\syswow64\ADVAPI32.dll!OpenServiceA 0000000075f92bf0 5 bytes JMP 0000000174833841 .text C:\Users\Olka\Desktop\Nowy folder\OTL.exe[552] C:\Windows\syswow64\ADVAPI32.dll!CloseServiceHandle 0000000075f9369c 5 bytes JMP 0000000174833cc1 .text C:\Users\Olka\Desktop\Nowy folder\OTL.exe[552] C:\Windows\syswow64\ADVAPI32.dll!RegOpenKeyExA + 222 0000000075f949e5 5 bytes JMP 00000001748369c1 .text C:\Users\Olka\Desktop\Nowy folder\OTL.exe[552] C:\Windows\syswow64\ADVAPI32.dll!CreateServiceW 0000000075fa712c 5 bytes JMP 0000000174833f01 .text C:\Users\Olka\Desktop\Nowy folder\OTL.exe[552] C:\Windows\syswow64\ADVAPI32.dll!ControlService 0000000075fa7144 5 bytes JMP 0000000174833a81 .text C:\Users\Olka\Desktop\Nowy folder\OTL.exe[552] C:\Windows\syswow64\ADVAPI32.dll!DeleteService 0000000075fa715c 5 bytes JMP 0000000174833b11 .text C:\Users\Olka\Desktop\Nowy folder\OTL.exe[552] C:\Windows\syswow64\ADVAPI32.dll!ChangeServiceConfigA 0000000075fc30e8 5 bytes JMP 0000000174833ba1 .text C:\Users\Olka\Desktop\Nowy folder\OTL.exe[552] C:\Windows\syswow64\ADVAPI32.dll!ChangeServiceConfigW 0000000075fc30f8 5 bytes JMP 0000000174833c31 .text C:\Users\Olka\Desktop\Nowy folder\OTL.exe[552] C:\Windows\syswow64\ADVAPI32.dll!ControlServiceExA 0000000075fc3108 5 bytes JMP 0000000174833961 .text C:\Users\Olka\Desktop\Nowy folder\OTL.exe[552] C:\Windows\syswow64\ADVAPI32.dll!ControlServiceExW 0000000075fc3118 5 bytes JMP 00000001748339f1 .text C:\Users\Olka\Desktop\Nowy folder\OTL.exe[552] C:\Windows\syswow64\ADVAPI32.dll!CreateServiceA 0000000075fc3158 5 bytes JMP 0000000174833e71 .text C:\Users\Olka\Desktop\Nowy folder\OTL.exe[552] C:\Windows\syswow64\shell32.dll!Shell_NotifyIconW 0000000075350171 5 bytes JMP 0000000174834891 .text C:\Users\Olka\Desktop\Nowy folder\OTL.exe[552] C:\Windows\syswow64\PSAPI.dll!GetModuleInformation + 69 0000000077641465 2 bytes [64, 77] .text C:\Users\Olka\Desktop\Nowy folder\OTL.exe[552] C:\Windows\syswow64\PSAPI.dll!GetModuleInformation + 155 00000000776414bb 2 bytes [64, 77] .text ... * 2 .text C:\Users\Olka\Desktop\Nowy folder\OTL.exe[552] C:\Windows\SysWOW64\mscoree.dll!_CorExeMain 0000000073044ddb 5 bytes JMP 0000000074831711 .text C:\Users\Olka\Desktop\Nowy folder\OTL.exe[552] C:\Windows\SysWOW64\urlmon.dll!URLDownloadToFileW 0000000076cd1274 5 bytes JMP 0000000174832131 .text C:\Users\Olka\Desktop\Nowy folder\OTL.exe[552] C:\Windows\SysWOW64\urlmon.dll!URLDownloadToCacheFileW 0000000076cd9e3b 5 bytes JMP 0000000174833d51 .text C:\Users\Olka\Desktop\Nowy folder\OTL.exe[552] C:\Windows\SysWOW64\urlmon.dll!URLDownloadToFileA 0000000076d20cb4 5 bytes JMP 00000001748329a1 .text C:\Users\Olka\Desktop\Nowy folder\5q0v8tkz.exe[2592] C:\Windows\SysWOW64\ntdll.dll!NtReadFile 000000007768f8d0 5 bytes JMP 00000001748360c1 .text C:\Users\Olka\Desktop\Nowy folder\5q0v8tkz.exe[2592] C:\Windows\SysWOW64\ntdll.dll!NtWriteFile 000000007768f908 5 bytes JMP 00000001748366f1 .text C:\Users\Olka\Desktop\Nowy folder\5q0v8tkz.exe[2592] C:\Windows\SysWOW64\ntdll.dll!NtClose 000000007768f9c0 5 bytes JMP 0000000174835f11 .text C:\Users\Olka\Desktop\Nowy folder\5q0v8tkz.exe[2592] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationProcess 000000007768fb08 5 bytes JMP 0000000174835971 .text C:\Users\Olka\Desktop\Nowy folder\5q0v8tkz.exe[2592] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess 000000007768fc00 5 bytes JMP 0000000174833061 .text C:\Users\Olka\Desktop\Nowy folder\5q0v8tkz.exe[2592] C:\Windows\SysWOW64\ntdll.dll!NtMapViewOfSection 000000007768fc30 5 bytes JMP 00000001748315f1 .text C:\Users\Olka\Desktop\Nowy folder\5q0v8tkz.exe[2592] C:\Windows\SysWOW64\ntdll.dll!NtUnmapViewOfSection 000000007768fc60 5 bytes JMP 0000000174831681 .text C:\Users\Olka\Desktop\Nowy folder\5q0v8tkz.exe[2592] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 000000007768fc90 5 bytes JMP 00000001748358e1 .text C:\Users\Olka\Desktop\Nowy folder\5q0v8tkz.exe[2592] C:\Windows\SysWOW64\ntdll.dll!NtOpenSection 000000007768fda8 5 bytes JMP 0000000174836661 .text C:\Users\Olka\Desktop\Nowy folder\5q0v8tkz.exe[2592] C:\Windows\SysWOW64\ntdll.dll!NtWriteVirtualMemory 000000007768fdf4 5 bytes JMP 0000000174832f41 .text C:\Users\Olka\Desktop\Nowy folder\5q0v8tkz.exe[2592] C:\Windows\SysWOW64\ntdll.dll!NtDuplicateObject 000000007768fe24 5 bytes JMP 0000000174833181 .text C:\Users\Olka\Desktop\Nowy folder\5q0v8tkz.exe[2592] C:\Windows\SysWOW64\ntdll.dll!NtQueueApcThread 000000007768ff04 5 bytes JMP 00000001748330f1 .text C:\Users\Olka\Desktop\Nowy folder\5q0v8tkz.exe[2592] C:\Windows\SysWOW64\ntdll.dll!NtCreateSection 000000007768ff84 5 bytes JMP 0000000174836781 .text C:\Users\Olka\Desktop\Nowy folder\5q0v8tkz.exe[2592] C:\Windows\SysWOW64\ntdll.dll!NtCreateProcessEx 000000007768ffcc 5 bytes JMP 0000000174832d91 .text C:\Users\Olka\Desktop\Nowy folder\5q0v8tkz.exe[2592] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread 000000007768ffe4 5 bytes JMP 0000000174832c71 .text C:\Users\Olka\Desktop\Nowy folder\5q0v8tkz.exe[2592] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile 0000000077690094 5 bytes JMP 0000000174831e61 .text C:\Users\Olka\Desktop\Nowy folder\5q0v8tkz.exe[2592] C:\Windows\SysWOW64\ntdll.dll!NtSetValueKey 00000000776901a4 5 bytes JMP 0000000174832251 .text C:\Users\Olka\Desktop\Nowy folder\5q0v8tkz.exe[2592] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant 000000007769077c 5 bytes JMP 00000001748365d1 .text C:\Users\Olka\Desktop\Nowy folder\5q0v8tkz.exe[2592] C:\Windows\SysWOW64\ntdll.dll!NtCreateProcess 00000000776907f4 5 bytes JMP 0000000174832d01 .text C:\Users\Olka\Desktop\Nowy folder\5q0v8tkz.exe[2592] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx 0000000077690884 5 bytes JMP 0000000174832be1 .text C:\Users\Olka\Desktop\Nowy folder\5q0v8tkz.exe[2592] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver 0000000077690dd4 5 bytes JMP 0000000174835fa1 .text C:\Users\Olka\Desktop\Nowy folder\5q0v8tkz.exe[2592] C:\Windows\SysWOW64\ntdll.dll!NtRaiseHardError 00000000776915e4 5 bytes JMP 0000000174834651 .text C:\Users\Olka\Desktop\Nowy folder\5q0v8tkz.exe[2592] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread 0000000077691900 5 bytes JMP 0000000174832fd1 .text C:\Users\Olka\Desktop\Nowy folder\5q0v8tkz.exe[2592] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation 0000000077691bc4 5 bytes JMP 0000000174836031 .text C:\Users\Olka\Desktop\Nowy folder\5q0v8tkz.exe[2592] C:\Windows\SysWOW64\ntdll.dll!NtSystemDebugControl 0000000077691d6c 5 bytes JMP 0000000174836811 .text C:\Users\Olka\Desktop\Nowy folder\5q0v8tkz.exe[2592] C:\Windows\SysWOW64\ntdll.dll!NtVdmControl 0000000077691ec8 5 bytes JMP 0000000174836421 .text C:\Users\Olka\Desktop\Nowy folder\5q0v8tkz.exe[2592] C:\Windows\SysWOW64\ntdll.dll!RtlQueryPerformanceCounter 00000000776a88a4 5 bytes JMP 0000000174831a71 .text C:\Users\Olka\Desktop\Nowy folder\5q0v8tkz.exe[2592] C:\Windows\SysWOW64\ntdll.dll!RtlCreateProcessParametersEx 00000000776d0cfb 5 bytes JMP 0000000174831f81 .text C:\Users\Olka\Desktop\Nowy folder\5q0v8tkz.exe[2592] C:\Windows\SysWOW64\ntdll.dll!RtlReportException 000000007771857f 5 bytes JMP 00000001748346e1 .text C:\Users\Olka\Desktop\Nowy folder\5q0v8tkz.exe[2592] C:\Windows\SysWOW64\ntdll.dll!RtlCreateProcessParameters 000000007771e81b 5 bytes JMP 0000000174831ef1 .text C:\Users\Olka\Desktop\Nowy folder\5q0v8tkz.exe[2592] C:\Windows\syswow64\kernel32.dll!GetStartupInfoA 00000000751a0e00 5 bytes JMP 0000000174831d41 .text C:\Users\Olka\Desktop\Nowy folder\5q0v8tkz.exe[2592] C:\Windows\syswow64\kernel32.dll!CreateProcessA 00000000751a1072 5 bytes JMP 0000000174832911 .text C:\Users\Olka\Desktop\Nowy folder\5q0v8tkz.exe[2592] C:\Windows\syswow64\kernel32.dll!LoadLibraryA 00000000751a49bf 5 bytes JMP 0000000174832521 .text C:\Users\Olka\Desktop\Nowy folder\5q0v8tkz.exe[2592] C:\Windows\syswow64\kernel32.dll!CreateProcessInternalW 00000000751b3bdb 5 bytes JMP 0000000174832eb1 .text C:\Users\Olka\Desktop\Nowy folder\5q0v8tkz.exe[2592] C:\Windows\syswow64\kernel32.dll!CreateToolhelp32Snapshot 00000000751c7347 5 bytes JMP 0000000174832641 .text C:\Users\Olka\Desktop\Nowy folder\5q0v8tkz.exe[2592] C:\Windows\syswow64\kernel32.dll!Process32NextW 00000000751c8954 5 bytes JMP 0000000174835e81 .text C:\Users\Olka\Desktop\Nowy folder\5q0v8tkz.exe[2592] C:\Windows\syswow64\kernel32.dll!WinExec 0000000075222c91 5 bytes JMP 00000001748327f1 .text C:\Users\Olka\Desktop\Nowy folder\5q0v8tkz.exe[2592] C:\Windows\syswow64\kernel32.dll!ReadConsoleInputA 0000000075246f6b 5 bytes JMP 0000000174834261 .text C:\Users\Olka\Desktop\Nowy folder\5q0v8tkz.exe[2592] C:\Windows\syswow64\kernel32.dll!ReadConsoleInputW 0000000075246f8e 5 bytes JMP 0000000174834381 .text C:\Users\Olka\Desktop\Nowy folder\5q0v8tkz.exe[2592] C:\Windows\syswow64\kernel32.dll!ReadConsoleA 0000000075247339 5 bytes JMP 00000001748344a1 .text C:\Users\Olka\Desktop\Nowy folder\5q0v8tkz.exe[2592] C:\Windows\syswow64\kernel32.dll!ReadConsoleW 00000000752473b2 5 bytes JMP 00000001748345c1 .text C:\Users\Olka\Desktop\Nowy folder\5q0v8tkz.exe[2592] C:\Windows\syswow64\KERNELBASE.dll!GetSystemTimeAsFileTime 0000000076648f7d 5 bytes JMP 00000001748319e1 .text C:\Users\Olka\Desktop\Nowy folder\5q0v8tkz.exe[2592] C:\Windows\syswow64\KERNELBASE.dll!CloseHandle 000000007664c428 5 bytes JMP 00000001748337b1 .text C:\Users\Olka\Desktop\Nowy folder\5q0v8tkz.exe[2592] C:\Windows\syswow64\KERNELBASE.dll!WriteProcessMemory 000000007664ec98 5 bytes JMP 00000001748332a1 .text C:\Users\Olka\Desktop\Nowy folder\5q0v8tkz.exe[2592] C:\Windows\syswow64\KERNELBASE.dll!ExitProcess 000000007664f1f8 5 bytes JMP 00000001748322e1 .text C:\Users\Olka\Desktop\Nowy folder\5q0v8tkz.exe[2592] C:\Windows\syswow64\KERNELBASE.dll!GetStartupInfoW 000000007664fa7b 5 bytes JMP 0000000174831dd1 .text C:\Users\Olka\Desktop\Nowy folder\5q0v8tkz.exe[2592] C:\Windows\syswow64\KERNELBASE.dll!CreateMutexW 000000007665134a 5 bytes JMP 0000000174833721 .text C:\Users\Olka\Desktop\Nowy folder\5q0v8tkz.exe[2592] C:\Windows\syswow64\KERNELBASE.dll!OpenMutexW 0000000076651371 5 bytes JMP 0000000174833691 .text C:\Users\Olka\Desktop\Nowy folder\5q0v8tkz.exe[2592] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000076651d1b 5 bytes JMP 0000000174831951 .text C:\Users\Olka\Desktop\Nowy folder\5q0v8tkz.exe[2592] C:\Windows\syswow64\KERNELBASE.dll!GetProcAddress 0000000076651e07 5 bytes JMP 0000000174832401 .text C:\Users\Olka\Desktop\Nowy folder\5q0v8tkz.exe[2592] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000076652aa4 5 bytes JMP 0000000174835a91 .text C:\Users\Olka\Desktop\Nowy folder\5q0v8tkz.exe[2592] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExA 0000000076652ccc 5 bytes JMP 0000000174835a01 .text C:\Users\Olka\Desktop\Nowy folder\5q0v8tkz.exe[2592] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000076652d0a 5 bytes JMP 0000000174835b21 .text C:\Users\Olka\Desktop\Nowy folder\5q0v8tkz.exe[2592] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleA 0000000076652e6d 5 bytes JMP 00000001748318c1 .text C:\Users\Olka\Desktop\Nowy folder\5q0v8tkz.exe[2592] C:\Windows\syswow64\KERNELBASE.dll!SleepEx 0000000076653b63 5 bytes JMP 00000001748321c1 .text C:\Users\Olka\Desktop\Nowy folder\5q0v8tkz.exe[2592] C:\Windows\syswow64\KERNELBASE.dll!Sleep 0000000076654489 5 bytes JMP 0000000174832371 .text C:\Users\Olka\Desktop\Nowy folder\5q0v8tkz.exe[2592] C:\Windows\syswow64\KERNELBASE.dll!CreateThread 00000000766545fb 5 bytes JMP 0000000174833211 .text C:\Users\Olka\Desktop\Nowy folder\5q0v8tkz.exe[2592] C:\Windows\syswow64\KERNELBASE.dll!CreateRemoteThread 0000000076654624 5 bytes JMP 0000000174832b51 .text C:\Users\Olka\Desktop\Nowy folder\5q0v8tkz.exe[2592] C:\Windows\syswow64\KERNELBASE.dll!CreateFileA 000000007665c72c 5 bytes JMP 00000001748326d1 .text C:\Users\Olka\Desktop\Nowy folder\5q0v8tkz.exe[2592] C:\Windows\syswow64\ADVAPI32.dll!OpenServiceW 0000000075f8ca4c 5 bytes JMP 00000001748338d1 .text C:\Users\Olka\Desktop\Nowy folder\5q0v8tkz.exe[2592] C:\Windows\syswow64\ADVAPI32.dll!OpenServiceA 0000000075f92bf0 5 bytes JMP 0000000174833841 .text C:\Users\Olka\Desktop\Nowy folder\5q0v8tkz.exe[2592] C:\Windows\syswow64\ADVAPI32.dll!CloseServiceHandle 0000000075f9369c 5 bytes JMP 0000000174833cc1 .text C:\Users\Olka\Desktop\Nowy folder\5q0v8tkz.exe[2592] C:\Windows\syswow64\ADVAPI32.dll!RegOpenKeyExA + 222 0000000075f949e5 5 bytes JMP 00000001748368a1 .text C:\Users\Olka\Desktop\Nowy folder\5q0v8tkz.exe[2592] C:\Windows\syswow64\ADVAPI32.dll!CreateServiceW 0000000075fa712c 5 bytes JMP 0000000174833f01 .text C:\Users\Olka\Desktop\Nowy folder\5q0v8tkz.exe[2592] C:\Windows\syswow64\ADVAPI32.dll!ControlService 0000000075fa7144 5 bytes JMP 0000000174833a81 .text C:\Users\Olka\Desktop\Nowy folder\5q0v8tkz.exe[2592] C:\Windows\syswow64\ADVAPI32.dll!DeleteService 0000000075fa715c 5 bytes JMP 0000000174833b11 .text C:\Users\Olka\Desktop\Nowy folder\5q0v8tkz.exe[2592] C:\Windows\syswow64\ADVAPI32.dll!ChangeServiceConfigA 0000000075fc30e8 5 bytes JMP 0000000174833ba1 .text C:\Users\Olka\Desktop\Nowy folder\5q0v8tkz.exe[2592] C:\Windows\syswow64\ADVAPI32.dll!ChangeServiceConfigW 0000000075fc30f8 5 bytes JMP 0000000174833c31 .text C:\Users\Olka\Desktop\Nowy folder\5q0v8tkz.exe[2592] C:\Windows\syswow64\ADVAPI32.dll!ControlServiceExA 0000000075fc3108 5 bytes JMP 0000000174833961 .text C:\Users\Olka\Desktop\Nowy folder\5q0v8tkz.exe[2592] C:\Windows\syswow64\ADVAPI32.dll!ControlServiceExW 0000000075fc3118 5 bytes JMP 00000001748339f1 .text C:\Users\Olka\Desktop\Nowy folder\5q0v8tkz.exe[2592] C:\Windows\syswow64\ADVAPI32.dll!CreateServiceA 0000000075fc3158 5 bytes JMP 0000000174833e71 .text C:\Users\Olka\Desktop\Nowy folder\5q0v8tkz.exe[2592] C:\Windows\syswow64\msvcrt.dll!_lock + 41 000000007508a472 5 bytes JMP 0000000174836931 .text C:\Users\Olka\Desktop\Nowy folder\5q0v8tkz.exe[2592] C:\Windows\syswow64\msvcrt.dll!__p__fmode 00000000750927ce 5 bytes JMP 0000000174831b91 .text C:\Users\Olka\Desktop\Nowy folder\5q0v8tkz.exe[2592] C:\Windows\syswow64\msvcrt.dll!__p__environ 000000007509e6cf 5 bytes JMP 0000000174831b01 .text C:\Users\Olka\Desktop\Nowy folder\5q0v8tkz.exe[2592] C:\Windows\syswow64\USER32.dll!GetMessageW 0000000074dc78e2 5 bytes JMP 0000000174834021 .text C:\Users\Olka\Desktop\Nowy folder\5q0v8tkz.exe[2592] C:\Windows\syswow64\USER32.dll!GetMessageA 0000000074dc7bd3 5 bytes JMP 0000000174833f91 .text C:\Users\Olka\Desktop\Nowy folder\5q0v8tkz.exe[2592] C:\Windows\syswow64\USER32.dll!CreateWindowExW 0000000074dc8a29 5 bytes JMP 00000001748352b1 .text C:\Users\Olka\Desktop\Nowy folder\5q0v8tkz.exe[2592] C:\Windows\syswow64\USER32.dll!FindWindowW 0000000074dc98fd 5 bytes JMP 0000000174835cd1 .text C:\Users\Olka\Desktop\Nowy folder\5q0v8tkz.exe[2592] C:\Windows\syswow64\USER32.dll!UserClientDllInitialize 0000000074dcb6ed 5 bytes JMP 00000001748369c1 .text C:\Users\Olka\Desktop\Nowy folder\5q0v8tkz.exe[2592] C:\Windows\syswow64\USER32.dll!CreateWindowExA 0000000074dcd22e 5 bytes JMP 0000000174835341 .text C:\Users\Olka\Desktop\Nowy folder\5q0v8tkz.exe[2592] C:\Windows\syswow64\USER32.dll!FindWindowA 0000000074dcffe6 5 bytes JMP 0000000174835bb1 .text C:\Users\Olka\Desktop\Nowy folder\5q0v8tkz.exe[2592] C:\Windows\syswow64\USER32.dll!FindWindowExA 0000000074dd00d9 5 bytes JMP 0000000174835c41 .text C:\Users\Olka\Desktop\Nowy folder\5q0v8tkz.exe[2592] C:\Windows\syswow64\USER32.dll!PeekMessageW 0000000074dd05ba 5 bytes JMP 0000000174834141 .text C:\Users\Olka\Desktop\Nowy folder\5q0v8tkz.exe[2592] C:\Windows\syswow64\USER32.dll!ShowWindow 0000000074dd0dfb 5 bytes JMP 00000001748353d1 .text C:\Users\Olka\Desktop\Nowy folder\5q0v8tkz.exe[2592] C:\Windows\syswow64\USER32.dll!PostMessageW 0000000074dd12a5 5 bytes JMP 0000000174836541 .text C:\Users\Olka\Desktop\Nowy folder\5q0v8tkz.exe[2592] C:\Windows\syswow64\USER32.dll!SetWindowTextW 0000000074dd20ec 5 bytes JMP 0000000174835731 .text C:\Users\Olka\Desktop\Nowy folder\5q0v8tkz.exe[2592] C:\Windows\syswow64\USER32.dll!PostMessageA 0000000074dd3baa 5 bytes JMP 00000001748364b1 .text C:\Users\Olka\Desktop\Nowy folder\5q0v8tkz.exe[2592] C:\Windows\syswow64\USER32.dll!PeekMessageA 0000000074dd5f74 5 bytes JMP 00000001748340b1 .text C:\Users\Olka\Desktop\Nowy folder\5q0v8tkz.exe[2592] C:\Windows\syswow64\USER32.dll!CallNextHookEx 0000000074dd6285 5 bytes JMP 0000000174834771 .text C:\Users\Olka\Desktop\Nowy folder\5q0v8tkz.exe[2592] C:\Windows\syswow64\USER32.dll!SetWindowsHookExW 0000000074dd7603 5 bytes JMP 0000000174832ac1 .text C:\Users\Olka\Desktop\Nowy folder\5q0v8tkz.exe[2592] C:\Windows\syswow64\USER32.dll!SetWindowTextA 0000000074dd7aee 5 bytes JMP 00000001748356a1 .text C:\Users\Olka\Desktop\Nowy folder\5q0v8tkz.exe[2592] C:\Windows\syswow64\USER32.dll!SetWindowsHookExA 0000000074dd835c 5 bytes JMP 0000000174832a31 .text C:\Users\Olka\Desktop\Nowy folder\5q0v8tkz.exe[2592] C:\Windows\syswow64\USER32.dll!DialogBoxIndirectParamAorW 0000000074dece54 5 bytes JMP 00000001748354f1 .text C:\Users\Olka\Desktop\Nowy folder\5q0v8tkz.exe[2592] C:\Windows\syswow64\USER32.dll!UnhookWindowsHookEx 0000000074def52b 5 bytes JMP 0000000174834801 .text C:\Users\Olka\Desktop\Nowy folder\5q0v8tkz.exe[2592] C:\Windows\syswow64\USER32.dll!FindWindowExW 0000000074def588 5 bytes JMP 0000000174835d61 .text C:\Users\Olka\Desktop\Nowy folder\5q0v8tkz.exe[2592] C:\Windows\syswow64\USER32.dll!CreateDialogIndirectParamAorW 0000000074df10a0 5 bytes JMP 0000000174835461 .text C:\Users\Olka\Desktop\Nowy folder\5q0v8tkz.exe[2592] C:\Windows\syswow64\USER32.dll!MessageBoxExA 0000000074e1fcd6 5 bytes JMP 0000000174835581 .text C:\Users\Olka\Desktop\Nowy folder\5q0v8tkz.exe[2592] C:\Windows\syswow64\USER32.dll!MessageBoxExW 0000000074e1fcfa 5 bytes JMP 0000000174835611 ---- Registry - GMER 2.1 ---- Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager@PendingFileRenameOperations ????i ???????????????5??????BE??.NTAMD64?3???????????????8??????? ???????T?????????????,????????????&???????????????????????? ?????????????????????,??2?????????v?????????????????????????????????????????????????????????????????????4??????????????????????????????????????????????????????????????.???i?l?t?|?|?|?|???|??????????????????????? ?????????????????????,??????????????????????????e?????? ???????n?????o???????,????????8????????d??????????????????????????????????????6.1.7601.17514?0.1???????o???????????????????????????????????3??????????????????????????????????????? ???????T?????????????,??r?????????&????????????????????~??? ?????????????????????,????????????9???????????????????????????????????acpi.inf_amd64_neutral_2a841284c9de8962?????????????? ?????????????????????,????????t?????#?????mshdc.inf:MS_HDC.NTamd64:pciide_Inst:6.1.7601.17514:pci\cc_0101?????????????????????????#???? ???????U???????????@?,????????4???D???????????????????????????????????? ??FAT12/16/32 File System Driver??????????????????????? ? ---- Files - GMER 2.1 ---- File C:\Windows\Temp\~bd40BB.tmp 0 bytes ---- EOF - GMER 2.1 ----