GMER 2.1.19163 - http://www.gmer.net Rootkit scan 2013-07-02 12:10:09 Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 OCZ-VERTEX4 rev.1.5 119,24GB Running: pedmbxm7.exe; Driver: C:\Users\RK\AppData\Local\Temp\pftiipoc.sys ---- User code sections - GMER 2.1 ---- .text C:\Windows\system32\atiesrxx.exe[1196] C:\Windows\system32\kernel32.dll!Process32NextW + 1 00000000770720f1 11 bytes [B8, B9, CE, C1, 75, 00, 00, ...] .text C:\Windows\system32\atiesrxx.exe[1196] C:\Windows\system32\kernel32.dll!CreateToolhelp32Snapshot 00000000770721e0 12 bytes [48, B8, F9, 39, C1, 75, 00, ...] .text C:\Windows\system32\atiesrxx.exe[1196] C:\Windows\system32\kernel32.dll!CreateProcessInternalW 000000007708e750 12 bytes [48, B8, B9, 2D, C1, 75, 00, ...] .text C:\Windows\system32\atiesrxx.exe[1196] C:\Windows\system32\kernel32.dll!GetStartupInfoA + 1 0000000077091e31 11 bytes [B8, 39, E0, C1, 75, 00, 00, ...] .text C:\Windows\system32\atiesrxx.exe[1196] C:\Windows\system32\kernel32.dll!ReadConsoleInputW + 1 00000000770c5011 11 bytes [B8, 79, 75, C1, 75, 00, 00, ...] .text C:\Windows\system32\atiesrxx.exe[1196] C:\Windows\system32\kernel32.dll!ReadConsoleInputA + 1 00000000770c5031 11 bytes [B8, F9, 71, C1, 75, 00, 00, ...] .text C:\Windows\system32\atiesrxx.exe[1196] C:\Windows\system32\kernel32.dll!ReadConsoleW 00000000770da560 12 bytes [48, B8, 79, 7C, C1, 75, 00, ...] .text C:\Windows\system32\atiesrxx.exe[1196] C:\Windows\system32\kernel32.dll!ReadConsoleA 00000000770da670 12 bytes [48, B8, F9, 78, C1, 75, 00, ...] .text C:\Windows\system32\atiesrxx.exe[1196] C:\Windows\system32\KERNELBASE.dll!CloseHandle + 1 000007fefd441861 11 bytes [B8, 39, 4D, C1, 75, 00, 00, ...] .text C:\Windows\system32\atiesrxx.exe[1196] C:\Windows\system32\KERNELBASE.dll!GetProcAddress + 1 000007fefd4430f1 11 bytes [B8, 39, C4, C1, 75, 00, 00, ...] .text C:\Windows\system32\atiesrxx.exe[1196] C:\Windows\system32\KERNELBASE.dll!CreateMutexW 000007fefd448b80 12 bytes [48, B8, 79, 4B, C1, 75, 00, ...] .text C:\Windows\system32\atiesrxx.exe[1196] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd449940 12 bytes [48, B8, B9, C0, C1, 75, 00, ...] .text C:\Windows\system32\atiesrxx.exe[1196] C:\Windows\system32\KERNELBASE.dll!FreeLibrary + 1 000007fefd449fb1 11 bytes [B8, 79, C2, C1, 75, 00, 00, ...] .text C:\Windows\system32\atiesrxx.exe[1196] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExA + 1 000007fefd44bbb1 11 bytes [B8, F9, BE, C1, 75, 00, 00, ...] .text C:\Windows\system32\atiesrxx.exe[1196] C:\Windows\system32\KERNELBASE.dll!OpenMutexW + 1 000007fefd4529c1 11 bytes [B8, B9, 49, C1, 75, 00, 00, ...] .text C:\Windows\system32\atiesrxx.exe[1196] C:\Windows\system32\KERNELBASE.dll!WriteProcessMemory 000007fefd474320 12 bytes [48, B8, 79, 3D, C1, 75, 00, ...] .text C:\Windows\system32\atiesrxx.exe[1196] C:\Windows\system32\KERNELBASE.dll!CreateRemoteThread + 1 000007fefd482841 8 bytes [B8, 39, 23, C1, 75, 00, 00, ...] .text C:\Windows\system32\atiesrxx.exe[1196] C:\Windows\system32\KERNELBASE.dll!CreateRemoteThread + 10 000007fefd48284a 2 bytes [50, C3] .text C:\Windows\system32\atiesrxx.exe[1196] C:\Windows\system32\KERNELBASE.dll!CreateThread + 1 000007fefd482881 11 bytes [B8, B9, 3B, C1, 75, 00, 00, ...] .text C:\Windows\System32\svchost.exe[1272] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateProcessParametersEx + 1 00000000771c92a1 5 bytes [B8, F9, 63, C1, 75] .text C:\Windows\System32\svchost.exe[1272] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateProcessParametersEx + 7 00000000771c92a7 5 bytes [00, 00, 00, 50, C3] .text C:\Windows\System32\svchost.exe[1272] C:\Windows\SYSTEM32\ntdll.dll!NtWriteFile 00000000771e1390 6 bytes [48, B8, 39, E7, C1, 75] .text C:\Windows\System32\svchost.exe[1272] C:\Windows\SYSTEM32\ntdll.dll!NtWriteFile + 8 00000000771e1398 4 bytes [00, 00, 50, C3] .text C:\Windows\System32\svchost.exe[1272] C:\Windows\SYSTEM32\ntdll.dll!NtClose 00000000771e1400 6 bytes [48, B8, 79, D0, C1, 75] .text C:\Windows\System32\svchost.exe[1272] C:\Windows\SYSTEM32\ntdll.dll!NtClose + 8 00000000771e1408 4 bytes [00, 00, 50, C3] .text C:\Windows\System32\svchost.exe[1272] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess 00000000771e14d0 6 bytes [48, B8, 39, BD, C1, 75] .text C:\Windows\System32\svchost.exe[1272] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess + 8 00000000771e14d8 4 bytes [00, 00, 50, C3] .text C:\Windows\System32\svchost.exe[1272] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000771e1570 6 bytes [48, B8, F9, 32, C1, 75] .text C:\Windows\System32\svchost.exe[1272] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess + 8 00000000771e1578 4 bytes [00, 00, 50, C3] .text C:\Windows\System32\svchost.exe[1272] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 00000000771e1590 6 bytes [48, B8, 39, 1C, C1, 75] .text C:\Windows\System32\svchost.exe[1272] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection + 8 00000000771e1598 4 bytes [00, 00, 50, C3] .text C:\Windows\System32\svchost.exe[1272] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection 00000000771e15b0 6 bytes [48, B8, F9, 1D, C1, 75] .text C:\Windows\System32\svchost.exe[1272] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection + 8 00000000771e15b8 4 bytes [00, 00, 50, C3] .text C:\Windows\System32\svchost.exe[1272] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000771e15d0 6 bytes [48, B8, 79, BB, C1, 75] .text C:\Windows\System32\svchost.exe[1272] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess + 8 00000000771e15d8 4 bytes [00, 00, 50, C3] .text C:\Windows\System32\svchost.exe[1272] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000771e1680 6 bytes [48, B8, B9, E3, C1, 75] .text C:\Windows\System32\svchost.exe[1272] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection + 8 00000000771e1688 4 bytes [00, 00, 50, C3] .text C:\Windows\System32\svchost.exe[1272] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000771e16b0 6 bytes [48, B8, 79, 2F, C1, 75] .text C:\Windows\System32\svchost.exe[1272] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory + 8 00000000771e16b8 4 bytes [00, 00, 50, C3] .text C:\Windows\System32\svchost.exe[1272] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000771e16d0 6 bytes [48, B8, 79, 36, C1, 75] .text C:\Windows\System32\svchost.exe[1272] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject + 8 00000000771e16d8 4 bytes [00, 00, 50, C3] .text C:\Windows\System32\svchost.exe[1272] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 00000000771e1760 6 bytes [48, B8, B9, 34, C1, 75] .text C:\Windows\System32\svchost.exe[1272] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread + 8 00000000771e1768 4 bytes [00, 00, 50, C3] .text C:\Windows\System32\svchost.exe[1272] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000771e17b0 6 bytes [48, B8, F9, E8, C1, 75] .text C:\Windows\System32\svchost.exe[1272] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection + 8 00000000771e17b8 4 bytes [00, 00, 50, C3] .text C:\Windows\System32\svchost.exe[1272] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcessEx 00000000771e17e0 6 bytes [48, B8, 39, 2A, C1, 75] .text C:\Windows\System32\svchost.exe[1272] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcessEx + 8 00000000771e17e8 4 bytes [00, 00, 50, C3] .text C:\Windows\System32\svchost.exe[1272] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000771e17f0 6 bytes [48, B8, B9, 26, C1, 75] .text C:\Windows\System32\svchost.exe[1272] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread + 8 00000000771e17f8 4 bytes [00, 00, 50, C3] .text C:\Windows\System32\svchost.exe[1272] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 00000000771e1860 6 bytes [48, B8, 79, E5, C1, 75] .text C:\Windows\System32\svchost.exe[1272] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile + 8 00000000771e1868 4 bytes [00, 00, 50, C3] .text C:\Windows\System32\svchost.exe[1272] C:\Windows\SYSTEM32\ntdll.dll!NtSetValueKey 00000000771e1910 6 bytes [48, B8, 79, EC, C1, 75] .text C:\Windows\System32\svchost.exe[1272] C:\Windows\SYSTEM32\ntdll.dll!NtSetValueKey + 8 00000000771e1918 4 bytes [00, 00, 50, C3] .text C:\Windows\System32\svchost.exe[1272] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000771e1ce0 6 bytes [48, B8, F9, E1, C1, 75] .text C:\Windows\System32\svchost.exe[1272] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant + 8 00000000771e1ce8 4 bytes [00, 00, 50, C3] .text C:\Windows\System32\svchost.exe[1272] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcess 00000000771e1d30 6 bytes [48, B8, 79, 28, C1, 75] .text C:\Windows\System32\svchost.exe[1272] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcess + 8 00000000771e1d38 4 bytes [00, 00, 50, C3] .text C:\Windows\System32\svchost.exe[1272] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000771e1d90 6 bytes [48, B8, F9, 24, C1, 75] .text C:\Windows\System32\svchost.exe[1272] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx + 8 00000000771e1d98 4 bytes [00, 00, 50, C3] .text C:\Windows\System32\svchost.exe[1272] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000771e2100 6 bytes [48, B8, 39, D2, C1, 75] .text C:\Windows\System32\svchost.exe[1272] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver + 8 00000000771e2108 4 bytes [00, 00, 50, C3] .text C:\Windows\System32\svchost.exe[1272] C:\Windows\SYSTEM32\ntdll.dll!NtRaiseHardError 00000000771e2640 6 bytes [48, B8, 39, 7E, C1, 75] .text C:\Windows\System32\svchost.exe[1272] C:\Windows\SYSTEM32\ntdll.dll!NtRaiseHardError + 8 00000000771e2648 4 bytes [00, 00, 50, C3] .text C:\Windows\System32\svchost.exe[1272] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000771e2840 6 bytes [48, B8, 39, 31, C1, 75] .text C:\Windows\System32\svchost.exe[1272] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread + 8 00000000771e2848 4 bytes [00, 00, 50, C3] .text C:\Windows\System32\svchost.exe[1272] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000771e2a00 6 bytes [48, B8, F9, D3, C1, 75] .text C:\Windows\System32\svchost.exe[1272] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation + 8 00000000771e2a08 4 bytes [00, 00, 50, C3] .text C:\Windows\System32\svchost.exe[1272] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000771e2b00 6 bytes [48, B8, B9, EA, C1, 75] .text C:\Windows\System32\svchost.exe[1272] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl + 8 00000000771e2b08 4 bytes [00, 00, 50, C3] .text C:\Windows\System32\svchost.exe[1272] C:\Windows\SYSTEM32\ntdll.dll!RtlReportException + 1 00000000772531f1 11 bytes [B8, F9, 7F, C1, 75, 00, 00, ...] .text C:\Windows\System32\svchost.exe[1272] C:\Windows\system32\kernel32.dll!Process32NextW + 1 00000000770720f1 11 bytes [B8, B9, CE, C1, 75, 00, 00, ...] .text C:\Windows\System32\svchost.exe[1272] C:\Windows\system32\kernel32.dll!CreateToolhelp32Snapshot 00000000770721e0 12 bytes [48, B8, F9, 39, C1, 75, 00, ...] .text C:\Windows\System32\svchost.exe[1272] C:\Windows\system32\kernel32.dll!CreateProcessInternalW 000000007708e750 12 bytes [48, B8, B9, 2D, C1, 75, 00, ...] .text C:\Windows\System32\svchost.exe[1272] C:\Windows\system32\kernel32.dll!GetStartupInfoA + 1 0000000077091e31 11 bytes [B8, 39, E0, C1, 75, 00, 00, ...] .text C:\Windows\System32\svchost.exe[1272] C:\Windows\system32\kernel32.dll!ReadConsoleInputW + 1 00000000770c5011 11 bytes [B8, 79, 75, C1, 75, 00, 00, ...] .text C:\Windows\System32\svchost.exe[1272] C:\Windows\system32\kernel32.dll!ReadConsoleInputA + 1 00000000770c5031 11 bytes [B8, F9, 71, C1, 75, 00, 00, ...] .text C:\Windows\System32\svchost.exe[1272] C:\Windows\system32\kernel32.dll!ReadConsoleW 00000000770da560 12 bytes [48, B8, 79, 7C, C1, 75, 00, ...] .text C:\Windows\System32\svchost.exe[1272] C:\Windows\system32\kernel32.dll!ReadConsoleA 00000000770da670 12 bytes [48, B8, F9, 78, C1, 75, 00, ...] .text C:\Windows\System32\svchost.exe[1272] C:\Windows\system32\KERNELBASE.dll!CloseHandle + 1 000007fefd441861 11 bytes [B8, 39, 4D, C1, 75, 00, 00, ...] .text C:\Windows\System32\svchost.exe[1272] C:\Windows\system32\KERNELBASE.dll!GetProcAddress + 1 000007fefd4430f1 11 bytes [B8, 39, C4, C1, 75, 00, 00, ...] .text C:\Windows\System32\svchost.exe[1272] C:\Windows\system32\KERNELBASE.dll!CreateMutexW 000007fefd448b80 12 bytes [48, B8, 79, 4B, C1, 75, 00, ...] .text C:\Windows\System32\svchost.exe[1272] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd449940 12 bytes [48, B8, B9, C0, C1, 75, 00, ...] .text C:\Windows\System32\svchost.exe[1272] C:\Windows\system32\KERNELBASE.dll!FreeLibrary + 1 000007fefd449fb1 11 bytes [B8, 79, C2, C1, 75, 00, 00, ...] .text C:\Windows\System32\svchost.exe[1272] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExA + 1 000007fefd44bbb1 11 bytes [B8, F9, BE, C1, 75, 00, 00, ...] .text C:\Windows\System32\svchost.exe[1272] C:\Windows\system32\KERNELBASE.dll!OpenMutexW + 1 000007fefd4529c1 11 bytes [B8, B9, 49, C1, 75, 00, 00, ...] .text C:\Windows\System32\svchost.exe[1272] C:\Windows\system32\KERNELBASE.dll!WriteProcessMemory 000007fefd474320 12 bytes [48, B8, 79, 3D, C1, 75, 00, ...] .text C:\Windows\System32\svchost.exe[1272] C:\Windows\system32\KERNELBASE.dll!CreateRemoteThread + 1 000007fefd482841 8 bytes [B8, 39, 23, C1, 75, 00, 00, ...] .text C:\Windows\System32\svchost.exe[1272] C:\Windows\system32\KERNELBASE.dll!CreateRemoteThread + 10 000007fefd48284a 2 bytes [50, C3] .text C:\Windows\System32\svchost.exe[1272] C:\Windows\system32\KERNELBASE.dll!CreateThread + 1 000007fefd482881 11 bytes [B8, B9, 3B, C1, 75, 00, 00, ...] .text C:\Windows\System32\svchost.exe[1272] C:\Windows\system32\WS2_32.dll!WSASend + 1 000007fefe5a13b1 11 bytes [B8, B9, B9, C1, 75, 00, 00, ...] .text C:\Windows\System32\svchost.exe[1272] C:\Windows\system32\WS2_32.dll!closesocket 000007fefe5a18e0 12 bytes [48, B8, F9, B7, C1, 75, 00, ...] .text C:\Windows\System32\svchost.exe[1272] C:\Windows\system32\WS2_32.dll!WSASocketW + 1 000007fefe5a1bd1 11 bytes [B8, 39, B6, C1, 75, 00, 00, ...] .text C:\Windows\System32\svchost.exe[1272] C:\Windows\system32\WS2_32.dll!WSARecv + 1 000007fefe5a2201 11 bytes [B8, B9, DC, C1, 75, 00, 00, ...] .text C:\Windows\System32\svchost.exe[1272] C:\Windows\system32\WS2_32.dll!GetAddrInfoW 000007fefe5a23c0 12 bytes [48, B8, 39, A1, C1, 75, 00, ...] .text C:\Windows\System32\svchost.exe[1272] C:\Windows\system32\WS2_32.dll!connect 000007fefe5a45c0 12 bytes [48, B8, 39, 62, C1, 75, 00, ...] .text C:\Windows\System32\svchost.exe[1272] C:\Windows\system32\WS2_32.dll!send + 1 000007fefe5a8001 11 bytes [B8, 79, B4, C1, 75, 00, 00, ...] .text C:\Windows\System32\svchost.exe[1272] C:\Windows\system32\WS2_32.dll!gethostbyname 000007fefe5a8df0 7 bytes [48, B8, F9, A2, C1, 75, 00] .text C:\Windows\System32\svchost.exe[1272] C:\Windows\system32\WS2_32.dll!gethostbyname + 9 000007fefe5a8df9 3 bytes [00, 50, C3] .text C:\Windows\System32\svchost.exe[1272] C:\Windows\system32\WS2_32.dll!socket + 1 000007fefe5ade91 11 bytes [B8, B9, D5, C1, 75, 00, 00, ...] .text C:\Windows\System32\svchost.exe[1272] C:\Windows\system32\WS2_32.dll!recv + 1 000007fefe5adf41 11 bytes [B8, F9, DA, C1, 75, 00, 00, ...] .text C:\Windows\System32\svchost.exe[1272] C:\Windows\system32\WS2_32.dll!WSAConnect + 1 000007fefe5ce0f1 11 bytes [B8, 39, D9, C1, 75, 00, 00, ...] .text C:\Windows\System32\svchost.exe[1316] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateProcessParametersEx + 1 00000000771c92a1 5 bytes [B8, F9, 63, C1, 75] .text C:\Windows\System32\svchost.exe[1316] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateProcessParametersEx + 7 00000000771c92a7 5 bytes [00, 00, 00, 50, C3] .text C:\Windows\System32\svchost.exe[1316] C:\Windows\SYSTEM32\ntdll.dll!NtWriteFile 00000000771e1390 6 bytes [48, B8, 39, E7, C1, 75] .text C:\Windows\System32\svchost.exe[1316] C:\Windows\SYSTEM32\ntdll.dll!NtWriteFile + 8 00000000771e1398 4 bytes [00, 00, 50, C3] .text C:\Windows\System32\svchost.exe[1316] C:\Windows\SYSTEM32\ntdll.dll!NtClose 00000000771e1400 6 bytes [48, B8, 79, D0, C1, 75] .text C:\Windows\System32\svchost.exe[1316] C:\Windows\SYSTEM32\ntdll.dll!NtClose + 8 00000000771e1408 4 bytes [00, 00, 50, C3] .text C:\Windows\System32\svchost.exe[1316] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess 00000000771e14d0 6 bytes [48, B8, 39, BD, C1, 75] .text C:\Windows\System32\svchost.exe[1316] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess + 8 00000000771e14d8 4 bytes [00, 00, 50, C3] .text C:\Windows\System32\svchost.exe[1316] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000771e1570 6 bytes [48, B8, F9, 32, C1, 75] .text C:\Windows\System32\svchost.exe[1316] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess + 8 00000000771e1578 4 bytes [00, 00, 50, C3] .text C:\Windows\System32\svchost.exe[1316] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 00000000771e1590 6 bytes [48, B8, 39, 1C, C1, 75] .text C:\Windows\System32\svchost.exe[1316] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection + 8 00000000771e1598 4 bytes [00, 00, 50, C3] .text C:\Windows\System32\svchost.exe[1316] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection 00000000771e15b0 6 bytes [48, B8, F9, 1D, C1, 75] .text C:\Windows\System32\svchost.exe[1316] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection + 8 00000000771e15b8 4 bytes [00, 00, 50, C3] .text C:\Windows\System32\svchost.exe[1316] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000771e15d0 6 bytes [48, B8, 79, BB, C1, 75] .text C:\Windows\System32\svchost.exe[1316] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess + 8 00000000771e15d8 4 bytes [00, 00, 50, C3] .text C:\Windows\System32\svchost.exe[1316] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000771e1680 6 bytes [48, B8, B9, E3, C1, 75] .text C:\Windows\System32\svchost.exe[1316] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection + 8 00000000771e1688 4 bytes [00, 00, 50, C3] .text C:\Windows\System32\svchost.exe[1316] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000771e16b0 6 bytes [48, B8, 79, 2F, C1, 75] .text C:\Windows\System32\svchost.exe[1316] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory + 8 00000000771e16b8 4 bytes [00, 00, 50, C3] .text C:\Windows\System32\svchost.exe[1316] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000771e16d0 6 bytes [48, B8, 79, 36, C1, 75] .text C:\Windows\System32\svchost.exe[1316] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject + 8 00000000771e16d8 4 bytes [00, 00, 50, C3] .text C:\Windows\System32\svchost.exe[1316] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 00000000771e1760 6 bytes [48, B8, B9, 34, C1, 75] .text C:\Windows\System32\svchost.exe[1316] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread + 8 00000000771e1768 4 bytes [00, 00, 50, C3] .text C:\Windows\System32\svchost.exe[1316] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000771e17b0 6 bytes [48, B8, F9, E8, C1, 75] .text C:\Windows\System32\svchost.exe[1316] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection + 8 00000000771e17b8 4 bytes [00, 00, 50, C3] .text C:\Windows\System32\svchost.exe[1316] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcessEx 00000000771e17e0 6 bytes [48, B8, 39, 2A, C1, 75] .text C:\Windows\System32\svchost.exe[1316] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcessEx + 8 00000000771e17e8 4 bytes [00, 00, 50, C3] .text C:\Windows\System32\svchost.exe[1316] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000771e17f0 6 bytes [48, B8, B9, 26, C1, 75] .text C:\Windows\System32\svchost.exe[1316] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread + 8 00000000771e17f8 4 bytes [00, 00, 50, C3] .text C:\Windows\System32\svchost.exe[1316] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 00000000771e1860 6 bytes [48, B8, 79, E5, C1, 75] .text C:\Windows\System32\svchost.exe[1316] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile + 8 00000000771e1868 4 bytes [00, 00, 50, C3] .text C:\Windows\System32\svchost.exe[1316] C:\Windows\SYSTEM32\ntdll.dll!NtSetValueKey 00000000771e1910 6 bytes [48, B8, 79, EC, C1, 75] .text C:\Windows\System32\svchost.exe[1316] C:\Windows\SYSTEM32\ntdll.dll!NtSetValueKey + 8 00000000771e1918 4 bytes [00, 00, 50, C3] .text C:\Windows\System32\svchost.exe[1316] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000771e1ce0 6 bytes [48, B8, F9, E1, C1, 75] .text C:\Windows\System32\svchost.exe[1316] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant + 8 00000000771e1ce8 4 bytes [00, 00, 50, C3] .text C:\Windows\System32\svchost.exe[1316] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcess 00000000771e1d30 6 bytes [48, B8, 79, 28, C1, 75] .text C:\Windows\System32\svchost.exe[1316] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcess + 8 00000000771e1d38 4 bytes [00, 00, 50, C3] .text C:\Windows\System32\svchost.exe[1316] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000771e1d90 6 bytes [48, B8, F9, 24, C1, 75] .text C:\Windows\System32\svchost.exe[1316] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx + 8 00000000771e1d98 4 bytes [00, 00, 50, C3] .text C:\Windows\System32\svchost.exe[1316] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000771e2100 6 bytes [48, B8, 39, D2, C1, 75] .text C:\Windows\System32\svchost.exe[1316] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver + 8 00000000771e2108 4 bytes [00, 00, 50, C3] .text C:\Windows\System32\svchost.exe[1316] C:\Windows\SYSTEM32\ntdll.dll!NtRaiseHardError 00000000771e2640 6 bytes [48, B8, 39, 7E, C1, 75] .text C:\Windows\System32\svchost.exe[1316] C:\Windows\SYSTEM32\ntdll.dll!NtRaiseHardError + 8 00000000771e2648 4 bytes [00, 00, 50, C3] .text C:\Windows\System32\svchost.exe[1316] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000771e2840 6 bytes [48, B8, 39, 31, C1, 75] .text C:\Windows\System32\svchost.exe[1316] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread + 8 00000000771e2848 4 bytes [00, 00, 50, C3] .text C:\Windows\System32\svchost.exe[1316] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000771e2a00 6 bytes [48, B8, F9, D3, C1, 75] .text C:\Windows\System32\svchost.exe[1316] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation + 8 00000000771e2a08 4 bytes [00, 00, 50, C3] .text C:\Windows\System32\svchost.exe[1316] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000771e2b00 6 bytes [48, B8, B9, EA, C1, 75] .text C:\Windows\System32\svchost.exe[1316] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl + 8 00000000771e2b08 4 bytes [00, 00, 50, C3] .text C:\Windows\System32\svchost.exe[1316] C:\Windows\SYSTEM32\ntdll.dll!RtlReportException + 1 00000000772531f1 11 bytes [B8, F9, 7F, C1, 75, 00, 00, ...] .text C:\Windows\System32\svchost.exe[1316] C:\Windows\system32\kernel32.dll!Process32NextW + 1 00000000770720f1 11 bytes [B8, B9, CE, C1, 75, 00, 00, ...] .text C:\Windows\System32\svchost.exe[1316] C:\Windows\system32\kernel32.dll!CreateToolhelp32Snapshot 00000000770721e0 12 bytes [48, B8, F9, 39, C1, 75, 00, ...] .text C:\Windows\System32\svchost.exe[1316] C:\Windows\system32\kernel32.dll!CreateProcessInternalW 000000007708e750 12 bytes [48, B8, B9, 2D, C1, 75, 00, ...] .text C:\Windows\System32\svchost.exe[1316] C:\Windows\system32\kernel32.dll!GetStartupInfoA + 1 0000000077091e31 11 bytes [B8, 39, E0, C1, 75, 00, 00, ...] .text C:\Windows\System32\svchost.exe[1316] C:\Windows\system32\kernel32.dll!ReadConsoleInputW + 1 00000000770c5011 11 bytes [B8, 79, 75, C1, 75, 00, 00, ...] .text C:\Windows\System32\svchost.exe[1316] C:\Windows\system32\kernel32.dll!ReadConsoleInputA + 1 00000000770c5031 11 bytes [B8, F9, 71, C1, 75, 00, 00, ...] .text C:\Windows\System32\svchost.exe[1316] C:\Windows\system32\kernel32.dll!ReadConsoleW 00000000770da560 12 bytes [48, B8, 79, 7C, C1, 75, 00, ...] .text C:\Windows\System32\svchost.exe[1316] C:\Windows\system32\kernel32.dll!ReadConsoleA 00000000770da670 12 bytes [48, B8, F9, 78, C1, 75, 00, ...] .text C:\Windows\System32\svchost.exe[1316] C:\Windows\system32\KERNELBASE.dll!CloseHandle + 1 000007fefd441861 11 bytes [B8, 39, 4D, C1, 75, 00, 00, ...] .text C:\Windows\System32\svchost.exe[1316] C:\Windows\system32\KERNELBASE.dll!GetProcAddress + 1 000007fefd4430f1 11 bytes [B8, 39, C4, C1, 75, 00, 00, ...] .text C:\Windows\System32\svchost.exe[1316] C:\Windows\system32\KERNELBASE.dll!CreateMutexW 000007fefd448b80 12 bytes [48, B8, 79, 4B, C1, 75, 00, ...] .text C:\Windows\System32\svchost.exe[1316] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd449940 12 bytes [48, B8, B9, C0, C1, 75, 00, ...] .text C:\Windows\System32\svchost.exe[1316] C:\Windows\system32\KERNELBASE.dll!FreeLibrary + 1 000007fefd449fb1 11 bytes [B8, 79, C2, C1, 75, 00, 00, ...] .text C:\Windows\System32\svchost.exe[1316] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExA + 1 000007fefd44bbb1 11 bytes [B8, F9, BE, C1, 75, 00, 00, ...] .text C:\Windows\System32\svchost.exe[1316] C:\Windows\system32\KERNELBASE.dll!OpenMutexW + 1 000007fefd4529c1 11 bytes [B8, B9, 49, C1, 75, 00, 00, ...] .text C:\Windows\System32\svchost.exe[1316] C:\Windows\system32\KERNELBASE.dll!WriteProcessMemory 000007fefd474320 12 bytes [48, B8, 79, 3D, C1, 75, 00, ...] .text C:\Windows\System32\svchost.exe[1316] C:\Windows\system32\KERNELBASE.dll!CreateRemoteThread + 1 000007fefd482841 8 bytes [B8, 39, 23, C1, 75, 00, 00, ...] .text C:\Windows\System32\svchost.exe[1316] C:\Windows\system32\KERNELBASE.dll!CreateRemoteThread + 10 000007fefd48284a 2 bytes [50, C3] .text C:\Windows\System32\svchost.exe[1316] C:\Windows\system32\KERNELBASE.dll!CreateThread + 1 000007fefd482881 11 bytes [B8, B9, 3B, C1, 75, 00, 00, ...] .text C:\Windows\system32\svchost.exe[1348] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateProcessParametersEx + 1 00000000771c92a1 5 bytes [B8, F9, 63, C1, 75] .text C:\Windows\system32\svchost.exe[1348] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateProcessParametersEx + 7 00000000771c92a7 5 bytes [00, 00, 00, 50, C3] .text C:\Windows\system32\svchost.exe[1348] C:\Windows\SYSTEM32\ntdll.dll!NtWriteFile 00000000771e1390 6 bytes [48, B8, 39, E7, C1, 75] .text C:\Windows\system32\svchost.exe[1348] C:\Windows\SYSTEM32\ntdll.dll!NtWriteFile + 8 00000000771e1398 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\svchost.exe[1348] C:\Windows\SYSTEM32\ntdll.dll!NtClose 00000000771e1400 6 bytes [48, B8, 79, D0, C1, 75] .text C:\Windows\system32\svchost.exe[1348] C:\Windows\SYSTEM32\ntdll.dll!NtClose + 8 00000000771e1408 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\svchost.exe[1348] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess 00000000771e14d0 6 bytes [48, B8, 39, BD, C1, 75] .text C:\Windows\system32\svchost.exe[1348] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess + 8 00000000771e14d8 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\svchost.exe[1348] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000771e1570 6 bytes [48, B8, F9, 32, C1, 75] .text C:\Windows\system32\svchost.exe[1348] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess + 8 00000000771e1578 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\svchost.exe[1348] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 00000000771e1590 6 bytes [48, B8, 39, 1C, C1, 75] .text C:\Windows\system32\svchost.exe[1348] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection + 8 00000000771e1598 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\svchost.exe[1348] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection 00000000771e15b0 6 bytes [48, B8, F9, 1D, C1, 75] .text C:\Windows\system32\svchost.exe[1348] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection + 8 00000000771e15b8 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\svchost.exe[1348] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000771e15d0 6 bytes [48, B8, 79, BB, C1, 75] .text C:\Windows\system32\svchost.exe[1348] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess + 8 00000000771e15d8 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\svchost.exe[1348] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000771e1680 6 bytes [48, B8, B9, E3, C1, 75] .text C:\Windows\system32\svchost.exe[1348] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection + 8 00000000771e1688 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\svchost.exe[1348] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000771e16b0 6 bytes [48, B8, 79, 2F, C1, 75] .text C:\Windows\system32\svchost.exe[1348] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory + 8 00000000771e16b8 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\svchost.exe[1348] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000771e16d0 6 bytes [48, B8, 79, 36, C1, 75] .text C:\Windows\system32\svchost.exe[1348] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject + 8 00000000771e16d8 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\svchost.exe[1348] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 00000000771e1760 6 bytes [48, B8, B9, 34, C1, 75] .text C:\Windows\system32\svchost.exe[1348] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread + 8 00000000771e1768 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\svchost.exe[1348] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000771e17b0 6 bytes [48, B8, F9, E8, C1, 75] .text C:\Windows\system32\svchost.exe[1348] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection + 8 00000000771e17b8 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\svchost.exe[1348] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcessEx 00000000771e17e0 6 bytes [48, B8, 39, 2A, C1, 75] .text C:\Windows\system32\svchost.exe[1348] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcessEx + 8 00000000771e17e8 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\svchost.exe[1348] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000771e17f0 6 bytes [48, B8, B9, 26, C1, 75] .text C:\Windows\system32\svchost.exe[1348] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread + 8 00000000771e17f8 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\svchost.exe[1348] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 00000000771e1860 6 bytes [48, B8, 79, E5, C1, 75] .text C:\Windows\system32\svchost.exe[1348] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile + 8 00000000771e1868 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\svchost.exe[1348] C:\Windows\SYSTEM32\ntdll.dll!NtSetValueKey 00000000771e1910 6 bytes [48, B8, 79, EC, C1, 75] .text C:\Windows\system32\svchost.exe[1348] C:\Windows\SYSTEM32\ntdll.dll!NtSetValueKey + 8 00000000771e1918 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\svchost.exe[1348] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000771e1ce0 6 bytes [48, B8, F9, E1, C1, 75] .text C:\Windows\system32\svchost.exe[1348] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant + 8 00000000771e1ce8 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\svchost.exe[1348] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcess 00000000771e1d30 6 bytes [48, B8, 79, 28, C1, 75] .text C:\Windows\system32\svchost.exe[1348] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcess + 8 00000000771e1d38 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\svchost.exe[1348] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000771e1d90 6 bytes [48, B8, F9, 24, C1, 75] .text C:\Windows\system32\svchost.exe[1348] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx + 8 00000000771e1d98 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\svchost.exe[1348] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000771e2100 6 bytes [48, B8, 39, D2, C1, 75] .text C:\Windows\system32\svchost.exe[1348] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver + 8 00000000771e2108 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\svchost.exe[1348] C:\Windows\SYSTEM32\ntdll.dll!NtRaiseHardError 00000000771e2640 6 bytes [48, B8, 39, 7E, C1, 75] .text C:\Windows\system32\svchost.exe[1348] C:\Windows\SYSTEM32\ntdll.dll!NtRaiseHardError + 8 00000000771e2648 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\svchost.exe[1348] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000771e2840 6 bytes [48, B8, 39, 31, C1, 75] .text C:\Windows\system32\svchost.exe[1348] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread + 8 00000000771e2848 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\svchost.exe[1348] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000771e2a00 6 bytes [48, B8, F9, D3, C1, 75] .text C:\Windows\system32\svchost.exe[1348] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation + 8 00000000771e2a08 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\svchost.exe[1348] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000771e2b00 6 bytes [48, B8, B9, EA, C1, 75] .text C:\Windows\system32\svchost.exe[1348] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl + 8 00000000771e2b08 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\svchost.exe[1348] C:\Windows\SYSTEM32\ntdll.dll!RtlReportException + 1 00000000772531f1 11 bytes [B8, F9, 7F, C1, 75, 00, 00, ...] .text C:\Windows\system32\svchost.exe[1348] C:\Windows\system32\kernel32.dll!Process32NextW + 1 00000000770720f1 11 bytes [B8, B9, CE, C1, 75, 00, 00, ...] .text C:\Windows\system32\svchost.exe[1348] C:\Windows\system32\kernel32.dll!CreateToolhelp32Snapshot 00000000770721e0 12 bytes [48, B8, F9, 39, C1, 75, 00, ...] .text C:\Windows\system32\svchost.exe[1348] C:\Windows\system32\kernel32.dll!CreateProcessInternalW 000000007708e750 12 bytes [48, B8, B9, 2D, C1, 75, 00, ...] .text C:\Windows\system32\svchost.exe[1348] C:\Windows\system32\kernel32.dll!GetStartupInfoA + 1 0000000077091e31 11 bytes [B8, 39, E0, C1, 75, 00, 00, ...] .text C:\Windows\system32\svchost.exe[1348] C:\Windows\system32\kernel32.dll!ReadConsoleInputW + 1 00000000770c5011 11 bytes [B8, 79, 75, C1, 75, 00, 00, ...] .text C:\Windows\system32\svchost.exe[1348] C:\Windows\system32\kernel32.dll!ReadConsoleInputA + 1 00000000770c5031 11 bytes [B8, F9, 71, C1, 75, 00, 00, ...] .text C:\Windows\system32\svchost.exe[1348] C:\Windows\system32\kernel32.dll!ReadConsoleW 00000000770da560 12 bytes [48, B8, 79, 7C, C1, 75, 00, ...] .text C:\Windows\system32\svchost.exe[1348] C:\Windows\system32\kernel32.dll!ReadConsoleA 00000000770da670 12 bytes [48, B8, F9, 78, C1, 75, 00, ...] .text C:\Windows\system32\svchost.exe[1348] C:\Windows\system32\KERNELBASE.dll!CloseHandle + 1 000007fefd441861 11 bytes [B8, 39, 4D, C1, 75, 00, 00, ...] .text C:\Windows\system32\svchost.exe[1348] C:\Windows\system32\KERNELBASE.dll!GetProcAddress + 1 000007fefd4430f1 11 bytes [B8, 39, C4, C1, 75, 00, 00, ...] .text C:\Windows\system32\svchost.exe[1348] C:\Windows\system32\KERNELBASE.dll!CreateMutexW 000007fefd448b80 12 bytes [48, B8, 79, 4B, C1, 75, 00, ...] .text C:\Windows\system32\svchost.exe[1348] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd449940 12 bytes [48, B8, B9, C0, C1, 75, 00, ...] .text C:\Windows\system32\svchost.exe[1348] C:\Windows\system32\KERNELBASE.dll!FreeLibrary + 1 000007fefd449fb1 11 bytes [B8, 79, C2, C1, 75, 00, 00, ...] .text C:\Windows\system32\svchost.exe[1348] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExA + 1 000007fefd44bbb1 11 bytes [B8, F9, BE, C1, 75, 00, 00, ...] .text C:\Windows\system32\svchost.exe[1348] C:\Windows\system32\KERNELBASE.dll!OpenMutexW + 1 000007fefd4529c1 11 bytes [B8, B9, 49, C1, 75, 00, 00, ...] .text C:\Windows\system32\svchost.exe[1348] C:\Windows\system32\KERNELBASE.dll!WriteProcessMemory 000007fefd474320 12 bytes [48, B8, 79, 3D, C1, 75, 00, ...] .text C:\Windows\system32\svchost.exe[1348] C:\Windows\system32\KERNELBASE.dll!CreateRemoteThread + 1 000007fefd482841 8 bytes [B8, 39, 23, C1, 75, 00, 00, ...] .text C:\Windows\system32\svchost.exe[1348] C:\Windows\system32\KERNELBASE.dll!CreateRemoteThread + 10 000007fefd48284a 2 bytes [50, C3] .text C:\Windows\system32\svchost.exe[1348] C:\Windows\system32\KERNELBASE.dll!CreateThread + 1 000007fefd482881 11 bytes [B8, B9, 3B, C1, 75, 00, 00, ...] .text C:\Windows\system32\svchost.exe[1348] C:\Windows\system32\WS2_32.dll!WSASend + 1 000007fefe5a13b1 11 bytes [B8, B9, B9, C1, 75, 00, 00, ...] .text C:\Windows\system32\svchost.exe[1348] C:\Windows\system32\WS2_32.dll!closesocket 000007fefe5a18e0 12 bytes [48, B8, F9, B7, C1, 75, 00, ...] .text C:\Windows\system32\svchost.exe[1348] C:\Windows\system32\WS2_32.dll!WSASocketW + 1 000007fefe5a1bd1 11 bytes [B8, 39, B6, C1, 75, 00, 00, ...] .text C:\Windows\system32\svchost.exe[1348] C:\Windows\system32\WS2_32.dll!WSARecv + 1 000007fefe5a2201 11 bytes [B8, B9, DC, C1, 75, 00, 00, ...] .text C:\Windows\system32\svchost.exe[1348] C:\Windows\system32\WS2_32.dll!GetAddrInfoW 000007fefe5a23c0 12 bytes [48, B8, 39, A1, C1, 75, 00, ...] .text C:\Windows\system32\svchost.exe[1348] C:\Windows\system32\WS2_32.dll!connect 000007fefe5a45c0 12 bytes [48, B8, 39, 62, C1, 75, 00, ...] .text C:\Windows\system32\svchost.exe[1348] C:\Windows\system32\WS2_32.dll!send + 1 000007fefe5a8001 11 bytes [B8, 79, B4, C1, 75, 00, 00, ...] .text C:\Windows\system32\svchost.exe[1348] C:\Windows\system32\WS2_32.dll!gethostbyname 000007fefe5a8df0 7 bytes [48, B8, F9, A2, C1, 75, 00] .text C:\Windows\system32\svchost.exe[1348] C:\Windows\system32\WS2_32.dll!gethostbyname + 9 000007fefe5a8df9 3 bytes [00, 50, C3] .text C:\Windows\system32\svchost.exe[1348] C:\Windows\system32\WS2_32.dll!socket + 1 000007fefe5ade91 11 bytes [B8, B9, D5, C1, 75, 00, 00, ...] .text C:\Windows\system32\svchost.exe[1348] C:\Windows\system32\WS2_32.dll!recv + 1 000007fefe5adf41 11 bytes [B8, F9, DA, C1, 75, 00, 00, ...] .text C:\Windows\system32\svchost.exe[1348] C:\Windows\system32\WS2_32.dll!WSAConnect + 1 000007fefe5ce0f1 11 bytes [B8, 39, D9, C1, 75, 00, 00, ...] .text C:\Windows\system32\svchost.exe[1404] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateProcessParametersEx + 1 00000000771c92a1 5 bytes [B8, F9, 63, C1, 75] .text C:\Windows\system32\svchost.exe[1404] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateProcessParametersEx + 7 00000000771c92a7 5 bytes [00, 00, 00, 50, C3] .text C:\Windows\system32\svchost.exe[1404] C:\Windows\SYSTEM32\ntdll.dll!NtWriteFile 00000000771e1390 6 bytes [48, B8, 39, E7, C1, 75] .text C:\Windows\system32\svchost.exe[1404] C:\Windows\SYSTEM32\ntdll.dll!NtWriteFile + 8 00000000771e1398 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\svchost.exe[1404] C:\Windows\SYSTEM32\ntdll.dll!NtClose 00000000771e1400 6 bytes [48, B8, 79, D0, C1, 75] .text C:\Windows\system32\svchost.exe[1404] C:\Windows\SYSTEM32\ntdll.dll!NtClose + 8 00000000771e1408 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\svchost.exe[1404] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess 00000000771e14d0 6 bytes [48, B8, 39, BD, C1, 75] .text C:\Windows\system32\svchost.exe[1404] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess + 8 00000000771e14d8 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\svchost.exe[1404] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000771e1570 6 bytes [48, B8, F9, 32, C1, 75] .text C:\Windows\system32\svchost.exe[1404] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess + 8 00000000771e1578 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\svchost.exe[1404] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 00000000771e1590 6 bytes [48, B8, 39, 1C, C1, 75] .text C:\Windows\system32\svchost.exe[1404] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection + 8 00000000771e1598 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\svchost.exe[1404] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection 00000000771e15b0 6 bytes [48, B8, F9, 1D, C1, 75] .text C:\Windows\system32\svchost.exe[1404] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection + 8 00000000771e15b8 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\svchost.exe[1404] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000771e15d0 6 bytes [48, B8, 79, BB, C1, 75] .text C:\Windows\system32\svchost.exe[1404] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess + 8 00000000771e15d8 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\svchost.exe[1404] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000771e1680 6 bytes [48, B8, B9, E3, C1, 75] .text C:\Windows\system32\svchost.exe[1404] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection + 8 00000000771e1688 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\svchost.exe[1404] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000771e16b0 6 bytes [48, B8, 79, 2F, C1, 75] .text C:\Windows\system32\svchost.exe[1404] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory + 8 00000000771e16b8 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\svchost.exe[1404] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000771e16d0 6 bytes [48, B8, 79, 36, C1, 75] .text C:\Windows\system32\svchost.exe[1404] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject + 8 00000000771e16d8 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\svchost.exe[1404] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 00000000771e1760 6 bytes [48, B8, B9, 34, C1, 75] .text C:\Windows\system32\svchost.exe[1404] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread + 8 00000000771e1768 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\svchost.exe[1404] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000771e17b0 6 bytes [48, B8, F9, E8, C1, 75] .text C:\Windows\system32\svchost.exe[1404] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection + 8 00000000771e17b8 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\svchost.exe[1404] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcessEx 00000000771e17e0 6 bytes [48, B8, 39, 2A, C1, 75] .text C:\Windows\system32\svchost.exe[1404] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcessEx + 8 00000000771e17e8 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\svchost.exe[1404] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000771e17f0 6 bytes [48, B8, B9, 26, C1, 75] .text C:\Windows\system32\svchost.exe[1404] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread + 8 00000000771e17f8 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\svchost.exe[1404] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 00000000771e1860 6 bytes [48, B8, 79, E5, C1, 75] .text C:\Windows\system32\svchost.exe[1404] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile + 8 00000000771e1868 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\svchost.exe[1404] C:\Windows\SYSTEM32\ntdll.dll!NtSetValueKey 00000000771e1910 6 bytes [48, B8, 79, EC, C1, 75] .text C:\Windows\system32\svchost.exe[1404] C:\Windows\SYSTEM32\ntdll.dll!NtSetValueKey + 8 00000000771e1918 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\svchost.exe[1404] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000771e1ce0 6 bytes [48, B8, F9, E1, C1, 75] .text C:\Windows\system32\svchost.exe[1404] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant + 8 00000000771e1ce8 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\svchost.exe[1404] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcess 00000000771e1d30 6 bytes [48, B8, 79, 28, C1, 75] .text C:\Windows\system32\svchost.exe[1404] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcess + 8 00000000771e1d38 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\svchost.exe[1404] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000771e1d90 6 bytes [48, B8, F9, 24, C1, 75] .text C:\Windows\system32\svchost.exe[1404] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx + 8 00000000771e1d98 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\svchost.exe[1404] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000771e2100 6 bytes [48, B8, 39, D2, C1, 75] .text C:\Windows\system32\svchost.exe[1404] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver + 8 00000000771e2108 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\svchost.exe[1404] C:\Windows\SYSTEM32\ntdll.dll!NtRaiseHardError 00000000771e2640 6 bytes [48, B8, 39, 7E, C1, 75] .text C:\Windows\system32\svchost.exe[1404] C:\Windows\SYSTEM32\ntdll.dll!NtRaiseHardError + 8 00000000771e2648 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\svchost.exe[1404] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000771e2840 6 bytes [48, B8, 39, 31, C1, 75] .text C:\Windows\system32\svchost.exe[1404] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread + 8 00000000771e2848 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\svchost.exe[1404] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000771e2a00 6 bytes [48, B8, F9, D3, C1, 75] .text C:\Windows\system32\svchost.exe[1404] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation + 8 00000000771e2a08 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\svchost.exe[1404] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000771e2b00 6 bytes [48, B8, B9, EA, C1, 75] .text C:\Windows\system32\svchost.exe[1404] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl + 8 00000000771e2b08 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\svchost.exe[1404] C:\Windows\SYSTEM32\ntdll.dll!RtlReportException + 1 00000000772531f1 11 bytes [B8, F9, 7F, C1, 75, 00, 00, ...] .text C:\Windows\system32\svchost.exe[1404] C:\Windows\system32\kernel32.dll!Process32NextW + 1 00000000770720f1 11 bytes [B8, B9, CE, C1, 75, 00, 00, ...] .text C:\Windows\system32\svchost.exe[1404] C:\Windows\system32\kernel32.dll!CreateToolhelp32Snapshot 00000000770721e0 12 bytes [48, B8, F9, 39, C1, 75, 00, ...] .text C:\Windows\system32\svchost.exe[1404] C:\Windows\system32\kernel32.dll!CreateProcessInternalW 000000007708e750 12 bytes [48, B8, B9, 2D, C1, 75, 00, ...] .text C:\Windows\system32\svchost.exe[1404] C:\Windows\system32\kernel32.dll!GetStartupInfoA + 1 0000000077091e31 11 bytes [B8, 39, E0, C1, 75, 00, 00, ...] .text C:\Windows\system32\svchost.exe[1404] C:\Windows\system32\kernel32.dll!ReadConsoleInputW + 1 00000000770c5011 11 bytes [B8, 79, 75, C1, 75, 00, 00, ...] .text C:\Windows\system32\svchost.exe[1404] C:\Windows\system32\kernel32.dll!ReadConsoleInputA + 1 00000000770c5031 11 bytes [B8, F9, 71, C1, 75, 00, 00, ...] .text C:\Windows\system32\svchost.exe[1404] C:\Windows\system32\kernel32.dll!ReadConsoleW 00000000770da560 12 bytes [48, B8, 79, 7C, C1, 75, 00, ...] .text C:\Windows\system32\svchost.exe[1404] C:\Windows\system32\kernel32.dll!ReadConsoleA 00000000770da670 12 bytes [48, B8, F9, 78, C1, 75, 00, ...] .text C:\Windows\system32\svchost.exe[1404] C:\Windows\system32\KERNELBASE.dll!CloseHandle + 1 000007fefd441861 11 bytes [B8, 39, 4D, C1, 75, 00, 00, ...] .text C:\Windows\system32\svchost.exe[1404] C:\Windows\system32\KERNELBASE.dll!GetProcAddress + 1 000007fefd4430f1 11 bytes [B8, 39, C4, C1, 75, 00, 00, ...] .text C:\Windows\system32\svchost.exe[1404] C:\Windows\system32\KERNELBASE.dll!CreateMutexW 000007fefd448b80 12 bytes [48, B8, 79, 4B, C1, 75, 00, ...] .text C:\Windows\system32\svchost.exe[1404] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd449940 12 bytes [48, B8, B9, C0, C1, 75, 00, ...] .text C:\Windows\system32\svchost.exe[1404] C:\Windows\system32\KERNELBASE.dll!FreeLibrary + 1 000007fefd449fb1 11 bytes [B8, 79, C2, C1, 75, 00, 00, ...] .text C:\Windows\system32\svchost.exe[1404] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExA + 1 000007fefd44bbb1 11 bytes [B8, F9, BE, C1, 75, 00, 00, ...] .text C:\Windows\system32\svchost.exe[1404] C:\Windows\system32\KERNELBASE.dll!OpenMutexW + 1 000007fefd4529c1 11 bytes [B8, B9, 49, C1, 75, 00, 00, ...] .text C:\Windows\system32\svchost.exe[1404] C:\Windows\system32\KERNELBASE.dll!WriteProcessMemory 000007fefd474320 12 bytes [48, B8, 79, 3D, C1, 75, 00, ...] .text C:\Windows\system32\svchost.exe[1404] C:\Windows\system32\KERNELBASE.dll!CreateRemoteThread + 1 000007fefd482841 8 bytes [B8, 39, 23, C1, 75, 00, 00, ...] .text C:\Windows\system32\svchost.exe[1404] C:\Windows\system32\KERNELBASE.dll!CreateRemoteThread + 10 000007fefd48284a 2 bytes [50, C3] .text C:\Windows\system32\svchost.exe[1404] C:\Windows\system32\KERNELBASE.dll!CreateThread + 1 000007fefd482881 11 bytes [B8, B9, 3B, C1, 75, 00, 00, ...] .text C:\Windows\system32\svchost.exe[1404] C:\Windows\system32\WS2_32.dll!WSASend + 1 000007fefe5a13b1 11 bytes [B8, B9, B9, C1, 75, 00, 00, ...] .text C:\Windows\system32\svchost.exe[1404] C:\Windows\system32\WS2_32.dll!closesocket 000007fefe5a18e0 12 bytes [48, B8, F9, B7, C1, 75, 00, ...] .text C:\Windows\system32\svchost.exe[1404] C:\Windows\system32\WS2_32.dll!WSASocketW + 1 000007fefe5a1bd1 11 bytes [B8, 39, B6, C1, 75, 00, 00, ...] .text C:\Windows\system32\svchost.exe[1404] C:\Windows\system32\WS2_32.dll!WSARecv + 1 000007fefe5a2201 11 bytes [B8, B9, DC, C1, 75, 00, 00, ...] .text C:\Windows\system32\svchost.exe[1404] C:\Windows\system32\WS2_32.dll!GetAddrInfoW 000007fefe5a23c0 12 bytes [48, B8, 39, A1, C1, 75, 00, ...] .text C:\Windows\system32\svchost.exe[1404] C:\Windows\system32\WS2_32.dll!connect 000007fefe5a45c0 12 bytes [48, B8, 39, 62, C1, 75, 00, ...] .text C:\Windows\system32\svchost.exe[1404] C:\Windows\system32\WS2_32.dll!send + 1 000007fefe5a8001 11 bytes [B8, 79, B4, C1, 75, 00, 00, ...] .text C:\Windows\system32\svchost.exe[1404] C:\Windows\system32\WS2_32.dll!gethostbyname 000007fefe5a8df0 7 bytes [48, B8, F9, A2, C1, 75, 00] .text C:\Windows\system32\svchost.exe[1404] C:\Windows\system32\WS2_32.dll!gethostbyname + 9 000007fefe5a8df9 3 bytes [00, 50, C3] .text C:\Windows\system32\svchost.exe[1404] C:\Windows\system32\WS2_32.dll!socket + 1 000007fefe5ade91 11 bytes [B8, B9, D5, C1, 75, 00, 00, ...] .text C:\Windows\system32\svchost.exe[1404] C:\Windows\system32\WS2_32.dll!recv + 1 000007fefe5adf41 11 bytes [B8, F9, DA, C1, 75, 00, 00, ...] .text C:\Windows\system32\svchost.exe[1404] C:\Windows\system32\WS2_32.dll!WSAConnect + 1 000007fefe5ce0f1 11 bytes [B8, 39, D9, C1, 75, 00, 00, ...] .text C:\Windows\system32\atieclxx.exe[1636] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateProcessParametersEx + 1 00000000771c92a1 5 bytes [B8, F9, 63, C1, 75] .text C:\Windows\system32\atieclxx.exe[1636] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateProcessParametersEx + 7 00000000771c92a7 5 bytes [00, 00, 00, 50, C3] .text C:\Windows\system32\atieclxx.exe[1636] C:\Windows\SYSTEM32\ntdll.dll!NtWriteFile 00000000771e1390 6 bytes [48, B8, 79, EC, C1, 75] .text C:\Windows\system32\atieclxx.exe[1636] C:\Windows\SYSTEM32\ntdll.dll!NtWriteFile + 8 00000000771e1398 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\atieclxx.exe[1636] C:\Windows\SYSTEM32\ntdll.dll!NtClose 00000000771e1400 6 bytes [48, B8, 79, D0, C1, 75] .text C:\Windows\system32\atieclxx.exe[1636] C:\Windows\SYSTEM32\ntdll.dll!NtClose + 8 00000000771e1408 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\atieclxx.exe[1636] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess 00000000771e14d0 6 bytes [48, B8, 39, BD, C1, 75] .text C:\Windows\system32\atieclxx.exe[1636] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess + 8 00000000771e14d8 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\atieclxx.exe[1636] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000771e1570 6 bytes [48, B8, F9, 32, C1, 75] .text C:\Windows\system32\atieclxx.exe[1636] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess + 8 00000000771e1578 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\atieclxx.exe[1636] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 00000000771e1590 6 bytes [48, B8, 39, 1C, C1, 75] .text C:\Windows\system32\atieclxx.exe[1636] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection + 8 00000000771e1598 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\atieclxx.exe[1636] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection 00000000771e15b0 6 bytes [48, B8, F9, 1D, C1, 75] .text C:\Windows\system32\atieclxx.exe[1636] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection + 8 00000000771e15b8 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\atieclxx.exe[1636] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000771e15d0 6 bytes [48, B8, 79, BB, C1, 75] .text C:\Windows\system32\atieclxx.exe[1636] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess + 8 00000000771e15d8 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\atieclxx.exe[1636] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000771e1680 6 bytes [48, B8, F9, E8, C1, 75] .text C:\Windows\system32\atieclxx.exe[1636] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection + 8 00000000771e1688 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\atieclxx.exe[1636] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000771e16b0 6 bytes [48, B8, 79, 2F, C1, 75] .text C:\Windows\system32\atieclxx.exe[1636] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory + 8 00000000771e16b8 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\atieclxx.exe[1636] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000771e16d0 6 bytes [48, B8, 79, 36, C1, 75] .text C:\Windows\system32\atieclxx.exe[1636] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject + 8 00000000771e16d8 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\atieclxx.exe[1636] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 00000000771e1760 6 bytes [48, B8, B9, 34, C1, 75] .text C:\Windows\system32\atieclxx.exe[1636] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread + 8 00000000771e1768 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\atieclxx.exe[1636] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000771e17b0 6 bytes [48, B8, 39, EE, C1, 75] .text C:\Windows\system32\atieclxx.exe[1636] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection + 8 00000000771e17b8 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\atieclxx.exe[1636] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcessEx 00000000771e17e0 6 bytes [48, B8, 39, 2A, C1, 75] .text C:\Windows\system32\atieclxx.exe[1636] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcessEx + 8 00000000771e17e8 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\atieclxx.exe[1636] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000771e17f0 6 bytes [48, B8, B9, 26, C1, 75] .text C:\Windows\system32\atieclxx.exe[1636] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread + 8 00000000771e17f8 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\atieclxx.exe[1636] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 00000000771e1860 6 bytes [48, B8, B9, EA, C1, 75] .text C:\Windows\system32\atieclxx.exe[1636] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile + 8 00000000771e1868 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\atieclxx.exe[1636] C:\Windows\SYSTEM32\ntdll.dll!NtSetValueKey 00000000771e1910 6 bytes [48, B8, B9, F1, C1, 75] .text C:\Windows\system32\atieclxx.exe[1636] C:\Windows\SYSTEM32\ntdll.dll!NtSetValueKey + 8 00000000771e1918 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\atieclxx.exe[1636] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000771e1ce0 6 bytes [48, B8, 39, E7, C1, 75] .text C:\Windows\system32\atieclxx.exe[1636] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant + 8 00000000771e1ce8 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\atieclxx.exe[1636] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcess 00000000771e1d30 6 bytes [48, B8, 79, 28, C1, 75] .text C:\Windows\system32\atieclxx.exe[1636] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcess + 8 00000000771e1d38 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\atieclxx.exe[1636] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000771e1d90 6 bytes [48, B8, F9, 24, C1, 75] .text C:\Windows\system32\atieclxx.exe[1636] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx + 8 00000000771e1d98 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\atieclxx.exe[1636] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000771e2100 6 bytes [48, B8, 39, D2, C1, 75] .text C:\Windows\system32\atieclxx.exe[1636] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver + 8 00000000771e2108 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\atieclxx.exe[1636] C:\Windows\SYSTEM32\ntdll.dll!NtRaiseHardError 00000000771e2640 6 bytes [48, B8, 39, 7E, C1, 75] .text C:\Windows\system32\atieclxx.exe[1636] C:\Windows\SYSTEM32\ntdll.dll!NtRaiseHardError + 8 00000000771e2648 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\atieclxx.exe[1636] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000771e2840 6 bytes [48, B8, 39, 31, C1, 75] .text C:\Windows\system32\atieclxx.exe[1636] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread + 8 00000000771e2848 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\atieclxx.exe[1636] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000771e2a00 6 bytes [48, B8, F9, D3, C1, 75] .text C:\Windows\system32\atieclxx.exe[1636] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation + 8 00000000771e2a08 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\atieclxx.exe[1636] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000771e2b00 6 bytes [48, B8, F9, EF, C1, 75] .text C:\Windows\system32\atieclxx.exe[1636] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl + 8 00000000771e2b08 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\atieclxx.exe[1636] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000771e2be0 6 bytes [48, B8, F9, E1, C1, 75] .text C:\Windows\system32\atieclxx.exe[1636] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl + 8 00000000771e2be8 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\atieclxx.exe[1636] C:\Windows\SYSTEM32\ntdll.dll!RtlReportException + 1 00000000772531f1 11 bytes [B8, F9, 7F, C1, 75, 00, 00, ...] .text C:\Windows\system32\atieclxx.exe[1636] C:\Windows\system32\kernel32.dll!Process32NextW + 1 00000000770720f1 11 bytes [B8, B9, CE, C1, 75, 00, 00, ...] .text C:\Windows\system32\atieclxx.exe[1636] C:\Windows\system32\kernel32.dll!CreateToolhelp32Snapshot 00000000770721e0 12 bytes [48, B8, F9, 39, C1, 75, 00, ...] .text C:\Windows\system32\atieclxx.exe[1636] C:\Windows\system32\kernel32.dll!CreateProcessInternalW 000000007708e750 12 bytes [48, B8, B9, 2D, C1, 75, 00, ...] .text C:\Windows\system32\atieclxx.exe[1636] C:\Windows\system32\kernel32.dll!GetStartupInfoA + 1 0000000077091e31 11 bytes [B8, 39, E0, C1, 75, 00, 00, ...] .text C:\Windows\system32\atieclxx.exe[1636] C:\Windows\system32\kernel32.dll!ReadConsoleInputW + 1 00000000770c5011 11 bytes [B8, 79, 75, C1, 75, 00, 00, ...] .text C:\Windows\system32\atieclxx.exe[1636] C:\Windows\system32\kernel32.dll!ReadConsoleInputA + 1 00000000770c5031 11 bytes [B8, F9, 71, C1, 75, 00, 00, ...] .text C:\Windows\system32\atieclxx.exe[1636] C:\Windows\system32\kernel32.dll!ReadConsoleW 00000000770da560 12 bytes [48, B8, 79, 7C, C1, 75, 00, ...] .text C:\Windows\system32\atieclxx.exe[1636] C:\Windows\system32\kernel32.dll!ReadConsoleA 00000000770da670 12 bytes [48, B8, F9, 78, C1, 75, 00, ...] .text C:\Windows\system32\atieclxx.exe[1636] C:\Windows\system32\KERNELBASE.dll!CloseHandle + 1 000007fefd441861 11 bytes [B8, 39, 4D, C1, 75, 00, 00, ...] .text C:\Windows\system32\atieclxx.exe[1636] C:\Windows\system32\KERNELBASE.dll!GetProcAddress + 1 000007fefd4430f1 11 bytes [B8, 39, C4, C1, 75, 00, 00, ...] .text C:\Windows\system32\atieclxx.exe[1636] C:\Windows\system32\KERNELBASE.dll!CreateMutexW 000007fefd448b80 12 bytes [48, B8, 79, 4B, C1, 75, 00, ...] .text C:\Windows\system32\atieclxx.exe[1636] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd449940 12 bytes [48, B8, B9, C0, C1, 75, 00, ...] .text C:\Windows\system32\atieclxx.exe[1636] C:\Windows\system32\KERNELBASE.dll!FreeLibrary + 1 000007fefd449fb1 11 bytes [B8, 79, C2, C1, 75, 00, 00, ...] .text C:\Windows\system32\atieclxx.exe[1636] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExA + 1 000007fefd44bbb1 11 bytes [B8, F9, BE, C1, 75, 00, 00, ...] .text C:\Windows\system32\atieclxx.exe[1636] C:\Windows\system32\KERNELBASE.dll!OpenMutexW + 1 000007fefd4529c1 11 bytes [B8, B9, 49, C1, 75, 00, 00, ...] .text C:\Windows\system32\atieclxx.exe[1636] C:\Windows\system32\KERNELBASE.dll!WriteProcessMemory 000007fefd474320 12 bytes [48, B8, 79, 3D, C1, 75, 00, ...] .text C:\Windows\system32\atieclxx.exe[1636] C:\Windows\system32\KERNELBASE.dll!CreateRemoteThread + 1 000007fefd482841 8 bytes [B8, 39, 23, C1, 75, 00, 00, ...] .text C:\Windows\system32\atieclxx.exe[1636] C:\Windows\system32\KERNELBASE.dll!CreateRemoteThread + 10 000007fefd48284a 2 bytes [50, C3] .text C:\Windows\system32\atieclxx.exe[1636] C:\Windows\system32\KERNELBASE.dll!CreateThread + 1 000007fefd482881 11 bytes [B8, B9, 3B, C1, 75, 00, 00, ...] .text C:\Windows\system32\svchost.exe[1716] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateProcessParametersEx + 1 00000000771c92a1 5 bytes [B8, F9, 63, C1, 75] .text C:\Windows\system32\svchost.exe[1716] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateProcessParametersEx + 7 00000000771c92a7 5 bytes [00, 00, 00, 50, C3] .text C:\Windows\system32\svchost.exe[1716] C:\Windows\SYSTEM32\ntdll.dll!NtWriteFile 00000000771e1390 6 bytes [48, B8, 39, E7, C1, 75] .text C:\Windows\system32\svchost.exe[1716] C:\Windows\SYSTEM32\ntdll.dll!NtWriteFile + 8 00000000771e1398 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\svchost.exe[1716] C:\Windows\SYSTEM32\ntdll.dll!NtClose 00000000771e1400 6 bytes [48, B8, 79, D0, C1, 75] .text C:\Windows\system32\svchost.exe[1716] C:\Windows\SYSTEM32\ntdll.dll!NtClose + 8 00000000771e1408 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\svchost.exe[1716] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess 00000000771e14d0 6 bytes [48, B8, 39, BD, C1, 75] .text C:\Windows\system32\svchost.exe[1716] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess + 8 00000000771e14d8 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\svchost.exe[1716] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000771e1570 6 bytes [48, B8, F9, 32, C1, 75] .text C:\Windows\system32\svchost.exe[1716] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess + 8 00000000771e1578 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\svchost.exe[1716] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 00000000771e1590 6 bytes [48, B8, 39, 1C, C1, 75] .text C:\Windows\system32\svchost.exe[1716] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection + 8 00000000771e1598 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\svchost.exe[1716] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection 00000000771e15b0 6 bytes [48, B8, F9, 1D, C1, 75] .text C:\Windows\system32\svchost.exe[1716] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection + 8 00000000771e15b8 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\svchost.exe[1716] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000771e15d0 6 bytes [48, B8, 79, BB, C1, 75] .text C:\Windows\system32\svchost.exe[1716] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess + 8 00000000771e15d8 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\svchost.exe[1716] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000771e1680 6 bytes [48, B8, B9, E3, C1, 75] .text C:\Windows\system32\svchost.exe[1716] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection + 8 00000000771e1688 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\svchost.exe[1716] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000771e16b0 6 bytes [48, B8, 79, 2F, C1, 75] .text C:\Windows\system32\svchost.exe[1716] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory + 8 00000000771e16b8 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\svchost.exe[1716] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000771e16d0 6 bytes [48, B8, 79, 36, C1, 75] .text C:\Windows\system32\svchost.exe[1716] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject + 8 00000000771e16d8 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\svchost.exe[1716] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 00000000771e1760 6 bytes [48, B8, B9, 34, C1, 75] .text C:\Windows\system32\svchost.exe[1716] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread + 8 00000000771e1768 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\svchost.exe[1716] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000771e17b0 6 bytes [48, B8, F9, E8, C1, 75] .text C:\Windows\system32\svchost.exe[1716] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection + 8 00000000771e17b8 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\svchost.exe[1716] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcessEx 00000000771e17e0 6 bytes [48, B8, 39, 2A, C1, 75] .text C:\Windows\system32\svchost.exe[1716] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcessEx + 8 00000000771e17e8 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\svchost.exe[1716] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000771e17f0 6 bytes [48, B8, B9, 26, C1, 75] .text C:\Windows\system32\svchost.exe[1716] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread + 8 00000000771e17f8 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\svchost.exe[1716] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 00000000771e1860 6 bytes [48, B8, 79, E5, C1, 75] .text C:\Windows\system32\svchost.exe[1716] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile + 8 00000000771e1868 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\svchost.exe[1716] C:\Windows\SYSTEM32\ntdll.dll!NtSetValueKey 00000000771e1910 6 bytes [48, B8, 79, EC, C1, 75] .text C:\Windows\system32\svchost.exe[1716] C:\Windows\SYSTEM32\ntdll.dll!NtSetValueKey + 8 00000000771e1918 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\svchost.exe[1716] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000771e1ce0 6 bytes [48, B8, F9, E1, C1, 75] .text C:\Windows\system32\svchost.exe[1716] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant + 8 00000000771e1ce8 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\svchost.exe[1716] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcess 00000000771e1d30 6 bytes [48, B8, 79, 28, C1, 75] .text C:\Windows\system32\svchost.exe[1716] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcess + 8 00000000771e1d38 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\svchost.exe[1716] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000771e1d90 6 bytes [48, B8, F9, 24, C1, 75] .text C:\Windows\system32\svchost.exe[1716] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx + 8 00000000771e1d98 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\svchost.exe[1716] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000771e2100 6 bytes [48, B8, 39, D2, C1, 75] .text C:\Windows\system32\svchost.exe[1716] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver + 8 00000000771e2108 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\svchost.exe[1716] C:\Windows\SYSTEM32\ntdll.dll!NtRaiseHardError 00000000771e2640 6 bytes [48, B8, 39, 7E, C1, 75] .text C:\Windows\system32\svchost.exe[1716] C:\Windows\SYSTEM32\ntdll.dll!NtRaiseHardError + 8 00000000771e2648 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\svchost.exe[1716] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000771e2840 6 bytes [48, B8, 39, 31, C1, 75] .text C:\Windows\system32\svchost.exe[1716] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread + 8 00000000771e2848 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\svchost.exe[1716] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000771e2a00 6 bytes [48, B8, F9, D3, C1, 75] .text C:\Windows\system32\svchost.exe[1716] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation + 8 00000000771e2a08 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\svchost.exe[1716] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000771e2b00 6 bytes [48, B8, B9, EA, C1, 75] .text C:\Windows\system32\svchost.exe[1716] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl + 8 00000000771e2b08 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\svchost.exe[1716] C:\Windows\SYSTEM32\ntdll.dll!RtlReportException + 1 00000000772531f1 11 bytes [B8, F9, 7F, C1, 75, 00, 00, ...] .text C:\Windows\system32\svchost.exe[1716] C:\Windows\system32\kernel32.dll!Process32NextW + 1 00000000770720f1 11 bytes [B8, B9, CE, C1, 75, 00, 00, ...] .text C:\Windows\system32\svchost.exe[1716] C:\Windows\system32\kernel32.dll!CreateToolhelp32Snapshot 00000000770721e0 12 bytes [48, B8, F9, 39, C1, 75, 00, ...] .text C:\Windows\system32\svchost.exe[1716] C:\Windows\system32\kernel32.dll!CreateProcessInternalW 000000007708e750 12 bytes [48, B8, B9, 2D, C1, 75, 00, ...] .text C:\Windows\system32\svchost.exe[1716] C:\Windows\system32\kernel32.dll!GetStartupInfoA + 1 0000000077091e31 11 bytes [B8, 39, E0, C1, 75, 00, 00, ...] .text C:\Windows\system32\svchost.exe[1716] C:\Windows\system32\kernel32.dll!ReadConsoleInputW + 1 00000000770c5011 11 bytes [B8, 79, 75, C1, 75, 00, 00, ...] .text C:\Windows\system32\svchost.exe[1716] C:\Windows\system32\kernel32.dll!ReadConsoleInputA + 1 00000000770c5031 11 bytes [B8, F9, 71, C1, 75, 00, 00, ...] .text C:\Windows\system32\svchost.exe[1716] C:\Windows\system32\kernel32.dll!ReadConsoleW 00000000770da560 12 bytes [48, B8, 79, 7C, C1, 75, 00, ...] .text C:\Windows\system32\svchost.exe[1716] C:\Windows\system32\kernel32.dll!ReadConsoleA 00000000770da670 12 bytes [48, B8, F9, 78, C1, 75, 00, ...] .text C:\Windows\system32\svchost.exe[1716] C:\Windows\system32\KERNELBASE.dll!CloseHandle + 1 000007fefd441861 11 bytes [B8, 39, 4D, C1, 75, 00, 00, ...] .text C:\Windows\system32\svchost.exe[1716] C:\Windows\system32\KERNELBASE.dll!GetProcAddress + 1 000007fefd4430f1 11 bytes [B8, 39, C4, C1, 75, 00, 00, ...] .text C:\Windows\system32\svchost.exe[1716] C:\Windows\system32\KERNELBASE.dll!CreateMutexW 000007fefd448b80 12 bytes [48, B8, 79, 4B, C1, 75, 00, ...] .text C:\Windows\system32\svchost.exe[1716] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd449940 12 bytes [48, B8, B9, C0, C1, 75, 00, ...] .text C:\Windows\system32\svchost.exe[1716] C:\Windows\system32\KERNELBASE.dll!FreeLibrary + 1 000007fefd449fb1 11 bytes [B8, 79, C2, C1, 75, 00, 00, ...] .text C:\Windows\system32\svchost.exe[1716] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExA + 1 000007fefd44bbb1 11 bytes [B8, F9, BE, C1, 75, 00, 00, ...] .text C:\Windows\system32\svchost.exe[1716] C:\Windows\system32\KERNELBASE.dll!OpenMutexW + 1 000007fefd4529c1 11 bytes [B8, B9, 49, C1, 75, 00, 00, ...] .text C:\Windows\system32\svchost.exe[1716] C:\Windows\system32\KERNELBASE.dll!WriteProcessMemory 000007fefd474320 12 bytes [48, B8, 79, 3D, C1, 75, 00, ...] .text C:\Windows\system32\svchost.exe[1716] C:\Windows\system32\KERNELBASE.dll!CreateRemoteThread + 1 000007fefd482841 8 bytes [B8, 39, 23, C1, 75, 00, 00, ...] .text C:\Windows\system32\svchost.exe[1716] C:\Windows\system32\KERNELBASE.dll!CreateRemoteThread + 10 000007fefd48284a 2 bytes [50, C3] .text C:\Windows\system32\svchost.exe[1716] C:\Windows\system32\KERNELBASE.dll!CreateThread + 1 000007fefd482881 11 bytes [B8, B9, 3B, C1, 75, 00, 00, ...] .text C:\Windows\system32\WLANExt.exe[1856] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateProcessParametersEx + 1 00000000771c92a1 5 bytes [B8, F9, 63, C1, 75] .text C:\Windows\system32\WLANExt.exe[1856] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateProcessParametersEx + 7 00000000771c92a7 5 bytes [00, 00, 00, 50, C3] .text C:\Windows\system32\WLANExt.exe[1856] C:\Windows\SYSTEM32\ntdll.dll!NtWriteFile 00000000771e1390 6 bytes [48, B8, 79, EC, C1, 75] .text C:\Windows\system32\WLANExt.exe[1856] C:\Windows\SYSTEM32\ntdll.dll!NtWriteFile + 8 00000000771e1398 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\WLANExt.exe[1856] C:\Windows\SYSTEM32\ntdll.dll!NtClose 00000000771e1400 6 bytes [48, B8, 79, D0, C1, 75] .text C:\Windows\system32\WLANExt.exe[1856] C:\Windows\SYSTEM32\ntdll.dll!NtClose + 8 00000000771e1408 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\WLANExt.exe[1856] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess 00000000771e14d0 6 bytes [48, B8, 39, BD, C1, 75] .text C:\Windows\system32\WLANExt.exe[1856] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess + 8 00000000771e14d8 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\WLANExt.exe[1856] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000771e1570 6 bytes [48, B8, F9, 32, C1, 75] .text C:\Windows\system32\WLANExt.exe[1856] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess + 8 00000000771e1578 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\WLANExt.exe[1856] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 00000000771e1590 6 bytes [48, B8, 39, 1C, C1, 75] .text C:\Windows\system32\WLANExt.exe[1856] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection + 8 00000000771e1598 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\WLANExt.exe[1856] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection 00000000771e15b0 6 bytes [48, B8, F9, 1D, C1, 75] .text C:\Windows\system32\WLANExt.exe[1856] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection + 8 00000000771e15b8 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\WLANExt.exe[1856] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000771e15d0 6 bytes [48, B8, 79, BB, C1, 75] .text C:\Windows\system32\WLANExt.exe[1856] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess + 8 00000000771e15d8 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\WLANExt.exe[1856] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000771e1680 6 bytes [48, B8, F9, E8, C1, 75] .text C:\Windows\system32\WLANExt.exe[1856] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection + 8 00000000771e1688 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\WLANExt.exe[1856] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000771e16b0 6 bytes [48, B8, 79, 2F, C1, 75] .text C:\Windows\system32\WLANExt.exe[1856] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory + 8 00000000771e16b8 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\WLANExt.exe[1856] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000771e16d0 6 bytes [48, B8, 79, 36, C1, 75] .text C:\Windows\system32\WLANExt.exe[1856] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject + 8 00000000771e16d8 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\WLANExt.exe[1856] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 00000000771e1760 6 bytes [48, B8, B9, 34, C1, 75] .text C:\Windows\system32\WLANExt.exe[1856] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread + 8 00000000771e1768 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\WLANExt.exe[1856] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000771e17b0 6 bytes [48, B8, 39, EE, C1, 75] .text C:\Windows\system32\WLANExt.exe[1856] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection + 8 00000000771e17b8 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\WLANExt.exe[1856] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcessEx 00000000771e17e0 6 bytes [48, B8, 39, 2A, C1, 75] .text C:\Windows\system32\WLANExt.exe[1856] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcessEx + 8 00000000771e17e8 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\WLANExt.exe[1856] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000771e17f0 6 bytes [48, B8, B9, 26, C1, 75] .text C:\Windows\system32\WLANExt.exe[1856] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread + 8 00000000771e17f8 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\WLANExt.exe[1856] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 00000000771e1860 6 bytes [48, B8, B9, EA, C1, 75] .text C:\Windows\system32\WLANExt.exe[1856] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile + 8 00000000771e1868 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\WLANExt.exe[1856] C:\Windows\SYSTEM32\ntdll.dll!NtSetValueKey 00000000771e1910 6 bytes [48, B8, B9, F1, C1, 75] .text C:\Windows\system32\WLANExt.exe[1856] C:\Windows\SYSTEM32\ntdll.dll!NtSetValueKey + 8 00000000771e1918 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\WLANExt.exe[1856] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000771e1ce0 6 bytes [48, B8, 39, E7, C1, 75] .text C:\Windows\system32\WLANExt.exe[1856] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant + 8 00000000771e1ce8 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\WLANExt.exe[1856] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcess 00000000771e1d30 6 bytes [48, B8, 79, 28, C1, 75] .text C:\Windows\system32\WLANExt.exe[1856] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcess + 8 00000000771e1d38 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\WLANExt.exe[1856] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000771e1d90 6 bytes [48, B8, F9, 24, C1, 75] .text C:\Windows\system32\WLANExt.exe[1856] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx + 8 00000000771e1d98 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\WLANExt.exe[1856] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000771e2100 6 bytes [48, B8, 39, D2, C1, 75] .text C:\Windows\system32\WLANExt.exe[1856] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver + 8 00000000771e2108 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\WLANExt.exe[1856] C:\Windows\SYSTEM32\ntdll.dll!NtRaiseHardError 00000000771e2640 6 bytes [48, B8, 39, 7E, C1, 75] .text C:\Windows\system32\WLANExt.exe[1856] C:\Windows\SYSTEM32\ntdll.dll!NtRaiseHardError + 8 00000000771e2648 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\WLANExt.exe[1856] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000771e2840 6 bytes [48, B8, 39, 31, C1, 75] .text C:\Windows\system32\WLANExt.exe[1856] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread + 8 00000000771e2848 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\WLANExt.exe[1856] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000771e2a00 6 bytes [48, B8, F9, D3, C1, 75] .text C:\Windows\system32\WLANExt.exe[1856] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation + 8 00000000771e2a08 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\WLANExt.exe[1856] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000771e2b00 6 bytes [48, B8, F9, EF, C1, 75] .text C:\Windows\system32\WLANExt.exe[1856] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl + 8 00000000771e2b08 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\WLANExt.exe[1856] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000771e2be0 6 bytes [48, B8, F9, E1, C1, 75] .text C:\Windows\system32\WLANExt.exe[1856] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl + 8 00000000771e2be8 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\WLANExt.exe[1856] C:\Windows\SYSTEM32\ntdll.dll!RtlReportException + 1 00000000772531f1 11 bytes [B8, F9, 7F, C1, 75, 00, 00, ...] .text C:\Windows\system32\WLANExt.exe[1856] C:\Windows\system32\kernel32.dll!Process32NextW + 1 00000000770720f1 11 bytes [B8, B9, CE, C1, 75, 00, 00, ...] .text C:\Windows\system32\WLANExt.exe[1856] C:\Windows\system32\kernel32.dll!CreateToolhelp32Snapshot 00000000770721e0 12 bytes [48, B8, F9, 39, C1, 75, 00, ...] .text C:\Windows\system32\WLANExt.exe[1856] C:\Windows\system32\kernel32.dll!CreateProcessInternalW 000000007708e750 12 bytes [48, B8, B9, 2D, C1, 75, 00, ...] .text C:\Windows\system32\WLANExt.exe[1856] C:\Windows\system32\kernel32.dll!GetStartupInfoA + 1 0000000077091e31 11 bytes [B8, 39, E0, C1, 75, 00, 00, ...] .text C:\Windows\system32\WLANExt.exe[1856] C:\Windows\system32\kernel32.dll!ReadConsoleInputW + 1 00000000770c5011 11 bytes [B8, 79, 75, C1, 75, 00, 00, ...] .text C:\Windows\system32\WLANExt.exe[1856] C:\Windows\system32\kernel32.dll!ReadConsoleInputA + 1 00000000770c5031 11 bytes [B8, F9, 71, C1, 75, 00, 00, ...] .text C:\Windows\system32\WLANExt.exe[1856] C:\Windows\system32\kernel32.dll!ReadConsoleW 00000000770da560 12 bytes [48, B8, 79, 7C, C1, 75, 00, ...] .text C:\Windows\system32\WLANExt.exe[1856] C:\Windows\system32\kernel32.dll!ReadConsoleA 00000000770da670 12 bytes [48, B8, F9, 78, C1, 75, 00, ...] .text C:\Windows\system32\WLANExt.exe[1856] C:\Windows\system32\KERNELBASE.dll!CloseHandle + 1 000007fefd441861 11 bytes [B8, 39, 4D, C1, 75, 00, 00, ...] .text C:\Windows\system32\WLANExt.exe[1856] C:\Windows\system32\KERNELBASE.dll!GetProcAddress + 1 000007fefd4430f1 11 bytes [B8, 39, C4, C1, 75, 00, 00, ...] .text C:\Windows\system32\WLANExt.exe[1856] C:\Windows\system32\KERNELBASE.dll!CreateMutexW 000007fefd448b80 12 bytes [48, B8, 79, 4B, C1, 75, 00, ...] .text C:\Windows\system32\WLANExt.exe[1856] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd449940 12 bytes [48, B8, B9, C0, C1, 75, 00, ...] .text C:\Windows\system32\WLANExt.exe[1856] C:\Windows\system32\KERNELBASE.dll!FreeLibrary + 1 000007fefd449fb1 11 bytes [B8, 79, C2, C1, 75, 00, 00, ...] .text C:\Windows\system32\WLANExt.exe[1856] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExA + 1 000007fefd44bbb1 11 bytes [B8, F9, BE, C1, 75, 00, 00, ...] .text C:\Windows\system32\WLANExt.exe[1856] C:\Windows\system32\KERNELBASE.dll!OpenMutexW + 1 000007fefd4529c1 11 bytes [B8, B9, 49, C1, 75, 00, 00, ...] .text C:\Windows\system32\WLANExt.exe[1856] C:\Windows\system32\KERNELBASE.dll!WriteProcessMemory 000007fefd474320 12 bytes [48, B8, 79, 3D, C1, 75, 00, ...] .text C:\Windows\system32\WLANExt.exe[1856] C:\Windows\system32\KERNELBASE.dll!CreateRemoteThread + 1 000007fefd482841 8 bytes [B8, 39, 23, C1, 75, 00, 00, ...] .text C:\Windows\system32\WLANExt.exe[1856] C:\Windows\system32\KERNELBASE.dll!CreateRemoteThread + 10 000007fefd48284a 2 bytes [50, C3] .text C:\Windows\system32\WLANExt.exe[1856] C:\Windows\system32\KERNELBASE.dll!CreateThread + 1 000007fefd482881 11 bytes [B8, B9, 3B, C1, 75, 00, 00, ...] .text C:\Windows\system32\WLANExt.exe[1856] C:\Windows\SYSTEM32\sechost.dll!ControlService + 1 000007fefd77642d 11 bytes [B8, F9, 55, C1, 75, 00, 00, ...] .text C:\Windows\system32\WLANExt.exe[1856] C:\Windows\SYSTEM32\sechost.dll!OpenServiceW 000007fefd776484 12 bytes [48, B8, B9, 50, C1, 75, 00, ...] .text C:\Windows\system32\WLANExt.exe[1856] C:\Windows\SYSTEM32\sechost.dll!CloseServiceHandle + 1 000007fefd776519 11 bytes [B8, F9, 5C, C1, 75, 00, 00, ...] .text C:\Windows\system32\WLANExt.exe[1856] C:\Windows\SYSTEM32\sechost.dll!OpenServiceA 000007fefd776c34 12 bytes [48, B8, F9, 4E, C1, 75, 00, ...] .text C:\Windows\system32\WLANExt.exe[1856] C:\Windows\SYSTEM32\sechost.dll!DeleteService + 1 000007fefd777ab5 11 bytes [B8, B9, 57, C1, 75, 00, 00, ...] .text C:\Windows\system32\WLANExt.exe[1856] C:\Windows\SYSTEM32\sechost.dll!ControlServiceExA + 1 000007fefd778b01 11 bytes [B8, 79, 52, C1, 75, 00, 00, ...] .text C:\Windows\system32\WLANExt.exe[1856] C:\Windows\SYSTEM32\sechost.dll!ControlServiceExW + 1 000007fefd778c39 11 bytes [B8, 39, 54, C1, 75, 00, 00, ...] .text C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe[1968] C:\Windows\SysWOW64\ntdll.dll!NtWriteFile 000000007738f908 5 bytes JMP 00000001741e6661 .text C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe[1968] C:\Windows\SysWOW64\ntdll.dll!NtClose 000000007738f9c0 5 bytes JMP 00000001741e5f11 .text C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe[1968] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationProcess 000000007738fb08 5 bytes JMP 00000001741e5971 .text C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe[1968] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess 000000007738fc00 5 bytes JMP 00000001741e3061 .text C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe[1968] C:\Windows\SysWOW64\ntdll.dll!NtMapViewOfSection 000000007738fc30 5 bytes JMP 00000001741e15f1 .text C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe[1968] C:\Windows\SysWOW64\ntdll.dll!NtUnmapViewOfSection 000000007738fc60 5 bytes JMP 00000001741e1681 .text C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe[1968] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 000000007738fc90 5 bytes JMP 00000001741e58e1 .text C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe[1968] C:\Windows\SysWOW64\ntdll.dll!NtOpenSection 000000007738fda8 5 bytes JMP 00000001741e65d1 .text C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe[1968] C:\Windows\SysWOW64\ntdll.dll!NtWriteVirtualMemory 000000007738fdf4 5 bytes JMP 00000001741e2f41 .text C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe[1968] C:\Windows\SysWOW64\ntdll.dll!NtDuplicateObject 000000007738fe24 5 bytes JMP 00000001741e3181 .text C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe[1968] C:\Windows\SysWOW64\ntdll.dll!NtQueueApcThread 000000007738ff04 5 bytes JMP 00000001741e30f1 .text C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe[1968] C:\Windows\SysWOW64\ntdll.dll!NtCreateSection 000000007738ff84 5 bytes JMP 00000001741e66f1 .text C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe[1968] C:\Windows\SysWOW64\ntdll.dll!NtCreateProcessEx 000000007738ffcc 5 bytes JMP 00000001741e2d91 .text C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe[1968] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread 000000007738ffe4 5 bytes JMP 00000001741e2c71 .text C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe[1968] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile 0000000077390094 5 bytes JMP 00000001741e1e61 .text C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe[1968] C:\Windows\SysWOW64\ntdll.dll!NtSetValueKey 00000000773901a4 5 bytes JMP 00000001741e2251 .text C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe[1968] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant 000000007739077c 5 bytes JMP 00000001741e6541 .text C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe[1968] C:\Windows\SysWOW64\ntdll.dll!NtCreateProcess 00000000773907f4 5 bytes JMP 00000001741e2d01 .text C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe[1968] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx 0000000077390884 5 bytes JMP 00000001741e2be1 .text C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe[1968] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver 0000000077390dd4 5 bytes JMP 00000001741e5fa1 .text C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe[1968] C:\Windows\SysWOW64\ntdll.dll!NtRaiseHardError 00000000773915e4 5 bytes JMP 00000001741e4651 .text C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe[1968] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread 0000000077391900 5 bytes JMP 00000001741e2fd1 .text C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe[1968] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation 0000000077391bc4 5 bytes JMP 00000001741e6031 .text C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe[1968] C:\Windows\SysWOW64\ntdll.dll!NtSystemDebugControl 0000000077391d6c 5 bytes JMP 00000001741e6781 .text C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe[1968] C:\Windows\SysWOW64\ntdll.dll!NtVdmControl 0000000077391ec8 5 bytes JMP 00000001741e6391 .text C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe[1968] C:\Windows\SysWOW64\ntdll.dll!RtlQueryPerformanceCounter 00000000773a88a4 5 bytes JMP 00000001741e1a71 .text C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe[1968] C:\Windows\SysWOW64\ntdll.dll!RtlCreateProcessParametersEx 00000000773d0cfb 5 bytes JMP 00000001741e1f81 .text C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe[1968] C:\Windows\SysWOW64\ntdll.dll!RtlReportException 000000007741857f 5 bytes JMP 00000001741e46e1 .text C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe[1968] C:\Windows\SysWOW64\ntdll.dll!RtlCreateProcessParameters 000000007741e81b 5 bytes JMP 00000001741e1ef1 .text C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe[1968] C:\Windows\syswow64\kernel32.dll!GetStartupInfoA 00000000764a0e00 5 bytes JMP 00000001741e1d41 .text C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe[1968] C:\Windows\syswow64\kernel32.dll!CreateProcessA 00000000764a1072 5 bytes JMP 00000001741e2911 .text C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe[1968] C:\Windows\syswow64\kernel32.dll!LoadLibraryA 00000000764a49bf 5 bytes JMP 00000001741e2521 .text C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe[1968] C:\Windows\syswow64\kernel32.dll!CreateProcessInternalW 00000000764b3bdb 5 bytes JMP 00000001741e2eb1 .text C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe[1968] C:\Windows\syswow64\kernel32.dll!CreateToolhelp32Snapshot 00000000764c7347 5 bytes JMP 00000001741e2641 .text C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe[1968] C:\Windows\syswow64\kernel32.dll!Process32NextW 00000000764c8954 5 bytes JMP 00000001741e5e81 .text C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe[1968] C:\Windows\syswow64\kernel32.dll!WinExec 0000000076522c91 5 bytes JMP 00000001741e27f1 .text C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe[1968] C:\Windows\syswow64\kernel32.dll!ReadConsoleInputA 0000000076546f6b 5 bytes JMP 00000001741e4261 .text C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe[1968] C:\Windows\syswow64\kernel32.dll!ReadConsoleInputW 0000000076546f8e 5 bytes JMP 00000001741e4381 .text C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe[1968] C:\Windows\syswow64\kernel32.dll!ReadConsoleA 0000000076547339 5 bytes JMP 00000001741e44a1 .text C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe[1968] C:\Windows\syswow64\kernel32.dll!ReadConsoleW 00000000765473b2 5 bytes JMP 00000001741e45c1 .text C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe[1968] C:\Windows\syswow64\KERNELBASE.dll!GetSystemTimeAsFileTime 00000000750d8f7d 5 bytes JMP 00000001741e19e1 .text C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe[1968] C:\Windows\syswow64\KERNELBASE.dll!CloseHandle 00000000750dc428 5 bytes JMP 00000001741e37b1 .text C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe[1968] C:\Windows\syswow64\KERNELBASE.dll!WriteProcessMemory 00000000750dec98 5 bytes JMP 00000001741e32a1 .text C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe[1968] C:\Windows\syswow64\KERNELBASE.dll!ExitProcess 00000000750df1f8 4 bytes JMP 00000001741e22e1 .text C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe[1968] C:\Windows\syswow64\KERNELBASE.dll!GetStartupInfoW 00000000750dfa7b 5 bytes JMP 00000001741e1dd1 .text C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe[1968] C:\Windows\syswow64\KERNELBASE.dll!CreateMutexW 00000000750e134a 5 bytes JMP 00000001741e3721 .text C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe[1968] C:\Windows\syswow64\KERNELBASE.dll!OpenMutexW 00000000750e1371 5 bytes JMP 00000001741e3691 .text C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe[1968] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 00000000750e1d1b 5 bytes JMP 00000001741e1951 .text C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe[1968] C:\Windows\syswow64\KERNELBASE.dll!GetProcAddress 00000000750e1e07 5 bytes JMP 00000001741e2401 .text C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe[1968] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 00000000750e2aa4 5 bytes JMP 00000001741e5a91 .text C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe[1968] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExA 00000000750e2ccc 5 bytes JMP 00000001741e5a01 .text C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe[1968] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 00000000750e2d0a 5 bytes JMP 00000001741e5b21 .text C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe[1968] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleA 00000000750e2e6d 5 bytes JMP 00000001741e18c1 .text C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe[1968] C:\Windows\syswow64\KERNELBASE.dll!SleepEx 00000000750e3b63 5 bytes JMP 00000001741e21c1 .text C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe[1968] C:\Windows\syswow64\KERNELBASE.dll!Sleep 00000000750e4489 5 bytes JMP 00000001741e2371 .text C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe[1968] C:\Windows\syswow64\KERNELBASE.dll!CreateThread 00000000750e45fb 5 bytes JMP 00000001741e3211 .text C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe[1968] C:\Windows\syswow64\KERNELBASE.dll!CreateRemoteThread 00000000750e4624 5 bytes JMP 00000001741e2b51 .text C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe[1968] C:\Windows\syswow64\KERNELBASE.dll!CreateFileA 00000000750ec72c 5 bytes JMP 00000001741e26d1 .text C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe[1968] C:\Windows\syswow64\ADVAPI32.dll!OpenServiceW 0000000076e8ca4c 5 bytes JMP 00000001741e38d1 .text C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe[1968] C:\Windows\syswow64\ADVAPI32.dll!OpenServiceA 0000000076e92bf0 5 bytes JMP 00000001741e3841 .text C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe[1968] C:\Windows\syswow64\ADVAPI32.dll!CloseServiceHandle 0000000076e9369c 5 bytes JMP 00000001741e3cc1 .text C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe[1968] C:\Windows\syswow64\ADVAPI32.dll!RegOpenKeyExA + 222 0000000076e949e5 5 bytes JMP 00000001741e6811 .text C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe[1968] C:\Windows\syswow64\ADVAPI32.dll!CreateServiceW 0000000076ea712c 5 bytes JMP 00000001741e3f01 .text C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe[1968] C:\Windows\syswow64\ADVAPI32.dll!ControlService 0000000076ea7144 5 bytes JMP 00000001741e3a81 .text C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe[1968] C:\Windows\syswow64\ADVAPI32.dll!DeleteService 0000000076ea715c 5 bytes JMP 00000001741e3b11 .text C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe[1968] C:\Windows\syswow64\ADVAPI32.dll!ChangeServiceConfigA 0000000076ec30e8 5 bytes JMP 00000001741e3ba1 .text C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe[1968] C:\Windows\syswow64\ADVAPI32.dll!ChangeServiceConfigW 0000000076ec30f8 5 bytes JMP 00000001741e3c31 .text C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe[1968] C:\Windows\syswow64\ADVAPI32.dll!ControlServiceExA 0000000076ec3108 5 bytes JMP 00000001741e3961 .text C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe[1968] C:\Windows\syswow64\ADVAPI32.dll!ControlServiceExW 0000000076ec3118 5 bytes JMP 00000001741e39f1 .text C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe[1968] C:\Windows\syswow64\ADVAPI32.dll!CreateServiceA 0000000076ec3158 5 bytes JMP 00000001741e3e71 .text C:\Windows\System32\spoolsv.exe[1632] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateProcessParametersEx + 1 00000000771c92a1 5 bytes [B8, F9, 63, C1, 75] .text C:\Windows\System32\spoolsv.exe[1632] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateProcessParametersEx + 7 00000000771c92a7 5 bytes [00, 00, 00, 50, C3] .text C:\Windows\System32\spoolsv.exe[1632] C:\Windows\SYSTEM32\ntdll.dll!NtWriteFile 00000000771e1390 6 bytes [48, B8, 79, EC, C1, 75] .text C:\Windows\System32\spoolsv.exe[1632] C:\Windows\SYSTEM32\ntdll.dll!NtWriteFile + 8 00000000771e1398 4 bytes [00, 00, 50, C3] .text C:\Windows\System32\spoolsv.exe[1632] C:\Windows\SYSTEM32\ntdll.dll!NtClose 00000000771e1400 6 bytes [48, B8, 79, D0, C1, 75] .text C:\Windows\System32\spoolsv.exe[1632] C:\Windows\SYSTEM32\ntdll.dll!NtClose + 8 00000000771e1408 4 bytes [00, 00, 50, C3] .text C:\Windows\System32\spoolsv.exe[1632] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess 00000000771e14d0 6 bytes [48, B8, 39, BD, C1, 75] .text C:\Windows\System32\spoolsv.exe[1632] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess + 8 00000000771e14d8 4 bytes [00, 00, 50, C3] .text C:\Windows\System32\spoolsv.exe[1632] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000771e1570 6 bytes [48, B8, F9, 32, C1, 75] .text C:\Windows\System32\spoolsv.exe[1632] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess + 8 00000000771e1578 4 bytes [00, 00, 50, C3] .text C:\Windows\System32\spoolsv.exe[1632] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 00000000771e1590 6 bytes [48, B8, 39, 1C, C1, 75] .text C:\Windows\System32\spoolsv.exe[1632] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection + 8 00000000771e1598 4 bytes [00, 00, 50, C3] .text C:\Windows\System32\spoolsv.exe[1632] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection 00000000771e15b0 6 bytes [48, B8, F9, 1D, C1, 75] .text C:\Windows\System32\spoolsv.exe[1632] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection + 8 00000000771e15b8 4 bytes [00, 00, 50, C3] .text C:\Windows\System32\spoolsv.exe[1632] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000771e15d0 6 bytes [48, B8, 79, BB, C1, 75] .text C:\Windows\System32\spoolsv.exe[1632] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess + 8 00000000771e15d8 4 bytes [00, 00, 50, C3] .text C:\Windows\System32\spoolsv.exe[1632] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000771e1680 6 bytes [48, B8, F9, E8, C1, 75] .text C:\Windows\System32\spoolsv.exe[1632] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection + 8 00000000771e1688 4 bytes [00, 00, 50, C3] .text C:\Windows\System32\spoolsv.exe[1632] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000771e16b0 6 bytes [48, B8, 79, 2F, C1, 75] .text C:\Windows\System32\spoolsv.exe[1632] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory + 8 00000000771e16b8 4 bytes [00, 00, 50, C3] .text C:\Windows\System32\spoolsv.exe[1632] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000771e16d0 6 bytes [48, B8, 79, 36, C1, 75] .text C:\Windows\System32\spoolsv.exe[1632] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject + 8 00000000771e16d8 4 bytes [00, 00, 50, C3] .text C:\Windows\System32\spoolsv.exe[1632] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 00000000771e1760 6 bytes [48, B8, B9, 34, C1, 75] .text C:\Windows\System32\spoolsv.exe[1632] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread + 8 00000000771e1768 4 bytes [00, 00, 50, C3] .text C:\Windows\System32\spoolsv.exe[1632] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000771e17b0 6 bytes [48, B8, 39, EE, C1, 75] .text C:\Windows\System32\spoolsv.exe[1632] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection + 8 00000000771e17b8 4 bytes [00, 00, 50, C3] .text C:\Windows\System32\spoolsv.exe[1632] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcessEx 00000000771e17e0 6 bytes [48, B8, 39, 2A, C1, 75] .text C:\Windows\System32\spoolsv.exe[1632] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcessEx + 8 00000000771e17e8 4 bytes [00, 00, 50, C3] .text C:\Windows\System32\spoolsv.exe[1632] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000771e17f0 6 bytes [48, B8, B9, 26, C1, 75] .text C:\Windows\System32\spoolsv.exe[1632] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread + 8 00000000771e17f8 4 bytes [00, 00, 50, C3] .text C:\Windows\System32\spoolsv.exe[1632] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 00000000771e1860 6 bytes [48, B8, B9, EA, C1, 75] .text C:\Windows\System32\spoolsv.exe[1632] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile + 8 00000000771e1868 4 bytes [00, 00, 50, C3] .text C:\Windows\System32\spoolsv.exe[1632] C:\Windows\SYSTEM32\ntdll.dll!NtSetValueKey 00000000771e1910 6 bytes [48, B8, B9, F1, C1, 75] .text C:\Windows\System32\spoolsv.exe[1632] C:\Windows\SYSTEM32\ntdll.dll!NtSetValueKey + 8 00000000771e1918 4 bytes [00, 00, 50, C3] .text C:\Windows\System32\spoolsv.exe[1632] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000771e1ce0 6 bytes [48, B8, 39, E7, C1, 75] .text C:\Windows\System32\spoolsv.exe[1632] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant + 8 00000000771e1ce8 4 bytes [00, 00, 50, C3] .text C:\Windows\System32\spoolsv.exe[1632] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcess 00000000771e1d30 6 bytes [48, B8, 79, 28, C1, 75] .text C:\Windows\System32\spoolsv.exe[1632] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcess + 8 00000000771e1d38 4 bytes [00, 00, 50, C3] .text C:\Windows\System32\spoolsv.exe[1632] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000771e1d90 6 bytes [48, B8, F9, 24, C1, 75] .text C:\Windows\System32\spoolsv.exe[1632] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx + 8 00000000771e1d98 4 bytes [00, 00, 50, C3] .text C:\Windows\System32\spoolsv.exe[1632] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000771e2100 6 bytes [48, B8, 39, D2, C1, 75] .text C:\Windows\System32\spoolsv.exe[1632] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver + 8 00000000771e2108 4 bytes [00, 00, 50, C3] .text C:\Windows\System32\spoolsv.exe[1632] C:\Windows\SYSTEM32\ntdll.dll!NtRaiseHardError 00000000771e2640 6 bytes [48, B8, 39, 7E, C1, 75] .text C:\Windows\System32\spoolsv.exe[1632] C:\Windows\SYSTEM32\ntdll.dll!NtRaiseHardError + 8 00000000771e2648 4 bytes [00, 00, 50, C3] .text C:\Windows\System32\spoolsv.exe[1632] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000771e2840 6 bytes [48, B8, 39, 31, C1, 75] .text C:\Windows\System32\spoolsv.exe[1632] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread + 8 00000000771e2848 4 bytes [00, 00, 50, C3] .text C:\Windows\System32\spoolsv.exe[1632] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000771e2a00 6 bytes [48, B8, F9, D3, C1, 75] .text C:\Windows\System32\spoolsv.exe[1632] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation + 8 00000000771e2a08 4 bytes [00, 00, 50, C3] .text C:\Windows\System32\spoolsv.exe[1632] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000771e2b00 6 bytes [48, B8, F9, EF, C1, 75] .text C:\Windows\System32\spoolsv.exe[1632] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl + 8 00000000771e2b08 4 bytes [00, 00, 50, C3] .text C:\Windows\System32\spoolsv.exe[1632] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000771e2be0 6 bytes [48, B8, F9, E1, C1, 75] .text C:\Windows\System32\spoolsv.exe[1632] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl + 8 00000000771e2be8 4 bytes [00, 00, 50, C3] .text C:\Windows\System32\spoolsv.exe[1632] C:\Windows\SYSTEM32\ntdll.dll!RtlReportException + 1 00000000772531f1 11 bytes [B8, F9, 7F, C1, 75, 00, 00, ...] .text C:\Windows\System32\spoolsv.exe[1632] C:\Windows\system32\kernel32.dll!Process32NextW + 1 00000000770720f1 11 bytes [B8, B9, CE, C1, 75, 00, 00, ...] .text C:\Windows\System32\spoolsv.exe[1632] C:\Windows\system32\kernel32.dll!CreateToolhelp32Snapshot 00000000770721e0 12 bytes [48, B8, F9, 39, C1, 75, 00, ...] .text C:\Windows\System32\spoolsv.exe[1632] C:\Windows\system32\kernel32.dll!CreateProcessInternalW 000000007708e750 12 bytes [48, B8, B9, 2D, C1, 75, 00, ...] .text C:\Windows\System32\spoolsv.exe[1632] C:\Windows\system32\kernel32.dll!GetStartupInfoA + 1 0000000077091e31 11 bytes [B8, 39, E0, C1, 75, 00, 00, ...] .text C:\Windows\System32\spoolsv.exe[1632] C:\Windows\system32\kernel32.dll!ReadConsoleInputW + 1 00000000770c5011 11 bytes [B8, 79, 75, C1, 75, 00, 00, ...] .text C:\Windows\System32\spoolsv.exe[1632] C:\Windows\system32\kernel32.dll!ReadConsoleInputA + 1 00000000770c5031 11 bytes [B8, F9, 71, C1, 75, 00, 00, ...] .text C:\Windows\System32\spoolsv.exe[1632] C:\Windows\system32\kernel32.dll!ReadConsoleW 00000000770da560 12 bytes [48, B8, 79, 7C, C1, 75, 00, ...] .text C:\Windows\System32\spoolsv.exe[1632] C:\Windows\system32\kernel32.dll!ReadConsoleA 00000000770da670 12 bytes [48, B8, F9, 78, C1, 75, 00, ...] .text C:\Windows\System32\spoolsv.exe[1632] C:\Windows\system32\KERNELBASE.dll!CloseHandle + 1 000007fefd441861 11 bytes [B8, 39, 4D, C1, 75, 00, 00, ...] .text C:\Windows\System32\spoolsv.exe[1632] C:\Windows\system32\KERNELBASE.dll!GetProcAddress + 1 000007fefd4430f1 11 bytes [B8, 39, C4, C1, 75, 00, 00, ...] .text C:\Windows\System32\spoolsv.exe[1632] C:\Windows\system32\KERNELBASE.dll!CreateMutexW 000007fefd448b80 12 bytes [48, B8, 79, 4B, C1, 75, 00, ...] .text C:\Windows\System32\spoolsv.exe[1632] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd449940 12 bytes [48, B8, B9, C0, C1, 75, 00, ...] .text C:\Windows\System32\spoolsv.exe[1632] C:\Windows\system32\KERNELBASE.dll!FreeLibrary + 1 000007fefd449fb1 11 bytes [B8, 79, C2, C1, 75, 00, 00, ...] .text C:\Windows\System32\spoolsv.exe[1632] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExA + 1 000007fefd44bbb1 11 bytes [B8, F9, BE, C1, 75, 00, 00, ...] .text C:\Windows\System32\spoolsv.exe[1632] C:\Windows\system32\KERNELBASE.dll!OpenMutexW + 1 000007fefd4529c1 11 bytes [B8, B9, 49, C1, 75, 00, 00, ...] .text C:\Windows\System32\spoolsv.exe[1632] C:\Windows\system32\KERNELBASE.dll!WriteProcessMemory 000007fefd474320 12 bytes [48, B8, 79, 3D, C1, 75, 00, ...] .text C:\Windows\System32\spoolsv.exe[1632] C:\Windows\system32\KERNELBASE.dll!CreateRemoteThread + 1 000007fefd482841 8 bytes [B8, 39, 23, C1, 75, 00, 00, ...] .text C:\Windows\System32\spoolsv.exe[1632] C:\Windows\system32\KERNELBASE.dll!CreateRemoteThread + 10 000007fefd48284a 2 bytes [50, C3] .text C:\Windows\System32\spoolsv.exe[1632] C:\Windows\system32\KERNELBASE.dll!CreateThread + 1 000007fefd482881 11 bytes [B8, B9, 3B, C1, 75, 00, 00, ...] .text C:\Windows\system32\svchost.exe[1816] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateProcessParametersEx + 1 00000000771c92a1 5 bytes [B8, F9, 63, C1, 75] .text C:\Windows\system32\svchost.exe[1816] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateProcessParametersEx + 7 00000000771c92a7 5 bytes [00, 00, 00, 50, C3] .text C:\Windows\system32\svchost.exe[1816] C:\Windows\SYSTEM32\ntdll.dll!NtWriteFile 00000000771e1390 6 bytes [48, B8, 39, E7, C1, 75] .text C:\Windows\system32\svchost.exe[1816] C:\Windows\SYSTEM32\ntdll.dll!NtWriteFile + 8 00000000771e1398 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\svchost.exe[1816] C:\Windows\SYSTEM32\ntdll.dll!NtClose 00000000771e1400 6 bytes [48, B8, 79, D0, C1, 75] .text C:\Windows\system32\svchost.exe[1816] C:\Windows\SYSTEM32\ntdll.dll!NtClose + 8 00000000771e1408 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\svchost.exe[1816] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess 00000000771e14d0 6 bytes [48, B8, 39, BD, C1, 75] .text C:\Windows\system32\svchost.exe[1816] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess + 8 00000000771e14d8 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\svchost.exe[1816] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000771e1570 6 bytes [48, B8, F9, 32, C1, 75] .text C:\Windows\system32\svchost.exe[1816] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess + 8 00000000771e1578 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\svchost.exe[1816] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 00000000771e1590 6 bytes [48, B8, 39, 1C, C1, 75] .text C:\Windows\system32\svchost.exe[1816] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection + 8 00000000771e1598 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\svchost.exe[1816] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection 00000000771e15b0 6 bytes [48, B8, F9, 1D, C1, 75] .text C:\Windows\system32\svchost.exe[1816] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection + 8 00000000771e15b8 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\svchost.exe[1816] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000771e15d0 6 bytes [48, B8, 79, BB, C1, 75] .text C:\Windows\system32\svchost.exe[1816] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess + 8 00000000771e15d8 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\svchost.exe[1816] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000771e1680 6 bytes [48, B8, B9, E3, C1, 75] .text C:\Windows\system32\svchost.exe[1816] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection + 8 00000000771e1688 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\svchost.exe[1816] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000771e16b0 6 bytes [48, B8, 79, 2F, C1, 75] .text C:\Windows\system32\svchost.exe[1816] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory + 8 00000000771e16b8 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\svchost.exe[1816] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000771e16d0 6 bytes [48, B8, 79, 36, C1, 75] .text C:\Windows\system32\svchost.exe[1816] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject + 8 00000000771e16d8 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\svchost.exe[1816] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 00000000771e1760 6 bytes [48, B8, B9, 34, C1, 75] .text C:\Windows\system32\svchost.exe[1816] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread + 8 00000000771e1768 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\svchost.exe[1816] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000771e17b0 6 bytes [48, B8, F9, E8, C1, 75] .text C:\Windows\system32\svchost.exe[1816] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection + 8 00000000771e17b8 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\svchost.exe[1816] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcessEx 00000000771e17e0 6 bytes [48, B8, 39, 2A, C1, 75] .text C:\Windows\system32\svchost.exe[1816] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcessEx + 8 00000000771e17e8 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\svchost.exe[1816] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000771e17f0 6 bytes [48, B8, B9, 26, C1, 75] .text C:\Windows\system32\svchost.exe[1816] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread + 8 00000000771e17f8 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\svchost.exe[1816] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 00000000771e1860 6 bytes [48, B8, 79, E5, C1, 75] .text C:\Windows\system32\svchost.exe[1816] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile + 8 00000000771e1868 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\svchost.exe[1816] C:\Windows\SYSTEM32\ntdll.dll!NtSetValueKey 00000000771e1910 6 bytes [48, B8, 79, EC, C1, 75] .text C:\Windows\system32\svchost.exe[1816] C:\Windows\SYSTEM32\ntdll.dll!NtSetValueKey + 8 00000000771e1918 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\svchost.exe[1816] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000771e1ce0 6 bytes [48, B8, F9, E1, C1, 75] .text C:\Windows\system32\svchost.exe[1816] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant + 8 00000000771e1ce8 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\svchost.exe[1816] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcess 00000000771e1d30 6 bytes [48, B8, 79, 28, C1, 75] .text C:\Windows\system32\svchost.exe[1816] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcess + 8 00000000771e1d38 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\svchost.exe[1816] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000771e1d90 6 bytes [48, B8, F9, 24, C1, 75] .text C:\Windows\system32\svchost.exe[1816] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx + 8 00000000771e1d98 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\svchost.exe[1816] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000771e2100 6 bytes [48, B8, 39, D2, C1, 75] .text C:\Windows\system32\svchost.exe[1816] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver + 8 00000000771e2108 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\svchost.exe[1816] C:\Windows\SYSTEM32\ntdll.dll!NtRaiseHardError 00000000771e2640 6 bytes [48, B8, 39, 7E, C1, 75] .text C:\Windows\system32\svchost.exe[1816] C:\Windows\SYSTEM32\ntdll.dll!NtRaiseHardError + 8 00000000771e2648 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\svchost.exe[1816] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000771e2840 6 bytes [48, B8, 39, 31, C1, 75] .text C:\Windows\system32\svchost.exe[1816] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread + 8 00000000771e2848 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\svchost.exe[1816] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000771e2a00 6 bytes [48, B8, F9, D3, C1, 75] .text C:\Windows\system32\svchost.exe[1816] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation + 8 00000000771e2a08 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\svchost.exe[1816] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000771e2b00 6 bytes [48, B8, B9, EA, C1, 75] .text C:\Windows\system32\svchost.exe[1816] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl + 8 00000000771e2b08 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\svchost.exe[1816] C:\Windows\SYSTEM32\ntdll.dll!RtlReportException + 1 00000000772531f1 11 bytes [B8, F9, 7F, C1, 75, 00, 00, ...] .text C:\Windows\system32\svchost.exe[1816] C:\Windows\system32\kernel32.dll!Process32NextW + 1 00000000770720f1 11 bytes [B8, B9, CE, C1, 75, 00, 00, ...] .text C:\Windows\system32\svchost.exe[1816] C:\Windows\system32\kernel32.dll!CreateToolhelp32Snapshot 00000000770721e0 12 bytes [48, B8, F9, 39, C1, 75, 00, ...] .text C:\Windows\system32\svchost.exe[1816] C:\Windows\system32\kernel32.dll!CreateProcessInternalW 000000007708e750 12 bytes [48, B8, B9, 2D, C1, 75, 00, ...] .text C:\Windows\system32\svchost.exe[1816] C:\Windows\system32\kernel32.dll!GetStartupInfoA + 1 0000000077091e31 11 bytes [B8, 39, E0, C1, 75, 00, 00, ...] .text C:\Windows\system32\svchost.exe[1816] C:\Windows\system32\kernel32.dll!ReadConsoleInputW + 1 00000000770c5011 11 bytes [B8, 79, 75, C1, 75, 00, 00, ...] .text C:\Windows\system32\svchost.exe[1816] C:\Windows\system32\kernel32.dll!ReadConsoleInputA + 1 00000000770c5031 11 bytes [B8, F9, 71, C1, 75, 00, 00, ...] .text C:\Windows\system32\svchost.exe[1816] C:\Windows\system32\kernel32.dll!ReadConsoleW 00000000770da560 12 bytes [48, B8, 79, 7C, C1, 75, 00, ...] .text C:\Windows\system32\svchost.exe[1816] C:\Windows\system32\kernel32.dll!ReadConsoleA 00000000770da670 12 bytes [48, B8, F9, 78, C1, 75, 00, ...] .text C:\Windows\system32\svchost.exe[1816] C:\Windows\system32\KERNELBASE.dll!CloseHandle + 1 000007fefd441861 11 bytes [B8, 39, 4D, C1, 75, 00, 00, ...] .text C:\Windows\system32\svchost.exe[1816] C:\Windows\system32\KERNELBASE.dll!GetProcAddress + 1 000007fefd4430f1 11 bytes [B8, 39, C4, C1, 75, 00, 00, ...] .text C:\Windows\system32\svchost.exe[1816] C:\Windows\system32\KERNELBASE.dll!CreateMutexW 000007fefd448b80 12 bytes [48, B8, 79, 4B, C1, 75, 00, ...] .text C:\Windows\system32\svchost.exe[1816] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd449940 12 bytes [48, B8, B9, C0, C1, 75, 00, ...] .text C:\Windows\system32\svchost.exe[1816] C:\Windows\system32\KERNELBASE.dll!FreeLibrary + 1 000007fefd449fb1 11 bytes [B8, 79, C2, C1, 75, 00, 00, ...] .text C:\Windows\system32\svchost.exe[1816] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExA + 1 000007fefd44bbb1 11 bytes [B8, F9, BE, C1, 75, 00, 00, ...] .text C:\Windows\system32\svchost.exe[1816] C:\Windows\system32\KERNELBASE.dll!OpenMutexW + 1 000007fefd4529c1 11 bytes [B8, B9, 49, C1, 75, 00, 00, ...] .text C:\Windows\system32\svchost.exe[1816] C:\Windows\system32\KERNELBASE.dll!WriteProcessMemory 000007fefd474320 12 bytes [48, B8, 79, 3D, C1, 75, 00, ...] .text C:\Windows\system32\svchost.exe[1816] C:\Windows\system32\KERNELBASE.dll!CreateRemoteThread + 1 000007fefd482841 8 bytes [B8, 39, 23, C1, 75, 00, 00, ...] .text C:\Windows\system32\svchost.exe[1816] C:\Windows\system32\KERNELBASE.dll!CreateRemoteThread + 10 000007fefd48284a 2 bytes [50, C3] .text C:\Windows\system32\svchost.exe[1816] C:\Windows\system32\KERNELBASE.dll!CreateThread + 1 000007fefd482881 11 bytes [B8, B9, 3B, C1, 75, 00, 00, ...] .text C:\Windows\system32\svchost.exe[1816] C:\Windows\system32\WS2_32.dll!WSASend + 1 000007fefe5a13b1 11 bytes [B8, B9, B9, C1, 75, 00, 00, ...] .text C:\Windows\system32\svchost.exe[1816] C:\Windows\system32\WS2_32.dll!closesocket 000007fefe5a18e0 12 bytes [48, B8, F9, B7, C1, 75, 00, ...] .text C:\Windows\system32\svchost.exe[1816] C:\Windows\system32\WS2_32.dll!WSASocketW + 1 000007fefe5a1bd1 11 bytes [B8, 39, B6, C1, 75, 00, 00, ...] .text C:\Windows\system32\svchost.exe[1816] C:\Windows\system32\WS2_32.dll!WSARecv + 1 000007fefe5a2201 11 bytes [B8, B9, DC, C1, 75, 00, 00, ...] .text C:\Windows\system32\svchost.exe[1816] C:\Windows\system32\WS2_32.dll!GetAddrInfoW 000007fefe5a23c0 12 bytes [48, B8, 39, A1, C1, 75, 00, ...] .text C:\Windows\system32\svchost.exe[1816] C:\Windows\system32\WS2_32.dll!connect 000007fefe5a45c0 12 bytes [48, B8, 39, 62, C1, 75, 00, ...] .text C:\Windows\system32\svchost.exe[1816] C:\Windows\system32\WS2_32.dll!send + 1 000007fefe5a8001 11 bytes [B8, 79, B4, C1, 75, 00, 00, ...] .text C:\Windows\system32\svchost.exe[1816] C:\Windows\system32\WS2_32.dll!gethostbyname 000007fefe5a8df0 7 bytes [48, B8, F9, A2, C1, 75, 00] .text C:\Windows\system32\svchost.exe[1816] C:\Windows\system32\WS2_32.dll!gethostbyname + 9 000007fefe5a8df9 3 bytes [00, 50, C3] .text C:\Windows\system32\svchost.exe[1816] C:\Windows\system32\WS2_32.dll!socket + 1 000007fefe5ade91 11 bytes [B8, B9, D5, C1, 75, 00, 00, ...] .text C:\Windows\system32\svchost.exe[1816] C:\Windows\system32\WS2_32.dll!recv + 1 000007fefe5adf41 11 bytes [B8, F9, DA, C1, 75, 00, 00, ...] .text C:\Windows\system32\svchost.exe[1816] C:\Windows\system32\WS2_32.dll!WSAConnect + 1 000007fefe5ce0f1 11 bytes [B8, 39, D9, C1, 75, 00, 00, ...] .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[2188] C:\Windows\SysWOW64\ntdll.dll!NtWriteFile 000000007738f908 5 bytes JMP 00000001741e6661 .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[2188] C:\Windows\SysWOW64\ntdll.dll!NtClose 000000007738f9c0 5 bytes JMP 00000001741e5f11 .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[2188] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationProcess 000000007738fb08 5 bytes JMP 00000001741e5971 .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[2188] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess 000000007738fc00 5 bytes JMP 00000001741e3061 .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[2188] C:\Windows\SysWOW64\ntdll.dll!NtMapViewOfSection 000000007738fc30 5 bytes JMP 00000001741e15f1 .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[2188] C:\Windows\SysWOW64\ntdll.dll!NtUnmapViewOfSection 000000007738fc60 5 bytes JMP 00000001741e1681 .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[2188] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 000000007738fc90 5 bytes JMP 00000001741e58e1 .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[2188] C:\Windows\SysWOW64\ntdll.dll!NtOpenSection 000000007738fda8 5 bytes JMP 00000001741e65d1 .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[2188] C:\Windows\SysWOW64\ntdll.dll!NtWriteVirtualMemory 000000007738fdf4 5 bytes JMP 00000001741e2f41 .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[2188] C:\Windows\SysWOW64\ntdll.dll!NtDuplicateObject 000000007738fe24 5 bytes JMP 00000001741e3181 .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[2188] C:\Windows\SysWOW64\ntdll.dll!NtQueueApcThread 000000007738ff04 5 bytes JMP 00000001741e30f1 .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[2188] C:\Windows\SysWOW64\ntdll.dll!NtCreateSection 000000007738ff84 5 bytes JMP 00000001741e66f1 .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[2188] C:\Windows\SysWOW64\ntdll.dll!NtCreateProcessEx 000000007738ffcc 5 bytes JMP 00000001741e2d91 .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[2188] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread 000000007738ffe4 5 bytes JMP 00000001741e2c71 .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[2188] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile 0000000077390094 5 bytes JMP 00000001741e1e61 .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[2188] C:\Windows\SysWOW64\ntdll.dll!NtSetValueKey 00000000773901a4 5 bytes JMP 00000001741e2251 .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[2188] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant 000000007739077c 5 bytes JMP 00000001741e6541 .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[2188] C:\Windows\SysWOW64\ntdll.dll!NtCreateProcess 00000000773907f4 5 bytes JMP 00000001741e2d01 .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[2188] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx 0000000077390884 5 bytes JMP 00000001741e2be1 .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[2188] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver 0000000077390dd4 5 bytes JMP 00000001741e5fa1 .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[2188] C:\Windows\SysWOW64\ntdll.dll!NtRaiseHardError 00000000773915e4 5 bytes JMP 00000001741e4651 .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[2188] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread 0000000077391900 5 bytes JMP 00000001741e2fd1 .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[2188] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation 0000000077391bc4 5 bytes JMP 00000001741e6031 .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[2188] C:\Windows\SysWOW64\ntdll.dll!NtSystemDebugControl 0000000077391d6c 5 bytes JMP 00000001741e6781 .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[2188] C:\Windows\SysWOW64\ntdll.dll!NtVdmControl 0000000077391ec8 5 bytes JMP 00000001741e6391 .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[2188] C:\Windows\SysWOW64\ntdll.dll!RtlQueryPerformanceCounter 00000000773a88a4 5 bytes JMP 00000001741e1a71 .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[2188] C:\Windows\SysWOW64\ntdll.dll!RtlCreateProcessParametersEx 00000000773d0cfb 5 bytes JMP 00000001741e1f81 .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[2188] C:\Windows\SysWOW64\ntdll.dll!RtlReportException 000000007741857f 5 bytes JMP 00000001741e46e1 .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[2188] C:\Windows\SysWOW64\ntdll.dll!RtlCreateProcessParameters 000000007741e81b 5 bytes JMP 00000001741e1ef1 .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[2188] C:\Windows\syswow64\kernel32.dll!GetStartupInfoA 00000000764a0e00 5 bytes JMP 00000001741e1d41 .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[2188] C:\Windows\syswow64\kernel32.dll!CreateProcessA 00000000764a1072 5 bytes JMP 00000001741e2911 .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[2188] C:\Windows\syswow64\kernel32.dll!LoadLibraryA 00000000764a49bf 5 bytes JMP 00000001741e2521 .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[2188] C:\Windows\syswow64\kernel32.dll!CreateProcessInternalW 00000000764b3bdb 5 bytes JMP 00000001741e2eb1 .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[2188] C:\Windows\syswow64\kernel32.dll!CreateToolhelp32Snapshot 00000000764c7347 5 bytes JMP 00000001741e2641 .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[2188] C:\Windows\syswow64\kernel32.dll!Process32NextW 00000000764c8954 5 bytes JMP 00000001741e5e81 .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[2188] C:\Windows\syswow64\kernel32.dll!WinExec 0000000076522c91 5 bytes JMP 00000001741e27f1 .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[2188] C:\Windows\syswow64\kernel32.dll!ReadConsoleInputA 0000000076546f6b 5 bytes JMP 00000001741e4261 .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[2188] C:\Windows\syswow64\kernel32.dll!ReadConsoleInputW 0000000076546f8e 5 bytes JMP 00000001741e4381 .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[2188] C:\Windows\syswow64\kernel32.dll!ReadConsoleA 0000000076547339 5 bytes JMP 00000001741e44a1 .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[2188] C:\Windows\syswow64\kernel32.dll!ReadConsoleW 00000000765473b2 5 bytes JMP 00000001741e45c1 .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[2188] C:\Windows\syswow64\KERNELBASE.dll!GetSystemTimeAsFileTime 00000000750d8f7d 5 bytes JMP 00000001741e19e1 .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[2188] C:\Windows\syswow64\KERNELBASE.dll!CloseHandle 00000000750dc428 5 bytes JMP 00000001741e37b1 .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[2188] C:\Windows\syswow64\KERNELBASE.dll!WriteProcessMemory 00000000750dec98 5 bytes JMP 00000001741e32a1 .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[2188] C:\Windows\syswow64\KERNELBASE.dll!ExitProcess 00000000750df1f8 4 bytes JMP 00000001741e22e1 .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[2188] C:\Windows\syswow64\KERNELBASE.dll!GetStartupInfoW 00000000750dfa7b 5 bytes JMP 00000001741e1dd1 .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[2188] C:\Windows\syswow64\KERNELBASE.dll!CreateMutexW 00000000750e134a 5 bytes JMP 00000001741e3721 .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[2188] C:\Windows\syswow64\KERNELBASE.dll!OpenMutexW 00000000750e1371 5 bytes JMP 00000001741e3691 .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[2188] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 00000000750e1d1b 5 bytes JMP 00000001741e1951 .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[2188] C:\Windows\syswow64\KERNELBASE.dll!GetProcAddress 00000000750e1e07 5 bytes JMP 00000001741e2401 .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[2188] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 00000000750e2aa4 5 bytes JMP 00000001741e5a91 .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[2188] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExA 00000000750e2ccc 5 bytes JMP 00000001741e5a01 .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[2188] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 00000000750e2d0a 5 bytes JMP 00000001741e5b21 .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[2188] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleA 00000000750e2e6d 5 bytes JMP 00000001741e18c1 .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[2188] C:\Windows\syswow64\KERNELBASE.dll!SleepEx 00000000750e3b63 5 bytes JMP 00000001741e21c1 .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[2188] C:\Windows\syswow64\KERNELBASE.dll!Sleep 00000000750e4489 5 bytes JMP 00000001741e2371 .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[2188] C:\Windows\syswow64\KERNELBASE.dll!CreateThread 00000000750e45fb 5 bytes JMP 00000001741e3211 .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[2188] C:\Windows\syswow64\KERNELBASE.dll!CreateRemoteThread 00000000750e4624 5 bytes JMP 00000001741e2b51 .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[2188] C:\Windows\syswow64\KERNELBASE.dll!CreateFileA 00000000750ec72c 5 bytes JMP 00000001741e26d1 .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[2188] C:\Windows\syswow64\USER32.dll!GetMessageW 00000000767a78e2 5 bytes JMP 00000001741e4021 .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[2188] C:\Windows\syswow64\USER32.dll!GetMessageA 00000000767a7bd3 5 bytes JMP 00000001741e3f91 .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[2188] C:\Windows\syswow64\USER32.dll!CreateWindowExW 00000000767a8a29 5 bytes JMP 00000001741e52b1 .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[2188] C:\Windows\syswow64\USER32.dll!FindWindowW 00000000767a98fd 5 bytes JMP 00000001741e5cd1 .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[2188] C:\Windows\syswow64\USER32.dll!UserClientDllInitialize 00000000767ab6ed 5 bytes JMP 00000001741e6811 .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[2188] C:\Windows\syswow64\USER32.dll!CreateWindowExA 00000000767ad22e 5 bytes JMP 00000001741e5341 .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[2188] C:\Windows\syswow64\USER32.dll!FindWindowA 00000000767affe6 5 bytes JMP 00000001741e5bb1 .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[2188] C:\Windows\syswow64\USER32.dll!FindWindowExA 00000000767b00d9 5 bytes JMP 00000001741e5c41 .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[2188] C:\Windows\syswow64\USER32.dll!PeekMessageW 00000000767b05ba 5 bytes JMP 00000001741e4141 .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[2188] C:\Windows\syswow64\USER32.dll!ShowWindow 00000000767b0dfb 5 bytes JMP 00000001741e53d1 .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[2188] C:\Windows\syswow64\USER32.dll!PostMessageW 00000000767b12a5 5 bytes JMP 00000001741e64b1 .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[2188] C:\Windows\syswow64\USER32.dll!SetWindowTextW 00000000767b20ec 5 bytes JMP 00000001741e5731 .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[2188] C:\Windows\syswow64\USER32.dll!PostMessageA 00000000767b3baa 5 bytes JMP 00000001741e6421 .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[2188] C:\Windows\syswow64\USER32.dll!PeekMessageA 00000000767b5f74 5 bytes JMP 00000001741e40b1 .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[2188] C:\Windows\syswow64\USER32.dll!CallNextHookEx 00000000767b6285 5 bytes JMP 00000001741e4771 .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[2188] C:\Windows\syswow64\USER32.dll!SetWindowsHookExW 00000000767b7603 5 bytes JMP 00000001741e2ac1 .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[2188] C:\Windows\syswow64\USER32.dll!SetWindowTextA 00000000767b7aee 5 bytes JMP 00000001741e56a1 .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[2188] C:\Windows\syswow64\USER32.dll!SetWindowsHookExA 00000000767b835c 5 bytes JMP 00000001741e2a31 .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[2188] C:\Windows\syswow64\USER32.dll!DialogBoxIndirectParamAorW 00000000767cce54 5 bytes JMP 00000001741e54f1 .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[2188] C:\Windows\syswow64\USER32.dll!UnhookWindowsHookEx 00000000767cf52b 5 bytes JMP 00000001741e4801 .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[2188] C:\Windows\syswow64\USER32.dll!FindWindowExW 00000000767cf588 5 bytes JMP 00000001741e5d61 .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[2188] C:\Windows\syswow64\USER32.dll!CreateDialogIndirectParamAorW 00000000767d10a0 5 bytes JMP 00000001741e5461 .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[2188] C:\Windows\syswow64\USER32.dll!MessageBoxExA 00000000767ffcd6 5 bytes JMP 00000001741e5581 .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[2188] C:\Windows\syswow64\USER32.dll!MessageBoxExW 00000000767ffcfa 5 bytes JMP 00000001741e5611 .text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[2212] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateProcessParametersEx + 1 00000000771c92a1 5 bytes [B8, F9, 63, C1, 75] .text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[2212] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateProcessParametersEx + 7 00000000771c92a7 5 bytes [00, 00, 00, 50, C3] .text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[2212] C:\Windows\SYSTEM32\ntdll.dll!NtWriteFile 00000000771e1390 6 bytes [48, B8, 79, EC, C1, 75] .text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[2212] C:\Windows\SYSTEM32\ntdll.dll!NtWriteFile + 8 00000000771e1398 4 bytes [00, 00, 50, C3] .text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[2212] C:\Windows\SYSTEM32\ntdll.dll!NtClose 00000000771e1400 6 bytes [48, B8, 79, D0, C1, 75] .text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[2212] C:\Windows\SYSTEM32\ntdll.dll!NtClose + 8 00000000771e1408 4 bytes [00, 00, 50, C3] .text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[2212] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess 00000000771e14d0 6 bytes [48, B8, 39, BD, C1, 75] .text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[2212] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess + 8 00000000771e14d8 4 bytes [00, 00, 50, C3] .text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[2212] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000771e1570 6 bytes [48, B8, F9, 32, C1, 75] .text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[2212] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess + 8 00000000771e1578 4 bytes [00, 00, 50, C3] .text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[2212] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 00000000771e1590 6 bytes [48, B8, 39, 1C, C1, 75] .text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[2212] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection + 8 00000000771e1598 4 bytes [00, 00, 50, C3] .text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[2212] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection 00000000771e15b0 6 bytes [48, B8, F9, 1D, C1, 75] .text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[2212] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection + 8 00000000771e15b8 4 bytes [00, 00, 50, C3] .text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[2212] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000771e15d0 6 bytes [48, B8, 79, BB, C1, 75] .text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[2212] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess + 8 00000000771e15d8 4 bytes [00, 00, 50, C3] .text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[2212] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000771e1680 6 bytes [48, B8, F9, E8, C1, 75] .text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[2212] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection + 8 00000000771e1688 4 bytes [00, 00, 50, C3] .text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[2212] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000771e16b0 6 bytes [48, B8, 79, 2F, C1, 75] .text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[2212] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory + 8 00000000771e16b8 4 bytes [00, 00, 50, C3] .text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[2212] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000771e16d0 6 bytes [48, B8, 79, 36, C1, 75] .text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[2212] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject + 8 00000000771e16d8 4 bytes [00, 00, 50, C3] .text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[2212] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 00000000771e1760 6 bytes [48, B8, B9, 34, C1, 75] .text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[2212] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread + 8 00000000771e1768 4 bytes [00, 00, 50, C3] .text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[2212] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000771e17b0 6 bytes [48, B8, 39, EE, C1, 75] .text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[2212] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection + 8 00000000771e17b8 4 bytes [00, 00, 50, C3] .text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[2212] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcessEx 00000000771e17e0 6 bytes [48, B8, 39, 2A, C1, 75] .text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[2212] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcessEx + 8 00000000771e17e8 4 bytes [00, 00, 50, C3] .text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[2212] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000771e17f0 6 bytes [48, B8, B9, 26, C1, 75] .text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[2212] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread + 8 00000000771e17f8 4 bytes [00, 00, 50, C3] .text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[2212] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 00000000771e1860 6 bytes [48, B8, B9, EA, C1, 75] .text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[2212] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile + 8 00000000771e1868 4 bytes [00, 00, 50, C3] .text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[2212] C:\Windows\SYSTEM32\ntdll.dll!NtSetValueKey 00000000771e1910 6 bytes [48, B8, B9, F1, C1, 75] .text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[2212] C:\Windows\SYSTEM32\ntdll.dll!NtSetValueKey + 8 00000000771e1918 4 bytes [00, 00, 50, C3] .text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[2212] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000771e1ce0 6 bytes [48, B8, 39, E7, C1, 75] .text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[2212] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant + 8 00000000771e1ce8 4 bytes [00, 00, 50, C3] .text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[2212] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcess 00000000771e1d30 6 bytes [48, B8, 79, 28, C1, 75] .text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[2212] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcess + 8 00000000771e1d38 4 bytes [00, 00, 50, C3] .text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[2212] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000771e1d90 6 bytes [48, B8, F9, 24, C1, 75] .text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[2212] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx + 8 00000000771e1d98 4 bytes [00, 00, 50, C3] .text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[2212] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000771e2100 6 bytes [48, B8, 39, D2, C1, 75] .text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[2212] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver + 8 00000000771e2108 4 bytes [00, 00, 50, C3] .text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[2212] C:\Windows\SYSTEM32\ntdll.dll!NtRaiseHardError 00000000771e2640 6 bytes [48, B8, 39, 7E, C1, 75] .text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[2212] C:\Windows\SYSTEM32\ntdll.dll!NtRaiseHardError + 8 00000000771e2648 4 bytes [00, 00, 50, C3] .text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[2212] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000771e2840 6 bytes [48, B8, 39, 31, C1, 75] .text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[2212] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread + 8 00000000771e2848 4 bytes [00, 00, 50, C3] .text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[2212] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000771e2a00 6 bytes [48, B8, F9, D3, C1, 75] .text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[2212] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation + 8 00000000771e2a08 4 bytes [00, 00, 50, C3] .text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[2212] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000771e2b00 6 bytes [48, B8, F9, EF, C1, 75] .text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[2212] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl + 8 00000000771e2b08 4 bytes [00, 00, 50, C3] .text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[2212] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000771e2be0 6 bytes [48, B8, F9, E1, C1, 75] .text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[2212] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl + 8 00000000771e2be8 4 bytes [00, 00, 50, C3] .text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[2212] C:\Windows\SYSTEM32\ntdll.dll!RtlReportException + 1 00000000772531f1 11 bytes [B8, F9, 7F, C1, 75, 00, 00, ...] .text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[2212] C:\Windows\system32\kernel32.dll!Process32NextW + 1 00000000770720f1 11 bytes [B8, B9, CE, C1, 75, 00, 00, ...] .text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[2212] C:\Windows\system32\kernel32.dll!CreateToolhelp32Snapshot 00000000770721e0 12 bytes [48, B8, F9, 39, C1, 75, 00, ...] .text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[2212] C:\Windows\system32\kernel32.dll!CreateProcessInternalW 000000007708e750 12 bytes [48, B8, B9, 2D, C1, 75, 00, ...] .text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[2212] C:\Windows\system32\kernel32.dll!GetStartupInfoA + 1 0000000077091e31 11 bytes [B8, 39, E0, C1, 75, 00, 00, ...] .text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[2212] C:\Windows\system32\kernel32.dll!ReadConsoleInputW + 1 00000000770c5011 11 bytes [B8, 79, 75, C1, 75, 00, 00, ...] .text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[2212] C:\Windows\system32\kernel32.dll!ReadConsoleInputA + 1 00000000770c5031 11 bytes [B8, F9, 71, C1, 75, 00, 00, ...] .text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[2212] C:\Windows\system32\kernel32.dll!ReadConsoleW 00000000770da560 12 bytes [48, B8, 79, 7C, C1, 75, 00, ...] .text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[2212] C:\Windows\system32\kernel32.dll!ReadConsoleA 00000000770da670 12 bytes [48, B8, F9, 78, C1, 75, 00, ...] .text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[2212] C:\Windows\system32\KERNELBASE.dll!CloseHandle + 1 000007fefd441861 11 bytes [B8, 39, 4D, C1, 75, 00, 00, ...] .text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[2212] C:\Windows\system32\KERNELBASE.dll!GetProcAddress + 1 000007fefd4430f1 11 bytes [B8, 39, C4, C1, 75, 00, 00, ...] .text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[2212] C:\Windows\system32\KERNELBASE.dll!CreateMutexW 000007fefd448b80 12 bytes [48, B8, 79, 4B, C1, 75, 00, ...] .text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[2212] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd449940 12 bytes [48, B8, B9, C0, C1, 75, 00, ...] .text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[2212] C:\Windows\system32\KERNELBASE.dll!FreeLibrary + 1 000007fefd449fb1 11 bytes [B8, 79, C2, C1, 75, 00, 00, ...] .text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[2212] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExA + 1 000007fefd44bbb1 11 bytes [B8, F9, BE, C1, 75, 00, 00, ...] .text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[2212] C:\Windows\system32\KERNELBASE.dll!OpenMutexW + 1 000007fefd4529c1 11 bytes [B8, B9, 49, C1, 75, 00, 00, ...] .text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[2212] C:\Windows\system32\KERNELBASE.dll!WriteProcessMemory 000007fefd474320 12 bytes [48, B8, 79, 3D, C1, 75, 00, ...] .text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[2212] C:\Windows\system32\KERNELBASE.dll!CreateRemoteThread + 1 000007fefd482841 8 bytes [B8, 39, 23, C1, 75, 00, 00, ...] .text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[2212] C:\Windows\system32\KERNELBASE.dll!CreateRemoteThread + 10 000007fefd48284a 2 bytes [50, C3] .text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[2212] C:\Windows\system32\KERNELBASE.dll!CreateThread + 1 000007fefd482881 11 bytes [B8, B9, 3B, C1, 75, 00, 00, ...] .text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[2212] C:\Windows\SYSTEM32\sechost.dll!ControlService + 1 000007fefd77642d 11 bytes [B8, F9, 55, C1, 75, 00, 00, ...] .text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[2212] C:\Windows\SYSTEM32\sechost.dll!OpenServiceW 000007fefd776484 12 bytes [48, B8, B9, 50, C1, 75, 00, ...] .text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[2212] C:\Windows\SYSTEM32\sechost.dll!CloseServiceHandle + 1 000007fefd776519 11 bytes [B8, F9, 5C, C1, 75, 00, 00, ...] .text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[2212] C:\Windows\SYSTEM32\sechost.dll!OpenServiceA 000007fefd776c34 12 bytes [48, B8, F9, 4E, C1, 75, 00, ...] .text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[2212] C:\Windows\SYSTEM32\sechost.dll!DeleteService + 1 000007fefd777ab5 11 bytes [B8, B9, 57, C1, 75, 00, 00, ...] .text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[2212] C:\Windows\SYSTEM32\sechost.dll!ControlServiceExA + 1 000007fefd778b01 11 bytes [B8, 79, 52, C1, 75, 00, 00, ...] .text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[2212] C:\Windows\SYSTEM32\sechost.dll!ControlServiceExW + 1 000007fefd778c39 11 bytes [B8, 39, 54, C1, 75, 00, 00, ...] .text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[2212] C:\Windows\system32\urlmon.dll!URLDownloadToFileW + 1 000007fefe9e9959 11 bytes [B8, B9, 5E, C1, 75, 00, 00, ...] .text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[2212] C:\Windows\system32\urlmon.dll!URLDownloadToCacheFileW 000007fefe9e9a38 12 bytes [48, B8, 79, 60, C1, 75, 00, ...] .text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[2212] C:\Windows\system32\ws2_32.DLL!WSASend + 1 000007fefe5a13b1 11 bytes [B8, B9, B9, C1, 75, 00, 00, ...] .text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[2212] C:\Windows\system32\ws2_32.DLL!closesocket 000007fefe5a18e0 12 bytes [48, B8, F9, B7, C1, 75, 00, ...] .text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[2212] C:\Windows\system32\ws2_32.DLL!WSASocketW + 1 000007fefe5a1bd1 11 bytes [B8, 39, B6, C1, 75, 00, 00, ...] .text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[2212] C:\Windows\system32\ws2_32.DLL!WSARecv + 1 000007fefe5a2201 11 bytes [B8, B9, DC, C1, 75, 00, 00, ...] .text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[2212] C:\Windows\system32\ws2_32.DLL!GetAddrInfoW 000007fefe5a23c0 12 bytes [48, B8, 39, A1, C1, 75, 00, ...] .text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[2212] C:\Windows\system32\ws2_32.DLL!connect 000007fefe5a45c0 12 bytes [48, B8, 39, 62, C1, 75, 00, ...] .text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[2212] C:\Windows\system32\ws2_32.DLL!send + 1 000007fefe5a8001 11 bytes [B8, 79, B4, C1, 75, 00, 00, ...] .text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[2212] C:\Windows\system32\ws2_32.DLL!gethostbyname 000007fefe5a8df0 7 bytes [48, B8, F9, A2, C1, 75, 00] .text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[2212] C:\Windows\system32\ws2_32.DLL!gethostbyname + 9 000007fefe5a8df9 3 bytes [00, 50, C3] .text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[2212] C:\Windows\system32\ws2_32.DLL!socket + 1 000007fefe5ade91 11 bytes [B8, B9, D5, C1, 75, 00, 00, ...] .text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[2212] C:\Windows\system32\ws2_32.DLL!recv + 1 000007fefe5adf41 11 bytes [B8, F9, DA, C1, 75, 00, 00, ...] .text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[2212] C:\Windows\system32\ws2_32.DLL!WSAConnect + 1 000007fefe5ce0f1 11 bytes [B8, 39, D9, C1, 75, 00, 00, ...] .text C:\Program Files (x86)\AMD\OverDrive\AODAssist.exe[2336] C:\Windows\SysWOW64\ntdll.dll!NtWriteFile 000000007738f908 5 bytes JMP 00000001741e6661 .text C:\Program Files (x86)\AMD\OverDrive\AODAssist.exe[2336] C:\Windows\SysWOW64\ntdll.dll!NtClose 000000007738f9c0 5 bytes JMP 00000001741e5f11 .text C:\Program Files (x86)\AMD\OverDrive\AODAssist.exe[2336] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationProcess 000000007738fb08 5 bytes JMP 00000001741e5971 .text C:\Program Files (x86)\AMD\OverDrive\AODAssist.exe[2336] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess 000000007738fc00 5 bytes JMP 00000001741e3061 .text C:\Program Files (x86)\AMD\OverDrive\AODAssist.exe[2336] C:\Windows\SysWOW64\ntdll.dll!NtMapViewOfSection 000000007738fc30 5 bytes JMP 00000001741e15f1 .text C:\Program Files (x86)\AMD\OverDrive\AODAssist.exe[2336] C:\Windows\SysWOW64\ntdll.dll!NtUnmapViewOfSection 000000007738fc60 5 bytes JMP 00000001741e1681 .text C:\Program Files (x86)\AMD\OverDrive\AODAssist.exe[2336] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 000000007738fc90 5 bytes JMP 00000001741e58e1 .text C:\Program Files (x86)\AMD\OverDrive\AODAssist.exe[2336] C:\Windows\SysWOW64\ntdll.dll!NtOpenSection 000000007738fda8 5 bytes JMP 00000001741e65d1 .text C:\Program Files (x86)\AMD\OverDrive\AODAssist.exe[2336] C:\Windows\SysWOW64\ntdll.dll!NtWriteVirtualMemory 000000007738fdf4 5 bytes JMP 00000001741e2f41 .text C:\Program Files (x86)\AMD\OverDrive\AODAssist.exe[2336] C:\Windows\SysWOW64\ntdll.dll!NtDuplicateObject 000000007738fe24 5 bytes JMP 00000001741e3181 .text C:\Program Files (x86)\AMD\OverDrive\AODAssist.exe[2336] C:\Windows\SysWOW64\ntdll.dll!NtQueueApcThread 000000007738ff04 5 bytes JMP 00000001741e30f1 .text C:\Program Files (x86)\AMD\OverDrive\AODAssist.exe[2336] C:\Windows\SysWOW64\ntdll.dll!NtCreateSection 000000007738ff84 5 bytes JMP 00000001741e66f1 .text C:\Program Files (x86)\AMD\OverDrive\AODAssist.exe[2336] C:\Windows\SysWOW64\ntdll.dll!NtCreateProcessEx 000000007738ffcc 5 bytes JMP 00000001741e2d91 .text C:\Program Files (x86)\AMD\OverDrive\AODAssist.exe[2336] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread 000000007738ffe4 5 bytes JMP 00000001741e2c71 .text C:\Program Files (x86)\AMD\OverDrive\AODAssist.exe[2336] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile 0000000077390094 5 bytes JMP 00000001741e1e61 .text C:\Program Files (x86)\AMD\OverDrive\AODAssist.exe[2336] C:\Windows\SysWOW64\ntdll.dll!NtSetValueKey 00000000773901a4 5 bytes JMP 00000001741e2251 .text C:\Program Files (x86)\AMD\OverDrive\AODAssist.exe[2336] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant 000000007739077c 5 bytes JMP 00000001741e6541 .text C:\Program Files (x86)\AMD\OverDrive\AODAssist.exe[2336] C:\Windows\SysWOW64\ntdll.dll!NtCreateProcess 00000000773907f4 5 bytes JMP 00000001741e2d01 .text C:\Program Files (x86)\AMD\OverDrive\AODAssist.exe[2336] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx 0000000077390884 5 bytes JMP 00000001741e2be1 .text C:\Program Files (x86)\AMD\OverDrive\AODAssist.exe[2336] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver 0000000077390dd4 5 bytes JMP 00000001741e5fa1 .text C:\Program Files (x86)\AMD\OverDrive\AODAssist.exe[2336] C:\Windows\SysWOW64\ntdll.dll!NtRaiseHardError 00000000773915e4 5 bytes JMP 00000001741e4651 .text C:\Program Files (x86)\AMD\OverDrive\AODAssist.exe[2336] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread 0000000077391900 5 bytes JMP 00000001741e2fd1 .text C:\Program Files (x86)\AMD\OverDrive\AODAssist.exe[2336] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation 0000000077391bc4 5 bytes JMP 00000001741e6031 .text C:\Program Files (x86)\AMD\OverDrive\AODAssist.exe[2336] C:\Windows\SysWOW64\ntdll.dll!NtSystemDebugControl 0000000077391d6c 5 bytes JMP 00000001741e6781 .text C:\Program Files (x86)\AMD\OverDrive\AODAssist.exe[2336] C:\Windows\SysWOW64\ntdll.dll!NtVdmControl 0000000077391ec8 5 bytes JMP 00000001741e6391 .text C:\Program Files (x86)\AMD\OverDrive\AODAssist.exe[2336] C:\Windows\SysWOW64\ntdll.dll!RtlQueryPerformanceCounter 00000000773a88a4 5 bytes JMP 00000001741e1a71 .text C:\Program Files (x86)\AMD\OverDrive\AODAssist.exe[2336] C:\Windows\SysWOW64\ntdll.dll!RtlCreateProcessParametersEx 00000000773d0cfb 5 bytes JMP 00000001741e1f81 .text C:\Program Files (x86)\AMD\OverDrive\AODAssist.exe[2336] C:\Windows\SysWOW64\ntdll.dll!RtlReportException 000000007741857f 5 bytes JMP 00000001741e46e1 .text C:\Program Files (x86)\AMD\OverDrive\AODAssist.exe[2336] C:\Windows\SysWOW64\ntdll.dll!RtlCreateProcessParameters 000000007741e81b 5 bytes JMP 00000001741e1ef1 .text C:\Program Files (x86)\AMD\OverDrive\AODAssist.exe[2336] C:\Windows\syswow64\kernel32.dll!GetStartupInfoA 00000000764a0e00 5 bytes JMP 00000001741e1d41 .text C:\Program Files (x86)\AMD\OverDrive\AODAssist.exe[2336] C:\Windows\syswow64\kernel32.dll!CreateProcessA 00000000764a1072 5 bytes JMP 00000001741e2911 .text C:\Program Files (x86)\AMD\OverDrive\AODAssist.exe[2336] C:\Windows\syswow64\kernel32.dll!LoadLibraryA 00000000764a49bf 5 bytes JMP 00000001741e2521 .text C:\Program Files (x86)\AMD\OverDrive\AODAssist.exe[2336] C:\Windows\syswow64\kernel32.dll!CreateProcessInternalW 00000000764b3bdb 5 bytes JMP 00000001741e2eb1 .text C:\Program Files (x86)\AMD\OverDrive\AODAssist.exe[2336] C:\Windows\syswow64\kernel32.dll!CreateToolhelp32Snapshot 00000000764c7347 5 bytes JMP 00000001741e2641 .text C:\Program Files (x86)\AMD\OverDrive\AODAssist.exe[2336] C:\Windows\syswow64\kernel32.dll!Process32NextW 00000000764c8954 5 bytes JMP 00000001741e5e81 .text C:\Program Files (x86)\AMD\OverDrive\AODAssist.exe[2336] C:\Windows\syswow64\kernel32.dll!WinExec 0000000076522c91 5 bytes JMP 00000001741e27f1 .text C:\Program Files (x86)\AMD\OverDrive\AODAssist.exe[2336] C:\Windows\syswow64\kernel32.dll!ReadConsoleInputA 0000000076546f6b 5 bytes JMP 00000001741e4261 .text C:\Program Files (x86)\AMD\OverDrive\AODAssist.exe[2336] C:\Windows\syswow64\kernel32.dll!ReadConsoleInputW 0000000076546f8e 5 bytes JMP 00000001741e4381 .text C:\Program Files (x86)\AMD\OverDrive\AODAssist.exe[2336] C:\Windows\syswow64\kernel32.dll!ReadConsoleA 0000000076547339 5 bytes JMP 00000001741e44a1 .text C:\Program Files (x86)\AMD\OverDrive\AODAssist.exe[2336] C:\Windows\syswow64\kernel32.dll!ReadConsoleW 00000000765473b2 5 bytes JMP 00000001741e45c1 .text C:\Program Files (x86)\AMD\OverDrive\AODAssist.exe[2336] C:\Windows\syswow64\KERNELBASE.dll!GetSystemTimeAsFileTime 00000000750d8f7d 5 bytes JMP 00000001741e19e1 .text C:\Program Files (x86)\AMD\OverDrive\AODAssist.exe[2336] C:\Windows\syswow64\KERNELBASE.dll!CloseHandle 00000000750dc428 5 bytes JMP 00000001741e37b1 .text C:\Program Files (x86)\AMD\OverDrive\AODAssist.exe[2336] C:\Windows\syswow64\KERNELBASE.dll!WriteProcessMemory 00000000750dec98 5 bytes JMP 00000001741e32a1 .text C:\Program Files (x86)\AMD\OverDrive\AODAssist.exe[2336] C:\Windows\syswow64\KERNELBASE.dll!ExitProcess 00000000750df1f8 4 bytes JMP 00000001741e22e1 .text C:\Program Files (x86)\AMD\OverDrive\AODAssist.exe[2336] C:\Windows\syswow64\KERNELBASE.dll!GetStartupInfoW 00000000750dfa7b 5 bytes JMP 00000001741e1dd1 .text C:\Program Files (x86)\AMD\OverDrive\AODAssist.exe[2336] C:\Windows\syswow64\KERNELBASE.dll!CreateMutexW 00000000750e134a 5 bytes JMP 00000001741e3721 .text C:\Program Files (x86)\AMD\OverDrive\AODAssist.exe[2336] C:\Windows\syswow64\KERNELBASE.dll!OpenMutexW 00000000750e1371 5 bytes JMP 00000001741e3691 .text C:\Program Files (x86)\AMD\OverDrive\AODAssist.exe[2336] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 00000000750e1d1b 5 bytes JMP 00000001741e1951 .text C:\Program Files (x86)\AMD\OverDrive\AODAssist.exe[2336] C:\Windows\syswow64\KERNELBASE.dll!GetProcAddress 00000000750e1e07 5 bytes JMP 00000001741e2401 .text C:\Program Files (x86)\AMD\OverDrive\AODAssist.exe[2336] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 00000000750e2aa4 5 bytes JMP 00000001741e5a91 .text C:\Program Files (x86)\AMD\OverDrive\AODAssist.exe[2336] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExA 00000000750e2ccc 5 bytes JMP 00000001741e5a01 .text C:\Program Files (x86)\AMD\OverDrive\AODAssist.exe[2336] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 00000000750e2d0a 5 bytes JMP 00000001741e5b21 .text C:\Program Files (x86)\AMD\OverDrive\AODAssist.exe[2336] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleA 00000000750e2e6d 5 bytes JMP 00000001741e18c1 .text C:\Program Files (x86)\AMD\OverDrive\AODAssist.exe[2336] C:\Windows\syswow64\KERNELBASE.dll!SleepEx 00000000750e3b63 5 bytes JMP 00000001741e21c1 .text C:\Program Files (x86)\AMD\OverDrive\AODAssist.exe[2336] C:\Windows\syswow64\KERNELBASE.dll!Sleep 00000000750e4489 5 bytes JMP 00000001741e2371 .text C:\Program Files (x86)\AMD\OverDrive\AODAssist.exe[2336] C:\Windows\syswow64\KERNELBASE.dll!CreateThread 00000000750e45fb 5 bytes JMP 00000001741e3211 .text C:\Program Files (x86)\AMD\OverDrive\AODAssist.exe[2336] C:\Windows\syswow64\KERNELBASE.dll!CreateRemoteThread 00000000750e4624 5 bytes JMP 00000001741e2b51 .text C:\Program Files (x86)\AMD\OverDrive\AODAssist.exe[2336] C:\Windows\syswow64\KERNELBASE.dll!CreateFileA 00000000750ec72c 5 bytes JMP 00000001741e26d1 .text C:\Program Files (x86)\AMD\OverDrive\AODAssist.exe[2336] C:\Windows\syswow64\msvcrt.dll!_lock + 41 00000000753ca472 5 bytes JMP 00000001741e6811 .text C:\Program Files (x86)\AMD\OverDrive\AODAssist.exe[2336] C:\Windows\syswow64\msvcrt.dll!__p__fmode 00000000753d27ce 5 bytes JMP 00000001741e1b91 .text C:\Program Files (x86)\AMD\OverDrive\AODAssist.exe[2336] C:\Windows\syswow64\msvcrt.dll!__p__environ 00000000753de6cf 5 bytes JMP 00000001741e1b01 .text C:\Program Files (x86)\AMD\OverDrive\AODAssist.exe[2336] C:\Windows\syswow64\WS2_32.dll!closesocket 0000000076e43918 5 bytes JMP 00000001741e5851 .text C:\Program Files (x86)\AMD\OverDrive\AODAssist.exe[2336] C:\Windows\syswow64\WS2_32.dll!WSASocketW 0000000076e43cd3 5 bytes JMP 00000001741e57c1 .text C:\Program Files (x86)\AMD\OverDrive\AODAssist.exe[2336] C:\Windows\syswow64\WS2_32.dll!socket 0000000076e43eb8 5 bytes JMP 00000001741e60c1 .text C:\Program Files (x86)\AMD\OverDrive\AODAssist.exe[2336] C:\Windows\syswow64\WS2_32.dll!WSASend 0000000076e44406 5 bytes JMP 00000001741e20a1 .text C:\Program Files (x86)\AMD\OverDrive\AODAssist.exe[2336] C:\Windows\syswow64\WS2_32.dll!GetAddrInfoW 0000000076e44889 5 bytes JMP 00000001741e5191 .text C:\Program Files (x86)\AMD\OverDrive\AODAssist.exe[2336] C:\Windows\syswow64\WS2_32.dll!recv 0000000076e46b0e 5 bytes JMP 00000001741e6271 .text C:\Program Files (x86)\AMD\OverDrive\AODAssist.exe[2336] C:\Windows\syswow64\WS2_32.dll!connect 0000000076e46bdd 1 byte JMP 00000001741e3de1 .text C:\Program Files (x86)\AMD\OverDrive\AODAssist.exe[2336] C:\Windows\syswow64\WS2_32.dll!connect + 2 0000000076e46bdf 3 bytes {CALL RCX} .text C:\Program Files (x86)\AMD\OverDrive\AODAssist.exe[2336] C:\Windows\syswow64\WS2_32.dll!send 0000000076e46f01 5 bytes JMP 00000001741e2011 .text C:\Program Files (x86)\AMD\OverDrive\AODAssist.exe[2336] C:\Windows\syswow64\WS2_32.dll!WSARecv 0000000076e47089 5 bytes JMP 00000001741e6301 .text C:\Program Files (x86)\AMD\OverDrive\AODAssist.exe[2336] C:\Windows\syswow64\WS2_32.dll!WSAConnect 0000000076e4cc3f 5 bytes JMP 00000001741e61e1 .text C:\Program Files (x86)\AMD\OverDrive\AODAssist.exe[2336] C:\Windows\syswow64\WS2_32.dll!gethostbyname 0000000076e57673 5 bytes JMP 00000001741e5221 .text C:\Program Files (x86)\AMD\OverDrive\AODAssist.exe[2336] C:\Windows\syswow64\SHELL32.dll!Shell_NotifyIconW 0000000075860171 5 bytes JMP 00000001741e4891 .text C:\Program Files (x86)\AMD\OverDrive\AODAssist.exe[2336] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000077341465 2 bytes [34, 77] .text C:\Program Files (x86)\AMD\OverDrive\AODAssist.exe[2336] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000773414bb 2 bytes [34, 77] .text ... * 2 .text C:\xampp\apache\bin\httpd.exe[2416] C:\Windows\SysWOW64\ntdll.dll!NtWriteFile 000000007738f908 5 bytes JMP 00000001741e6661 .text C:\xampp\apache\bin\httpd.exe[2416] C:\Windows\SysWOW64\ntdll.dll!NtClose 000000007738f9c0 5 bytes JMP 00000001741e5f11 .text C:\xampp\apache\bin\httpd.exe[2416] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationProcess 000000007738fb08 5 bytes JMP 00000001741e5971 .text C:\xampp\apache\bin\httpd.exe[2416] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess 000000007738fc00 5 bytes JMP 00000001741e3061 .text C:\xampp\apache\bin\httpd.exe[2416] C:\Windows\SysWOW64\ntdll.dll!NtMapViewOfSection 000000007738fc30 5 bytes JMP 00000001741e15f1 .text C:\xampp\apache\bin\httpd.exe[2416] C:\Windows\SysWOW64\ntdll.dll!NtUnmapViewOfSection 000000007738fc60 5 bytes JMP 00000001741e1681 .text C:\xampp\apache\bin\httpd.exe[2416] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 000000007738fc90 5 bytes JMP 00000001741e58e1 .text C:\xampp\apache\bin\httpd.exe[2416] C:\Windows\SysWOW64\ntdll.dll!NtOpenSection 000000007738fda8 5 bytes JMP 00000001741e65d1 .text C:\xampp\apache\bin\httpd.exe[2416] C:\Windows\SysWOW64\ntdll.dll!NtWriteVirtualMemory 000000007738fdf4 5 bytes JMP 00000001741e2f41 .text C:\xampp\apache\bin\httpd.exe[2416] C:\Windows\SysWOW64\ntdll.dll!NtDuplicateObject 000000007738fe24 5 bytes JMP 00000001741e3181 .text C:\xampp\apache\bin\httpd.exe[2416] C:\Windows\SysWOW64\ntdll.dll!NtQueueApcThread 000000007738ff04 5 bytes JMP 00000001741e30f1 .text C:\xampp\apache\bin\httpd.exe[2416] C:\Windows\SysWOW64\ntdll.dll!NtCreateSection 000000007738ff84 5 bytes JMP 00000001741e66f1 .text C:\xampp\apache\bin\httpd.exe[2416] C:\Windows\SysWOW64\ntdll.dll!NtCreateProcessEx 000000007738ffcc 5 bytes JMP 00000001741e2d91 .text C:\xampp\apache\bin\httpd.exe[2416] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread 000000007738ffe4 5 bytes JMP 00000001741e2c71 .text C:\xampp\apache\bin\httpd.exe[2416] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile 0000000077390094 5 bytes JMP 00000001741e1e61 .text C:\xampp\apache\bin\httpd.exe[2416] C:\Windows\SysWOW64\ntdll.dll!NtSetValueKey 00000000773901a4 5 bytes JMP 00000001741e2251 .text C:\xampp\apache\bin\httpd.exe[2416] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant 000000007739077c 5 bytes JMP 00000001741e6541 .text C:\xampp\apache\bin\httpd.exe[2416] C:\Windows\SysWOW64\ntdll.dll!NtCreateProcess 00000000773907f4 5 bytes JMP 00000001741e2d01 .text C:\xampp\apache\bin\httpd.exe[2416] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx 0000000077390884 5 bytes JMP 00000001741e2be1 .text C:\xampp\apache\bin\httpd.exe[2416] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver 0000000077390dd4 5 bytes JMP 00000001741e5fa1 .text C:\xampp\apache\bin\httpd.exe[2416] C:\Windows\SysWOW64\ntdll.dll!NtRaiseHardError 00000000773915e4 5 bytes JMP 00000001741e4651 .text C:\xampp\apache\bin\httpd.exe[2416] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread 0000000077391900 5 bytes JMP 00000001741e2fd1 .text C:\xampp\apache\bin\httpd.exe[2416] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation 0000000077391bc4 5 bytes JMP 00000001741e6031 .text C:\xampp\apache\bin\httpd.exe[2416] C:\Windows\SysWOW64\ntdll.dll!NtSystemDebugControl 0000000077391d6c 5 bytes JMP 00000001741e6781 .text C:\xampp\apache\bin\httpd.exe[2416] C:\Windows\SysWOW64\ntdll.dll!NtVdmControl 0000000077391ec8 5 bytes JMP 00000001741e6391 .text C:\xampp\apache\bin\httpd.exe[2416] C:\Windows\SysWOW64\ntdll.dll!RtlQueryPerformanceCounter 00000000773a88a4 5 bytes JMP 00000001741e1a71 .text C:\xampp\apache\bin\httpd.exe[2416] C:\Windows\SysWOW64\ntdll.dll!RtlCreateProcessParametersEx 00000000773d0cfb 5 bytes JMP 00000001741e1f81 .text C:\xampp\apache\bin\httpd.exe[2416] C:\Windows\SysWOW64\ntdll.dll!RtlReportException 000000007741857f 5 bytes JMP 00000001741e46e1 .text C:\xampp\apache\bin\httpd.exe[2416] C:\Windows\SysWOW64\ntdll.dll!RtlCreateProcessParameters 000000007741e81b 5 bytes JMP 00000001741e1ef1 .text C:\xampp\apache\bin\httpd.exe[2416] C:\Windows\syswow64\kernel32.dll!GetStartupInfoA 00000000764a0e00 5 bytes JMP 00000001741e1d41 .text C:\xampp\apache\bin\httpd.exe[2416] C:\Windows\syswow64\kernel32.dll!CreateProcessA 00000000764a1072 5 bytes JMP 00000001741e2911 .text C:\xampp\apache\bin\httpd.exe[2416] C:\Windows\syswow64\kernel32.dll!LoadLibraryA 00000000764a49bf 5 bytes JMP 00000001741e2521 .text C:\xampp\apache\bin\httpd.exe[2416] C:\Windows\syswow64\kernel32.dll!CreateProcessInternalW 00000000764b3bdb 5 bytes JMP 00000001741e2eb1 .text C:\xampp\apache\bin\httpd.exe[2416] C:\Windows\syswow64\kernel32.dll!CreateToolhelp32Snapshot 00000000764c7347 5 bytes JMP 00000001741e2641 .text C:\xampp\apache\bin\httpd.exe[2416] C:\Windows\syswow64\kernel32.dll!Process32NextW 00000000764c8954 5 bytes JMP 00000001741e5e81 .text C:\xampp\apache\bin\httpd.exe[2416] C:\Windows\syswow64\kernel32.dll!WinExec 0000000076522c91 5 bytes JMP 00000001741e27f1 .text C:\xampp\apache\bin\httpd.exe[2416] C:\Windows\syswow64\kernel32.dll!ReadConsoleInputA 0000000076546f6b 5 bytes JMP 00000001741e4261 .text C:\xampp\apache\bin\httpd.exe[2416] C:\Windows\syswow64\kernel32.dll!ReadConsoleInputW 0000000076546f8e 5 bytes JMP 00000001741e4381 .text C:\xampp\apache\bin\httpd.exe[2416] C:\Windows\syswow64\kernel32.dll!ReadConsoleA 0000000076547339 5 bytes JMP 00000001741e44a1 .text C:\xampp\apache\bin\httpd.exe[2416] C:\Windows\syswow64\kernel32.dll!ReadConsoleW 00000000765473b2 5 bytes JMP 00000001741e45c1 .text C:\xampp\apache\bin\httpd.exe[2416] C:\Windows\syswow64\KERNELBASE.dll!GetSystemTimeAsFileTime 00000000750d8f7d 5 bytes JMP 00000001741e19e1 .text C:\xampp\apache\bin\httpd.exe[2416] C:\Windows\syswow64\KERNELBASE.dll!CloseHandle 00000000750dc428 5 bytes JMP 00000001741e37b1 .text C:\xampp\apache\bin\httpd.exe[2416] C:\Windows\syswow64\KERNELBASE.dll!WriteProcessMemory 00000000750dec98 5 bytes JMP 00000001741e32a1 .text C:\xampp\apache\bin\httpd.exe[2416] C:\Windows\syswow64\KERNELBASE.dll!ExitProcess 00000000750df1f8 4 bytes JMP 00000001741e22e1 .text C:\xampp\apache\bin\httpd.exe[2416] C:\Windows\syswow64\KERNELBASE.dll!GetStartupInfoW 00000000750dfa7b 5 bytes JMP 00000001741e1dd1 .text C:\xampp\apache\bin\httpd.exe[2416] C:\Windows\syswow64\KERNELBASE.dll!CreateMutexW 00000000750e134a 5 bytes JMP 00000001741e3721 .text C:\xampp\apache\bin\httpd.exe[2416] C:\Windows\syswow64\KERNELBASE.dll!OpenMutexW 00000000750e1371 5 bytes JMP 00000001741e3691 .text C:\xampp\apache\bin\httpd.exe[2416] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 00000000750e1d1b 5 bytes JMP 00000001741e1951 .text C:\xampp\apache\bin\httpd.exe[2416] C:\Windows\syswow64\KERNELBASE.dll!GetProcAddress 00000000750e1e07 5 bytes JMP 00000001741e2401 .text C:\xampp\apache\bin\httpd.exe[2416] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 00000000750e2aa4 5 bytes JMP 00000001741e5a91 .text C:\xampp\apache\bin\httpd.exe[2416] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExA 00000000750e2ccc 5 bytes JMP 00000001741e5a01 .text C:\xampp\apache\bin\httpd.exe[2416] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 00000000750e2d0a 5 bytes JMP 00000001741e5b21 .text C:\xampp\apache\bin\httpd.exe[2416] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleA 00000000750e2e6d 5 bytes JMP 00000001741e18c1 .text C:\xampp\apache\bin\httpd.exe[2416] C:\Windows\syswow64\KERNELBASE.dll!SleepEx 00000000750e3b63 5 bytes JMP 00000001741e21c1 .text C:\xampp\apache\bin\httpd.exe[2416] C:\Windows\syswow64\KERNELBASE.dll!Sleep 00000000750e4489 5 bytes JMP 00000001741e2371 .text C:\xampp\apache\bin\httpd.exe[2416] C:\Windows\syswow64\KERNELBASE.dll!CreateThread 00000000750e45fb 5 bytes JMP 00000001741e3211 .text C:\xampp\apache\bin\httpd.exe[2416] C:\Windows\syswow64\KERNELBASE.dll!CreateRemoteThread 00000000750e4624 5 bytes JMP 00000001741e2b51 .text C:\xampp\apache\bin\httpd.exe[2416] C:\Windows\syswow64\KERNELBASE.dll!CreateFileA 00000000750ec72c 5 bytes JMP 00000001741e26d1 .text C:\xampp\apache\bin\httpd.exe[2416] C:\Windows\syswow64\WS2_32.dll!closesocket 0000000076e43918 5 bytes JMP 00000001741e5851 .text C:\xampp\apache\bin\httpd.exe[2416] C:\Windows\syswow64\WS2_32.dll!WSASocketW 0000000076e43cd3 5 bytes JMP 00000001741e57c1 .text C:\xampp\apache\bin\httpd.exe[2416] C:\Windows\syswow64\WS2_32.dll!socket 0000000076e43eb8 5 bytes JMP 00000001741e60c1 .text C:\xampp\apache\bin\httpd.exe[2416] C:\Windows\syswow64\WS2_32.dll!WSASend 0000000076e44406 5 bytes JMP 00000001741e20a1 .text C:\xampp\apache\bin\httpd.exe[2416] C:\Windows\syswow64\WS2_32.dll!GetAddrInfoW 0000000076e44889 5 bytes JMP 00000001741e5191 .text C:\xampp\apache\bin\httpd.exe[2416] C:\Windows\syswow64\WS2_32.dll!recv 0000000076e46b0e 5 bytes JMP 00000001741e6271 .text C:\xampp\apache\bin\httpd.exe[2416] C:\Windows\syswow64\WS2_32.dll!connect 0000000076e46bdd 1 byte JMP 00000001741e3de1 .text C:\xampp\apache\bin\httpd.exe[2416] C:\Windows\syswow64\WS2_32.dll!connect + 2 0000000076e46bdf 3 bytes {CALL RCX} .text C:\xampp\apache\bin\httpd.exe[2416] C:\Windows\syswow64\WS2_32.dll!send 0000000076e46f01 5 bytes JMP 00000001741e2011 .text C:\xampp\apache\bin\httpd.exe[2416] C:\Windows\syswow64\WS2_32.dll!WSARecv 0000000076e47089 5 bytes JMP 00000001741e6301 .text C:\xampp\apache\bin\httpd.exe[2416] C:\Windows\syswow64\WS2_32.dll!WSAConnect 0000000076e4cc3f 5 bytes JMP 00000001741e61e1 .text C:\xampp\apache\bin\httpd.exe[2416] C:\Windows\syswow64\WS2_32.dll!gethostbyname 0000000076e57673 5 bytes JMP 00000001741e5221 .text C:\Program Files (x86)\Bluetooth Suite\adminservice.exe[2456] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateProcessParametersEx + 1 00000000771c92a1 5 bytes [B8, F9, 63, C1, 75] .text C:\Program Files (x86)\Bluetooth Suite\adminservice.exe[2456] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateProcessParametersEx + 7 00000000771c92a7 5 bytes [00, 00, 00, 50, C3] .text C:\Program Files (x86)\Bluetooth Suite\adminservice.exe[2456] C:\Windows\SYSTEM32\ntdll.dll!NtWriteFile 00000000771e1390 6 bytes [48, B8, 79, EC, C1, 75] .text C:\Program Files (x86)\Bluetooth Suite\adminservice.exe[2456] C:\Windows\SYSTEM32\ntdll.dll!NtWriteFile + 8 00000000771e1398 4 bytes [00, 00, 50, C3] .text C:\Program Files (x86)\Bluetooth Suite\adminservice.exe[2456] C:\Windows\SYSTEM32\ntdll.dll!NtClose 00000000771e1400 6 bytes [48, B8, 79, D0, C1, 75] .text C:\Program Files (x86)\Bluetooth Suite\adminservice.exe[2456] C:\Windows\SYSTEM32\ntdll.dll!NtClose + 8 00000000771e1408 4 bytes [00, 00, 50, C3] .text C:\Program Files (x86)\Bluetooth Suite\adminservice.exe[2456] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess 00000000771e14d0 6 bytes [48, B8, 39, BD, C1, 75] .text C:\Program Files (x86)\Bluetooth Suite\adminservice.exe[2456] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess + 8 00000000771e14d8 4 bytes [00, 00, 50, C3] .text C:\Program Files (x86)\Bluetooth Suite\adminservice.exe[2456] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000771e1570 6 bytes [48, B8, F9, 32, C1, 75] .text C:\Program Files (x86)\Bluetooth Suite\adminservice.exe[2456] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess + 8 00000000771e1578 4 bytes [00, 00, 50, C3] .text C:\Program Files (x86)\Bluetooth Suite\adminservice.exe[2456] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 00000000771e1590 6 bytes [48, B8, 39, 1C, C1, 75] .text C:\Program Files (x86)\Bluetooth Suite\adminservice.exe[2456] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection + 8 00000000771e1598 4 bytes [00, 00, 50, C3] .text C:\Program Files (x86)\Bluetooth Suite\adminservice.exe[2456] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection 00000000771e15b0 6 bytes [48, B8, F9, 1D, C1, 75] .text C:\Program Files (x86)\Bluetooth Suite\adminservice.exe[2456] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection + 8 00000000771e15b8 4 bytes [00, 00, 50, C3] .text C:\Program Files (x86)\Bluetooth Suite\adminservice.exe[2456] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000771e15d0 6 bytes [48, B8, 79, BB, C1, 75] .text C:\Program Files (x86)\Bluetooth Suite\adminservice.exe[2456] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess + 8 00000000771e15d8 4 bytes [00, 00, 50, C3] .text C:\Program Files (x86)\Bluetooth Suite\adminservice.exe[2456] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000771e1680 6 bytes [48, B8, F9, E8, C1, 75] .text C:\Program Files (x86)\Bluetooth Suite\adminservice.exe[2456] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection + 8 00000000771e1688 4 bytes [00, 00, 50, C3] .text C:\Program Files (x86)\Bluetooth Suite\adminservice.exe[2456] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000771e16b0 6 bytes [48, B8, 79, 2F, C1, 75] .text C:\Program Files (x86)\Bluetooth Suite\adminservice.exe[2456] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory + 8 00000000771e16b8 4 bytes [00, 00, 50, C3] .text C:\Program Files (x86)\Bluetooth Suite\adminservice.exe[2456] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000771e16d0 6 bytes [48, B8, 79, 36, C1, 75] .text C:\Program Files (x86)\Bluetooth Suite\adminservice.exe[2456] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject + 8 00000000771e16d8 4 bytes [00, 00, 50, C3] .text C:\Program Files (x86)\Bluetooth Suite\adminservice.exe[2456] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 00000000771e1760 6 bytes [48, B8, B9, 34, C1, 75] .text C:\Program Files (x86)\Bluetooth Suite\adminservice.exe[2456] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread + 8 00000000771e1768 4 bytes [00, 00, 50, C3] .text C:\Program Files (x86)\Bluetooth Suite\adminservice.exe[2456] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000771e17b0 6 bytes [48, B8, 39, EE, C1, 75] .text C:\Program Files (x86)\Bluetooth Suite\adminservice.exe[2456] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection + 8 00000000771e17b8 4 bytes [00, 00, 50, C3] .text C:\Program Files (x86)\Bluetooth Suite\adminservice.exe[2456] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcessEx 00000000771e17e0 6 bytes [48, B8, 39, 2A, C1, 75] .text C:\Program Files (x86)\Bluetooth Suite\adminservice.exe[2456] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcessEx + 8 00000000771e17e8 4 bytes [00, 00, 50, C3] .text C:\Program Files (x86)\Bluetooth Suite\adminservice.exe[2456] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000771e17f0 6 bytes [48, B8, B9, 26, C1, 75] .text C:\Program Files (x86)\Bluetooth Suite\adminservice.exe[2456] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread + 8 00000000771e17f8 4 bytes [00, 00, 50, C3] .text C:\Program Files (x86)\Bluetooth Suite\adminservice.exe[2456] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 00000000771e1860 6 bytes [48, B8, B9, EA, C1, 75] .text C:\Program Files (x86)\Bluetooth Suite\adminservice.exe[2456] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile + 8 00000000771e1868 4 bytes [00, 00, 50, C3] .text C:\Program Files (x86)\Bluetooth Suite\adminservice.exe[2456] C:\Windows\SYSTEM32\ntdll.dll!NtSetValueKey 00000000771e1910 6 bytes [48, B8, B9, F1, C1, 75] .text C:\Program Files (x86)\Bluetooth Suite\adminservice.exe[2456] C:\Windows\SYSTEM32\ntdll.dll!NtSetValueKey + 8 00000000771e1918 4 bytes [00, 00, 50, C3] .text C:\Program Files (x86)\Bluetooth Suite\adminservice.exe[2456] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000771e1ce0 6 bytes [48, B8, 39, E7, C1, 75] .text C:\Program Files (x86)\Bluetooth Suite\adminservice.exe[2456] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant + 8 00000000771e1ce8 4 bytes [00, 00, 50, C3] .text C:\Program Files (x86)\Bluetooth Suite\adminservice.exe[2456] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcess 00000000771e1d30 6 bytes [48, B8, 79, 28, C1, 75] .text C:\Program Files (x86)\Bluetooth Suite\adminservice.exe[2456] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcess + 8 00000000771e1d38 4 bytes [00, 00, 50, C3] .text C:\Program Files (x86)\Bluetooth Suite\adminservice.exe[2456] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000771e1d90 6 bytes [48, B8, F9, 24, C1, 75] .text C:\Program Files (x86)\Bluetooth Suite\adminservice.exe[2456] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx + 8 00000000771e1d98 4 bytes [00, 00, 50, C3] .text C:\Program Files (x86)\Bluetooth Suite\adminservice.exe[2456] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000771e2100 6 bytes [48, B8, 39, D2, C1, 75] .text C:\Program Files (x86)\Bluetooth Suite\adminservice.exe[2456] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver + 8 00000000771e2108 4 bytes [00, 00, 50, C3] .text C:\Program Files (x86)\Bluetooth Suite\adminservice.exe[2456] C:\Windows\SYSTEM32\ntdll.dll!NtRaiseHardError 00000000771e2640 6 bytes [48, B8, 39, 7E, C1, 75] .text C:\Program Files (x86)\Bluetooth Suite\adminservice.exe[2456] C:\Windows\SYSTEM32\ntdll.dll!NtRaiseHardError + 8 00000000771e2648 4 bytes [00, 00, 50, C3] .text C:\Program Files (x86)\Bluetooth Suite\adminservice.exe[2456] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000771e2840 6 bytes [48, B8, 39, 31, C1, 75] .text C:\Program Files (x86)\Bluetooth Suite\adminservice.exe[2456] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread + 8 00000000771e2848 4 bytes [00, 00, 50, C3] .text C:\Program Files (x86)\Bluetooth Suite\adminservice.exe[2456] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000771e2a00 6 bytes [48, B8, F9, D3, C1, 75] .text C:\Program Files (x86)\Bluetooth Suite\adminservice.exe[2456] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation + 8 00000000771e2a08 4 bytes [00, 00, 50, C3] .text C:\Program Files (x86)\Bluetooth Suite\adminservice.exe[2456] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000771e2b00 6 bytes [48, B8, F9, EF, C1, 75] .text C:\Program Files (x86)\Bluetooth Suite\adminservice.exe[2456] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl + 8 00000000771e2b08 4 bytes [00, 00, 50, C3] .text C:\Program Files (x86)\Bluetooth Suite\adminservice.exe[2456] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000771e2be0 6 bytes [48, B8, F9, E1, C1, 75] .text C:\Program Files (x86)\Bluetooth Suite\adminservice.exe[2456] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl + 8 00000000771e2be8 4 bytes [00, 00, 50, C3] .text C:\Program Files (x86)\Bluetooth Suite\adminservice.exe[2456] C:\Windows\SYSTEM32\ntdll.dll!RtlReportException + 1 00000000772531f1 11 bytes [B8, F9, 7F, C1, 75, 00, 00, ...] .text C:\Program Files (x86)\Bluetooth Suite\adminservice.exe[2456] C:\Windows\system32\kernel32.dll!Process32NextW + 1 00000000770720f1 11 bytes [B8, B9, CE, C1, 75, 00, 00, ...] .text C:\Program Files (x86)\Bluetooth Suite\adminservice.exe[2456] C:\Windows\system32\kernel32.dll!CreateToolhelp32Snapshot 00000000770721e0 12 bytes [48, B8, F9, 39, C1, 75, 00, ...] .text C:\Program Files (x86)\Bluetooth Suite\adminservice.exe[2456] C:\Windows\system32\kernel32.dll!CreateProcessInternalW 000000007708e750 12 bytes [48, B8, B9, 2D, C1, 75, 00, ...] .text C:\Program Files (x86)\Bluetooth Suite\adminservice.exe[2456] C:\Windows\system32\kernel32.dll!GetStartupInfoA + 1 0000000077091e31 11 bytes [B8, 39, E0, C1, 75, 00, 00, ...] .text C:\Program Files (x86)\Bluetooth Suite\adminservice.exe[2456] C:\Windows\system32\kernel32.dll!ReadConsoleInputW + 1 00000000770c5011 11 bytes [B8, 79, 75, C1, 75, 00, 00, ...] .text C:\Program Files (x86)\Bluetooth Suite\adminservice.exe[2456] C:\Windows\system32\kernel32.dll!ReadConsoleInputA + 1 00000000770c5031 11 bytes [B8, F9, 71, C1, 75, 00, 00, ...] .text C:\Program Files (x86)\Bluetooth Suite\adminservice.exe[2456] C:\Windows\system32\kernel32.dll!ReadConsoleW 00000000770da560 12 bytes [48, B8, 79, 7C, C1, 75, 00, ...] .text C:\Program Files (x86)\Bluetooth Suite\adminservice.exe[2456] C:\Windows\system32\kernel32.dll!ReadConsoleA 00000000770da670 12 bytes [48, B8, F9, 78, C1, 75, 00, ...] .text C:\Program Files (x86)\Bluetooth Suite\adminservice.exe[2456] C:\Windows\system32\KERNELBASE.dll!CloseHandle + 1 000007fefd441861 11 bytes [B8, 39, 4D, C1, 75, 00, 00, ...] .text C:\Program Files (x86)\Bluetooth Suite\adminservice.exe[2456] C:\Windows\system32\KERNELBASE.dll!GetProcAddress + 1 000007fefd4430f1 11 bytes [B8, 39, C4, C1, 75, 00, 00, ...] .text C:\Program Files (x86)\Bluetooth Suite\adminservice.exe[2456] C:\Windows\system32\KERNELBASE.dll!CreateMutexW 000007fefd448b80 12 bytes [48, B8, 79, 4B, C1, 75, 00, ...] .text C:\Program Files (x86)\Bluetooth Suite\adminservice.exe[2456] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd449940 12 bytes [48, B8, B9, C0, C1, 75, 00, ...] .text C:\Program Files (x86)\Bluetooth Suite\adminservice.exe[2456] C:\Windows\system32\KERNELBASE.dll!FreeLibrary + 1 000007fefd449fb1 11 bytes [B8, 79, C2, C1, 75, 00, 00, ...] .text C:\Program Files (x86)\Bluetooth Suite\adminservice.exe[2456] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExA + 1 000007fefd44bbb1 11 bytes [B8, F9, BE, C1, 75, 00, 00, ...] .text C:\Program Files (x86)\Bluetooth Suite\adminservice.exe[2456] C:\Windows\system32\KERNELBASE.dll!OpenMutexW + 1 000007fefd4529c1 11 bytes [B8, B9, 49, C1, 75, 00, 00, ...] .text C:\Program Files (x86)\Bluetooth Suite\adminservice.exe[2456] C:\Windows\system32\KERNELBASE.dll!WriteProcessMemory 000007fefd474320 12 bytes [48, B8, 79, 3D, C1, 75, 00, ...] .text C:\Program Files (x86)\Bluetooth Suite\adminservice.exe[2456] C:\Windows\system32\KERNELBASE.dll!CreateRemoteThread + 1 000007fefd482841 8 bytes [B8, 39, 23, C1, 75, 00, 00, ...] .text C:\Program Files (x86)\Bluetooth Suite\adminservice.exe[2456] C:\Windows\system32\KERNELBASE.dll!CreateRemoteThread + 10 000007fefd48284a 2 bytes [50, C3] .text C:\Program Files (x86)\Bluetooth Suite\adminservice.exe[2456] C:\Windows\system32\KERNELBASE.dll!CreateThread + 1 000007fefd482881 11 bytes [B8, B9, 3B, C1, 75, 00, 00, ...] .text C:\xampp\filezillaftp\filezillaserver.exe[2492] C:\Windows\SysWOW64\ntdll.dll!NtReadFile 000000007738f8d0 5 bytes JMP 00000001741e60c1 .text C:\xampp\filezillaftp\filezillaserver.exe[2492] C:\Windows\SysWOW64\ntdll.dll!NtWriteFile 000000007738f908 5 bytes JMP 00000001741e66f1 .text C:\xampp\filezillaftp\filezillaserver.exe[2492] C:\Windows\SysWOW64\ntdll.dll!NtClose 000000007738f9c0 5 bytes JMP 00000001741e5f11 .text C:\xampp\filezillaftp\filezillaserver.exe[2492] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationProcess 000000007738fb08 5 bytes JMP 00000001741e5971 .text C:\xampp\filezillaftp\filezillaserver.exe[2492] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess 000000007738fc00 5 bytes JMP 00000001741e3061 .text C:\xampp\filezillaftp\filezillaserver.exe[2492] C:\Windows\SysWOW64\ntdll.dll!NtMapViewOfSection 000000007738fc30 5 bytes JMP 00000001741e15f1 .text C:\xampp\filezillaftp\filezillaserver.exe[2492] C:\Windows\SysWOW64\ntdll.dll!NtUnmapViewOfSection 000000007738fc60 5 bytes JMP 00000001741e1681 .text C:\xampp\filezillaftp\filezillaserver.exe[2492] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 000000007738fc90 5 bytes JMP 00000001741e58e1 .text C:\xampp\filezillaftp\filezillaserver.exe[2492] C:\Windows\SysWOW64\ntdll.dll!NtOpenSection 000000007738fda8 5 bytes JMP 00000001741e6661 .text C:\xampp\filezillaftp\filezillaserver.exe[2492] C:\Windows\SysWOW64\ntdll.dll!NtWriteVirtualMemory 000000007738fdf4 5 bytes JMP 00000001741e2f41 .text C:\xampp\filezillaftp\filezillaserver.exe[2492] C:\Windows\SysWOW64\ntdll.dll!NtDuplicateObject 000000007738fe24 5 bytes JMP 00000001741e3181 .text C:\xampp\filezillaftp\filezillaserver.exe[2492] C:\Windows\SysWOW64\ntdll.dll!NtQueueApcThread 000000007738ff04 5 bytes JMP 00000001741e30f1 .text C:\xampp\filezillaftp\filezillaserver.exe[2492] C:\Windows\SysWOW64\ntdll.dll!NtCreateSection 000000007738ff84 5 bytes JMP 00000001741e6781 .text C:\xampp\filezillaftp\filezillaserver.exe[2492] C:\Windows\SysWOW64\ntdll.dll!NtCreateProcessEx 000000007738ffcc 5 bytes JMP 00000001741e2d91 .text C:\xampp\filezillaftp\filezillaserver.exe[2492] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread 000000007738ffe4 5 bytes JMP 00000001741e2c71 .text C:\xampp\filezillaftp\filezillaserver.exe[2492] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile 0000000077390094 5 bytes JMP 00000001741e1e61 .text C:\xampp\filezillaftp\filezillaserver.exe[2492] C:\Windows\SysWOW64\ntdll.dll!NtSetValueKey 00000000773901a4 5 bytes JMP 00000001741e2251 .text C:\xampp\filezillaftp\filezillaserver.exe[2492] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant 000000007739077c 5 bytes JMP 00000001741e65d1 .text C:\xampp\filezillaftp\filezillaserver.exe[2492] C:\Windows\SysWOW64\ntdll.dll!NtCreateProcess 00000000773907f4 5 bytes JMP 00000001741e2d01 .text C:\xampp\filezillaftp\filezillaserver.exe[2492] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx 0000000077390884 5 bytes JMP 00000001741e2be1 .text C:\xampp\filezillaftp\filezillaserver.exe[2492] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver 0000000077390dd4 5 bytes JMP 00000001741e5fa1 .text C:\xampp\filezillaftp\filezillaserver.exe[2492] C:\Windows\SysWOW64\ntdll.dll!NtRaiseHardError 00000000773915e4 5 bytes JMP 00000001741e4651 .text C:\xampp\filezillaftp\filezillaserver.exe[2492] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread 0000000077391900 5 bytes JMP 00000001741e2fd1 .text C:\xampp\filezillaftp\filezillaserver.exe[2492] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation 0000000077391bc4 5 bytes JMP 00000001741e6031 .text C:\xampp\filezillaftp\filezillaserver.exe[2492] C:\Windows\SysWOW64\ntdll.dll!NtSystemDebugControl 0000000077391d6c 5 bytes JMP 00000001741e6811 .text C:\xampp\filezillaftp\filezillaserver.exe[2492] C:\Windows\SysWOW64\ntdll.dll!NtVdmControl 0000000077391ec8 5 bytes JMP 00000001741e6421 .text C:\xampp\filezillaftp\filezillaserver.exe[2492] C:\Windows\SysWOW64\ntdll.dll!RtlQueryPerformanceCounter 00000000773a88a4 5 bytes JMP 00000001741e1a71 .text C:\xampp\filezillaftp\filezillaserver.exe[2492] C:\Windows\SysWOW64\ntdll.dll!RtlCreateProcessParametersEx 00000000773d0cfb 5 bytes JMP 00000001741e1f81 .text C:\xampp\filezillaftp\filezillaserver.exe[2492] C:\Windows\SysWOW64\ntdll.dll!RtlReportException 000000007741857f 5 bytes JMP 00000001741e46e1 .text C:\xampp\filezillaftp\filezillaserver.exe[2492] C:\Windows\SysWOW64\ntdll.dll!RtlCreateProcessParameters 000000007741e81b 5 bytes JMP 00000001741e1ef1 .text C:\xampp\filezillaftp\filezillaserver.exe[2492] C:\Windows\syswow64\kernel32.dll!GetStartupInfoA 00000000764a0e00 5 bytes JMP 00000001741e1d41 .text C:\xampp\filezillaftp\filezillaserver.exe[2492] C:\Windows\syswow64\kernel32.dll!CreateProcessA 00000000764a1072 5 bytes JMP 00000001741e2911 .text C:\xampp\filezillaftp\filezillaserver.exe[2492] C:\Windows\syswow64\kernel32.dll!LoadLibraryA 00000000764a49bf 5 bytes JMP 00000001741e2521 .text C:\xampp\filezillaftp\filezillaserver.exe[2492] C:\Windows\syswow64\kernel32.dll!CreateProcessInternalW 00000000764b3bdb 5 bytes JMP 00000001741e2eb1 .text C:\xampp\filezillaftp\filezillaserver.exe[2492] C:\Windows\syswow64\kernel32.dll!CreateToolhelp32Snapshot 00000000764c7347 5 bytes JMP 00000001741e2641 .text C:\xampp\filezillaftp\filezillaserver.exe[2492] C:\Windows\syswow64\kernel32.dll!Process32NextW 00000000764c8954 5 bytes JMP 00000001741e5e81 .text C:\xampp\filezillaftp\filezillaserver.exe[2492] C:\Windows\syswow64\kernel32.dll!WinExec 0000000076522c91 5 bytes JMP 00000001741e27f1 .text C:\xampp\filezillaftp\filezillaserver.exe[2492] C:\Windows\syswow64\kernel32.dll!ReadConsoleInputA 0000000076546f6b 5 bytes JMP 00000001741e4261 .text C:\xampp\filezillaftp\filezillaserver.exe[2492] C:\Windows\syswow64\kernel32.dll!ReadConsoleInputW 0000000076546f8e 5 bytes JMP 00000001741e4381 .text C:\xampp\filezillaftp\filezillaserver.exe[2492] C:\Windows\syswow64\kernel32.dll!ReadConsoleA 0000000076547339 5 bytes JMP 00000001741e44a1 .text C:\xampp\filezillaftp\filezillaserver.exe[2492] C:\Windows\syswow64\kernel32.dll!ReadConsoleW 00000000765473b2 5 bytes JMP 00000001741e45c1 .text C:\xampp\filezillaftp\filezillaserver.exe[2492] C:\Windows\syswow64\KERNELBASE.dll!GetSystemTimeAsFileTime 00000000750d8f7d 5 bytes JMP 00000001741e19e1 .text C:\xampp\filezillaftp\filezillaserver.exe[2492] C:\Windows\syswow64\KERNELBASE.dll!CloseHandle 00000000750dc428 5 bytes JMP 00000001741e37b1 .text C:\xampp\filezillaftp\filezillaserver.exe[2492] C:\Windows\syswow64\KERNELBASE.dll!WriteProcessMemory 00000000750dec98 5 bytes JMP 00000001741e32a1 .text C:\xampp\filezillaftp\filezillaserver.exe[2492] C:\Windows\syswow64\KERNELBASE.dll!ExitProcess 00000000750df1f8 4 bytes JMP 00000001741e22e1 .text C:\xampp\filezillaftp\filezillaserver.exe[2492] C:\Windows\syswow64\KERNELBASE.dll!GetStartupInfoW 00000000750dfa7b 5 bytes JMP 00000001741e1dd1 .text C:\xampp\filezillaftp\filezillaserver.exe[2492] C:\Windows\syswow64\KERNELBASE.dll!CreateMutexW 00000000750e134a 5 bytes JMP 00000001741e3721 .text C:\xampp\filezillaftp\filezillaserver.exe[2492] C:\Windows\syswow64\KERNELBASE.dll!OpenMutexW 00000000750e1371 5 bytes JMP 00000001741e3691 .text C:\xampp\filezillaftp\filezillaserver.exe[2492] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 00000000750e1d1b 5 bytes JMP 00000001741e1951 .text C:\xampp\filezillaftp\filezillaserver.exe[2492] C:\Windows\syswow64\KERNELBASE.dll!GetProcAddress 00000000750e1e07 5 bytes JMP 00000001741e2401 .text C:\xampp\filezillaftp\filezillaserver.exe[2492] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 00000000750e2aa4 5 bytes JMP 00000001741e5a91 .text C:\xampp\filezillaftp\filezillaserver.exe[2492] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExA 00000000750e2ccc 5 bytes JMP 00000001741e5a01 .text C:\xampp\filezillaftp\filezillaserver.exe[2492] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 00000000750e2d0a 5 bytes JMP 00000001741e5b21 .text C:\xampp\filezillaftp\filezillaserver.exe[2492] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleA 00000000750e2e6d 5 bytes JMP 00000001741e18c1 .text C:\xampp\filezillaftp\filezillaserver.exe[2492] C:\Windows\syswow64\KERNELBASE.dll!SleepEx 00000000750e3b63 5 bytes JMP 00000001741e21c1 .text C:\xampp\filezillaftp\filezillaserver.exe[2492] C:\Windows\syswow64\KERNELBASE.dll!Sleep 00000000750e4489 5 bytes JMP 00000001741e2371 .text C:\xampp\filezillaftp\filezillaserver.exe[2492] C:\Windows\syswow64\KERNELBASE.dll!CreateThread 00000000750e45fb 5 bytes JMP 00000001741e3211 .text C:\xampp\filezillaftp\filezillaserver.exe[2492] C:\Windows\syswow64\KERNELBASE.dll!CreateRemoteThread 00000000750e4624 5 bytes JMP 00000001741e2b51 .text C:\xampp\filezillaftp\filezillaserver.exe[2492] C:\Windows\syswow64\KERNELBASE.dll!CreateFileA 00000000750ec72c 5 bytes JMP 00000001741e26d1 .text C:\xampp\filezillaftp\filezillaserver.exe[2492] C:\Windows\syswow64\msvcrt.dll!_lock + 41 00000000753ca472 5 bytes JMP 00000001741e68a1 .text C:\xampp\filezillaftp\filezillaserver.exe[2492] C:\Windows\syswow64\msvcrt.dll!__p__fmode 00000000753d27ce 5 bytes JMP 00000001741e1b91 .text C:\xampp\filezillaftp\filezillaserver.exe[2492] C:\Windows\syswow64\msvcrt.dll!__p__environ 00000000753de6cf 5 bytes JMP 00000001741e1b01 .text C:\xampp\filezillaftp\filezillaserver.exe[2492] C:\Windows\syswow64\WS2_32.dll!closesocket 0000000076e43918 5 bytes JMP 00000001741e5851 .text C:\xampp\filezillaftp\filezillaserver.exe[2492] C:\Windows\syswow64\WS2_32.dll!WSASocketW 0000000076e43cd3 5 bytes JMP 00000001741e57c1 .text C:\xampp\filezillaftp\filezillaserver.exe[2492] C:\Windows\syswow64\WS2_32.dll!socket 0000000076e43eb8 5 bytes JMP 00000001741e6151 .text C:\xampp\filezillaftp\filezillaserver.exe[2492] C:\Windows\syswow64\WS2_32.dll!WSASend 0000000076e44406 5 bytes JMP 00000001741e20a1 .text C:\xampp\filezillaftp\filezillaserver.exe[2492] C:\Windows\syswow64\WS2_32.dll!GetAddrInfoW 0000000076e44889 5 bytes JMP 00000001741e5191 .text C:\xampp\filezillaftp\filezillaserver.exe[2492] C:\Windows\syswow64\WS2_32.dll!recv 0000000076e46b0e 5 bytes JMP 00000001741e6301 .text C:\xampp\filezillaftp\filezillaserver.exe[2492] C:\Windows\syswow64\WS2_32.dll!connect 0000000076e46bdd 1 byte JMP 00000001741e3de1 .text C:\xampp\filezillaftp\filezillaserver.exe[2492] C:\Windows\syswow64\WS2_32.dll!connect + 2 0000000076e46bdf 3 bytes {CALL RCX} .text C:\xampp\filezillaftp\filezillaserver.exe[2492] C:\Windows\syswow64\WS2_32.dll!send 0000000076e46f01 5 bytes JMP 00000001741e2011 .text C:\xampp\filezillaftp\filezillaserver.exe[2492] C:\Windows\syswow64\WS2_32.dll!WSARecv 0000000076e47089 5 bytes JMP 00000001741e6391 .text C:\xampp\filezillaftp\filezillaserver.exe[2492] C:\Windows\syswow64\WS2_32.dll!WSAConnect 0000000076e4cc3f 5 bytes JMP 00000001741e6271 .text C:\xampp\filezillaftp\filezillaserver.exe[2492] C:\Windows\syswow64\WS2_32.dll!gethostbyname 0000000076e57673 5 bytes JMP 00000001741e5221 .text C:\xampp\filezillaftp\filezillaserver.exe[2492] C:\Windows\syswow64\USER32.dll!GetMessageW 00000000767a78e2 5 bytes JMP 00000001741e4021 .text C:\xampp\filezillaftp\filezillaserver.exe[2492] C:\Windows\syswow64\USER32.dll!GetMessageA 00000000767a7bd3 5 bytes JMP 00000001741e3f91 .text C:\xampp\filezillaftp\filezillaserver.exe[2492] C:\Windows\syswow64\USER32.dll!CreateWindowExW 00000000767a8a29 5 bytes JMP 00000001741e52b1 .text C:\xampp\filezillaftp\filezillaserver.exe[2492] C:\Windows\syswow64\USER32.dll!FindWindowW 00000000767a98fd 5 bytes JMP 00000001741e5cd1 .text C:\xampp\filezillaftp\filezillaserver.exe[2492] C:\Windows\syswow64\USER32.dll!UserClientDllInitialize 00000000767ab6ed 5 bytes JMP 00000001741e69c1 .text C:\xampp\filezillaftp\filezillaserver.exe[2492] C:\Windows\syswow64\USER32.dll!CreateWindowExA 00000000767ad22e 5 bytes JMP 00000001741e5341 .text C:\xampp\filezillaftp\filezillaserver.exe[2492] C:\Windows\syswow64\USER32.dll!FindWindowA 00000000767affe6 5 bytes JMP 00000001741e5bb1 .text C:\xampp\filezillaftp\filezillaserver.exe[2492] C:\Windows\syswow64\USER32.dll!FindWindowExA 00000000767b00d9 5 bytes JMP 00000001741e5c41 .text C:\xampp\filezillaftp\filezillaserver.exe[2492] C:\Windows\syswow64\USER32.dll!PeekMessageW 00000000767b05ba 5 bytes JMP 00000001741e4141 .text C:\xampp\filezillaftp\filezillaserver.exe[2492] C:\Windows\syswow64\USER32.dll!ShowWindow 00000000767b0dfb 5 bytes JMP 00000001741e53d1 .text C:\xampp\filezillaftp\filezillaserver.exe[2492] C:\Windows\syswow64\USER32.dll!PostMessageW 00000000767b12a5 5 bytes JMP 00000001741e6541 .text C:\xampp\filezillaftp\filezillaserver.exe[2492] C:\Windows\syswow64\USER32.dll!SetWindowTextW 00000000767b20ec 5 bytes JMP 00000001741e5731 .text C:\xampp\filezillaftp\filezillaserver.exe[2492] C:\Windows\syswow64\USER32.dll!PostMessageA 00000000767b3baa 5 bytes JMP 00000001741e64b1 .text C:\xampp\filezillaftp\filezillaserver.exe[2492] C:\Windows\syswow64\USER32.dll!PeekMessageA 00000000767b5f74 5 bytes JMP 00000001741e40b1 .text C:\xampp\filezillaftp\filezillaserver.exe[2492] C:\Windows\syswow64\USER32.dll!CallNextHookEx 00000000767b6285 5 bytes JMP 00000001741e4771 .text C:\xampp\filezillaftp\filezillaserver.exe[2492] C:\Windows\syswow64\USER32.dll!SetWindowsHookExW 00000000767b7603 5 bytes JMP 00000001741e2ac1 .text C:\xampp\filezillaftp\filezillaserver.exe[2492] C:\Windows\syswow64\USER32.dll!SetWindowTextA 00000000767b7aee 5 bytes JMP 00000001741e56a1 .text C:\xampp\filezillaftp\filezillaserver.exe[2492] C:\Windows\syswow64\USER32.dll!SetWindowsHookExA 00000000767b835c 5 bytes JMP 00000001741e2a31 .text C:\xampp\filezillaftp\filezillaserver.exe[2492] C:\Windows\syswow64\USER32.dll!DialogBoxIndirectParamAorW 00000000767cce54 5 bytes JMP 00000001741e54f1 .text C:\xampp\filezillaftp\filezillaserver.exe[2492] C:\Windows\syswow64\USER32.dll!UnhookWindowsHookEx 00000000767cf52b 5 bytes JMP 00000001741e4801 .text C:\xampp\filezillaftp\filezillaserver.exe[2492] C:\Windows\syswow64\USER32.dll!FindWindowExW 00000000767cf588 5 bytes JMP 00000001741e5d61 .text C:\xampp\filezillaftp\filezillaserver.exe[2492] C:\Windows\syswow64\USER32.dll!CreateDialogIndirectParamAorW 00000000767d10a0 5 bytes JMP 00000001741e5461 .text C:\xampp\filezillaftp\filezillaserver.exe[2492] C:\Windows\syswow64\USER32.dll!MessageBoxExA 00000000767ffcd6 5 bytes JMP 00000001741e5581 .text C:\xampp\filezillaftp\filezillaserver.exe[2492] C:\Windows\syswow64\USER32.dll!MessageBoxExW 00000000767ffcfa 5 bytes JMP 00000001741e5611 .text C:\xampp\filezillaftp\filezillaserver.exe[2492] C:\Windows\syswow64\ADVAPI32.dll!OpenServiceW 0000000076e8ca4c 5 bytes JMP 00000001741e38d1 .text C:\xampp\filezillaftp\filezillaserver.exe[2492] C:\Windows\syswow64\ADVAPI32.dll!OpenServiceA 0000000076e92bf0 5 bytes JMP 00000001741e3841 .text C:\xampp\filezillaftp\filezillaserver.exe[2492] C:\Windows\syswow64\ADVAPI32.dll!CloseServiceHandle 0000000076e9369c 5 bytes JMP 00000001741e3cc1 .text C:\xampp\filezillaftp\filezillaserver.exe[2492] C:\Windows\syswow64\ADVAPI32.dll!RegOpenKeyExA + 222 0000000076e949e5 5 bytes JMP 00000001741e6a51 .text C:\xampp\filezillaftp\filezillaserver.exe[2492] C:\Windows\syswow64\ADVAPI32.dll!CreateServiceW 0000000076ea712c 5 bytes JMP 00000001741e3f01 .text C:\xampp\filezillaftp\filezillaserver.exe[2492] C:\Windows\syswow64\ADVAPI32.dll!ControlService 0000000076ea7144 5 bytes JMP 00000001741e3a81 .text C:\xampp\filezillaftp\filezillaserver.exe[2492] C:\Windows\syswow64\ADVAPI32.dll!DeleteService 0000000076ea715c 5 bytes JMP 00000001741e3b11 .text C:\xampp\filezillaftp\filezillaserver.exe[2492] C:\Windows\syswow64\ADVAPI32.dll!ChangeServiceConfigA 0000000076ec30e8 5 bytes JMP 00000001741e3ba1 .text C:\xampp\filezillaftp\filezillaserver.exe[2492] C:\Windows\syswow64\ADVAPI32.dll!ChangeServiceConfigW 0000000076ec30f8 5 bytes JMP 00000001741e3c31 .text C:\xampp\filezillaftp\filezillaserver.exe[2492] C:\Windows\syswow64\ADVAPI32.dll!ControlServiceExA 0000000076ec3108 5 bytes JMP 00000001741e3961 .text C:\xampp\filezillaftp\filezillaserver.exe[2492] C:\Windows\syswow64\ADVAPI32.dll!ControlServiceExW 0000000076ec3118 5 bytes JMP 00000001741e39f1 .text C:\xampp\filezillaftp\filezillaserver.exe[2492] C:\Windows\syswow64\ADVAPI32.dll!CreateServiceA 0000000076ec3158 5 bytes JMP 00000001741e3e71 .text C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe[2620] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000077341465 2 bytes [34, 77] .text C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe[2620] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000773414bb 2 bytes [34, 77] .text ... * 2 .text C:\Windows\system32\svchost.exe[2776] C:\Windows\system32\kernel32.dll!Process32NextW + 1 00000000770720f1 11 bytes [B8, B9, CE, C1, 75, 00, 00, ...] .text C:\Windows\system32\svchost.exe[2776] C:\Windows\system32\kernel32.dll!CreateToolhelp32Snapshot 00000000770721e0 12 bytes [48, B8, F9, 39, C1, 75, 00, ...] .text C:\Windows\system32\svchost.exe[2776] C:\Windows\system32\kernel32.dll!CreateProcessInternalW 000000007708e750 12 bytes [48, B8, B9, 2D, C1, 75, 00, ...] .text C:\Windows\system32\svchost.exe[2776] C:\Windows\system32\kernel32.dll!GetStartupInfoA + 1 0000000077091e31 11 bytes [B8, 39, E0, C1, 75, 00, 00, ...] .text C:\Windows\system32\svchost.exe[2776] C:\Windows\system32\kernel32.dll!ReadConsoleInputW + 1 00000000770c5011 11 bytes [B8, 79, 75, C1, 75, 00, 00, ...] .text C:\Windows\system32\svchost.exe[2776] C:\Windows\system32\kernel32.dll!ReadConsoleInputA + 1 00000000770c5031 11 bytes [B8, F9, 71, C1, 75, 00, 00, ...] .text C:\Windows\system32\svchost.exe[2776] C:\Windows\system32\kernel32.dll!ReadConsoleW 00000000770da560 12 bytes [48, B8, 79, 7C, C1, 75, 00, ...] .text C:\Windows\system32\svchost.exe[2776] C:\Windows\system32\kernel32.dll!ReadConsoleA 00000000770da670 12 bytes [48, B8, F9, 78, C1, 75, 00, ...] .text C:\Windows\system32\svchost.exe[2776] C:\Windows\system32\KERNELBASE.dll!CloseHandle + 1 000007fefd441861 11 bytes [B8, 39, 4D, C1, 75, 00, 00, ...] .text C:\Windows\system32\svchost.exe[2776] C:\Windows\system32\KERNELBASE.dll!GetProcAddress + 1 000007fefd4430f1 11 bytes [B8, 39, C4, C1, 75, 00, 00, ...] .text C:\Windows\system32\svchost.exe[2776] C:\Windows\system32\KERNELBASE.dll!CreateMutexW 000007fefd448b80 12 bytes [48, B8, 79, 4B, C1, 75, 00, ...] .text C:\Windows\system32\svchost.exe[2776] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd449940 12 bytes [48, B8, B9, C0, C1, 75, 00, ...] .text C:\Windows\system32\svchost.exe[2776] C:\Windows\system32\KERNELBASE.dll!FreeLibrary + 1 000007fefd449fb1 11 bytes [B8, 79, C2, C1, 75, 00, 00, ...] .text C:\Windows\system32\svchost.exe[2776] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExA + 1 000007fefd44bbb1 11 bytes [B8, F9, BE, C1, 75, 00, 00, ...] .text C:\Windows\system32\svchost.exe[2776] C:\Windows\system32\KERNELBASE.dll!OpenMutexW + 1 000007fefd4529c1 11 bytes [B8, B9, 49, C1, 75, 00, 00, ...] .text C:\Windows\system32\svchost.exe[2776] C:\Windows\system32\KERNELBASE.dll!WriteProcessMemory 000007fefd474320 12 bytes [48, B8, 79, 3D, C1, 75, 00, ...] .text C:\Windows\system32\svchost.exe[2776] C:\Windows\system32\KERNELBASE.dll!CreateRemoteThread + 1 000007fefd482841 8 bytes [B8, 39, 23, C1, 75, 00, 00, ...] .text C:\Windows\system32\svchost.exe[2776] C:\Windows\system32\KERNELBASE.dll!CreateRemoteThread + 10 000007fefd48284a 2 bytes [50, C3] .text C:\Windows\system32\svchost.exe[2776] C:\Windows\system32\KERNELBASE.dll!CreateThread + 1 000007fefd482881 11 bytes [B8, B9, 3B, C1, 75, 00, 00, ...] .text C:\Windows\system32\svchost.exe[2776] C:\Windows\SYSTEM32\sechost.dll!ControlService + 1 000007fefd77642d 11 bytes [B8, F9, 55, C1, 75, 00, 00, ...] .text C:\Windows\system32\svchost.exe[2776] C:\Windows\SYSTEM32\sechost.dll!OpenServiceW 000007fefd776484 12 bytes [48, B8, B9, 50, C1, 75, 00, ...] .text C:\Windows\system32\svchost.exe[2776] C:\Windows\SYSTEM32\sechost.dll!CloseServiceHandle + 1 000007fefd776519 11 bytes [B8, F9, 5C, C1, 75, 00, 00, ...] .text C:\Windows\system32\svchost.exe[2776] C:\Windows\SYSTEM32\sechost.dll!OpenServiceA 000007fefd776c34 12 bytes [48, B8, F9, 4E, C1, 75, 00, ...] .text C:\Windows\system32\svchost.exe[2776] C:\Windows\SYSTEM32\sechost.dll!DeleteService + 1 000007fefd777ab5 11 bytes [B8, B9, 57, C1, 75, 00, 00, ...] .text C:\Windows\system32\svchost.exe[2776] C:\Windows\SYSTEM32\sechost.dll!ControlServiceExA + 1 000007fefd778b01 11 bytes [B8, 79, 52, C1, 75, 00, 00, ...] .text C:\Windows\system32\svchost.exe[2776] C:\Windows\SYSTEM32\sechost.dll!ControlServiceExW + 1 000007fefd778c39 11 bytes [B8, 39, 54, C1, 75, 00, 00, ...] .text C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe[2808] C:\Windows\SysWOW64\ntdll.dll!NtWriteFile 000000007738f908 5 bytes JMP 00000001741e6661 .text C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe[2808] C:\Windows\SysWOW64\ntdll.dll!NtClose 000000007738f9c0 5 bytes JMP 00000001741e5f11 .text C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe[2808] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationProcess 000000007738fb08 5 bytes JMP 00000001741e5971 .text C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe[2808] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess 000000007738fc00 5 bytes JMP 00000001741e3061 .text C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe[2808] C:\Windows\SysWOW64\ntdll.dll!NtMapViewOfSection 000000007738fc30 5 bytes JMP 00000001741e15f1 .text C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe[2808] C:\Windows\SysWOW64\ntdll.dll!NtUnmapViewOfSection 000000007738fc60 5 bytes JMP 00000001741e1681 .text C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe[2808] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 000000007738fc90 5 bytes JMP 00000001741e58e1 .text C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe[2808] C:\Windows\SysWOW64\ntdll.dll!NtOpenSection 000000007738fda8 5 bytes JMP 00000001741e65d1 .text C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe[2808] C:\Windows\SysWOW64\ntdll.dll!NtWriteVirtualMemory 000000007738fdf4 5 bytes JMP 00000001741e2f41 .text C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe[2808] C:\Windows\SysWOW64\ntdll.dll!NtDuplicateObject 000000007738fe24 5 bytes JMP 00000001741e3181 .text C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe[2808] C:\Windows\SysWOW64\ntdll.dll!NtQueueApcThread 000000007738ff04 5 bytes JMP 00000001741e30f1 .text C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe[2808] C:\Windows\SysWOW64\ntdll.dll!NtCreateSection 000000007738ff84 5 bytes JMP 00000001741e66f1 .text C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe[2808] C:\Windows\SysWOW64\ntdll.dll!NtCreateProcessEx 000000007738ffcc 5 bytes JMP 00000001741e2d91 .text C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe[2808] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread 000000007738ffe4 5 bytes JMP 00000001741e2c71 .text C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe[2808] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile 0000000077390094 5 bytes JMP 00000001741e1e61 .text C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe[2808] C:\Windows\SysWOW64\ntdll.dll!NtSetValueKey 00000000773901a4 5 bytes JMP 00000001741e2251 .text C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe[2808] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant 000000007739077c 5 bytes JMP 00000001741e6541 .text C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe[2808] C:\Windows\SysWOW64\ntdll.dll!NtCreateProcess 00000000773907f4 5 bytes JMP 00000001741e2d01 .text C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe[2808] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx 0000000077390884 5 bytes JMP 00000001741e2be1 .text C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe[2808] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver 0000000077390dd4 5 bytes JMP 00000001741e5fa1 .text C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe[2808] C:\Windows\SysWOW64\ntdll.dll!NtRaiseHardError 00000000773915e4 5 bytes JMP 00000001741e4651 .text C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe[2808] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread 0000000077391900 5 bytes JMP 00000001741e2fd1 .text C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe[2808] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation 0000000077391bc4 5 bytes JMP 00000001741e6031 .text C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe[2808] C:\Windows\SysWOW64\ntdll.dll!NtSystemDebugControl 0000000077391d6c 5 bytes JMP 00000001741e6781 .text C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe[2808] C:\Windows\SysWOW64\ntdll.dll!NtVdmControl 0000000077391ec8 5 bytes JMP 00000001741e6391 .text C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe[2808] C:\Windows\SysWOW64\ntdll.dll!RtlQueryPerformanceCounter 00000000773a88a4 5 bytes JMP 00000001741e1a71 .text C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe[2808] C:\Windows\SysWOW64\ntdll.dll!RtlCreateProcessParametersEx 00000000773d0cfb 5 bytes JMP 00000001741e1f81 .text C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe[2808] C:\Windows\SysWOW64\ntdll.dll!RtlReportException 000000007741857f 5 bytes JMP 00000001741e46e1 .text C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe[2808] C:\Windows\SysWOW64\ntdll.dll!RtlCreateProcessParameters 000000007741e81b 5 bytes JMP 00000001741e1ef1 .text C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe[2808] C:\Windows\syswow64\kernel32.dll!GetStartupInfoA 00000000764a0e00 5 bytes JMP 00000001741e1d41 .text C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe[2808] C:\Windows\syswow64\kernel32.dll!CreateProcessA 00000000764a1072 5 bytes JMP 00000001741e2911 .text C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe[2808] C:\Windows\syswow64\kernel32.dll!LoadLibraryA 00000000764a49bf 5 bytes JMP 00000001741e2521 .text C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe[2808] C:\Windows\syswow64\kernel32.dll!CreateProcessInternalW 00000000764b3bdb 5 bytes JMP 00000001741e2eb1 .text C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe[2808] C:\Windows\syswow64\kernel32.dll!CreateToolhelp32Snapshot 00000000764c7347 5 bytes JMP 00000001741e2641 .text C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe[2808] C:\Windows\syswow64\kernel32.dll!Process32NextW 00000000764c8954 5 bytes JMP 00000001741e5e81 .text C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe[2808] C:\Windows\syswow64\kernel32.dll!WinExec 0000000076522c91 5 bytes JMP 00000001741e27f1 .text C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe[2808] C:\Windows\syswow64\kernel32.dll!ReadConsoleInputA 0000000076546f6b 5 bytes JMP 00000001741e4261 .text C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe[2808] C:\Windows\syswow64\kernel32.dll!ReadConsoleInputW 0000000076546f8e 5 bytes JMP 00000001741e4381 .text C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe[2808] C:\Windows\syswow64\kernel32.dll!ReadConsoleA 0000000076547339 5 bytes JMP 00000001741e44a1 .text C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe[2808] C:\Windows\syswow64\kernel32.dll!ReadConsoleW 00000000765473b2 5 bytes JMP 00000001741e45c1 .text C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe[2808] C:\Windows\syswow64\KERNELBASE.dll!GetSystemTimeAsFileTime 00000000750d8f7d 5 bytes JMP 00000001741e19e1 .text C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe[2808] C:\Windows\syswow64\KERNELBASE.dll!CloseHandle 00000000750dc428 5 bytes JMP 00000001741e37b1 .text C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe[2808] C:\Windows\syswow64\KERNELBASE.dll!WriteProcessMemory 00000000750dec98 5 bytes JMP 00000001741e32a1 .text C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe[2808] C:\Windows\syswow64\KERNELBASE.dll!ExitProcess 00000000750df1f8 4 bytes JMP 00000001741e22e1 .text C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe[2808] C:\Windows\syswow64\KERNELBASE.dll!GetStartupInfoW 00000000750dfa7b 5 bytes JMP 00000001741e1dd1 .text C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe[2808] C:\Windows\syswow64\KERNELBASE.dll!CreateMutexW 00000000750e134a 5 bytes JMP 00000001741e3721 .text C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe[2808] C:\Windows\syswow64\KERNELBASE.dll!OpenMutexW 00000000750e1371 5 bytes JMP 00000001741e3691 .text C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe[2808] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 00000000750e1d1b 5 bytes JMP 00000001741e1951 .text C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe[2808] C:\Windows\syswow64\KERNELBASE.dll!GetProcAddress 00000000750e1e07 5 bytes JMP 00000001741e2401 .text C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe[2808] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 00000000750e2aa4 5 bytes JMP 00000001741e5a91 .text C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe[2808] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExA 00000000750e2ccc 5 bytes JMP 00000001741e5a01 .text C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe[2808] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 00000000750e2d0a 5 bytes JMP 00000001741e5b21 .text C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe[2808] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleA 00000000750e2e6d 5 bytes JMP 00000001741e18c1 .text C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe[2808] C:\Windows\syswow64\KERNELBASE.dll!SleepEx 00000000750e3b63 5 bytes JMP 00000001741e21c1 .text C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe[2808] C:\Windows\syswow64\KERNELBASE.dll!Sleep 00000000750e4489 5 bytes JMP 00000001741e2371 .text C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe[2808] C:\Windows\syswow64\KERNELBASE.dll!CreateThread 00000000750e45fb 5 bytes JMP 00000001741e3211 .text C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe[2808] C:\Windows\syswow64\KERNELBASE.dll!CreateRemoteThread 00000000750e4624 5 bytes JMP 00000001741e2b51 .text C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe[2808] C:\Windows\syswow64\KERNELBASE.dll!CreateFileA 00000000750ec72c 5 bytes JMP 00000001741e26d1 .text C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe[2808] C:\Windows\syswow64\USER32.dll!GetMessageW 00000000767a78e2 5 bytes JMP 00000001741e4021 .text C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe[2808] C:\Windows\syswow64\USER32.dll!GetMessageA 00000000767a7bd3 5 bytes JMP 00000001741e3f91 .text C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe[2808] C:\Windows\syswow64\USER32.dll!CreateWindowExW 00000000767a8a29 5 bytes JMP 00000001741e52b1 .text C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe[2808] C:\Windows\syswow64\USER32.dll!FindWindowW 00000000767a98fd 5 bytes JMP 00000001741e5cd1 .text C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe[2808] C:\Windows\syswow64\USER32.dll!UserClientDllInitialize 00000000767ab6ed 5 bytes JMP 00000001741e6811 .text C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe[2808] C:\Windows\syswow64\USER32.dll!CreateWindowExA 00000000767ad22e 5 bytes JMP 00000001741e5341 .text C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe[2808] C:\Windows\syswow64\USER32.dll!FindWindowA 00000000767affe6 5 bytes JMP 00000001741e5bb1 .text C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe[2808] C:\Windows\syswow64\USER32.dll!FindWindowExA 00000000767b00d9 5 bytes JMP 00000001741e5c41 .text C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe[2808] C:\Windows\syswow64\USER32.dll!PeekMessageW 00000000767b05ba 5 bytes JMP 00000001741e4141 .text C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe[2808] C:\Windows\syswow64\USER32.dll!ShowWindow 00000000767b0dfb 5 bytes JMP 00000001741e53d1 .text C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe[2808] C:\Windows\syswow64\USER32.dll!PostMessageW 00000000767b12a5 5 bytes JMP 00000001741e64b1 .text C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe[2808] C:\Windows\syswow64\USER32.dll!SetWindowTextW 00000000767b20ec 5 bytes JMP 00000001741e5731 .text C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe[2808] C:\Windows\syswow64\USER32.dll!PostMessageA 00000000767b3baa 5 bytes JMP 00000001741e6421 .text C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe[2808] C:\Windows\syswow64\USER32.dll!PeekMessageA 00000000767b5f74 5 bytes JMP 00000001741e40b1 .text C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe[2808] C:\Windows\syswow64\USER32.dll!CallNextHookEx 00000000767b6285 5 bytes JMP 00000001741e4771 .text C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe[2808] C:\Windows\syswow64\USER32.dll!SetWindowsHookExW 00000000767b7603 5 bytes JMP 00000001741e2ac1 .text C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe[2808] C:\Windows\syswow64\USER32.dll!SetWindowTextA 00000000767b7aee 5 bytes JMP 00000001741e56a1 .text C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe[2808] C:\Windows\syswow64\USER32.dll!SetWindowsHookExA 00000000767b835c 5 bytes JMP 00000001741e2a31 .text C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe[2808] C:\Windows\syswow64\USER32.dll!DialogBoxIndirectParamAorW 00000000767cce54 5 bytes JMP 00000001741e54f1 .text C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe[2808] C:\Windows\syswow64\USER32.dll!UnhookWindowsHookEx 00000000767cf52b 5 bytes JMP 00000001741e4801 .text C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe[2808] C:\Windows\syswow64\USER32.dll!FindWindowExW 00000000767cf588 5 bytes JMP 00000001741e5d61 .text C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe[2808] C:\Windows\syswow64\USER32.dll!CreateDialogIndirectParamAorW 00000000767d10a0 5 bytes JMP 00000001741e5461 .text C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe[2808] C:\Windows\syswow64\USER32.dll!MessageBoxExA 00000000767ffcd6 5 bytes JMP 00000001741e5581 .text C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe[2808] C:\Windows\syswow64\USER32.dll!MessageBoxExW 00000000767ffcfa 5 bytes JMP 00000001741e5611 .text C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe[2908] C:\Windows\SysWOW64\ntdll.dll!NtWriteFile 000000007738f908 5 bytes JMP 00000001741e6661 .text C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe[2908] C:\Windows\SysWOW64\ntdll.dll!NtClose 000000007738f9c0 5 bytes JMP 00000001741e5f11 .text C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe[2908] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationProcess 000000007738fb08 5 bytes JMP 00000001741e5971 .text C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe[2908] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess 000000007738fc00 5 bytes JMP 00000001741e3061 .text C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe[2908] C:\Windows\SysWOW64\ntdll.dll!NtMapViewOfSection 000000007738fc30 5 bytes JMP 00000001741e15f1 .text C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe[2908] C:\Windows\SysWOW64\ntdll.dll!NtUnmapViewOfSection 000000007738fc60 5 bytes JMP 00000001741e1681 .text C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe[2908] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 000000007738fc90 5 bytes JMP 00000001741e58e1 .text C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe[2908] C:\Windows\SysWOW64\ntdll.dll!NtOpenSection 000000007738fda8 5 bytes JMP 00000001741e65d1 .text C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe[2908] C:\Windows\SysWOW64\ntdll.dll!NtWriteVirtualMemory 000000007738fdf4 5 bytes JMP 00000001741e2f41 .text C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe[2908] C:\Windows\SysWOW64\ntdll.dll!NtDuplicateObject 000000007738fe24 5 bytes JMP 00000001741e3181 .text C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe[2908] C:\Windows\SysWOW64\ntdll.dll!NtQueueApcThread 000000007738ff04 5 bytes JMP 00000001741e30f1 .text C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe[2908] C:\Windows\SysWOW64\ntdll.dll!NtCreateSection 000000007738ff84 5 bytes JMP 00000001741e66f1 .text C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe[2908] C:\Windows\SysWOW64\ntdll.dll!NtCreateProcessEx 000000007738ffcc 5 bytes JMP 00000001741e2d91 .text C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe[2908] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread 000000007738ffe4 5 bytes JMP 00000001741e2c71 .text C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe[2908] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile 0000000077390094 5 bytes JMP 00000001741e1e61 .text C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe[2908] C:\Windows\SysWOW64\ntdll.dll!NtSetValueKey 00000000773901a4 5 bytes JMP 00000001741e2251 .text C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe[2908] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant 000000007739077c 5 bytes JMP 00000001741e6541 .text C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe[2908] C:\Windows\SysWOW64\ntdll.dll!NtCreateProcess 00000000773907f4 5 bytes JMP 00000001741e2d01 .text C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe[2908] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx 0000000077390884 5 bytes JMP 00000001741e2be1 .text C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe[2908] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver 0000000077390dd4 5 bytes JMP 00000001741e5fa1 .text C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe[2908] C:\Windows\SysWOW64\ntdll.dll!NtRaiseHardError 00000000773915e4 5 bytes JMP 00000001741e4651 .text C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe[2908] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread 0000000077391900 5 bytes JMP 00000001741e2fd1 .text C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe[2908] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation 0000000077391bc4 5 bytes JMP 00000001741e6031 .text C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe[2908] C:\Windows\SysWOW64\ntdll.dll!NtSystemDebugControl 0000000077391d6c 5 bytes JMP 00000001741e6781 .text C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe[2908] C:\Windows\SysWOW64\ntdll.dll!NtVdmControl 0000000077391ec8 5 bytes JMP 00000001741e6391 .text C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe[2908] C:\Windows\SysWOW64\ntdll.dll!RtlQueryPerformanceCounter 00000000773a88a4 5 bytes JMP 00000001741e1a71 .text C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe[2908] C:\Windows\SysWOW64\ntdll.dll!RtlCreateProcessParametersEx 00000000773d0cfb 5 bytes JMP 00000001741e1f81 .text C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe[2908] C:\Windows\SysWOW64\ntdll.dll!RtlReportException 000000007741857f 5 bytes JMP 00000001741e46e1 .text C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe[2908] C:\Windows\SysWOW64\ntdll.dll!RtlCreateProcessParameters 000000007741e81b 5 bytes JMP 00000001741e1ef1 .text C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe[2908] C:\Windows\syswow64\kernel32.dll!GetStartupInfoA 00000000764a0e00 5 bytes JMP 00000001741e1d41 .text C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe[2908] C:\Windows\syswow64\kernel32.dll!CreateProcessA 00000000764a1072 5 bytes JMP 00000001741e2911 .text C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe[2908] C:\Windows\syswow64\kernel32.dll!LoadLibraryA 00000000764a49bf 5 bytes JMP 00000001741e2521 .text C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe[2908] C:\Windows\syswow64\kernel32.dll!CreateProcessInternalW 00000000764b3bdb 5 bytes JMP 00000001741e2eb1 .text C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe[2908] C:\Windows\syswow64\kernel32.dll!CreateToolhelp32Snapshot 00000000764c7347 5 bytes JMP 00000001741e2641 .text C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe[2908] C:\Windows\syswow64\kernel32.dll!Process32NextW 00000000764c8954 5 bytes JMP 00000001741e5e81 .text C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe[2908] C:\Windows\syswow64\kernel32.dll!WinExec 0000000076522c91 5 bytes JMP 00000001741e27f1 .text C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe[2908] C:\Windows\syswow64\kernel32.dll!ReadConsoleInputA 0000000076546f6b 5 bytes JMP 00000001741e4261 .text C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe[2908] C:\Windows\syswow64\kernel32.dll!ReadConsoleInputW 0000000076546f8e 5 bytes JMP 00000001741e4381 .text C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe[2908] C:\Windows\syswow64\kernel32.dll!ReadConsoleA 0000000076547339 5 bytes JMP 00000001741e44a1 .text C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe[2908] C:\Windows\syswow64\kernel32.dll!ReadConsoleW 00000000765473b2 5 bytes JMP 00000001741e45c1 .text C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe[2908] C:\Windows\syswow64\KERNELBASE.dll!GetSystemTimeAsFileTime 00000000750d8f7d 5 bytes JMP 00000001741e19e1 .text C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe[2908] C:\Windows\syswow64\KERNELBASE.dll!CloseHandle 00000000750dc428 5 bytes JMP 00000001741e37b1 .text C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe[2908] C:\Windows\syswow64\KERNELBASE.dll!WriteProcessMemory 00000000750dec98 5 bytes JMP 00000001741e32a1 .text C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe[2908] C:\Windows\syswow64\KERNELBASE.dll!ExitProcess 00000000750df1f8 4 bytes JMP 00000001741e22e1 .text C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe[2908] C:\Windows\syswow64\KERNELBASE.dll!GetStartupInfoW 00000000750dfa7b 5 bytes JMP 00000001741e1dd1 .text C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe[2908] C:\Windows\syswow64\KERNELBASE.dll!CreateMutexW 00000000750e134a 5 bytes JMP 00000001741e3721 .text C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe[2908] C:\Windows\syswow64\KERNELBASE.dll!OpenMutexW 00000000750e1371 5 bytes JMP 00000001741e3691 .text C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe[2908] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 00000000750e1d1b 5 bytes JMP 00000001741e1951 .text C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe[2908] C:\Windows\syswow64\KERNELBASE.dll!GetProcAddress 00000000750e1e07 5 bytes JMP 00000001741e2401 .text C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe[2908] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 00000000750e2aa4 5 bytes JMP 00000001741e5a91 .text C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe[2908] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExA 00000000750e2ccc 5 bytes JMP 00000001741e5a01 .text C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe[2908] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 00000000750e2d0a 5 bytes JMP 00000001741e5b21 .text C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe[2908] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleA 00000000750e2e6d 5 bytes JMP 00000001741e18c1 .text C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe[2908] C:\Windows\syswow64\KERNELBASE.dll!SleepEx 00000000750e3b63 5 bytes JMP 00000001741e21c1 .text C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe[2908] C:\Windows\syswow64\KERNELBASE.dll!Sleep 00000000750e4489 5 bytes JMP 00000001741e2371 .text C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe[2908] C:\Windows\syswow64\KERNELBASE.dll!CreateThread 00000000750e45fb 5 bytes JMP 00000001741e3211 .text C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe[2908] C:\Windows\syswow64\KERNELBASE.dll!CreateRemoteThread 00000000750e4624 5 bytes JMP 00000001741e2b51 .text C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe[2908] C:\Windows\syswow64\KERNELBASE.dll!CreateFileA 00000000750ec72c 5 bytes JMP 00000001741e26d1 .text C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe[2908] C:\Windows\syswow64\USER32.dll!GetMessageW 00000000767a78e2 5 bytes JMP 00000001741e4021 .text C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe[2908] C:\Windows\syswow64\USER32.dll!GetMessageA 00000000767a7bd3 5 bytes JMP 00000001741e3f91 .text C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe[2908] C:\Windows\syswow64\USER32.dll!CreateWindowExW 00000000767a8a29 5 bytes JMP 00000001741e52b1 .text C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe[2908] C:\Windows\syswow64\USER32.dll!FindWindowW 00000000767a98fd 5 bytes JMP 00000001741e5cd1 .text C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe[2908] C:\Windows\syswow64\USER32.dll!UserClientDllInitialize 00000000767ab6ed 5 bytes JMP 00000001741e6811 .text C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe[2908] C:\Windows\syswow64\USER32.dll!CreateWindowExA 00000000767ad22e 5 bytes JMP 00000001741e5341 .text C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe[2908] C:\Windows\syswow64\USER32.dll!FindWindowA 00000000767affe6 5 bytes JMP 00000001741e5bb1 .text C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe[2908] C:\Windows\syswow64\USER32.dll!FindWindowExA 00000000767b00d9 5 bytes JMP 00000001741e5c41 .text C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe[2908] C:\Windows\syswow64\USER32.dll!PeekMessageW 00000000767b05ba 5 bytes JMP 00000001741e4141 .text C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe[2908] C:\Windows\syswow64\USER32.dll!ShowWindow 00000000767b0dfb 5 bytes JMP 00000001741e53d1 .text C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe[2908] C:\Windows\syswow64\USER32.dll!PostMessageW 00000000767b12a5 5 bytes JMP 00000001741e64b1 .text C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe[2908] C:\Windows\syswow64\USER32.dll!SetWindowTextW 00000000767b20ec 5 bytes JMP 00000001741e5731 .text C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe[2908] C:\Windows\syswow64\USER32.dll!PostMessageA 00000000767b3baa 5 bytes JMP 00000001741e6421 .text C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe[2908] C:\Windows\syswow64\USER32.dll!PeekMessageA 00000000767b5f74 5 bytes JMP 00000001741e40b1 .text C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe[2908] C:\Windows\syswow64\USER32.dll!CallNextHookEx 00000000767b6285 5 bytes JMP 00000001741e4771 .text C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe[2908] C:\Windows\syswow64\USER32.dll!SetWindowsHookExW 00000000767b7603 5 bytes JMP 00000001741e2ac1 .text C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe[2908] C:\Windows\syswow64\USER32.dll!SetWindowTextA 00000000767b7aee 5 bytes JMP 00000001741e56a1 .text C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe[2908] C:\Windows\syswow64\USER32.dll!SetWindowsHookExA 00000000767b835c 5 bytes JMP 00000001741e2a31 .text C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe[2908] C:\Windows\syswow64\USER32.dll!DialogBoxIndirectParamAorW 00000000767cce54 5 bytes JMP 00000001741e54f1 .text C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe[2908] C:\Windows\syswow64\USER32.dll!UnhookWindowsHookEx 00000000767cf52b 5 bytes JMP 00000001741e4801 .text C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe[2908] C:\Windows\syswow64\USER32.dll!FindWindowExW 00000000767cf588 5 bytes JMP 00000001741e5d61 .text C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe[2908] C:\Windows\syswow64\USER32.dll!CreateDialogIndirectParamAorW 00000000767d10a0 5 bytes JMP 00000001741e5461 .text C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe[2908] C:\Windows\syswow64\USER32.dll!MessageBoxExA 00000000767ffcd6 5 bytes JMP 00000001741e5581 .text C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe[2908] C:\Windows\syswow64\USER32.dll!MessageBoxExW 00000000767ffcfa 5 bytes JMP 00000001741e5611 .text C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe[2908] C:\Windows\syswow64\SHELL32.dll!Shell_NotifyIconW 0000000075860171 5 bytes JMP 00000001741e4891 .text C:\Windows\system32\wbem\wmiprvse.exe[3116] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateProcessParametersEx + 1 00000000771c92a1 5 bytes [B8, F9, 63, C1, 75] .text C:\Windows\system32\wbem\wmiprvse.exe[3116] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateProcessParametersEx + 7 00000000771c92a7 5 bytes [00, 00, 00, 50, C3] .text C:\Windows\system32\wbem\wmiprvse.exe[3116] C:\Windows\SYSTEM32\ntdll.dll!NtWriteFile 00000000771e1390 6 bytes [48, B8, 79, EC, C1, 75] .text C:\Windows\system32\wbem\wmiprvse.exe[3116] C:\Windows\SYSTEM32\ntdll.dll!NtWriteFile + 8 00000000771e1398 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\wbem\wmiprvse.exe[3116] C:\Windows\SYSTEM32\ntdll.dll!NtClose 00000000771e1400 6 bytes [48, B8, 79, D0, C1, 75] .text C:\Windows\system32\wbem\wmiprvse.exe[3116] C:\Windows\SYSTEM32\ntdll.dll!NtClose + 8 00000000771e1408 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\wbem\wmiprvse.exe[3116] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess 00000000771e14d0 6 bytes [48, B8, 39, BD, C1, 75] .text C:\Windows\system32\wbem\wmiprvse.exe[3116] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess + 8 00000000771e14d8 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\wbem\wmiprvse.exe[3116] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000771e1570 6 bytes [48, B8, F9, 32, C1, 75] .text C:\Windows\system32\wbem\wmiprvse.exe[3116] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess + 8 00000000771e1578 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\wbem\wmiprvse.exe[3116] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 00000000771e1590 6 bytes [48, B8, 39, 1C, C1, 75] .text C:\Windows\system32\wbem\wmiprvse.exe[3116] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection + 8 00000000771e1598 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\wbem\wmiprvse.exe[3116] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection 00000000771e15b0 6 bytes [48, B8, F9, 1D, C1, 75] .text C:\Windows\system32\wbem\wmiprvse.exe[3116] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection + 8 00000000771e15b8 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\wbem\wmiprvse.exe[3116] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000771e15d0 6 bytes [48, B8, 79, BB, C1, 75] .text C:\Windows\system32\wbem\wmiprvse.exe[3116] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess + 8 00000000771e15d8 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\wbem\wmiprvse.exe[3116] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000771e1680 6 bytes [48, B8, F9, E8, C1, 75] .text C:\Windows\system32\wbem\wmiprvse.exe[3116] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection + 8 00000000771e1688 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\wbem\wmiprvse.exe[3116] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000771e16b0 6 bytes [48, B8, 79, 2F, C1, 75] .text C:\Windows\system32\wbem\wmiprvse.exe[3116] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory + 8 00000000771e16b8 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\wbem\wmiprvse.exe[3116] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000771e16d0 6 bytes [48, B8, 79, 36, C1, 75] .text C:\Windows\system32\wbem\wmiprvse.exe[3116] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject + 8 00000000771e16d8 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\wbem\wmiprvse.exe[3116] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 00000000771e1760 6 bytes [48, B8, B9, 34, C1, 75] .text C:\Windows\system32\wbem\wmiprvse.exe[3116] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread + 8 00000000771e1768 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\wbem\wmiprvse.exe[3116] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000771e17b0 6 bytes [48, B8, 39, EE, C1, 75] .text C:\Windows\system32\wbem\wmiprvse.exe[3116] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection + 8 00000000771e17b8 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\wbem\wmiprvse.exe[3116] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcessEx 00000000771e17e0 6 bytes [48, B8, 39, 2A, C1, 75] .text C:\Windows\system32\wbem\wmiprvse.exe[3116] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcessEx + 8 00000000771e17e8 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\wbem\wmiprvse.exe[3116] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000771e17f0 6 bytes [48, B8, B9, 26, C1, 75] .text C:\Windows\system32\wbem\wmiprvse.exe[3116] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread + 8 00000000771e17f8 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\wbem\wmiprvse.exe[3116] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 00000000771e1860 6 bytes [48, B8, B9, EA, C1, 75] .text C:\Windows\system32\wbem\wmiprvse.exe[3116] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile + 8 00000000771e1868 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\wbem\wmiprvse.exe[3116] C:\Windows\SYSTEM32\ntdll.dll!NtSetValueKey 00000000771e1910 6 bytes [48, B8, B9, F1, C1, 75] .text C:\Windows\system32\wbem\wmiprvse.exe[3116] C:\Windows\SYSTEM32\ntdll.dll!NtSetValueKey + 8 00000000771e1918 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\wbem\wmiprvse.exe[3116] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000771e1ce0 6 bytes [48, B8, 39, E7, C1, 75] .text C:\Windows\system32\wbem\wmiprvse.exe[3116] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant + 8 00000000771e1ce8 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\wbem\wmiprvse.exe[3116] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcess 00000000771e1d30 6 bytes [48, B8, 79, 28, C1, 75] .text C:\Windows\system32\wbem\wmiprvse.exe[3116] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcess + 8 00000000771e1d38 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\wbem\wmiprvse.exe[3116] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000771e1d90 6 bytes [48, B8, F9, 24, C1, 75] .text C:\Windows\system32\wbem\wmiprvse.exe[3116] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx + 8 00000000771e1d98 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\wbem\wmiprvse.exe[3116] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000771e2100 6 bytes [48, B8, 39, D2, C1, 75] .text C:\Windows\system32\wbem\wmiprvse.exe[3116] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver + 8 00000000771e2108 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\wbem\wmiprvse.exe[3116] C:\Windows\SYSTEM32\ntdll.dll!NtRaiseHardError 00000000771e2640 6 bytes [48, B8, 39, 7E, C1, 75] .text C:\Windows\system32\wbem\wmiprvse.exe[3116] C:\Windows\SYSTEM32\ntdll.dll!NtRaiseHardError + 8 00000000771e2648 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\wbem\wmiprvse.exe[3116] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000771e2840 6 bytes [48, B8, 39, 31, C1, 75] .text C:\Windows\system32\wbem\wmiprvse.exe[3116] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread + 8 00000000771e2848 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\wbem\wmiprvse.exe[3116] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000771e2a00 6 bytes [48, B8, F9, D3, C1, 75] .text C:\Windows\system32\wbem\wmiprvse.exe[3116] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation + 8 00000000771e2a08 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\wbem\wmiprvse.exe[3116] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000771e2b00 6 bytes [48, B8, F9, EF, C1, 75] .text C:\Windows\system32\wbem\wmiprvse.exe[3116] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl + 8 00000000771e2b08 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\wbem\wmiprvse.exe[3116] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000771e2be0 6 bytes [48, B8, F9, E1, C1, 75] .text C:\Windows\system32\wbem\wmiprvse.exe[3116] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl + 8 00000000771e2be8 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\wbem\wmiprvse.exe[3116] C:\Windows\SYSTEM32\ntdll.dll!RtlReportException + 1 00000000772531f1 11 bytes [B8, F9, 7F, C1, 75, 00, 00, ...] .text C:\Windows\system32\wbem\wmiprvse.exe[3116] C:\Windows\system32\kernel32.dll!Process32NextW + 1 00000000770720f1 11 bytes [B8, B9, CE, C1, 75, 00, 00, ...] .text C:\Windows\system32\wbem\wmiprvse.exe[3116] C:\Windows\system32\kernel32.dll!CreateToolhelp32Snapshot 00000000770721e0 12 bytes [48, B8, F9, 39, C1, 75, 00, ...] .text C:\Windows\system32\wbem\wmiprvse.exe[3116] C:\Windows\system32\kernel32.dll!CreateProcessInternalW 000000007708e750 12 bytes [48, B8, B9, 2D, C1, 75, 00, ...] .text C:\Windows\system32\wbem\wmiprvse.exe[3116] C:\Windows\system32\kernel32.dll!GetStartupInfoA + 1 0000000077091e31 11 bytes [B8, 39, E0, C1, 75, 00, 00, ...] .text C:\Windows\system32\wbem\wmiprvse.exe[3116] C:\Windows\system32\kernel32.dll!ReadConsoleInputW + 1 00000000770c5011 11 bytes [B8, 79, 75, C1, 75, 00, 00, ...] .text C:\Windows\system32\wbem\wmiprvse.exe[3116] C:\Windows\system32\kernel32.dll!ReadConsoleInputA + 1 00000000770c5031 11 bytes [B8, F9, 71, C1, 75, 00, 00, ...] .text C:\Windows\system32\wbem\wmiprvse.exe[3116] C:\Windows\system32\kernel32.dll!ReadConsoleW 00000000770da560 12 bytes [48, B8, 79, 7C, C1, 75, 00, ...] .text C:\Windows\system32\wbem\wmiprvse.exe[3116] C:\Windows\system32\kernel32.dll!ReadConsoleA 00000000770da670 12 bytes [48, B8, F9, 78, C1, 75, 00, ...] .text C:\Windows\system32\wbem\wmiprvse.exe[3116] C:\Windows\system32\KERNELBASE.dll!CloseHandle + 1 000007fefd441861 11 bytes [B8, 39, 4D, C1, 75, 00, 00, ...] .text C:\Windows\system32\wbem\wmiprvse.exe[3116] C:\Windows\system32\KERNELBASE.dll!GetProcAddress + 1 000007fefd4430f1 11 bytes [B8, 39, C4, C1, 75, 00, 00, ...] .text C:\Windows\system32\wbem\wmiprvse.exe[3116] C:\Windows\system32\KERNELBASE.dll!CreateMutexW 000007fefd448b80 12 bytes [48, B8, 79, 4B, C1, 75, 00, ...] .text C:\Windows\system32\wbem\wmiprvse.exe[3116] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd449940 12 bytes [48, B8, B9, C0, C1, 75, 00, ...] .text C:\Windows\system32\wbem\wmiprvse.exe[3116] C:\Windows\system32\KERNELBASE.dll!FreeLibrary + 1 000007fefd449fb1 11 bytes [B8, 79, C2, C1, 75, 00, 00, ...] .text C:\Windows\system32\wbem\wmiprvse.exe[3116] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExA + 1 000007fefd44bbb1 11 bytes [B8, F9, BE, C1, 75, 00, 00, ...] .text C:\Windows\system32\wbem\wmiprvse.exe[3116] C:\Windows\system32\KERNELBASE.dll!OpenMutexW + 1 000007fefd4529c1 11 bytes [B8, B9, 49, C1, 75, 00, 00, ...] .text C:\Windows\system32\wbem\wmiprvse.exe[3116] C:\Windows\system32\KERNELBASE.dll!WriteProcessMemory 000007fefd474320 12 bytes [48, B8, 79, 3D, C1, 75, 00, ...] .text C:\Windows\system32\wbem\wmiprvse.exe[3116] C:\Windows\system32\KERNELBASE.dll!CreateRemoteThread + 1 000007fefd482841 8 bytes [B8, 39, 23, C1, 75, 00, 00, ...] .text C:\Windows\system32\wbem\wmiprvse.exe[3116] C:\Windows\system32\KERNELBASE.dll!CreateRemoteThread + 10 000007fefd48284a 2 bytes [50, C3] .text C:\Windows\system32\wbem\wmiprvse.exe[3116] C:\Windows\system32\KERNELBASE.dll!CreateThread + 1 000007fefd482881 11 bytes [B8, B9, 3B, C1, 75, 00, 00, ...] .text C:\Windows\system32\wbem\wmiprvse.exe[3116] C:\Windows\SYSTEM32\sechost.dll!ControlService + 1 000007fefd77642d 11 bytes [B8, F9, 55, C1, 75, 00, 00, ...] .text C:\Windows\system32\wbem\wmiprvse.exe[3116] C:\Windows\SYSTEM32\sechost.dll!OpenServiceW 000007fefd776484 12 bytes [48, B8, B9, 50, C1, 75, 00, ...] .text C:\Windows\system32\wbem\wmiprvse.exe[3116] C:\Windows\SYSTEM32\sechost.dll!CloseServiceHandle + 1 000007fefd776519 11 bytes [B8, F9, 5C, C1, 75, 00, 00, ...] .text C:\Windows\system32\wbem\wmiprvse.exe[3116] C:\Windows\SYSTEM32\sechost.dll!OpenServiceA 000007fefd776c34 12 bytes [48, B8, F9, 4E, C1, 75, 00, ...] .text C:\Windows\system32\wbem\wmiprvse.exe[3116] C:\Windows\SYSTEM32\sechost.dll!DeleteService + 1 000007fefd777ab5 11 bytes [B8, B9, 57, C1, 75, 00, 00, ...] .text C:\Windows\system32\wbem\wmiprvse.exe[3116] C:\Windows\SYSTEM32\sechost.dll!ControlServiceExA + 1 000007fefd778b01 11 bytes [B8, 79, 52, C1, 75, 00, 00, ...] .text C:\Windows\system32\wbem\wmiprvse.exe[3116] C:\Windows\SYSTEM32\sechost.dll!ControlServiceExW + 1 000007fefd778c39 11 bytes [B8, 39, 54, C1, 75, 00, 00, ...] .text C:\Windows\system32\wbem\wmiprvse.exe[3124] C:\Windows\system32\kernel32.dll!Process32NextW + 1 00000000770720f1 11 bytes [B8, B9, CE, C1, 75, 00, 00, ...] .text C:\Windows\system32\wbem\wmiprvse.exe[3124] C:\Windows\system32\kernel32.dll!CreateToolhelp32Snapshot 00000000770721e0 12 bytes [48, B8, F9, 39, C1, 75, 00, ...] .text C:\Windows\system32\wbem\wmiprvse.exe[3124] C:\Windows\system32\kernel32.dll!CreateProcessInternalW 000000007708e750 12 bytes [48, B8, B9, 2D, C1, 75, 00, ...] .text C:\Windows\system32\wbem\wmiprvse.exe[3124] C:\Windows\system32\kernel32.dll!GetStartupInfoA + 1 0000000077091e31 11 bytes [B8, 39, E0, C1, 75, 00, 00, ...] .text C:\Windows\system32\wbem\wmiprvse.exe[3124] C:\Windows\system32\kernel32.dll!ReadConsoleInputW + 1 00000000770c5011 11 bytes [B8, 79, 75, C1, 75, 00, 00, ...] .text C:\Windows\system32\wbem\wmiprvse.exe[3124] C:\Windows\system32\kernel32.dll!ReadConsoleInputA + 1 00000000770c5031 11 bytes [B8, F9, 71, C1, 75, 00, 00, ...] .text C:\Windows\system32\wbem\wmiprvse.exe[3124] C:\Windows\system32\kernel32.dll!ReadConsoleW 00000000770da560 12 bytes [48, B8, 79, 7C, C1, 75, 00, ...] .text C:\Windows\system32\wbem\wmiprvse.exe[3124] C:\Windows\system32\kernel32.dll!ReadConsoleA 00000000770da670 12 bytes [48, B8, F9, 78, C1, 75, 00, ...] .text C:\Windows\system32\wbem\wmiprvse.exe[3124] C:\Windows\system32\KERNELBASE.dll!CloseHandle + 1 000007fefd441861 11 bytes [B8, 39, 4D, C1, 75, 00, 00, ...] .text C:\Windows\system32\wbem\wmiprvse.exe[3124] C:\Windows\system32\KERNELBASE.dll!GetProcAddress + 1 000007fefd4430f1 11 bytes [B8, 39, C4, C1, 75, 00, 00, ...] .text C:\Windows\system32\wbem\wmiprvse.exe[3124] C:\Windows\system32\KERNELBASE.dll!CreateMutexW 000007fefd448b80 12 bytes [48, B8, 79, 4B, C1, 75, 00, ...] .text C:\Windows\system32\wbem\wmiprvse.exe[3124] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd449940 12 bytes [48, B8, B9, C0, C1, 75, 00, ...] .text C:\Windows\system32\wbem\wmiprvse.exe[3124] C:\Windows\system32\KERNELBASE.dll!FreeLibrary + 1 000007fefd449fb1 11 bytes [B8, 79, C2, C1, 75, 00, 00, ...] .text C:\Windows\system32\wbem\wmiprvse.exe[3124] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExA + 1 000007fefd44bbb1 11 bytes [B8, F9, BE, C1, 75, 00, 00, ...] .text C:\Windows\system32\wbem\wmiprvse.exe[3124] C:\Windows\system32\KERNELBASE.dll!OpenMutexW + 1 000007fefd4529c1 11 bytes [B8, B9, 49, C1, 75, 00, 00, ...] .text C:\Windows\system32\wbem\wmiprvse.exe[3124] C:\Windows\system32\KERNELBASE.dll!WriteProcessMemory 000007fefd474320 12 bytes [48, B8, 79, 3D, C1, 75, 00, ...] .text C:\Windows\system32\wbem\wmiprvse.exe[3124] C:\Windows\system32\KERNELBASE.dll!CreateRemoteThread + 1 000007fefd482841 8 bytes [B8, 39, 23, C1, 75, 00, 00, ...] .text C:\Windows\system32\wbem\wmiprvse.exe[3124] C:\Windows\system32\KERNELBASE.dll!CreateRemoteThread + 10 000007fefd48284a 2 bytes [50, C3] .text C:\Windows\system32\wbem\wmiprvse.exe[3124] C:\Windows\system32\KERNELBASE.dll!CreateThread + 1 000007fefd482881 11 bytes [B8, B9, 3B, C1, 75, 00, 00, ...] .text C:\Windows\system32\wbem\wmiprvse.exe[3124] C:\Windows\system32\ADVAPI32.dll!IsTextUnicode + 65 000007fefed90761 11 bytes [B8, 79, F3, C1, 75, 00, 00, ...] .text C:\Windows\system32\wbem\wmiprvse.exe[3124] C:\Windows\system32\ADVAPI32.dll!CreateServiceW 000007fefed93b44 12 bytes [48, B8, 79, 67, C1, 75, 00, ...] .text C:\Windows\system32\wbem\wmiprvse.exe[3124] C:\Windows\system32\ADVAPI32.dll!CreateServiceA 000007fefedab704 12 bytes [48, B8, B9, 65, C1, 75, 00, ...] .text C:\Windows\system32\wbem\wmiprvse.exe[3124] C:\Windows\system32\ADVAPI32.dll!ChangeServiceConfigW 000007fefedab870 12 bytes [48, B8, 39, 5B, C1, 75, 00, ...] .text C:\Windows\system32\wbem\wmiprvse.exe[3124] C:\Windows\system32\ADVAPI32.dll!ChangeServiceConfigA 000007fefedab8dc 12 bytes [48, B8, 79, 59, C1, 75, 00, ...] .text C:\Windows\system32\wbem\wmiprvse.exe[3124] C:\Windows\SYSTEM32\sechost.dll!ControlService + 1 000007fefd77642d 11 bytes [B8, F9, 55, C1, 75, 00, 00, ...] .text C:\Windows\system32\wbem\wmiprvse.exe[3124] C:\Windows\SYSTEM32\sechost.dll!OpenServiceW 000007fefd776484 12 bytes [48, B8, B9, 50, C1, 75, 00, ...] .text C:\Windows\system32\wbem\wmiprvse.exe[3124] C:\Windows\SYSTEM32\sechost.dll!CloseServiceHandle + 1 000007fefd776519 11 bytes [B8, F9, 5C, C1, 75, 00, 00, ...] .text C:\Windows\system32\wbem\wmiprvse.exe[3124] C:\Windows\SYSTEM32\sechost.dll!OpenServiceA 000007fefd776c34 12 bytes [48, B8, F9, 4E, C1, 75, 00, ...] .text C:\Windows\system32\wbem\wmiprvse.exe[3124] C:\Windows\SYSTEM32\sechost.dll!DeleteService + 1 000007fefd777ab5 11 bytes [B8, B9, 57, C1, 75, 00, 00, ...] .text C:\Windows\system32\wbem\wmiprvse.exe[3124] C:\Windows\SYSTEM32\sechost.dll!ControlServiceExA + 1 000007fefd778b01 11 bytes [B8, 79, 52, C1, 75, 00, 00, ...] .text C:\Windows\system32\wbem\wmiprvse.exe[3124] C:\Windows\SYSTEM32\sechost.dll!ControlServiceExW + 1 000007fefd778c39 11 bytes [B8, 39, 54, C1, 75, 00, 00, ...] .text C:\xampp\apache\bin\httpd.exe[3308] C:\Windows\SysWOW64\ntdll.dll!NtWriteFile 000000007738f908 5 bytes JMP 00000001741e6661 .text C:\xampp\apache\bin\httpd.exe[3308] C:\Windows\SysWOW64\ntdll.dll!NtClose 000000007738f9c0 5 bytes JMP 00000001741e5f11 .text C:\xampp\apache\bin\httpd.exe[3308] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationProcess 000000007738fb08 5 bytes JMP 00000001741e5971 .text C:\xampp\apache\bin\httpd.exe[3308] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess 000000007738fc00 5 bytes JMP 00000001741e3061 .text C:\xampp\apache\bin\httpd.exe[3308] C:\Windows\SysWOW64\ntdll.dll!NtMapViewOfSection 000000007738fc30 5 bytes JMP 00000001741e15f1 .text C:\xampp\apache\bin\httpd.exe[3308] C:\Windows\SysWOW64\ntdll.dll!NtUnmapViewOfSection 000000007738fc60 5 bytes JMP 00000001741e1681 .text C:\xampp\apache\bin\httpd.exe[3308] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 000000007738fc90 5 bytes JMP 00000001741e58e1 .text C:\xampp\apache\bin\httpd.exe[3308] C:\Windows\SysWOW64\ntdll.dll!NtOpenSection 000000007738fda8 5 bytes JMP 00000001741e65d1 .text C:\xampp\apache\bin\httpd.exe[3308] C:\Windows\SysWOW64\ntdll.dll!NtWriteVirtualMemory 000000007738fdf4 5 bytes JMP 00000001741e2f41 .text C:\xampp\apache\bin\httpd.exe[3308] C:\Windows\SysWOW64\ntdll.dll!NtDuplicateObject 000000007738fe24 5 bytes JMP 00000001741e3181 .text C:\xampp\apache\bin\httpd.exe[3308] C:\Windows\SysWOW64\ntdll.dll!NtQueueApcThread 000000007738ff04 5 bytes JMP 00000001741e30f1 .text C:\xampp\apache\bin\httpd.exe[3308] C:\Windows\SysWOW64\ntdll.dll!NtCreateSection 000000007738ff84 5 bytes JMP 00000001741e66f1 .text C:\xampp\apache\bin\httpd.exe[3308] C:\Windows\SysWOW64\ntdll.dll!NtCreateProcessEx 000000007738ffcc 5 bytes JMP 00000001741e2d91 .text C:\xampp\apache\bin\httpd.exe[3308] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread 000000007738ffe4 5 bytes JMP 00000001741e2c71 .text C:\xampp\apache\bin\httpd.exe[3308] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile 0000000077390094 5 bytes JMP 00000001741e1e61 .text C:\xampp\apache\bin\httpd.exe[3308] C:\Windows\SysWOW64\ntdll.dll!NtSetValueKey 00000000773901a4 5 bytes JMP 00000001741e2251 .text C:\xampp\apache\bin\httpd.exe[3308] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant 000000007739077c 5 bytes JMP 00000001741e6541 .text C:\xampp\apache\bin\httpd.exe[3308] C:\Windows\SysWOW64\ntdll.dll!NtCreateProcess 00000000773907f4 5 bytes JMP 00000001741e2d01 .text C:\xampp\apache\bin\httpd.exe[3308] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx 0000000077390884 5 bytes JMP 00000001741e2be1 .text C:\xampp\apache\bin\httpd.exe[3308] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver 0000000077390dd4 5 bytes JMP 00000001741e5fa1 .text C:\xampp\apache\bin\httpd.exe[3308] C:\Windows\SysWOW64\ntdll.dll!NtRaiseHardError 00000000773915e4 5 bytes JMP 00000001741e4651 .text C:\xampp\apache\bin\httpd.exe[3308] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread 0000000077391900 5 bytes JMP 00000001741e2fd1 .text C:\xampp\apache\bin\httpd.exe[3308] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation 0000000077391bc4 5 bytes JMP 00000001741e6031 .text C:\xampp\apache\bin\httpd.exe[3308] C:\Windows\SysWOW64\ntdll.dll!NtSystemDebugControl 0000000077391d6c 5 bytes JMP 00000001741e6781 .text C:\xampp\apache\bin\httpd.exe[3308] C:\Windows\SysWOW64\ntdll.dll!NtVdmControl 0000000077391ec8 5 bytes JMP 00000001741e6391 .text C:\xampp\apache\bin\httpd.exe[3308] C:\Windows\SysWOW64\ntdll.dll!RtlQueryPerformanceCounter 00000000773a88a4 5 bytes JMP 00000001741e1a71 .text C:\xampp\apache\bin\httpd.exe[3308] C:\Windows\SysWOW64\ntdll.dll!RtlCreateProcessParametersEx 00000000773d0cfb 5 bytes JMP 00000001741e1f81 .text C:\xampp\apache\bin\httpd.exe[3308] C:\Windows\SysWOW64\ntdll.dll!RtlReportException 000000007741857f 5 bytes JMP 00000001741e46e1 .text C:\xampp\apache\bin\httpd.exe[3308] C:\Windows\SysWOW64\ntdll.dll!RtlCreateProcessParameters 000000007741e81b 5 bytes JMP 00000001741e1ef1 .text C:\xampp\apache\bin\httpd.exe[3308] C:\Windows\syswow64\kernel32.dll!GetStartupInfoA 00000000764a0e00 5 bytes JMP 00000001741e1d41 .text C:\xampp\apache\bin\httpd.exe[3308] C:\Windows\syswow64\kernel32.dll!CreateProcessA 00000000764a1072 5 bytes JMP 00000001741e2911 .text C:\xampp\apache\bin\httpd.exe[3308] C:\Windows\syswow64\kernel32.dll!LoadLibraryA 00000000764a49bf 5 bytes JMP 00000001741e2521 .text C:\xampp\apache\bin\httpd.exe[3308] C:\Windows\syswow64\kernel32.dll!CreateProcessInternalW 00000000764b3bdb 5 bytes JMP 00000001741e2eb1 .text C:\xampp\apache\bin\httpd.exe[3308] C:\Windows\syswow64\kernel32.dll!CreateToolhelp32Snapshot 00000000764c7347 5 bytes JMP 00000001741e2641 .text C:\xampp\apache\bin\httpd.exe[3308] C:\Windows\syswow64\kernel32.dll!Process32NextW 00000000764c8954 5 bytes JMP 00000001741e5e81 .text C:\xampp\apache\bin\httpd.exe[3308] C:\Windows\syswow64\kernel32.dll!WinExec 0000000076522c91 5 bytes JMP 00000001741e27f1 .text C:\xampp\apache\bin\httpd.exe[3308] C:\Windows\syswow64\kernel32.dll!ReadConsoleInputA 0000000076546f6b 5 bytes JMP 00000001741e4261 .text C:\xampp\apache\bin\httpd.exe[3308] C:\Windows\syswow64\kernel32.dll!ReadConsoleInputW 0000000076546f8e 5 bytes JMP 00000001741e4381 .text C:\xampp\apache\bin\httpd.exe[3308] C:\Windows\syswow64\kernel32.dll!ReadConsoleA 0000000076547339 5 bytes JMP 00000001741e44a1 .text C:\xampp\apache\bin\httpd.exe[3308] C:\Windows\syswow64\kernel32.dll!ReadConsoleW 00000000765473b2 5 bytes JMP 00000001741e45c1 .text C:\xampp\apache\bin\httpd.exe[3308] C:\Windows\syswow64\KERNELBASE.dll!GetSystemTimeAsFileTime 00000000750d8f7d 5 bytes JMP 00000001741e19e1 .text C:\xampp\apache\bin\httpd.exe[3308] C:\Windows\syswow64\KERNELBASE.dll!CloseHandle 00000000750dc428 5 bytes JMP 00000001741e37b1 .text C:\xampp\apache\bin\httpd.exe[3308] C:\Windows\syswow64\KERNELBASE.dll!WriteProcessMemory 00000000750dec98 5 bytes JMP 00000001741e32a1 .text C:\xampp\apache\bin\httpd.exe[3308] C:\Windows\syswow64\KERNELBASE.dll!ExitProcess 00000000750df1f8 4 bytes JMP 00000001741e22e1 .text C:\xampp\apache\bin\httpd.exe[3308] C:\Windows\syswow64\KERNELBASE.dll!GetStartupInfoW 00000000750dfa7b 5 bytes JMP 00000001741e1dd1 .text C:\xampp\apache\bin\httpd.exe[3308] C:\Windows\syswow64\KERNELBASE.dll!CreateMutexW 00000000750e134a 5 bytes JMP 00000001741e3721 .text C:\xampp\apache\bin\httpd.exe[3308] C:\Windows\syswow64\KERNELBASE.dll!OpenMutexW 00000000750e1371 5 bytes JMP 00000001741e3691 .text C:\xampp\apache\bin\httpd.exe[3308] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 00000000750e1d1b 5 bytes JMP 00000001741e1951 .text C:\xampp\apache\bin\httpd.exe[3308] C:\Windows\syswow64\KERNELBASE.dll!GetProcAddress 00000000750e1e07 5 bytes JMP 00000001741e2401 .text C:\xampp\apache\bin\httpd.exe[3308] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 00000000750e2aa4 5 bytes JMP 00000001741e5a91 .text C:\xampp\apache\bin\httpd.exe[3308] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExA 00000000750e2ccc 5 bytes JMP 00000001741e5a01 .text C:\xampp\apache\bin\httpd.exe[3308] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 00000000750e2d0a 5 bytes JMP 00000001741e5b21 .text C:\xampp\apache\bin\httpd.exe[3308] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleA 00000000750e2e6d 5 bytes JMP 00000001741e18c1 .text C:\xampp\apache\bin\httpd.exe[3308] C:\Windows\syswow64\KERNELBASE.dll!SleepEx 00000000750e3b63 5 bytes JMP 00000001741e21c1 .text C:\xampp\apache\bin\httpd.exe[3308] C:\Windows\syswow64\KERNELBASE.dll!Sleep 00000000750e4489 5 bytes JMP 00000001741e2371 .text C:\xampp\apache\bin\httpd.exe[3308] C:\Windows\syswow64\KERNELBASE.dll!CreateThread 00000000750e45fb 5 bytes JMP 00000001741e3211 .text C:\xampp\apache\bin\httpd.exe[3308] C:\Windows\syswow64\KERNELBASE.dll!CreateRemoteThread 00000000750e4624 5 bytes JMP 00000001741e2b51 .text C:\xampp\apache\bin\httpd.exe[3308] C:\Windows\syswow64\KERNELBASE.dll!CreateFileA 00000000750ec72c 5 bytes JMP 00000001741e26d1 .text C:\xampp\apache\bin\httpd.exe[3308] C:\Windows\syswow64\WS2_32.dll!closesocket 0000000076e43918 5 bytes JMP 00000001741e5851 .text C:\xampp\apache\bin\httpd.exe[3308] C:\Windows\syswow64\WS2_32.dll!WSASocketW 0000000076e43cd3 5 bytes JMP 00000001741e57c1 .text C:\xampp\apache\bin\httpd.exe[3308] C:\Windows\syswow64\WS2_32.dll!socket 0000000076e43eb8 5 bytes JMP 00000001741e60c1 .text C:\xampp\apache\bin\httpd.exe[3308] C:\Windows\syswow64\WS2_32.dll!WSASend 0000000076e44406 5 bytes JMP 00000001741e20a1 .text C:\xampp\apache\bin\httpd.exe[3308] C:\Windows\syswow64\WS2_32.dll!GetAddrInfoW 0000000076e44889 5 bytes JMP 00000001741e5191 .text C:\xampp\apache\bin\httpd.exe[3308] C:\Windows\syswow64\WS2_32.dll!recv 0000000076e46b0e 5 bytes JMP 00000001741e6271 .text C:\xampp\apache\bin\httpd.exe[3308] C:\Windows\syswow64\WS2_32.dll!connect 0000000076e46bdd 1 byte JMP 00000001741e3de1 .text C:\xampp\apache\bin\httpd.exe[3308] C:\Windows\syswow64\WS2_32.dll!connect + 2 0000000076e46bdf 3 bytes {CALL RCX} .text C:\xampp\apache\bin\httpd.exe[3308] C:\Windows\syswow64\WS2_32.dll!send 0000000076e46f01 5 bytes JMP 00000001741e2011 .text C:\xampp\apache\bin\httpd.exe[3308] C:\Windows\syswow64\WS2_32.dll!WSARecv 0000000076e47089 5 bytes JMP 00000001741e6301 .text C:\xampp\apache\bin\httpd.exe[3308] C:\Windows\syswow64\WS2_32.dll!WSAConnect 0000000076e4cc3f 5 bytes JMP 00000001741e61e1 .text C:\xampp\apache\bin\httpd.exe[3308] C:\Windows\syswow64\WS2_32.dll!gethostbyname 0000000076e57673 5 bytes JMP 00000001741e5221 .text C:\xampp\apache\bin\httpd.exe[3308] C:\Windows\syswow64\user32.dll!GetMessageW 00000000767a78e2 5 bytes JMP 00000001741e4021 .text C:\xampp\apache\bin\httpd.exe[3308] C:\Windows\syswow64\user32.dll!GetMessageA 00000000767a7bd3 5 bytes JMP 00000001741e3f91 .text C:\xampp\apache\bin\httpd.exe[3308] C:\Windows\syswow64\user32.dll!CreateWindowExW 00000000767a8a29 5 bytes JMP 00000001741e52b1 .text C:\xampp\apache\bin\httpd.exe[3308] C:\Windows\syswow64\user32.dll!FindWindowW 00000000767a98fd 5 bytes JMP 00000001741e5cd1 .text C:\xampp\apache\bin\httpd.exe[3308] C:\Windows\syswow64\user32.dll!UserClientDllInitialize 00000000767ab6ed 5 bytes JMP 00000001741e68a1 .text C:\xampp\apache\bin\httpd.exe[3308] C:\Windows\syswow64\user32.dll!CreateWindowExA 00000000767ad22e 5 bytes JMP 00000001741e5341 .text C:\xampp\apache\bin\httpd.exe[3308] C:\Windows\syswow64\user32.dll!FindWindowA 00000000767affe6 5 bytes JMP 00000001741e5bb1 .text C:\xampp\apache\bin\httpd.exe[3308] C:\Windows\syswow64\user32.dll!FindWindowExA 00000000767b00d9 5 bytes JMP 00000001741e5c41 .text C:\xampp\apache\bin\httpd.exe[3308] C:\Windows\syswow64\user32.dll!PeekMessageW 00000000767b05ba 5 bytes JMP 00000001741e4141 .text C:\xampp\apache\bin\httpd.exe[3308] C:\Windows\syswow64\user32.dll!ShowWindow 00000000767b0dfb 5 bytes JMP 00000001741e53d1 .text C:\xampp\apache\bin\httpd.exe[3308] C:\Windows\syswow64\user32.dll!PostMessageW 00000000767b12a5 5 bytes JMP 00000001741e64b1 .text C:\xampp\apache\bin\httpd.exe[3308] C:\Windows\syswow64\user32.dll!SetWindowTextW 00000000767b20ec 5 bytes JMP 00000001741e5731 .text C:\xampp\apache\bin\httpd.exe[3308] C:\Windows\syswow64\user32.dll!PostMessageA 00000000767b3baa 5 bytes JMP 00000001741e6421 .text C:\xampp\apache\bin\httpd.exe[3308] C:\Windows\syswow64\user32.dll!PeekMessageA 00000000767b5f74 5 bytes JMP 00000001741e40b1 .text C:\xampp\apache\bin\httpd.exe[3308] C:\Windows\syswow64\user32.dll!CallNextHookEx 00000000767b6285 5 bytes JMP 00000001741e4771 .text C:\xampp\apache\bin\httpd.exe[3308] C:\Windows\syswow64\user32.dll!SetWindowsHookExW 00000000767b7603 5 bytes JMP 00000001741e2ac1 .text C:\xampp\apache\bin\httpd.exe[3308] C:\Windows\syswow64\user32.dll!SetWindowTextA 00000000767b7aee 5 bytes JMP 00000001741e56a1 .text C:\xampp\apache\bin\httpd.exe[3308] C:\Windows\syswow64\user32.dll!SetWindowsHookExA 00000000767b835c 5 bytes JMP 00000001741e2a31 .text C:\xampp\apache\bin\httpd.exe[3308] C:\Windows\syswow64\user32.dll!DialogBoxIndirectParamAorW 00000000767cce54 5 bytes JMP 00000001741e54f1 .text C:\xampp\apache\bin\httpd.exe[3308] C:\Windows\syswow64\user32.dll!UnhookWindowsHookEx 00000000767cf52b 5 bytes JMP 00000001741e4801 .text C:\xampp\apache\bin\httpd.exe[3308] C:\Windows\syswow64\user32.dll!FindWindowExW 00000000767cf588 5 bytes JMP 00000001741e5d61 .text C:\xampp\apache\bin\httpd.exe[3308] C:\Windows\syswow64\user32.dll!CreateDialogIndirectParamAorW 00000000767d10a0 5 bytes JMP 00000001741e5461 .text C:\xampp\apache\bin\httpd.exe[3308] C:\Windows\syswow64\user32.dll!MessageBoxExA 00000000767ffcd6 5 bytes JMP 00000001741e5581 .text C:\xampp\apache\bin\httpd.exe[3308] C:\Windows\syswow64\user32.dll!MessageBoxExW 00000000767ffcfa 5 bytes JMP 00000001741e5611 .text C:\Windows\system32\svchost.exe[4116] C:\Windows\system32\kernel32.dll!Process32NextW + 1 00000000770720f1 11 bytes [B8, B9, CE, C1, 75, 00, 00, ...] .text C:\Windows\system32\svchost.exe[4116] C:\Windows\system32\kernel32.dll!CreateToolhelp32Snapshot 00000000770721e0 12 bytes [48, B8, F9, 39, C1, 75, 00, ...] .text C:\Windows\system32\svchost.exe[4116] C:\Windows\system32\kernel32.dll!CreateProcessInternalW 000000007708e750 12 bytes [48, B8, B9, 2D, C1, 75, 00, ...] .text C:\Windows\system32\svchost.exe[4116] C:\Windows\system32\kernel32.dll!GetStartupInfoA + 1 0000000077091e31 11 bytes [B8, 39, E0, C1, 75, 00, 00, ...] .text C:\Windows\system32\svchost.exe[4116] C:\Windows\system32\kernel32.dll!ReadConsoleInputW + 1 00000000770c5011 11 bytes [B8, 79, 75, C1, 75, 00, 00, ...] .text C:\Windows\system32\svchost.exe[4116] C:\Windows\system32\kernel32.dll!ReadConsoleInputA + 1 00000000770c5031 11 bytes [B8, F9, 71, C1, 75, 00, 00, ...] .text C:\Windows\system32\svchost.exe[4116] C:\Windows\system32\kernel32.dll!ReadConsoleW 00000000770da560 12 bytes [48, B8, 79, 7C, C1, 75, 00, ...] .text C:\Windows\system32\svchost.exe[4116] C:\Windows\system32\kernel32.dll!ReadConsoleA 00000000770da670 12 bytes [48, B8, F9, 78, C1, 75, 00, ...] .text C:\Windows\system32\svchost.exe[4116] C:\Windows\system32\KERNELBASE.dll!CloseHandle + 1 000007fefd441861 11 bytes [B8, 39, 4D, C1, 75, 00, 00, ...] .text C:\Windows\system32\svchost.exe[4116] C:\Windows\system32\KERNELBASE.dll!GetProcAddress + 1 000007fefd4430f1 11 bytes [B8, 39, C4, C1, 75, 00, 00, ...] .text C:\Windows\system32\svchost.exe[4116] C:\Windows\system32\KERNELBASE.dll!CreateMutexW 000007fefd448b80 12 bytes [48, B8, 79, 4B, C1, 75, 00, ...] .text C:\Windows\system32\svchost.exe[4116] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd449940 12 bytes [48, B8, B9, C0, C1, 75, 00, ...] .text C:\Windows\system32\svchost.exe[4116] C:\Windows\system32\KERNELBASE.dll!FreeLibrary + 1 000007fefd449fb1 11 bytes [B8, 79, C2, C1, 75, 00, 00, ...] .text C:\Windows\system32\svchost.exe[4116] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExA + 1 000007fefd44bbb1 11 bytes [B8, F9, BE, C1, 75, 00, 00, ...] .text C:\Windows\system32\svchost.exe[4116] C:\Windows\system32\KERNELBASE.dll!OpenMutexW + 1 000007fefd4529c1 11 bytes [B8, B9, 49, C1, 75, 00, 00, ...] .text C:\Windows\system32\svchost.exe[4116] C:\Windows\system32\KERNELBASE.dll!WriteProcessMemory 000007fefd474320 12 bytes [48, B8, 79, 3D, C1, 75, 00, ...] .text C:\Windows\system32\svchost.exe[4116] C:\Windows\system32\KERNELBASE.dll!CreateRemoteThread + 1 000007fefd482841 8 bytes [B8, 39, 23, C1, 75, 00, 00, ...] .text C:\Windows\system32\svchost.exe[4116] C:\Windows\system32\KERNELBASE.dll!CreateRemoteThread + 10 000007fefd48284a 2 bytes [50, C3] .text C:\Windows\system32\svchost.exe[4116] C:\Windows\system32\KERNELBASE.dll!CreateThread + 1 000007fefd482881 11 bytes [B8, B9, 3B, C1, 75, 00, 00, ...] .text C:\Windows\system32\svchost.exe[4116] C:\Windows\SYSTEM32\sechost.dll!ControlService + 1 000007fefd77642d 11 bytes [B8, F9, 55, C1, 75, 00, 00, ...] .text C:\Windows\system32\svchost.exe[4116] C:\Windows\SYSTEM32\sechost.dll!OpenServiceW 000007fefd776484 12 bytes [48, B8, B9, 50, C1, 75, 00, ...] .text C:\Windows\system32\svchost.exe[4116] C:\Windows\SYSTEM32\sechost.dll!CloseServiceHandle + 1 000007fefd776519 11 bytes [B8, F9, 5C, C1, 75, 00, 00, ...] .text C:\Windows\system32\svchost.exe[4116] C:\Windows\SYSTEM32\sechost.dll!OpenServiceA 000007fefd776c34 12 bytes [48, B8, F9, 4E, C1, 75, 00, ...] .text C:\Windows\system32\svchost.exe[4116] C:\Windows\SYSTEM32\sechost.dll!DeleteService + 1 000007fefd777ab5 11 bytes [B8, B9, 57, C1, 75, 00, 00, ...] .text C:\Windows\system32\svchost.exe[4116] C:\Windows\SYSTEM32\sechost.dll!ControlServiceExA + 1 000007fefd778b01 11 bytes [B8, 79, 52, C1, 75, 00, 00, ...] .text C:\Windows\system32\svchost.exe[4116] C:\Windows\SYSTEM32\sechost.dll!ControlServiceExW + 1 000007fefd778c39 11 bytes [B8, 39, 54, C1, 75, 00, 00, ...] .text C:\Windows\system32\taskhost.exe[4352] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateProcessParametersEx + 1 00000000771c92a1 5 bytes [B8, F9, 63, C1, 75] .text C:\Windows\system32\taskhost.exe[4352] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateProcessParametersEx + 7 00000000771c92a7 5 bytes [00, 00, 00, 50, C3] .text C:\Windows\system32\taskhost.exe[4352] C:\Windows\SYSTEM32\ntdll.dll!NtWriteFile 00000000771e1390 6 bytes [48, B8, 79, EC, C1, 75] .text C:\Windows\system32\taskhost.exe[4352] C:\Windows\SYSTEM32\ntdll.dll!NtWriteFile + 8 00000000771e1398 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\taskhost.exe[4352] C:\Windows\SYSTEM32\ntdll.dll!NtClose 00000000771e1400 6 bytes [48, B8, 79, D0, C1, 75] .text C:\Windows\system32\taskhost.exe[4352] C:\Windows\SYSTEM32\ntdll.dll!NtClose + 8 00000000771e1408 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\taskhost.exe[4352] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess 00000000771e14d0 6 bytes [48, B8, 39, BD, C1, 75] .text C:\Windows\system32\taskhost.exe[4352] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess + 8 00000000771e14d8 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\taskhost.exe[4352] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000771e1570 6 bytes [48, B8, F9, 32, C1, 75] .text C:\Windows\system32\taskhost.exe[4352] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess + 8 00000000771e1578 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\taskhost.exe[4352] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 00000000771e1590 6 bytes [48, B8, 39, 1C, C1, 75] .text C:\Windows\system32\taskhost.exe[4352] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection + 8 00000000771e1598 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\taskhost.exe[4352] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection 00000000771e15b0 6 bytes [48, B8, F9, 1D, C1, 75] .text C:\Windows\system32\taskhost.exe[4352] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection + 8 00000000771e15b8 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\taskhost.exe[4352] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000771e15d0 6 bytes [48, B8, 79, BB, C1, 75] .text C:\Windows\system32\taskhost.exe[4352] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess + 8 00000000771e15d8 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\taskhost.exe[4352] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000771e1680 6 bytes [48, B8, F9, E8, C1, 75] .text C:\Windows\system32\taskhost.exe[4352] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection + 8 00000000771e1688 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\taskhost.exe[4352] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000771e16b0 6 bytes [48, B8, 79, 2F, C1, 75] .text C:\Windows\system32\taskhost.exe[4352] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory + 8 00000000771e16b8 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\taskhost.exe[4352] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000771e16d0 6 bytes [48, B8, 79, 36, C1, 75] .text C:\Windows\system32\taskhost.exe[4352] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject + 8 00000000771e16d8 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\taskhost.exe[4352] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 00000000771e1760 6 bytes [48, B8, B9, 34, C1, 75] .text C:\Windows\system32\taskhost.exe[4352] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread + 8 00000000771e1768 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\taskhost.exe[4352] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000771e17b0 6 bytes [48, B8, 39, EE, C1, 75] .text C:\Windows\system32\taskhost.exe[4352] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection + 8 00000000771e17b8 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\taskhost.exe[4352] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcessEx 00000000771e17e0 6 bytes [48, B8, 39, 2A, C1, 75] .text C:\Windows\system32\taskhost.exe[4352] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcessEx + 8 00000000771e17e8 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\taskhost.exe[4352] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000771e17f0 6 bytes [48, B8, B9, 26, C1, 75] .text C:\Windows\system32\taskhost.exe[4352] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread + 8 00000000771e17f8 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\taskhost.exe[4352] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 00000000771e1860 6 bytes [48, B8, B9, EA, C1, 75] .text C:\Windows\system32\taskhost.exe[4352] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile + 8 00000000771e1868 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\taskhost.exe[4352] C:\Windows\SYSTEM32\ntdll.dll!NtSetValueKey 00000000771e1910 6 bytes [48, B8, B9, F1, C1, 75] .text C:\Windows\system32\taskhost.exe[4352] C:\Windows\SYSTEM32\ntdll.dll!NtSetValueKey + 8 00000000771e1918 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\taskhost.exe[4352] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000771e1ce0 6 bytes [48, B8, 39, E7, C1, 75] .text C:\Windows\system32\taskhost.exe[4352] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant + 8 00000000771e1ce8 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\taskhost.exe[4352] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcess 00000000771e1d30 6 bytes [48, B8, 79, 28, C1, 75] .text C:\Windows\system32\taskhost.exe[4352] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcess + 8 00000000771e1d38 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\taskhost.exe[4352] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000771e1d90 6 bytes [48, B8, F9, 24, C1, 75] .text C:\Windows\system32\taskhost.exe[4352] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx + 8 00000000771e1d98 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\taskhost.exe[4352] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000771e2100 6 bytes [48, B8, 39, D2, C1, 75] .text C:\Windows\system32\taskhost.exe[4352] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver + 8 00000000771e2108 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\taskhost.exe[4352] C:\Windows\SYSTEM32\ntdll.dll!NtRaiseHardError 00000000771e2640 6 bytes [48, B8, 39, 7E, C1, 75] .text C:\Windows\system32\taskhost.exe[4352] C:\Windows\SYSTEM32\ntdll.dll!NtRaiseHardError + 8 00000000771e2648 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\taskhost.exe[4352] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000771e2840 6 bytes [48, B8, 39, 31, C1, 75] .text C:\Windows\system32\taskhost.exe[4352] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread + 8 00000000771e2848 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\taskhost.exe[4352] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000771e2a00 6 bytes [48, B8, F9, D3, C1, 75] .text C:\Windows\system32\taskhost.exe[4352] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation + 8 00000000771e2a08 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\taskhost.exe[4352] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000771e2b00 6 bytes [48, B8, F9, EF, C1, 75] .text C:\Windows\system32\taskhost.exe[4352] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl + 8 00000000771e2b08 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\taskhost.exe[4352] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000771e2be0 6 bytes [48, B8, F9, E1, C1, 75] .text C:\Windows\system32\taskhost.exe[4352] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl + 8 00000000771e2be8 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\taskhost.exe[4352] C:\Windows\SYSTEM32\ntdll.dll!RtlReportException + 1 00000000772531f1 11 bytes [B8, F9, 7F, C1, 75, 00, 00, ...] .text C:\Windows\system32\taskhost.exe[4352] C:\Windows\system32\kernel32.dll!Process32NextW + 1 00000000770720f1 11 bytes [B8, B9, CE, C1, 75, 00, 00, ...] .text C:\Windows\system32\taskhost.exe[4352] C:\Windows\system32\kernel32.dll!CreateToolhelp32Snapshot 00000000770721e0 12 bytes [48, B8, F9, 39, C1, 75, 00, ...] .text C:\Windows\system32\taskhost.exe[4352] C:\Windows\system32\kernel32.dll!CreateProcessInternalW 000000007708e750 12 bytes [48, B8, B9, 2D, C1, 75, 00, ...] .text C:\Windows\system32\taskhost.exe[4352] C:\Windows\system32\kernel32.dll!GetStartupInfoA + 1 0000000077091e31 11 bytes [B8, 39, E0, C1, 75, 00, 00, ...] .text C:\Windows\system32\taskhost.exe[4352] C:\Windows\system32\kernel32.dll!ReadConsoleInputW + 1 00000000770c5011 11 bytes [B8, 79, 75, C1, 75, 00, 00, ...] .text C:\Windows\system32\taskhost.exe[4352] C:\Windows\system32\kernel32.dll!ReadConsoleInputA + 1 00000000770c5031 11 bytes [B8, F9, 71, C1, 75, 00, 00, ...] .text C:\Windows\system32\taskhost.exe[4352] C:\Windows\system32\kernel32.dll!ReadConsoleW 00000000770da560 12 bytes [48, B8, 79, 7C, C1, 75, 00, ...] .text C:\Windows\system32\taskhost.exe[4352] C:\Windows\system32\kernel32.dll!ReadConsoleA 00000000770da670 12 bytes [48, B8, F9, 78, C1, 75, 00, ...] .text C:\Windows\system32\taskhost.exe[4352] C:\Windows\system32\KERNELBASE.dll!CloseHandle + 1 000007fefd441861 11 bytes [B8, 39, 4D, C1, 75, 00, 00, ...] .text C:\Windows\system32\taskhost.exe[4352] C:\Windows\system32\KERNELBASE.dll!GetProcAddress + 1 000007fefd4430f1 11 bytes [B8, 39, C4, C1, 75, 00, 00, ...] .text C:\Windows\system32\taskhost.exe[4352] C:\Windows\system32\KERNELBASE.dll!CreateMutexW 000007fefd448b80 12 bytes [48, B8, 79, 4B, C1, 75, 00, ...] .text C:\Windows\system32\taskhost.exe[4352] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd449940 12 bytes [48, B8, B9, C0, C1, 75, 00, ...] .text C:\Windows\system32\taskhost.exe[4352] C:\Windows\system32\KERNELBASE.dll!FreeLibrary + 1 000007fefd449fb1 11 bytes [B8, 79, C2, C1, 75, 00, 00, ...] .text C:\Windows\system32\taskhost.exe[4352] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExA + 1 000007fefd44bbb1 11 bytes [B8, F9, BE, C1, 75, 00, 00, ...] .text C:\Windows\system32\taskhost.exe[4352] C:\Windows\system32\KERNELBASE.dll!OpenMutexW + 1 000007fefd4529c1 11 bytes [B8, B9, 49, C1, 75, 00, 00, ...] .text C:\Windows\system32\taskhost.exe[4352] C:\Windows\system32\KERNELBASE.dll!WriteProcessMemory 000007fefd474320 12 bytes [48, B8, 79, 3D, C1, 75, 00, ...] .text C:\Windows\system32\taskhost.exe[4352] C:\Windows\system32\KERNELBASE.dll!CreateRemoteThread + 1 000007fefd482841 8 bytes [B8, 39, 23, C1, 75, 00, 00, ...] .text C:\Windows\system32\taskhost.exe[4352] C:\Windows\system32\KERNELBASE.dll!CreateRemoteThread + 10 000007fefd48284a 2 bytes [50, C3] .text C:\Windows\system32\taskhost.exe[4352] C:\Windows\system32\KERNELBASE.dll!CreateThread + 1 000007fefd482881 11 bytes [B8, B9, 3B, C1, 75, 00, 00, ...] .text C:\Windows\System32\WUDFHost.exe[4388] C:\Windows\system32\kernel32.dll!Process32NextW + 1 00000000770720f1 11 bytes [B8, B9, CE, C1, 75, 00, 00, ...] .text C:\Windows\System32\WUDFHost.exe[4388] C:\Windows\system32\kernel32.dll!CreateToolhelp32Snapshot 00000000770721e0 12 bytes [48, B8, F9, 39, C1, 75, 00, ...] .text C:\Windows\System32\WUDFHost.exe[4388] C:\Windows\system32\kernel32.dll!CreateProcessInternalW 000000007708e750 12 bytes [48, B8, B9, 2D, C1, 75, 00, ...] .text C:\Windows\System32\WUDFHost.exe[4388] C:\Windows\system32\kernel32.dll!GetStartupInfoA + 1 0000000077091e31 11 bytes [B8, 39, E0, C1, 75, 00, 00, ...] .text C:\Windows\System32\WUDFHost.exe[4388] C:\Windows\system32\kernel32.dll!ReadConsoleInputW + 1 00000000770c5011 11 bytes [B8, 79, 75, C1, 75, 00, 00, ...] .text C:\Windows\System32\WUDFHost.exe[4388] C:\Windows\system32\kernel32.dll!ReadConsoleInputA + 1 00000000770c5031 11 bytes [B8, F9, 71, C1, 75, 00, 00, ...] .text C:\Windows\System32\WUDFHost.exe[4388] C:\Windows\system32\kernel32.dll!ReadConsoleW 00000000770da560 12 bytes [48, B8, 79, 7C, C1, 75, 00, ...] .text C:\Windows\System32\WUDFHost.exe[4388] C:\Windows\system32\kernel32.dll!ReadConsoleA 00000000770da670 12 bytes [48, B8, F9, 78, C1, 75, 00, ...] .text C:\Windows\System32\WUDFHost.exe[4388] C:\Windows\system32\KERNELBASE.dll!CloseHandle + 1 000007fefd441861 11 bytes [B8, 39, 4D, C1, 75, 00, 00, ...] .text C:\Windows\System32\WUDFHost.exe[4388] C:\Windows\system32\KERNELBASE.dll!GetProcAddress + 1 000007fefd4430f1 11 bytes [B8, 39, C4, C1, 75, 00, 00, ...] .text C:\Windows\System32\WUDFHost.exe[4388] C:\Windows\system32\KERNELBASE.dll!CreateMutexW 000007fefd448b80 12 bytes [48, B8, 79, 4B, C1, 75, 00, ...] .text C:\Windows\System32\WUDFHost.exe[4388] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd449940 12 bytes [48, B8, B9, C0, C1, 75, 00, ...] .text C:\Windows\System32\WUDFHost.exe[4388] C:\Windows\system32\KERNELBASE.dll!FreeLibrary + 1 000007fefd449fb1 11 bytes [B8, 79, C2, C1, 75, 00, 00, ...] .text C:\Windows\System32\WUDFHost.exe[4388] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExA + 1 000007fefd44bbb1 11 bytes [B8, F9, BE, C1, 75, 00, 00, ...] .text C:\Windows\System32\WUDFHost.exe[4388] C:\Windows\system32\KERNELBASE.dll!OpenMutexW + 1 000007fefd4529c1 11 bytes [B8, B9, 49, C1, 75, 00, 00, ...] .text C:\Windows\System32\WUDFHost.exe[4388] C:\Windows\system32\KERNELBASE.dll!WriteProcessMemory 000007fefd474320 12 bytes [48, B8, 79, 3D, C1, 75, 00, ...] .text C:\Windows\System32\WUDFHost.exe[4388] C:\Windows\system32\KERNELBASE.dll!CreateRemoteThread + 1 000007fefd482841 8 bytes [B8, 39, 23, C1, 75, 00, 00, ...] .text C:\Windows\System32\WUDFHost.exe[4388] C:\Windows\system32\KERNELBASE.dll!CreateRemoteThread + 10 000007fefd48284a 2 bytes [50, C3] .text C:\Windows\System32\WUDFHost.exe[4388] C:\Windows\system32\KERNELBASE.dll!CreateThread + 1 000007fefd482881 11 bytes [B8, B9, 3B, C1, 75, 00, 00, ...] .text C:\Windows\System32\WUDFHost.exe[4388] C:\Windows\SYSTEM32\sechost.dll!ControlService + 1 000007fefd77642d 11 bytes [B8, F9, 55, C1, 75, 00, 00, ...] .text C:\Windows\System32\WUDFHost.exe[4388] C:\Windows\SYSTEM32\sechost.dll!OpenServiceW 000007fefd776484 12 bytes [48, B8, B9, 50, C1, 75, 00, ...] .text C:\Windows\System32\WUDFHost.exe[4388] C:\Windows\SYSTEM32\sechost.dll!CloseServiceHandle + 1 000007fefd776519 11 bytes [B8, F9, 5C, C1, 75, 00, 00, ...] .text C:\Windows\System32\WUDFHost.exe[4388] C:\Windows\SYSTEM32\sechost.dll!OpenServiceA 000007fefd776c34 12 bytes [48, B8, F9, 4E, C1, 75, 00, ...] .text C:\Windows\System32\WUDFHost.exe[4388] C:\Windows\SYSTEM32\sechost.dll!DeleteService + 1 000007fefd777ab5 11 bytes [B8, B9, 57, C1, 75, 00, 00, ...] .text C:\Windows\System32\WUDFHost.exe[4388] C:\Windows\SYSTEM32\sechost.dll!ControlServiceExA + 1 000007fefd778b01 11 bytes [B8, 79, 52, C1, 75, 00, 00, ...] .text C:\Windows\System32\WUDFHost.exe[4388] C:\Windows\SYSTEM32\sechost.dll!ControlServiceExW + 1 000007fefd778c39 11 bytes [B8, 39, 54, C1, 75, 00, 00, ...] .text C:\Windows\system32\Dwm.exe[4636] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateProcessParametersEx + 1 00000000771c92a1 5 bytes [B8, F9, 63, C1, 75] .text C:\Windows\system32\Dwm.exe[4636] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateProcessParametersEx + 7 00000000771c92a7 5 bytes [00, 00, 00, 50, C3] .text C:\Windows\system32\Dwm.exe[4636] C:\Windows\SYSTEM32\ntdll.dll!NtWriteFile 00000000771e1390 6 bytes [48, B8, 79, EC, C1, 75] .text C:\Windows\system32\Dwm.exe[4636] C:\Windows\SYSTEM32\ntdll.dll!NtWriteFile + 8 00000000771e1398 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\Dwm.exe[4636] C:\Windows\SYSTEM32\ntdll.dll!NtClose 00000000771e1400 6 bytes [48, B8, 79, D0, C1, 75] .text C:\Windows\system32\Dwm.exe[4636] C:\Windows\SYSTEM32\ntdll.dll!NtClose + 8 00000000771e1408 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\Dwm.exe[4636] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess 00000000771e14d0 6 bytes [48, B8, 39, BD, C1, 75] .text C:\Windows\system32\Dwm.exe[4636] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess + 8 00000000771e14d8 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\Dwm.exe[4636] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000771e1570 6 bytes [48, B8, F9, 32, C1, 75] .text C:\Windows\system32\Dwm.exe[4636] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess + 8 00000000771e1578 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\Dwm.exe[4636] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 00000000771e1590 6 bytes [48, B8, 39, 1C, C1, 75] .text C:\Windows\system32\Dwm.exe[4636] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection + 8 00000000771e1598 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\Dwm.exe[4636] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection 00000000771e15b0 6 bytes [48, B8, F9, 1D, C1, 75] .text C:\Windows\system32\Dwm.exe[4636] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection + 8 00000000771e15b8 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\Dwm.exe[4636] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000771e15d0 6 bytes [48, B8, 79, BB, C1, 75] .text C:\Windows\system32\Dwm.exe[4636] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess + 8 00000000771e15d8 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\Dwm.exe[4636] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000771e1680 6 bytes [48, B8, F9, E8, C1, 75] .text C:\Windows\system32\Dwm.exe[4636] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection + 8 00000000771e1688 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\Dwm.exe[4636] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000771e16b0 6 bytes [48, B8, 79, 2F, C1, 75] .text C:\Windows\system32\Dwm.exe[4636] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory + 8 00000000771e16b8 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\Dwm.exe[4636] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000771e16d0 6 bytes [48, B8, 79, 36, C1, 75] .text C:\Windows\system32\Dwm.exe[4636] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject + 8 00000000771e16d8 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\Dwm.exe[4636] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 00000000771e1760 6 bytes [48, B8, B9, 34, C1, 75] .text C:\Windows\system32\Dwm.exe[4636] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread + 8 00000000771e1768 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\Dwm.exe[4636] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000771e17b0 6 bytes [48, B8, 39, EE, C1, 75] .text C:\Windows\system32\Dwm.exe[4636] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection + 8 00000000771e17b8 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\Dwm.exe[4636] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcessEx 00000000771e17e0 6 bytes [48, B8, 39, 2A, C1, 75] .text C:\Windows\system32\Dwm.exe[4636] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcessEx + 8 00000000771e17e8 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\Dwm.exe[4636] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000771e17f0 6 bytes [48, B8, B9, 26, C1, 75] .text C:\Windows\system32\Dwm.exe[4636] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread + 8 00000000771e17f8 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\Dwm.exe[4636] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 00000000771e1860 6 bytes [48, B8, B9, EA, C1, 75] .text C:\Windows\system32\Dwm.exe[4636] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile + 8 00000000771e1868 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\Dwm.exe[4636] C:\Windows\SYSTEM32\ntdll.dll!NtSetValueKey 00000000771e1910 6 bytes [48, B8, B9, F1, C1, 75] .text C:\Windows\system32\Dwm.exe[4636] C:\Windows\SYSTEM32\ntdll.dll!NtSetValueKey + 8 00000000771e1918 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\Dwm.exe[4636] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000771e1ce0 6 bytes [48, B8, 39, E7, C1, 75] .text C:\Windows\system32\Dwm.exe[4636] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant + 8 00000000771e1ce8 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\Dwm.exe[4636] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcess 00000000771e1d30 6 bytes [48, B8, 79, 28, C1, 75] .text C:\Windows\system32\Dwm.exe[4636] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcess + 8 00000000771e1d38 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\Dwm.exe[4636] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000771e1d90 6 bytes [48, B8, F9, 24, C1, 75] .text C:\Windows\system32\Dwm.exe[4636] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx + 8 00000000771e1d98 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\Dwm.exe[4636] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000771e2100 6 bytes [48, B8, 39, D2, C1, 75] .text C:\Windows\system32\Dwm.exe[4636] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver + 8 00000000771e2108 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\Dwm.exe[4636] C:\Windows\SYSTEM32\ntdll.dll!NtRaiseHardError 00000000771e2640 6 bytes [48, B8, 39, 7E, C1, 75] .text C:\Windows\system32\Dwm.exe[4636] C:\Windows\SYSTEM32\ntdll.dll!NtRaiseHardError + 8 00000000771e2648 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\Dwm.exe[4636] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000771e2840 6 bytes [48, B8, 39, 31, C1, 75] .text C:\Windows\system32\Dwm.exe[4636] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread + 8 00000000771e2848 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\Dwm.exe[4636] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000771e2a00 6 bytes [48, B8, F9, D3, C1, 75] .text C:\Windows\system32\Dwm.exe[4636] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation + 8 00000000771e2a08 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\Dwm.exe[4636] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000771e2b00 6 bytes [48, B8, F9, EF, C1, 75] .text C:\Windows\system32\Dwm.exe[4636] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl + 8 00000000771e2b08 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\Dwm.exe[4636] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000771e2be0 6 bytes [48, B8, F9, E1, C1, 75] .text C:\Windows\system32\Dwm.exe[4636] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl + 8 00000000771e2be8 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\Dwm.exe[4636] C:\Windows\SYSTEM32\ntdll.dll!RtlReportException + 1 00000000772531f1 11 bytes [B8, F9, 7F, C1, 75, 00, 00, ...] .text C:\Windows\system32\Dwm.exe[4636] C:\Windows\system32\kernel32.dll!Process32NextW + 1 00000000770720f1 11 bytes [B8, B9, CE, C1, 75, 00, 00, ...] .text C:\Windows\system32\Dwm.exe[4636] C:\Windows\system32\kernel32.dll!CreateToolhelp32Snapshot 00000000770721e0 12 bytes [48, B8, F9, 39, C1, 75, 00, ...] .text C:\Windows\system32\Dwm.exe[4636] C:\Windows\system32\kernel32.dll!CreateProcessInternalW 000000007708e750 12 bytes [48, B8, B9, 2D, C1, 75, 00, ...] .text C:\Windows\system32\Dwm.exe[4636] C:\Windows\system32\kernel32.dll!GetStartupInfoA + 1 0000000077091e31 11 bytes [B8, 39, E0, C1, 75, 00, 00, ...] .text C:\Windows\system32\Dwm.exe[4636] C:\Windows\system32\kernel32.dll!ReadConsoleInputW + 1 00000000770c5011 11 bytes [B8, 79, 75, C1, 75, 00, 00, ...] .text C:\Windows\system32\Dwm.exe[4636] C:\Windows\system32\kernel32.dll!ReadConsoleInputA + 1 00000000770c5031 11 bytes [B8, F9, 71, C1, 75, 00, 00, ...] .text C:\Windows\system32\Dwm.exe[4636] C:\Windows\system32\kernel32.dll!ReadConsoleW 00000000770da560 12 bytes [48, B8, 79, 7C, C1, 75, 00, ...] .text C:\Windows\system32\Dwm.exe[4636] C:\Windows\system32\kernel32.dll!ReadConsoleA 00000000770da670 12 bytes [48, B8, F9, 78, C1, 75, 00, ...] .text C:\Windows\system32\Dwm.exe[4636] C:\Windows\system32\KERNELBASE.dll!CloseHandle + 1 000007fefd441861 11 bytes [B8, 39, 4D, C1, 75, 00, 00, ...] .text C:\Windows\system32\Dwm.exe[4636] C:\Windows\system32\KERNELBASE.dll!GetProcAddress + 1 000007fefd4430f1 11 bytes [B8, 39, C4, C1, 75, 00, 00, ...] .text C:\Windows\system32\Dwm.exe[4636] C:\Windows\system32\KERNELBASE.dll!CreateMutexW 000007fefd448b80 12 bytes [48, B8, 79, 4B, C1, 75, 00, ...] .text C:\Windows\system32\Dwm.exe[4636] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd449940 12 bytes [48, B8, B9, C0, C1, 75, 00, ...] .text C:\Windows\system32\Dwm.exe[4636] C:\Windows\system32\KERNELBASE.dll!FreeLibrary + 1 000007fefd449fb1 11 bytes [B8, 79, C2, C1, 75, 00, 00, ...] .text C:\Windows\system32\Dwm.exe[4636] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExA + 1 000007fefd44bbb1 11 bytes [B8, F9, BE, C1, 75, 00, 00, ...] .text C:\Windows\system32\Dwm.exe[4636] C:\Windows\system32\KERNELBASE.dll!OpenMutexW + 1 000007fefd4529c1 11 bytes [B8, B9, 49, C1, 75, 00, 00, ...] .text C:\Windows\system32\Dwm.exe[4636] C:\Windows\system32\KERNELBASE.dll!WriteProcessMemory 000007fefd474320 12 bytes [48, B8, 79, 3D, C1, 75, 00, ...] .text C:\Windows\system32\Dwm.exe[4636] C:\Windows\system32\KERNELBASE.dll!CreateRemoteThread + 1 000007fefd482841 8 bytes [B8, 39, 23, C1, 75, 00, 00, ...] .text C:\Windows\system32\Dwm.exe[4636] C:\Windows\system32\KERNELBASE.dll!CreateRemoteThread + 10 000007fefd48284a 2 bytes [50, C3] .text C:\Windows\system32\Dwm.exe[4636] C:\Windows\system32\KERNELBASE.dll!CreateThread + 1 000007fefd482881 11 bytes [B8, B9, 3B, C1, 75, 00, 00, ...] .text C:\Windows\system32\Dwm.exe[4636] C:\Windows\system32\d3d11.dll!D3D11CreateDeviceAndSwapChain 000007fef4f100f8 12 bytes [48, B8, 39, 8C, C1, 75, 00, ...] .text C:\Windows\Explorer.EXE[4932] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateProcessParametersEx + 1 00000000771c92a1 5 bytes [B8, B9, 50, C1, 75] .text C:\Windows\Explorer.EXE[4932] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateProcessParametersEx + 7 00000000771c92a7 5 bytes [00, 00, 00, 50, C3] .text C:\Windows\Explorer.EXE[4932] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess 00000000771e14d0 6 bytes [48, B8, B9, 57, C1, 75] .text C:\Windows\Explorer.EXE[4932] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess + 8 00000000771e14d8 4 bytes [00, 00, 50, C3] .text C:\Windows\Explorer.EXE[4932] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000771e1570 6 bytes [48, B8, F9, 32, C1, 75] .text C:\Windows\Explorer.EXE[4932] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess + 8 00000000771e1578 4 bytes [00, 00, 50, C3] .text C:\Windows\Explorer.EXE[4932] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 00000000771e1590 6 bytes [48, B8, 39, 1C, C1, 75] .text C:\Windows\Explorer.EXE[4932] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection + 8 00000000771e1598 4 bytes [00, 00, 50, C3] .text C:\Windows\Explorer.EXE[4932] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection 00000000771e15b0 6 bytes [48, B8, F9, 1D, C1, 75] .text C:\Windows\Explorer.EXE[4932] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection + 8 00000000771e15b8 4 bytes [00, 00, 50, C3] .text C:\Windows\Explorer.EXE[4932] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000771e15d0 6 bytes [48, B8, F9, 55, C1, 75] .text C:\Windows\Explorer.EXE[4932] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess + 8 00000000771e15d8 4 bytes [00, 00, 50, C3] .text C:\Windows\Explorer.EXE[4932] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000771e1680 6 bytes [48, B8, F9, 71, C1, 75] .text C:\Windows\Explorer.EXE[4932] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection + 8 00000000771e1688 4 bytes [00, 00, 50, C3] .text C:\Windows\Explorer.EXE[4932] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000771e16b0 6 bytes [48, B8, 79, 2F, C1, 75] .text C:\Windows\Explorer.EXE[4932] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory + 8 00000000771e16b8 4 bytes [00, 00, 50, C3] .text C:\Windows\Explorer.EXE[4932] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000771e16d0 6 bytes [48, B8, 79, 36, C1, 75] .text C:\Windows\Explorer.EXE[4932] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject + 8 00000000771e16d8 4 bytes [00, 00, 50, C3] .text C:\Windows\Explorer.EXE[4932] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 00000000771e1760 6 bytes [48, B8, B9, 34, C1, 75] .text C:\Windows\Explorer.EXE[4932] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread + 8 00000000771e1768 4 bytes [00, 00, 50, C3] .text C:\Windows\Explorer.EXE[4932] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000771e17b0 6 bytes [48, B8, B9, 73, C1, 75] .text C:\Windows\Explorer.EXE[4932] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection + 8 00000000771e17b8 4 bytes [00, 00, 50, C3] .text C:\Windows\Explorer.EXE[4932] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcessEx 00000000771e17e0 6 bytes [48, B8, 39, 2A, C1, 75] .text C:\Windows\Explorer.EXE[4932] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcessEx + 8 00000000771e17e8 4 bytes [00, 00, 50, C3] .text C:\Windows\Explorer.EXE[4932] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000771e17f0 6 bytes [48, B8, B9, 26, C1, 75] .text C:\Windows\Explorer.EXE[4932] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread + 8 00000000771e17f8 4 bytes [00, 00, 50, C3] .text C:\Windows\Explorer.EXE[4932] C:\Windows\SYSTEM32\ntdll.dll!NtSetValueKey 00000000771e1910 6 bytes [48, B8, 39, 77, C1, 75] .text C:\Windows\Explorer.EXE[4932] C:\Windows\SYSTEM32\ntdll.dll!NtSetValueKey + 8 00000000771e1918 4 bytes [00, 00, 50, C3] .text C:\Windows\Explorer.EXE[4932] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000771e1ce0 6 bytes [48, B8, 39, 70, C1, 75] .text C:\Windows\Explorer.EXE[4932] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant + 8 00000000771e1ce8 4 bytes [00, 00, 50, C3] .text C:\Windows\Explorer.EXE[4932] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcess 00000000771e1d30 6 bytes [48, B8, 79, 28, C1, 75] .text C:\Windows\Explorer.EXE[4932] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcess + 8 00000000771e1d38 4 bytes [00, 00, 50, C3] .text C:\Windows\Explorer.EXE[4932] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000771e1d90 6 bytes [48, B8, F9, 24, C1, 75] .text C:\Windows\Explorer.EXE[4932] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx + 8 00000000771e1d98 4 bytes [00, 00, 50, C3] .text C:\Windows\Explorer.EXE[4932] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000771e2100 6 bytes [48, B8, 79, 60, C1, 75] .text C:\Windows\Explorer.EXE[4932] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver + 8 00000000771e2108 4 bytes [00, 00, 50, C3] .text C:\Windows\Explorer.EXE[4932] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000771e2840 6 bytes [48, B8, 39, 31, C1, 75] .text C:\Windows\Explorer.EXE[4932] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread + 8 00000000771e2848 4 bytes [00, 00, 50, C3] .text C:\Windows\Explorer.EXE[4932] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000771e2a00 6 bytes [48, B8, 39, 62, C1, 75] .text C:\Windows\Explorer.EXE[4932] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation + 8 00000000771e2a08 4 bytes [00, 00, 50, C3] .text C:\Windows\Explorer.EXE[4932] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000771e2b00 6 bytes [48, B8, 79, 75, C1, 75] .text C:\Windows\Explorer.EXE[4932] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl + 8 00000000771e2b08 4 bytes [00, 00, 50, C3] .text C:\Windows\Explorer.EXE[4932] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000771e2be0 6 bytes [48, B8, 79, 67, C1, 75] .text C:\Windows\Explorer.EXE[4932] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl + 8 00000000771e2be8 4 bytes [00, 00, 50, C3] .text C:\Windows\Explorer.EXE[4932] C:\Windows\system32\kernel32.dll!CreateToolhelp32Snapshot 00000000770721e0 12 bytes [48, B8, F9, 39, C1, 75, 00, ...] .text C:\Windows\Explorer.EXE[4932] C:\Windows\system32\kernel32.dll!CreateProcessInternalW 000000007708e750 12 bytes [48, B8, B9, 2D, C1, 75, 00, ...] .text C:\Windows\Explorer.EXE[4932] C:\Windows\system32\kernel32.dll!GetStartupInfoA + 1 0000000077091e31 11 bytes [B8, B9, 65, C1, 75, 00, 00, ...] .text C:\Windows\Explorer.EXE[4932] C:\Windows\system32\KERNELBASE.dll!WriteProcessMemory 000007fefd474320 12 bytes [48, B8, 79, 3D, C1, 75, 00, ...] .text C:\Windows\Explorer.EXE[4932] C:\Windows\system32\KERNELBASE.dll!CreateRemoteThread + 1 000007fefd482841 8 bytes [B8, 39, 23, C1, 75, 00, 00, ...] .text C:\Windows\Explorer.EXE[4932] C:\Windows\system32\KERNELBASE.dll!CreateRemoteThread + 10 000007fefd48284a 2 bytes [50, C3] .text C:\Windows\Explorer.EXE[4932] C:\Windows\system32\KERNELBASE.dll!CreateThread + 1 000007fefd482881 11 bytes [B8, B9, 3B, C1, 75, 00, 00, ...] .text C:\Windows\Explorer.EXE[4932] C:\Windows\SYSTEM32\sechost.dll!ControlService + 1 000007fefd77642d 11 bytes [B8, 39, 46, C1, 75, 00, 00, ...] .text C:\Windows\Explorer.EXE[4932] C:\Windows\SYSTEM32\sechost.dll!OpenServiceW 000007fefd776484 12 bytes [48, B8, F9, 40, C1, 75, 00, ...] .text C:\Windows\Explorer.EXE[4932] C:\Windows\SYSTEM32\sechost.dll!CloseServiceHandle + 1 000007fefd776519 11 bytes [B8, 39, 4D, C1, 75, 00, 00, ...] .text C:\Windows\Explorer.EXE[4932] C:\Windows\SYSTEM32\sechost.dll!OpenServiceA 000007fefd776c34 12 bytes [48, B8, 39, 3F, C1, 75, 00, ...] .text C:\Windows\Explorer.EXE[4932] C:\Windows\SYSTEM32\sechost.dll!DeleteService + 1 000007fefd777ab5 11 bytes [B8, F9, 47, C1, 75, 00, 00, ...] .text C:\Windows\Explorer.EXE[4932] C:\Windows\SYSTEM32\sechost.dll!ControlServiceExA + 1 000007fefd778b01 11 bytes [B8, B9, 42, C1, 75, 00, 00, ...] .text C:\Windows\Explorer.EXE[4932] C:\Windows\SYSTEM32\sechost.dll!ControlServiceExW + 1 000007fefd778c39 11 bytes [B8, 79, 44, C1, 75, 00, 00, ...] .text C:\Windows\Explorer.EXE[4932] C:\Windows\system32\WS2_32.dll!connect 000007fefe5a45c0 12 bytes [48, B8, F9, 4E, C1, 75, 00, ...] .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe[4720] C:\Windows\SysWOW64\ntdll.dll!NtWriteFile 000000007738f908 5 bytes JMP 00000001741e6661 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe[4720] C:\Windows\SysWOW64\ntdll.dll!NtClose 000000007738f9c0 5 bytes JMP 00000001741e5f11 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe[4720] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationProcess 000000007738fb08 5 bytes JMP 00000001741e5971 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe[4720] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess 000000007738fc00 5 bytes JMP 00000001741e3061 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe[4720] C:\Windows\SysWOW64\ntdll.dll!NtMapViewOfSection 000000007738fc30 5 bytes JMP 00000001741e15f1 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe[4720] C:\Windows\SysWOW64\ntdll.dll!NtUnmapViewOfSection 000000007738fc60 5 bytes JMP 00000001741e1681 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe[4720] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 000000007738fc90 5 bytes JMP 00000001741e58e1 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe[4720] C:\Windows\SysWOW64\ntdll.dll!NtOpenSection 000000007738fda8 5 bytes JMP 00000001741e65d1 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe[4720] C:\Windows\SysWOW64\ntdll.dll!NtWriteVirtualMemory 000000007738fdf4 5 bytes JMP 00000001741e2f41 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe[4720] C:\Windows\SysWOW64\ntdll.dll!NtDuplicateObject 000000007738fe24 5 bytes JMP 00000001741e3181 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe[4720] C:\Windows\SysWOW64\ntdll.dll!NtQueueApcThread 000000007738ff04 5 bytes JMP 00000001741e30f1 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe[4720] C:\Windows\SysWOW64\ntdll.dll!NtCreateSection 000000007738ff84 5 bytes JMP 00000001741e66f1 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe[4720] C:\Windows\SysWOW64\ntdll.dll!NtCreateProcessEx 000000007738ffcc 5 bytes JMP 00000001741e2d91 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe[4720] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread 000000007738ffe4 5 bytes JMP 00000001741e2c71 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe[4720] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile 0000000077390094 5 bytes JMP 00000001741e1e61 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe[4720] C:\Windows\SysWOW64\ntdll.dll!NtSetValueKey 00000000773901a4 5 bytes JMP 00000001741e2251 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe[4720] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant 000000007739077c 5 bytes JMP 00000001741e6541 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe[4720] C:\Windows\SysWOW64\ntdll.dll!NtCreateProcess 00000000773907f4 5 bytes JMP 00000001741e2d01 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe[4720] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx 0000000077390884 5 bytes JMP 00000001741e2be1 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe[4720] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver 0000000077390dd4 5 bytes JMP 00000001741e5fa1 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe[4720] C:\Windows\SysWOW64\ntdll.dll!NtRaiseHardError 00000000773915e4 5 bytes JMP 00000001741e4651 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe[4720] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread 0000000077391900 5 bytes JMP 00000001741e2fd1 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe[4720] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation 0000000077391bc4 5 bytes JMP 00000001741e6031 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe[4720] C:\Windows\SysWOW64\ntdll.dll!NtSystemDebugControl 0000000077391d6c 5 bytes JMP 00000001741e6781 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe[4720] C:\Windows\SysWOW64\ntdll.dll!NtVdmControl 0000000077391ec8 5 bytes JMP 00000001741e6391 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe[4720] C:\Windows\SysWOW64\ntdll.dll!RtlQueryPerformanceCounter 00000000773a88a4 5 bytes JMP 00000001741e1a71 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe[4720] C:\Windows\SysWOW64\ntdll.dll!RtlCreateProcessParametersEx 00000000773d0cfb 5 bytes JMP 00000001741e1f81 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe[4720] C:\Windows\SysWOW64\ntdll.dll!RtlReportException 000000007741857f 5 bytes JMP 00000001741e46e1 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe[4720] C:\Windows\SysWOW64\ntdll.dll!RtlCreateProcessParameters 000000007741e81b 5 bytes JMP 00000001741e1ef1 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe[4720] C:\Windows\syswow64\kernel32.dll!GetStartupInfoA 00000000764a0e00 5 bytes JMP 00000001741e1d41 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe[4720] C:\Windows\syswow64\kernel32.dll!CreateProcessA 00000000764a1072 5 bytes JMP 00000001741e2911 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe[4720] C:\Windows\syswow64\kernel32.dll!LoadLibraryA 00000000764a49bf 5 bytes JMP 00000001741e2521 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe[4720] C:\Windows\syswow64\kernel32.dll!CreateProcessInternalW 00000000764b3bdb 5 bytes JMP 00000001741e2eb1 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe[4720] C:\Windows\syswow64\kernel32.dll!CreateToolhelp32Snapshot 00000000764c7347 5 bytes JMP 00000001741e2641 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe[4720] C:\Windows\syswow64\kernel32.dll!Process32NextW 00000000764c8954 5 bytes JMP 00000001741e5e81 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe[4720] C:\Windows\syswow64\kernel32.dll!WinExec 0000000076522c91 5 bytes JMP 00000001741e27f1 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe[4720] C:\Windows\syswow64\kernel32.dll!ReadConsoleInputA 0000000076546f6b 5 bytes JMP 00000001741e4261 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe[4720] C:\Windows\syswow64\kernel32.dll!ReadConsoleInputW 0000000076546f8e 5 bytes JMP 00000001741e4381 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe[4720] C:\Windows\syswow64\kernel32.dll!ReadConsoleA 0000000076547339 5 bytes JMP 00000001741e44a1 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe[4720] C:\Windows\syswow64\kernel32.dll!ReadConsoleW 00000000765473b2 5 bytes JMP 00000001741e45c1 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe[4720] C:\Windows\syswow64\KERNELBASE.dll!GetSystemTimeAsFileTime 00000000750d8f7d 5 bytes JMP 00000001741e19e1 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe[4720] C:\Windows\syswow64\KERNELBASE.dll!CloseHandle 00000000750dc428 5 bytes JMP 00000001741e37b1 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe[4720] C:\Windows\syswow64\KERNELBASE.dll!WriteProcessMemory 00000000750dec98 5 bytes JMP 00000001741e32a1 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe[4720] C:\Windows\syswow64\KERNELBASE.dll!ExitProcess 00000000750df1f8 4 bytes JMP 00000001741e22e1 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe[4720] C:\Windows\syswow64\KERNELBASE.dll!GetStartupInfoW 00000000750dfa7b 5 bytes JMP 00000001741e1dd1 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe[4720] C:\Windows\syswow64\KERNELBASE.dll!CreateMutexW 00000000750e134a 5 bytes JMP 00000001741e3721 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe[4720] C:\Windows\syswow64\KERNELBASE.dll!OpenMutexW 00000000750e1371 5 bytes JMP 00000001741e3691 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe[4720] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 00000000750e1d1b 5 bytes JMP 00000001741e1951 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe[4720] C:\Windows\syswow64\KERNELBASE.dll!GetProcAddress 00000000750e1e07 5 bytes JMP 00000001741e2401 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe[4720] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 00000000750e2aa4 5 bytes JMP 00000001741e5a91 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe[4720] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExA 00000000750e2ccc 5 bytes JMP 00000001741e5a01 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe[4720] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 00000000750e2d0a 5 bytes JMP 00000001741e5b21 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe[4720] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleA 00000000750e2e6d 5 bytes JMP 00000001741e18c1 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe[4720] C:\Windows\syswow64\KERNELBASE.dll!SleepEx 00000000750e3b63 5 bytes JMP 00000001741e21c1 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe[4720] C:\Windows\syswow64\KERNELBASE.dll!Sleep 00000000750e4489 5 bytes JMP 00000001741e2371 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe[4720] C:\Windows\syswow64\KERNELBASE.dll!CreateThread 00000000750e45fb 5 bytes JMP 00000001741e3211 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe[4720] C:\Windows\syswow64\KERNELBASE.dll!CreateRemoteThread 00000000750e4624 5 bytes JMP 00000001741e2b51 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe[4720] C:\Windows\syswow64\KERNELBASE.dll!CreateFileA 00000000750ec72c 5 bytes JMP 00000001741e26d1 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe[4720] C:\Windows\syswow64\USER32.dll!GetMessageW 00000000767a78e2 5 bytes JMP 00000001741e4021 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe[4720] C:\Windows\syswow64\USER32.dll!GetMessageA 00000000767a7bd3 5 bytes JMP 00000001741e3f91 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe[4720] C:\Windows\syswow64\USER32.dll!CreateWindowExW 00000000767a8a29 5 bytes JMP 00000001741e52b1 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe[4720] C:\Windows\syswow64\USER32.dll!FindWindowW 00000000767a98fd 5 bytes JMP 00000001741e5cd1 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe[4720] C:\Windows\syswow64\USER32.dll!UserClientDllInitialize 00000000767ab6ed 5 bytes JMP 00000001741e6811 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe[4720] C:\Windows\syswow64\USER32.dll!CreateWindowExA 00000000767ad22e 5 bytes JMP 00000001741e5341 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe[4720] C:\Windows\syswow64\USER32.dll!FindWindowA 00000000767affe6 5 bytes JMP 00000001741e5bb1 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe[4720] C:\Windows\syswow64\USER32.dll!FindWindowExA 00000000767b00d9 5 bytes JMP 00000001741e5c41 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe[4720] C:\Windows\syswow64\USER32.dll!PeekMessageW 00000000767b05ba 5 bytes JMP 00000001741e4141 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe[4720] C:\Windows\syswow64\USER32.dll!ShowWindow 00000000767b0dfb 5 bytes JMP 00000001741e53d1 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe[4720] C:\Windows\syswow64\USER32.dll!PostMessageW 00000000767b12a5 5 bytes JMP 00000001741e64b1 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe[4720] C:\Windows\syswow64\USER32.dll!SetWindowTextW 00000000767b20ec 5 bytes JMP 00000001741e5731 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe[4720] C:\Windows\syswow64\USER32.dll!PostMessageA 00000000767b3baa 5 bytes JMP 00000001741e6421 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe[4720] C:\Windows\syswow64\USER32.dll!PeekMessageA 00000000767b5f74 5 bytes JMP 00000001741e40b1 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe[4720] C:\Windows\syswow64\USER32.dll!CallNextHookEx 00000000767b6285 5 bytes JMP 00000001741e4771 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe[4720] C:\Windows\syswow64\USER32.dll!SetWindowsHookExW 00000000767b7603 5 bytes JMP 00000001741e2ac1 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe[4720] C:\Windows\syswow64\USER32.dll!SetWindowTextA 00000000767b7aee 5 bytes JMP 00000001741e56a1 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe[4720] C:\Windows\syswow64\USER32.dll!SetWindowsHookExA 00000000767b835c 5 bytes JMP 00000001741e2a31 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe[4720] C:\Windows\syswow64\USER32.dll!DialogBoxIndirectParamAorW 00000000767cce54 5 bytes JMP 00000001741e54f1 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe[4720] C:\Windows\syswow64\USER32.dll!UnhookWindowsHookEx 00000000767cf52b 5 bytes JMP 00000001741e4801 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe[4720] C:\Windows\syswow64\USER32.dll!FindWindowExW 00000000767cf588 5 bytes JMP 00000001741e5d61 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe[4720] C:\Windows\syswow64\USER32.dll!CreateDialogIndirectParamAorW 00000000767d10a0 5 bytes JMP 00000001741e5461 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe[4720] C:\Windows\syswow64\USER32.dll!MessageBoxExA 00000000767ffcd6 5 bytes JMP 00000001741e5581 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe[4720] C:\Windows\syswow64\USER32.dll!MessageBoxExW 00000000767ffcfa 5 bytes JMP 00000001741e5611 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe[4720] C:\Windows\syswow64\WS2_32.dll!closesocket 0000000076e43918 5 bytes JMP 00000001741e5851 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe[4720] C:\Windows\syswow64\WS2_32.dll!WSASocketW 0000000076e43cd3 5 bytes JMP 00000001741e57c1 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe[4720] C:\Windows\syswow64\WS2_32.dll!socket 0000000076e43eb8 5 bytes JMP 00000001741e60c1 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe[4720] C:\Windows\syswow64\WS2_32.dll!WSASend 0000000076e44406 5 bytes JMP 00000001741e20a1 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe[4720] C:\Windows\syswow64\WS2_32.dll!GetAddrInfoW 0000000076e44889 5 bytes JMP 00000001741e5191 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe[4720] C:\Windows\syswow64\WS2_32.dll!recv 0000000076e46b0e 5 bytes JMP 00000001741e6271 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe[4720] C:\Windows\syswow64\WS2_32.dll!connect 0000000076e46bdd 1 byte JMP 00000001741e3de1 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe[4720] C:\Windows\syswow64\WS2_32.dll!connect + 2 0000000076e46bdf 3 bytes {CALL RCX} .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe[4720] C:\Windows\syswow64\WS2_32.dll!send 0000000076e46f01 5 bytes JMP 00000001741e2011 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe[4720] C:\Windows\syswow64\WS2_32.dll!WSARecv 0000000076e47089 5 bytes JMP 00000001741e6301 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe[4720] C:\Windows\syswow64\WS2_32.dll!WSAConnect 0000000076e4cc3f 5 bytes JMP 00000001741e61e1 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe[4720] C:\Windows\syswow64\WS2_32.dll!gethostbyname 0000000076e57673 5 bytes JMP 00000001741e5221 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe[5004] C:\Windows\SysWOW64\ntdll.dll!NtWriteFile 000000007738f908 5 bytes JMP 00000001741e6661 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe[5004] C:\Windows\SysWOW64\ntdll.dll!NtClose 000000007738f9c0 5 bytes JMP 00000001741e5f11 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe[5004] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationProcess 000000007738fb08 5 bytes JMP 00000001741e5971 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe[5004] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess 000000007738fc00 5 bytes JMP 00000001741e3061 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe[5004] C:\Windows\SysWOW64\ntdll.dll!NtMapViewOfSection 000000007738fc30 5 bytes JMP 00000001741e15f1 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe[5004] C:\Windows\SysWOW64\ntdll.dll!NtUnmapViewOfSection 000000007738fc60 5 bytes JMP 00000001741e1681 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe[5004] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 000000007738fc90 5 bytes JMP 00000001741e58e1 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe[5004] C:\Windows\SysWOW64\ntdll.dll!NtOpenSection 000000007738fda8 5 bytes JMP 00000001741e65d1 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe[5004] C:\Windows\SysWOW64\ntdll.dll!NtWriteVirtualMemory 000000007738fdf4 5 bytes JMP 00000001741e2f41 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe[5004] C:\Windows\SysWOW64\ntdll.dll!NtDuplicateObject 000000007738fe24 5 bytes JMP 00000001741e3181 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe[5004] C:\Windows\SysWOW64\ntdll.dll!NtQueueApcThread 000000007738ff04 5 bytes JMP 00000001741e30f1 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe[5004] C:\Windows\SysWOW64\ntdll.dll!NtCreateSection 000000007738ff84 5 bytes JMP 00000001741e66f1 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe[5004] C:\Windows\SysWOW64\ntdll.dll!NtCreateProcessEx 000000007738ffcc 5 bytes JMP 00000001741e2d91 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe[5004] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread 000000007738ffe4 5 bytes JMP 00000001741e2c71 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe[5004] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile 0000000077390094 5 bytes JMP 00000001741e1e61 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe[5004] C:\Windows\SysWOW64\ntdll.dll!NtSetValueKey 00000000773901a4 5 bytes JMP 00000001741e2251 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe[5004] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant 000000007739077c 5 bytes JMP 00000001741e6541 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe[5004] C:\Windows\SysWOW64\ntdll.dll!NtCreateProcess 00000000773907f4 5 bytes JMP 00000001741e2d01 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe[5004] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx 0000000077390884 5 bytes JMP 00000001741e2be1 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe[5004] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver 0000000077390dd4 5 bytes JMP 00000001741e5fa1 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe[5004] C:\Windows\SysWOW64\ntdll.dll!NtRaiseHardError 00000000773915e4 5 bytes JMP 00000001741e4651 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe[5004] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread 0000000077391900 5 bytes JMP 00000001741e2fd1 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe[5004] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation 0000000077391bc4 5 bytes JMP 00000001741e6031 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe[5004] C:\Windows\SysWOW64\ntdll.dll!NtSystemDebugControl 0000000077391d6c 5 bytes JMP 00000001741e6781 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe[5004] C:\Windows\SysWOW64\ntdll.dll!NtVdmControl 0000000077391ec8 5 bytes JMP 00000001741e6391 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe[5004] C:\Windows\SysWOW64\ntdll.dll!RtlQueryPerformanceCounter 00000000773a88a4 5 bytes JMP 00000001741e1a71 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe[5004] C:\Windows\SysWOW64\ntdll.dll!RtlCreateProcessParametersEx 00000000773d0cfb 5 bytes JMP 00000001741e1f81 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe[5004] C:\Windows\SysWOW64\ntdll.dll!RtlReportException 000000007741857f 5 bytes JMP 00000001741e46e1 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe[5004] C:\Windows\SysWOW64\ntdll.dll!RtlCreateProcessParameters 000000007741e81b 5 bytes JMP 00000001741e1ef1 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe[5004] C:\Windows\syswow64\kernel32.dll!GetStartupInfoA 00000000764a0e00 5 bytes JMP 00000001741e1d41 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe[5004] C:\Windows\syswow64\kernel32.dll!CreateProcessA 00000000764a1072 5 bytes JMP 00000001741e2911 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe[5004] C:\Windows\syswow64\kernel32.dll!LoadLibraryA 00000000764a49bf 5 bytes JMP 00000001741e2521 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe[5004] C:\Windows\syswow64\kernel32.dll!CreateProcessInternalW 00000000764b3bdb 5 bytes JMP 00000001741e2eb1 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe[5004] C:\Windows\syswow64\kernel32.dll!CreateToolhelp32Snapshot 00000000764c7347 5 bytes JMP 00000001741e2641 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe[5004] C:\Windows\syswow64\kernel32.dll!Process32NextW 00000000764c8954 5 bytes JMP 00000001741e5e81 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe[5004] C:\Windows\syswow64\kernel32.dll!WinExec 0000000076522c91 5 bytes JMP 00000001741e27f1 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe[5004] C:\Windows\syswow64\kernel32.dll!ReadConsoleInputA 0000000076546f6b 5 bytes JMP 00000001741e4261 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe[5004] C:\Windows\syswow64\kernel32.dll!ReadConsoleInputW 0000000076546f8e 5 bytes JMP 00000001741e4381 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe[5004] C:\Windows\syswow64\kernel32.dll!ReadConsoleA 0000000076547339 5 bytes JMP 00000001741e44a1 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe[5004] C:\Windows\syswow64\kernel32.dll!ReadConsoleW 00000000765473b2 5 bytes JMP 00000001741e45c1 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe[5004] C:\Windows\syswow64\KERNELBASE.dll!GetSystemTimeAsFileTime 00000000750d8f7d 5 bytes JMP 00000001741e19e1 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe[5004] C:\Windows\syswow64\KERNELBASE.dll!CloseHandle 00000000750dc428 5 bytes JMP 00000001741e37b1 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe[5004] C:\Windows\syswow64\KERNELBASE.dll!WriteProcessMemory 00000000750dec98 5 bytes JMP 00000001741e32a1 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe[5004] C:\Windows\syswow64\KERNELBASE.dll!ExitProcess 00000000750df1f8 4 bytes JMP 00000001741e22e1 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe[5004] C:\Windows\syswow64\KERNELBASE.dll!GetStartupInfoW 00000000750dfa7b 5 bytes JMP 00000001741e1dd1 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe[5004] C:\Windows\syswow64\KERNELBASE.dll!CreateMutexW 00000000750e134a 5 bytes JMP 00000001741e3721 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe[5004] C:\Windows\syswow64\KERNELBASE.dll!OpenMutexW 00000000750e1371 5 bytes JMP 00000001741e3691 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe[5004] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 00000000750e1d1b 5 bytes JMP 00000001741e1951 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe[5004] C:\Windows\syswow64\KERNELBASE.dll!GetProcAddress 00000000750e1e07 5 bytes JMP 00000001741e2401 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe[5004] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 00000000750e2aa4 5 bytes JMP 00000001741e5a91 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe[5004] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExA 00000000750e2ccc 5 bytes JMP 00000001741e5a01 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe[5004] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 00000000750e2d0a 5 bytes JMP 00000001741e5b21 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe[5004] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleA 00000000750e2e6d 5 bytes JMP 00000001741e18c1 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe[5004] C:\Windows\syswow64\KERNELBASE.dll!SleepEx 00000000750e3b63 5 bytes JMP 00000001741e21c1 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe[5004] C:\Windows\syswow64\KERNELBASE.dll!Sleep 00000000750e4489 5 bytes JMP 00000001741e2371 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe[5004] C:\Windows\syswow64\KERNELBASE.dll!CreateThread 00000000750e45fb 5 bytes JMP 00000001741e3211 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe[5004] C:\Windows\syswow64\KERNELBASE.dll!CreateRemoteThread 00000000750e4624 5 bytes JMP 00000001741e2b51 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe[5004] C:\Windows\syswow64\KERNELBASE.dll!CreateFileA 00000000750ec72c 5 bytes JMP 00000001741e26d1 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe[5004] C:\Windows\syswow64\USER32.dll!GetMessageW 00000000767a78e2 5 bytes JMP 00000001741e4021 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe[5004] C:\Windows\syswow64\USER32.dll!GetMessageA 00000000767a7bd3 5 bytes JMP 00000001741e3f91 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe[5004] C:\Windows\syswow64\USER32.dll!CreateWindowExW 00000000767a8a29 5 bytes JMP 00000001741e52b1 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe[5004] C:\Windows\syswow64\USER32.dll!FindWindowW 00000000767a98fd 5 bytes JMP 00000001741e5cd1 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe[5004] C:\Windows\syswow64\USER32.dll!UserClientDllInitialize 00000000767ab6ed 5 bytes JMP 00000001741e6811 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe[5004] C:\Windows\syswow64\USER32.dll!CreateWindowExA 00000000767ad22e 5 bytes JMP 00000001741e5341 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe[5004] C:\Windows\syswow64\USER32.dll!FindWindowA 00000000767affe6 5 bytes JMP 00000001741e5bb1 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe[5004] C:\Windows\syswow64\USER32.dll!FindWindowExA 00000000767b00d9 5 bytes JMP 00000001741e5c41 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe[5004] C:\Windows\syswow64\USER32.dll!PeekMessageW 00000000767b05ba 5 bytes JMP 00000001741e4141 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe[5004] C:\Windows\syswow64\USER32.dll!ShowWindow 00000000767b0dfb 5 bytes JMP 00000001741e53d1 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe[5004] C:\Windows\syswow64\USER32.dll!PostMessageW 00000000767b12a5 5 bytes JMP 00000001741e64b1 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe[5004] C:\Windows\syswow64\USER32.dll!SetWindowTextW 00000000767b20ec 5 bytes JMP 00000001741e5731 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe[5004] C:\Windows\syswow64\USER32.dll!PostMessageA 00000000767b3baa 5 bytes JMP 00000001741e6421 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe[5004] C:\Windows\syswow64\USER32.dll!PeekMessageA 00000000767b5f74 5 bytes JMP 00000001741e40b1 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe[5004] C:\Windows\syswow64\USER32.dll!CallNextHookEx 00000000767b6285 5 bytes JMP 00000001741e4771 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe[5004] C:\Windows\syswow64\USER32.dll!SetWindowsHookExW 00000000767b7603 5 bytes JMP 00000001741e2ac1 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe[5004] C:\Windows\syswow64\USER32.dll!SetWindowTextA 00000000767b7aee 5 bytes JMP 00000001741e56a1 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe[5004] C:\Windows\syswow64\USER32.dll!SetWindowsHookExA 00000000767b835c 5 bytes JMP 00000001741e2a31 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe[5004] C:\Windows\syswow64\USER32.dll!DialogBoxIndirectParamAorW 00000000767cce54 5 bytes JMP 00000001741e54f1 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe[5004] C:\Windows\syswow64\USER32.dll!UnhookWindowsHookEx 00000000767cf52b 5 bytes JMP 00000001741e4801 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe[5004] C:\Windows\syswow64\USER32.dll!FindWindowExW 00000000767cf588 5 bytes JMP 00000001741e5d61 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe[5004] C:\Windows\syswow64\USER32.dll!CreateDialogIndirectParamAorW 00000000767d10a0 5 bytes JMP 00000001741e5461 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe[5004] C:\Windows\syswow64\USER32.dll!MessageBoxExA 00000000767ffcd6 5 bytes JMP 00000001741e5581 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe[5004] C:\Windows\syswow64\USER32.dll!MessageBoxExW 00000000767ffcfa 5 bytes JMP 00000001741e5611 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe[4972] C:\Windows\SysWOW64\ntdll.dll!NtWriteFile 000000007738f908 5 bytes JMP 00000001741e6661 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe[4972] C:\Windows\SysWOW64\ntdll.dll!NtClose 000000007738f9c0 5 bytes JMP 00000001741e5f11 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe[4972] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationProcess 000000007738fb08 5 bytes JMP 00000001741e5971 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe[4972] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess 000000007738fc00 5 bytes JMP 00000001741e3061 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe[4972] C:\Windows\SysWOW64\ntdll.dll!NtMapViewOfSection 000000007738fc30 5 bytes JMP 00000001741e15f1 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe[4972] C:\Windows\SysWOW64\ntdll.dll!NtUnmapViewOfSection 000000007738fc60 5 bytes JMP 00000001741e1681 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe[4972] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 000000007738fc90 5 bytes JMP 00000001741e58e1 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe[4972] C:\Windows\SysWOW64\ntdll.dll!NtOpenSection 000000007738fda8 5 bytes JMP 00000001741e65d1 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe[4972] C:\Windows\SysWOW64\ntdll.dll!NtWriteVirtualMemory 000000007738fdf4 5 bytes JMP 00000001741e2f41 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe[4972] C:\Windows\SysWOW64\ntdll.dll!NtDuplicateObject 000000007738fe24 5 bytes JMP 00000001741e3181 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe[4972] C:\Windows\SysWOW64\ntdll.dll!NtQueueApcThread 000000007738ff04 5 bytes JMP 00000001741e30f1 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe[4972] C:\Windows\SysWOW64\ntdll.dll!NtCreateSection 000000007738ff84 5 bytes JMP 00000001741e66f1 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe[4972] C:\Windows\SysWOW64\ntdll.dll!NtCreateProcessEx 000000007738ffcc 5 bytes JMP 00000001741e2d91 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe[4972] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread 000000007738ffe4 5 bytes JMP 00000001741e2c71 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe[4972] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile 0000000077390094 5 bytes JMP 00000001741e1e61 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe[4972] C:\Windows\SysWOW64\ntdll.dll!NtSetValueKey 00000000773901a4 5 bytes JMP 00000001741e2251 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe[4972] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant 000000007739077c 5 bytes JMP 00000001741e6541 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe[4972] C:\Windows\SysWOW64\ntdll.dll!NtCreateProcess 00000000773907f4 5 bytes JMP 00000001741e2d01 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe[4972] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx 0000000077390884 5 bytes JMP 00000001741e2be1 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe[4972] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver 0000000077390dd4 5 bytes JMP 00000001741e5fa1 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe[4972] C:\Windows\SysWOW64\ntdll.dll!NtRaiseHardError 00000000773915e4 5 bytes JMP 00000001741e4651 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe[4972] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread 0000000077391900 5 bytes JMP 00000001741e2fd1 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe[4972] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation 0000000077391bc4 5 bytes JMP 00000001741e6031 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe[4972] C:\Windows\SysWOW64\ntdll.dll!NtSystemDebugControl 0000000077391d6c 5 bytes JMP 00000001741e6781 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe[4972] C:\Windows\SysWOW64\ntdll.dll!NtVdmControl 0000000077391ec8 5 bytes JMP 00000001741e6391 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe[4972] C:\Windows\SysWOW64\ntdll.dll!RtlQueryPerformanceCounter 00000000773a88a4 5 bytes JMP 00000001741e1a71 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe[4972] C:\Windows\SysWOW64\ntdll.dll!RtlCreateProcessParametersEx 00000000773d0cfb 5 bytes JMP 00000001741e1f81 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe[4972] C:\Windows\SysWOW64\ntdll.dll!RtlReportException 000000007741857f 5 bytes JMP 00000001741e46e1 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe[4972] C:\Windows\SysWOW64\ntdll.dll!RtlCreateProcessParameters 000000007741e81b 5 bytes JMP 00000001741e1ef1 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe[4972] C:\Windows\syswow64\kernel32.dll!GetStartupInfoA 00000000764a0e00 5 bytes JMP 00000001741e1d41 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe[4972] C:\Windows\syswow64\kernel32.dll!CreateProcessA 00000000764a1072 5 bytes JMP 00000001741e2911 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe[4972] C:\Windows\syswow64\kernel32.dll!LoadLibraryA 00000000764a49bf 5 bytes JMP 00000001741e2521 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe[4972] C:\Windows\syswow64\kernel32.dll!CreateProcessInternalW 00000000764b3bdb 5 bytes JMP 00000001741e2eb1 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe[4972] C:\Windows\syswow64\kernel32.dll!CreateToolhelp32Snapshot 00000000764c7347 5 bytes JMP 00000001741e2641 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe[4972] C:\Windows\syswow64\kernel32.dll!Process32NextW 00000000764c8954 5 bytes JMP 00000001741e5e81 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe[4972] C:\Windows\syswow64\kernel32.dll!WinExec 0000000076522c91 5 bytes JMP 00000001741e27f1 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe[4972] C:\Windows\syswow64\kernel32.dll!ReadConsoleInputA 0000000076546f6b 5 bytes JMP 00000001741e4261 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe[4972] C:\Windows\syswow64\kernel32.dll!ReadConsoleInputW 0000000076546f8e 5 bytes JMP 00000001741e4381 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe[4972] C:\Windows\syswow64\kernel32.dll!ReadConsoleA 0000000076547339 5 bytes JMP 00000001741e44a1 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe[4972] C:\Windows\syswow64\kernel32.dll!ReadConsoleW 00000000765473b2 5 bytes JMP 00000001741e45c1 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe[4972] C:\Windows\syswow64\KERNELBASE.dll!GetSystemTimeAsFileTime 00000000750d8f7d 5 bytes JMP 00000001741e19e1 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe[4972] C:\Windows\syswow64\KERNELBASE.dll!CloseHandle 00000000750dc428 5 bytes JMP 00000001741e37b1 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe[4972] C:\Windows\syswow64\KERNELBASE.dll!WriteProcessMemory 00000000750dec98 5 bytes JMP 00000001741e32a1 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe[4972] C:\Windows\syswow64\KERNELBASE.dll!ExitProcess 00000000750df1f8 4 bytes JMP 00000001741e22e1 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe[4972] C:\Windows\syswow64\KERNELBASE.dll!GetStartupInfoW 00000000750dfa7b 5 bytes JMP 00000001741e1dd1 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe[4972] C:\Windows\syswow64\KERNELBASE.dll!CreateMutexW 00000000750e134a 5 bytes JMP 00000001741e3721 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe[4972] C:\Windows\syswow64\KERNELBASE.dll!OpenMutexW 00000000750e1371 5 bytes JMP 00000001741e3691 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe[4972] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 00000000750e1d1b 5 bytes JMP 00000001741e1951 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe[4972] C:\Windows\syswow64\KERNELBASE.dll!GetProcAddress 00000000750e1e07 5 bytes JMP 00000001741e2401 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe[4972] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 00000000750e2aa4 5 bytes JMP 00000001741e5a91 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe[4972] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExA 00000000750e2ccc 5 bytes JMP 00000001741e5a01 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe[4972] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 00000000750e2d0a 5 bytes JMP 00000001741e5b21 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe[4972] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleA 00000000750e2e6d 5 bytes JMP 00000001741e18c1 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe[4972] C:\Windows\syswow64\KERNELBASE.dll!SleepEx 00000000750e3b63 5 bytes JMP 00000001741e21c1 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe[4972] C:\Windows\syswow64\KERNELBASE.dll!Sleep 00000000750e4489 5 bytes JMP 00000001741e2371 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe[4972] C:\Windows\syswow64\KERNELBASE.dll!CreateThread 00000000750e45fb 5 bytes JMP 00000001741e3211 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe[4972] C:\Windows\syswow64\KERNELBASE.dll!CreateRemoteThread 00000000750e4624 5 bytes JMP 00000001741e2b51 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe[4972] C:\Windows\syswow64\KERNELBASE.dll!CreateFileA 00000000750ec72c 5 bytes JMP 00000001741e26d1 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe[4972] C:\Windows\syswow64\USER32.dll!GetMessageW 00000000767a78e2 5 bytes JMP 00000001741e4021 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe[4972] C:\Windows\syswow64\USER32.dll!GetMessageA 00000000767a7bd3 5 bytes JMP 00000001741e3f91 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe[4972] C:\Windows\syswow64\USER32.dll!CreateWindowExW 00000000767a8a29 5 bytes JMP 00000001741e52b1 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe[4972] C:\Windows\syswow64\USER32.dll!FindWindowW 00000000767a98fd 5 bytes JMP 00000001741e5cd1 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe[4972] C:\Windows\syswow64\USER32.dll!UserClientDllInitialize 00000000767ab6ed 5 bytes JMP 00000001741e6811 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe[4972] C:\Windows\syswow64\USER32.dll!CreateWindowExA 00000000767ad22e 5 bytes JMP 00000001741e5341 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe[4972] C:\Windows\syswow64\USER32.dll!FindWindowA 00000000767affe6 5 bytes JMP 00000001741e5bb1 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe[4972] C:\Windows\syswow64\USER32.dll!FindWindowExA 00000000767b00d9 5 bytes JMP 00000001741e5c41 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe[4972] C:\Windows\syswow64\USER32.dll!PeekMessageW 00000000767b05ba 5 bytes JMP 00000001741e4141 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe[4972] C:\Windows\syswow64\USER32.dll!ShowWindow 00000000767b0dfb 5 bytes JMP 00000001741e53d1 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe[4972] C:\Windows\syswow64\USER32.dll!PostMessageW 00000000767b12a5 5 bytes JMP 00000001741e64b1 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe[4972] C:\Windows\syswow64\USER32.dll!SetWindowTextW 00000000767b20ec 5 bytes JMP 00000001741e5731 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe[4972] C:\Windows\syswow64\USER32.dll!PostMessageA 00000000767b3baa 5 bytes JMP 00000001741e6421 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe[4972] C:\Windows\syswow64\USER32.dll!PeekMessageA 00000000767b5f74 5 bytes JMP 00000001741e40b1 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe[4972] C:\Windows\syswow64\USER32.dll!CallNextHookEx 00000000767b6285 5 bytes JMP 00000001741e4771 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe[4972] C:\Windows\syswow64\USER32.dll!SetWindowsHookExW 00000000767b7603 5 bytes JMP 00000001741e2ac1 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe[4972] C:\Windows\syswow64\USER32.dll!SetWindowTextA 00000000767b7aee 5 bytes JMP 00000001741e56a1 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe[4972] C:\Windows\syswow64\USER32.dll!SetWindowsHookExA 00000000767b835c 5 bytes JMP 00000001741e2a31 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe[4972] C:\Windows\syswow64\USER32.dll!DialogBoxIndirectParamAorW 00000000767cce54 5 bytes JMP 00000001741e54f1 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe[4972] C:\Windows\syswow64\USER32.dll!UnhookWindowsHookEx 00000000767cf52b 5 bytes JMP 00000001741e4801 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe[4972] C:\Windows\syswow64\USER32.dll!FindWindowExW 00000000767cf588 5 bytes JMP 00000001741e5d61 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe[4972] C:\Windows\syswow64\USER32.dll!CreateDialogIndirectParamAorW 00000000767d10a0 5 bytes JMP 00000001741e5461 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe[4972] C:\Windows\syswow64\USER32.dll!MessageBoxExA 00000000767ffcd6 5 bytes JMP 00000001741e5581 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe[4972] C:\Windows\syswow64\USER32.dll!MessageBoxExW 00000000767ffcfa 5 bytes JMP 00000001741e5611 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe[4212] C:\Windows\SysWOW64\ntdll.dll!NtWriteFile 000000007738f908 5 bytes JMP 00000001741e6661 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe[4212] C:\Windows\SysWOW64\ntdll.dll!NtClose 000000007738f9c0 5 bytes JMP 00000001741e5f11 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe[4212] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationProcess 000000007738fb08 5 bytes JMP 00000001741e5971 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe[4212] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess 000000007738fc00 5 bytes JMP 00000001741e3061 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe[4212] C:\Windows\SysWOW64\ntdll.dll!NtMapViewOfSection 000000007738fc30 5 bytes JMP 00000001741e15f1 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe[4212] C:\Windows\SysWOW64\ntdll.dll!NtUnmapViewOfSection 000000007738fc60 5 bytes JMP 00000001741e1681 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe[4212] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 000000007738fc90 5 bytes JMP 00000001741e58e1 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe[4212] C:\Windows\SysWOW64\ntdll.dll!NtOpenSection 000000007738fda8 5 bytes JMP 00000001741e65d1 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe[4212] C:\Windows\SysWOW64\ntdll.dll!NtWriteVirtualMemory 000000007738fdf4 5 bytes JMP 00000001741e2f41 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe[4212] C:\Windows\SysWOW64\ntdll.dll!NtDuplicateObject 000000007738fe24 5 bytes JMP 00000001741e3181 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe[4212] C:\Windows\SysWOW64\ntdll.dll!NtQueueApcThread 000000007738ff04 5 bytes JMP 00000001741e30f1 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe[4212] C:\Windows\SysWOW64\ntdll.dll!NtCreateSection 000000007738ff84 5 bytes JMP 00000001741e66f1 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe[4212] C:\Windows\SysWOW64\ntdll.dll!NtCreateProcessEx 000000007738ffcc 5 bytes JMP 00000001741e2d91 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe[4212] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread 000000007738ffe4 5 bytes JMP 00000001741e2c71 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe[4212] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile 0000000077390094 5 bytes JMP 00000001741e1e61 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe[4212] C:\Windows\SysWOW64\ntdll.dll!NtSetValueKey 00000000773901a4 5 bytes JMP 00000001741e2251 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe[4212] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant 000000007739077c 5 bytes JMP 00000001741e6541 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe[4212] C:\Windows\SysWOW64\ntdll.dll!NtCreateProcess 00000000773907f4 5 bytes JMP 00000001741e2d01 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe[4212] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx 0000000077390884 5 bytes JMP 00000001741e2be1 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe[4212] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver 0000000077390dd4 5 bytes JMP 00000001741e5fa1 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe[4212] C:\Windows\SysWOW64\ntdll.dll!NtRaiseHardError 00000000773915e4 5 bytes JMP 00000001741e4651 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe[4212] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread 0000000077391900 5 bytes JMP 00000001741e2fd1 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe[4212] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation 0000000077391bc4 5 bytes JMP 00000001741e6031 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe[4212] C:\Windows\SysWOW64\ntdll.dll!NtSystemDebugControl 0000000077391d6c 5 bytes JMP 00000001741e6781 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe[4212] C:\Windows\SysWOW64\ntdll.dll!NtVdmControl 0000000077391ec8 5 bytes JMP 00000001741e6391 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe[4212] C:\Windows\SysWOW64\ntdll.dll!RtlQueryPerformanceCounter 00000000773a88a4 5 bytes JMP 00000001741e1a71 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe[4212] C:\Windows\SysWOW64\ntdll.dll!RtlCreateProcessParametersEx 00000000773d0cfb 5 bytes JMP 00000001741e1f81 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe[4212] C:\Windows\SysWOW64\ntdll.dll!RtlReportException 000000007741857f 5 bytes JMP 00000001741e46e1 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe[4212] C:\Windows\SysWOW64\ntdll.dll!RtlCreateProcessParameters 000000007741e81b 5 bytes JMP 00000001741e1ef1 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe[4212] C:\Windows\syswow64\kernel32.dll!GetStartupInfoA 00000000764a0e00 5 bytes JMP 00000001741e1d41 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe[4212] C:\Windows\syswow64\kernel32.dll!CreateProcessA 00000000764a1072 5 bytes JMP 00000001741e2911 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe[4212] C:\Windows\syswow64\kernel32.dll!LoadLibraryA 00000000764a49bf 5 bytes JMP 00000001741e2521 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe[4212] C:\Windows\syswow64\kernel32.dll!CreateProcessInternalW 00000000764b3bdb 5 bytes JMP 00000001741e2eb1 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe[4212] C:\Windows\syswow64\kernel32.dll!CreateToolhelp32Snapshot 00000000764c7347 5 bytes JMP 00000001741e2641 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe[4212] C:\Windows\syswow64\kernel32.dll!Process32NextW 00000000764c8954 5 bytes JMP 00000001741e5e81 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe[4212] C:\Windows\syswow64\kernel32.dll!WinExec 0000000076522c91 5 bytes JMP 00000001741e27f1 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe[4212] C:\Windows\syswow64\kernel32.dll!ReadConsoleInputA 0000000076546f6b 5 bytes JMP 00000001741e4261 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe[4212] C:\Windows\syswow64\kernel32.dll!ReadConsoleInputW 0000000076546f8e 5 bytes JMP 00000001741e4381 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe[4212] C:\Windows\syswow64\kernel32.dll!ReadConsoleA 0000000076547339 5 bytes JMP 00000001741e44a1 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe[4212] C:\Windows\syswow64\kernel32.dll!ReadConsoleW 00000000765473b2 5 bytes JMP 00000001741e45c1 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe[4212] C:\Windows\syswow64\KERNELBASE.dll!GetSystemTimeAsFileTime 00000000750d8f7d 5 bytes JMP 00000001741e19e1 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe[4212] C:\Windows\syswow64\KERNELBASE.dll!CloseHandle 00000000750dc428 5 bytes JMP 00000001741e37b1 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe[4212] C:\Windows\syswow64\KERNELBASE.dll!WriteProcessMemory 00000000750dec98 5 bytes JMP 00000001741e32a1 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe[4212] C:\Windows\syswow64\KERNELBASE.dll!ExitProcess 00000000750df1f8 4 bytes JMP 00000001741e22e1 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe[4212] C:\Windows\syswow64\KERNELBASE.dll!GetStartupInfoW 00000000750dfa7b 5 bytes JMP 00000001741e1dd1 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe[4212] C:\Windows\syswow64\KERNELBASE.dll!CreateMutexW 00000000750e134a 5 bytes JMP 00000001741e3721 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe[4212] C:\Windows\syswow64\KERNELBASE.dll!OpenMutexW 00000000750e1371 5 bytes JMP 00000001741e3691 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe[4212] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 00000000750e1d1b 5 bytes JMP 00000001741e1951 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe[4212] C:\Windows\syswow64\KERNELBASE.dll!GetProcAddress 00000000750e1e07 5 bytes JMP 00000001741e2401 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe[4212] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 00000000750e2aa4 5 bytes JMP 00000001741e5a91 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe[4212] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExA 00000000750e2ccc 5 bytes JMP 00000001741e5a01 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe[4212] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 00000000750e2d0a 5 bytes JMP 00000001741e5b21 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe[4212] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleA 00000000750e2e6d 5 bytes JMP 00000001741e18c1 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe[4212] C:\Windows\syswow64\KERNELBASE.dll!SleepEx 00000000750e3b63 5 bytes JMP 00000001741e21c1 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe[4212] C:\Windows\syswow64\KERNELBASE.dll!Sleep 00000000750e4489 5 bytes JMP 00000001741e2371 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe[4212] C:\Windows\syswow64\KERNELBASE.dll!CreateThread 00000000750e45fb 5 bytes JMP 00000001741e3211 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe[4212] C:\Windows\syswow64\KERNELBASE.dll!CreateRemoteThread 00000000750e4624 5 bytes JMP 00000001741e2b51 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe[4212] C:\Windows\syswow64\KERNELBASE.dll!CreateFileA 00000000750ec72c 5 bytes JMP 00000001741e26d1 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe[4212] C:\Windows\syswow64\USER32.dll!GetMessageW 00000000767a78e2 5 bytes JMP 00000001741e4021 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe[4212] C:\Windows\syswow64\USER32.dll!GetMessageA 00000000767a7bd3 5 bytes JMP 00000001741e3f91 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe[4212] C:\Windows\syswow64\USER32.dll!CreateWindowExW 00000000767a8a29 5 bytes JMP 00000001741e52b1 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe[4212] C:\Windows\syswow64\USER32.dll!FindWindowW 00000000767a98fd 5 bytes JMP 00000001741e5cd1 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe[4212] C:\Windows\syswow64\USER32.dll!UserClientDllInitialize 00000000767ab6ed 5 bytes JMP 00000001741e6811 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe[4212] C:\Windows\syswow64\USER32.dll!CreateWindowExA 00000000767ad22e 5 bytes JMP 00000001741e5341 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe[4212] C:\Windows\syswow64\USER32.dll!FindWindowA 00000000767affe6 5 bytes JMP 00000001741e5bb1 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe[4212] C:\Windows\syswow64\USER32.dll!FindWindowExA 00000000767b00d9 5 bytes JMP 00000001741e5c41 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe[4212] C:\Windows\syswow64\USER32.dll!PeekMessageW 00000000767b05ba 5 bytes JMP 00000001741e4141 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe[4212] C:\Windows\syswow64\USER32.dll!ShowWindow 00000000767b0dfb 5 bytes JMP 00000001741e53d1 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe[4212] C:\Windows\syswow64\USER32.dll!PostMessageW 00000000767b12a5 5 bytes JMP 00000001741e64b1 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe[4212] C:\Windows\syswow64\USER32.dll!SetWindowTextW 00000000767b20ec 5 bytes JMP 00000001741e5731 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe[4212] C:\Windows\syswow64\USER32.dll!PostMessageA 00000000767b3baa 5 bytes JMP 00000001741e6421 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe[4212] C:\Windows\syswow64\USER32.dll!PeekMessageA 00000000767b5f74 5 bytes JMP 00000001741e40b1 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe[4212] C:\Windows\syswow64\USER32.dll!CallNextHookEx 00000000767b6285 5 bytes JMP 00000001741e4771 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe[4212] C:\Windows\syswow64\USER32.dll!SetWindowsHookExW 00000000767b7603 5 bytes JMP 00000001741e2ac1 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe[4212] C:\Windows\syswow64\USER32.dll!SetWindowTextA 00000000767b7aee 5 bytes JMP 00000001741e56a1 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe[4212] C:\Windows\syswow64\USER32.dll!SetWindowsHookExA 00000000767b835c 5 bytes JMP 00000001741e2a31 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe[4212] C:\Windows\syswow64\USER32.dll!DialogBoxIndirectParamAorW 00000000767cce54 5 bytes JMP 00000001741e54f1 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe[4212] C:\Windows\syswow64\USER32.dll!UnhookWindowsHookEx 00000000767cf52b 5 bytes JMP 00000001741e4801 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe[4212] C:\Windows\syswow64\USER32.dll!FindWindowExW 00000000767cf588 5 bytes JMP 00000001741e5d61 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe[4212] C:\Windows\syswow64\USER32.dll!CreateDialogIndirectParamAorW 00000000767d10a0 5 bytes JMP 00000001741e5461 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe[4212] C:\Windows\syswow64\USER32.dll!MessageBoxExA 00000000767ffcd6 5 bytes JMP 00000001741e5581 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe[4212] C:\Windows\syswow64\USER32.dll!MessageBoxExW 00000000767ffcfa 5 bytes JMP 00000001741e5611 .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[4268] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateProcessParametersEx + 1 00000000771c92a1 5 bytes [B8, F9, 63, C1, 75] .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[4268] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateProcessParametersEx + 7 00000000771c92a7 5 bytes [00, 00, 00, 50, C3] .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[4268] C:\Windows\SYSTEM32\ntdll.dll!NtWriteFile 00000000771e1390 6 bytes [48, B8, 79, EC, C1, 75] .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[4268] C:\Windows\SYSTEM32\ntdll.dll!NtWriteFile + 8 00000000771e1398 4 bytes [00, 00, 50, C3] .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[4268] C:\Windows\SYSTEM32\ntdll.dll!NtClose 00000000771e1400 6 bytes [48, B8, 79, D0, C1, 75] .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[4268] C:\Windows\SYSTEM32\ntdll.dll!NtClose + 8 00000000771e1408 4 bytes [00, 00, 50, C3] .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[4268] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess 00000000771e14d0 6 bytes [48, B8, 39, BD, C1, 75] .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[4268] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess + 8 00000000771e14d8 4 bytes [00, 00, 50, C3] .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[4268] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000771e1570 6 bytes [48, B8, F9, 32, C1, 75] .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[4268] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess + 8 00000000771e1578 4 bytes [00, 00, 50, C3] .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[4268] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 00000000771e1590 6 bytes [48, B8, 39, 1C, C1, 75] .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[4268] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection + 8 00000000771e1598 4 bytes [00, 00, 50, C3] .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[4268] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection 00000000771e15b0 6 bytes [48, B8, F9, 1D, C1, 75] .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[4268] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection + 8 00000000771e15b8 4 bytes [00, 00, 50, C3] .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[4268] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000771e15d0 6 bytes [48, B8, 79, BB, C1, 75] .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[4268] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess + 8 00000000771e15d8 4 bytes [00, 00, 50, C3] .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[4268] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000771e1680 6 bytes [48, B8, F9, E8, C1, 75] .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[4268] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection + 8 00000000771e1688 4 bytes [00, 00, 50, C3] .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[4268] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000771e16b0 6 bytes [48, B8, 79, 2F, C1, 75] .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[4268] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory + 8 00000000771e16b8 4 bytes [00, 00, 50, C3] .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[4268] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000771e16d0 6 bytes [48, B8, 79, 36, C1, 75] .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[4268] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject + 8 00000000771e16d8 4 bytes [00, 00, 50, C3] .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[4268] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 00000000771e1760 6 bytes [48, B8, B9, 34, C1, 75] .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[4268] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread + 8 00000000771e1768 4 bytes [00, 00, 50, C3] .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[4268] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000771e17b0 6 bytes [48, B8, 39, EE, C1, 75] .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[4268] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection + 8 00000000771e17b8 4 bytes [00, 00, 50, C3] .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[4268] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcessEx 00000000771e17e0 6 bytes [48, B8, 39, 2A, C1, 75] .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[4268] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcessEx + 8 00000000771e17e8 4 bytes [00, 00, 50, C3] .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[4268] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000771e17f0 6 bytes [48, B8, B9, 26, C1, 75] .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[4268] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread + 8 00000000771e17f8 4 bytes [00, 00, 50, C3] .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[4268] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 00000000771e1860 6 bytes [48, B8, B9, EA, C1, 75] .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[4268] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile + 8 00000000771e1868 4 bytes [00, 00, 50, C3] .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[4268] C:\Windows\SYSTEM32\ntdll.dll!NtSetValueKey 00000000771e1910 6 bytes [48, B8, B9, F1, C1, 75] .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[4268] C:\Windows\SYSTEM32\ntdll.dll!NtSetValueKey + 8 00000000771e1918 4 bytes [00, 00, 50, C3] .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[4268] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000771e1ce0 6 bytes [48, B8, 39, E7, C1, 75] .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[4268] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant + 8 00000000771e1ce8 4 bytes [00, 00, 50, C3] .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[4268] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcess 00000000771e1d30 6 bytes [48, B8, 79, 28, C1, 75] .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[4268] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcess + 8 00000000771e1d38 4 bytes [00, 00, 50, C3] .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[4268] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000771e1d90 6 bytes [48, B8, F9, 24, C1, 75] .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[4268] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx + 8 00000000771e1d98 4 bytes [00, 00, 50, C3] .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[4268] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000771e2100 6 bytes [48, B8, 39, D2, C1, 75] .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[4268] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver + 8 00000000771e2108 4 bytes [00, 00, 50, C3] .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[4268] C:\Windows\SYSTEM32\ntdll.dll!NtRaiseHardError 00000000771e2640 6 bytes [48, B8, 39, 7E, C1, 75] .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[4268] C:\Windows\SYSTEM32\ntdll.dll!NtRaiseHardError + 8 00000000771e2648 4 bytes [00, 00, 50, C3] .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[4268] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000771e2840 6 bytes [48, B8, 39, 31, C1, 75] .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[4268] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread + 8 00000000771e2848 4 bytes [00, 00, 50, C3] .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[4268] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000771e2a00 6 bytes [48, B8, F9, D3, C1, 75] .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[4268] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation + 8 00000000771e2a08 4 bytes [00, 00, 50, C3] .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[4268] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000771e2b00 6 bytes [48, B8, F9, EF, C1, 75] .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[4268] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl + 8 00000000771e2b08 4 bytes [00, 00, 50, C3] .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[4268] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000771e2be0 6 bytes [48, B8, F9, E1, C1, 75] .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[4268] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl + 8 00000000771e2be8 4 bytes [00, 00, 50, C3] .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[4268] C:\Windows\SYSTEM32\ntdll.dll!RtlReportException + 1 00000000772531f1 11 bytes [B8, F9, 7F, C1, 75, 00, 00, ...] .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[4268] C:\Windows\system32\kernel32.dll!Process32NextW + 1 00000000770720f1 11 bytes [B8, B9, CE, C1, 75, 00, 00, ...] .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[4268] C:\Windows\system32\kernel32.dll!CreateToolhelp32Snapshot 00000000770721e0 12 bytes [48, B8, F9, 39, C1, 75, 00, ...] .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[4268] C:\Windows\system32\kernel32.dll!CreateProcessInternalW 000000007708e750 12 bytes [48, B8, B9, 2D, C1, 75, 00, ...] .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[4268] C:\Windows\system32\kernel32.dll!GetStartupInfoA + 1 0000000077091e31 11 bytes [B8, 39, E0, C1, 75, 00, 00, ...] .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[4268] C:\Windows\system32\kernel32.dll!ReadConsoleInputW + 1 00000000770c5011 11 bytes [B8, 79, 75, C1, 75, 00, 00, ...] .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[4268] C:\Windows\system32\kernel32.dll!ReadConsoleInputA + 1 00000000770c5031 11 bytes [B8, F9, 71, C1, 75, 00, 00, ...] .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[4268] C:\Windows\system32\kernel32.dll!ReadConsoleW 00000000770da560 12 bytes [48, B8, 79, 7C, C1, 75, 00, ...] .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[4268] C:\Windows\system32\kernel32.dll!ReadConsoleA 00000000770da670 12 bytes [48, B8, F9, 78, C1, 75, 00, ...] .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[4268] C:\Windows\system32\KERNELBASE.dll!CloseHandle + 1 000007fefd441861 11 bytes [B8, 39, 4D, C1, 75, 00, 00, ...] .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[4268] C:\Windows\system32\KERNELBASE.dll!GetProcAddress + 1 000007fefd4430f1 11 bytes [B8, 39, C4, C1, 75, 00, 00, ...] .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[4268] C:\Windows\system32\KERNELBASE.dll!CreateMutexW 000007fefd448b80 12 bytes [48, B8, 79, 4B, C1, 75, 00, ...] .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[4268] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd449940 12 bytes [48, B8, B9, C0, C1, 75, 00, ...] .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[4268] C:\Windows\system32\KERNELBASE.dll!FreeLibrary + 1 000007fefd449fb1 11 bytes [B8, 79, C2, C1, 75, 00, 00, ...] .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[4268] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExA + 1 000007fefd44bbb1 11 bytes [B8, F9, BE, C1, 75, 00, 00, ...] .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[4268] C:\Windows\system32\KERNELBASE.dll!OpenMutexW + 1 000007fefd4529c1 11 bytes [B8, B9, 49, C1, 75, 00, 00, ...] .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[4268] C:\Windows\system32\KERNELBASE.dll!WriteProcessMemory 000007fefd474320 12 bytes [48, B8, 79, 3D, C1, 75, 00, ...] .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[4268] C:\Windows\system32\KERNELBASE.dll!CreateRemoteThread + 1 000007fefd482841 8 bytes [B8, 39, 23, C1, 75, 00, 00, ...] .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[4268] C:\Windows\system32\KERNELBASE.dll!CreateRemoteThread + 10 000007fefd48284a 2 bytes [50, C3] .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[4268] C:\Windows\system32\KERNELBASE.dll!CreateThread + 1 000007fefd482881 11 bytes [B8, B9, 3B, C1, 75, 00, 00, ...] .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[4268] C:\Windows\SYSTEM32\sechost.dll!ControlService + 1 000007fefd77642d 11 bytes [B8, F9, 55, C1, 75, 00, 00, ...] .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[4268] C:\Windows\SYSTEM32\sechost.dll!OpenServiceW 000007fefd776484 12 bytes [48, B8, B9, 50, C1, 75, 00, ...] .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[4268] C:\Windows\SYSTEM32\sechost.dll!CloseServiceHandle + 1 000007fefd776519 11 bytes [B8, F9, 5C, C1, 75, 00, 00, ...] .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[4268] C:\Windows\SYSTEM32\sechost.dll!OpenServiceA 000007fefd776c34 12 bytes [48, B8, F9, 4E, C1, 75, 00, ...] .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[4268] C:\Windows\SYSTEM32\sechost.dll!DeleteService + 1 000007fefd777ab5 11 bytes [B8, B9, 57, C1, 75, 00, 00, ...] .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[4268] C:\Windows\SYSTEM32\sechost.dll!ControlServiceExA + 1 000007fefd778b01 11 bytes [B8, 79, 52, C1, 75, 00, 00, ...] .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[4268] C:\Windows\SYSTEM32\sechost.dll!ControlServiceExW + 1 000007fefd778c39 11 bytes [B8, 39, 54, C1, 75, 00, 00, ...] .text C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe[868] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateProcessParametersEx + 1 00000000771c92a1 5 bytes [B8, F9, 63, C1, 75] .text C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe[868] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateProcessParametersEx + 7 00000000771c92a7 5 bytes [00, 00, 00, 50, C3] .text C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe[868] C:\Windows\SYSTEM32\ntdll.dll!NtWriteFile 00000000771e1390 6 bytes [48, B8, 79, EC, C1, 75] .text C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe[868] C:\Windows\SYSTEM32\ntdll.dll!NtWriteFile + 8 00000000771e1398 4 bytes [00, 00, 50, C3] .text C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe[868] C:\Windows\SYSTEM32\ntdll.dll!NtClose 00000000771e1400 6 bytes [48, B8, 79, D0, C1, 75] .text C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe[868] C:\Windows\SYSTEM32\ntdll.dll!NtClose + 8 00000000771e1408 4 bytes [00, 00, 50, C3] .text C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe[868] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess 00000000771e14d0 6 bytes [48, B8, 39, BD, C1, 75] .text C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe[868] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess + 8 00000000771e14d8 4 bytes [00, 00, 50, C3] .text C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe[868] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000771e1570 6 bytes [48, B8, F9, 32, C1, 75] .text C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe[868] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess + 8 00000000771e1578 4 bytes [00, 00, 50, C3] .text C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe[868] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 00000000771e1590 6 bytes [48, B8, 39, 1C, C1, 75] .text C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe[868] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection + 8 00000000771e1598 4 bytes [00, 00, 50, C3] .text C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe[868] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection 00000000771e15b0 6 bytes [48, B8, F9, 1D, C1, 75] .text C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe[868] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection + 8 00000000771e15b8 4 bytes [00, 00, 50, C3] .text C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe[868] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000771e15d0 6 bytes [48, B8, 79, BB, C1, 75] .text C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe[868] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess + 8 00000000771e15d8 4 bytes [00, 00, 50, C3] .text C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe[868] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000771e1680 6 bytes [48, B8, F9, E8, C1, 75] .text C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe[868] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection + 8 00000000771e1688 4 bytes [00, 00, 50, C3] .text C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe[868] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000771e16b0 6 bytes [48, B8, 79, 2F, C1, 75] .text C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe[868] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory + 8 00000000771e16b8 4 bytes [00, 00, 50, C3] .text C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe[868] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000771e16d0 6 bytes [48, B8, 79, 36, C1, 75] .text C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe[868] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject + 8 00000000771e16d8 4 bytes [00, 00, 50, C3] .text C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe[868] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 00000000771e1760 6 bytes [48, B8, B9, 34, C1, 75] .text C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe[868] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread + 8 00000000771e1768 4 bytes [00, 00, 50, C3] .text C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe[868] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000771e17b0 6 bytes [48, B8, 39, EE, C1, 75] .text C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe[868] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection + 8 00000000771e17b8 4 bytes [00, 00, 50, C3] .text C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe[868] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcessEx 00000000771e17e0 6 bytes [48, B8, 39, 2A, C1, 75] .text C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe[868] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcessEx + 8 00000000771e17e8 4 bytes [00, 00, 50, C3] .text C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe[868] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000771e17f0 6 bytes [48, B8, B9, 26, C1, 75] .text C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe[868] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread + 8 00000000771e17f8 4 bytes [00, 00, 50, C3] .text C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe[868] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 00000000771e1860 6 bytes [48, B8, B9, EA, C1, 75] .text C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe[868] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile + 8 00000000771e1868 4 bytes [00, 00, 50, C3] .text C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe[868] C:\Windows\SYSTEM32\ntdll.dll!NtSetValueKey 00000000771e1910 6 bytes [48, B8, B9, F1, C1, 75] .text C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe[868] C:\Windows\SYSTEM32\ntdll.dll!NtSetValueKey + 8 00000000771e1918 4 bytes [00, 00, 50, C3] .text C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe[868] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000771e1ce0 6 bytes [48, B8, 39, E7, C1, 75] .text C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe[868] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant + 8 00000000771e1ce8 4 bytes [00, 00, 50, C3] .text C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe[868] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcess 00000000771e1d30 6 bytes [48, B8, 79, 28, C1, 75] .text C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe[868] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcess + 8 00000000771e1d38 4 bytes [00, 00, 50, C3] .text C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe[868] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000771e1d90 6 bytes [48, B8, F9, 24, C1, 75] .text C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe[868] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx + 8 00000000771e1d98 4 bytes [00, 00, 50, C3] .text C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe[868] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000771e2100 6 bytes [48, B8, 39, D2, C1, 75] .text C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe[868] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver + 8 00000000771e2108 4 bytes [00, 00, 50, C3] .text C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe[868] C:\Windows\SYSTEM32\ntdll.dll!NtRaiseHardError 00000000771e2640 6 bytes [48, B8, 39, 7E, C1, 75] .text C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe[868] C:\Windows\SYSTEM32\ntdll.dll!NtRaiseHardError + 8 00000000771e2648 4 bytes [00, 00, 50, C3] .text C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe[868] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000771e2840 6 bytes [48, B8, 39, 31, C1, 75] .text C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe[868] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread + 8 00000000771e2848 4 bytes [00, 00, 50, C3] .text C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe[868] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000771e2a00 6 bytes [48, B8, F9, D3, C1, 75] .text C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe[868] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation + 8 00000000771e2a08 4 bytes [00, 00, 50, C3] .text C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe[868] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000771e2b00 6 bytes [48, B8, F9, EF, C1, 75] .text C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe[868] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl + 8 00000000771e2b08 4 bytes [00, 00, 50, C3] .text C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe[868] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000771e2be0 6 bytes [48, B8, F9, E1, C1, 75] .text C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe[868] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl + 8 00000000771e2be8 4 bytes [00, 00, 50, C3] .text C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe[868] C:\Windows\SYSTEM32\ntdll.dll!RtlReportException + 1 00000000772531f1 11 bytes [B8, F9, 7F, C1, 75, 00, 00, ...] .text C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe[868] C:\Windows\system32\kernel32.dll!Process32NextW + 1 00000000770720f1 11 bytes [B8, B9, CE, C1, 75, 00, 00, ...] .text C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe[868] C:\Windows\system32\kernel32.dll!CreateToolhelp32Snapshot 00000000770721e0 12 bytes [48, B8, F9, 39, C1, 75, 00, ...] .text C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe[868] C:\Windows\system32\kernel32.dll!CreateProcessInternalW 000000007708e750 12 bytes [48, B8, B9, 2D, C1, 75, 00, ...] .text C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe[868] C:\Windows\system32\kernel32.dll!GetStartupInfoA + 1 0000000077091e31 11 bytes [B8, 39, E0, C1, 75, 00, 00, ...] .text C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe[868] C:\Windows\system32\kernel32.dll!ReadConsoleInputW + 1 00000000770c5011 11 bytes [B8, 79, 75, C1, 75, 00, 00, ...] .text C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe[868] C:\Windows\system32\kernel32.dll!ReadConsoleInputA + 1 00000000770c5031 11 bytes [B8, F9, 71, C1, 75, 00, 00, ...] .text C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe[868] C:\Windows\system32\kernel32.dll!ReadConsoleW 00000000770da560 12 bytes [48, B8, 79, 7C, C1, 75, 00, ...] .text C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe[868] C:\Windows\system32\kernel32.dll!ReadConsoleA 00000000770da670 12 bytes [48, B8, F9, 78, C1, 75, 00, ...] .text C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe[868] C:\Windows\system32\KERNELBASE.dll!CloseHandle + 1 000007fefd441861 11 bytes [B8, 39, 4D, C1, 75, 00, 00, ...] .text C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe[868] C:\Windows\system32\KERNELBASE.dll!GetProcAddress + 1 000007fefd4430f1 11 bytes [B8, 39, C4, C1, 75, 00, 00, ...] .text C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe[868] C:\Windows\system32\KERNELBASE.dll!CreateMutexW 000007fefd448b80 12 bytes [48, B8, 79, 4B, C1, 75, 00, ...] .text C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe[868] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd449940 12 bytes [48, B8, B9, C0, C1, 75, 00, ...] .text C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe[868] C:\Windows\system32\KERNELBASE.dll!FreeLibrary + 1 000007fefd449fb1 11 bytes [B8, 79, C2, C1, 75, 00, 00, ...] .text C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe[868] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExA + 1 000007fefd44bbb1 11 bytes [B8, F9, BE, C1, 75, 00, 00, ...] .text C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe[868] C:\Windows\system32\KERNELBASE.dll!OpenMutexW + 1 000007fefd4529c1 11 bytes [B8, B9, 49, C1, 75, 00, 00, ...] .text C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe[868] C:\Windows\system32\KERNELBASE.dll!WriteProcessMemory 000007fefd474320 12 bytes [48, B8, 79, 3D, C1, 75, 00, ...] .text C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe[868] C:\Windows\system32\KERNELBASE.dll!CreateRemoteThread + 1 000007fefd482841 8 bytes [B8, 39, 23, C1, 75, 00, 00, ...] .text C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe[868] C:\Windows\system32\KERNELBASE.dll!CreateRemoteThread + 10 000007fefd48284a 2 bytes [50, C3] .text C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe[868] C:\Windows\system32\KERNELBASE.dll!CreateThread + 1 000007fefd482881 11 bytes [B8, B9, 3B, C1, 75, 00, 00, ...] .text C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe[868] C:\Windows\system32\WS2_32.dll!WSASend + 1 000007fefe5a13b1 11 bytes [B8, B9, B9, C1, 75, 00, 00, ...] .text C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe[868] C:\Windows\system32\WS2_32.dll!closesocket 000007fefe5a18e0 12 bytes [48, B8, F9, B7, C1, 75, 00, ...] .text C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe[868] C:\Windows\system32\WS2_32.dll!WSASocketW + 1 000007fefe5a1bd1 11 bytes [B8, 39, B6, C1, 75, 00, 00, ...] .text C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe[868] C:\Windows\system32\WS2_32.dll!WSARecv + 1 000007fefe5a2201 11 bytes [B8, B9, DC, C1, 75, 00, 00, ...] .text C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe[868] C:\Windows\system32\WS2_32.dll!GetAddrInfoW 000007fefe5a23c0 12 bytes [48, B8, 39, A1, C1, 75, 00, ...] .text C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe[868] C:\Windows\system32\WS2_32.dll!connect 000007fefe5a45c0 12 bytes [48, B8, 39, 62, C1, 75, 00, ...] .text C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe[868] C:\Windows\system32\WS2_32.dll!send + 1 000007fefe5a8001 11 bytes [B8, 79, B4, C1, 75, 00, 00, ...] .text C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe[868] C:\Windows\system32\WS2_32.dll!gethostbyname 000007fefe5a8df0 7 bytes [48, B8, F9, A2, C1, 75, 00] .text C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe[868] C:\Windows\system32\WS2_32.dll!gethostbyname + 9 000007fefe5a8df9 3 bytes [00, 50, C3] .text C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe[868] C:\Windows\system32\WS2_32.dll!socket + 1 000007fefe5ade91 11 bytes [B8, B9, D5, C1, 75, 00, 00, ...] .text C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe[868] C:\Windows\system32\WS2_32.dll!recv + 1 000007fefe5adf41 11 bytes [B8, F9, DA, C1, 75, 00, 00, ...] .text C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe[868] C:\Windows\system32\WS2_32.dll!WSAConnect + 1 000007fefe5ce0f1 11 bytes [B8, 39, D9, C1, 75, 00, 00, ...] .text C:\Program Files\Elantech\ETDCtrl.exe[4568] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateProcessParametersEx + 1 00000000771c92a1 5 bytes [B8, F9, 63, C1, 75] .text C:\Program Files\Elantech\ETDCtrl.exe[4568] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateProcessParametersEx + 7 00000000771c92a7 5 bytes [00, 00, 00, 50, C3] .text C:\Program Files\Elantech\ETDCtrl.exe[4568] C:\Windows\SYSTEM32\ntdll.dll!NtWriteFile 00000000771e1390 6 bytes [48, B8, 79, EC, C1, 75] .text C:\Program Files\Elantech\ETDCtrl.exe[4568] C:\Windows\SYSTEM32\ntdll.dll!NtWriteFile + 8 00000000771e1398 4 bytes [00, 00, 50, C3] .text C:\Program Files\Elantech\ETDCtrl.exe[4568] C:\Windows\SYSTEM32\ntdll.dll!NtClose 00000000771e1400 6 bytes [48, B8, 79, D0, C1, 75] .text C:\Program Files\Elantech\ETDCtrl.exe[4568] C:\Windows\SYSTEM32\ntdll.dll!NtClose + 8 00000000771e1408 4 bytes [00, 00, 50, C3] .text C:\Program Files\Elantech\ETDCtrl.exe[4568] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess 00000000771e14d0 6 bytes [48, B8, 39, BD, C1, 75] .text C:\Program Files\Elantech\ETDCtrl.exe[4568] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess + 8 00000000771e14d8 4 bytes [00, 00, 50, C3] .text C:\Program Files\Elantech\ETDCtrl.exe[4568] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000771e1570 6 bytes [48, B8, F9, 32, C1, 75] .text C:\Program Files\Elantech\ETDCtrl.exe[4568] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess + 8 00000000771e1578 4 bytes [00, 00, 50, C3] .text C:\Program Files\Elantech\ETDCtrl.exe[4568] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 00000000771e1590 6 bytes [48, B8, 39, 1C, C1, 75] .text C:\Program Files\Elantech\ETDCtrl.exe[4568] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection + 8 00000000771e1598 4 bytes [00, 00, 50, C3] .text C:\Program Files\Elantech\ETDCtrl.exe[4568] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection 00000000771e15b0 6 bytes [48, B8, F9, 1D, C1, 75] .text C:\Program Files\Elantech\ETDCtrl.exe[4568] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection + 8 00000000771e15b8 4 bytes [00, 00, 50, C3] .text C:\Program Files\Elantech\ETDCtrl.exe[4568] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000771e15d0 6 bytes [48, B8, 79, BB, C1, 75] .text C:\Program Files\Elantech\ETDCtrl.exe[4568] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess + 8 00000000771e15d8 4 bytes [00, 00, 50, C3] .text C:\Program Files\Elantech\ETDCtrl.exe[4568] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000771e1680 6 bytes [48, B8, F9, E8, C1, 75] .text C:\Program Files\Elantech\ETDCtrl.exe[4568] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection + 8 00000000771e1688 4 bytes [00, 00, 50, C3] .text C:\Program Files\Elantech\ETDCtrl.exe[4568] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000771e16b0 6 bytes [48, B8, 79, 2F, C1, 75] .text C:\Program Files\Elantech\ETDCtrl.exe[4568] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory + 8 00000000771e16b8 4 bytes [00, 00, 50, C3] .text C:\Program Files\Elantech\ETDCtrl.exe[4568] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000771e16d0 6 bytes [48, B8, 79, 36, C1, 75] .text C:\Program Files\Elantech\ETDCtrl.exe[4568] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject + 8 00000000771e16d8 4 bytes [00, 00, 50, C3] .text C:\Program Files\Elantech\ETDCtrl.exe[4568] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 00000000771e1760 6 bytes [48, B8, B9, 34, C1, 75] .text C:\Program Files\Elantech\ETDCtrl.exe[4568] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread + 8 00000000771e1768 4 bytes [00, 00, 50, C3] .text C:\Program Files\Elantech\ETDCtrl.exe[4568] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000771e17b0 6 bytes [48, B8, 39, EE, C1, 75] .text C:\Program Files\Elantech\ETDCtrl.exe[4568] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection + 8 00000000771e17b8 4 bytes [00, 00, 50, C3] .text C:\Program Files\Elantech\ETDCtrl.exe[4568] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcessEx 00000000771e17e0 6 bytes [48, B8, 39, 2A, C1, 75] .text C:\Program Files\Elantech\ETDCtrl.exe[4568] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcessEx + 8 00000000771e17e8 4 bytes [00, 00, 50, C3] .text C:\Program Files\Elantech\ETDCtrl.exe[4568] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000771e17f0 6 bytes [48, B8, B9, 26, C1, 75] .text C:\Program Files\Elantech\ETDCtrl.exe[4568] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread + 8 00000000771e17f8 4 bytes [00, 00, 50, C3] .text C:\Program Files\Elantech\ETDCtrl.exe[4568] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 00000000771e1860 6 bytes [48, B8, B9, EA, C1, 75] .text C:\Program Files\Elantech\ETDCtrl.exe[4568] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile + 8 00000000771e1868 4 bytes [00, 00, 50, C3] .text C:\Program Files\Elantech\ETDCtrl.exe[4568] C:\Windows\SYSTEM32\ntdll.dll!NtSetValueKey 00000000771e1910 6 bytes [48, B8, B9, F1, C1, 75] .text C:\Program Files\Elantech\ETDCtrl.exe[4568] C:\Windows\SYSTEM32\ntdll.dll!NtSetValueKey + 8 00000000771e1918 4 bytes [00, 00, 50, C3] .text C:\Program Files\Elantech\ETDCtrl.exe[4568] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000771e1ce0 6 bytes [48, B8, 39, E7, C1, 75] .text C:\Program Files\Elantech\ETDCtrl.exe[4568] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant + 8 00000000771e1ce8 4 bytes [00, 00, 50, C3] .text C:\Program Files\Elantech\ETDCtrl.exe[4568] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcess 00000000771e1d30 6 bytes [48, B8, 79, 28, C1, 75] .text C:\Program Files\Elantech\ETDCtrl.exe[4568] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcess + 8 00000000771e1d38 4 bytes [00, 00, 50, C3] .text C:\Program Files\Elantech\ETDCtrl.exe[4568] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000771e1d90 6 bytes [48, B8, F9, 24, C1, 75] .text C:\Program Files\Elantech\ETDCtrl.exe[4568] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx + 8 00000000771e1d98 4 bytes [00, 00, 50, C3] .text C:\Program Files\Elantech\ETDCtrl.exe[4568] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000771e2100 6 bytes [48, B8, 39, D2, C1, 75] .text C:\Program Files\Elantech\ETDCtrl.exe[4568] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver + 8 00000000771e2108 4 bytes [00, 00, 50, C3] .text C:\Program Files\Elantech\ETDCtrl.exe[4568] C:\Windows\SYSTEM32\ntdll.dll!NtRaiseHardError 00000000771e2640 6 bytes [48, B8, 39, 7E, C1, 75] .text C:\Program Files\Elantech\ETDCtrl.exe[4568] C:\Windows\SYSTEM32\ntdll.dll!NtRaiseHardError + 8 00000000771e2648 4 bytes [00, 00, 50, C3] .text C:\Program Files\Elantech\ETDCtrl.exe[4568] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000771e2840 6 bytes [48, B8, 39, 31, C1, 75] .text C:\Program Files\Elantech\ETDCtrl.exe[4568] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread + 8 00000000771e2848 4 bytes [00, 00, 50, C3] .text C:\Program Files\Elantech\ETDCtrl.exe[4568] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000771e2a00 6 bytes [48, B8, F9, D3, C1, 75] .text C:\Program Files\Elantech\ETDCtrl.exe[4568] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation + 8 00000000771e2a08 4 bytes [00, 00, 50, C3] .text C:\Program Files\Elantech\ETDCtrl.exe[4568] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000771e2b00 6 bytes [48, B8, F9, EF, C1, 75] .text C:\Program Files\Elantech\ETDCtrl.exe[4568] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl + 8 00000000771e2b08 4 bytes [00, 00, 50, C3] .text C:\Program Files\Elantech\ETDCtrl.exe[4568] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000771e2be0 6 bytes [48, B8, F9, E1, C1, 75] .text C:\Program Files\Elantech\ETDCtrl.exe[4568] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl + 8 00000000771e2be8 4 bytes [00, 00, 50, C3] .text C:\Program Files\Elantech\ETDCtrl.exe[4568] C:\Windows\SYSTEM32\ntdll.dll!RtlReportException + 1 00000000772531f1 11 bytes [B8, F9, 7F, C1, 75, 00, 00, ...] .text C:\Program Files\Elantech\ETDCtrl.exe[4568] C:\Windows\system32\kernel32.dll!Process32NextW + 1 00000000770720f1 11 bytes [B8, B9, CE, C1, 75, 00, 00, ...] .text C:\Program Files\Elantech\ETDCtrl.exe[4568] C:\Windows\system32\kernel32.dll!CreateToolhelp32Snapshot 00000000770721e0 12 bytes [48, B8, F9, 39, C1, 75, 00, ...] .text C:\Program Files\Elantech\ETDCtrl.exe[4568] C:\Windows\system32\kernel32.dll!CreateProcessInternalW 000000007708e750 12 bytes [48, B8, B9, 2D, C1, 75, 00, ...] .text C:\Program Files\Elantech\ETDCtrl.exe[4568] C:\Windows\system32\kernel32.dll!GetStartupInfoA + 1 0000000077091e31 11 bytes [B8, 39, E0, C1, 75, 00, 00, ...] .text C:\Program Files\Elantech\ETDCtrl.exe[4568] C:\Windows\system32\kernel32.dll!ReadConsoleInputW + 1 00000000770c5011 11 bytes [B8, 79, 75, C1, 75, 00, 00, ...] .text C:\Program Files\Elantech\ETDCtrl.exe[4568] C:\Windows\system32\kernel32.dll!ReadConsoleInputA + 1 00000000770c5031 11 bytes [B8, F9, 71, C1, 75, 00, 00, ...] .text C:\Program Files\Elantech\ETDCtrl.exe[4568] C:\Windows\system32\kernel32.dll!ReadConsoleW 00000000770da560 12 bytes [48, B8, 79, 7C, C1, 75, 00, ...] .text C:\Program Files\Elantech\ETDCtrl.exe[4568] C:\Windows\system32\kernel32.dll!ReadConsoleA 00000000770da670 12 bytes [48, B8, F9, 78, C1, 75, 00, ...] .text C:\Program Files\Elantech\ETDCtrl.exe[4568] C:\Windows\system32\KERNELBASE.dll!CloseHandle + 1 000007fefd441861 11 bytes [B8, 39, 4D, C1, 75, 00, 00, ...] .text C:\Program Files\Elantech\ETDCtrl.exe[4568] C:\Windows\system32\KERNELBASE.dll!GetProcAddress + 1 000007fefd4430f1 11 bytes [B8, 39, C4, C1, 75, 00, 00, ...] .text C:\Program Files\Elantech\ETDCtrl.exe[4568] C:\Windows\system32\KERNELBASE.dll!CreateMutexW 000007fefd448b80 12 bytes [48, B8, 79, 4B, C1, 75, 00, ...] .text C:\Program Files\Elantech\ETDCtrl.exe[4568] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd449940 12 bytes [48, B8, B9, C0, C1, 75, 00, ...] .text C:\Program Files\Elantech\ETDCtrl.exe[4568] C:\Windows\system32\KERNELBASE.dll!FreeLibrary + 1 000007fefd449fb1 11 bytes [B8, 79, C2, C1, 75, 00, 00, ...] .text C:\Program Files\Elantech\ETDCtrl.exe[4568] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExA + 1 000007fefd44bbb1 11 bytes [B8, F9, BE, C1, 75, 00, 00, ...] .text C:\Program Files\Elantech\ETDCtrl.exe[4568] C:\Windows\system32\KERNELBASE.dll!OpenMutexW + 1 000007fefd4529c1 11 bytes [B8, B9, 49, C1, 75, 00, 00, ...] .text C:\Program Files\Elantech\ETDCtrl.exe[4568] C:\Windows\system32\KERNELBASE.dll!WriteProcessMemory 000007fefd474320 12 bytes [48, B8, 79, 3D, C1, 75, 00, ...] .text C:\Program Files\Elantech\ETDCtrl.exe[4568] C:\Windows\system32\KERNELBASE.dll!CreateRemoteThread + 1 000007fefd482841 8 bytes [B8, 39, 23, C1, 75, 00, 00, ...] .text C:\Program Files\Elantech\ETDCtrl.exe[4568] C:\Windows\system32\KERNELBASE.dll!CreateRemoteThread + 10 000007fefd48284a 2 bytes [50, C3] .text C:\Program Files\Elantech\ETDCtrl.exe[4568] C:\Windows\system32\KERNELBASE.dll!CreateThread + 1 000007fefd482881 11 bytes [B8, B9, 3B, C1, 75, 00, 00, ...] .text C:\Program Files\Elantech\ETDCtrl.exe[4568] C:\Windows\SYSTEM32\sechost.dll!ControlService + 1 000007fefd77642d 11 bytes [B8, F9, 55, C1, 75, 00, 00, ...] .text C:\Program Files\Elantech\ETDCtrl.exe[4568] C:\Windows\SYSTEM32\sechost.dll!OpenServiceW 000007fefd776484 12 bytes [48, B8, B9, 50, C1, 75, 00, ...] .text C:\Program Files\Elantech\ETDCtrl.exe[4568] C:\Windows\SYSTEM32\sechost.dll!CloseServiceHandle + 1 000007fefd776519 11 bytes [B8, F9, 5C, C1, 75, 00, 00, ...] .text C:\Program Files\Elantech\ETDCtrl.exe[4568] C:\Windows\SYSTEM32\sechost.dll!OpenServiceA 000007fefd776c34 12 bytes [48, B8, F9, 4E, C1, 75, 00, ...] .text C:\Program Files\Elantech\ETDCtrl.exe[4568] C:\Windows\SYSTEM32\sechost.dll!DeleteService + 1 000007fefd777ab5 11 bytes [B8, B9, 57, C1, 75, 00, 00, ...] .text C:\Program Files\Elantech\ETDCtrl.exe[4568] C:\Windows\SYSTEM32\sechost.dll!ControlServiceExA + 1 000007fefd778b01 11 bytes [B8, 79, 52, C1, 75, 00, 00, ...] .text C:\Program Files\Elantech\ETDCtrl.exe[4568] C:\Windows\SYSTEM32\sechost.dll!ControlServiceExW + 1 000007fefd778c39 11 bytes [B8, 39, 54, C1, 75, 00, 00, ...] .text C:\Program Files\Elantech\ETDCtrl.exe[4568] C:\Windows\system32\urlmon.dll!URLDownloadToFileW + 1 000007fefe9e9959 11 bytes [B8, B9, 5E, C1, 75, 00, 00, ...] .text C:\Program Files\Elantech\ETDCtrl.exe[4568] C:\Windows\system32\urlmon.dll!URLDownloadToCacheFileW 000007fefe9e9a38 12 bytes [48, B8, 79, 60, C1, 75, 00, ...] .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[4804] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateProcessParametersEx + 1 00000000771c92a1 5 bytes [B8, F9, 63, C1, 75] .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[4804] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateProcessParametersEx + 7 00000000771c92a7 5 bytes [00, 00, 00, 50, C3] .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[4804] C:\Windows\SYSTEM32\ntdll.dll!NtWriteFile 00000000771e1390 6 bytes [48, B8, 79, EC, C1, 75] .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[4804] C:\Windows\SYSTEM32\ntdll.dll!NtWriteFile + 8 00000000771e1398 4 bytes [00, 00, 50, C3] .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[4804] C:\Windows\SYSTEM32\ntdll.dll!NtClose 00000000771e1400 6 bytes [48, B8, 79, D0, C1, 75] .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[4804] C:\Windows\SYSTEM32\ntdll.dll!NtClose + 8 00000000771e1408 4 bytes [00, 00, 50, C3] .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[4804] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess 00000000771e14d0 6 bytes [48, B8, 39, BD, C1, 75] .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[4804] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess + 8 00000000771e14d8 4 bytes [00, 00, 50, C3] .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[4804] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000771e1570 6 bytes [48, B8, F9, 32, C1, 75] .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[4804] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess + 8 00000000771e1578 4 bytes [00, 00, 50, C3] .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[4804] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 00000000771e1590 6 bytes [48, B8, 39, 1C, C1, 75] .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[4804] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection + 8 00000000771e1598 4 bytes [00, 00, 50, C3] .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[4804] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection 00000000771e15b0 6 bytes [48, B8, F9, 1D, C1, 75] .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[4804] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection + 8 00000000771e15b8 4 bytes [00, 00, 50, C3] .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[4804] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000771e15d0 6 bytes [48, B8, 79, BB, C1, 75] .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[4804] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess + 8 00000000771e15d8 4 bytes [00, 00, 50, C3] .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[4804] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000771e1680 6 bytes [48, B8, F9, E8, C1, 75] .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[4804] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection + 8 00000000771e1688 4 bytes [00, 00, 50, C3] .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[4804] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000771e16b0 6 bytes [48, B8, 79, 2F, C1, 75] .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[4804] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory + 8 00000000771e16b8 4 bytes [00, 00, 50, C3] .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[4804] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000771e16d0 6 bytes [48, B8, 79, 36, C1, 75] .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[4804] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject + 8 00000000771e16d8 4 bytes [00, 00, 50, C3] .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[4804] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 00000000771e1760 6 bytes [48, B8, B9, 34, C1, 75] .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[4804] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread + 8 00000000771e1768 4 bytes [00, 00, 50, C3] .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[4804] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000771e17b0 6 bytes [48, B8, 39, EE, C1, 75] .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[4804] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection + 8 00000000771e17b8 4 bytes [00, 00, 50, C3] .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[4804] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcessEx 00000000771e17e0 6 bytes [48, B8, 39, 2A, C1, 75] .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[4804] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcessEx + 8 00000000771e17e8 4 bytes [00, 00, 50, C3] .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[4804] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000771e17f0 6 bytes [48, B8, B9, 26, C1, 75] .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[4804] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread + 8 00000000771e17f8 4 bytes [00, 00, 50, C3] .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[4804] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 00000000771e1860 6 bytes [48, B8, B9, EA, C1, 75] .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[4804] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile + 8 00000000771e1868 4 bytes [00, 00, 50, C3] .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[4804] C:\Windows\SYSTEM32\ntdll.dll!NtSetValueKey 00000000771e1910 6 bytes [48, B8, B9, F1, C1, 75] .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[4804] C:\Windows\SYSTEM32\ntdll.dll!NtSetValueKey + 8 00000000771e1918 4 bytes [00, 00, 50, C3] .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[4804] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000771e1ce0 6 bytes [48, B8, 39, E7, C1, 75] .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[4804] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant + 8 00000000771e1ce8 4 bytes [00, 00, 50, C3] .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[4804] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcess 00000000771e1d30 6 bytes [48, B8, 79, 28, C1, 75] .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[4804] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcess + 8 00000000771e1d38 4 bytes [00, 00, 50, C3] .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[4804] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000771e1d90 6 bytes [48, B8, F9, 24, C1, 75] .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[4804] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx + 8 00000000771e1d98 4 bytes [00, 00, 50, C3] .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[4804] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000771e2100 6 bytes [48, B8, 39, D2, C1, 75] .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[4804] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver + 8 00000000771e2108 4 bytes [00, 00, 50, C3] .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[4804] C:\Windows\SYSTEM32\ntdll.dll!NtRaiseHardError 00000000771e2640 6 bytes [48, B8, 39, 7E, C1, 75] .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[4804] C:\Windows\SYSTEM32\ntdll.dll!NtRaiseHardError + 8 00000000771e2648 4 bytes [00, 00, 50, C3] .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[4804] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000771e2840 6 bytes [48, B8, 39, 31, C1, 75] .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[4804] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread + 8 00000000771e2848 4 bytes [00, 00, 50, C3] .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[4804] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000771e2a00 6 bytes [48, B8, F9, D3, C1, 75] .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[4804] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation + 8 00000000771e2a08 4 bytes [00, 00, 50, C3] .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[4804] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000771e2b00 6 bytes [48, B8, F9, EF, C1, 75] .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[4804] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl + 8 00000000771e2b08 4 bytes [00, 00, 50, C3] .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[4804] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000771e2be0 6 bytes [48, B8, F9, E1, C1, 75] .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[4804] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl + 8 00000000771e2be8 4 bytes [00, 00, 50, C3] .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[4804] C:\Windows\SYSTEM32\ntdll.dll!RtlReportException + 1 00000000772531f1 11 bytes [B8, F9, 7F, C1, 75, 00, 00, ...] .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[4804] C:\Windows\system32\kernel32.dll!Process32NextW + 1 00000000770720f1 11 bytes [B8, B9, CE, C1, 75, 00, 00, ...] .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[4804] C:\Windows\system32\kernel32.dll!CreateToolhelp32Snapshot 00000000770721e0 12 bytes [48, B8, F9, 39, C1, 75, 00, ...] .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[4804] C:\Windows\system32\kernel32.dll!CreateProcessInternalW 000000007708e750 12 bytes [48, B8, B9, 2D, C1, 75, 00, ...] .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[4804] C:\Windows\system32\kernel32.dll!GetStartupInfoA + 1 0000000077091e31 11 bytes [B8, 39, E0, C1, 75, 00, 00, ...] .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[4804] C:\Windows\system32\kernel32.dll!ReadConsoleInputW + 1 00000000770c5011 11 bytes [B8, 79, 75, C1, 75, 00, 00, ...] .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[4804] C:\Windows\system32\kernel32.dll!ReadConsoleInputA + 1 00000000770c5031 11 bytes [B8, F9, 71, C1, 75, 00, 00, ...] .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[4804] C:\Windows\system32\kernel32.dll!ReadConsoleW 00000000770da560 12 bytes [48, B8, 79, 7C, C1, 75, 00, ...] .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[4804] C:\Windows\system32\kernel32.dll!ReadConsoleA 00000000770da670 12 bytes [48, B8, F9, 78, C1, 75, 00, ...] .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[4804] C:\Windows\system32\KERNELBASE.dll!CloseHandle + 1 000007fefd441861 11 bytes [B8, 39, 4D, C1, 75, 00, 00, ...] .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[4804] C:\Windows\system32\KERNELBASE.dll!GetProcAddress + 1 000007fefd4430f1 11 bytes [B8, 39, C4, C1, 75, 00, 00, ...] .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[4804] C:\Windows\system32\KERNELBASE.dll!CreateMutexW 000007fefd448b80 12 bytes [48, B8, 79, 4B, C1, 75, 00, ...] .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[4804] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd449940 12 bytes [48, B8, B9, C0, C1, 75, 00, ...] .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[4804] C:\Windows\system32\KERNELBASE.dll!FreeLibrary + 1 000007fefd449fb1 11 bytes [B8, 79, C2, C1, 75, 00, 00, ...] .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[4804] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExA + 1 000007fefd44bbb1 11 bytes [B8, F9, BE, C1, 75, 00, 00, ...] .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[4804] C:\Windows\system32\KERNELBASE.dll!OpenMutexW + 1 000007fefd4529c1 11 bytes [B8, B9, 49, C1, 75, 00, 00, ...] .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[4804] C:\Windows\system32\KERNELBASE.dll!WriteProcessMemory 000007fefd474320 12 bytes [48, B8, 79, 3D, C1, 75, 00, ...] .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[4804] C:\Windows\system32\KERNELBASE.dll!CreateRemoteThread + 1 000007fefd482841 8 bytes [B8, 39, 23, C1, 75, 00, 00, ...] .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[4804] C:\Windows\system32\KERNELBASE.dll!CreateRemoteThread + 10 000007fefd48284a 2 bytes [50, C3] .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[4804] C:\Windows\system32\KERNELBASE.dll!CreateThread + 1 000007fefd482881 11 bytes [B8, B9, 3B, C1, 75, 00, 00, ...] .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[4804] C:\Windows\SYSTEM32\sechost.dll!ControlService + 1 000007fefd77642d 11 bytes [B8, F9, 55, C1, 75, 00, 00, ...] .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[4804] C:\Windows\SYSTEM32\sechost.dll!OpenServiceW 000007fefd776484 12 bytes [48, B8, B9, 50, C1, 75, 00, ...] .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[4804] C:\Windows\SYSTEM32\sechost.dll!CloseServiceHandle + 1 000007fefd776519 11 bytes [B8, F9, 5C, C1, 75, 00, 00, ...] .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[4804] C:\Windows\SYSTEM32\sechost.dll!OpenServiceA 000007fefd776c34 12 bytes [48, B8, F9, 4E, C1, 75, 00, ...] .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[4804] C:\Windows\SYSTEM32\sechost.dll!DeleteService + 1 000007fefd777ab5 11 bytes [B8, B9, 57, C1, 75, 00, 00, ...] .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[4804] C:\Windows\SYSTEM32\sechost.dll!ControlServiceExA + 1 000007fefd778b01 11 bytes [B8, 79, 52, C1, 75, 00, 00, ...] .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[4804] C:\Windows\SYSTEM32\sechost.dll!ControlServiceExW + 1 000007fefd778c39 11 bytes [B8, 39, 54, C1, 75, 00, 00, ...] .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[4804] C:\Windows\system32\OPENGL32.dll!wglMakeCurrent 000007feef8654b0 12 bytes [48, B8, B9, 96, C1, 75, 00, ...] .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[5088] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateProcessParametersEx + 1 00000000771c92a1 5 bytes [B8, F9, 63, C1, 75] .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[5088] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateProcessParametersEx + 7 00000000771c92a7 5 bytes [00, 00, 00, 50, C3] .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[5088] C:\Windows\SYSTEM32\ntdll.dll!NtWriteFile 00000000771e1390 6 bytes [48, B8, 79, EC, C1, 75] .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[5088] C:\Windows\SYSTEM32\ntdll.dll!NtWriteFile + 8 00000000771e1398 4 bytes [00, 00, 50, C3] .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[5088] C:\Windows\SYSTEM32\ntdll.dll!NtClose 00000000771e1400 6 bytes [48, B8, 79, D0, C1, 75] .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[5088] C:\Windows\SYSTEM32\ntdll.dll!NtClose + 8 00000000771e1408 4 bytes [00, 00, 50, C3] .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[5088] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess 00000000771e14d0 6 bytes [48, B8, 39, BD, C1, 75] .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[5088] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess + 8 00000000771e14d8 4 bytes [00, 00, 50, C3] .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[5088] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000771e1570 6 bytes [48, B8, F9, 32, C1, 75] .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[5088] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess + 8 00000000771e1578 4 bytes [00, 00, 50, C3] .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[5088] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 00000000771e1590 6 bytes [48, B8, 39, 1C, C1, 75] .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[5088] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection + 8 00000000771e1598 4 bytes [00, 00, 50, C3] .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[5088] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection 00000000771e15b0 6 bytes [48, B8, F9, 1D, C1, 75] .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[5088] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection + 8 00000000771e15b8 4 bytes [00, 00, 50, C3] .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[5088] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000771e15d0 6 bytes [48, B8, 79, BB, C1, 75] .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[5088] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess + 8 00000000771e15d8 4 bytes [00, 00, 50, C3] .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[5088] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000771e1680 6 bytes [48, B8, F9, E8, C1, 75] .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[5088] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection + 8 00000000771e1688 4 bytes [00, 00, 50, C3] .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[5088] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000771e16b0 6 bytes [48, B8, 79, 2F, C1, 75] .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[5088] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory + 8 00000000771e16b8 4 bytes [00, 00, 50, C3] .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[5088] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000771e16d0 6 bytes [48, B8, 79, 36, C1, 75] .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[5088] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject + 8 00000000771e16d8 4 bytes [00, 00, 50, C3] .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[5088] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 00000000771e1760 6 bytes [48, B8, B9, 34, C1, 75] .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[5088] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread + 8 00000000771e1768 4 bytes [00, 00, 50, C3] .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[5088] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000771e17b0 6 bytes [48, B8, 39, EE, C1, 75] .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[5088] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection + 8 00000000771e17b8 4 bytes [00, 00, 50, C3] .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[5088] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcessEx 00000000771e17e0 6 bytes [48, B8, 39, 2A, C1, 75] .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[5088] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcessEx + 8 00000000771e17e8 4 bytes [00, 00, 50, C3] .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[5088] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000771e17f0 6 bytes [48, B8, B9, 26, C1, 75] .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[5088] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread + 8 00000000771e17f8 4 bytes [00, 00, 50, C3] .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[5088] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 00000000771e1860 6 bytes [48, B8, B9, EA, C1, 75] .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[5088] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile + 8 00000000771e1868 4 bytes [00, 00, 50, C3] .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[5088] C:\Windows\SYSTEM32\ntdll.dll!NtSetValueKey 00000000771e1910 6 bytes [48, B8, B9, F1, C1, 75] .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[5088] C:\Windows\SYSTEM32\ntdll.dll!NtSetValueKey + 8 00000000771e1918 4 bytes [00, 00, 50, C3] .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[5088] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000771e1ce0 6 bytes [48, B8, 39, E7, C1, 75] .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[5088] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant + 8 00000000771e1ce8 4 bytes [00, 00, 50, C3] .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[5088] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcess 00000000771e1d30 6 bytes [48, B8, 79, 28, C1, 75] .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[5088] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcess + 8 00000000771e1d38 4 bytes [00, 00, 50, C3] .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[5088] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000771e1d90 6 bytes [48, B8, F9, 24, C1, 75] .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[5088] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx + 8 00000000771e1d98 4 bytes [00, 00, 50, C3] .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[5088] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000771e2100 6 bytes [48, B8, 39, D2, C1, 75] .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[5088] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver + 8 00000000771e2108 4 bytes [00, 00, 50, C3] .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[5088] C:\Windows\SYSTEM32\ntdll.dll!NtRaiseHardError 00000000771e2640 6 bytes [48, B8, 39, 7E, C1, 75] .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[5088] C:\Windows\SYSTEM32\ntdll.dll!NtRaiseHardError + 8 00000000771e2648 4 bytes [00, 00, 50, C3] .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[5088] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000771e2840 6 bytes [48, B8, 39, 31, C1, 75] .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[5088] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread + 8 00000000771e2848 4 bytes [00, 00, 50, C3] .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[5088] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000771e2a00 6 bytes [48, B8, F9, D3, C1, 75] .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[5088] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation + 8 00000000771e2a08 4 bytes [00, 00, 50, C3] .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[5088] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000771e2b00 6 bytes [48, B8, F9, EF, C1, 75] .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[5088] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl + 8 00000000771e2b08 4 bytes [00, 00, 50, C3] .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[5088] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000771e2be0 6 bytes [48, B8, F9, E1, C1, 75] .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[5088] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl + 8 00000000771e2be8 4 bytes [00, 00, 50, C3] .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[5088] C:\Windows\SYSTEM32\ntdll.dll!RtlReportException + 1 00000000772531f1 11 bytes [B8, F9, 7F, C1, 75, 00, 00, ...] .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[5088] C:\Windows\system32\kernel32.dll!Process32NextW + 1 00000000770720f1 11 bytes [B8, B9, CE, C1, 75, 00, 00, ...] .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[5088] C:\Windows\system32\kernel32.dll!CreateToolhelp32Snapshot 00000000770721e0 12 bytes [48, B8, F9, 39, C1, 75, 00, ...] .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[5088] C:\Windows\system32\kernel32.dll!CreateProcessInternalW 000000007708e750 12 bytes [48, B8, B9, 2D, C1, 75, 00, ...] .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[5088] C:\Windows\system32\kernel32.dll!GetStartupInfoA + 1 0000000077091e31 11 bytes [B8, 39, E0, C1, 75, 00, 00, ...] .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[5088] C:\Windows\system32\kernel32.dll!ReadConsoleInputW + 1 00000000770c5011 11 bytes [B8, 79, 75, C1, 75, 00, 00, ...] .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[5088] C:\Windows\system32\kernel32.dll!ReadConsoleInputA + 1 00000000770c5031 11 bytes [B8, F9, 71, C1, 75, 00, 00, ...] .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[5088] C:\Windows\system32\kernel32.dll!ReadConsoleW 00000000770da560 12 bytes [48, B8, 79, 7C, C1, 75, 00, ...] .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[5088] C:\Windows\system32\kernel32.dll!ReadConsoleA 00000000770da670 12 bytes [48, B8, F9, 78, C1, 75, 00, ...] .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[5088] C:\Windows\system32\KERNELBASE.dll!CloseHandle + 1 000007fefd441861 11 bytes [B8, 39, 4D, C1, 75, 00, 00, ...] .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[5088] C:\Windows\system32\KERNELBASE.dll!GetProcAddress + 1 000007fefd4430f1 11 bytes [B8, 39, C4, C1, 75, 00, 00, ...] .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[5088] C:\Windows\system32\KERNELBASE.dll!CreateMutexW 000007fefd448b80 12 bytes [48, B8, 79, 4B, C1, 75, 00, ...] .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[5088] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd449940 12 bytes [48, B8, B9, C0, C1, 75, 00, ...] .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[5088] C:\Windows\system32\KERNELBASE.dll!FreeLibrary + 1 000007fefd449fb1 11 bytes [B8, 79, C2, C1, 75, 00, 00, ...] .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[5088] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExA + 1 000007fefd44bbb1 11 bytes [B8, F9, BE, C1, 75, 00, 00, ...] .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[5088] C:\Windows\system32\KERNELBASE.dll!OpenMutexW + 1 000007fefd4529c1 11 bytes [B8, B9, 49, C1, 75, 00, 00, ...] .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[5088] C:\Windows\system32\KERNELBASE.dll!WriteProcessMemory 000007fefd474320 12 bytes [48, B8, 79, 3D, C1, 75, 00, ...] .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[5088] C:\Windows\system32\KERNELBASE.dll!CreateRemoteThread + 1 000007fefd482841 8 bytes [B8, 39, 23, C1, 75, 00, 00, ...] .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[5088] C:\Windows\system32\KERNELBASE.dll!CreateRemoteThread + 10 000007fefd48284a 2 bytes [50, C3] .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[5088] C:\Windows\system32\KERNELBASE.dll!CreateThread + 1 000007fefd482881 11 bytes [B8, B9, 3B, C1, 75, 00, 00, ...] .text C:\Program Files\WapSter\WapSter AQQ\AQQ.exe[4588] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateProcessParametersEx + 1 00000000771c92a1 5 bytes [B8, F9, 63, C1, 75] .text C:\Program Files\WapSter\WapSter AQQ\AQQ.exe[4588] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateProcessParametersEx + 7 00000000771c92a7 5 bytes [00, 00, 00, 50, C3] .text C:\Program Files\WapSter\WapSter AQQ\AQQ.exe[4588] C:\Windows\SYSTEM32\ntdll.dll!NtWriteFile 00000000771e1390 6 bytes [48, B8, 79, EC, C1, 75] .text C:\Program Files\WapSter\WapSter AQQ\AQQ.exe[4588] C:\Windows\SYSTEM32\ntdll.dll!NtWriteFile + 8 00000000771e1398 4 bytes [00, 00, 50, C3] .text C:\Program Files\WapSter\WapSter AQQ\AQQ.exe[4588] C:\Windows\SYSTEM32\ntdll.dll!NtClose 00000000771e1400 6 bytes [48, B8, 79, D0, C1, 75] .text C:\Program Files\WapSter\WapSter AQQ\AQQ.exe[4588] C:\Windows\SYSTEM32\ntdll.dll!NtClose + 8 00000000771e1408 4 bytes [00, 00, 50, C3] .text C:\Program Files\WapSter\WapSter AQQ\AQQ.exe[4588] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess 00000000771e14d0 6 bytes [48, B8, 39, BD, C1, 75] .text C:\Program Files\WapSter\WapSter AQQ\AQQ.exe[4588] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess + 8 00000000771e14d8 4 bytes [00, 00, 50, C3] .text C:\Program Files\WapSter\WapSter AQQ\AQQ.exe[4588] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000771e1570 6 bytes [48, B8, F9, 32, C1, 75] .text C:\Program Files\WapSter\WapSter AQQ\AQQ.exe[4588] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess + 8 00000000771e1578 4 bytes [00, 00, 50, C3] .text C:\Program Files\WapSter\WapSter AQQ\AQQ.exe[4588] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 00000000771e1590 6 bytes [48, B8, 39, 1C, C1, 75] .text C:\Program Files\WapSter\WapSter AQQ\AQQ.exe[4588] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection + 8 00000000771e1598 4 bytes [00, 00, 50, C3] .text C:\Program Files\WapSter\WapSter AQQ\AQQ.exe[4588] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection 00000000771e15b0 6 bytes [48, B8, F9, 1D, C1, 75] .text C:\Program Files\WapSter\WapSter AQQ\AQQ.exe[4588] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection + 8 00000000771e15b8 4 bytes [00, 00, 50, C3] .text C:\Program Files\WapSter\WapSter AQQ\AQQ.exe[4588] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000771e15d0 6 bytes [48, B8, 79, BB, C1, 75] .text C:\Program Files\WapSter\WapSter AQQ\AQQ.exe[4588] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess + 8 00000000771e15d8 4 bytes [00, 00, 50, C3] .text C:\Program Files\WapSter\WapSter AQQ\AQQ.exe[4588] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000771e1680 6 bytes [48, B8, F9, E8, C1, 75] .text C:\Program Files\WapSter\WapSter AQQ\AQQ.exe[4588] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection + 8 00000000771e1688 4 bytes [00, 00, 50, C3] .text C:\Program Files\WapSter\WapSter AQQ\AQQ.exe[4588] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000771e16b0 6 bytes [48, B8, 79, 2F, C1, 75] .text C:\Program Files\WapSter\WapSter AQQ\AQQ.exe[4588] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory + 8 00000000771e16b8 4 bytes [00, 00, 50, C3] .text C:\Program Files\WapSter\WapSter AQQ\AQQ.exe[4588] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000771e16d0 6 bytes [48, B8, 79, 36, C1, 75] .text C:\Program Files\WapSter\WapSter AQQ\AQQ.exe[4588] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject + 8 00000000771e16d8 4 bytes [00, 00, 50, C3] .text C:\Program Files\WapSter\WapSter AQQ\AQQ.exe[4588] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 00000000771e1760 6 bytes [48, B8, B9, 34, C1, 75] .text C:\Program Files\WapSter\WapSter AQQ\AQQ.exe[4588] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread + 8 00000000771e1768 4 bytes [00, 00, 50, C3] .text C:\Program Files\WapSter\WapSter AQQ\AQQ.exe[4588] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000771e17b0 6 bytes [48, B8, 39, EE, C1, 75] .text C:\Program Files\WapSter\WapSter AQQ\AQQ.exe[4588] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection + 8 00000000771e17b8 4 bytes [00, 00, 50, C3] .text C:\Program Files\WapSter\WapSter AQQ\AQQ.exe[4588] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcessEx 00000000771e17e0 6 bytes [48, B8, 39, 2A, C1, 75] .text C:\Program Files\WapSter\WapSter AQQ\AQQ.exe[4588] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcessEx + 8 00000000771e17e8 4 bytes [00, 00, 50, C3] .text C:\Program Files\WapSter\WapSter AQQ\AQQ.exe[4588] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000771e17f0 6 bytes [48, B8, B9, 26, C1, 75] .text C:\Program Files\WapSter\WapSter AQQ\AQQ.exe[4588] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread + 8 00000000771e17f8 4 bytes [00, 00, 50, C3] .text C:\Program Files\WapSter\WapSter AQQ\AQQ.exe[4588] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 00000000771e1860 6 bytes [48, B8, B9, EA, C1, 75] .text C:\Program Files\WapSter\WapSter AQQ\AQQ.exe[4588] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile + 8 00000000771e1868 4 bytes [00, 00, 50, C3] .text C:\Program Files\WapSter\WapSter AQQ\AQQ.exe[4588] C:\Windows\SYSTEM32\ntdll.dll!NtSetValueKey 00000000771e1910 6 bytes [48, B8, B9, F1, C1, 75] .text C:\Program Files\WapSter\WapSter AQQ\AQQ.exe[4588] C:\Windows\SYSTEM32\ntdll.dll!NtSetValueKey + 8 00000000771e1918 4 bytes [00, 00, 50, C3] .text C:\Program Files\WapSter\WapSter AQQ\AQQ.exe[4588] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000771e1ce0 6 bytes [48, B8, 39, E7, C1, 75] .text C:\Program Files\WapSter\WapSter AQQ\AQQ.exe[4588] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant + 8 00000000771e1ce8 4 bytes [00, 00, 50, C3] .text C:\Program Files\WapSter\WapSter AQQ\AQQ.exe[4588] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcess 00000000771e1d30 6 bytes [48, B8, 79, 28, C1, 75] .text C:\Program Files\WapSter\WapSter AQQ\AQQ.exe[4588] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcess + 8 00000000771e1d38 4 bytes [00, 00, 50, C3] .text C:\Program Files\WapSter\WapSter AQQ\AQQ.exe[4588] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000771e1d90 6 bytes [48, B8, F9, 24, C1, 75] .text C:\Program Files\WapSter\WapSter AQQ\AQQ.exe[4588] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx + 8 00000000771e1d98 4 bytes [00, 00, 50, C3] .text C:\Program Files\WapSter\WapSter AQQ\AQQ.exe[4588] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000771e2100 6 bytes [48, B8, 39, D2, C1, 75] .text C:\Program Files\WapSter\WapSter AQQ\AQQ.exe[4588] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver + 8 00000000771e2108 4 bytes [00, 00, 50, C3] .text C:\Program Files\WapSter\WapSter AQQ\AQQ.exe[4588] C:\Windows\SYSTEM32\ntdll.dll!NtRaiseHardError 00000000771e2640 6 bytes [48, B8, 39, 7E, C1, 75] .text C:\Program Files\WapSter\WapSter AQQ\AQQ.exe[4588] C:\Windows\SYSTEM32\ntdll.dll!NtRaiseHardError + 8 00000000771e2648 4 bytes [00, 00, 50, C3] .text C:\Program Files\WapSter\WapSter AQQ\AQQ.exe[4588] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000771e2840 6 bytes [48, B8, 39, 31, C1, 75] .text C:\Program Files\WapSter\WapSter AQQ\AQQ.exe[4588] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread + 8 00000000771e2848 4 bytes [00, 00, 50, C3] .text C:\Program Files\WapSter\WapSter AQQ\AQQ.exe[4588] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000771e2a00 6 bytes [48, B8, F9, D3, C1, 75] .text C:\Program Files\WapSter\WapSter AQQ\AQQ.exe[4588] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation + 8 00000000771e2a08 4 bytes [00, 00, 50, C3] .text C:\Program Files\WapSter\WapSter AQQ\AQQ.exe[4588] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000771e2b00 6 bytes [48, B8, F9, EF, C1, 75] .text C:\Program Files\WapSter\WapSter AQQ\AQQ.exe[4588] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl + 8 00000000771e2b08 4 bytes [00, 00, 50, C3] .text C:\Program Files\WapSter\WapSter AQQ\AQQ.exe[4588] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000771e2be0 6 bytes [48, B8, F9, E1, C1, 75] .text C:\Program Files\WapSter\WapSter AQQ\AQQ.exe[4588] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl + 8 00000000771e2be8 4 bytes [00, 00, 50, C3] .text C:\Program Files\WapSter\WapSter AQQ\AQQ.exe[4588] C:\Windows\SYSTEM32\ntdll.dll!RtlReportException + 1 00000000772531f1 11 bytes [B8, F9, 7F, C1, 75, 00, 00, ...] .text C:\Program Files\WapSter\WapSter AQQ\AQQ.exe[4588] C:\Windows\system32\kernel32.dll!Process32NextW + 1 00000000770720f1 11 bytes [B8, B9, CE, C1, 75, 00, 00, ...] .text C:\Program Files\WapSter\WapSter AQQ\AQQ.exe[4588] C:\Windows\system32\kernel32.dll!CreateToolhelp32Snapshot 00000000770721e0 12 bytes [48, B8, F9, 39, C1, 75, 00, ...] .text C:\Program Files\WapSter\WapSter AQQ\AQQ.exe[4588] C:\Windows\system32\kernel32.dll!CreateProcessInternalW 000000007708e750 12 bytes [48, B8, B9, 2D, C1, 75, 00, ...] .text C:\Program Files\WapSter\WapSter AQQ\AQQ.exe[4588] C:\Windows\system32\kernel32.dll!GetStartupInfoA + 1 0000000077091e31 11 bytes [B8, 39, E0, C1, 75, 00, 00, ...] .text C:\Program Files\WapSter\WapSter AQQ\AQQ.exe[4588] C:\Windows\system32\kernel32.dll!ReadConsoleInputW + 1 00000000770c5011 11 bytes [B8, 79, 75, C1, 75, 00, 00, ...] .text C:\Program Files\WapSter\WapSter AQQ\AQQ.exe[4588] C:\Windows\system32\kernel32.dll!ReadConsoleInputA + 1 00000000770c5031 11 bytes [B8, F9, 71, C1, 75, 00, 00, ...] .text C:\Program Files\WapSter\WapSter AQQ\AQQ.exe[4588] C:\Windows\system32\kernel32.dll!ReadConsoleW 00000000770da560 12 bytes [48, B8, 79, 7C, C1, 75, 00, ...] .text C:\Program Files\WapSter\WapSter AQQ\AQQ.exe[4588] C:\Windows\system32\kernel32.dll!ReadConsoleA 00000000770da670 12 bytes [48, B8, F9, 78, C1, 75, 00, ...] .text C:\Program Files\WapSter\WapSter AQQ\AQQ.exe[4588] C:\Windows\system32\KERNELBASE.dll!CloseHandle + 1 000007fefd441861 11 bytes [B8, 39, 4D, C1, 75, 00, 00, ...] .text C:\Program Files\WapSter\WapSter AQQ\AQQ.exe[4588] C:\Windows\system32\KERNELBASE.dll!GetProcAddress + 1 000007fefd4430f1 11 bytes [B8, 39, C4, C1, 75, 00, 00, ...] .text C:\Program Files\WapSter\WapSter AQQ\AQQ.exe[4588] C:\Windows\system32\KERNELBASE.dll!CreateMutexW 000007fefd448b80 12 bytes [48, B8, 79, 4B, C1, 75, 00, ...] .text C:\Program Files\WapSter\WapSter AQQ\AQQ.exe[4588] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd449940 12 bytes [48, B8, B9, C0, C1, 75, 00, ...] .text C:\Program Files\WapSter\WapSter AQQ\AQQ.exe[4588] C:\Windows\system32\KERNELBASE.dll!FreeLibrary + 1 000007fefd449fb1 11 bytes [B8, 79, C2, C1, 75, 00, 00, ...] .text C:\Program Files\WapSter\WapSter AQQ\AQQ.exe[4588] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExA + 1 000007fefd44bbb1 11 bytes [B8, F9, BE, C1, 75, 00, 00, ...] .text C:\Program Files\WapSter\WapSter AQQ\AQQ.exe[4588] C:\Windows\system32\KERNELBASE.dll!OpenMutexW + 1 000007fefd4529c1 11 bytes [B8, B9, 49, C1, 75, 00, 00, ...] .text C:\Program Files\WapSter\WapSter AQQ\AQQ.exe[4588] C:\Windows\system32\KERNELBASE.dll!WriteProcessMemory 000007fefd474320 12 bytes [48, B8, 79, 3D, C1, 75, 00, ...] .text C:\Program Files\WapSter\WapSter AQQ\AQQ.exe[4588] C:\Windows\system32\KERNELBASE.dll!CreateRemoteThread + 1 000007fefd482841 8 bytes [B8, 39, 23, C1, 75, 00, 00, ...] .text C:\Program Files\WapSter\WapSter AQQ\AQQ.exe[4588] C:\Windows\system32\KERNELBASE.dll!CreateRemoteThread + 10 000007fefd48284a 2 bytes [50, C3] .text C:\Program Files\WapSter\WapSter AQQ\AQQ.exe[4588] C:\Windows\system32\KERNELBASE.dll!CreateThread + 1 000007fefd482881 11 bytes [B8, B9, 3B, C1, 75, 00, 00, ...] .text C:\Windows\system32\taskeng.exe[4280] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateProcessParametersEx + 1 00000000771c92a1 5 bytes [B8, F9, 63, C1, 75] .text C:\Windows\system32\taskeng.exe[4280] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateProcessParametersEx + 7 00000000771c92a7 5 bytes [00, 00, 00, 50, C3] .text C:\Windows\system32\taskeng.exe[4280] C:\Windows\SYSTEM32\ntdll.dll!NtWriteFile 00000000771e1390 6 bytes [48, B8, 79, EC, C1, 75] .text C:\Windows\system32\taskeng.exe[4280] C:\Windows\SYSTEM32\ntdll.dll!NtWriteFile + 8 00000000771e1398 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\taskeng.exe[4280] C:\Windows\SYSTEM32\ntdll.dll!NtClose 00000000771e1400 6 bytes [48, B8, 79, D0, C1, 75] .text C:\Windows\system32\taskeng.exe[4280] C:\Windows\SYSTEM32\ntdll.dll!NtClose + 8 00000000771e1408 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\taskeng.exe[4280] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess 00000000771e14d0 6 bytes [48, B8, 39, BD, C1, 75] .text C:\Windows\system32\taskeng.exe[4280] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess + 8 00000000771e14d8 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\taskeng.exe[4280] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000771e1570 6 bytes [48, B8, F9, 32, C1, 75] .text C:\Windows\system32\taskeng.exe[4280] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess + 8 00000000771e1578 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\taskeng.exe[4280] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 00000000771e1590 6 bytes [48, B8, 39, 1C, C1, 75] .text C:\Windows\system32\taskeng.exe[4280] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection + 8 00000000771e1598 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\taskeng.exe[4280] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection 00000000771e15b0 6 bytes [48, B8, F9, 1D, C1, 75] .text C:\Windows\system32\taskeng.exe[4280] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection + 8 00000000771e15b8 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\taskeng.exe[4280] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000771e15d0 6 bytes [48, B8, 79, BB, C1, 75] .text C:\Windows\system32\taskeng.exe[4280] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess + 8 00000000771e15d8 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\taskeng.exe[4280] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000771e1680 6 bytes [48, B8, F9, E8, C1, 75] .text C:\Windows\system32\taskeng.exe[4280] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection + 8 00000000771e1688 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\taskeng.exe[4280] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000771e16b0 6 bytes [48, B8, 79, 2F, C1, 75] .text C:\Windows\system32\taskeng.exe[4280] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory + 8 00000000771e16b8 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\taskeng.exe[4280] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000771e16d0 6 bytes [48, B8, 79, 36, C1, 75] .text C:\Windows\system32\taskeng.exe[4280] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject + 8 00000000771e16d8 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\taskeng.exe[4280] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 00000000771e1760 6 bytes [48, B8, B9, 34, C1, 75] .text C:\Windows\system32\taskeng.exe[4280] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread + 8 00000000771e1768 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\taskeng.exe[4280] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000771e17b0 6 bytes [48, B8, 39, EE, C1, 75] .text C:\Windows\system32\taskeng.exe[4280] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection + 8 00000000771e17b8 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\taskeng.exe[4280] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcessEx 00000000771e17e0 6 bytes [48, B8, 39, 2A, C1, 75] .text C:\Windows\system32\taskeng.exe[4280] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcessEx + 8 00000000771e17e8 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\taskeng.exe[4280] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000771e17f0 6 bytes [48, B8, B9, 26, C1, 75] .text C:\Windows\system32\taskeng.exe[4280] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread + 8 00000000771e17f8 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\taskeng.exe[4280] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 00000000771e1860 6 bytes [48, B8, B9, EA, C1, 75] .text C:\Windows\system32\taskeng.exe[4280] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile + 8 00000000771e1868 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\taskeng.exe[4280] C:\Windows\SYSTEM32\ntdll.dll!NtSetValueKey 00000000771e1910 6 bytes [48, B8, B9, F1, C1, 75] .text C:\Windows\system32\taskeng.exe[4280] C:\Windows\SYSTEM32\ntdll.dll!NtSetValueKey + 8 00000000771e1918 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\taskeng.exe[4280] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000771e1ce0 6 bytes [48, B8, 39, E7, C1, 75] .text C:\Windows\system32\taskeng.exe[4280] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant + 8 00000000771e1ce8 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\taskeng.exe[4280] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcess 00000000771e1d30 6 bytes [48, B8, 79, 28, C1, 75] .text C:\Windows\system32\taskeng.exe[4280] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcess + 8 00000000771e1d38 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\taskeng.exe[4280] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000771e1d90 6 bytes [48, B8, F9, 24, C1, 75] .text C:\Windows\system32\taskeng.exe[4280] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx + 8 00000000771e1d98 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\taskeng.exe[4280] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000771e2100 6 bytes [48, B8, 39, D2, C1, 75] .text C:\Windows\system32\taskeng.exe[4280] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver + 8 00000000771e2108 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\taskeng.exe[4280] C:\Windows\SYSTEM32\ntdll.dll!NtRaiseHardError 00000000771e2640 6 bytes [48, B8, 39, 7E, C1, 75] .text C:\Windows\system32\taskeng.exe[4280] C:\Windows\SYSTEM32\ntdll.dll!NtRaiseHardError + 8 00000000771e2648 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\taskeng.exe[4280] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000771e2840 6 bytes [48, B8, 39, 31, C1, 75] .text C:\Windows\system32\taskeng.exe[4280] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread + 8 00000000771e2848 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\taskeng.exe[4280] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000771e2a00 6 bytes [48, B8, F9, D3, C1, 75] .text C:\Windows\system32\taskeng.exe[4280] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation + 8 00000000771e2a08 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\taskeng.exe[4280] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000771e2b00 6 bytes [48, B8, F9, EF, C1, 75] .text C:\Windows\system32\taskeng.exe[4280] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl + 8 00000000771e2b08 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\taskeng.exe[4280] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000771e2be0 6 bytes [48, B8, F9, E1, C1, 75] .text C:\Windows\system32\taskeng.exe[4280] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl + 8 00000000771e2be8 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\taskeng.exe[4280] C:\Windows\SYSTEM32\ntdll.dll!RtlReportException + 1 00000000772531f1 11 bytes [B8, F9, 7F, C1, 75, 00, 00, ...] .text C:\Windows\system32\taskeng.exe[4280] C:\Windows\system32\kernel32.dll!Process32NextW + 1 00000000770720f1 11 bytes [B8, B9, CE, C1, 75, 00, 00, ...] .text C:\Windows\system32\taskeng.exe[4280] C:\Windows\system32\kernel32.dll!CreateToolhelp32Snapshot 00000000770721e0 12 bytes [48, B8, F9, 39, C1, 75, 00, ...] .text C:\Windows\system32\taskeng.exe[4280] C:\Windows\system32\kernel32.dll!CreateProcessInternalW 000000007708e750 12 bytes [48, B8, B9, 2D, C1, 75, 00, ...] .text C:\Windows\system32\taskeng.exe[4280] C:\Windows\system32\kernel32.dll!GetStartupInfoA + 1 0000000077091e31 11 bytes [B8, 39, E0, C1, 75, 00, 00, ...] .text C:\Windows\system32\taskeng.exe[4280] C:\Windows\system32\kernel32.dll!ReadConsoleInputW + 1 00000000770c5011 11 bytes [B8, 79, 75, C1, 75, 00, 00, ...] .text C:\Windows\system32\taskeng.exe[4280] C:\Windows\system32\kernel32.dll!ReadConsoleInputA + 1 00000000770c5031 11 bytes [B8, F9, 71, C1, 75, 00, 00, ...] .text C:\Windows\system32\taskeng.exe[4280] C:\Windows\system32\kernel32.dll!ReadConsoleW 00000000770da560 12 bytes [48, B8, 79, 7C, C1, 75, 00, ...] .text C:\Windows\system32\taskeng.exe[4280] C:\Windows\system32\kernel32.dll!ReadConsoleA 00000000770da670 12 bytes [48, B8, F9, 78, C1, 75, 00, ...] .text C:\Windows\system32\taskeng.exe[4280] C:\Windows\system32\KERNELBASE.dll!CloseHandle + 1 000007fefd441861 11 bytes [B8, 39, 4D, C1, 75, 00, 00, ...] .text C:\Windows\system32\taskeng.exe[4280] C:\Windows\system32\KERNELBASE.dll!GetProcAddress + 1 000007fefd4430f1 11 bytes [B8, 39, C4, C1, 75, 00, 00, ...] .text C:\Windows\system32\taskeng.exe[4280] C:\Windows\system32\KERNELBASE.dll!CreateMutexW 000007fefd448b80 12 bytes [48, B8, 79, 4B, C1, 75, 00, ...] .text C:\Windows\system32\taskeng.exe[4280] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd449940 12 bytes [48, B8, B9, C0, C1, 75, 00, ...] .text C:\Windows\system32\taskeng.exe[4280] C:\Windows\system32\KERNELBASE.dll!FreeLibrary + 1 000007fefd449fb1 11 bytes [B8, 79, C2, C1, 75, 00, 00, ...] .text C:\Windows\system32\taskeng.exe[4280] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExA + 1 000007fefd44bbb1 11 bytes [B8, F9, BE, C1, 75, 00, 00, ...] .text C:\Windows\system32\taskeng.exe[4280] C:\Windows\system32\KERNELBASE.dll!OpenMutexW + 1 000007fefd4529c1 11 bytes [B8, B9, 49, C1, 75, 00, 00, ...] .text C:\Windows\system32\taskeng.exe[4280] C:\Windows\system32\KERNELBASE.dll!WriteProcessMemory 000007fefd474320 12 bytes [48, B8, 79, 3D, C1, 75, 00, ...] .text C:\Windows\system32\taskeng.exe[4280] C:\Windows\system32\KERNELBASE.dll!CreateRemoteThread + 1 000007fefd482841 8 bytes [B8, 39, 23, C1, 75, 00, 00, ...] .text C:\Windows\system32\taskeng.exe[4280] C:\Windows\system32\KERNELBASE.dll!CreateRemoteThread + 10 000007fefd48284a 2 bytes [50, C3] .text C:\Windows\system32\taskeng.exe[4280] C:\Windows\system32\KERNELBASE.dll!CreateThread + 1 000007fefd482881 11 bytes [B8, B9, 3B, C1, 75, 00, 00, ...] .text C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe[1484] C:\Windows\SysWOW64\ntdll.dll!DbgBreakPoint 000000007738000c 1 byte [C3] .text C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe[1484] C:\Windows\SysWOW64\ntdll.dll!NtWriteFile 000000007738f908 5 bytes JMP 00000001741e6661 .text C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe[1484] C:\Windows\SysWOW64\ntdll.dll!NtClose 000000007738f9c0 5 bytes JMP 00000001741e5f11 .text C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe[1484] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationProcess 000000007738fb08 5 bytes JMP 00000001741e5971 .text C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe[1484] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess 000000007738fc00 5 bytes JMP 00000001741e3061 .text C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe[1484] C:\Windows\SysWOW64\ntdll.dll!NtMapViewOfSection 000000007738fc30 5 bytes JMP 00000001741e15f1 .text C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe[1484] C:\Windows\SysWOW64\ntdll.dll!NtUnmapViewOfSection 000000007738fc60 5 bytes JMP 00000001741e1681 .text C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe[1484] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 000000007738fc90 5 bytes JMP 00000001741e58e1 .text C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe[1484] C:\Windows\SysWOW64\ntdll.dll!NtOpenSection 000000007738fda8 5 bytes JMP 00000001741e65d1 .text C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe[1484] C:\Windows\SysWOW64\ntdll.dll!NtWriteVirtualMemory 000000007738fdf4 5 bytes JMP 00000001741e2f41 .text C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe[1484] C:\Windows\SysWOW64\ntdll.dll!NtDuplicateObject 000000007738fe24 5 bytes JMP 00000001741e3181 .text C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe[1484] C:\Windows\SysWOW64\ntdll.dll!NtQueueApcThread 000000007738ff04 5 bytes JMP 00000001741e30f1 .text C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe[1484] C:\Windows\SysWOW64\ntdll.dll!NtCreateSection 000000007738ff84 5 bytes JMP 00000001741e66f1 .text C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe[1484] C:\Windows\SysWOW64\ntdll.dll!NtCreateProcessEx 000000007738ffcc 5 bytes JMP 00000001741e2d91 .text C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe[1484] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread 000000007738ffe4 5 bytes JMP 00000001741e2c71 .text C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe[1484] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile 0000000077390094 5 bytes JMP 00000001741e1e61 .text C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe[1484] C:\Windows\SysWOW64\ntdll.dll!NtSetValueKey 00000000773901a4 5 bytes JMP 00000001741e2251 .text C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe[1484] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant 000000007739077c 5 bytes JMP 00000001741e6541 .text C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe[1484] C:\Windows\SysWOW64\ntdll.dll!NtCreateProcess 00000000773907f4 5 bytes JMP 00000001741e2d01 .text C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe[1484] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx 0000000077390884 5 bytes JMP 00000001741e2be1 .text C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe[1484] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver 0000000077390dd4 5 bytes JMP 00000001741e5fa1 .text C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe[1484] C:\Windows\SysWOW64\ntdll.dll!NtRaiseHardError 00000000773915e4 5 bytes JMP 00000001741e4651 .text C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe[1484] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread 0000000077391900 5 bytes JMP 00000001741e2fd1 .text C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe[1484] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation 0000000077391bc4 5 bytes JMP 00000001741e6031 .text C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe[1484] C:\Windows\SysWOW64\ntdll.dll!NtSystemDebugControl 0000000077391d6c 5 bytes JMP 00000001741e6781 .text C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe[1484] C:\Windows\SysWOW64\ntdll.dll!NtVdmControl 0000000077391ec8 5 bytes JMP 00000001741e6391 .text C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe[1484] C:\Windows\SysWOW64\ntdll.dll!RtlQueryPerformanceCounter 00000000773a88a4 5 bytes JMP 00000001741e1a71 .text C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe[1484] C:\Windows\SysWOW64\ntdll.dll!RtlCreateProcessParametersEx 00000000773d0cfb 5 bytes JMP 00000001741e1f81 .text C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe[1484] C:\Windows\SysWOW64\ntdll.dll!DbgUiRemoteBreakin 000000007740f85a 5 bytes JMP 00000001773bd571 .text C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe[1484] C:\Windows\SysWOW64\ntdll.dll!RtlReportException 000000007741857f 5 bytes JMP 00000001741e46e1 .text C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe[1484] C:\Windows\SysWOW64\ntdll.dll!RtlCreateProcessParameters 000000007741e81b 5 bytes JMP 00000001741e1ef1 .text C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe[1484] C:\Windows\syswow64\kernel32.dll!GetStartupInfoA 00000000764a0e00 5 bytes JMP 00000001741e1d41 .text C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe[1484] C:\Windows\syswow64\kernel32.dll!CreateProcessA 00000000764a1072 5 bytes JMP 00000001741e2911 .text C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe[1484] C:\Windows\syswow64\kernel32.dll!LoadLibraryA 00000000764a49bf 5 bytes JMP 00000001741e2521 .text C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe[1484] C:\Windows\syswow64\kernel32.dll!CreateProcessInternalW 00000000764b3bdb 5 bytes JMP 00000001741e2eb1 .text C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe[1484] C:\Windows\syswow64\kernel32.dll!CreateToolhelp32Snapshot 00000000764c7347 5 bytes JMP 00000001741e2641 .text C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe[1484] C:\Windows\syswow64\kernel32.dll!Process32NextW 00000000764c8954 5 bytes JMP 00000001741e5e81 .text C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe[1484] C:\Windows\syswow64\kernel32.dll!WinExec 0000000076522c91 5 bytes JMP 00000001741e27f1 .text C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe[1484] C:\Windows\syswow64\kernel32.dll!ReadConsoleInputA 0000000076546f6b 5 bytes JMP 00000001741e4261 .text C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe[1484] C:\Windows\syswow64\kernel32.dll!ReadConsoleInputW 0000000076546f8e 5 bytes JMP 00000001741e4381 .text C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe[1484] C:\Windows\syswow64\kernel32.dll!ReadConsoleA 0000000076547339 5 bytes JMP 00000001741e44a1 .text C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe[1484] C:\Windows\syswow64\kernel32.dll!ReadConsoleW 00000000765473b2 5 bytes JMP 00000001741e45c1 .text C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe[1484] C:\Windows\syswow64\KERNELBASE.dll!GetSystemTimeAsFileTime 00000000750d8f7d 5 bytes JMP 00000001741e19e1 .text C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe[1484] C:\Windows\syswow64\KERNELBASE.dll!CloseHandle 00000000750dc428 5 bytes JMP 00000001741e37b1 .text C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe[1484] C:\Windows\syswow64\KERNELBASE.dll!WriteProcessMemory 00000000750dec98 5 bytes JMP 00000001741e32a1 .text C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe[1484] C:\Windows\syswow64\KERNELBASE.dll!ExitProcess 00000000750df1f8 4 bytes JMP 00000001741e22e1 .text C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe[1484] C:\Windows\syswow64\KERNELBASE.dll!GetStartupInfoW 00000000750dfa7b 5 bytes JMP 00000001741e1dd1 .text C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe[1484] C:\Windows\syswow64\KERNELBASE.dll!CreateMutexW 00000000750e134a 5 bytes JMP 00000001741e3721 .text C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe[1484] C:\Windows\syswow64\KERNELBASE.dll!OpenMutexW 00000000750e1371 5 bytes JMP 00000001741e3691 .text C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe[1484] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 00000000750e1d1b 5 bytes JMP 00000001741e1951 .text C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe[1484] C:\Windows\syswow64\KERNELBASE.dll!GetProcAddress 00000000750e1e07 5 bytes JMP 00000001741e2401 .text C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe[1484] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 00000000750e2aa4 5 bytes JMP 00000001741e5a91 .text C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe[1484] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExA 00000000750e2ccc 5 bytes JMP 00000001741e5a01 .text C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe[1484] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 00000000750e2d0a 5 bytes JMP 00000001741e5b21 .text C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe[1484] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleA 00000000750e2e6d 5 bytes JMP 00000001741e18c1 .text C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe[1484] C:\Windows\syswow64\KERNELBASE.dll!SleepEx 00000000750e3b63 5 bytes JMP 00000001741e21c1 .text C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe[1484] C:\Windows\syswow64\KERNELBASE.dll!Sleep 00000000750e4489 5 bytes JMP 00000001741e2371 .text C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe[1484] C:\Windows\syswow64\KERNELBASE.dll!CreateThread 00000000750e45fb 5 bytes JMP 00000001741e3211 .text C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe[1484] C:\Windows\syswow64\KERNELBASE.dll!CreateRemoteThread 00000000750e4624 5 bytes JMP 00000001741e2b51 .text C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe[1484] C:\Windows\syswow64\KERNELBASE.dll!CreateFileA 00000000750ec72c 5 bytes JMP 00000001741e26d1 .text C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe[1484] C:\Windows\syswow64\ADVAPI32.dll!OpenServiceW 0000000076e8ca4c 5 bytes JMP 00000001741e38d1 .text C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe[1484] C:\Windows\syswow64\ADVAPI32.dll!OpenServiceA 0000000076e92bf0 5 bytes JMP 00000001741e3841 .text C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe[1484] C:\Windows\syswow64\ADVAPI32.dll!CloseServiceHandle 0000000076e9369c 5 bytes JMP 00000001741e3cc1 .text C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe[1484] C:\Windows\syswow64\ADVAPI32.dll!RegOpenKeyExA + 222 0000000076e949e5 5 bytes JMP 00000001741e6811 .text C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe[1484] C:\Windows\syswow64\ADVAPI32.dll!CreateServiceW 0000000076ea712c 5 bytes JMP 00000001741e3f01 .text C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe[1484] C:\Windows\syswow64\ADVAPI32.dll!ControlService 0000000076ea7144 5 bytes JMP 00000001741e3a81 .text C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe[1484] C:\Windows\syswow64\ADVAPI32.dll!DeleteService 0000000076ea715c 5 bytes JMP 00000001741e3b11 .text C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe[1484] C:\Windows\syswow64\ADVAPI32.dll!ChangeServiceConfigA 0000000076ec30e8 5 bytes JMP 00000001741e3ba1 .text C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe[1484] C:\Windows\syswow64\ADVAPI32.dll!ChangeServiceConfigW 0000000076ec30f8 5 bytes JMP 00000001741e3c31 .text C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe[1484] C:\Windows\syswow64\ADVAPI32.dll!ControlServiceExA 0000000076ec3108 5 bytes JMP 00000001741e3961 .text C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe[1484] C:\Windows\syswow64\ADVAPI32.dll!ControlServiceExW 0000000076ec3118 5 bytes JMP 00000001741e39f1 .text C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe[1484] C:\Windows\syswow64\ADVAPI32.dll!CreateServiceA 0000000076ec3158 5 bytes JMP 00000001741e3e71 .text C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe[1484] C:\Windows\syswow64\SHELL32.dll!Shell_NotifyIconW 0000000075860171 5 bytes JMP 00000001741e4891 .text C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe[1484] C:\Windows\syswow64\urlmon.dll!URLDownloadToCacheFileW 0000000075158fb0 5 bytes JMP 00000001741e3d51 .text C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe[1484] C:\Windows\syswow64\urlmon.dll!URLDownloadToFileW 00000000751b6ade 5 bytes JMP 00000001741e2131 .text C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe[1484] C:\Windows\syswow64\urlmon.dll!URLDownloadToFileA 00000000751b6cb8 5 bytes JMP 00000001741e29a1 .text C:\Program Files\Windows Sidebar\sidebar.exe[4616] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateProcessParametersEx + 1 00000000771c92a1 5 bytes [B8, F9, 63, C1, 75] .text C:\Program Files\Windows Sidebar\sidebar.exe[4616] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateProcessParametersEx + 7 00000000771c92a7 5 bytes [00, 00, 00, 50, C3] .text C:\Program Files\Windows Sidebar\sidebar.exe[4616] C:\Windows\SYSTEM32\ntdll.dll!NtWriteFile 00000000771e1390 6 bytes [48, B8, 79, EC, C1, 75] .text C:\Program Files\Windows Sidebar\sidebar.exe[4616] C:\Windows\SYSTEM32\ntdll.dll!NtWriteFile + 8 00000000771e1398 4 bytes [00, 00, 50, C3] .text C:\Program Files\Windows Sidebar\sidebar.exe[4616] C:\Windows\SYSTEM32\ntdll.dll!NtClose 00000000771e1400 6 bytes [48, B8, 79, D0, C1, 75] .text C:\Program Files\Windows Sidebar\sidebar.exe[4616] C:\Windows\SYSTEM32\ntdll.dll!NtClose + 8 00000000771e1408 4 bytes [00, 00, 50, C3] .text C:\Program Files\Windows Sidebar\sidebar.exe[4616] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess 00000000771e14d0 6 bytes [48, B8, 39, BD, C1, 75] .text C:\Program Files\Windows Sidebar\sidebar.exe[4616] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess + 8 00000000771e14d8 4 bytes [00, 00, 50, C3] .text C:\Program Files\Windows Sidebar\sidebar.exe[4616] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000771e1570 6 bytes [48, B8, F9, 32, C1, 75] .text C:\Program Files\Windows Sidebar\sidebar.exe[4616] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess + 8 00000000771e1578 4 bytes [00, 00, 50, C3] .text C:\Program Files\Windows Sidebar\sidebar.exe[4616] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 00000000771e1590 6 bytes [48, B8, 39, 1C, C1, 75] .text C:\Program Files\Windows Sidebar\sidebar.exe[4616] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection + 8 00000000771e1598 4 bytes [00, 00, 50, C3] .text C:\Program Files\Windows Sidebar\sidebar.exe[4616] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection 00000000771e15b0 6 bytes [48, B8, F9, 1D, C1, 75] .text C:\Program Files\Windows Sidebar\sidebar.exe[4616] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection + 8 00000000771e15b8 4 bytes [00, 00, 50, C3] .text C:\Program Files\Windows Sidebar\sidebar.exe[4616] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000771e15d0 6 bytes [48, B8, 79, BB, C1, 75] .text C:\Program Files\Windows Sidebar\sidebar.exe[4616] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess + 8 00000000771e15d8 4 bytes [00, 00, 50, C3] .text C:\Program Files\Windows Sidebar\sidebar.exe[4616] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000771e1680 6 bytes [48, B8, F9, E8, C1, 75] .text C:\Program Files\Windows Sidebar\sidebar.exe[4616] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection + 8 00000000771e1688 4 bytes [00, 00, 50, C3] .text C:\Program Files\Windows Sidebar\sidebar.exe[4616] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000771e16b0 6 bytes [48, B8, 79, 2F, C1, 75] .text C:\Program Files\Windows Sidebar\sidebar.exe[4616] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory + 8 00000000771e16b8 4 bytes [00, 00, 50, C3] .text C:\Program Files\Windows Sidebar\sidebar.exe[4616] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000771e16d0 6 bytes [48, B8, 79, 36, C1, 75] .text C:\Program Files\Windows Sidebar\sidebar.exe[4616] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject + 8 00000000771e16d8 4 bytes [00, 00, 50, C3] .text C:\Program Files\Windows Sidebar\sidebar.exe[4616] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 00000000771e1760 6 bytes [48, B8, B9, 34, C1, 75] .text C:\Program Files\Windows Sidebar\sidebar.exe[4616] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread + 8 00000000771e1768 4 bytes [00, 00, 50, C3] .text C:\Program Files\Windows Sidebar\sidebar.exe[4616] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000771e17b0 6 bytes [48, B8, 39, EE, C1, 75] .text C:\Program Files\Windows Sidebar\sidebar.exe[4616] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection + 8 00000000771e17b8 4 bytes [00, 00, 50, C3] .text C:\Program Files\Windows Sidebar\sidebar.exe[4616] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcessEx 00000000771e17e0 6 bytes [48, B8, 39, 2A, C1, 75] .text C:\Program Files\Windows Sidebar\sidebar.exe[4616] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcessEx + 8 00000000771e17e8 4 bytes [00, 00, 50, C3] .text C:\Program Files\Windows Sidebar\sidebar.exe[4616] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000771e17f0 6 bytes [48, B8, B9, 26, C1, 75] .text C:\Program Files\Windows Sidebar\sidebar.exe[4616] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread + 8 00000000771e17f8 4 bytes [00, 00, 50, C3] .text C:\Program Files\Windows Sidebar\sidebar.exe[4616] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 00000000771e1860 6 bytes [48, B8, B9, EA, C1, 75] .text C:\Program Files\Windows Sidebar\sidebar.exe[4616] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile + 8 00000000771e1868 4 bytes [00, 00, 50, C3] .text C:\Program Files\Windows Sidebar\sidebar.exe[4616] C:\Windows\SYSTEM32\ntdll.dll!NtSetValueKey 00000000771e1910 6 bytes [48, B8, B9, F1, C1, 75] .text C:\Program Files\Windows Sidebar\sidebar.exe[4616] C:\Windows\SYSTEM32\ntdll.dll!NtSetValueKey + 8 00000000771e1918 4 bytes [00, 00, 50, C3] .text C:\Program Files\Windows Sidebar\sidebar.exe[4616] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000771e1ce0 6 bytes [48, B8, 39, E7, C1, 75] .text C:\Program Files\Windows Sidebar\sidebar.exe[4616] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant + 8 00000000771e1ce8 4 bytes [00, 00, 50, C3] .text C:\Program Files\Windows Sidebar\sidebar.exe[4616] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcess 00000000771e1d30 6 bytes [48, B8, 79, 28, C1, 75] .text C:\Program Files\Windows Sidebar\sidebar.exe[4616] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcess + 8 00000000771e1d38 4 bytes [00, 00, 50, C3] .text C:\Program Files\Windows Sidebar\sidebar.exe[4616] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000771e1d90 6 bytes [48, B8, F9, 24, C1, 75] .text C:\Program Files\Windows Sidebar\sidebar.exe[4616] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx + 8 00000000771e1d98 4 bytes [00, 00, 50, C3] .text C:\Program Files\Windows Sidebar\sidebar.exe[4616] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000771e2100 6 bytes [48, B8, 39, D2, C1, 75] .text C:\Program Files\Windows Sidebar\sidebar.exe[4616] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver + 8 00000000771e2108 4 bytes [00, 00, 50, C3] .text C:\Program Files\Windows Sidebar\sidebar.exe[4616] C:\Windows\SYSTEM32\ntdll.dll!NtRaiseHardError 00000000771e2640 6 bytes [48, B8, 39, 7E, C1, 75] .text C:\Program Files\Windows Sidebar\sidebar.exe[4616] C:\Windows\SYSTEM32\ntdll.dll!NtRaiseHardError + 8 00000000771e2648 4 bytes [00, 00, 50, C3] .text C:\Program Files\Windows Sidebar\sidebar.exe[4616] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000771e2840 6 bytes [48, B8, 39, 31, C1, 75] .text C:\Program Files\Windows Sidebar\sidebar.exe[4616] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread + 8 00000000771e2848 4 bytes [00, 00, 50, C3] .text C:\Program Files\Windows Sidebar\sidebar.exe[4616] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000771e2a00 6 bytes [48, B8, F9, D3, C1, 75] .text C:\Program Files\Windows Sidebar\sidebar.exe[4616] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation + 8 00000000771e2a08 4 bytes [00, 00, 50, C3] .text C:\Program Files\Windows Sidebar\sidebar.exe[4616] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000771e2b00 6 bytes [48, B8, F9, EF, C1, 75] .text C:\Program Files\Windows Sidebar\sidebar.exe[4616] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl + 8 00000000771e2b08 4 bytes [00, 00, 50, C3] .text C:\Program Files\Windows Sidebar\sidebar.exe[4616] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000771e2be0 6 bytes [48, B8, F9, E1, C1, 75] .text C:\Program Files\Windows Sidebar\sidebar.exe[4616] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl + 8 00000000771e2be8 4 bytes [00, 00, 50, C3] .text C:\Program Files\Windows Sidebar\sidebar.exe[4616] C:\Windows\SYSTEM32\ntdll.dll!RtlReportException + 1 00000000772531f1 11 bytes [B8, F9, 7F, C1, 75, 00, 00, ...] .text C:\Program Files\Windows Sidebar\sidebar.exe[4616] C:\Windows\system32\kernel32.dll!Process32NextW + 1 00000000770720f1 11 bytes [B8, B9, CE, C1, 75, 00, 00, ...] .text C:\Program Files\Windows Sidebar\sidebar.exe[4616] C:\Windows\system32\kernel32.dll!CreateToolhelp32Snapshot 00000000770721e0 12 bytes [48, B8, F9, 39, C1, 75, 00, ...] .text C:\Program Files\Windows Sidebar\sidebar.exe[4616] C:\Windows\system32\kernel32.dll!CreateProcessInternalW 000000007708e750 12 bytes [48, B8, B9, 2D, C1, 75, 00, ...] .text C:\Program Files\Windows Sidebar\sidebar.exe[4616] C:\Windows\system32\kernel32.dll!GetStartupInfoA + 1 0000000077091e31 11 bytes [B8, 39, E0, C1, 75, 00, 00, ...] .text C:\Program Files\Windows Sidebar\sidebar.exe[4616] C:\Windows\system32\kernel32.dll!ReadConsoleInputW + 1 00000000770c5011 11 bytes [B8, 79, 75, C1, 75, 00, 00, ...] .text C:\Program Files\Windows Sidebar\sidebar.exe[4616] C:\Windows\system32\kernel32.dll!ReadConsoleInputA + 1 00000000770c5031 11 bytes [B8, F9, 71, C1, 75, 00, 00, ...] .text C:\Program Files\Windows Sidebar\sidebar.exe[4616] C:\Windows\system32\kernel32.dll!ReadConsoleW 00000000770da560 12 bytes [48, B8, 79, 7C, C1, 75, 00, ...] .text C:\Program Files\Windows Sidebar\sidebar.exe[4616] C:\Windows\system32\kernel32.dll!ReadConsoleA 00000000770da670 12 bytes [48, B8, F9, 78, C1, 75, 00, ...] .text C:\Program Files\Windows Sidebar\sidebar.exe[4616] C:\Windows\system32\KERNELBASE.dll!CloseHandle + 1 000007fefd441861 11 bytes [B8, 39, 4D, C1, 75, 00, 00, ...] .text C:\Program Files\Windows Sidebar\sidebar.exe[4616] C:\Windows\system32\KERNELBASE.dll!GetProcAddress + 1 000007fefd4430f1 11 bytes [B8, 39, C4, C1, 75, 00, 00, ...] .text C:\Program Files\Windows Sidebar\sidebar.exe[4616] C:\Windows\system32\KERNELBASE.dll!CreateMutexW 000007fefd448b80 12 bytes [48, B8, 79, 4B, C1, 75, 00, ...] .text C:\Program Files\Windows Sidebar\sidebar.exe[4616] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd449940 12 bytes [48, B8, B9, C0, C1, 75, 00, ...] .text C:\Program Files\Windows Sidebar\sidebar.exe[4616] C:\Windows\system32\KERNELBASE.dll!FreeLibrary + 1 000007fefd449fb1 11 bytes [B8, 79, C2, C1, 75, 00, 00, ...] .text C:\Program Files\Windows Sidebar\sidebar.exe[4616] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExA + 1 000007fefd44bbb1 11 bytes [B8, F9, BE, C1, 75, 00, 00, ...] .text C:\Program Files\Windows Sidebar\sidebar.exe[4616] C:\Windows\system32\KERNELBASE.dll!OpenMutexW + 1 000007fefd4529c1 11 bytes [B8, B9, 49, C1, 75, 00, 00, ...] .text C:\Program Files\Windows Sidebar\sidebar.exe[4616] C:\Windows\system32\KERNELBASE.dll!WriteProcessMemory 000007fefd474320 12 bytes [48, B8, 79, 3D, C1, 75, 00, ...] .text C:\Program Files\Windows Sidebar\sidebar.exe[4616] C:\Windows\system32\KERNELBASE.dll!CreateRemoteThread + 1 000007fefd482841 8 bytes [B8, 39, 23, C1, 75, 00, 00, ...] .text C:\Program Files\Windows Sidebar\sidebar.exe[4616] C:\Windows\system32\KERNELBASE.dll!CreateRemoteThread + 10 000007fefd48284a 2 bytes [50, C3] .text C:\Program Files\Windows Sidebar\sidebar.exe[4616] C:\Windows\system32\KERNELBASE.dll!CreateThread + 1 000007fefd482881 11 bytes [B8, B9, 3B, C1, 75, 00, 00, ...] .text C:\Program Files\Windows Sidebar\sidebar.exe[4616] C:\Windows\SYSTEM32\sechost.dll!ControlService + 1 000007fefd77642d 11 bytes [B8, F9, 55, C1, 75, 00, 00, ...] .text C:\Program Files\Windows Sidebar\sidebar.exe[4616] C:\Windows\SYSTEM32\sechost.dll!OpenServiceW 000007fefd776484 12 bytes [48, B8, B9, 50, C1, 75, 00, ...] .text C:\Program Files\Windows Sidebar\sidebar.exe[4616] C:\Windows\SYSTEM32\sechost.dll!CloseServiceHandle + 1 000007fefd776519 11 bytes [B8, F9, 5C, C1, 75, 00, 00, ...] .text C:\Program Files\Windows Sidebar\sidebar.exe[4616] C:\Windows\SYSTEM32\sechost.dll!OpenServiceA 000007fefd776c34 12 bytes [48, B8, F9, 4E, C1, 75, 00, ...] .text C:\Program Files\Windows Sidebar\sidebar.exe[4616] C:\Windows\SYSTEM32\sechost.dll!DeleteService + 1 000007fefd777ab5 11 bytes [B8, B9, 57, C1, 75, 00, 00, ...] .text C:\Program Files\Windows Sidebar\sidebar.exe[4616] C:\Windows\SYSTEM32\sechost.dll!ControlServiceExA + 1 000007fefd778b01 11 bytes [B8, 79, 52, C1, 75, 00, 00, ...] .text C:\Program Files\Windows Sidebar\sidebar.exe[4616] C:\Windows\SYSTEM32\sechost.dll!ControlServiceExW + 1 000007fefd778c39 11 bytes [B8, 39, 54, C1, 75, 00, 00, ...] .text C:\Program Files\Windows Sidebar\sidebar.exe[4616] C:\Windows\system32\urlmon.dll!URLDownloadToFileW + 1 000007fefe9e9959 11 bytes [B8, B9, 5E, C1, 75, 00, 00, ...] .text C:\Program Files\Windows Sidebar\sidebar.exe[4616] C:\Windows\system32\urlmon.dll!URLDownloadToCacheFileW 000007fefe9e9a38 12 bytes [48, B8, 79, 60, C1, 75, 00, ...] .text C:\Windows\system32\taskeng.exe[5380] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateProcessParametersEx + 1 00000000771c92a1 5 bytes [B8, F9, 63, C1, 75] .text C:\Windows\system32\taskeng.exe[5380] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateProcessParametersEx + 7 00000000771c92a7 5 bytes [00, 00, 00, 50, C3] .text C:\Windows\system32\taskeng.exe[5380] C:\Windows\SYSTEM32\ntdll.dll!NtWriteFile 00000000771e1390 6 bytes [48, B8, 79, EC, C1, 75] .text C:\Windows\system32\taskeng.exe[5380] C:\Windows\SYSTEM32\ntdll.dll!NtWriteFile + 8 00000000771e1398 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\taskeng.exe[5380] C:\Windows\SYSTEM32\ntdll.dll!NtClose 00000000771e1400 6 bytes [48, B8, 79, D0, C1, 75] .text C:\Windows\system32\taskeng.exe[5380] C:\Windows\SYSTEM32\ntdll.dll!NtClose + 8 00000000771e1408 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\taskeng.exe[5380] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess 00000000771e14d0 6 bytes [48, B8, 39, BD, C1, 75] .text C:\Windows\system32\taskeng.exe[5380] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess + 8 00000000771e14d8 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\taskeng.exe[5380] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000771e1570 6 bytes [48, B8, F9, 32, C1, 75] .text C:\Windows\system32\taskeng.exe[5380] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess + 8 00000000771e1578 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\taskeng.exe[5380] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 00000000771e1590 6 bytes [48, B8, 39, 1C, C1, 75] .text C:\Windows\system32\taskeng.exe[5380] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection + 8 00000000771e1598 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\taskeng.exe[5380] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection 00000000771e15b0 6 bytes [48, B8, F9, 1D, C1, 75] .text C:\Windows\system32\taskeng.exe[5380] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection + 8 00000000771e15b8 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\taskeng.exe[5380] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000771e15d0 6 bytes [48, B8, 79, BB, C1, 75] .text C:\Windows\system32\taskeng.exe[5380] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess + 8 00000000771e15d8 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\taskeng.exe[5380] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000771e1680 6 bytes [48, B8, F9, E8, C1, 75] .text C:\Windows\system32\taskeng.exe[5380] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection + 8 00000000771e1688 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\taskeng.exe[5380] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000771e16b0 6 bytes [48, B8, 79, 2F, C1, 75] .text C:\Windows\system32\taskeng.exe[5380] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory + 8 00000000771e16b8 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\taskeng.exe[5380] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000771e16d0 6 bytes [48, B8, 79, 36, C1, 75] .text C:\Windows\system32\taskeng.exe[5380] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject + 8 00000000771e16d8 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\taskeng.exe[5380] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 00000000771e1760 6 bytes [48, B8, B9, 34, C1, 75] .text C:\Windows\system32\taskeng.exe[5380] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread + 8 00000000771e1768 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\taskeng.exe[5380] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000771e17b0 6 bytes [48, B8, 39, EE, C1, 75] .text C:\Windows\system32\taskeng.exe[5380] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection + 8 00000000771e17b8 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\taskeng.exe[5380] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcessEx 00000000771e17e0 6 bytes [48, B8, 39, 2A, C1, 75] .text C:\Windows\system32\taskeng.exe[5380] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcessEx + 8 00000000771e17e8 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\taskeng.exe[5380] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000771e17f0 6 bytes [48, B8, B9, 26, C1, 75] .text C:\Windows\system32\taskeng.exe[5380] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread + 8 00000000771e17f8 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\taskeng.exe[5380] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 00000000771e1860 6 bytes [48, B8, B9, EA, C1, 75] .text C:\Windows\system32\taskeng.exe[5380] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile + 8 00000000771e1868 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\taskeng.exe[5380] C:\Windows\SYSTEM32\ntdll.dll!NtSetValueKey 00000000771e1910 6 bytes [48, B8, B9, F1, C1, 75] .text C:\Windows\system32\taskeng.exe[5380] C:\Windows\SYSTEM32\ntdll.dll!NtSetValueKey + 8 00000000771e1918 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\taskeng.exe[5380] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000771e1ce0 6 bytes [48, B8, 39, E7, C1, 75] .text C:\Windows\system32\taskeng.exe[5380] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant + 8 00000000771e1ce8 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\taskeng.exe[5380] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcess 00000000771e1d30 6 bytes [48, B8, 79, 28, C1, 75] .text C:\Windows\system32\taskeng.exe[5380] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcess + 8 00000000771e1d38 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\taskeng.exe[5380] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000771e1d90 6 bytes [48, B8, F9, 24, C1, 75] .text C:\Windows\system32\taskeng.exe[5380] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx + 8 00000000771e1d98 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\taskeng.exe[5380] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000771e2100 6 bytes [48, B8, 39, D2, C1, 75] .text C:\Windows\system32\taskeng.exe[5380] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver + 8 00000000771e2108 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\taskeng.exe[5380] C:\Windows\SYSTEM32\ntdll.dll!NtRaiseHardError 00000000771e2640 6 bytes [48, B8, 39, 7E, C1, 75] .text C:\Windows\system32\taskeng.exe[5380] C:\Windows\SYSTEM32\ntdll.dll!NtRaiseHardError + 8 00000000771e2648 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\taskeng.exe[5380] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000771e2840 6 bytes [48, B8, 39, 31, C1, 75] .text C:\Windows\system32\taskeng.exe[5380] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread + 8 00000000771e2848 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\taskeng.exe[5380] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000771e2a00 6 bytes [48, B8, F9, D3, C1, 75] .text C:\Windows\system32\taskeng.exe[5380] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation + 8 00000000771e2a08 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\taskeng.exe[5380] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000771e2b00 6 bytes [48, B8, F9, EF, C1, 75] .text C:\Windows\system32\taskeng.exe[5380] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl + 8 00000000771e2b08 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\taskeng.exe[5380] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000771e2be0 6 bytes [48, B8, F9, E1, C1, 75] .text C:\Windows\system32\taskeng.exe[5380] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl + 8 00000000771e2be8 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\taskeng.exe[5380] C:\Windows\SYSTEM32\ntdll.dll!RtlReportException + 1 00000000772531f1 11 bytes [B8, F9, 7F, C1, 75, 00, 00, ...] .text C:\Windows\system32\taskeng.exe[5380] C:\Windows\system32\kernel32.dll!Process32NextW + 1 00000000770720f1 11 bytes [B8, B9, CE, C1, 75, 00, 00, ...] .text C:\Windows\system32\taskeng.exe[5380] C:\Windows\system32\kernel32.dll!CreateToolhelp32Snapshot 00000000770721e0 12 bytes [48, B8, F9, 39, C1, 75, 00, ...] .text C:\Windows\system32\taskeng.exe[5380] C:\Windows\system32\kernel32.dll!CreateProcessInternalW 000000007708e750 12 bytes [48, B8, B9, 2D, C1, 75, 00, ...] .text C:\Windows\system32\taskeng.exe[5380] C:\Windows\system32\kernel32.dll!GetStartupInfoA + 1 0000000077091e31 11 bytes [B8, 39, E0, C1, 75, 00, 00, ...] .text C:\Windows\system32\taskeng.exe[5380] C:\Windows\system32\kernel32.dll!ReadConsoleInputW + 1 00000000770c5011 11 bytes [B8, 79, 75, C1, 75, 00, 00, ...] .text C:\Windows\system32\taskeng.exe[5380] C:\Windows\system32\kernel32.dll!ReadConsoleInputA + 1 00000000770c5031 11 bytes [B8, F9, 71, C1, 75, 00, 00, ...] .text C:\Windows\system32\taskeng.exe[5380] C:\Windows\system32\kernel32.dll!ReadConsoleW 00000000770da560 12 bytes [48, B8, 79, 7C, C1, 75, 00, ...] .text C:\Windows\system32\taskeng.exe[5380] C:\Windows\system32\kernel32.dll!ReadConsoleA 00000000770da670 12 bytes [48, B8, F9, 78, C1, 75, 00, ...] .text C:\Windows\system32\taskeng.exe[5380] C:\Windows\system32\KERNELBASE.dll!CloseHandle + 1 000007fefd441861 11 bytes [B8, 39, 4D, C1, 75, 00, 00, ...] .text C:\Windows\system32\taskeng.exe[5380] C:\Windows\system32\KERNELBASE.dll!GetProcAddress + 1 000007fefd4430f1 11 bytes [B8, 39, C4, C1, 75, 00, 00, ...] .text C:\Windows\system32\taskeng.exe[5380] C:\Windows\system32\KERNELBASE.dll!CreateMutexW 000007fefd448b80 12 bytes [48, B8, 79, 4B, C1, 75, 00, ...] .text C:\Windows\system32\taskeng.exe[5380] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd449940 12 bytes [48, B8, B9, C0, C1, 75, 00, ...] .text C:\Windows\system32\taskeng.exe[5380] C:\Windows\system32\KERNELBASE.dll!FreeLibrary + 1 000007fefd449fb1 11 bytes [B8, 79, C2, C1, 75, 00, 00, ...] .text C:\Windows\system32\taskeng.exe[5380] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExA + 1 000007fefd44bbb1 11 bytes [B8, F9, BE, C1, 75, 00, 00, ...] .text C:\Windows\system32\taskeng.exe[5380] C:\Windows\system32\KERNELBASE.dll!OpenMutexW + 1 000007fefd4529c1 11 bytes [B8, B9, 49, C1, 75, 00, 00, ...] .text C:\Windows\system32\taskeng.exe[5380] C:\Windows\system32\KERNELBASE.dll!WriteProcessMemory 000007fefd474320 12 bytes [48, B8, 79, 3D, C1, 75, 00, ...] .text C:\Windows\system32\taskeng.exe[5380] C:\Windows\system32\KERNELBASE.dll!CreateRemoteThread + 1 000007fefd482841 8 bytes [B8, 39, 23, C1, 75, 00, 00, ...] .text C:\Windows\system32\taskeng.exe[5380] C:\Windows\system32\KERNELBASE.dll!CreateRemoteThread + 10 000007fefd48284a 2 bytes [50, C3] .text C:\Windows\system32\taskeng.exe[5380] C:\Windows\system32\KERNELBASE.dll!CreateThread + 1 000007fefd482881 11 bytes [B8, B9, 3B, C1, 75, 00, 00, ...] .text C:\Users\RK\AppData\Roaming\Dropbox\bin\Dropbox.exe[5408] C:\Windows\SysWOW64\ntdll.dll!NtReadFile 000000007738f8d0 5 bytes JMP 00000001741e60c1 .text C:\Users\RK\AppData\Roaming\Dropbox\bin\Dropbox.exe[5408] C:\Windows\SysWOW64\ntdll.dll!NtWriteFile 000000007738f908 5 bytes JMP 00000001741e66f1 .text C:\Users\RK\AppData\Roaming\Dropbox\bin\Dropbox.exe[5408] C:\Windows\SysWOW64\ntdll.dll!NtClose 000000007738f9c0 5 bytes JMP 00000001741e5f11 .text C:\Users\RK\AppData\Roaming\Dropbox\bin\Dropbox.exe[5408] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationProcess 000000007738fb08 5 bytes JMP 00000001741e5971 .text C:\Users\RK\AppData\Roaming\Dropbox\bin\Dropbox.exe[5408] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess 000000007738fc00 5 bytes JMP 00000001741e3061 .text C:\Users\RK\AppData\Roaming\Dropbox\bin\Dropbox.exe[5408] C:\Windows\SysWOW64\ntdll.dll!NtMapViewOfSection 000000007738fc30 5 bytes JMP 00000001741e15f1 .text C:\Users\RK\AppData\Roaming\Dropbox\bin\Dropbox.exe[5408] C:\Windows\SysWOW64\ntdll.dll!NtUnmapViewOfSection 000000007738fc60 5 bytes JMP 00000001741e1681 .text C:\Users\RK\AppData\Roaming\Dropbox\bin\Dropbox.exe[5408] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 000000007738fc90 5 bytes JMP 00000001741e58e1 .text C:\Users\RK\AppData\Roaming\Dropbox\bin\Dropbox.exe[5408] C:\Windows\SysWOW64\ntdll.dll!NtOpenSection 000000007738fda8 5 bytes JMP 00000001741e6661 .text C:\Users\RK\AppData\Roaming\Dropbox\bin\Dropbox.exe[5408] C:\Windows\SysWOW64\ntdll.dll!NtWriteVirtualMemory 000000007738fdf4 5 bytes JMP 00000001741e2f41 .text C:\Users\RK\AppData\Roaming\Dropbox\bin\Dropbox.exe[5408] C:\Windows\SysWOW64\ntdll.dll!NtDuplicateObject 000000007738fe24 5 bytes JMP 00000001741e3181 .text C:\Users\RK\AppData\Roaming\Dropbox\bin\Dropbox.exe[5408] C:\Windows\SysWOW64\ntdll.dll!NtQueueApcThread 000000007738ff04 5 bytes JMP 00000001741e30f1 .text C:\Users\RK\AppData\Roaming\Dropbox\bin\Dropbox.exe[5408] C:\Windows\SysWOW64\ntdll.dll!NtCreateSection 000000007738ff84 5 bytes JMP 00000001741e6781 .text C:\Users\RK\AppData\Roaming\Dropbox\bin\Dropbox.exe[5408] C:\Windows\SysWOW64\ntdll.dll!NtCreateProcessEx 000000007738ffcc 5 bytes JMP 00000001741e2d91 .text C:\Users\RK\AppData\Roaming\Dropbox\bin\Dropbox.exe[5408] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread 000000007738ffe4 5 bytes JMP 00000001741e2c71 .text C:\Users\RK\AppData\Roaming\Dropbox\bin\Dropbox.exe[5408] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile 0000000077390094 5 bytes JMP 00000001741e1e61 .text C:\Users\RK\AppData\Roaming\Dropbox\bin\Dropbox.exe[5408] C:\Windows\SysWOW64\ntdll.dll!NtSetValueKey 00000000773901a4 5 bytes JMP 00000001741e2251 .text C:\Users\RK\AppData\Roaming\Dropbox\bin\Dropbox.exe[5408] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant 000000007739077c 5 bytes JMP 00000001741e65d1 .text C:\Users\RK\AppData\Roaming\Dropbox\bin\Dropbox.exe[5408] C:\Windows\SysWOW64\ntdll.dll!NtCreateProcess 00000000773907f4 5 bytes JMP 00000001741e2d01 .text C:\Users\RK\AppData\Roaming\Dropbox\bin\Dropbox.exe[5408] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx 0000000077390884 5 bytes JMP 00000001741e2be1 .text C:\Users\RK\AppData\Roaming\Dropbox\bin\Dropbox.exe[5408] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver 0000000077390dd4 5 bytes JMP 00000001741e5fa1 .text C:\Users\RK\AppData\Roaming\Dropbox\bin\Dropbox.exe[5408] C:\Windows\SysWOW64\ntdll.dll!NtRaiseHardError 00000000773915e4 5 bytes JMP 00000001741e4651 .text C:\Users\RK\AppData\Roaming\Dropbox\bin\Dropbox.exe[5408] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread 0000000077391900 5 bytes JMP 00000001741e2fd1 .text C:\Users\RK\AppData\Roaming\Dropbox\bin\Dropbox.exe[5408] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation 0000000077391bc4 5 bytes JMP 00000001741e6031 .text C:\Users\RK\AppData\Roaming\Dropbox\bin\Dropbox.exe[5408] C:\Windows\SysWOW64\ntdll.dll!NtSystemDebugControl 0000000077391d6c 5 bytes JMP 00000001741e6811 .text C:\Users\RK\AppData\Roaming\Dropbox\bin\Dropbox.exe[5408] C:\Windows\SysWOW64\ntdll.dll!NtVdmControl 0000000077391ec8 5 bytes JMP 00000001741e6421 .text C:\Users\RK\AppData\Roaming\Dropbox\bin\Dropbox.exe[5408] C:\Windows\SysWOW64\ntdll.dll!RtlQueryPerformanceCounter 00000000773a88a4 5 bytes JMP 00000001741e1a71 .text C:\Users\RK\AppData\Roaming\Dropbox\bin\Dropbox.exe[5408] C:\Windows\SysWOW64\ntdll.dll!RtlCreateProcessParametersEx 00000000773d0cfb 5 bytes JMP 00000001741e1f81 .text C:\Users\RK\AppData\Roaming\Dropbox\bin\Dropbox.exe[5408] C:\Windows\SysWOW64\ntdll.dll!RtlReportException 000000007741857f 5 bytes JMP 00000001741e46e1 .text C:\Users\RK\AppData\Roaming\Dropbox\bin\Dropbox.exe[5408] C:\Windows\SysWOW64\ntdll.dll!RtlCreateProcessParameters 000000007741e81b 5 bytes JMP 00000001741e1ef1 .text C:\Users\RK\AppData\Roaming\Dropbox\bin\Dropbox.exe[5408] C:\Windows\syswow64\kernel32.dll!GetStartupInfoA 00000000764a0e00 5 bytes JMP 00000001741e1d41 .text C:\Users\RK\AppData\Roaming\Dropbox\bin\Dropbox.exe[5408] C:\Windows\syswow64\kernel32.dll!CreateProcessA 00000000764a1072 5 bytes JMP 00000001741e2911 .text C:\Users\RK\AppData\Roaming\Dropbox\bin\Dropbox.exe[5408] C:\Windows\syswow64\kernel32.dll!LoadLibraryA 00000000764a49bf 5 bytes JMP 00000001741e2521 .text C:\Users\RK\AppData\Roaming\Dropbox\bin\Dropbox.exe[5408] C:\Windows\syswow64\kernel32.dll!CreateProcessInternalW 00000000764b3bdb 5 bytes JMP 00000001741e2eb1 .text C:\Users\RK\AppData\Roaming\Dropbox\bin\Dropbox.exe[5408] C:\Windows\syswow64\kernel32.dll!CreateToolhelp32Snapshot 00000000764c7347 5 bytes JMP 00000001741e2641 .text C:\Users\RK\AppData\Roaming\Dropbox\bin\Dropbox.exe[5408] C:\Windows\syswow64\kernel32.dll!Process32NextW 00000000764c8954 5 bytes JMP 00000001741e5e81 .text C:\Users\RK\AppData\Roaming\Dropbox\bin\Dropbox.exe[5408] C:\Windows\syswow64\kernel32.dll!WinExec 0000000076522c91 5 bytes JMP 00000001741e27f1 .text C:\Users\RK\AppData\Roaming\Dropbox\bin\Dropbox.exe[5408] C:\Windows\syswow64\kernel32.dll!ReadConsoleInputA 0000000076546f6b 5 bytes JMP 00000001741e4261 .text C:\Users\RK\AppData\Roaming\Dropbox\bin\Dropbox.exe[5408] C:\Windows\syswow64\kernel32.dll!ReadConsoleInputW 0000000076546f8e 5 bytes JMP 00000001741e4381 .text C:\Users\RK\AppData\Roaming\Dropbox\bin\Dropbox.exe[5408] C:\Windows\syswow64\kernel32.dll!ReadConsoleA 0000000076547339 5 bytes JMP 00000001741e44a1 .text C:\Users\RK\AppData\Roaming\Dropbox\bin\Dropbox.exe[5408] C:\Windows\syswow64\kernel32.dll!ReadConsoleW 00000000765473b2 5 bytes JMP 00000001741e45c1 .text C:\Users\RK\AppData\Roaming\Dropbox\bin\Dropbox.exe[5408] C:\Windows\syswow64\KERNELBASE.dll!GetSystemTimeAsFileTime 00000000750d8f7d 5 bytes JMP 00000001741e19e1 .text C:\Users\RK\AppData\Roaming\Dropbox\bin\Dropbox.exe[5408] C:\Windows\syswow64\KERNELBASE.dll!CloseHandle 00000000750dc428 5 bytes JMP 00000001741e37b1 .text C:\Users\RK\AppData\Roaming\Dropbox\bin\Dropbox.exe[5408] C:\Windows\syswow64\KERNELBASE.dll!WriteProcessMemory 00000000750dec98 5 bytes JMP 00000001741e32a1 .text C:\Users\RK\AppData\Roaming\Dropbox\bin\Dropbox.exe[5408] C:\Windows\syswow64\KERNELBASE.dll!ExitProcess 00000000750df1f8 4 bytes JMP 00000001741e22e1 .text C:\Users\RK\AppData\Roaming\Dropbox\bin\Dropbox.exe[5408] C:\Windows\syswow64\KERNELBASE.dll!GetStartupInfoW 00000000750dfa7b 5 bytes JMP 00000001741e1dd1 .text C:\Users\RK\AppData\Roaming\Dropbox\bin\Dropbox.exe[5408] C:\Windows\syswow64\KERNELBASE.dll!CreateMutexW 00000000750e134a 5 bytes JMP 00000001741e3721 .text C:\Users\RK\AppData\Roaming\Dropbox\bin\Dropbox.exe[5408] C:\Windows\syswow64\KERNELBASE.dll!OpenMutexW 00000000750e1371 5 bytes JMP 00000001741e3691 .text C:\Users\RK\AppData\Roaming\Dropbox\bin\Dropbox.exe[5408] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 00000000750e1d1b 5 bytes JMP 00000001741e1951 .text C:\Users\RK\AppData\Roaming\Dropbox\bin\Dropbox.exe[5408] C:\Windows\syswow64\KERNELBASE.dll!GetProcAddress 00000000750e1e07 5 bytes JMP 00000001741e2401 .text C:\Users\RK\AppData\Roaming\Dropbox\bin\Dropbox.exe[5408] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 00000000750e2aa4 5 bytes JMP 00000001741e5a91 .text C:\Users\RK\AppData\Roaming\Dropbox\bin\Dropbox.exe[5408] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExA 00000000750e2ccc 5 bytes JMP 00000001741e5a01 .text C:\Users\RK\AppData\Roaming\Dropbox\bin\Dropbox.exe[5408] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 00000000750e2d0a 5 bytes JMP 00000001741e5b21 .text C:\Users\RK\AppData\Roaming\Dropbox\bin\Dropbox.exe[5408] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleA 00000000750e2e6d 5 bytes JMP 00000001741e18c1 .text C:\Users\RK\AppData\Roaming\Dropbox\bin\Dropbox.exe[5408] C:\Windows\syswow64\KERNELBASE.dll!SleepEx 00000000750e3b63 5 bytes JMP 00000001741e21c1 .text C:\Users\RK\AppData\Roaming\Dropbox\bin\Dropbox.exe[5408] C:\Windows\syswow64\KERNELBASE.dll!Sleep 00000000750e4489 5 bytes JMP 00000001741e2371 .text C:\Users\RK\AppData\Roaming\Dropbox\bin\Dropbox.exe[5408] C:\Windows\syswow64\KERNELBASE.dll!CreateThread 00000000750e45fb 5 bytes JMP 00000001741e3211 .text C:\Users\RK\AppData\Roaming\Dropbox\bin\Dropbox.exe[5408] C:\Windows\syswow64\KERNELBASE.dll!CreateRemoteThread 00000000750e4624 5 bytes JMP 00000001741e2b51 .text C:\Users\RK\AppData\Roaming\Dropbox\bin\Dropbox.exe[5408] C:\Windows\syswow64\KERNELBASE.dll!CreateFileA 00000000750ec72c 5 bytes JMP 00000001741e26d1 .text C:\Users\RK\AppData\Roaming\Dropbox\bin\Dropbox.exe[5408] C:\Windows\syswow64\USER32.dll!GetMessageW 00000000767a78e2 5 bytes JMP 00000001741e4021 .text C:\Users\RK\AppData\Roaming\Dropbox\bin\Dropbox.exe[5408] C:\Windows\syswow64\USER32.dll!GetMessageA 00000000767a7bd3 5 bytes JMP 00000001741e3f91 .text C:\Users\RK\AppData\Roaming\Dropbox\bin\Dropbox.exe[5408] C:\Windows\syswow64\USER32.dll!CreateWindowExW 00000000767a8a29 5 bytes JMP 00000001741e52b1 .text C:\Users\RK\AppData\Roaming\Dropbox\bin\Dropbox.exe[5408] C:\Windows\syswow64\USER32.dll!FindWindowW 00000000767a98fd 5 bytes JMP 00000001741e5cd1 .text C:\Users\RK\AppData\Roaming\Dropbox\bin\Dropbox.exe[5408] C:\Windows\syswow64\USER32.dll!UserClientDllInitialize 00000000767ab6ed 5 bytes JMP 00000001741e68a1 .text C:\Users\RK\AppData\Roaming\Dropbox\bin\Dropbox.exe[5408] C:\Windows\syswow64\USER32.dll!CreateWindowExA 00000000767ad22e 5 bytes JMP 00000001741e5341 .text C:\Users\RK\AppData\Roaming\Dropbox\bin\Dropbox.exe[5408] C:\Windows\syswow64\USER32.dll!FindWindowA 00000000767affe6 5 bytes JMP 00000001741e5bb1 .text C:\Users\RK\AppData\Roaming\Dropbox\bin\Dropbox.exe[5408] C:\Windows\syswow64\USER32.dll!FindWindowExA 00000000767b00d9 5 bytes JMP 00000001741e5c41 .text C:\Users\RK\AppData\Roaming\Dropbox\bin\Dropbox.exe[5408] C:\Windows\syswow64\USER32.dll!PeekMessageW 00000000767b05ba 5 bytes JMP 00000001741e4141 .text C:\Users\RK\AppData\Roaming\Dropbox\bin\Dropbox.exe[5408] C:\Windows\syswow64\USER32.dll!ShowWindow 00000000767b0dfb 5 bytes JMP 00000001741e53d1 .text C:\Users\RK\AppData\Roaming\Dropbox\bin\Dropbox.exe[5408] C:\Windows\syswow64\USER32.dll!PostMessageW 00000000767b12a5 5 bytes JMP 00000001741e6541 .text C:\Users\RK\AppData\Roaming\Dropbox\bin\Dropbox.exe[5408] C:\Windows\syswow64\USER32.dll!SetWindowTextW 00000000767b20ec 5 bytes JMP 00000001741e5731 .text C:\Users\RK\AppData\Roaming\Dropbox\bin\Dropbox.exe[5408] C:\Windows\syswow64\USER32.dll!PostMessageA 00000000767b3baa 5 bytes JMP 00000001741e64b1 .text C:\Users\RK\AppData\Roaming\Dropbox\bin\Dropbox.exe[5408] C:\Windows\syswow64\USER32.dll!PeekMessageA 00000000767b5f74 5 bytes JMP 00000001741e40b1 .text C:\Users\RK\AppData\Roaming\Dropbox\bin\Dropbox.exe[5408] C:\Windows\syswow64\USER32.dll!CallNextHookEx 00000000767b6285 5 bytes JMP 00000001741e4771 .text C:\Users\RK\AppData\Roaming\Dropbox\bin\Dropbox.exe[5408] C:\Windows\syswow64\USER32.dll!SetWindowsHookExW 00000000767b7603 5 bytes JMP 00000001741e2ac1 .text C:\Users\RK\AppData\Roaming\Dropbox\bin\Dropbox.exe[5408] C:\Windows\syswow64\USER32.dll!SetWindowTextA 00000000767b7aee 5 bytes JMP 00000001741e56a1 .text C:\Users\RK\AppData\Roaming\Dropbox\bin\Dropbox.exe[5408] C:\Windows\syswow64\USER32.dll!SetWindowsHookExA 00000000767b835c 5 bytes JMP 00000001741e2a31 .text C:\Users\RK\AppData\Roaming\Dropbox\bin\Dropbox.exe[5408] C:\Windows\syswow64\USER32.dll!DialogBoxIndirectParamAorW 00000000767cce54 5 bytes JMP 00000001741e54f1 .text C:\Users\RK\AppData\Roaming\Dropbox\bin\Dropbox.exe[5408] C:\Windows\syswow64\USER32.dll!UnhookWindowsHookEx 00000000767cf52b 5 bytes JMP 00000001741e4801 .text C:\Users\RK\AppData\Roaming\Dropbox\bin\Dropbox.exe[5408] C:\Windows\syswow64\USER32.dll!FindWindowExW 00000000767cf588 5 bytes JMP 00000001741e5d61 .text C:\Users\RK\AppData\Roaming\Dropbox\bin\Dropbox.exe[5408] C:\Windows\syswow64\USER32.dll!CreateDialogIndirectParamAorW 00000000767d10a0 5 bytes JMP 00000001741e5461 .text C:\Users\RK\AppData\Roaming\Dropbox\bin\Dropbox.exe[5408] C:\Windows\syswow64\USER32.dll!MessageBoxExA 00000000767ffcd6 5 bytes JMP 00000001741e5581 .text C:\Users\RK\AppData\Roaming\Dropbox\bin\Dropbox.exe[5408] C:\Windows\syswow64\USER32.dll!MessageBoxExW 00000000767ffcfa 5 bytes JMP 00000001741e5611 .text C:\Users\RK\AppData\Roaming\Dropbox\bin\Dropbox.exe[5408] C:\Windows\syswow64\msvcrt.dll!_lock + 41 00000000753ca472 5 bytes JMP 00000001741e6931 .text C:\Users\RK\AppData\Roaming\Dropbox\bin\Dropbox.exe[5408] C:\Windows\syswow64\msvcrt.dll!__p__fmode 00000000753d27ce 5 bytes JMP 00000001741e1b91 .text C:\Users\RK\AppData\Roaming\Dropbox\bin\Dropbox.exe[5408] C:\Windows\syswow64\msvcrt.dll!__p__environ 00000000753de6cf 5 bytes JMP 00000001741e1b01 .text C:\Users\RK\AppData\Roaming\Dropbox\bin\Dropbox.exe[5408] C:\Windows\syswow64\ADVAPI32.dll!OpenServiceW 0000000076e8ca4c 5 bytes JMP 00000001741e38d1 .text C:\Users\RK\AppData\Roaming\Dropbox\bin\Dropbox.exe[5408] C:\Windows\syswow64\ADVAPI32.dll!OpenServiceA 0000000076e92bf0 5 bytes JMP 00000001741e3841 .text C:\Users\RK\AppData\Roaming\Dropbox\bin\Dropbox.exe[5408] C:\Windows\syswow64\ADVAPI32.dll!CloseServiceHandle 0000000076e9369c 5 bytes JMP 00000001741e3cc1 .text C:\Users\RK\AppData\Roaming\Dropbox\bin\Dropbox.exe[5408] C:\Windows\syswow64\ADVAPI32.dll!RegOpenKeyExA + 222 0000000076e949e5 5 bytes JMP 00000001741e69c1 .text C:\Users\RK\AppData\Roaming\Dropbox\bin\Dropbox.exe[5408] C:\Windows\syswow64\ADVAPI32.dll!CreateServiceW 0000000076ea712c 5 bytes JMP 00000001741e3f01 .text C:\Users\RK\AppData\Roaming\Dropbox\bin\Dropbox.exe[5408] C:\Windows\syswow64\ADVAPI32.dll!ControlService 0000000076ea7144 5 bytes JMP 00000001741e3a81 .text C:\Users\RK\AppData\Roaming\Dropbox\bin\Dropbox.exe[5408] C:\Windows\syswow64\ADVAPI32.dll!DeleteService 0000000076ea715c 5 bytes JMP 00000001741e3b11 .text C:\Users\RK\AppData\Roaming\Dropbox\bin\Dropbox.exe[5408] C:\Windows\syswow64\ADVAPI32.dll!ChangeServiceConfigA 0000000076ec30e8 5 bytes JMP 00000001741e3ba1 .text C:\Users\RK\AppData\Roaming\Dropbox\bin\Dropbox.exe[5408] C:\Windows\syswow64\ADVAPI32.dll!ChangeServiceConfigW 0000000076ec30f8 5 bytes JMP 00000001741e3c31 .text C:\Users\RK\AppData\Roaming\Dropbox\bin\Dropbox.exe[5408] C:\Windows\syswow64\ADVAPI32.dll!ControlServiceExA 0000000076ec3108 5 bytes JMP 00000001741e3961 .text C:\Users\RK\AppData\Roaming\Dropbox\bin\Dropbox.exe[5408] C:\Windows\syswow64\ADVAPI32.dll!ControlServiceExW 0000000076ec3118 5 bytes JMP 00000001741e39f1 .text C:\Users\RK\AppData\Roaming\Dropbox\bin\Dropbox.exe[5408] C:\Windows\syswow64\ADVAPI32.dll!CreateServiceA 0000000076ec3158 5 bytes JMP 00000001741e3e71 .text C:\Users\RK\AppData\Roaming\Dropbox\bin\Dropbox.exe[5408] C:\Windows\syswow64\WS2_32.dll!closesocket 0000000076e43918 5 bytes JMP 00000001741e5851 .text C:\Users\RK\AppData\Roaming\Dropbox\bin\Dropbox.exe[5408] C:\Windows\syswow64\WS2_32.dll!WSASocketW 0000000076e43cd3 5 bytes JMP 00000001741e57c1 .text C:\Users\RK\AppData\Roaming\Dropbox\bin\Dropbox.exe[5408] C:\Windows\syswow64\WS2_32.dll!socket 0000000076e43eb8 5 bytes JMP 00000001741e6151 .text C:\Users\RK\AppData\Roaming\Dropbox\bin\Dropbox.exe[5408] C:\Windows\syswow64\WS2_32.dll!WSASend 0000000076e44406 5 bytes JMP 00000001741e20a1 .text C:\Users\RK\AppData\Roaming\Dropbox\bin\Dropbox.exe[5408] C:\Windows\syswow64\WS2_32.dll!GetAddrInfoW 0000000076e44889 5 bytes JMP 00000001741e5191 .text C:\Users\RK\AppData\Roaming\Dropbox\bin\Dropbox.exe[5408] C:\Windows\syswow64\WS2_32.dll!recv 0000000076e46b0e 5 bytes JMP 00000001741e6301 .text C:\Users\RK\AppData\Roaming\Dropbox\bin\Dropbox.exe[5408] C:\Windows\syswow64\WS2_32.dll!connect 0000000076e46bdd 1 byte JMP 00000001741e3de1 .text C:\Users\RK\AppData\Roaming\Dropbox\bin\Dropbox.exe[5408] C:\Windows\syswow64\WS2_32.dll!connect + 2 0000000076e46bdf 3 bytes {CALL RCX} .text C:\Users\RK\AppData\Roaming\Dropbox\bin\Dropbox.exe[5408] C:\Windows\syswow64\WS2_32.dll!send 0000000076e46f01 5 bytes JMP 00000001741e2011 .text C:\Users\RK\AppData\Roaming\Dropbox\bin\Dropbox.exe[5408] C:\Windows\syswow64\WS2_32.dll!WSARecv 0000000076e47089 5 bytes JMP 00000001741e6391 .text C:\Users\RK\AppData\Roaming\Dropbox\bin\Dropbox.exe[5408] C:\Windows\syswow64\WS2_32.dll!WSAConnect 0000000076e4cc3f 5 bytes JMP 00000001741e6271 .text C:\Users\RK\AppData\Roaming\Dropbox\bin\Dropbox.exe[5408] C:\Windows\syswow64\WS2_32.dll!gethostbyname 0000000076e57673 5 bytes JMP 00000001741e5221 .text C:\Users\RK\AppData\Roaming\Dropbox\bin\Dropbox.exe[5408] C:\Windows\syswow64\SHELL32.dll!Shell_NotifyIconW 0000000075860171 5 bytes JMP 00000001741e4891 .text C:\Users\RK\AppData\Roaming\Dropbox\bin\Dropbox.exe[5408] C:\Windows\syswow64\urlmon.dll!URLDownloadToCacheFileW 0000000075158fb0 5 bytes JMP 00000001741e3d51 .text C:\Users\RK\AppData\Roaming\Dropbox\bin\Dropbox.exe[5408] C:\Windows\syswow64\urlmon.dll!URLDownloadToFileW 00000000751b6ade 5 bytes JMP 00000001741e2131 .text C:\Users\RK\AppData\Roaming\Dropbox\bin\Dropbox.exe[5408] C:\Windows\syswow64\urlmon.dll!URLDownloadToFileA 00000000751b6cb8 5 bytes JMP 00000001741e29a1 .text C:\Users\RK\AppData\Roaming\Dropbox\bin\Dropbox.exe[5408] C:\Windows\syswow64\Psapi.dll!GetModuleInformation + 69 0000000077341465 2 bytes [34, 77] .text C:\Users\RK\AppData\Roaming\Dropbox\bin\Dropbox.exe[5408] C:\Windows\syswow64\Psapi.dll!GetModuleInformation + 155 00000000773414bb 2 bytes [34, 77] .text ... * 2 .text C:\Users\RK\AppData\Local\Facebook\Messenger\2.1.4814.0\FacebookMessenger.exe[5540] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000077341465 2 bytes [34, 77] .text C:\Users\RK\AppData\Local\Facebook\Messenger\2.1.4814.0\FacebookMessenger.exe[5540] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000773414bb 2 bytes [34, 77] .text ... * 2 .text C:\Program Files (x86)\KatMouse\KatMouse.exe[5612] C:\Windows\SysWOW64\ntdll.dll!NtWriteFile 000000007738f908 5 bytes JMP 00000001741e6661 .text C:\Program Files (x86)\KatMouse\KatMouse.exe[5612] C:\Windows\SysWOW64\ntdll.dll!NtClose 000000007738f9c0 5 bytes JMP 00000001741e5f11 .text C:\Program Files (x86)\KatMouse\KatMouse.exe[5612] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationProcess 000000007738fb08 5 bytes JMP 00000001741e5971 .text C:\Program Files (x86)\KatMouse\KatMouse.exe[5612] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess 000000007738fc00 5 bytes JMP 00000001741e3061 .text C:\Program Files (x86)\KatMouse\KatMouse.exe[5612] C:\Windows\SysWOW64\ntdll.dll!NtMapViewOfSection 000000007738fc30 5 bytes JMP 00000001741e15f1 .text C:\Program Files (x86)\KatMouse\KatMouse.exe[5612] C:\Windows\SysWOW64\ntdll.dll!NtUnmapViewOfSection 000000007738fc60 5 bytes JMP 00000001741e1681 .text C:\Program Files (x86)\KatMouse\KatMouse.exe[5612] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 000000007738fc90 5 bytes JMP 00000001741e58e1 .text C:\Program Files (x86)\KatMouse\KatMouse.exe[5612] C:\Windows\SysWOW64\ntdll.dll!NtOpenSection 000000007738fda8 5 bytes JMP 00000001741e65d1 .text C:\Program Files (x86)\KatMouse\KatMouse.exe[5612] C:\Windows\SysWOW64\ntdll.dll!NtWriteVirtualMemory 000000007738fdf4 5 bytes JMP 00000001741e2f41 .text C:\Program Files (x86)\KatMouse\KatMouse.exe[5612] C:\Windows\SysWOW64\ntdll.dll!NtDuplicateObject 000000007738fe24 5 bytes JMP 00000001741e3181 .text C:\Program Files (x86)\KatMouse\KatMouse.exe[5612] C:\Windows\SysWOW64\ntdll.dll!NtQueueApcThread 000000007738ff04 5 bytes JMP 00000001741e30f1 .text C:\Program Files (x86)\KatMouse\KatMouse.exe[5612] C:\Windows\SysWOW64\ntdll.dll!NtCreateSection 000000007738ff84 5 bytes JMP 00000001741e66f1 .text C:\Program Files (x86)\KatMouse\KatMouse.exe[5612] C:\Windows\SysWOW64\ntdll.dll!NtCreateProcessEx 000000007738ffcc 5 bytes JMP 00000001741e2d91 .text C:\Program Files (x86)\KatMouse\KatMouse.exe[5612] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread 000000007738ffe4 5 bytes JMP 00000001741e2c71 .text C:\Program Files (x86)\KatMouse\KatMouse.exe[5612] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile 0000000077390094 5 bytes JMP 00000001741e1e61 .text C:\Program Files (x86)\KatMouse\KatMouse.exe[5612] C:\Windows\SysWOW64\ntdll.dll!NtSetValueKey 00000000773901a4 5 bytes JMP 00000001741e2251 .text C:\Program Files (x86)\KatMouse\KatMouse.exe[5612] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant 000000007739077c 5 bytes JMP 00000001741e6541 .text C:\Program Files (x86)\KatMouse\KatMouse.exe[5612] C:\Windows\SysWOW64\ntdll.dll!NtCreateProcess 00000000773907f4 5 bytes JMP 00000001741e2d01 .text C:\Program Files (x86)\KatMouse\KatMouse.exe[5612] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx 0000000077390884 5 bytes JMP 00000001741e2be1 .text C:\Program Files (x86)\KatMouse\KatMouse.exe[5612] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver 0000000077390dd4 5 bytes JMP 00000001741e5fa1 .text C:\Program Files (x86)\KatMouse\KatMouse.exe[5612] C:\Windows\SysWOW64\ntdll.dll!NtRaiseHardError 00000000773915e4 5 bytes JMP 00000001741e4651 .text C:\Program Files (x86)\KatMouse\KatMouse.exe[5612] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread 0000000077391900 5 bytes JMP 00000001741e2fd1 .text C:\Program Files (x86)\KatMouse\KatMouse.exe[5612] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation 0000000077391bc4 5 bytes JMP 00000001741e6031 .text C:\Program Files (x86)\KatMouse\KatMouse.exe[5612] C:\Windows\SysWOW64\ntdll.dll!NtSystemDebugControl 0000000077391d6c 5 bytes JMP 00000001741e6781 .text C:\Program Files (x86)\KatMouse\KatMouse.exe[5612] C:\Windows\SysWOW64\ntdll.dll!NtVdmControl 0000000077391ec8 5 bytes JMP 00000001741e6391 .text C:\Program Files (x86)\KatMouse\KatMouse.exe[5612] C:\Windows\SysWOW64\ntdll.dll!RtlQueryPerformanceCounter 00000000773a88a4 5 bytes JMP 00000001741e1a71 .text C:\Program Files (x86)\KatMouse\KatMouse.exe[5612] C:\Windows\SysWOW64\ntdll.dll!RtlCreateProcessParametersEx 00000000773d0cfb 5 bytes JMP 00000001741e1f81 .text C:\Program Files (x86)\KatMouse\KatMouse.exe[5612] C:\Windows\SysWOW64\ntdll.dll!RtlReportException 000000007741857f 5 bytes JMP 00000001741e46e1 .text C:\Program Files (x86)\KatMouse\KatMouse.exe[5612] C:\Windows\SysWOW64\ntdll.dll!RtlCreateProcessParameters 000000007741e81b 5 bytes JMP 00000001741e1ef1 .text C:\Program Files (x86)\KatMouse\KatMouse.exe[5612] C:\Windows\syswow64\kernel32.dll!GetStartupInfoA 00000000764a0e00 5 bytes JMP 00000001741e1d41 .text C:\Program Files (x86)\KatMouse\KatMouse.exe[5612] C:\Windows\syswow64\kernel32.dll!CreateProcessA 00000000764a1072 5 bytes JMP 00000001741e2911 .text C:\Program Files (x86)\KatMouse\KatMouse.exe[5612] C:\Windows\syswow64\kernel32.dll!LoadLibraryA 00000000764a49bf 5 bytes JMP 00000001741e2521 .text C:\Program Files (x86)\KatMouse\KatMouse.exe[5612] C:\Windows\syswow64\kernel32.dll!CreateProcessInternalW 00000000764b3bdb 5 bytes JMP 00000001741e2eb1 .text C:\Program Files (x86)\KatMouse\KatMouse.exe[5612] C:\Windows\syswow64\kernel32.dll!CreateToolhelp32Snapshot 00000000764c7347 5 bytes JMP 00000001741e2641 .text C:\Program Files (x86)\KatMouse\KatMouse.exe[5612] C:\Windows\syswow64\kernel32.dll!Process32NextW 00000000764c8954 5 bytes JMP 00000001741e5e81 .text C:\Program Files (x86)\KatMouse\KatMouse.exe[5612] C:\Windows\syswow64\kernel32.dll!WinExec 0000000076522c91 5 bytes JMP 00000001741e27f1 .text C:\Program Files (x86)\KatMouse\KatMouse.exe[5612] C:\Windows\syswow64\kernel32.dll!ReadConsoleInputA 0000000076546f6b 5 bytes JMP 00000001741e4261 .text C:\Program Files (x86)\KatMouse\KatMouse.exe[5612] C:\Windows\syswow64\kernel32.dll!ReadConsoleInputW 0000000076546f8e 5 bytes JMP 00000001741e4381 .text C:\Program Files (x86)\KatMouse\KatMouse.exe[5612] C:\Windows\syswow64\kernel32.dll!ReadConsoleA 0000000076547339 5 bytes JMP 00000001741e44a1 .text C:\Program Files (x86)\KatMouse\KatMouse.exe[5612] C:\Windows\syswow64\kernel32.dll!ReadConsoleW 00000000765473b2 5 bytes JMP 00000001741e45c1 .text C:\Program Files (x86)\KatMouse\KatMouse.exe[5612] C:\Windows\syswow64\KERNELBASE.dll!GetSystemTimeAsFileTime 00000000750d8f7d 5 bytes JMP 00000001741e19e1 .text C:\Program Files (x86)\KatMouse\KatMouse.exe[5612] C:\Windows\syswow64\KERNELBASE.dll!CloseHandle 00000000750dc428 5 bytes JMP 00000001741e37b1 .text C:\Program Files (x86)\KatMouse\KatMouse.exe[5612] C:\Windows\syswow64\KERNELBASE.dll!WriteProcessMemory 00000000750dec98 5 bytes JMP 00000001741e32a1 .text C:\Program Files (x86)\KatMouse\KatMouse.exe[5612] C:\Windows\syswow64\KERNELBASE.dll!ExitProcess 00000000750df1f8 4 bytes JMP 00000001741e22e1 .text C:\Program Files (x86)\KatMouse\KatMouse.exe[5612] C:\Windows\syswow64\KERNELBASE.dll!GetStartupInfoW 00000000750dfa7b 5 bytes JMP 00000001741e1dd1 .text C:\Program Files (x86)\KatMouse\KatMouse.exe[5612] C:\Windows\syswow64\KERNELBASE.dll!CreateMutexW 00000000750e134a 5 bytes JMP 00000001741e3721 .text C:\Program Files (x86)\KatMouse\KatMouse.exe[5612] C:\Windows\syswow64\KERNELBASE.dll!OpenMutexW 00000000750e1371 5 bytes JMP 00000001741e3691 .text C:\Program Files (x86)\KatMouse\KatMouse.exe[5612] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 00000000750e1d1b 5 bytes JMP 00000001741e1951 .text C:\Program Files (x86)\KatMouse\KatMouse.exe[5612] C:\Windows\syswow64\KERNELBASE.dll!GetProcAddress 00000000750e1e07 5 bytes JMP 00000001741e2401 .text C:\Program Files (x86)\KatMouse\KatMouse.exe[5612] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 00000000750e2aa4 5 bytes JMP 00000001741e5a91 .text C:\Program Files (x86)\KatMouse\KatMouse.exe[5612] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExA 00000000750e2ccc 5 bytes JMP 00000001741e5a01 .text C:\Program Files (x86)\KatMouse\KatMouse.exe[5612] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 00000000750e2d0a 5 bytes JMP 00000001741e5b21 .text C:\Program Files (x86)\KatMouse\KatMouse.exe[5612] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleA 00000000750e2e6d 5 bytes JMP 00000001741e18c1 .text C:\Program Files (x86)\KatMouse\KatMouse.exe[5612] C:\Windows\syswow64\KERNELBASE.dll!SleepEx 00000000750e3b63 5 bytes JMP 00000001741e21c1 .text C:\Program Files (x86)\KatMouse\KatMouse.exe[5612] C:\Windows\syswow64\KERNELBASE.dll!Sleep 00000000750e4489 5 bytes JMP 00000001741e2371 .text C:\Program Files (x86)\KatMouse\KatMouse.exe[5612] C:\Windows\syswow64\KERNELBASE.dll!CreateThread 00000000750e45fb 5 bytes JMP 00000001741e3211 .text C:\Program Files (x86)\KatMouse\KatMouse.exe[5612] C:\Windows\syswow64\KERNELBASE.dll!CreateRemoteThread 00000000750e4624 5 bytes JMP 00000001741e2b51 .text C:\Program Files (x86)\KatMouse\KatMouse.exe[5612] C:\Windows\syswow64\KERNELBASE.dll!CreateFileA 00000000750ec72c 5 bytes JMP 00000001741e26d1 .text C:\Program Files (x86)\KatMouse\KatMouse.exe[5612] C:\Windows\syswow64\USER32.dll!GetMessageW 00000000767a78e2 5 bytes JMP 00000001741e4021 .text C:\Program Files (x86)\KatMouse\KatMouse.exe[5612] C:\Windows\syswow64\USER32.dll!GetMessageA 00000000767a7bd3 5 bytes JMP 00000001741e3f91 .text C:\Program Files (x86)\KatMouse\KatMouse.exe[5612] C:\Windows\syswow64\USER32.dll!CreateWindowExW 00000000767a8a29 5 bytes JMP 00000001741e52b1 .text C:\Program Files (x86)\KatMouse\KatMouse.exe[5612] C:\Windows\syswow64\USER32.dll!FindWindowW 00000000767a98fd 5 bytes JMP 00000001741e5cd1 .text C:\Program Files (x86)\KatMouse\KatMouse.exe[5612] C:\Windows\syswow64\USER32.dll!UserClientDllInitialize 00000000767ab6ed 5 bytes JMP 00000001741e6811 .text C:\Program Files (x86)\KatMouse\KatMouse.exe[5612] C:\Windows\syswow64\USER32.dll!CreateWindowExA 00000000767ad22e 5 bytes JMP 00000001741e5341 .text C:\Program Files (x86)\KatMouse\KatMouse.exe[5612] C:\Windows\syswow64\USER32.dll!FindWindowA 00000000767affe6 5 bytes JMP 00000001741e5bb1 .text C:\Program Files (x86)\KatMouse\KatMouse.exe[5612] C:\Windows\syswow64\USER32.dll!FindWindowExA 00000000767b00d9 5 bytes JMP 00000001741e5c41 .text C:\Program Files (x86)\KatMouse\KatMouse.exe[5612] C:\Windows\syswow64\USER32.dll!PeekMessageW 00000000767b05ba 5 bytes JMP 00000001741e4141 .text C:\Program Files (x86)\KatMouse\KatMouse.exe[5612] C:\Windows\syswow64\USER32.dll!ShowWindow 00000000767b0dfb 5 bytes JMP 00000001741e53d1 .text C:\Program Files (x86)\KatMouse\KatMouse.exe[5612] C:\Windows\syswow64\USER32.dll!PostMessageW 00000000767b12a5 5 bytes JMP 00000001741e64b1 .text C:\Program Files (x86)\KatMouse\KatMouse.exe[5612] C:\Windows\syswow64\USER32.dll!SetWindowTextW 00000000767b20ec 5 bytes JMP 00000001741e5731 .text C:\Program Files (x86)\KatMouse\KatMouse.exe[5612] C:\Windows\syswow64\USER32.dll!PostMessageA 00000000767b3baa 5 bytes JMP 00000001741e6421 .text C:\Program Files (x86)\KatMouse\KatMouse.exe[5612] C:\Windows\syswow64\USER32.dll!PeekMessageA 00000000767b5f74 5 bytes JMP 00000001741e40b1 .text C:\Program Files (x86)\KatMouse\KatMouse.exe[5612] C:\Windows\syswow64\USER32.dll!CallNextHookEx 00000000767b6285 5 bytes JMP 00000001741e4771 .text C:\Program Files (x86)\KatMouse\KatMouse.exe[5612] C:\Windows\syswow64\USER32.dll!SetWindowsHookExW 00000000767b7603 5 bytes JMP 00000001741e2ac1 .text C:\Program Files (x86)\KatMouse\KatMouse.exe[5612] C:\Windows\syswow64\USER32.dll!SetWindowTextA 00000000767b7aee 5 bytes JMP 00000001741e56a1 .text C:\Program Files (x86)\KatMouse\KatMouse.exe[5612] C:\Windows\syswow64\USER32.dll!SetWindowsHookExA 00000000767b835c 5 bytes JMP 00000001741e2a31 .text C:\Program Files (x86)\KatMouse\KatMouse.exe[5612] C:\Windows\syswow64\USER32.dll!DialogBoxIndirectParamAorW 00000000767cce54 5 bytes JMP 00000001741e54f1 .text C:\Program Files (x86)\KatMouse\KatMouse.exe[5612] C:\Windows\syswow64\USER32.dll!UnhookWindowsHookEx 00000000767cf52b 5 bytes JMP 00000001741e4801 .text C:\Program Files (x86)\KatMouse\KatMouse.exe[5612] C:\Windows\syswow64\USER32.dll!FindWindowExW 00000000767cf588 5 bytes JMP 00000001741e5d61 .text C:\Program Files (x86)\KatMouse\KatMouse.exe[5612] C:\Windows\syswow64\USER32.dll!CreateDialogIndirectParamAorW 00000000767d10a0 5 bytes JMP 00000001741e5461 .text C:\Program Files (x86)\KatMouse\KatMouse.exe[5612] C:\Windows\syswow64\USER32.dll!MessageBoxExA 00000000767ffcd6 5 bytes JMP 00000001741e5581 .text C:\Program Files (x86)\KatMouse\KatMouse.exe[5612] C:\Windows\syswow64\USER32.dll!MessageBoxExW 00000000767ffcfa 5 bytes JMP 00000001741e5611 .text C:\Program Files (x86)\KatMouse\KatMouse.exe[5612] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000077341465 2 bytes [34, 77] .text C:\Program Files (x86)\KatMouse\KatMouse.exe[5612] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000773414bb 2 bytes [34, 77] .text ... * 2 .text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe[5780] C:\Windows\SysWOW64\ntdll.dll!NtWriteFile 000000007738f908 5 bytes JMP 00000001741e6661 .text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe[5780] C:\Windows\SysWOW64\ntdll.dll!NtClose 000000007738f9c0 5 bytes JMP 00000001741e5f11 .text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe[5780] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationProcess 000000007738fb08 5 bytes JMP 00000001741e5971 .text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe[5780] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess 000000007738fc00 5 bytes JMP 00000001741e3061 .text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe[5780] C:\Windows\SysWOW64\ntdll.dll!NtMapViewOfSection 000000007738fc30 5 bytes JMP 00000001741e15f1 .text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe[5780] C:\Windows\SysWOW64\ntdll.dll!NtUnmapViewOfSection 000000007738fc60 5 bytes JMP 00000001741e1681 .text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe[5780] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 000000007738fc90 5 bytes JMP 00000001741e58e1 .text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe[5780] C:\Windows\SysWOW64\ntdll.dll!NtOpenSection 000000007738fda8 5 bytes JMP 00000001741e65d1 .text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe[5780] C:\Windows\SysWOW64\ntdll.dll!NtWriteVirtualMemory 000000007738fdf4 5 bytes JMP 00000001741e2f41 .text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe[5780] C:\Windows\SysWOW64\ntdll.dll!NtDuplicateObject 000000007738fe24 5 bytes JMP 00000001741e3181 .text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe[5780] C:\Windows\SysWOW64\ntdll.dll!NtQueueApcThread 000000007738ff04 5 bytes JMP 00000001741e30f1 .text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe[5780] C:\Windows\SysWOW64\ntdll.dll!NtCreateSection 000000007738ff84 5 bytes JMP 00000001741e66f1 .text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe[5780] C:\Windows\SysWOW64\ntdll.dll!NtCreateProcessEx 000000007738ffcc 5 bytes JMP 00000001741e2d91 .text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe[5780] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread 000000007738ffe4 5 bytes JMP 00000001741e2c71 .text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe[5780] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile 0000000077390094 5 bytes JMP 00000001741e1e61 .text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe[5780] C:\Windows\SysWOW64\ntdll.dll!NtSetValueKey 00000000773901a4 5 bytes JMP 00000001741e2251 .text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe[5780] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant 000000007739077c 5 bytes JMP 00000001741e6541 .text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe[5780] C:\Windows\SysWOW64\ntdll.dll!NtCreateProcess 00000000773907f4 5 bytes JMP 00000001741e2d01 .text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe[5780] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx 0000000077390884 5 bytes JMP 00000001741e2be1 .text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe[5780] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver 0000000077390dd4 5 bytes JMP 00000001741e5fa1 .text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe[5780] C:\Windows\SysWOW64\ntdll.dll!NtRaiseHardError 00000000773915e4 5 bytes JMP 00000001741e4651 .text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe[5780] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread 0000000077391900 5 bytes JMP 00000001741e2fd1 .text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe[5780] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation 0000000077391bc4 5 bytes JMP 00000001741e6031 .text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe[5780] C:\Windows\SysWOW64\ntdll.dll!NtSystemDebugControl 0000000077391d6c 5 bytes JMP 00000001741e6781 .text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe[5780] C:\Windows\SysWOW64\ntdll.dll!NtVdmControl 0000000077391ec8 5 bytes JMP 00000001741e6391 .text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe[5780] C:\Windows\SysWOW64\ntdll.dll!RtlQueryPerformanceCounter 00000000773a88a4 5 bytes JMP 00000001741e1a71 .text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe[5780] C:\Windows\SysWOW64\ntdll.dll!RtlCreateProcessParametersEx 00000000773d0cfb 5 bytes JMP 00000001741e1f81 .text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe[5780] C:\Windows\SysWOW64\ntdll.dll!RtlReportException 000000007741857f 5 bytes JMP 00000001741e46e1 .text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe[5780] C:\Windows\SysWOW64\ntdll.dll!RtlCreateProcessParameters 000000007741e81b 5 bytes JMP 00000001741e1ef1 .text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe[5780] C:\Windows\syswow64\kernel32.dll!GetStartupInfoA 00000000764a0e00 5 bytes JMP 00000001741e1d41 .text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe[5780] C:\Windows\syswow64\kernel32.dll!CreateProcessA 00000000764a1072 5 bytes JMP 00000001741e2911 .text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe[5780] C:\Windows\syswow64\kernel32.dll!LoadLibraryA 00000000764a49bf 5 bytes JMP 00000001741e2521 .text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe[5780] C:\Windows\syswow64\kernel32.dll!CreateProcessInternalW 00000000764b3bdb 5 bytes JMP 00000001741e2eb1 .text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe[5780] C:\Windows\syswow64\kernel32.dll!CreateToolhelp32Snapshot 00000000764c7347 5 bytes JMP 00000001741e2641 .text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe[5780] C:\Windows\syswow64\kernel32.dll!Process32NextW 00000000764c8954 5 bytes JMP 00000001741e5e81 .text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe[5780] C:\Windows\syswow64\kernel32.dll!WinExec 0000000076522c91 5 bytes JMP 00000001741e27f1 .text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe[5780] C:\Windows\syswow64\kernel32.dll!ReadConsoleInputA 0000000076546f6b 5 bytes JMP 00000001741e4261 .text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe[5780] C:\Windows\syswow64\kernel32.dll!ReadConsoleInputW 0000000076546f8e 5 bytes JMP 00000001741e4381 .text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe[5780] C:\Windows\syswow64\kernel32.dll!ReadConsoleA 0000000076547339 5 bytes JMP 00000001741e44a1 .text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe[5780] C:\Windows\syswow64\kernel32.dll!ReadConsoleW 00000000765473b2 5 bytes JMP 00000001741e45c1 .text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe[5780] C:\Windows\syswow64\KERNELBASE.dll!GetSystemTimeAsFileTime 00000000750d8f7d 5 bytes JMP 00000001741e19e1 .text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe[5780] C:\Windows\syswow64\KERNELBASE.dll!CloseHandle 00000000750dc428 5 bytes JMP 00000001741e37b1 .text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe[5780] C:\Windows\syswow64\KERNELBASE.dll!WriteProcessMemory 00000000750dec98 5 bytes JMP 00000001741e32a1 .text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe[5780] C:\Windows\syswow64\KERNELBASE.dll!ExitProcess 00000000750df1f8 4 bytes JMP 00000001741e22e1 .text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe[5780] C:\Windows\syswow64\KERNELBASE.dll!GetStartupInfoW 00000000750dfa7b 5 bytes JMP 00000001741e1dd1 .text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe[5780] C:\Windows\syswow64\KERNELBASE.dll!CreateMutexW 00000000750e134a 5 bytes JMP 00000001741e3721 .text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe[5780] C:\Windows\syswow64\KERNELBASE.dll!OpenMutexW 00000000750e1371 5 bytes JMP 00000001741e3691 .text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe[5780] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 00000000750e1d1b 5 bytes JMP 00000001741e1951 .text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe[5780] C:\Windows\syswow64\KERNELBASE.dll!GetProcAddress 00000000750e1e07 5 bytes JMP 00000001741e2401 .text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe[5780] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 00000000750e2aa4 5 bytes JMP 00000001741e5a91 .text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe[5780] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExA 00000000750e2ccc 5 bytes JMP 00000001741e5a01 .text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe[5780] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 00000000750e2d0a 5 bytes JMP 00000001741e5b21 .text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe[5780] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleA 00000000750e2e6d 5 bytes JMP 00000001741e18c1 .text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe[5780] C:\Windows\syswow64\KERNELBASE.dll!SleepEx 00000000750e3b63 5 bytes JMP 00000001741e21c1 .text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe[5780] C:\Windows\syswow64\KERNELBASE.dll!Sleep 00000000750e4489 5 bytes JMP 00000001741e2371 .text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe[5780] C:\Windows\syswow64\KERNELBASE.dll!CreateThread 00000000750e45fb 5 bytes JMP 00000001741e3211 .text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe[5780] C:\Windows\syswow64\KERNELBASE.dll!CreateRemoteThread 00000000750e4624 5 bytes JMP 00000001741e2b51 .text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe[5780] C:\Windows\syswow64\KERNELBASE.dll!CreateFileA 00000000750ec72c 5 bytes JMP 00000001741e26d1 .text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe[5780] C:\Windows\syswow64\USER32.dll!GetMessageW 00000000767a78e2 5 bytes JMP 00000001741e4021 .text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe[5780] C:\Windows\syswow64\USER32.dll!GetMessageA 00000000767a7bd3 5 bytes JMP 00000001741e3f91 .text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe[5780] C:\Windows\syswow64\USER32.dll!CreateWindowExW 00000000767a8a29 5 bytes JMP 00000001741e52b1 .text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe[5780] C:\Windows\syswow64\USER32.dll!FindWindowW 00000000767a98fd 5 bytes JMP 00000001741e5cd1 .text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe[5780] C:\Windows\syswow64\USER32.dll!UserClientDllInitialize 00000000767ab6ed 5 bytes JMP 00000001741e6811 .text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe[5780] C:\Windows\syswow64\USER32.dll!CreateWindowExA 00000000767ad22e 5 bytes JMP 00000001741e5341 .text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe[5780] C:\Windows\syswow64\USER32.dll!FindWindowA 00000000767affe6 5 bytes JMP 00000001741e5bb1 .text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe[5780] C:\Windows\syswow64\USER32.dll!FindWindowExA 00000000767b00d9 5 bytes JMP 00000001741e5c41 .text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe[5780] C:\Windows\syswow64\USER32.dll!PeekMessageW 00000000767b05ba 5 bytes JMP 00000001741e4141 .text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe[5780] C:\Windows\syswow64\USER32.dll!ShowWindow 00000000767b0dfb 5 bytes JMP 00000001741e53d1 .text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe[5780] C:\Windows\syswow64\USER32.dll!PostMessageW 00000000767b12a5 5 bytes JMP 00000001741e64b1 .text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe[5780] C:\Windows\syswow64\USER32.dll!SetWindowTextW 00000000767b20ec 5 bytes JMP 00000001741e5731 .text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe[5780] C:\Windows\syswow64\USER32.dll!PostMessageA 00000000767b3baa 5 bytes JMP 00000001741e6421 .text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe[5780] C:\Windows\syswow64\USER32.dll!PeekMessageA 00000000767b5f74 5 bytes JMP 00000001741e40b1 .text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe[5780] C:\Windows\syswow64\USER32.dll!CallNextHookEx 00000000767b6285 5 bytes JMP 00000001741e4771 .text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe[5780] C:\Windows\syswow64\USER32.dll!SetWindowsHookExW 00000000767b7603 5 bytes JMP 00000001741e2ac1 .text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe[5780] C:\Windows\syswow64\USER32.dll!SetWindowTextA 00000000767b7aee 5 bytes JMP 00000001741e56a1 .text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe[5780] C:\Windows\syswow64\USER32.dll!SetWindowsHookExA 00000000767b835c 5 bytes JMP 00000001741e2a31 .text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe[5780] C:\Windows\syswow64\USER32.dll!DialogBoxIndirectParamAorW 00000000767cce54 5 bytes JMP 00000001741e54f1 .text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe[5780] C:\Windows\syswow64\USER32.dll!UnhookWindowsHookEx 00000000767cf52b 5 bytes JMP 00000001741e4801 .text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe[5780] C:\Windows\syswow64\USER32.dll!FindWindowExW 00000000767cf588 5 bytes JMP 00000001741e5d61 .text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe[5780] C:\Windows\syswow64\USER32.dll!CreateDialogIndirectParamAorW 00000000767d10a0 5 bytes JMP 00000001741e5461 .text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe[5780] C:\Windows\syswow64\USER32.dll!MessageBoxExA 00000000767ffcd6 5 bytes JMP 00000001741e5581 .text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe[5780] C:\Windows\syswow64\USER32.dll!MessageBoxExW 00000000767ffcfa 5 bytes JMP 00000001741e5611 .text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe[5780] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000077341465 2 bytes [34, 77] .text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe[5780] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000773414bb 2 bytes [34, 77] .text ... * 2 .text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe[5780] C:\Windows\syswow64\WS2_32.dll!closesocket 0000000076e43918 5 bytes JMP 00000001741e5851 .text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe[5780] C:\Windows\syswow64\WS2_32.dll!WSASocketW 0000000076e43cd3 5 bytes JMP 00000001741e57c1 .text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe[5780] C:\Windows\syswow64\WS2_32.dll!socket 0000000076e43eb8 5 bytes JMP 00000001741e60c1 .text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe[5780] C:\Windows\syswow64\WS2_32.dll!WSASend 0000000076e44406 5 bytes JMP 00000001741e20a1 .text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe[5780] C:\Windows\syswow64\WS2_32.dll!GetAddrInfoW 0000000076e44889 5 bytes JMP 00000001741e5191 .text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe[5780] C:\Windows\syswow64\WS2_32.dll!recv 0000000076e46b0e 5 bytes JMP 00000001741e6271 .text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe[5780] C:\Windows\syswow64\WS2_32.dll!connect 0000000076e46bdd 1 byte JMP 00000001741e3de1 .text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe[5780] C:\Windows\syswow64\WS2_32.dll!connect + 2 0000000076e46bdf 3 bytes {CALL RCX} .text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe[5780] C:\Windows\syswow64\WS2_32.dll!send 0000000076e46f01 5 bytes JMP 00000001741e2011 .text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe[5780] C:\Windows\syswow64\WS2_32.dll!WSARecv 0000000076e47089 5 bytes JMP 00000001741e6301 .text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe[5780] C:\Windows\syswow64\WS2_32.dll!WSAConnect 0000000076e4cc3f 5 bytes JMP 00000001741e61e1 .text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe[5780] C:\Windows\syswow64\WS2_32.dll!gethostbyname 0000000076e57673 5 bytes JMP 00000001741e5221 .text C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe[5980] C:\Windows\SysWOW64\ntdll.dll!NtWriteFile 000000007738f908 5 bytes JMP 00000001741e6661 .text C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe[5980] C:\Windows\SysWOW64\ntdll.dll!NtClose 000000007738f9c0 5 bytes JMP 00000001741e5f11 .text C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe[5980] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationProcess 000000007738fb08 5 bytes JMP 00000001741e5971 .text C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe[5980] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess 000000007738fc00 5 bytes JMP 00000001741e3061 .text C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe[5980] C:\Windows\SysWOW64\ntdll.dll!NtMapViewOfSection 000000007738fc30 5 bytes JMP 00000001741e15f1 .text C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe[5980] C:\Windows\SysWOW64\ntdll.dll!NtUnmapViewOfSection 000000007738fc60 5 bytes JMP 00000001741e1681 .text C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe[5980] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 000000007738fc90 5 bytes JMP 00000001741e58e1 .text C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe[5980] C:\Windows\SysWOW64\ntdll.dll!NtOpenSection 000000007738fda8 5 bytes JMP 00000001741e65d1 .text C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe[5980] C:\Windows\SysWOW64\ntdll.dll!NtWriteVirtualMemory 000000007738fdf4 5 bytes JMP 00000001741e2f41 .text C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe[5980] C:\Windows\SysWOW64\ntdll.dll!NtDuplicateObject 000000007738fe24 5 bytes JMP 00000001741e3181 .text C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe[5980] C:\Windows\SysWOW64\ntdll.dll!NtQueueApcThread 000000007738ff04 5 bytes JMP 00000001741e30f1 .text C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe[5980] C:\Windows\SysWOW64\ntdll.dll!NtCreateSection 000000007738ff84 5 bytes JMP 00000001741e66f1 .text C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe[5980] C:\Windows\SysWOW64\ntdll.dll!NtCreateProcessEx 000000007738ffcc 5 bytes JMP 00000001741e2d91 .text C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe[5980] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread 000000007738ffe4 5 bytes JMP 00000001741e2c71 .text C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe[5980] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile 0000000077390094 5 bytes JMP 00000001741e1e61 .text C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe[5980] C:\Windows\SysWOW64\ntdll.dll!NtSetValueKey 00000000773901a4 5 bytes JMP 00000001741e2251 .text C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe[5980] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant 000000007739077c 5 bytes JMP 00000001741e6541 .text C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe[5980] C:\Windows\SysWOW64\ntdll.dll!NtCreateProcess 00000000773907f4 5 bytes JMP 00000001741e2d01 .text C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe[5980] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx 0000000077390884 5 bytes JMP 00000001741e2be1 .text C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe[5980] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver 0000000077390dd4 5 bytes JMP 00000001741e5fa1 .text C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe[5980] C:\Windows\SysWOW64\ntdll.dll!NtRaiseHardError 00000000773915e4 5 bytes JMP 00000001741e4651 .text C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe[5980] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread 0000000077391900 5 bytes JMP 00000001741e2fd1 .text C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe[5980] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation 0000000077391bc4 5 bytes JMP 00000001741e6031 .text C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe[5980] C:\Windows\SysWOW64\ntdll.dll!NtSystemDebugControl 0000000077391d6c 5 bytes JMP 00000001741e6781 .text C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe[5980] C:\Windows\SysWOW64\ntdll.dll!NtVdmControl 0000000077391ec8 5 bytes JMP 00000001741e6391 .text C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe[5980] C:\Windows\SysWOW64\ntdll.dll!RtlQueryPerformanceCounter 00000000773a88a4 5 bytes JMP 00000001741e1a71 .text C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe[5980] C:\Windows\SysWOW64\ntdll.dll!RtlCreateProcessParametersEx 00000000773d0cfb 5 bytes JMP 00000001741e1f81 .text C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe[5980] C:\Windows\SysWOW64\ntdll.dll!RtlReportException 000000007741857f 5 bytes JMP 00000001741e46e1 .text C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe[5980] C:\Windows\SysWOW64\ntdll.dll!RtlCreateProcessParameters 000000007741e81b 5 bytes JMP 00000001741e1ef1 .text C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe[5980] C:\Windows\syswow64\kernel32.dll!GetStartupInfoA 00000000764a0e00 5 bytes JMP 00000001741e1d41 .text C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe[5980] C:\Windows\syswow64\kernel32.dll!CreateProcessA 00000000764a1072 5 bytes JMP 00000001741e2911 .text C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe[5980] C:\Windows\syswow64\kernel32.dll!LoadLibraryA 00000000764a49bf 5 bytes JMP 00000001741e2521 .text C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe[5980] C:\Windows\syswow64\kernel32.dll!CreateProcessInternalW 00000000764b3bdb 5 bytes JMP 00000001741e2eb1 .text C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe[5980] C:\Windows\syswow64\kernel32.dll!CreateToolhelp32Snapshot 00000000764c7347 5 bytes JMP 00000001741e2641 .text C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe[5980] C:\Windows\syswow64\kernel32.dll!Process32NextW 00000000764c8954 5 bytes JMP 00000001741e5e81 .text C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe[5980] C:\Windows\syswow64\kernel32.dll!WinExec 0000000076522c91 5 bytes JMP 00000001741e27f1 .text C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe[5980] C:\Windows\syswow64\kernel32.dll!ReadConsoleInputA 0000000076546f6b 5 bytes JMP 00000001741e4261 .text C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe[5980] C:\Windows\syswow64\kernel32.dll!ReadConsoleInputW 0000000076546f8e 5 bytes JMP 00000001741e4381 .text C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe[5980] C:\Windows\syswow64\kernel32.dll!ReadConsoleA 0000000076547339 5 bytes JMP 00000001741e44a1 .text C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe[5980] C:\Windows\syswow64\kernel32.dll!ReadConsoleW 00000000765473b2 5 bytes JMP 00000001741e45c1 .text C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe[5980] C:\Windows\syswow64\KERNELBASE.dll!GetSystemTimeAsFileTime 00000000750d8f7d 5 bytes JMP 00000001741e19e1 .text C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe[5980] C:\Windows\syswow64\KERNELBASE.dll!CloseHandle 00000000750dc428 5 bytes JMP 00000001741e37b1 .text C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe[5980] C:\Windows\syswow64\KERNELBASE.dll!WriteProcessMemory 00000000750dec98 5 bytes JMP 00000001741e32a1 .text C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe[5980] C:\Windows\syswow64\KERNELBASE.dll!ExitProcess 00000000750df1f8 4 bytes JMP 00000001741e22e1 .text C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe[5980] C:\Windows\syswow64\KERNELBASE.dll!GetStartupInfoW 00000000750dfa7b 5 bytes JMP 00000001741e1dd1 .text C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe[5980] C:\Windows\syswow64\KERNELBASE.dll!CreateMutexW 00000000750e134a 5 bytes JMP 00000001741e3721 .text C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe[5980] C:\Windows\syswow64\KERNELBASE.dll!OpenMutexW 00000000750e1371 5 bytes JMP 00000001741e3691 .text C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe[5980] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 00000000750e1d1b 5 bytes JMP 00000001741e1951 .text C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe[5980] C:\Windows\syswow64\KERNELBASE.dll!GetProcAddress 00000000750e1e07 5 bytes JMP 00000001741e2401 .text C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe[5980] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 00000000750e2aa4 5 bytes JMP 00000001741e5a91 .text C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe[5980] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExA 00000000750e2ccc 5 bytes JMP 00000001741e5a01 .text C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe[5980] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 00000000750e2d0a 5 bytes JMP 00000001741e5b21 .text C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe[5980] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleA 00000000750e2e6d 5 bytes JMP 00000001741e18c1 .text C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe[5980] C:\Windows\syswow64\KERNELBASE.dll!SleepEx 00000000750e3b63 5 bytes JMP 00000001741e21c1 .text C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe[5980] C:\Windows\syswow64\KERNELBASE.dll!Sleep 00000000750e4489 5 bytes JMP 00000001741e2371 .text C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe[5980] C:\Windows\syswow64\KERNELBASE.dll!CreateThread 00000000750e45fb 5 bytes JMP 00000001741e3211 .text C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe[5980] C:\Windows\syswow64\KERNELBASE.dll!CreateRemoteThread 00000000750e4624 5 bytes JMP 00000001741e2b51 .text C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe[5980] C:\Windows\syswow64\KERNELBASE.dll!CreateFileA 00000000750ec72c 5 bytes JMP 00000001741e26d1 .text C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe[5980] C:\Windows\syswow64\USER32.dll!GetMessageW 00000000767a78e2 5 bytes JMP 00000001741e4021 .text C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe[5980] C:\Windows\syswow64\USER32.dll!GetMessageA 00000000767a7bd3 5 bytes JMP 00000001741e3f91 .text C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe[5980] C:\Windows\syswow64\USER32.dll!CreateWindowExW 00000000767a8a29 5 bytes JMP 00000001741e52b1 .text C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe[5980] C:\Windows\syswow64\USER32.dll!FindWindowW 00000000767a98fd 5 bytes JMP 00000001741e5cd1 .text C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe[5980] C:\Windows\syswow64\USER32.dll!UserClientDllInitialize 00000000767ab6ed 5 bytes JMP 00000001741e6811 .text C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe[5980] C:\Windows\syswow64\USER32.dll!CreateWindowExA 00000000767ad22e 5 bytes JMP 00000001741e5341 .text C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe[5980] C:\Windows\syswow64\USER32.dll!FindWindowA 00000000767affe6 5 bytes JMP 00000001741e5bb1 .text C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe[5980] C:\Windows\syswow64\USER32.dll!FindWindowExA 00000000767b00d9 5 bytes JMP 00000001741e5c41 .text C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe[5980] C:\Windows\syswow64\USER32.dll!PeekMessageW 00000000767b05ba 5 bytes JMP 00000001741e4141 .text C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe[5980] C:\Windows\syswow64\USER32.dll!ShowWindow 00000000767b0dfb 5 bytes JMP 00000001741e53d1 .text C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe[5980] C:\Windows\syswow64\USER32.dll!PostMessageW 00000000767b12a5 5 bytes JMP 00000001741e64b1 .text C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe[5980] C:\Windows\syswow64\USER32.dll!SetWindowTextW 00000000767b20ec 5 bytes JMP 00000001741e5731 .text C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe[5980] C:\Windows\syswow64\USER32.dll!PostMessageA 00000000767b3baa 5 bytes JMP 00000001741e6421 .text C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe[5980] C:\Windows\syswow64\USER32.dll!PeekMessageA 00000000767b5f74 5 bytes JMP 00000001741e40b1 .text C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe[5980] C:\Windows\syswow64\USER32.dll!CallNextHookEx 00000000767b6285 5 bytes JMP 00000001741e4771 .text C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe[5980] C:\Windows\syswow64\USER32.dll!SetWindowsHookExW 00000000767b7603 5 bytes JMP 00000001741e2ac1 .text C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe[5980] C:\Windows\syswow64\USER32.dll!SetWindowTextA 00000000767b7aee 5 bytes JMP 00000001741e56a1 .text C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe[5980] C:\Windows\syswow64\USER32.dll!SetWindowsHookExA 00000000767b835c 5 bytes JMP 00000001741e2a31 .text C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe[5980] C:\Windows\syswow64\USER32.dll!DialogBoxIndirectParamAorW 00000000767cce54 5 bytes JMP 00000001741e54f1 .text C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe[5980] C:\Windows\syswow64\USER32.dll!UnhookWindowsHookEx 00000000767cf52b 5 bytes JMP 00000001741e4801 .text C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe[5980] C:\Windows\syswow64\USER32.dll!FindWindowExW 00000000767cf588 5 bytes JMP 00000001741e5d61 .text C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe[5980] C:\Windows\syswow64\USER32.dll!CreateDialogIndirectParamAorW 00000000767d10a0 5 bytes JMP 00000001741e5461 .text C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe[5980] C:\Windows\syswow64\USER32.dll!MessageBoxExA 00000000767ffcd6 5 bytes JMP 00000001741e5581 .text C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe[5980] C:\Windows\syswow64\USER32.dll!MessageBoxExW 00000000767ffcfa 5 bytes JMP 00000001741e5611 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe[6104] C:\Windows\SysWOW64\ntdll.dll!NtWriteFile 000000007738f908 5 bytes JMP 00000001741e6661 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe[6104] C:\Windows\SysWOW64\ntdll.dll!NtClose 000000007738f9c0 5 bytes JMP 00000001741e5f11 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe[6104] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationProcess 000000007738fb08 5 bytes JMP 00000001741e5971 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe[6104] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess 000000007738fc00 5 bytes JMP 00000001741e3061 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe[6104] C:\Windows\SysWOW64\ntdll.dll!NtMapViewOfSection 000000007738fc30 5 bytes JMP 00000001741e15f1 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe[6104] C:\Windows\SysWOW64\ntdll.dll!NtUnmapViewOfSection 000000007738fc60 5 bytes JMP 00000001741e1681 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe[6104] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 000000007738fc90 5 bytes JMP 00000001741e58e1 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe[6104] C:\Windows\SysWOW64\ntdll.dll!NtOpenSection 000000007738fda8 5 bytes JMP 00000001741e65d1 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe[6104] C:\Windows\SysWOW64\ntdll.dll!NtWriteVirtualMemory 000000007738fdf4 5 bytes JMP 00000001741e2f41 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe[6104] C:\Windows\SysWOW64\ntdll.dll!NtDuplicateObject 000000007738fe24 5 bytes JMP 00000001741e3181 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe[6104] C:\Windows\SysWOW64\ntdll.dll!NtQueueApcThread 000000007738ff04 5 bytes JMP 00000001741e30f1 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe[6104] C:\Windows\SysWOW64\ntdll.dll!NtCreateSection 000000007738ff84 5 bytes JMP 00000001741e66f1 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe[6104] C:\Windows\SysWOW64\ntdll.dll!NtCreateProcessEx 000000007738ffcc 5 bytes JMP 00000001741e2d91 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe[6104] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread 000000007738ffe4 5 bytes JMP 00000001741e2c71 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe[6104] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile 0000000077390094 5 bytes JMP 00000001741e1e61 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe[6104] C:\Windows\SysWOW64\ntdll.dll!NtSetValueKey 00000000773901a4 5 bytes JMP 00000001741e2251 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe[6104] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant 000000007739077c 5 bytes JMP 00000001741e6541 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe[6104] C:\Windows\SysWOW64\ntdll.dll!NtCreateProcess 00000000773907f4 5 bytes JMP 00000001741e2d01 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe[6104] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx 0000000077390884 5 bytes JMP 00000001741e2be1 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe[6104] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver 0000000077390dd4 5 bytes JMP 00000001741e5fa1 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe[6104] C:\Windows\SysWOW64\ntdll.dll!NtRaiseHardError 00000000773915e4 5 bytes JMP 00000001741e4651 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe[6104] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread 0000000077391900 5 bytes JMP 00000001741e2fd1 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe[6104] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation 0000000077391bc4 5 bytes JMP 00000001741e6031 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe[6104] C:\Windows\SysWOW64\ntdll.dll!NtSystemDebugControl 0000000077391d6c 5 bytes JMP 00000001741e6781 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe[6104] C:\Windows\SysWOW64\ntdll.dll!NtVdmControl 0000000077391ec8 5 bytes JMP 00000001741e6391 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe[6104] C:\Windows\SysWOW64\ntdll.dll!RtlQueryPerformanceCounter 00000000773a88a4 5 bytes JMP 00000001741e1a71 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe[6104] C:\Windows\SysWOW64\ntdll.dll!RtlCreateProcessParametersEx 00000000773d0cfb 5 bytes JMP 00000001741e1f81 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe[6104] C:\Windows\SysWOW64\ntdll.dll!RtlReportException 000000007741857f 5 bytes JMP 00000001741e46e1 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe[6104] C:\Windows\SysWOW64\ntdll.dll!RtlCreateProcessParameters 000000007741e81b 5 bytes JMP 00000001741e1ef1 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe[6104] C:\Windows\syswow64\kernel32.dll!GetStartupInfoA 00000000764a0e00 5 bytes JMP 00000001741e1d41 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe[6104] C:\Windows\syswow64\kernel32.dll!CreateProcessA 00000000764a1072 5 bytes JMP 00000001741e2911 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe[6104] C:\Windows\syswow64\kernel32.dll!LoadLibraryA 00000000764a49bf 5 bytes JMP 00000001741e2521 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe[6104] C:\Windows\syswow64\kernel32.dll!CreateProcessInternalW 00000000764b3bdb 5 bytes JMP 00000001741e2eb1 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe[6104] C:\Windows\syswow64\kernel32.dll!CreateToolhelp32Snapshot 00000000764c7347 5 bytes JMP 00000001741e2641 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe[6104] C:\Windows\syswow64\kernel32.dll!Process32NextW 00000000764c8954 5 bytes JMP 00000001741e5e81 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe[6104] C:\Windows\syswow64\kernel32.dll!WinExec 0000000076522c91 5 bytes JMP 00000001741e27f1 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe[6104] C:\Windows\syswow64\kernel32.dll!ReadConsoleInputA 0000000076546f6b 5 bytes JMP 00000001741e4261 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe[6104] C:\Windows\syswow64\kernel32.dll!ReadConsoleInputW 0000000076546f8e 5 bytes JMP 00000001741e4381 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe[6104] C:\Windows\syswow64\kernel32.dll!ReadConsoleA 0000000076547339 5 bytes JMP 00000001741e44a1 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe[6104] C:\Windows\syswow64\kernel32.dll!ReadConsoleW 00000000765473b2 5 bytes JMP 00000001741e45c1 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe[6104] C:\Windows\syswow64\KERNELBASE.dll!GetSystemTimeAsFileTime 00000000750d8f7d 5 bytes JMP 00000001741e19e1 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe[6104] C:\Windows\syswow64\KERNELBASE.dll!CloseHandle 00000000750dc428 5 bytes JMP 00000001741e37b1 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe[6104] C:\Windows\syswow64\KERNELBASE.dll!WriteProcessMemory 00000000750dec98 5 bytes JMP 00000001741e32a1 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe[6104] C:\Windows\syswow64\KERNELBASE.dll!ExitProcess 00000000750df1f8 4 bytes JMP 00000001741e22e1 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe[6104] C:\Windows\syswow64\KERNELBASE.dll!GetStartupInfoW 00000000750dfa7b 5 bytes JMP 00000001741e1dd1 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe[6104] C:\Windows\syswow64\KERNELBASE.dll!CreateMutexW 00000000750e134a 5 bytes JMP 00000001741e3721 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe[6104] C:\Windows\syswow64\KERNELBASE.dll!OpenMutexW 00000000750e1371 5 bytes JMP 00000001741e3691 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe[6104] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 00000000750e1d1b 5 bytes JMP 00000001741e1951 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe[6104] C:\Windows\syswow64\KERNELBASE.dll!GetProcAddress 00000000750e1e07 5 bytes JMP 00000001741e2401 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe[6104] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 00000000750e2aa4 5 bytes JMP 00000001741e5a91 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe[6104] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExA 00000000750e2ccc 5 bytes JMP 00000001741e5a01 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe[6104] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 00000000750e2d0a 5 bytes JMP 00000001741e5b21 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe[6104] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleA 00000000750e2e6d 5 bytes JMP 00000001741e18c1 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe[6104] C:\Windows\syswow64\KERNELBASE.dll!SleepEx 00000000750e3b63 5 bytes JMP 00000001741e21c1 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe[6104] C:\Windows\syswow64\KERNELBASE.dll!Sleep 00000000750e4489 5 bytes JMP 00000001741e2371 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe[6104] C:\Windows\syswow64\KERNELBASE.dll!CreateThread 00000000750e45fb 5 bytes JMP 00000001741e3211 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe[6104] C:\Windows\syswow64\KERNELBASE.dll!CreateRemoteThread 00000000750e4624 5 bytes JMP 00000001741e2b51 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe[6104] C:\Windows\syswow64\KERNELBASE.dll!CreateFileA 00000000750ec72c 5 bytes JMP 00000001741e26d1 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe[6104] C:\Windows\syswow64\USER32.dll!GetMessageW 00000000767a78e2 5 bytes JMP 00000001741e4021 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe[6104] C:\Windows\syswow64\USER32.dll!GetMessageA 00000000767a7bd3 5 bytes JMP 00000001741e3f91 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe[6104] C:\Windows\syswow64\USER32.dll!CreateWindowExW 00000000767a8a29 5 bytes JMP 00000001741e52b1 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe[6104] C:\Windows\syswow64\USER32.dll!FindWindowW 00000000767a98fd 5 bytes JMP 00000001741e5cd1 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe[6104] C:\Windows\syswow64\USER32.dll!UserClientDllInitialize 00000000767ab6ed 5 bytes JMP 00000001741e6811 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe[6104] C:\Windows\syswow64\USER32.dll!CreateWindowExA 00000000767ad22e 5 bytes JMP 00000001741e5341 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe[6104] C:\Windows\syswow64\USER32.dll!FindWindowA 00000000767affe6 5 bytes JMP 00000001741e5bb1 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe[6104] C:\Windows\syswow64\USER32.dll!FindWindowExA 00000000767b00d9 5 bytes JMP 00000001741e5c41 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe[6104] C:\Windows\syswow64\USER32.dll!PeekMessageW 00000000767b05ba 5 bytes JMP 00000001741e4141 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe[6104] C:\Windows\syswow64\USER32.dll!ShowWindow 00000000767b0dfb 5 bytes JMP 00000001741e53d1 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe[6104] C:\Windows\syswow64\USER32.dll!PostMessageW 00000000767b12a5 5 bytes JMP 00000001741e64b1 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe[6104] C:\Windows\syswow64\USER32.dll!SetWindowTextW 00000000767b20ec 5 bytes JMP 00000001741e5731 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe[6104] C:\Windows\syswow64\USER32.dll!PostMessageA 00000000767b3baa 5 bytes JMP 00000001741e6421 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe[6104] C:\Windows\syswow64\USER32.dll!PeekMessageA 00000000767b5f74 5 bytes JMP 00000001741e40b1 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe[6104] C:\Windows\syswow64\USER32.dll!CallNextHookEx 00000000767b6285 5 bytes JMP 00000001741e4771 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe[6104] C:\Windows\syswow64\USER32.dll!SetWindowsHookExW 00000000767b7603 5 bytes JMP 00000001741e2ac1 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe[6104] C:\Windows\syswow64\USER32.dll!SetWindowTextA 00000000767b7aee 5 bytes JMP 00000001741e56a1 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe[6104] C:\Windows\syswow64\USER32.dll!SetWindowsHookExA 00000000767b835c 5 bytes JMP 00000001741e2a31 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe[6104] C:\Windows\syswow64\USER32.dll!DialogBoxIndirectParamAorW 00000000767cce54 5 bytes JMP 00000001741e54f1 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe[6104] C:\Windows\syswow64\USER32.dll!UnhookWindowsHookEx 00000000767cf52b 5 bytes JMP 00000001741e4801 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe[6104] C:\Windows\syswow64\USER32.dll!FindWindowExW 00000000767cf588 5 bytes JMP 00000001741e5d61 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe[6104] C:\Windows\syswow64\USER32.dll!CreateDialogIndirectParamAorW 00000000767d10a0 5 bytes JMP 00000001741e5461 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe[6104] C:\Windows\syswow64\USER32.dll!MessageBoxExA 00000000767ffcd6 5 bytes JMP 00000001741e5581 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe[6104] C:\Windows\syswow64\USER32.dll!MessageBoxExW 00000000767ffcfa 5 bytes JMP 00000001741e5611 .text C:\Windows\system32\taskeng.exe[5232] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateProcessParametersEx + 1 00000000771c92a1 5 bytes [B8, F9, 63, C1, 75] .text C:\Windows\system32\taskeng.exe[5232] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateProcessParametersEx + 7 00000000771c92a7 5 bytes [00, 00, 00, 50, C3] .text C:\Windows\system32\taskeng.exe[5232] C:\Windows\SYSTEM32\ntdll.dll!NtWriteFile 00000000771e1390 6 bytes [48, B8, 79, EC, C1, 75] .text C:\Windows\system32\taskeng.exe[5232] C:\Windows\SYSTEM32\ntdll.dll!NtWriteFile + 8 00000000771e1398 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\taskeng.exe[5232] C:\Windows\SYSTEM32\ntdll.dll!NtClose 00000000771e1400 6 bytes [48, B8, 79, D0, C1, 75] .text C:\Windows\system32\taskeng.exe[5232] C:\Windows\SYSTEM32\ntdll.dll!NtClose + 8 00000000771e1408 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\taskeng.exe[5232] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess 00000000771e14d0 6 bytes [48, B8, 39, BD, C1, 75] .text C:\Windows\system32\taskeng.exe[5232] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess + 8 00000000771e14d8 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\taskeng.exe[5232] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000771e1570 6 bytes [48, B8, F9, 32, C1, 75] .text C:\Windows\system32\taskeng.exe[5232] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess + 8 00000000771e1578 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\taskeng.exe[5232] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 00000000771e1590 6 bytes [48, B8, 39, 1C, C1, 75] .text C:\Windows\system32\taskeng.exe[5232] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection + 8 00000000771e1598 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\taskeng.exe[5232] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection 00000000771e15b0 6 bytes [48, B8, F9, 1D, C1, 75] .text C:\Windows\system32\taskeng.exe[5232] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection + 8 00000000771e15b8 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\taskeng.exe[5232] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000771e15d0 6 bytes [48, B8, 79, BB, C1, 75] .text C:\Windows\system32\taskeng.exe[5232] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess + 8 00000000771e15d8 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\taskeng.exe[5232] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000771e1680 6 bytes [48, B8, F9, E8, C1, 75] .text C:\Windows\system32\taskeng.exe[5232] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection + 8 00000000771e1688 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\taskeng.exe[5232] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000771e16b0 6 bytes [48, B8, 79, 2F, C1, 75] .text C:\Windows\system32\taskeng.exe[5232] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory + 8 00000000771e16b8 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\taskeng.exe[5232] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000771e16d0 6 bytes [48, B8, 79, 36, C1, 75] .text C:\Windows\system32\taskeng.exe[5232] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject + 8 00000000771e16d8 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\taskeng.exe[5232] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 00000000771e1760 6 bytes [48, B8, B9, 34, C1, 75] .text C:\Windows\system32\taskeng.exe[5232] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread + 8 00000000771e1768 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\taskeng.exe[5232] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000771e17b0 6 bytes [48, B8, 39, EE, C1, 75] .text C:\Windows\system32\taskeng.exe[5232] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection + 8 00000000771e17b8 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\taskeng.exe[5232] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcessEx 00000000771e17e0 6 bytes [48, B8, 39, 2A, C1, 75] .text C:\Windows\system32\taskeng.exe[5232] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcessEx + 8 00000000771e17e8 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\taskeng.exe[5232] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000771e17f0 6 bytes [48, B8, B9, 26, C1, 75] .text C:\Windows\system32\taskeng.exe[5232] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread + 8 00000000771e17f8 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\taskeng.exe[5232] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 00000000771e1860 6 bytes [48, B8, B9, EA, C1, 75] .text C:\Windows\system32\taskeng.exe[5232] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile + 8 00000000771e1868 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\taskeng.exe[5232] C:\Windows\SYSTEM32\ntdll.dll!NtSetValueKey 00000000771e1910 6 bytes [48, B8, B9, F1, C1, 75] .text C:\Windows\system32\taskeng.exe[5232] C:\Windows\SYSTEM32\ntdll.dll!NtSetValueKey + 8 00000000771e1918 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\taskeng.exe[5232] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000771e1ce0 6 bytes [48, B8, 39, E7, C1, 75] .text C:\Windows\system32\taskeng.exe[5232] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant + 8 00000000771e1ce8 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\taskeng.exe[5232] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcess 00000000771e1d30 6 bytes [48, B8, 79, 28, C1, 75] .text C:\Windows\system32\taskeng.exe[5232] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcess + 8 00000000771e1d38 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\taskeng.exe[5232] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000771e1d90 6 bytes [48, B8, F9, 24, C1, 75] .text C:\Windows\system32\taskeng.exe[5232] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx + 8 00000000771e1d98 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\taskeng.exe[5232] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000771e2100 6 bytes [48, B8, 39, D2, C1, 75] .text C:\Windows\system32\taskeng.exe[5232] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver + 8 00000000771e2108 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\taskeng.exe[5232] C:\Windows\SYSTEM32\ntdll.dll!NtRaiseHardError 00000000771e2640 6 bytes [48, B8, 39, 7E, C1, 75] .text C:\Windows\system32\taskeng.exe[5232] C:\Windows\SYSTEM32\ntdll.dll!NtRaiseHardError + 8 00000000771e2648 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\taskeng.exe[5232] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000771e2840 6 bytes [48, B8, 39, 31, C1, 75] .text C:\Windows\system32\taskeng.exe[5232] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread + 8 00000000771e2848 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\taskeng.exe[5232] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000771e2a00 6 bytes [48, B8, F9, D3, C1, 75] .text C:\Windows\system32\taskeng.exe[5232] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation + 8 00000000771e2a08 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\taskeng.exe[5232] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000771e2b00 6 bytes [48, B8, F9, EF, C1, 75] .text C:\Windows\system32\taskeng.exe[5232] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl + 8 00000000771e2b08 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\taskeng.exe[5232] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000771e2be0 6 bytes [48, B8, F9, E1, C1, 75] .text C:\Windows\system32\taskeng.exe[5232] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl + 8 00000000771e2be8 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\taskeng.exe[5232] C:\Windows\SYSTEM32\ntdll.dll!RtlReportException + 1 00000000772531f1 11 bytes [B8, F9, 7F, C1, 75, 00, 00, ...] .text C:\Windows\system32\taskeng.exe[5232] C:\Windows\system32\kernel32.dll!Process32NextW + 1 00000000770720f1 11 bytes [B8, B9, CE, C1, 75, 00, 00, ...] .text C:\Windows\system32\taskeng.exe[5232] C:\Windows\system32\kernel32.dll!CreateToolhelp32Snapshot 00000000770721e0 12 bytes [48, B8, F9, 39, C1, 75, 00, ...] .text C:\Windows\system32\taskeng.exe[5232] C:\Windows\system32\kernel32.dll!CreateProcessInternalW 000000007708e750 12 bytes [48, B8, B9, 2D, C1, 75, 00, ...] .text C:\Windows\system32\taskeng.exe[5232] C:\Windows\system32\kernel32.dll!GetStartupInfoA + 1 0000000077091e31 11 bytes [B8, 39, E0, C1, 75, 00, 00, ...] .text C:\Windows\system32\taskeng.exe[5232] C:\Windows\system32\kernel32.dll!ReadConsoleInputW + 1 00000000770c5011 11 bytes [B8, 79, 75, C1, 75, 00, 00, ...] .text C:\Windows\system32\taskeng.exe[5232] C:\Windows\system32\kernel32.dll!ReadConsoleInputA + 1 00000000770c5031 11 bytes [B8, F9, 71, C1, 75, 00, 00, ...] .text C:\Windows\system32\taskeng.exe[5232] C:\Windows\system32\kernel32.dll!ReadConsoleW 00000000770da560 12 bytes [48, B8, 79, 7C, C1, 75, 00, ...] .text C:\Windows\system32\taskeng.exe[5232] C:\Windows\system32\kernel32.dll!ReadConsoleA 00000000770da670 12 bytes [48, B8, F9, 78, C1, 75, 00, ...] .text C:\Windows\system32\taskeng.exe[5232] C:\Windows\system32\KERNELBASE.dll!CloseHandle + 1 000007fefd441861 11 bytes [B8, 39, 4D, C1, 75, 00, 00, ...] .text C:\Windows\system32\taskeng.exe[5232] C:\Windows\system32\KERNELBASE.dll!GetProcAddress + 1 000007fefd4430f1 11 bytes [B8, 39, C4, C1, 75, 00, 00, ...] .text C:\Windows\system32\taskeng.exe[5232] C:\Windows\system32\KERNELBASE.dll!CreateMutexW 000007fefd448b80 12 bytes [48, B8, 79, 4B, C1, 75, 00, ...] .text C:\Windows\system32\taskeng.exe[5232] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd449940 12 bytes [48, B8, B9, C0, C1, 75, 00, ...] .text C:\Windows\system32\taskeng.exe[5232] C:\Windows\system32\KERNELBASE.dll!FreeLibrary + 1 000007fefd449fb1 11 bytes [B8, 79, C2, C1, 75, 00, 00, ...] .text C:\Windows\system32\taskeng.exe[5232] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExA + 1 000007fefd44bbb1 11 bytes [B8, F9, BE, C1, 75, 00, 00, ...] .text C:\Windows\system32\taskeng.exe[5232] C:\Windows\system32\KERNELBASE.dll!OpenMutexW + 1 000007fefd4529c1 11 bytes [B8, B9, 49, C1, 75, 00, 00, ...] .text C:\Windows\system32\taskeng.exe[5232] C:\Windows\system32\KERNELBASE.dll!WriteProcessMemory 000007fefd474320 12 bytes [48, B8, 79, 3D, C1, 75, 00, ...] .text C:\Windows\system32\taskeng.exe[5232] C:\Windows\system32\KERNELBASE.dll!CreateRemoteThread + 1 000007fefd482841 8 bytes [B8, 39, 23, C1, 75, 00, 00, ...] .text C:\Windows\system32\taskeng.exe[5232] C:\Windows\system32\KERNELBASE.dll!CreateRemoteThread + 10 000007fefd48284a 2 bytes [50, C3] .text C:\Windows\system32\taskeng.exe[5232] C:\Windows\system32\KERNELBASE.dll!CreateThread + 1 000007fefd482881 11 bytes [B8, B9, 3B, C1, 75, 00, 00, ...] .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe[5244] C:\Windows\SysWOW64\ntdll.dll!NtWriteFile 000000007738f908 5 bytes JMP 00000001741e6661 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe[5244] C:\Windows\SysWOW64\ntdll.dll!NtClose 000000007738f9c0 5 bytes JMP 00000001741e5f11 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe[5244] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationProcess 000000007738fb08 5 bytes JMP 00000001741e5971 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe[5244] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess 000000007738fc00 5 bytes JMP 00000001741e3061 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe[5244] C:\Windows\SysWOW64\ntdll.dll!NtMapViewOfSection 000000007738fc30 5 bytes JMP 00000001741e15f1 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe[5244] C:\Windows\SysWOW64\ntdll.dll!NtUnmapViewOfSection 000000007738fc60 5 bytes JMP 00000001741e1681 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe[5244] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 000000007738fc90 5 bytes JMP 00000001741e58e1 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe[5244] C:\Windows\SysWOW64\ntdll.dll!NtOpenSection 000000007738fda8 5 bytes JMP 00000001741e65d1 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe[5244] C:\Windows\SysWOW64\ntdll.dll!NtWriteVirtualMemory 000000007738fdf4 5 bytes JMP 00000001741e2f41 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe[5244] C:\Windows\SysWOW64\ntdll.dll!NtDuplicateObject 000000007738fe24 5 bytes JMP 00000001741e3181 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe[5244] C:\Windows\SysWOW64\ntdll.dll!NtQueueApcThread 000000007738ff04 5 bytes JMP 00000001741e30f1 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe[5244] C:\Windows\SysWOW64\ntdll.dll!NtCreateSection 000000007738ff84 5 bytes JMP 00000001741e66f1 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe[5244] C:\Windows\SysWOW64\ntdll.dll!NtCreateProcessEx 000000007738ffcc 5 bytes JMP 00000001741e2d91 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe[5244] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread 000000007738ffe4 5 bytes JMP 00000001741e2c71 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe[5244] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile 0000000077390094 5 bytes JMP 00000001741e1e61 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe[5244] C:\Windows\SysWOW64\ntdll.dll!NtSetValueKey 00000000773901a4 5 bytes JMP 00000001741e2251 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe[5244] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant 000000007739077c 5 bytes JMP 00000001741e6541 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe[5244] C:\Windows\SysWOW64\ntdll.dll!NtCreateProcess 00000000773907f4 5 bytes JMP 00000001741e2d01 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe[5244] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx 0000000077390884 5 bytes JMP 00000001741e2be1 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe[5244] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver 0000000077390dd4 5 bytes JMP 00000001741e5fa1 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe[5244] C:\Windows\SysWOW64\ntdll.dll!NtRaiseHardError 00000000773915e4 5 bytes JMP 00000001741e4651 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe[5244] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread 0000000077391900 5 bytes JMP 00000001741e2fd1 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe[5244] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation 0000000077391bc4 5 bytes JMP 00000001741e6031 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe[5244] C:\Windows\SysWOW64\ntdll.dll!NtSystemDebugControl 0000000077391d6c 5 bytes JMP 00000001741e6781 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe[5244] C:\Windows\SysWOW64\ntdll.dll!NtVdmControl 0000000077391ec8 5 bytes JMP 00000001741e6391 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe[5244] C:\Windows\SysWOW64\ntdll.dll!RtlQueryPerformanceCounter 00000000773a88a4 5 bytes JMP 00000001741e1a71 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe[5244] C:\Windows\SysWOW64\ntdll.dll!RtlCreateProcessParametersEx 00000000773d0cfb 5 bytes JMP 00000001741e1f81 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe[5244] C:\Windows\SysWOW64\ntdll.dll!RtlReportException 000000007741857f 5 bytes JMP 00000001741e46e1 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe[5244] C:\Windows\SysWOW64\ntdll.dll!RtlCreateProcessParameters 000000007741e81b 5 bytes JMP 00000001741e1ef1 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe[5244] C:\Windows\syswow64\kernel32.dll!GetStartupInfoA 00000000764a0e00 5 bytes JMP 00000001741e1d41 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe[5244] C:\Windows\syswow64\kernel32.dll!CreateProcessA 00000000764a1072 5 bytes JMP 00000001741e2911 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe[5244] C:\Windows\syswow64\kernel32.dll!LoadLibraryA 00000000764a49bf 5 bytes JMP 00000001741e2521 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe[5244] C:\Windows\syswow64\kernel32.dll!CreateProcessInternalW 00000000764b3bdb 5 bytes JMP 00000001741e2eb1 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe[5244] C:\Windows\syswow64\kernel32.dll!CreateToolhelp32Snapshot 00000000764c7347 5 bytes JMP 00000001741e2641 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe[5244] C:\Windows\syswow64\kernel32.dll!Process32NextW 00000000764c8954 5 bytes JMP 00000001741e5e81 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe[5244] C:\Windows\syswow64\kernel32.dll!WinExec 0000000076522c91 5 bytes JMP 00000001741e27f1 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe[5244] C:\Windows\syswow64\kernel32.dll!ReadConsoleInputA 0000000076546f6b 5 bytes JMP 00000001741e4261 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe[5244] C:\Windows\syswow64\kernel32.dll!ReadConsoleInputW 0000000076546f8e 5 bytes JMP 00000001741e4381 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe[5244] C:\Windows\syswow64\kernel32.dll!ReadConsoleA 0000000076547339 5 bytes JMP 00000001741e44a1 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe[5244] C:\Windows\syswow64\kernel32.dll!ReadConsoleW 00000000765473b2 5 bytes JMP 00000001741e45c1 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe[5244] C:\Windows\syswow64\KERNELBASE.dll!GetSystemTimeAsFileTime 00000000750d8f7d 5 bytes JMP 00000001741e19e1 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe[5244] C:\Windows\syswow64\KERNELBASE.dll!CloseHandle 00000000750dc428 5 bytes JMP 00000001741e37b1 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe[5244] C:\Windows\syswow64\KERNELBASE.dll!WriteProcessMemory 00000000750dec98 5 bytes JMP 00000001741e32a1 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe[5244] C:\Windows\syswow64\KERNELBASE.dll!ExitProcess 00000000750df1f8 4 bytes JMP 00000001741e22e1 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe[5244] C:\Windows\syswow64\KERNELBASE.dll!GetStartupInfoW 00000000750dfa7b 5 bytes JMP 00000001741e1dd1 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe[5244] C:\Windows\syswow64\KERNELBASE.dll!CreateMutexW 00000000750e134a 5 bytes JMP 00000001741e3721 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe[5244] C:\Windows\syswow64\KERNELBASE.dll!OpenMutexW 00000000750e1371 5 bytes JMP 00000001741e3691 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe[5244] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 00000000750e1d1b 5 bytes JMP 00000001741e1951 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe[5244] C:\Windows\syswow64\KERNELBASE.dll!GetProcAddress 00000000750e1e07 5 bytes JMP 00000001741e2401 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe[5244] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 00000000750e2aa4 5 bytes JMP 00000001741e5a91 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe[5244] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExA 00000000750e2ccc 5 bytes JMP 00000001741e5a01 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe[5244] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 00000000750e2d0a 5 bytes JMP 00000001741e5b21 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe[5244] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleA 00000000750e2e6d 5 bytes JMP 00000001741e18c1 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe[5244] C:\Windows\syswow64\KERNELBASE.dll!SleepEx 00000000750e3b63 5 bytes JMP 00000001741e21c1 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe[5244] C:\Windows\syswow64\KERNELBASE.dll!Sleep 00000000750e4489 5 bytes JMP 00000001741e2371 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe[5244] C:\Windows\syswow64\KERNELBASE.dll!CreateThread 00000000750e45fb 5 bytes JMP 00000001741e3211 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe[5244] C:\Windows\syswow64\KERNELBASE.dll!CreateRemoteThread 00000000750e4624 5 bytes JMP 00000001741e2b51 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe[5244] C:\Windows\syswow64\KERNELBASE.dll!CreateFileA 00000000750ec72c 5 bytes JMP 00000001741e26d1 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe[5244] C:\Windows\syswow64\USER32.dll!GetMessageW 00000000767a78e2 5 bytes JMP 00000001741e4021 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe[5244] C:\Windows\syswow64\USER32.dll!GetMessageA 00000000767a7bd3 5 bytes JMP 00000001741e3f91 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe[5244] C:\Windows\syswow64\USER32.dll!CreateWindowExW 00000000767a8a29 5 bytes JMP 00000001741e52b1 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe[5244] C:\Windows\syswow64\USER32.dll!FindWindowW 00000000767a98fd 5 bytes JMP 00000001741e5cd1 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe[5244] C:\Windows\syswow64\USER32.dll!UserClientDllInitialize 00000000767ab6ed 5 bytes JMP 00000001741e6811 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe[5244] C:\Windows\syswow64\USER32.dll!CreateWindowExA 00000000767ad22e 5 bytes JMP 00000001741e5341 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe[5244] C:\Windows\syswow64\USER32.dll!FindWindowA 00000000767affe6 5 bytes JMP 00000001741e5bb1 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe[5244] C:\Windows\syswow64\USER32.dll!FindWindowExA 00000000767b00d9 5 bytes JMP 00000001741e5c41 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe[5244] C:\Windows\syswow64\USER32.dll!PeekMessageW 00000000767b05ba 5 bytes JMP 00000001741e4141 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe[5244] C:\Windows\syswow64\USER32.dll!ShowWindow 00000000767b0dfb 5 bytes JMP 00000001741e53d1 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe[5244] C:\Windows\syswow64\USER32.dll!PostMessageW 00000000767b12a5 5 bytes JMP 00000001741e64b1 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe[5244] C:\Windows\syswow64\USER32.dll!SetWindowTextW 00000000767b20ec 5 bytes JMP 00000001741e5731 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe[5244] C:\Windows\syswow64\USER32.dll!PostMessageA 00000000767b3baa 5 bytes JMP 00000001741e6421 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe[5244] C:\Windows\syswow64\USER32.dll!PeekMessageA 00000000767b5f74 5 bytes JMP 00000001741e40b1 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe[5244] C:\Windows\syswow64\USER32.dll!CallNextHookEx 00000000767b6285 5 bytes JMP 00000001741e4771 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe[5244] C:\Windows\syswow64\USER32.dll!SetWindowsHookExW 00000000767b7603 5 bytes JMP 00000001741e2ac1 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe[5244] C:\Windows\syswow64\USER32.dll!SetWindowTextA 00000000767b7aee 5 bytes JMP 00000001741e56a1 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe[5244] C:\Windows\syswow64\USER32.dll!SetWindowsHookExA 00000000767b835c 5 bytes JMP 00000001741e2a31 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe[5244] C:\Windows\syswow64\USER32.dll!DialogBoxIndirectParamAorW 00000000767cce54 5 bytes JMP 00000001741e54f1 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe[5244] C:\Windows\syswow64\USER32.dll!UnhookWindowsHookEx 00000000767cf52b 5 bytes JMP 00000001741e4801 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe[5244] C:\Windows\syswow64\USER32.dll!FindWindowExW 00000000767cf588 5 bytes JMP 00000001741e5d61 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe[5244] C:\Windows\syswow64\USER32.dll!CreateDialogIndirectParamAorW 00000000767d10a0 5 bytes JMP 00000001741e5461 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe[5244] C:\Windows\syswow64\USER32.dll!MessageBoxExA 00000000767ffcd6 5 bytes JMP 00000001741e5581 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe[5244] C:\Windows\syswow64\USER32.dll!MessageBoxExW 00000000767ffcfa 5 bytes JMP 00000001741e5611 .text C:\Program Files (x86)\ASUS\ASUS Sonic Focus\SonicFocusTray.exe[5392] C:\Windows\SysWOW64\ntdll.dll!NtWriteFile 000000007738f908 5 bytes JMP 00000001741e6661 .text C:\Program Files (x86)\ASUS\ASUS Sonic Focus\SonicFocusTray.exe[5392] C:\Windows\SysWOW64\ntdll.dll!NtClose 000000007738f9c0 5 bytes JMP 00000001741e5f11 .text C:\Program Files (x86)\ASUS\ASUS Sonic Focus\SonicFocusTray.exe[5392] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationProcess 000000007738fb08 5 bytes JMP 00000001741e5971 .text C:\Program Files (x86)\ASUS\ASUS Sonic Focus\SonicFocusTray.exe[5392] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess 000000007738fc00 5 bytes JMP 00000001741e3061 .text C:\Program Files (x86)\ASUS\ASUS Sonic Focus\SonicFocusTray.exe[5392] C:\Windows\SysWOW64\ntdll.dll!NtMapViewOfSection 000000007738fc30 5 bytes JMP 00000001741e15f1 .text C:\Program Files (x86)\ASUS\ASUS Sonic Focus\SonicFocusTray.exe[5392] C:\Windows\SysWOW64\ntdll.dll!NtUnmapViewOfSection 000000007738fc60 5 bytes JMP 00000001741e1681 .text C:\Program Files (x86)\ASUS\ASUS Sonic Focus\SonicFocusTray.exe[5392] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 000000007738fc90 5 bytes JMP 00000001741e58e1 .text C:\Program Files (x86)\ASUS\ASUS Sonic Focus\SonicFocusTray.exe[5392] C:\Windows\SysWOW64\ntdll.dll!NtOpenSection 000000007738fda8 5 bytes JMP 00000001741e65d1 .text C:\Program Files (x86)\ASUS\ASUS Sonic Focus\SonicFocusTray.exe[5392] C:\Windows\SysWOW64\ntdll.dll!NtWriteVirtualMemory 000000007738fdf4 5 bytes JMP 00000001741e2f41 .text C:\Program Files (x86)\ASUS\ASUS Sonic Focus\SonicFocusTray.exe[5392] C:\Windows\SysWOW64\ntdll.dll!NtDuplicateObject 000000007738fe24 5 bytes JMP 00000001741e3181 .text C:\Program Files (x86)\ASUS\ASUS Sonic Focus\SonicFocusTray.exe[5392] C:\Windows\SysWOW64\ntdll.dll!NtQueueApcThread 000000007738ff04 5 bytes JMP 00000001741e30f1 .text C:\Program Files (x86)\ASUS\ASUS Sonic Focus\SonicFocusTray.exe[5392] C:\Windows\SysWOW64\ntdll.dll!NtCreateSection 000000007738ff84 5 bytes JMP 00000001741e66f1 .text C:\Program Files (x86)\ASUS\ASUS Sonic Focus\SonicFocusTray.exe[5392] C:\Windows\SysWOW64\ntdll.dll!NtCreateProcessEx 000000007738ffcc 5 bytes JMP 00000001741e2d91 .text C:\Program Files (x86)\ASUS\ASUS Sonic Focus\SonicFocusTray.exe[5392] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread 000000007738ffe4 5 bytes JMP 00000001741e2c71 .text C:\Program Files (x86)\ASUS\ASUS Sonic Focus\SonicFocusTray.exe[5392] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile 0000000077390094 5 bytes JMP 00000001741e1e61 .text C:\Program Files (x86)\ASUS\ASUS Sonic Focus\SonicFocusTray.exe[5392] C:\Windows\SysWOW64\ntdll.dll!NtSetValueKey 00000000773901a4 5 bytes JMP 00000001741e2251 .text C:\Program Files (x86)\ASUS\ASUS Sonic Focus\SonicFocusTray.exe[5392] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant 000000007739077c 5 bytes JMP 00000001741e6541 .text C:\Program Files (x86)\ASUS\ASUS Sonic Focus\SonicFocusTray.exe[5392] C:\Windows\SysWOW64\ntdll.dll!NtCreateProcess 00000000773907f4 5 bytes JMP 00000001741e2d01 .text C:\Program Files (x86)\ASUS\ASUS Sonic Focus\SonicFocusTray.exe[5392] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx 0000000077390884 5 bytes JMP 00000001741e2be1 .text C:\Program Files (x86)\ASUS\ASUS Sonic Focus\SonicFocusTray.exe[5392] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver 0000000077390dd4 5 bytes JMP 00000001741e5fa1 .text C:\Program Files (x86)\ASUS\ASUS Sonic Focus\SonicFocusTray.exe[5392] C:\Windows\SysWOW64\ntdll.dll!NtRaiseHardError 00000000773915e4 5 bytes JMP 00000001741e4651 .text C:\Program Files (x86)\ASUS\ASUS Sonic Focus\SonicFocusTray.exe[5392] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread 0000000077391900 5 bytes JMP 00000001741e2fd1 .text C:\Program Files (x86)\ASUS\ASUS Sonic Focus\SonicFocusTray.exe[5392] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation 0000000077391bc4 5 bytes JMP 00000001741e6031 .text C:\Program Files (x86)\ASUS\ASUS Sonic Focus\SonicFocusTray.exe[5392] C:\Windows\SysWOW64\ntdll.dll!NtSystemDebugControl 0000000077391d6c 5 bytes JMP 00000001741e6781 .text C:\Program Files (x86)\ASUS\ASUS Sonic Focus\SonicFocusTray.exe[5392] C:\Windows\SysWOW64\ntdll.dll!NtVdmControl 0000000077391ec8 5 bytes JMP 00000001741e6391 .text C:\Program Files (x86)\ASUS\ASUS Sonic Focus\SonicFocusTray.exe[5392] C:\Windows\SysWOW64\ntdll.dll!RtlQueryPerformanceCounter 00000000773a88a4 5 bytes JMP 00000001741e1a71 .text C:\Program Files (x86)\ASUS\ASUS Sonic Focus\SonicFocusTray.exe[5392] C:\Windows\SysWOW64\ntdll.dll!RtlCreateProcessParametersEx 00000000773d0cfb 5 bytes JMP 00000001741e1f81 .text C:\Program Files (x86)\ASUS\ASUS Sonic Focus\SonicFocusTray.exe[5392] C:\Windows\SysWOW64\ntdll.dll!RtlReportException 000000007741857f 5 bytes JMP 00000001741e46e1 .text C:\Program Files (x86)\ASUS\ASUS Sonic Focus\SonicFocusTray.exe[5392] C:\Windows\SysWOW64\ntdll.dll!RtlCreateProcessParameters 000000007741e81b 5 bytes JMP 00000001741e1ef1 .text C:\Program Files (x86)\ASUS\ASUS Sonic Focus\SonicFocusTray.exe[5392] C:\Windows\syswow64\kernel32.dll!GetStartupInfoA 00000000764a0e00 5 bytes JMP 00000001741e1d41 .text C:\Program Files (x86)\ASUS\ASUS Sonic Focus\SonicFocusTray.exe[5392] C:\Windows\syswow64\kernel32.dll!CreateProcessA 00000000764a1072 5 bytes JMP 00000001741e2911 .text C:\Program Files (x86)\ASUS\ASUS Sonic Focus\SonicFocusTray.exe[5392] C:\Windows\syswow64\kernel32.dll!LoadLibraryA 00000000764a49bf 5 bytes JMP 00000001741e2521 .text C:\Program Files (x86)\ASUS\ASUS Sonic Focus\SonicFocusTray.exe[5392] C:\Windows\syswow64\kernel32.dll!CreateProcessInternalW 00000000764b3bdb 5 bytes JMP 00000001741e2eb1 .text C:\Program Files (x86)\ASUS\ASUS Sonic Focus\SonicFocusTray.exe[5392] C:\Windows\syswow64\kernel32.dll!CreateToolhelp32Snapshot 00000000764c7347 5 bytes JMP 00000001741e2641 .text C:\Program Files (x86)\ASUS\ASUS Sonic Focus\SonicFocusTray.exe[5392] C:\Windows\syswow64\kernel32.dll!Process32NextW 00000000764c8954 5 bytes JMP 00000001741e5e81 .text C:\Program Files (x86)\ASUS\ASUS Sonic Focus\SonicFocusTray.exe[5392] C:\Windows\syswow64\kernel32.dll!WinExec 0000000076522c91 5 bytes JMP 00000001741e27f1 .text C:\Program Files (x86)\ASUS\ASUS Sonic Focus\SonicFocusTray.exe[5392] C:\Windows\syswow64\kernel32.dll!ReadConsoleInputA 0000000076546f6b 5 bytes JMP 00000001741e4261 .text C:\Program Files (x86)\ASUS\ASUS Sonic Focus\SonicFocusTray.exe[5392] C:\Windows\syswow64\kernel32.dll!ReadConsoleInputW 0000000076546f8e 5 bytes JMP 00000001741e4381 .text C:\Program Files (x86)\ASUS\ASUS Sonic Focus\SonicFocusTray.exe[5392] C:\Windows\syswow64\kernel32.dll!ReadConsoleA 0000000076547339 5 bytes JMP 00000001741e44a1 .text C:\Program Files (x86)\ASUS\ASUS Sonic Focus\SonicFocusTray.exe[5392] C:\Windows\syswow64\kernel32.dll!ReadConsoleW 00000000765473b2 5 bytes JMP 00000001741e45c1 .text C:\Program Files (x86)\ASUS\ASUS Sonic Focus\SonicFocusTray.exe[5392] C:\Windows\syswow64\KERNELBASE.dll!GetSystemTimeAsFileTime 00000000750d8f7d 5 bytes JMP 00000001741e19e1 .text C:\Program Files (x86)\ASUS\ASUS Sonic Focus\SonicFocusTray.exe[5392] C:\Windows\syswow64\KERNELBASE.dll!CloseHandle 00000000750dc428 5 bytes JMP 00000001741e37b1 .text C:\Program Files (x86)\ASUS\ASUS Sonic Focus\SonicFocusTray.exe[5392] C:\Windows\syswow64\KERNELBASE.dll!WriteProcessMemory 00000000750dec98 5 bytes JMP 00000001741e32a1 .text C:\Program Files (x86)\ASUS\ASUS Sonic Focus\SonicFocusTray.exe[5392] C:\Windows\syswow64\KERNELBASE.dll!ExitProcess 00000000750df1f8 4 bytes JMP 00000001741e22e1 .text C:\Program Files (x86)\ASUS\ASUS Sonic Focus\SonicFocusTray.exe[5392] C:\Windows\syswow64\KERNELBASE.dll!GetStartupInfoW 00000000750dfa7b 5 bytes JMP 00000001741e1dd1 .text C:\Program Files (x86)\ASUS\ASUS Sonic Focus\SonicFocusTray.exe[5392] C:\Windows\syswow64\KERNELBASE.dll!CreateMutexW 00000000750e134a 5 bytes JMP 00000001741e3721 .text C:\Program Files (x86)\ASUS\ASUS Sonic Focus\SonicFocusTray.exe[5392] C:\Windows\syswow64\KERNELBASE.dll!OpenMutexW 00000000750e1371 5 bytes JMP 00000001741e3691 .text C:\Program Files (x86)\ASUS\ASUS Sonic Focus\SonicFocusTray.exe[5392] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 00000000750e1d1b 5 bytes JMP 00000001741e1951 .text C:\Program Files (x86)\ASUS\ASUS Sonic Focus\SonicFocusTray.exe[5392] C:\Windows\syswow64\KERNELBASE.dll!GetProcAddress 00000000750e1e07 5 bytes JMP 00000001741e2401 .text C:\Program Files (x86)\ASUS\ASUS Sonic Focus\SonicFocusTray.exe[5392] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 00000000750e2aa4 5 bytes JMP 00000001741e5a91 .text C:\Program Files (x86)\ASUS\ASUS Sonic Focus\SonicFocusTray.exe[5392] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExA 00000000750e2ccc 5 bytes JMP 00000001741e5a01 .text C:\Program Files (x86)\ASUS\ASUS Sonic Focus\SonicFocusTray.exe[5392] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 00000000750e2d0a 5 bytes JMP 00000001741e5b21 .text C:\Program Files (x86)\ASUS\ASUS Sonic Focus\SonicFocusTray.exe[5392] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleA 00000000750e2e6d 5 bytes JMP 00000001741e18c1 .text C:\Program Files (x86)\ASUS\ASUS Sonic Focus\SonicFocusTray.exe[5392] C:\Windows\syswow64\KERNELBASE.dll!SleepEx 00000000750e3b63 5 bytes JMP 00000001741e21c1 .text C:\Program Files (x86)\ASUS\ASUS Sonic Focus\SonicFocusTray.exe[5392] C:\Windows\syswow64\KERNELBASE.dll!Sleep 00000000750e4489 5 bytes JMP 00000001741e2371 .text C:\Program Files (x86)\ASUS\ASUS Sonic Focus\SonicFocusTray.exe[5392] C:\Windows\syswow64\KERNELBASE.dll!CreateThread 00000000750e45fb 5 bytes JMP 00000001741e3211 .text C:\Program Files (x86)\ASUS\ASUS Sonic Focus\SonicFocusTray.exe[5392] C:\Windows\syswow64\KERNELBASE.dll!CreateRemoteThread 00000000750e4624 5 bytes JMP 00000001741e2b51 .text C:\Program Files (x86)\ASUS\ASUS Sonic Focus\SonicFocusTray.exe[5392] C:\Windows\syswow64\KERNELBASE.dll!CreateFileA 00000000750ec72c 5 bytes JMP 00000001741e26d1 .text C:\Program Files (x86)\ASUS\ASUS Sonic Focus\SonicFocusTray.exe[5392] C:\Windows\syswow64\msvcrt.dll!_lock + 41 00000000753ca472 5 bytes JMP 00000001741e6811 .text C:\Program Files (x86)\ASUS\ASUS Sonic Focus\SonicFocusTray.exe[5392] C:\Windows\syswow64\msvcrt.dll!__p__fmode 00000000753d27ce 5 bytes JMP 00000001741e1b91 .text C:\Program Files (x86)\ASUS\ASUS Sonic Focus\SonicFocusTray.exe[5392] C:\Windows\syswow64\msvcrt.dll!__p__environ 00000000753de6cf 5 bytes JMP 00000001741e1b01 .text C:\Program Files (x86)\ASUS\ASUS Sonic Focus\SonicFocusTray.exe[5392] C:\Windows\syswow64\SHELL32.dll!Shell_NotifyIconW 0000000075860171 5 bytes JMP 00000001741e4891 .text C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe[5568] C:\Windows\SysWOW64\ntdll.dll!NtWriteFile 000000007738f908 5 bytes JMP 00000001741e6661 .text C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe[5568] C:\Windows\SysWOW64\ntdll.dll!NtClose 000000007738f9c0 5 bytes JMP 00000001741e5f11 .text C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe[5568] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationProcess 000000007738fb08 5 bytes JMP 00000001741e5971 .text C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe[5568] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess 000000007738fc00 5 bytes JMP 00000001741e3061 .text C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe[5568] C:\Windows\SysWOW64\ntdll.dll!NtMapViewOfSection 000000007738fc30 5 bytes JMP 00000001741e15f1 .text C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe[5568] C:\Windows\SysWOW64\ntdll.dll!NtUnmapViewOfSection 000000007738fc60 5 bytes JMP 00000001741e1681 .text C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe[5568] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 000000007738fc90 5 bytes JMP 00000001741e58e1 .text C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe[5568] C:\Windows\SysWOW64\ntdll.dll!NtOpenSection 000000007738fda8 5 bytes JMP 00000001741e65d1 .text C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe[5568] C:\Windows\SysWOW64\ntdll.dll!NtWriteVirtualMemory 000000007738fdf4 5 bytes JMP 00000001741e2f41 .text C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe[5568] C:\Windows\SysWOW64\ntdll.dll!NtDuplicateObject 000000007738fe24 5 bytes JMP 00000001741e3181 .text C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe[5568] C:\Windows\SysWOW64\ntdll.dll!NtQueueApcThread 000000007738ff04 5 bytes JMP 00000001741e30f1 .text C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe[5568] C:\Windows\SysWOW64\ntdll.dll!NtCreateSection 000000007738ff84 5 bytes JMP 00000001741e66f1 .text C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe[5568] C:\Windows\SysWOW64\ntdll.dll!NtCreateProcessEx 000000007738ffcc 5 bytes JMP 00000001741e2d91 .text C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe[5568] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread 000000007738ffe4 5 bytes JMP 00000001741e2c71 .text C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe[5568] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile 0000000077390094 5 bytes JMP 00000001741e1e61 .text C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe[5568] C:\Windows\SysWOW64\ntdll.dll!NtSetValueKey 00000000773901a4 5 bytes JMP 00000001741e2251 .text C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe[5568] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant 000000007739077c 5 bytes JMP 00000001741e6541 .text C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe[5568] C:\Windows\SysWOW64\ntdll.dll!NtCreateProcess 00000000773907f4 5 bytes JMP 00000001741e2d01 .text C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe[5568] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx 0000000077390884 5 bytes JMP 00000001741e2be1 .text C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe[5568] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver 0000000077390dd4 5 bytes JMP 00000001741e5fa1 .text C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe[5568] C:\Windows\SysWOW64\ntdll.dll!NtRaiseHardError 00000000773915e4 5 bytes JMP 00000001741e4651 .text C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe[5568] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread 0000000077391900 5 bytes JMP 00000001741e2fd1 .text C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe[5568] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation 0000000077391bc4 5 bytes JMP 00000001741e6031 .text C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe[5568] C:\Windows\SysWOW64\ntdll.dll!NtSystemDebugControl 0000000077391d6c 5 bytes JMP 00000001741e6781 .text C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe[5568] C:\Windows\SysWOW64\ntdll.dll!NtVdmControl 0000000077391ec8 5 bytes JMP 00000001741e6391 .text C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe[5568] C:\Windows\SysWOW64\ntdll.dll!RtlQueryPerformanceCounter 00000000773a88a4 5 bytes JMP 00000001741e1a71 .text C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe[5568] C:\Windows\SysWOW64\ntdll.dll!RtlCreateProcessParametersEx 00000000773d0cfb 5 bytes JMP 00000001741e1f81 .text C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe[5568] C:\Windows\SysWOW64\ntdll.dll!RtlReportException 000000007741857f 5 bytes JMP 00000001741e46e1 .text C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe[5568] C:\Windows\SysWOW64\ntdll.dll!RtlCreateProcessParameters 000000007741e81b 5 bytes JMP 00000001741e1ef1 .text C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe[5568] C:\Windows\syswow64\kernel32.dll!GetStartupInfoA 00000000764a0e00 5 bytes JMP 00000001741e1d41 .text C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe[5568] C:\Windows\syswow64\kernel32.dll!CreateProcessA 00000000764a1072 5 bytes JMP 00000001741e2911 .text C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe[5568] C:\Windows\syswow64\kernel32.dll!LoadLibraryA 00000000764a49bf 5 bytes JMP 00000001741e2521 .text C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe[5568] C:\Windows\syswow64\kernel32.dll!CreateProcessInternalW 00000000764b3bdb 5 bytes JMP 00000001741e2eb1 .text C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe[5568] C:\Windows\syswow64\kernel32.dll!CreateToolhelp32Snapshot 00000000764c7347 5 bytes JMP 00000001741e2641 .text C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe[5568] C:\Windows\syswow64\kernel32.dll!Process32NextW 00000000764c8954 5 bytes JMP 00000001741e5e81 .text C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe[5568] C:\Windows\syswow64\kernel32.dll!WinExec 0000000076522c91 5 bytes JMP 00000001741e27f1 .text C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe[5568] C:\Windows\syswow64\kernel32.dll!ReadConsoleInputA 0000000076546f6b 5 bytes JMP 00000001741e4261 .text C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe[5568] C:\Windows\syswow64\kernel32.dll!ReadConsoleInputW 0000000076546f8e 5 bytes JMP 00000001741e4381 .text C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe[5568] C:\Windows\syswow64\kernel32.dll!ReadConsoleA 0000000076547339 5 bytes JMP 00000001741e44a1 .text C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe[5568] C:\Windows\syswow64\kernel32.dll!ReadConsoleW 00000000765473b2 5 bytes JMP 00000001741e45c1 .text C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe[5568] C:\Windows\syswow64\KERNELBASE.dll!GetSystemTimeAsFileTime 00000000750d8f7d 5 bytes JMP 00000001741e19e1 .text C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe[5568] C:\Windows\syswow64\KERNELBASE.dll!CloseHandle 00000000750dc428 5 bytes JMP 00000001741e37b1 .text C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe[5568] C:\Windows\syswow64\KERNELBASE.dll!WriteProcessMemory 00000000750dec98 5 bytes JMP 00000001741e32a1 .text C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe[5568] C:\Windows\syswow64\KERNELBASE.dll!ExitProcess 00000000750df1f8 4 bytes JMP 00000001741e22e1 .text C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe[5568] C:\Windows\syswow64\KERNELBASE.dll!GetStartupInfoW 00000000750dfa7b 5 bytes JMP 00000001741e1dd1 .text C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe[5568] C:\Windows\syswow64\KERNELBASE.dll!CreateMutexW 00000000750e134a 5 bytes JMP 00000001741e3721 .text C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe[5568] C:\Windows\syswow64\KERNELBASE.dll!OpenMutexW 00000000750e1371 5 bytes JMP 00000001741e3691 .text C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe[5568] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 00000000750e1d1b 5 bytes JMP 00000001741e1951 .text C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe[5568] C:\Windows\syswow64\KERNELBASE.dll!GetProcAddress 00000000750e1e07 5 bytes JMP 00000001741e2401 .text C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe[5568] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 00000000750e2aa4 5 bytes JMP 00000001741e5a91 .text C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe[5568] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExA 00000000750e2ccc 5 bytes JMP 00000001741e5a01 .text C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe[5568] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 00000000750e2d0a 5 bytes JMP 00000001741e5b21 .text C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe[5568] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleA 00000000750e2e6d 5 bytes JMP 00000001741e18c1 .text C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe[5568] C:\Windows\syswow64\KERNELBASE.dll!SleepEx 00000000750e3b63 5 bytes JMP 00000001741e21c1 .text C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe[5568] C:\Windows\syswow64\KERNELBASE.dll!Sleep 00000000750e4489 5 bytes JMP 00000001741e2371 .text C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe[5568] C:\Windows\syswow64\KERNELBASE.dll!CreateThread 00000000750e45fb 5 bytes JMP 00000001741e3211 .text C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe[5568] C:\Windows\syswow64\KERNELBASE.dll!CreateRemoteThread 00000000750e4624 5 bytes JMP 00000001741e2b51 .text C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe[5568] C:\Windows\syswow64\KERNELBASE.dll!CreateFileA 00000000750ec72c 5 bytes JMP 00000001741e26d1 .text C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe[5568] C:\Windows\syswow64\USER32.dll!GetMessageW 00000000767a78e2 5 bytes JMP 00000001741e4021 .text C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe[5568] C:\Windows\syswow64\USER32.dll!GetMessageA 00000000767a7bd3 5 bytes JMP 00000001741e3f91 .text C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe[5568] C:\Windows\syswow64\USER32.dll!CreateWindowExW 00000000767a8a29 5 bytes JMP 00000001741e52b1 .text C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe[5568] C:\Windows\syswow64\USER32.dll!FindWindowW 00000000767a98fd 5 bytes JMP 00000001741e5cd1 .text C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe[5568] C:\Windows\syswow64\USER32.dll!UserClientDllInitialize 00000000767ab6ed 5 bytes JMP 00000001741e6811 .text C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe[5568] C:\Windows\syswow64\USER32.dll!CreateWindowExA 00000000767ad22e 5 bytes JMP 00000001741e5341 .text C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe[5568] C:\Windows\syswow64\USER32.dll!FindWindowA 00000000767affe6 5 bytes JMP 00000001741e5bb1 .text C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe[5568] C:\Windows\syswow64\USER32.dll!FindWindowExA 00000000767b00d9 5 bytes JMP 00000001741e5c41 .text C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe[5568] C:\Windows\syswow64\USER32.dll!PeekMessageW 00000000767b05ba 5 bytes JMP 00000001741e4141 .text C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe[5568] C:\Windows\syswow64\USER32.dll!ShowWindow 00000000767b0dfb 5 bytes JMP 00000001741e53d1 .text C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe[5568] C:\Windows\syswow64\USER32.dll!PostMessageW 00000000767b12a5 5 bytes JMP 00000001741e64b1 .text C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe[5568] C:\Windows\syswow64\USER32.dll!SetWindowTextW 00000000767b20ec 5 bytes JMP 00000001741e5731 .text C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe[5568] C:\Windows\syswow64\USER32.dll!PostMessageA 00000000767b3baa 5 bytes JMP 00000001741e6421 .text C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe[5568] C:\Windows\syswow64\USER32.dll!PeekMessageA 00000000767b5f74 5 bytes JMP 00000001741e40b1 .text C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe[5568] C:\Windows\syswow64\USER32.dll!CallNextHookEx 00000000767b6285 5 bytes JMP 00000001741e4771 .text C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe[5568] C:\Windows\syswow64\USER32.dll!SetWindowsHookExW 00000000767b7603 5 bytes JMP 00000001741e2ac1 .text C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe[5568] C:\Windows\syswow64\USER32.dll!SetWindowTextA 00000000767b7aee 5 bytes JMP 00000001741e56a1 .text C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe[5568] C:\Windows\syswow64\USER32.dll!SetWindowsHookExA 00000000767b835c 5 bytes JMP 00000001741e2a31 .text C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe[5568] C:\Windows\syswow64\USER32.dll!DialogBoxIndirectParamAorW 00000000767cce54 5 bytes JMP 00000001741e54f1 .text C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe[5568] C:\Windows\syswow64\USER32.dll!UnhookWindowsHookEx 00000000767cf52b 5 bytes JMP 00000001741e4801 .text C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe[5568] C:\Windows\syswow64\USER32.dll!FindWindowExW 00000000767cf588 5 bytes JMP 00000001741e5d61 .text C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe[5568] C:\Windows\syswow64\USER32.dll!CreateDialogIndirectParamAorW 00000000767d10a0 5 bytes JMP 00000001741e5461 .text C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe[5568] C:\Windows\syswow64\USER32.dll!MessageBoxExA 00000000767ffcd6 5 bytes JMP 00000001741e5581 .text C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe[5568] C:\Windows\syswow64\USER32.dll!MessageBoxExW 00000000767ffcfa 5 bytes JMP 00000001741e5611 .text C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe[5568] C:\Windows\syswow64\SHELL32.dll!Shell_NotifyIconW 0000000075860171 5 bytes JMP 00000001741e4891 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[5908] C:\Windows\SysWOW64\ntdll.dll!NtWriteFile 000000007738f908 5 bytes JMP 00000001741e6661 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[5908] C:\Windows\SysWOW64\ntdll.dll!NtClose 000000007738f9c0 5 bytes JMP 00000001741e5f11 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[5908] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationProcess 000000007738fb08 5 bytes JMP 00000001741e5971 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[5908] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess 000000007738fc00 5 bytes JMP 00000001741e3061 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[5908] C:\Windows\SysWOW64\ntdll.dll!NtMapViewOfSection 000000007738fc30 5 bytes JMP 00000001741e15f1 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[5908] C:\Windows\SysWOW64\ntdll.dll!NtUnmapViewOfSection 000000007738fc60 5 bytes JMP 00000001741e1681 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[5908] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 000000007738fc90 5 bytes JMP 00000001741e58e1 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[5908] C:\Windows\SysWOW64\ntdll.dll!NtOpenSection 000000007738fda8 5 bytes JMP 00000001741e65d1 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[5908] C:\Windows\SysWOW64\ntdll.dll!NtWriteVirtualMemory 000000007738fdf4 5 bytes JMP 00000001741e2f41 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[5908] C:\Windows\SysWOW64\ntdll.dll!NtDuplicateObject 000000007738fe24 5 bytes JMP 00000001741e3181 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[5908] C:\Windows\SysWOW64\ntdll.dll!NtQueueApcThread 000000007738ff04 5 bytes JMP 00000001741e30f1 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[5908] C:\Windows\SysWOW64\ntdll.dll!NtCreateSection 000000007738ff84 5 bytes JMP 00000001741e66f1 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[5908] C:\Windows\SysWOW64\ntdll.dll!NtCreateProcessEx 000000007738ffcc 5 bytes JMP 00000001741e2d91 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[5908] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread 000000007738ffe4 5 bytes JMP 00000001741e2c71 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[5908] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile 0000000077390094 5 bytes JMP 00000001741e1e61 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[5908] C:\Windows\SysWOW64\ntdll.dll!NtSetValueKey 00000000773901a4 5 bytes JMP 00000001741e2251 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[5908] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant 000000007739077c 5 bytes JMP 00000001741e6541 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[5908] C:\Windows\SysWOW64\ntdll.dll!NtCreateProcess 00000000773907f4 5 bytes JMP 00000001741e2d01 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[5908] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx 0000000077390884 5 bytes JMP 00000001741e2be1 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[5908] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver 0000000077390dd4 5 bytes JMP 00000001741e5fa1 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[5908] C:\Windows\SysWOW64\ntdll.dll!NtRaiseHardError 00000000773915e4 5 bytes JMP 00000001741e4651 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[5908] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread 0000000077391900 5 bytes JMP 00000001741e2fd1 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[5908] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation 0000000077391bc4 5 bytes JMP 00000001741e6031 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[5908] C:\Windows\SysWOW64\ntdll.dll!NtSystemDebugControl 0000000077391d6c 5 bytes JMP 00000001741e6781 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[5908] C:\Windows\SysWOW64\ntdll.dll!NtVdmControl 0000000077391ec8 5 bytes JMP 00000001741e6391 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[5908] C:\Windows\SysWOW64\ntdll.dll!RtlQueryPerformanceCounter 00000000773a88a4 5 bytes JMP 00000001741e1a71 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[5908] C:\Windows\SysWOW64\ntdll.dll!RtlCreateProcessParametersEx 00000000773d0cfb 5 bytes JMP 00000001741e1f81 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[5908] C:\Windows\SysWOW64\ntdll.dll!RtlReportException 000000007741857f 5 bytes JMP 00000001741e46e1 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[5908] C:\Windows\SysWOW64\ntdll.dll!RtlCreateProcessParameters 000000007741e81b 5 bytes JMP 00000001741e1ef1 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[5908] C:\Windows\syswow64\kernel32.dll!GetStartupInfoA 00000000764a0e00 5 bytes JMP 00000001741e1d41 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[5908] C:\Windows\syswow64\kernel32.dll!CreateProcessA 00000000764a1072 5 bytes JMP 00000001741e2911 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[5908] C:\Windows\syswow64\kernel32.dll!LoadLibraryA 00000000764a49bf 5 bytes JMP 00000001741e2521 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[5908] C:\Windows\syswow64\kernel32.dll!CreateProcessInternalW 00000000764b3bdb 5 bytes JMP 00000001741e2eb1 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[5908] C:\Windows\syswow64\kernel32.dll!CreateToolhelp32Snapshot 00000000764c7347 5 bytes JMP 00000001741e2641 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[5908] C:\Windows\syswow64\kernel32.dll!Process32NextW 00000000764c8954 5 bytes JMP 00000001741e5e81 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[5908] C:\Windows\syswow64\kernel32.dll!WinExec 0000000076522c91 5 bytes JMP 00000001741e27f1 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[5908] C:\Windows\syswow64\kernel32.dll!ReadConsoleInputA 0000000076546f6b 5 bytes JMP 00000001741e4261 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[5908] C:\Windows\syswow64\kernel32.dll!ReadConsoleInputW 0000000076546f8e 5 bytes JMP 00000001741e4381 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[5908] C:\Windows\syswow64\kernel32.dll!ReadConsoleA 0000000076547339 5 bytes JMP 00000001741e44a1 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[5908] C:\Windows\syswow64\kernel32.dll!ReadConsoleW 00000000765473b2 5 bytes JMP 00000001741e45c1 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[5908] C:\Windows\syswow64\KERNELBASE.dll!GetSystemTimeAsFileTime 00000000750d8f7d 5 bytes JMP 00000001741e19e1 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[5908] C:\Windows\syswow64\KERNELBASE.dll!CloseHandle 00000000750dc428 5 bytes JMP 00000001741e37b1 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[5908] C:\Windows\syswow64\KERNELBASE.dll!WriteProcessMemory 00000000750dec98 5 bytes JMP 00000001741e32a1 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[5908] C:\Windows\syswow64\KERNELBASE.dll!ExitProcess 00000000750df1f8 4 bytes JMP 00000001741e22e1 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[5908] C:\Windows\syswow64\KERNELBASE.dll!GetStartupInfoW 00000000750dfa7b 5 bytes JMP 00000001741e1dd1 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[5908] C:\Windows\syswow64\KERNELBASE.dll!CreateMutexW 00000000750e134a 5 bytes JMP 00000001741e3721 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[5908] C:\Windows\syswow64\KERNELBASE.dll!OpenMutexW 00000000750e1371 5 bytes JMP 00000001741e3691 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[5908] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 00000000750e1d1b 5 bytes JMP 00000001741e1951 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[5908] C:\Windows\syswow64\KERNELBASE.dll!GetProcAddress 00000000750e1e07 5 bytes JMP 00000001741e2401 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[5908] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 00000000750e2aa4 5 bytes JMP 00000001741e5a91 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[5908] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExA 00000000750e2ccc 5 bytes JMP 00000001741e5a01 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[5908] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 00000000750e2d0a 5 bytes JMP 00000001741e5b21 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[5908] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleA 00000000750e2e6d 5 bytes JMP 00000001741e18c1 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[5908] C:\Windows\syswow64\KERNELBASE.dll!SleepEx 00000000750e3b63 5 bytes JMP 00000001741e21c1 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[5908] C:\Windows\syswow64\KERNELBASE.dll!Sleep 00000000750e4489 5 bytes JMP 00000001741e2371 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[5908] C:\Windows\syswow64\KERNELBASE.dll!CreateThread 00000000750e45fb 5 bytes JMP 00000001741e3211 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[5908] C:\Windows\syswow64\KERNELBASE.dll!CreateRemoteThread 00000000750e4624 5 bytes JMP 00000001741e2b51 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[5908] C:\Windows\syswow64\KERNELBASE.dll!CreateFileA 00000000750ec72c 5 bytes JMP 00000001741e26d1 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[5908] C:\Windows\syswow64\ADVAPI32.dll!OpenServiceW 0000000076e8ca4c 5 bytes JMP 00000001741e38d1 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[5908] C:\Windows\syswow64\ADVAPI32.dll!OpenServiceA 0000000076e92bf0 5 bytes JMP 00000001741e3841 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[5908] C:\Windows\syswow64\ADVAPI32.dll!CloseServiceHandle 0000000076e9369c 5 bytes JMP 00000001741e3cc1 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[5908] C:\Windows\syswow64\ADVAPI32.dll!RegOpenKeyExA + 222 0000000076e949e5 5 bytes JMP 00000001741e6811 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[5908] C:\Windows\syswow64\ADVAPI32.dll!CreateServiceW 0000000076ea712c 5 bytes JMP 00000001741e3f01 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[5908] C:\Windows\syswow64\ADVAPI32.dll!ControlService 0000000076ea7144 5 bytes JMP 00000001741e3a81 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[5908] C:\Windows\syswow64\ADVAPI32.dll!DeleteService 0000000076ea715c 5 bytes JMP 00000001741e3b11 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[5908] C:\Windows\syswow64\ADVAPI32.dll!ChangeServiceConfigA 0000000076ec30e8 5 bytes JMP 00000001741e3ba1 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[5908] C:\Windows\syswow64\ADVAPI32.dll!ChangeServiceConfigW 0000000076ec30f8 5 bytes JMP 00000001741e3c31 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[5908] C:\Windows\syswow64\ADVAPI32.dll!ControlServiceExA 0000000076ec3108 5 bytes JMP 00000001741e3961 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[5908] C:\Windows\syswow64\ADVAPI32.dll!ControlServiceExW 0000000076ec3118 5 bytes JMP 00000001741e39f1 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[5908] C:\Windows\syswow64\ADVAPI32.dll!CreateServiceA 0000000076ec3158 5 bytes JMP 00000001741e3e71 .text C:\Program Files\Elantech\ETDCtrlHelper.exe[4436] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateProcessParametersEx + 1 00000000771c92a1 5 bytes [B8, F9, 63, C1, 75] .text C:\Program Files\Elantech\ETDCtrlHelper.exe[4436] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateProcessParametersEx + 7 00000000771c92a7 5 bytes [00, 00, 00, 50, C3] .text C:\Program Files\Elantech\ETDCtrlHelper.exe[4436] C:\Windows\SYSTEM32\ntdll.dll!NtWriteFile 00000000771e1390 6 bytes [48, B8, 79, EC, C1, 75] .text C:\Program Files\Elantech\ETDCtrlHelper.exe[4436] C:\Windows\SYSTEM32\ntdll.dll!NtWriteFile + 8 00000000771e1398 4 bytes [00, 00, 50, C3] .text C:\Program Files\Elantech\ETDCtrlHelper.exe[4436] C:\Windows\SYSTEM32\ntdll.dll!NtClose 00000000771e1400 6 bytes [48, B8, 79, D0, C1, 75] .text C:\Program Files\Elantech\ETDCtrlHelper.exe[4436] C:\Windows\SYSTEM32\ntdll.dll!NtClose + 8 00000000771e1408 4 bytes [00, 00, 50, C3] .text C:\Program Files\Elantech\ETDCtrlHelper.exe[4436] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess 00000000771e14d0 6 bytes [48, B8, 39, BD, C1, 75] .text C:\Program Files\Elantech\ETDCtrlHelper.exe[4436] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess + 8 00000000771e14d8 4 bytes [00, 00, 50, C3] .text C:\Program Files\Elantech\ETDCtrlHelper.exe[4436] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000771e1570 6 bytes [48, B8, F9, 32, C1, 75] .text C:\Program Files\Elantech\ETDCtrlHelper.exe[4436] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess + 8 00000000771e1578 4 bytes [00, 00, 50, C3] .text C:\Program Files\Elantech\ETDCtrlHelper.exe[4436] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 00000000771e1590 6 bytes [48, B8, 39, 1C, C1, 75] .text C:\Program Files\Elantech\ETDCtrlHelper.exe[4436] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection + 8 00000000771e1598 4 bytes [00, 00, 50, C3] .text C:\Program Files\Elantech\ETDCtrlHelper.exe[4436] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection 00000000771e15b0 6 bytes [48, B8, F9, 1D, C1, 75] .text C:\Program Files\Elantech\ETDCtrlHelper.exe[4436] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection + 8 00000000771e15b8 4 bytes [00, 00, 50, C3] .text C:\Program Files\Elantech\ETDCtrlHelper.exe[4436] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000771e15d0 6 bytes [48, B8, 79, BB, C1, 75] .text C:\Program Files\Elantech\ETDCtrlHelper.exe[4436] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess + 8 00000000771e15d8 4 bytes [00, 00, 50, C3] .text C:\Program Files\Elantech\ETDCtrlHelper.exe[4436] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000771e1680 6 bytes [48, B8, F9, E8, C1, 75] .text C:\Program Files\Elantech\ETDCtrlHelper.exe[4436] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection + 8 00000000771e1688 4 bytes [00, 00, 50, C3] .text C:\Program Files\Elantech\ETDCtrlHelper.exe[4436] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000771e16b0 6 bytes [48, B8, 79, 2F, C1, 75] .text C:\Program Files\Elantech\ETDCtrlHelper.exe[4436] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory + 8 00000000771e16b8 4 bytes [00, 00, 50, C3] .text C:\Program Files\Elantech\ETDCtrlHelper.exe[4436] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000771e16d0 6 bytes [48, B8, 79, 36, C1, 75] .text C:\Program Files\Elantech\ETDCtrlHelper.exe[4436] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject + 8 00000000771e16d8 4 bytes [00, 00, 50, C3] .text C:\Program Files\Elantech\ETDCtrlHelper.exe[4436] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 00000000771e1760 6 bytes [48, B8, B9, 34, C1, 75] .text C:\Program Files\Elantech\ETDCtrlHelper.exe[4436] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread + 8 00000000771e1768 4 bytes [00, 00, 50, C3] .text C:\Program Files\Elantech\ETDCtrlHelper.exe[4436] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000771e17b0 6 bytes [48, B8, 39, EE, C1, 75] .text C:\Program Files\Elantech\ETDCtrlHelper.exe[4436] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection + 8 00000000771e17b8 4 bytes [00, 00, 50, C3] .text C:\Program Files\Elantech\ETDCtrlHelper.exe[4436] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcessEx 00000000771e17e0 6 bytes [48, B8, 39, 2A, C1, 75] .text C:\Program Files\Elantech\ETDCtrlHelper.exe[4436] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcessEx + 8 00000000771e17e8 4 bytes [00, 00, 50, C3] .text C:\Program Files\Elantech\ETDCtrlHelper.exe[4436] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000771e17f0 6 bytes [48, B8, B9, 26, C1, 75] .text C:\Program Files\Elantech\ETDCtrlHelper.exe[4436] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread + 8 00000000771e17f8 4 bytes [00, 00, 50, C3] .text C:\Program Files\Elantech\ETDCtrlHelper.exe[4436] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 00000000771e1860 6 bytes [48, B8, B9, EA, C1, 75] .text C:\Program Files\Elantech\ETDCtrlHelper.exe[4436] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile + 8 00000000771e1868 4 bytes [00, 00, 50, C3] .text C:\Program Files\Elantech\ETDCtrlHelper.exe[4436] C:\Windows\SYSTEM32\ntdll.dll!NtSetValueKey 00000000771e1910 6 bytes [48, B8, B9, F1, C1, 75] .text C:\Program Files\Elantech\ETDCtrlHelper.exe[4436] C:\Windows\SYSTEM32\ntdll.dll!NtSetValueKey + 8 00000000771e1918 4 bytes [00, 00, 50, C3] .text C:\Program Files\Elantech\ETDCtrlHelper.exe[4436] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000771e1ce0 6 bytes [48, B8, 39, E7, C1, 75] .text C:\Program Files\Elantech\ETDCtrlHelper.exe[4436] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant + 8 00000000771e1ce8 4 bytes [00, 00, 50, C3] .text C:\Program Files\Elantech\ETDCtrlHelper.exe[4436] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcess 00000000771e1d30 6 bytes [48, B8, 79, 28, C1, 75] .text C:\Program Files\Elantech\ETDCtrlHelper.exe[4436] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcess + 8 00000000771e1d38 4 bytes [00, 00, 50, C3] .text C:\Program Files\Elantech\ETDCtrlHelper.exe[4436] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000771e1d90 6 bytes [48, B8, F9, 24, C1, 75] .text C:\Program Files\Elantech\ETDCtrlHelper.exe[4436] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx + 8 00000000771e1d98 4 bytes [00, 00, 50, C3] .text C:\Program Files\Elantech\ETDCtrlHelper.exe[4436] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000771e2100 6 bytes [48, B8, 39, D2, C1, 75] .text C:\Program Files\Elantech\ETDCtrlHelper.exe[4436] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver + 8 00000000771e2108 4 bytes [00, 00, 50, C3] .text C:\Program Files\Elantech\ETDCtrlHelper.exe[4436] C:\Windows\SYSTEM32\ntdll.dll!NtRaiseHardError 00000000771e2640 6 bytes [48, B8, 39, 7E, C1, 75] .text C:\Program Files\Elantech\ETDCtrlHelper.exe[4436] C:\Windows\SYSTEM32\ntdll.dll!NtRaiseHardError + 8 00000000771e2648 4 bytes [00, 00, 50, C3] .text C:\Program Files\Elantech\ETDCtrlHelper.exe[4436] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000771e2840 6 bytes [48, B8, 39, 31, C1, 75] .text C:\Program Files\Elantech\ETDCtrlHelper.exe[4436] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread + 8 00000000771e2848 4 bytes [00, 00, 50, C3] .text C:\Program Files\Elantech\ETDCtrlHelper.exe[4436] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000771e2a00 6 bytes [48, B8, F9, D3, C1, 75] .text C:\Program Files\Elantech\ETDCtrlHelper.exe[4436] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation + 8 00000000771e2a08 4 bytes [00, 00, 50, C3] .text C:\Program Files\Elantech\ETDCtrlHelper.exe[4436] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000771e2b00 6 bytes [48, B8, F9, EF, C1, 75] .text C:\Program Files\Elantech\ETDCtrlHelper.exe[4436] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl + 8 00000000771e2b08 4 bytes [00, 00, 50, C3] .text C:\Program Files\Elantech\ETDCtrlHelper.exe[4436] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000771e2be0 6 bytes [48, B8, F9, E1, C1, 75] .text C:\Program Files\Elantech\ETDCtrlHelper.exe[4436] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl + 8 00000000771e2be8 4 bytes [00, 00, 50, C3] .text C:\Program Files\Elantech\ETDCtrlHelper.exe[4436] C:\Windows\SYSTEM32\ntdll.dll!RtlReportException + 1 00000000772531f1 11 bytes [B8, F9, 7F, C1, 75, 00, 00, ...] .text C:\Program Files\Elantech\ETDCtrlHelper.exe[4436] C:\Windows\system32\kernel32.dll!Process32NextW + 1 00000000770720f1 11 bytes [B8, B9, CE, C1, 75, 00, 00, ...] .text C:\Program Files\Elantech\ETDCtrlHelper.exe[4436] C:\Windows\system32\kernel32.dll!CreateToolhelp32Snapshot 00000000770721e0 12 bytes [48, B8, F9, 39, C1, 75, 00, ...] .text C:\Program Files\Elantech\ETDCtrlHelper.exe[4436] C:\Windows\system32\kernel32.dll!CreateProcessInternalW 000000007708e750 12 bytes [48, B8, B9, 2D, C1, 75, 00, ...] .text C:\Program Files\Elantech\ETDCtrlHelper.exe[4436] C:\Windows\system32\kernel32.dll!GetStartupInfoA + 1 0000000077091e31 11 bytes [B8, 39, E0, C1, 75, 00, 00, ...] .text C:\Program Files\Elantech\ETDCtrlHelper.exe[4436] C:\Windows\system32\kernel32.dll!ReadConsoleInputW + 1 00000000770c5011 11 bytes [B8, 79, 75, C1, 75, 00, 00, ...] .text C:\Program Files\Elantech\ETDCtrlHelper.exe[4436] C:\Windows\system32\kernel32.dll!ReadConsoleInputA + 1 00000000770c5031 11 bytes [B8, F9, 71, C1, 75, 00, 00, ...] .text C:\Program Files\Elantech\ETDCtrlHelper.exe[4436] C:\Windows\system32\kernel32.dll!ReadConsoleW 00000000770da560 12 bytes [48, B8, 79, 7C, C1, 75, 00, ...] .text C:\Program Files\Elantech\ETDCtrlHelper.exe[4436] C:\Windows\system32\kernel32.dll!ReadConsoleA 00000000770da670 12 bytes [48, B8, F9, 78, C1, 75, 00, ...] .text C:\Program Files\Elantech\ETDCtrlHelper.exe[4436] C:\Windows\system32\KERNELBASE.dll!CloseHandle + 1 000007fefd441861 11 bytes [B8, 39, 4D, C1, 75, 00, 00, ...] .text C:\Program Files\Elantech\ETDCtrlHelper.exe[4436] C:\Windows\system32\KERNELBASE.dll!GetProcAddress + 1 000007fefd4430f1 11 bytes [B8, 39, C4, C1, 75, 00, 00, ...] .text C:\Program Files\Elantech\ETDCtrlHelper.exe[4436] C:\Windows\system32\KERNELBASE.dll!CreateMutexW 000007fefd448b80 12 bytes [48, B8, 79, 4B, C1, 75, 00, ...] .text C:\Program Files\Elantech\ETDCtrlHelper.exe[4436] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd449940 12 bytes [48, B8, B9, C0, C1, 75, 00, ...] .text C:\Program Files\Elantech\ETDCtrlHelper.exe[4436] C:\Windows\system32\KERNELBASE.dll!FreeLibrary + 1 000007fefd449fb1 11 bytes [B8, 79, C2, C1, 75, 00, 00, ...] .text C:\Program Files\Elantech\ETDCtrlHelper.exe[4436] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExA + 1 000007fefd44bbb1 11 bytes [B8, F9, BE, C1, 75, 00, 00, ...] .text C:\Program Files\Elantech\ETDCtrlHelper.exe[4436] C:\Windows\system32\KERNELBASE.dll!OpenMutexW + 1 000007fefd4529c1 11 bytes [B8, B9, 49, C1, 75, 00, 00, ...] .text C:\Program Files\Elantech\ETDCtrlHelper.exe[4436] C:\Windows\system32\KERNELBASE.dll!WriteProcessMemory 000007fefd474320 12 bytes [48, B8, 79, 3D, C1, 75, 00, ...] .text C:\Program Files\Elantech\ETDCtrlHelper.exe[4436] C:\Windows\system32\KERNELBASE.dll!CreateRemoteThread + 1 000007fefd482841 8 bytes [B8, 39, 23, C1, 75, 00, 00, ...] .text C:\Program Files\Elantech\ETDCtrlHelper.exe[4436] C:\Windows\system32\KERNELBASE.dll!CreateRemoteThread + 10 000007fefd48284a 2 bytes [50, C3] .text C:\Program Files\Elantech\ETDCtrlHelper.exe[4436] C:\Windows\system32\KERNELBASE.dll!CreateThread + 1 000007fefd482881 11 bytes [B8, B9, 3B, C1, 75, 00, 00, ...] .text C:\Program Files\Elantech\ETDCtrlHelper.exe[4436] C:\Windows\SYSTEM32\sechost.dll!ControlService + 1 000007fefd77642d 11 bytes [B8, F9, 55, C1, 75, 00, 00, ...] .text C:\Program Files\Elantech\ETDCtrlHelper.exe[4436] C:\Windows\SYSTEM32\sechost.dll!OpenServiceW 000007fefd776484 12 bytes [48, B8, B9, 50, C1, 75, 00, ...] .text C:\Program Files\Elantech\ETDCtrlHelper.exe[4436] C:\Windows\SYSTEM32\sechost.dll!CloseServiceHandle + 1 000007fefd776519 11 bytes [B8, F9, 5C, C1, 75, 00, 00, ...] .text C:\Program Files\Elantech\ETDCtrlHelper.exe[4436] C:\Windows\SYSTEM32\sechost.dll!OpenServiceA 000007fefd776c34 12 bytes [48, B8, F9, 4E, C1, 75, 00, ...] .text C:\Program Files\Elantech\ETDCtrlHelper.exe[4436] C:\Windows\SYSTEM32\sechost.dll!DeleteService + 1 000007fefd777ab5 11 bytes [B8, B9, 57, C1, 75, 00, 00, ...] .text C:\Program Files\Elantech\ETDCtrlHelper.exe[4436] C:\Windows\SYSTEM32\sechost.dll!ControlServiceExA + 1 000007fefd778b01 11 bytes [B8, 79, 52, C1, 75, 00, 00, ...] .text C:\Program Files\Elantech\ETDCtrlHelper.exe[4436] C:\Windows\SYSTEM32\sechost.dll!ControlServiceExW + 1 000007fefd778c39 11 bytes [B8, 39, 54, C1, 75, 00, 00, ...] .text C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe[5812] C:\Windows\SysWOW64\ntdll.dll!NtWriteFile 000000007738f908 5 bytes JMP 00000001741e6661 .text C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe[5812] C:\Windows\SysWOW64\ntdll.dll!NtClose 000000007738f9c0 5 bytes JMP 00000001741e5f11 .text C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe[5812] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationProcess 000000007738fb08 5 bytes JMP 00000001741e5971 .text C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe[5812] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess 000000007738fc00 5 bytes JMP 00000001741e3061 .text C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe[5812] C:\Windows\SysWOW64\ntdll.dll!NtMapViewOfSection 000000007738fc30 5 bytes JMP 00000001741e15f1 .text C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe[5812] C:\Windows\SysWOW64\ntdll.dll!NtUnmapViewOfSection 000000007738fc60 5 bytes JMP 00000001741e1681 .text C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe[5812] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 000000007738fc90 5 bytes JMP 00000001741e58e1 .text C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe[5812] C:\Windows\SysWOW64\ntdll.dll!NtOpenSection 000000007738fda8 5 bytes JMP 00000001741e65d1 .text C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe[5812] C:\Windows\SysWOW64\ntdll.dll!NtWriteVirtualMemory 000000007738fdf4 5 bytes JMP 00000001741e2f41 .text C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe[5812] C:\Windows\SysWOW64\ntdll.dll!NtDuplicateObject 000000007738fe24 5 bytes JMP 00000001741e3181 .text C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe[5812] C:\Windows\SysWOW64\ntdll.dll!NtQueueApcThread 000000007738ff04 5 bytes JMP 00000001741e30f1 .text C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe[5812] C:\Windows\SysWOW64\ntdll.dll!NtCreateSection 000000007738ff84 5 bytes JMP 00000001741e66f1 .text C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe[5812] C:\Windows\SysWOW64\ntdll.dll!NtCreateProcessEx 000000007738ffcc 5 bytes JMP 00000001741e2d91 .text C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe[5812] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread 000000007738ffe4 5 bytes JMP 00000001741e2c71 .text C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe[5812] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile 0000000077390094 5 bytes JMP 00000001741e1e61 .text C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe[5812] C:\Windows\SysWOW64\ntdll.dll!NtSetValueKey 00000000773901a4 5 bytes JMP 00000001741e2251 .text C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe[5812] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant 000000007739077c 5 bytes JMP 00000001741e6541 .text C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe[5812] C:\Windows\SysWOW64\ntdll.dll!NtCreateProcess 00000000773907f4 5 bytes JMP 00000001741e2d01 .text C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe[5812] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx 0000000077390884 5 bytes JMP 00000001741e2be1 .text C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe[5812] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver 0000000077390dd4 5 bytes JMP 00000001741e5fa1 .text C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe[5812] C:\Windows\SysWOW64\ntdll.dll!NtRaiseHardError 00000000773915e4 5 bytes JMP 00000001741e4651 .text C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe[5812] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread 0000000077391900 5 bytes JMP 00000001741e2fd1 .text C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe[5812] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation 0000000077391bc4 5 bytes JMP 00000001741e6031 .text C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe[5812] C:\Windows\SysWOW64\ntdll.dll!NtSystemDebugControl 0000000077391d6c 5 bytes JMP 00000001741e6781 .text C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe[5812] C:\Windows\SysWOW64\ntdll.dll!NtVdmControl 0000000077391ec8 5 bytes JMP 00000001741e6391 .text C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe[5812] C:\Windows\SysWOW64\ntdll.dll!RtlQueryPerformanceCounter 00000000773a88a4 5 bytes JMP 00000001741e1a71 .text C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe[5812] C:\Windows\SysWOW64\ntdll.dll!RtlCreateProcessParametersEx 00000000773d0cfb 5 bytes JMP 00000001741e1f81 .text C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe[5812] C:\Windows\SysWOW64\ntdll.dll!RtlReportException 000000007741857f 5 bytes JMP 00000001741e46e1 .text C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe[5812] C:\Windows\SysWOW64\ntdll.dll!RtlCreateProcessParameters 000000007741e81b 5 bytes JMP 00000001741e1ef1 .text C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe[5812] C:\Windows\syswow64\kernel32.dll!GetStartupInfoA 00000000764a0e00 5 bytes JMP 00000001741e1d41 .text C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe[5812] C:\Windows\syswow64\kernel32.dll!CreateProcessA 00000000764a1072 5 bytes JMP 00000001741e2911 .text C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe[5812] C:\Windows\syswow64\kernel32.dll!LoadLibraryA 00000000764a49bf 5 bytes JMP 00000001741e2521 .text C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe[5812] C:\Windows\syswow64\kernel32.dll!CreateProcessInternalW 00000000764b3bdb 5 bytes JMP 00000001741e2eb1 .text C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe[5812] C:\Windows\syswow64\kernel32.dll!CreateToolhelp32Snapshot 00000000764c7347 5 bytes JMP 00000001741e2641 .text C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe[5812] C:\Windows\syswow64\kernel32.dll!Process32NextW 00000000764c8954 5 bytes JMP 00000001741e5e81 .text C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe[5812] C:\Windows\syswow64\kernel32.dll!WinExec 0000000076522c91 5 bytes JMP 00000001741e27f1 .text C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe[5812] C:\Windows\syswow64\kernel32.dll!ReadConsoleInputA 0000000076546f6b 5 bytes JMP 00000001741e4261 .text C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe[5812] C:\Windows\syswow64\kernel32.dll!ReadConsoleInputW 0000000076546f8e 5 bytes JMP 00000001741e4381 .text C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe[5812] C:\Windows\syswow64\kernel32.dll!ReadConsoleA 0000000076547339 5 bytes JMP 00000001741e44a1 .text C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe[5812] C:\Windows\syswow64\kernel32.dll!ReadConsoleW 00000000765473b2 5 bytes JMP 00000001741e45c1 .text C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe[5812] C:\Windows\syswow64\WS2_32.dll!closesocket 0000000076e43918 5 bytes JMP 00000001741e5851 .text C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe[5812] C:\Windows\syswow64\WS2_32.dll!WSASocketW 0000000076e43cd3 5 bytes JMP 00000001741e57c1 .text C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe[5812] C:\Windows\syswow64\WS2_32.dll!socket 0000000076e43eb8 5 bytes JMP 00000001741e60c1 .text C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe[5812] C:\Windows\syswow64\WS2_32.dll!WSASend 0000000076e44406 5 bytes JMP 00000001741e20a1 .text C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe[5812] C:\Windows\syswow64\WS2_32.dll!GetAddrInfoW 0000000076e44889 5 bytes JMP 00000001741e5191 .text C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe[5812] C:\Windows\syswow64\WS2_32.dll!recv 0000000076e46b0e 5 bytes JMP 00000001741e6271 .text C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe[5812] C:\Windows\syswow64\WS2_32.dll!connect 0000000076e46bdd 1 byte JMP 00000001741e3de1 .text C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe[5812] C:\Windows\syswow64\WS2_32.dll!connect + 2 0000000076e46bdf 3 bytes {CALL RCX} .text C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe[5812] C:\Windows\syswow64\WS2_32.dll!send 0000000076e46f01 5 bytes JMP 00000001741e2011 .text C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe[5812] C:\Windows\syswow64\WS2_32.dll!WSARecv 0000000076e47089 5 bytes JMP 00000001741e6301 .text C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe[5812] C:\Windows\syswow64\WS2_32.dll!WSAConnect 0000000076e4cc3f 5 bytes JMP 00000001741e61e1 .text C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe[5812] C:\Windows\syswow64\WS2_32.dll!gethostbyname 0000000076e57673 5 bytes JMP 00000001741e5221 .text C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe[5812] C:\Windows\syswow64\SHELL32.dll!Shell_NotifyIconW 0000000075860171 5 bytes JMP 00000001741e4891 .text C:\Windows\system32\SearchIndexer.exe[4760] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateProcessParametersEx + 1 00000000771c92a1 5 bytes [B8, F9, 63, C1, 75] .text C:\Windows\system32\SearchIndexer.exe[4760] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateProcessParametersEx + 7 00000000771c92a7 5 bytes [00, 00, 00, 50, C3] .text C:\Windows\system32\SearchIndexer.exe[4760] C:\Windows\SYSTEM32\ntdll.dll!NtWriteFile 00000000771e1390 6 bytes [48, B8, 79, EC, C1, 75] .text C:\Windows\system32\SearchIndexer.exe[4760] C:\Windows\SYSTEM32\ntdll.dll!NtWriteFile + 8 00000000771e1398 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\SearchIndexer.exe[4760] C:\Windows\SYSTEM32\ntdll.dll!NtClose 00000000771e1400 6 bytes [48, B8, 79, D0, C1, 75] .text C:\Windows\system32\SearchIndexer.exe[4760] C:\Windows\SYSTEM32\ntdll.dll!NtClose + 8 00000000771e1408 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\SearchIndexer.exe[4760] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess 00000000771e14d0 6 bytes [48, B8, 39, BD, C1, 75] .text C:\Windows\system32\SearchIndexer.exe[4760] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess + 8 00000000771e14d8 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\SearchIndexer.exe[4760] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000771e1570 6 bytes [48, B8, F9, 32, C1, 75] .text C:\Windows\system32\SearchIndexer.exe[4760] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess + 8 00000000771e1578 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\SearchIndexer.exe[4760] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 00000000771e1590 6 bytes [48, B8, 39, 1C, C1, 75] .text C:\Windows\system32\SearchIndexer.exe[4760] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection + 8 00000000771e1598 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\SearchIndexer.exe[4760] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection 00000000771e15b0 6 bytes [48, B8, F9, 1D, C1, 75] .text C:\Windows\system32\SearchIndexer.exe[4760] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection + 8 00000000771e15b8 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\SearchIndexer.exe[4760] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000771e15d0 6 bytes [48, B8, 79, BB, C1, 75] .text C:\Windows\system32\SearchIndexer.exe[4760] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess + 8 00000000771e15d8 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\SearchIndexer.exe[4760] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000771e1680 6 bytes [48, B8, F9, E8, C1, 75] .text C:\Windows\system32\SearchIndexer.exe[4760] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection + 8 00000000771e1688 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\SearchIndexer.exe[4760] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000771e16b0 6 bytes [48, B8, 79, 2F, C1, 75] .text C:\Windows\system32\SearchIndexer.exe[4760] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory + 8 00000000771e16b8 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\SearchIndexer.exe[4760] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000771e16d0 6 bytes [48, B8, 79, 36, C1, 75] .text C:\Windows\system32\SearchIndexer.exe[4760] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject + 8 00000000771e16d8 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\SearchIndexer.exe[4760] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 00000000771e1760 6 bytes [48, B8, B9, 34, C1, 75] .text C:\Windows\system32\SearchIndexer.exe[4760] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread + 8 00000000771e1768 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\SearchIndexer.exe[4760] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000771e17b0 6 bytes [48, B8, 39, EE, C1, 75] .text C:\Windows\system32\SearchIndexer.exe[4760] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection + 8 00000000771e17b8 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\SearchIndexer.exe[4760] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcessEx 00000000771e17e0 6 bytes [48, B8, 39, 2A, C1, 75] .text C:\Windows\system32\SearchIndexer.exe[4760] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcessEx + 8 00000000771e17e8 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\SearchIndexer.exe[4760] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000771e17f0 6 bytes [48, B8, B9, 26, C1, 75] .text C:\Windows\system32\SearchIndexer.exe[4760] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread + 8 00000000771e17f8 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\SearchIndexer.exe[4760] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 00000000771e1860 6 bytes [48, B8, B9, EA, C1, 75] .text C:\Windows\system32\SearchIndexer.exe[4760] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile + 8 00000000771e1868 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\SearchIndexer.exe[4760] C:\Windows\SYSTEM32\ntdll.dll!NtSetValueKey 00000000771e1910 6 bytes [48, B8, B9, F1, C1, 75] .text C:\Windows\system32\SearchIndexer.exe[4760] C:\Windows\SYSTEM32\ntdll.dll!NtSetValueKey + 8 00000000771e1918 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\SearchIndexer.exe[4760] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000771e1ce0 6 bytes [48, B8, 39, E7, C1, 75] .text C:\Windows\system32\SearchIndexer.exe[4760] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant + 8 00000000771e1ce8 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\SearchIndexer.exe[4760] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcess 00000000771e1d30 6 bytes [48, B8, 79, 28, C1, 75] .text C:\Windows\system32\SearchIndexer.exe[4760] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcess + 8 00000000771e1d38 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\SearchIndexer.exe[4760] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000771e1d90 6 bytes [48, B8, F9, 24, C1, 75] .text C:\Windows\system32\SearchIndexer.exe[4760] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx + 8 00000000771e1d98 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\SearchIndexer.exe[4760] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000771e2100 6 bytes [48, B8, 39, D2, C1, 75] .text C:\Windows\system32\SearchIndexer.exe[4760] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver + 8 00000000771e2108 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\SearchIndexer.exe[4760] C:\Windows\SYSTEM32\ntdll.dll!NtRaiseHardError 00000000771e2640 6 bytes [48, B8, 39, 7E, C1, 75] .text C:\Windows\system32\SearchIndexer.exe[4760] C:\Windows\SYSTEM32\ntdll.dll!NtRaiseHardError + 8 00000000771e2648 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\SearchIndexer.exe[4760] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000771e2840 6 bytes [48, B8, 39, 31, C1, 75] .text C:\Windows\system32\SearchIndexer.exe[4760] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread + 8 00000000771e2848 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\SearchIndexer.exe[4760] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000771e2a00 6 bytes [48, B8, F9, D3, C1, 75] .text C:\Windows\system32\SearchIndexer.exe[4760] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation + 8 00000000771e2a08 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\SearchIndexer.exe[4760] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000771e2b00 6 bytes [48, B8, F9, EF, C1, 75] .text C:\Windows\system32\SearchIndexer.exe[4760] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl + 8 00000000771e2b08 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\SearchIndexer.exe[4760] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000771e2be0 6 bytes [48, B8, F9, E1, C1, 75] .text C:\Windows\system32\SearchIndexer.exe[4760] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl + 8 00000000771e2be8 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\SearchIndexer.exe[4760] C:\Windows\SYSTEM32\ntdll.dll!RtlReportException + 1 00000000772531f1 11 bytes [B8, F9, 7F, C1, 75, 00, 00, ...] .text C:\Windows\system32\SearchIndexer.exe[4760] C:\Windows\system32\kernel32.dll!Process32NextW + 1 00000000770720f1 11 bytes [B8, B9, CE, C1, 75, 00, 00, ...] .text C:\Windows\system32\SearchIndexer.exe[4760] C:\Windows\system32\kernel32.dll!CreateToolhelp32Snapshot 00000000770721e0 12 bytes [48, B8, F9, 39, C1, 75, 00, ...] .text C:\Windows\system32\SearchIndexer.exe[4760] C:\Windows\system32\kernel32.dll!CreateProcessInternalW 000000007708e750 12 bytes [48, B8, B9, 2D, C1, 75, 00, ...] .text C:\Windows\system32\SearchIndexer.exe[4760] C:\Windows\system32\kernel32.dll!GetStartupInfoA + 1 0000000077091e31 11 bytes [B8, 39, E0, C1, 75, 00, 00, ...] .text C:\Windows\system32\SearchIndexer.exe[4760] C:\Windows\system32\kernel32.dll!ReadConsoleInputW + 1 00000000770c5011 11 bytes [B8, 79, 75, C1, 75, 00, 00, ...] .text C:\Windows\system32\SearchIndexer.exe[4760] C:\Windows\system32\kernel32.dll!ReadConsoleInputA + 1 00000000770c5031 11 bytes [B8, F9, 71, C1, 75, 00, 00, ...] .text C:\Windows\system32\SearchIndexer.exe[4760] C:\Windows\system32\kernel32.dll!ReadConsoleW 00000000770da560 12 bytes [48, B8, 79, 7C, C1, 75, 00, ...] .text C:\Windows\system32\SearchIndexer.exe[4760] C:\Windows\system32\kernel32.dll!ReadConsoleA 00000000770da670 12 bytes [48, B8, F9, 78, C1, 75, 00, ...] .text C:\Windows\system32\SearchIndexer.exe[4760] C:\Windows\system32\KERNELBASE.dll!CloseHandle + 1 000007fefd441861 11 bytes [B8, 39, 4D, C1, 75, 00, 00, ...] .text C:\Windows\system32\SearchIndexer.exe[4760] C:\Windows\system32\KERNELBASE.dll!GetProcAddress + 1 000007fefd4430f1 11 bytes [B8, 39, C4, C1, 75, 00, 00, ...] .text C:\Windows\system32\SearchIndexer.exe[4760] C:\Windows\system32\KERNELBASE.dll!CreateMutexW 000007fefd448b80 12 bytes [48, B8, 79, 4B, C1, 75, 00, ...] .text C:\Windows\system32\SearchIndexer.exe[4760] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd449940 12 bytes [48, B8, B9, C0, C1, 75, 00, ...] .text C:\Windows\system32\SearchIndexer.exe[4760] C:\Windows\system32\KERNELBASE.dll!FreeLibrary + 1 000007fefd449fb1 11 bytes [B8, 79, C2, C1, 75, 00, 00, ...] .text C:\Windows\system32\SearchIndexer.exe[4760] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExA + 1 000007fefd44bbb1 11 bytes [B8, F9, BE, C1, 75, 00, 00, ...] .text C:\Windows\system32\SearchIndexer.exe[4760] C:\Windows\system32\KERNELBASE.dll!OpenMutexW + 1 000007fefd4529c1 11 bytes [B8, B9, 49, C1, 75, 00, 00, ...] .text C:\Windows\system32\SearchIndexer.exe[4760] C:\Windows\system32\KERNELBASE.dll!WriteProcessMemory 000007fefd474320 12 bytes [48, B8, 79, 3D, C1, 75, 00, ...] .text C:\Windows\system32\SearchIndexer.exe[4760] C:\Windows\system32\KERNELBASE.dll!CreateRemoteThread + 1 000007fefd482841 8 bytes [B8, 39, 23, C1, 75, 00, 00, ...] .text C:\Windows\system32\SearchIndexer.exe[4760] C:\Windows\system32\KERNELBASE.dll!CreateRemoteThread + 10 000007fefd48284a 2 bytes [50, C3] .text C:\Windows\system32\SearchIndexer.exe[4760] C:\Windows\system32\KERNELBASE.dll!CreateThread + 1 000007fefd482881 11 bytes [B8, B9, 3B, C1, 75, 00, 00, ...] .text C:\Windows\system32\SearchIndexer.exe[4760] C:\Windows\SYSTEM32\sechost.dll!ControlService + 1 000007fefd77642d 11 bytes [B8, F9, 55, C1, 75, 00, 00, ...] .text C:\Windows\system32\SearchIndexer.exe[4760] C:\Windows\SYSTEM32\sechost.dll!OpenServiceW 000007fefd776484 12 bytes [48, B8, B9, 50, C1, 75, 00, ...] .text C:\Windows\system32\SearchIndexer.exe[4760] C:\Windows\SYSTEM32\sechost.dll!CloseServiceHandle + 1 000007fefd776519 11 bytes [B8, F9, 5C, C1, 75, 00, 00, ...] .text C:\Windows\system32\SearchIndexer.exe[4760] C:\Windows\SYSTEM32\sechost.dll!OpenServiceA 000007fefd776c34 12 bytes [48, B8, F9, 4E, C1, 75, 00, ...] .text C:\Windows\system32\SearchIndexer.exe[4760] C:\Windows\SYSTEM32\sechost.dll!DeleteService + 1 000007fefd777ab5 11 bytes [B8, B9, 57, C1, 75, 00, 00, ...] .text C:\Windows\system32\SearchIndexer.exe[4760] C:\Windows\SYSTEM32\sechost.dll!ControlServiceExA + 1 000007fefd778b01 11 bytes [B8, 79, 52, C1, 75, 00, 00, ...] .text C:\Windows\system32\SearchIndexer.exe[4760] C:\Windows\SYSTEM32\sechost.dll!ControlServiceExW + 1 000007fefd778c39 11 bytes [B8, 39, 54, C1, 75, 00, 00, ...] .text C:\Program Files\Windows Media Player\wmpnetwk.exe[4808] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateProcessParametersEx + 1 00000000771c92a1 5 bytes [B8, F9, 63, C1, 75] .text C:\Program Files\Windows Media Player\wmpnetwk.exe[4808] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateProcessParametersEx + 7 00000000771c92a7 5 bytes [00, 00, 00, 50, C3] .text C:\Program Files\Windows Media Player\wmpnetwk.exe[4808] C:\Windows\SYSTEM32\ntdll.dll!NtWriteFile 00000000771e1390 6 bytes [48, B8, 79, EC, C1, 75] .text C:\Program Files\Windows Media Player\wmpnetwk.exe[4808] C:\Windows\SYSTEM32\ntdll.dll!NtWriteFile + 8 00000000771e1398 4 bytes [00, 00, 50, C3] .text C:\Program Files\Windows Media Player\wmpnetwk.exe[4808] C:\Windows\SYSTEM32\ntdll.dll!NtClose 00000000771e1400 6 bytes [48, B8, 79, D0, C1, 75] .text C:\Program Files\Windows Media Player\wmpnetwk.exe[4808] C:\Windows\SYSTEM32\ntdll.dll!NtClose + 8 00000000771e1408 4 bytes [00, 00, 50, C3] .text C:\Program Files\Windows Media Player\wmpnetwk.exe[4808] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess 00000000771e14d0 6 bytes [48, B8, 39, BD, C1, 75] .text C:\Program Files\Windows Media Player\wmpnetwk.exe[4808] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess + 8 00000000771e14d8 4 bytes [00, 00, 50, C3] .text C:\Program Files\Windows Media Player\wmpnetwk.exe[4808] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000771e1570 6 bytes [48, B8, F9, 32, C1, 75] .text C:\Program Files\Windows Media Player\wmpnetwk.exe[4808] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess + 8 00000000771e1578 4 bytes [00, 00, 50, C3] .text C:\Program Files\Windows Media Player\wmpnetwk.exe[4808] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 00000000771e1590 6 bytes [48, B8, 39, 1C, C1, 75] .text C:\Program Files\Windows Media Player\wmpnetwk.exe[4808] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection + 8 00000000771e1598 4 bytes [00, 00, 50, C3] .text C:\Program Files\Windows Media Player\wmpnetwk.exe[4808] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection 00000000771e15b0 6 bytes [48, B8, F9, 1D, C1, 75] .text C:\Program Files\Windows Media Player\wmpnetwk.exe[4808] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection + 8 00000000771e15b8 4 bytes [00, 00, 50, C3] .text C:\Program Files\Windows Media Player\wmpnetwk.exe[4808] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000771e15d0 6 bytes [48, B8, 79, BB, C1, 75] .text C:\Program Files\Windows Media Player\wmpnetwk.exe[4808] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess + 8 00000000771e15d8 4 bytes [00, 00, 50, C3] .text C:\Program Files\Windows Media Player\wmpnetwk.exe[4808] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000771e1680 6 bytes [48, B8, F9, E8, C1, 75] .text C:\Program Files\Windows Media Player\wmpnetwk.exe[4808] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection + 8 00000000771e1688 4 bytes [00, 00, 50, C3] .text C:\Program Files\Windows Media Player\wmpnetwk.exe[4808] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000771e16b0 6 bytes [48, B8, 79, 2F, C1, 75] .text C:\Program Files\Windows Media Player\wmpnetwk.exe[4808] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory + 8 00000000771e16b8 4 bytes [00, 00, 50, C3] .text C:\Program Files\Windows Media Player\wmpnetwk.exe[4808] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000771e16d0 6 bytes [48, B8, 79, 36, C1, 75] .text C:\Program Files\Windows Media Player\wmpnetwk.exe[4808] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject + 8 00000000771e16d8 4 bytes [00, 00, 50, C3] .text C:\Program Files\Windows Media Player\wmpnetwk.exe[4808] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 00000000771e1760 6 bytes [48, B8, B9, 34, C1, 75] .text C:\Program Files\Windows Media Player\wmpnetwk.exe[4808] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread + 8 00000000771e1768 4 bytes [00, 00, 50, C3] .text C:\Program Files\Windows Media Player\wmpnetwk.exe[4808] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000771e17b0 6 bytes [48, B8, 39, EE, C1, 75] .text C:\Program Files\Windows Media Player\wmpnetwk.exe[4808] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection + 8 00000000771e17b8 4 bytes [00, 00, 50, C3] .text C:\Program Files\Windows Media Player\wmpnetwk.exe[4808] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcessEx 00000000771e17e0 6 bytes [48, B8, 39, 2A, C1, 75] .text C:\Program Files\Windows Media Player\wmpnetwk.exe[4808] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcessEx + 8 00000000771e17e8 4 bytes [00, 00, 50, C3] .text C:\Program Files\Windows Media Player\wmpnetwk.exe[4808] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000771e17f0 6 bytes [48, B8, B9, 26, C1, 75] .text C:\Program Files\Windows Media Player\wmpnetwk.exe[4808] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread + 8 00000000771e17f8 4 bytes [00, 00, 50, C3] .text C:\Program Files\Windows Media Player\wmpnetwk.exe[4808] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 00000000771e1860 6 bytes [48, B8, B9, EA, C1, 75] .text C:\Program Files\Windows Media Player\wmpnetwk.exe[4808] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile + 8 00000000771e1868 4 bytes [00, 00, 50, C3] .text C:\Program Files\Windows Media Player\wmpnetwk.exe[4808] C:\Windows\SYSTEM32\ntdll.dll!NtSetValueKey 00000000771e1910 6 bytes [48, B8, B9, F1, C1, 75] .text C:\Program Files\Windows Media Player\wmpnetwk.exe[4808] C:\Windows\SYSTEM32\ntdll.dll!NtSetValueKey + 8 00000000771e1918 4 bytes [00, 00, 50, C3] .text C:\Program Files\Windows Media Player\wmpnetwk.exe[4808] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000771e1ce0 6 bytes [48, B8, 39, E7, C1, 75] .text C:\Program Files\Windows Media Player\wmpnetwk.exe[4808] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant + 8 00000000771e1ce8 4 bytes [00, 00, 50, C3] .text C:\Program Files\Windows Media Player\wmpnetwk.exe[4808] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcess 00000000771e1d30 6 bytes [48, B8, 79, 28, C1, 75] .text C:\Program Files\Windows Media Player\wmpnetwk.exe[4808] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcess + 8 00000000771e1d38 4 bytes [00, 00, 50, C3] .text C:\Program Files\Windows Media Player\wmpnetwk.exe[4808] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000771e1d90 6 bytes [48, B8, F9, 24, C1, 75] .text C:\Program Files\Windows Media Player\wmpnetwk.exe[4808] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx + 8 00000000771e1d98 4 bytes [00, 00, 50, C3] .text C:\Program Files\Windows Media Player\wmpnetwk.exe[4808] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000771e2100 6 bytes [48, B8, 39, D2, C1, 75] .text C:\Program Files\Windows Media Player\wmpnetwk.exe[4808] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver + 8 00000000771e2108 4 bytes [00, 00, 50, C3] .text C:\Program Files\Windows Media Player\wmpnetwk.exe[4808] C:\Windows\SYSTEM32\ntdll.dll!NtRaiseHardError 00000000771e2640 6 bytes [48, B8, 39, 7E, C1, 75] .text C:\Program Files\Windows Media Player\wmpnetwk.exe[4808] C:\Windows\SYSTEM32\ntdll.dll!NtRaiseHardError + 8 00000000771e2648 4 bytes [00, 00, 50, C3] .text C:\Program Files\Windows Media Player\wmpnetwk.exe[4808] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000771e2840 6 bytes [48, B8, 39, 31, C1, 75] .text C:\Program Files\Windows Media Player\wmpnetwk.exe[4808] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread + 8 00000000771e2848 4 bytes [00, 00, 50, C3] .text C:\Program Files\Windows Media Player\wmpnetwk.exe[4808] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000771e2a00 6 bytes [48, B8, F9, D3, C1, 75] .text C:\Program Files\Windows Media Player\wmpnetwk.exe[4808] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation + 8 00000000771e2a08 4 bytes [00, 00, 50, C3] .text C:\Program Files\Windows Media Player\wmpnetwk.exe[4808] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000771e2b00 6 bytes [48, B8, F9, EF, C1, 75] .text C:\Program Files\Windows Media Player\wmpnetwk.exe[4808] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl + 8 00000000771e2b08 4 bytes [00, 00, 50, C3] .text C:\Program Files\Windows Media Player\wmpnetwk.exe[4808] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000771e2be0 6 bytes [48, B8, F9, E1, C1, 75] .text C:\Program Files\Windows Media Player\wmpnetwk.exe[4808] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl + 8 00000000771e2be8 4 bytes [00, 00, 50, C3] .text C:\Program Files\Windows Media Player\wmpnetwk.exe[4808] C:\Windows\SYSTEM32\ntdll.dll!RtlReportException + 1 00000000772531f1 11 bytes [B8, F9, 7F, C1, 75, 00, 00, ...] .text C:\Program Files\Windows Media Player\wmpnetwk.exe[4808] C:\Windows\system32\kernel32.dll!Process32NextW + 1 00000000770720f1 11 bytes [B8, B9, CE, C1, 75, 00, 00, ...] .text C:\Program Files\Windows Media Player\wmpnetwk.exe[4808] C:\Windows\system32\kernel32.dll!CreateToolhelp32Snapshot 00000000770721e0 12 bytes [48, B8, F9, 39, C1, 75, 00, ...] .text C:\Program Files\Windows Media Player\wmpnetwk.exe[4808] C:\Windows\system32\kernel32.dll!CreateProcessInternalW 000000007708e750 12 bytes [48, B8, B9, 2D, C1, 75, 00, ...] .text C:\Program Files\Windows Media Player\wmpnetwk.exe[4808] C:\Windows\system32\kernel32.dll!GetStartupInfoA + 1 0000000077091e31 11 bytes [B8, 39, E0, C1, 75, 00, 00, ...] .text C:\Program Files\Windows Media Player\wmpnetwk.exe[4808] C:\Windows\system32\kernel32.dll!ReadConsoleInputW + 1 00000000770c5011 11 bytes [B8, 79, 75, C1, 75, 00, 00, ...] .text C:\Program Files\Windows Media Player\wmpnetwk.exe[4808] C:\Windows\system32\kernel32.dll!ReadConsoleInputA + 1 00000000770c5031 11 bytes [B8, F9, 71, C1, 75, 00, 00, ...] .text C:\Program Files\Windows Media Player\wmpnetwk.exe[4808] C:\Windows\system32\kernel32.dll!ReadConsoleW 00000000770da560 12 bytes [48, B8, 79, 7C, C1, 75, 00, ...] .text C:\Program Files\Windows Media Player\wmpnetwk.exe[4808] C:\Windows\system32\kernel32.dll!ReadConsoleA 00000000770da670 12 bytes [48, B8, F9, 78, C1, 75, 00, ...] .text C:\Program Files\Windows Media Player\wmpnetwk.exe[4808] C:\Windows\system32\KERNELBASE.dll!CloseHandle + 1 000007fefd441861 11 bytes [B8, 39, 4D, C1, 75, 00, 00, ...] .text C:\Program Files\Windows Media Player\wmpnetwk.exe[4808] C:\Windows\system32\KERNELBASE.dll!GetProcAddress + 1 000007fefd4430f1 11 bytes [B8, 39, C4, C1, 75, 00, 00, ...] .text C:\Program Files\Windows Media Player\wmpnetwk.exe[4808] C:\Windows\system32\KERNELBASE.dll!CreateMutexW 000007fefd448b80 12 bytes [48, B8, 79, 4B, C1, 75, 00, ...] .text C:\Program Files\Windows Media Player\wmpnetwk.exe[4808] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd449940 12 bytes [48, B8, B9, C0, C1, 75, 00, ...] .text C:\Program Files\Windows Media Player\wmpnetwk.exe[4808] C:\Windows\system32\KERNELBASE.dll!FreeLibrary + 1 000007fefd449fb1 11 bytes [B8, 79, C2, C1, 75, 00, 00, ...] .text C:\Program Files\Windows Media Player\wmpnetwk.exe[4808] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExA + 1 000007fefd44bbb1 11 bytes [B8, F9, BE, C1, 75, 00, 00, ...] .text C:\Program Files\Windows Media Player\wmpnetwk.exe[4808] C:\Windows\system32\KERNELBASE.dll!OpenMutexW + 1 000007fefd4529c1 11 bytes [B8, B9, 49, C1, 75, 00, 00, ...] .text C:\Program Files\Windows Media Player\wmpnetwk.exe[4808] C:\Windows\system32\KERNELBASE.dll!WriteProcessMemory 000007fefd474320 12 bytes [48, B8, 79, 3D, C1, 75, 00, ...] .text C:\Program Files\Windows Media Player\wmpnetwk.exe[4808] C:\Windows\system32\KERNELBASE.dll!CreateRemoteThread + 1 000007fefd482841 8 bytes [B8, 39, 23, C1, 75, 00, 00, ...] .text C:\Program Files\Windows Media Player\wmpnetwk.exe[4808] C:\Windows\system32\KERNELBASE.dll!CreateRemoteThread + 10 000007fefd48284a 2 bytes [50, C3] .text C:\Program Files\Windows Media Player\wmpnetwk.exe[4808] C:\Windows\system32\KERNELBASE.dll!CreateThread + 1 000007fefd482881 11 bytes [B8, B9, 3B, C1, 75, 00, 00, ...] .text C:\Program Files\Windows Media Player\wmpnetwk.exe[4808] C:\Windows\SYSTEM32\sechost.dll!ControlService + 1 000007fefd77642d 11 bytes [B8, F9, 55, C1, 75, 00, 00, ...] .text C:\Program Files\Windows Media Player\wmpnetwk.exe[4808] C:\Windows\SYSTEM32\sechost.dll!OpenServiceW 000007fefd776484 12 bytes [48, B8, B9, 50, C1, 75, 00, ...] .text C:\Program Files\Windows Media Player\wmpnetwk.exe[4808] C:\Windows\SYSTEM32\sechost.dll!CloseServiceHandle + 1 000007fefd776519 11 bytes [B8, F9, 5C, C1, 75, 00, 00, ...] .text C:\Program Files\Windows Media Player\wmpnetwk.exe[4808] C:\Windows\SYSTEM32\sechost.dll!OpenServiceA 000007fefd776c34 12 bytes [48, B8, F9, 4E, C1, 75, 00, ...] .text C:\Program Files\Windows Media Player\wmpnetwk.exe[4808] C:\Windows\SYSTEM32\sechost.dll!DeleteService + 1 000007fefd777ab5 11 bytes [B8, B9, 57, C1, 75, 00, 00, ...] .text C:\Program Files\Windows Media Player\wmpnetwk.exe[4808] C:\Windows\SYSTEM32\sechost.dll!ControlServiceExA + 1 000007fefd778b01 11 bytes [B8, 79, 52, C1, 75, 00, 00, ...] .text C:\Program Files\Windows Media Player\wmpnetwk.exe[4808] C:\Windows\SYSTEM32\sechost.dll!ControlServiceExW + 1 000007fefd778c39 11 bytes [B8, 39, 54, C1, 75, 00, 00, ...] .text C:\Program Files\Windows Media Player\wmpnetwk.exe[4808] C:\Windows\system32\urlmon.dll!URLDownloadToFileW + 1 000007fefe9e9959 11 bytes [B8, B9, 5E, C1, 75, 00, 00, ...] .text C:\Program Files\Windows Media Player\wmpnetwk.exe[4808] C:\Windows\system32\urlmon.dll!URLDownloadToCacheFileW 000007fefe9e9a38 12 bytes [48, B8, 79, 60, C1, 75, 00, ...] .text C:\Windows\system32\svchost.exe[1548] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateProcessParametersEx + 1 00000000771c92a1 5 bytes [B8, F9, 63, C1, 75] .text C:\Windows\system32\svchost.exe[1548] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateProcessParametersEx + 7 00000000771c92a7 5 bytes [00, 00, 00, 50, C3] .text C:\Windows\system32\svchost.exe[1548] C:\Windows\SYSTEM32\ntdll.dll!NtWriteFile 00000000771e1390 6 bytes [48, B8, 39, E7, C1, 75] .text C:\Windows\system32\svchost.exe[1548] C:\Windows\SYSTEM32\ntdll.dll!NtWriteFile + 8 00000000771e1398 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\svchost.exe[1548] C:\Windows\SYSTEM32\ntdll.dll!NtClose 00000000771e1400 6 bytes [48, B8, 79, D0, C1, 75] .text C:\Windows\system32\svchost.exe[1548] C:\Windows\SYSTEM32\ntdll.dll!NtClose + 8 00000000771e1408 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\svchost.exe[1548] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess 00000000771e14d0 6 bytes [48, B8, 39, BD, C1, 75] .text C:\Windows\system32\svchost.exe[1548] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess + 8 00000000771e14d8 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\svchost.exe[1548] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000771e1570 6 bytes [48, B8, F9, 32, C1, 75] .text C:\Windows\system32\svchost.exe[1548] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess + 8 00000000771e1578 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\svchost.exe[1548] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 00000000771e1590 6 bytes [48, B8, 39, 1C, C1, 75] .text C:\Windows\system32\svchost.exe[1548] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection + 8 00000000771e1598 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\svchost.exe[1548] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection 00000000771e15b0 6 bytes [48, B8, F9, 1D, C1, 75] .text C:\Windows\system32\svchost.exe[1548] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection + 8 00000000771e15b8 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\svchost.exe[1548] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000771e15d0 6 bytes [48, B8, 79, BB, C1, 75] .text C:\Windows\system32\svchost.exe[1548] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess + 8 00000000771e15d8 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\svchost.exe[1548] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000771e1680 6 bytes [48, B8, B9, E3, C1, 75] .text C:\Windows\system32\svchost.exe[1548] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection + 8 00000000771e1688 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\svchost.exe[1548] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000771e16b0 6 bytes [48, B8, 79, 2F, C1, 75] .text C:\Windows\system32\svchost.exe[1548] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory + 8 00000000771e16b8 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\svchost.exe[1548] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000771e16d0 6 bytes [48, B8, 79, 36, C1, 75] .text C:\Windows\system32\svchost.exe[1548] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject + 8 00000000771e16d8 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\svchost.exe[1548] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 00000000771e1760 6 bytes [48, B8, B9, 34, C1, 75] .text C:\Windows\system32\svchost.exe[1548] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread + 8 00000000771e1768 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\svchost.exe[1548] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000771e17b0 6 bytes [48, B8, F9, E8, C1, 75] .text C:\Windows\system32\svchost.exe[1548] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection + 8 00000000771e17b8 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\svchost.exe[1548] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcessEx 00000000771e17e0 6 bytes [48, B8, 39, 2A, C1, 75] .text C:\Windows\system32\svchost.exe[1548] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcessEx + 8 00000000771e17e8 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\svchost.exe[1548] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000771e17f0 6 bytes [48, B8, B9, 26, C1, 75] .text C:\Windows\system32\svchost.exe[1548] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread + 8 00000000771e17f8 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\svchost.exe[1548] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 00000000771e1860 6 bytes [48, B8, 79, E5, C1, 75] .text C:\Windows\system32\svchost.exe[1548] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile + 8 00000000771e1868 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\svchost.exe[1548] C:\Windows\SYSTEM32\ntdll.dll!NtSetValueKey 00000000771e1910 6 bytes [48, B8, 79, EC, C1, 75] .text C:\Windows\system32\svchost.exe[1548] C:\Windows\SYSTEM32\ntdll.dll!NtSetValueKey + 8 00000000771e1918 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\svchost.exe[1548] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000771e1ce0 6 bytes [48, B8, F9, E1, C1, 75] .text C:\Windows\system32\svchost.exe[1548] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant + 8 00000000771e1ce8 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\svchost.exe[1548] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcess 00000000771e1d30 6 bytes [48, B8, 79, 28, C1, 75] .text C:\Windows\system32\svchost.exe[1548] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcess + 8 00000000771e1d38 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\svchost.exe[1548] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000771e1d90 6 bytes [48, B8, F9, 24, C1, 75] .text C:\Windows\system32\svchost.exe[1548] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx + 8 00000000771e1d98 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\svchost.exe[1548] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000771e2100 6 bytes [48, B8, 39, D2, C1, 75] .text C:\Windows\system32\svchost.exe[1548] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver + 8 00000000771e2108 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\svchost.exe[1548] C:\Windows\SYSTEM32\ntdll.dll!NtRaiseHardError 00000000771e2640 6 bytes [48, B8, 39, 7E, C1, 75] .text C:\Windows\system32\svchost.exe[1548] C:\Windows\SYSTEM32\ntdll.dll!NtRaiseHardError + 8 00000000771e2648 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\svchost.exe[1548] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000771e2840 6 bytes [48, B8, 39, 31, C1, 75] .text C:\Windows\system32\svchost.exe[1548] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread + 8 00000000771e2848 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\svchost.exe[1548] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000771e2a00 6 bytes [48, B8, F9, D3, C1, 75] .text C:\Windows\system32\svchost.exe[1548] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation + 8 00000000771e2a08 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\svchost.exe[1548] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000771e2b00 6 bytes [48, B8, B9, EA, C1, 75] .text C:\Windows\system32\svchost.exe[1548] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl + 8 00000000771e2b08 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\svchost.exe[1548] C:\Windows\SYSTEM32\ntdll.dll!RtlReportException + 1 00000000772531f1 11 bytes [B8, F9, 7F, C1, 75, 00, 00, ...] .text C:\Windows\system32\svchost.exe[1548] C:\Windows\system32\kernel32.dll!Process32NextW + 1 00000000770720f1 11 bytes [B8, B9, CE, C1, 75, 00, 00, ...] .text C:\Windows\system32\svchost.exe[1548] C:\Windows\system32\kernel32.dll!CreateToolhelp32Snapshot 00000000770721e0 12 bytes [48, B8, F9, 39, C1, 75, 00, ...] .text C:\Windows\system32\svchost.exe[1548] C:\Windows\system32\kernel32.dll!CreateProcessInternalW 000000007708e750 12 bytes [48, B8, B9, 2D, C1, 75, 00, ...] .text C:\Windows\system32\svchost.exe[1548] C:\Windows\system32\kernel32.dll!GetStartupInfoA + 1 0000000077091e31 11 bytes [B8, 39, E0, C1, 75, 00, 00, ...] .text C:\Windows\system32\svchost.exe[1548] C:\Windows\system32\kernel32.dll!ReadConsoleInputW + 1 00000000770c5011 11 bytes [B8, 79, 75, C1, 75, 00, 00, ...] .text C:\Windows\system32\svchost.exe[1548] C:\Windows\system32\kernel32.dll!ReadConsoleInputA + 1 00000000770c5031 11 bytes [B8, F9, 71, C1, 75, 00, 00, ...] .text C:\Windows\system32\svchost.exe[1548] C:\Windows\system32\kernel32.dll!ReadConsoleW 00000000770da560 12 bytes [48, B8, 79, 7C, C1, 75, 00, ...] .text C:\Windows\system32\svchost.exe[1548] C:\Windows\system32\kernel32.dll!ReadConsoleA 00000000770da670 12 bytes [48, B8, F9, 78, C1, 75, 00, ...] .text C:\Windows\system32\svchost.exe[1548] C:\Windows\system32\KERNELBASE.dll!CloseHandle + 1 000007fefd441861 11 bytes [B8, 39, 4D, C1, 75, 00, 00, ...] .text C:\Windows\system32\svchost.exe[1548] C:\Windows\system32\KERNELBASE.dll!GetProcAddress + 1 000007fefd4430f1 11 bytes [B8, 39, C4, C1, 75, 00, 00, ...] .text C:\Windows\system32\svchost.exe[1548] C:\Windows\system32\KERNELBASE.dll!CreateMutexW 000007fefd448b80 12 bytes [48, B8, 79, 4B, C1, 75, 00, ...] .text C:\Windows\system32\svchost.exe[1548] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd449940 12 bytes [48, B8, B9, C0, C1, 75, 00, ...] .text C:\Windows\system32\svchost.exe[1548] C:\Windows\system32\KERNELBASE.dll!FreeLibrary + 1 000007fefd449fb1 11 bytes [B8, 79, C2, C1, 75, 00, 00, ...] .text C:\Windows\system32\svchost.exe[1548] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExA + 1 000007fefd44bbb1 11 bytes [B8, F9, BE, C1, 75, 00, 00, ...] .text C:\Windows\system32\svchost.exe[1548] C:\Windows\system32\KERNELBASE.dll!OpenMutexW + 1 000007fefd4529c1 11 bytes [B8, B9, 49, C1, 75, 00, 00, ...] .text C:\Windows\system32\svchost.exe[1548] C:\Windows\system32\KERNELBASE.dll!WriteProcessMemory 000007fefd474320 12 bytes [48, B8, 79, 3D, C1, 75, 00, ...] .text C:\Windows\system32\svchost.exe[1548] C:\Windows\system32\KERNELBASE.dll!CreateRemoteThread + 1 000007fefd482841 8 bytes [B8, 39, 23, C1, 75, 00, 00, ...] .text C:\Windows\system32\svchost.exe[1548] C:\Windows\system32\KERNELBASE.dll!CreateRemoteThread + 10 000007fefd48284a 2 bytes [50, C3] .text C:\Windows\system32\svchost.exe[1548] C:\Windows\system32\KERNELBASE.dll!CreateThread + 1 000007fefd482881 11 bytes [B8, B9, 3B, C1, 75, 00, 00, ...] .text C:\Windows\System32\svchost.exe[6136] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateProcessParametersEx + 1 00000000771c92a1 5 bytes [B8, F9, 63, C1, 75] .text C:\Windows\System32\svchost.exe[6136] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateProcessParametersEx + 7 00000000771c92a7 5 bytes [00, 00, 00, 50, C3] .text C:\Windows\System32\svchost.exe[6136] C:\Windows\SYSTEM32\ntdll.dll!NtWriteFile 00000000771e1390 6 bytes [48, B8, 39, E7, C1, 75] .text C:\Windows\System32\svchost.exe[6136] C:\Windows\SYSTEM32\ntdll.dll!NtWriteFile + 8 00000000771e1398 4 bytes [00, 00, 50, C3] .text C:\Windows\System32\svchost.exe[6136] C:\Windows\SYSTEM32\ntdll.dll!NtClose 00000000771e1400 6 bytes [48, B8, 79, D0, C1, 75] .text C:\Windows\System32\svchost.exe[6136] C:\Windows\SYSTEM32\ntdll.dll!NtClose + 8 00000000771e1408 4 bytes [00, 00, 50, C3] .text C:\Windows\System32\svchost.exe[6136] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess 00000000771e14d0 6 bytes [48, B8, 39, BD, C1, 75] .text C:\Windows\System32\svchost.exe[6136] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess + 8 00000000771e14d8 4 bytes [00, 00, 50, C3] .text C:\Windows\System32\svchost.exe[6136] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000771e1570 6 bytes [48, B8, F9, 32, C1, 75] .text C:\Windows\System32\svchost.exe[6136] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess + 8 00000000771e1578 4 bytes [00, 00, 50, C3] .text C:\Windows\System32\svchost.exe[6136] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 00000000771e1590 6 bytes [48, B8, 39, 1C, C1, 75] .text C:\Windows\System32\svchost.exe[6136] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection + 8 00000000771e1598 4 bytes [00, 00, 50, C3] .text C:\Windows\System32\svchost.exe[6136] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection 00000000771e15b0 6 bytes [48, B8, F9, 1D, C1, 75] .text C:\Windows\System32\svchost.exe[6136] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection + 8 00000000771e15b8 4 bytes [00, 00, 50, C3] .text C:\Windows\System32\svchost.exe[6136] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000771e15d0 6 bytes [48, B8, 79, BB, C1, 75] .text C:\Windows\System32\svchost.exe[6136] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess + 8 00000000771e15d8 4 bytes [00, 00, 50, C3] .text C:\Windows\System32\svchost.exe[6136] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000771e1680 6 bytes [48, B8, B9, E3, C1, 75] .text C:\Windows\System32\svchost.exe[6136] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection + 8 00000000771e1688 4 bytes [00, 00, 50, C3] .text C:\Windows\System32\svchost.exe[6136] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000771e16b0 6 bytes [48, B8, 79, 2F, C1, 75] .text C:\Windows\System32\svchost.exe[6136] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory + 8 00000000771e16b8 4 bytes [00, 00, 50, C3] .text C:\Windows\System32\svchost.exe[6136] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000771e16d0 6 bytes [48, B8, 79, 36, C1, 75] .text C:\Windows\System32\svchost.exe[6136] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject + 8 00000000771e16d8 4 bytes [00, 00, 50, C3] .text C:\Windows\System32\svchost.exe[6136] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 00000000771e1760 6 bytes [48, B8, B9, 34, C1, 75] .text C:\Windows\System32\svchost.exe[6136] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread + 8 00000000771e1768 4 bytes [00, 00, 50, C3] .text C:\Windows\System32\svchost.exe[6136] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000771e17b0 6 bytes [48, B8, F9, E8, C1, 75] .text C:\Windows\System32\svchost.exe[6136] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection + 8 00000000771e17b8 4 bytes [00, 00, 50, C3] .text C:\Windows\System32\svchost.exe[6136] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcessEx 00000000771e17e0 6 bytes [48, B8, 39, 2A, C1, 75] .text C:\Windows\System32\svchost.exe[6136] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcessEx + 8 00000000771e17e8 4 bytes [00, 00, 50, C3] .text C:\Windows\System32\svchost.exe[6136] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000771e17f0 6 bytes [48, B8, B9, 26, C1, 75] .text C:\Windows\System32\svchost.exe[6136] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread + 8 00000000771e17f8 4 bytes [00, 00, 50, C3] .text C:\Windows\System32\svchost.exe[6136] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 00000000771e1860 6 bytes [48, B8, 79, E5, C1, 75] .text C:\Windows\System32\svchost.exe[6136] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile + 8 00000000771e1868 4 bytes [00, 00, 50, C3] .text C:\Windows\System32\svchost.exe[6136] C:\Windows\SYSTEM32\ntdll.dll!NtSetValueKey 00000000771e1910 6 bytes [48, B8, 79, EC, C1, 75] .text C:\Windows\System32\svchost.exe[6136] C:\Windows\SYSTEM32\ntdll.dll!NtSetValueKey + 8 00000000771e1918 4 bytes [00, 00, 50, C3] .text C:\Windows\System32\svchost.exe[6136] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000771e1ce0 6 bytes [48, B8, F9, E1, C1, 75] .text C:\Windows\System32\svchost.exe[6136] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant + 8 00000000771e1ce8 4 bytes [00, 00, 50, C3] .text C:\Windows\System32\svchost.exe[6136] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcess 00000000771e1d30 6 bytes [48, B8, 79, 28, C1, 75] .text C:\Windows\System32\svchost.exe[6136] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcess + 8 00000000771e1d38 4 bytes [00, 00, 50, C3] .text C:\Windows\System32\svchost.exe[6136] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000771e1d90 6 bytes [48, B8, F9, 24, C1, 75] .text C:\Windows\System32\svchost.exe[6136] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx + 8 00000000771e1d98 4 bytes [00, 00, 50, C3] .text C:\Windows\System32\svchost.exe[6136] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000771e2100 6 bytes [48, B8, 39, D2, C1, 75] .text C:\Windows\System32\svchost.exe[6136] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver + 8 00000000771e2108 4 bytes [00, 00, 50, C3] .text C:\Windows\System32\svchost.exe[6136] C:\Windows\SYSTEM32\ntdll.dll!NtRaiseHardError 00000000771e2640 6 bytes [48, B8, 39, 7E, C1, 75] .text C:\Windows\System32\svchost.exe[6136] C:\Windows\SYSTEM32\ntdll.dll!NtRaiseHardError + 8 00000000771e2648 4 bytes [00, 00, 50, C3] .text C:\Windows\System32\svchost.exe[6136] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000771e2840 6 bytes [48, B8, 39, 31, C1, 75] .text C:\Windows\System32\svchost.exe[6136] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread + 8 00000000771e2848 4 bytes [00, 00, 50, C3] .text C:\Windows\System32\svchost.exe[6136] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000771e2a00 6 bytes [48, B8, F9, D3, C1, 75] .text C:\Windows\System32\svchost.exe[6136] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation + 8 00000000771e2a08 4 bytes [00, 00, 50, C3] .text C:\Windows\System32\svchost.exe[6136] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000771e2b00 6 bytes [48, B8, B9, EA, C1, 75] .text C:\Windows\System32\svchost.exe[6136] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl + 8 00000000771e2b08 4 bytes [00, 00, 50, C3] .text C:\Windows\System32\svchost.exe[6136] C:\Windows\SYSTEM32\ntdll.dll!RtlReportException + 1 00000000772531f1 11 bytes [B8, F9, 7F, C1, 75, 00, 00, ...] .text C:\Windows\System32\svchost.exe[6136] C:\Windows\system32\kernel32.dll!Process32NextW + 1 00000000770720f1 11 bytes [B8, B9, CE, C1, 75, 00, 00, ...] .text C:\Windows\System32\svchost.exe[6136] C:\Windows\system32\kernel32.dll!CreateToolhelp32Snapshot 00000000770721e0 12 bytes [48, B8, F9, 39, C1, 75, 00, ...] .text C:\Windows\System32\svchost.exe[6136] C:\Windows\system32\kernel32.dll!CreateProcessInternalW 000000007708e750 12 bytes [48, B8, B9, 2D, C1, 75, 00, ...] .text C:\Windows\System32\svchost.exe[6136] C:\Windows\system32\kernel32.dll!GetStartupInfoA + 1 0000000077091e31 11 bytes [B8, 39, E0, C1, 75, 00, 00, ...] .text C:\Windows\System32\svchost.exe[6136] C:\Windows\system32\kernel32.dll!ReadConsoleInputW + 1 00000000770c5011 11 bytes [B8, 79, 75, C1, 75, 00, 00, ...] .text C:\Windows\System32\svchost.exe[6136] C:\Windows\system32\kernel32.dll!ReadConsoleInputA + 1 00000000770c5031 11 bytes [B8, F9, 71, C1, 75, 00, 00, ...] .text C:\Windows\System32\svchost.exe[6136] C:\Windows\system32\kernel32.dll!ReadConsoleW 00000000770da560 12 bytes [48, B8, 79, 7C, C1, 75, 00, ...] .text C:\Windows\System32\svchost.exe[6136] C:\Windows\system32\kernel32.dll!ReadConsoleA 00000000770da670 12 bytes [48, B8, F9, 78, C1, 75, 00, ...] .text C:\Windows\System32\svchost.exe[6136] C:\Windows\system32\KERNELBASE.dll!CloseHandle + 1 000007fefd441861 11 bytes [B8, 39, 4D, C1, 75, 00, 00, ...] .text C:\Windows\System32\svchost.exe[6136] C:\Windows\system32\KERNELBASE.dll!GetProcAddress + 1 000007fefd4430f1 11 bytes [B8, 39, C4, C1, 75, 00, 00, ...] .text C:\Windows\System32\svchost.exe[6136] C:\Windows\system32\KERNELBASE.dll!CreateMutexW 000007fefd448b80 12 bytes [48, B8, 79, 4B, C1, 75, 00, ...] .text C:\Windows\System32\svchost.exe[6136] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd449940 12 bytes [48, B8, B9, C0, C1, 75, 00, ...] .text C:\Windows\System32\svchost.exe[6136] C:\Windows\system32\KERNELBASE.dll!FreeLibrary + 1 000007fefd449fb1 11 bytes [B8, 79, C2, C1, 75, 00, 00, ...] .text C:\Windows\System32\svchost.exe[6136] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExA + 1 000007fefd44bbb1 11 bytes [B8, F9, BE, C1, 75, 00, 00, ...] .text C:\Windows\System32\svchost.exe[6136] C:\Windows\system32\KERNELBASE.dll!OpenMutexW + 1 000007fefd4529c1 11 bytes [B8, B9, 49, C1, 75, 00, 00, ...] .text C:\Windows\System32\svchost.exe[6136] C:\Windows\system32\KERNELBASE.dll!WriteProcessMemory 000007fefd474320 12 bytes [48, B8, 79, 3D, C1, 75, 00, ...] .text C:\Windows\System32\svchost.exe[6136] C:\Windows\system32\KERNELBASE.dll!CreateRemoteThread + 1 000007fefd482841 8 bytes [B8, 39, 23, C1, 75, 00, 00, ...] .text C:\Windows\System32\svchost.exe[6136] C:\Windows\system32\KERNELBASE.dll!CreateRemoteThread + 10 000007fefd48284a 2 bytes [50, C3] .text C:\Windows\System32\svchost.exe[6136] C:\Windows\system32\KERNELBASE.dll!CreateThread + 1 000007fefd482881 11 bytes [B8, B9, 3B, C1, 75, 00, 00, ...] .text C:\Windows\System32\svchost.exe[6136] C:\Windows\system32\WS2_32.dll!WSASend + 1 000007fefe5a13b1 11 bytes [B8, B9, B9, C1, 75, 00, 00, ...] .text C:\Windows\System32\svchost.exe[6136] C:\Windows\system32\WS2_32.dll!closesocket 000007fefe5a18e0 12 bytes [48, B8, F9, B7, C1, 75, 00, ...] .text C:\Windows\System32\svchost.exe[6136] C:\Windows\system32\WS2_32.dll!WSASocketW + 1 000007fefe5a1bd1 11 bytes [B8, 39, B6, C1, 75, 00, 00, ...] .text C:\Windows\System32\svchost.exe[6136] C:\Windows\system32\WS2_32.dll!WSARecv + 1 000007fefe5a2201 11 bytes [B8, B9, DC, C1, 75, 00, 00, ...] .text C:\Windows\System32\svchost.exe[6136] C:\Windows\system32\WS2_32.dll!GetAddrInfoW 000007fefe5a23c0 12 bytes [48, B8, 39, A1, C1, 75, 00, ...] .text C:\Windows\System32\svchost.exe[6136] C:\Windows\system32\WS2_32.dll!connect 000007fefe5a45c0 12 bytes [48, B8, 39, 62, C1, 75, 00, ...] .text C:\Windows\System32\svchost.exe[6136] C:\Windows\system32\WS2_32.dll!send + 1 000007fefe5a8001 11 bytes [B8, 79, B4, C1, 75, 00, 00, ...] .text C:\Windows\System32\svchost.exe[6136] C:\Windows\system32\WS2_32.dll!gethostbyname 000007fefe5a8df0 7 bytes [48, B8, F9, A2, C1, 75, 00] .text C:\Windows\System32\svchost.exe[6136] C:\Windows\system32\WS2_32.dll!gethostbyname + 9 000007fefe5a8df9 3 bytes [00, 50, C3] .text C:\Windows\System32\svchost.exe[6136] C:\Windows\system32\WS2_32.dll!socket + 1 000007fefe5ade91 11 bytes [B8, B9, D5, C1, 75, 00, 00, ...] .text C:\Windows\System32\svchost.exe[6136] C:\Windows\system32\WS2_32.dll!recv + 1 000007fefe5adf41 11 bytes [B8, F9, DA, C1, 75, 00, 00, ...] .text C:\Windows\System32\svchost.exe[6136] C:\Windows\system32\WS2_32.dll!WSAConnect + 1 000007fefe5ce0f1 11 bytes [B8, 39, D9, C1, 75, 00, 00, ...] .text D:\pedmbxm7.exe[6424] C:\Windows\SysWOW64\ntdll.dll!NtReadFile 000000007738f8d0 5 bytes JMP 00000001741e60c1 .text D:\pedmbxm7.exe[6424] C:\Windows\SysWOW64\ntdll.dll!NtWriteFile 000000007738f908 5 bytes JMP 00000001741e66f1 .text D:\pedmbxm7.exe[6424] C:\Windows\SysWOW64\ntdll.dll!NtClose 000000007738f9c0 5 bytes JMP 00000001741e5f11 .text D:\pedmbxm7.exe[6424] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationProcess 000000007738fb08 5 bytes JMP 00000001741e5971 .text D:\pedmbxm7.exe[6424] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess 000000007738fc00 5 bytes JMP 00000001741e3061 .text D:\pedmbxm7.exe[6424] C:\Windows\SysWOW64\ntdll.dll!NtMapViewOfSection 000000007738fc30 5 bytes JMP 00000001741e15f1 .text D:\pedmbxm7.exe[6424] C:\Windows\SysWOW64\ntdll.dll!NtUnmapViewOfSection 000000007738fc60 5 bytes JMP 00000001741e1681 .text D:\pedmbxm7.exe[6424] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 000000007738fc90 5 bytes JMP 00000001741e58e1 .text D:\pedmbxm7.exe[6424] C:\Windows\SysWOW64\ntdll.dll!NtOpenSection 000000007738fda8 5 bytes JMP 00000001741e6661 .text D:\pedmbxm7.exe[6424] C:\Windows\SysWOW64\ntdll.dll!NtWriteVirtualMemory 000000007738fdf4 5 bytes JMP 00000001741e2f41 .text D:\pedmbxm7.exe[6424] C:\Windows\SysWOW64\ntdll.dll!NtDuplicateObject 000000007738fe24 5 bytes JMP 00000001741e3181 .text D:\pedmbxm7.exe[6424] C:\Windows\SysWOW64\ntdll.dll!NtQueueApcThread 000000007738ff04 5 bytes JMP 00000001741e30f1 .text D:\pedmbxm7.exe[6424] C:\Windows\SysWOW64\ntdll.dll!NtCreateSection 000000007738ff84 5 bytes JMP 00000001741e6781 .text D:\pedmbxm7.exe[6424] C:\Windows\SysWOW64\ntdll.dll!NtCreateProcessEx 000000007738ffcc 5 bytes JMP 00000001741e2d91 .text D:\pedmbxm7.exe[6424] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread 000000007738ffe4 5 bytes JMP 00000001741e2c71 .text D:\pedmbxm7.exe[6424] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile 0000000077390094 5 bytes JMP 00000001741e1e61 .text D:\pedmbxm7.exe[6424] C:\Windows\SysWOW64\ntdll.dll!NtSetValueKey 00000000773901a4 5 bytes JMP 00000001741e2251 .text D:\pedmbxm7.exe[6424] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant 000000007739077c 5 bytes JMP 00000001741e65d1 .text D:\pedmbxm7.exe[6424] C:\Windows\SysWOW64\ntdll.dll!NtCreateProcess 00000000773907f4 5 bytes JMP 00000001741e2d01 .text D:\pedmbxm7.exe[6424] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx 0000000077390884 5 bytes JMP 00000001741e2be1 .text D:\pedmbxm7.exe[6424] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver 0000000077390dd4 5 bytes JMP 00000001741e5fa1 .text D:\pedmbxm7.exe[6424] C:\Windows\SysWOW64\ntdll.dll!NtRaiseHardError 00000000773915e4 5 bytes JMP 00000001741e4651 .text D:\pedmbxm7.exe[6424] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread 0000000077391900 5 bytes JMP 00000001741e2fd1 .text D:\pedmbxm7.exe[6424] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation 0000000077391bc4 5 bytes JMP 00000001741e6031 .text D:\pedmbxm7.exe[6424] C:\Windows\SysWOW64\ntdll.dll!NtSystemDebugControl 0000000077391d6c 5 bytes JMP 00000001741e6811 .text D:\pedmbxm7.exe[6424] C:\Windows\SysWOW64\ntdll.dll!NtVdmControl 0000000077391ec8 5 bytes JMP 00000001741e6421 .text D:\pedmbxm7.exe[6424] C:\Windows\SysWOW64\ntdll.dll!RtlQueryPerformanceCounter 00000000773a88a4 5 bytes JMP 00000001741e1a71 .text D:\pedmbxm7.exe[6424] C:\Windows\SysWOW64\ntdll.dll!RtlCreateProcessParametersEx 00000000773d0cfb 5 bytes JMP 00000001741e1f81 .text D:\pedmbxm7.exe[6424] C:\Windows\SysWOW64\ntdll.dll!RtlReportException 000000007741857f 5 bytes JMP 00000001741e46e1 .text D:\pedmbxm7.exe[6424] C:\Windows\SysWOW64\ntdll.dll!RtlCreateProcessParameters 000000007741e81b 5 bytes JMP 00000001741e1ef1 .text D:\pedmbxm7.exe[6424] C:\Windows\syswow64\kernel32.dll!GetStartupInfoA 00000000764a0e00 5 bytes JMP 00000001741e1d41 .text D:\pedmbxm7.exe[6424] C:\Windows\syswow64\kernel32.dll!CreateProcessA 00000000764a1072 5 bytes JMP 00000001741e2911 .text D:\pedmbxm7.exe[6424] C:\Windows\syswow64\kernel32.dll!LoadLibraryA 00000000764a49bf 5 bytes JMP 00000001741e2521 .text D:\pedmbxm7.exe[6424] C:\Windows\syswow64\kernel32.dll!CreateProcessInternalW 00000000764b3bdb 5 bytes JMP 00000001741e2eb1 .text D:\pedmbxm7.exe[6424] C:\Windows\syswow64\kernel32.dll!CreateToolhelp32Snapshot 00000000764c7347 5 bytes JMP 00000001741e2641 .text D:\pedmbxm7.exe[6424] C:\Windows\syswow64\kernel32.dll!Process32NextW 00000000764c8954 5 bytes JMP 00000001741e5e81 .text D:\pedmbxm7.exe[6424] C:\Windows\syswow64\kernel32.dll!WinExec 0000000076522c91 5 bytes JMP 00000001741e27f1 .text D:\pedmbxm7.exe[6424] C:\Windows\syswow64\kernel32.dll!ReadConsoleInputA 0000000076546f6b 5 bytes JMP 00000001741e4261 .text D:\pedmbxm7.exe[6424] C:\Windows\syswow64\kernel32.dll!ReadConsoleInputW 0000000076546f8e 5 bytes JMP 00000001741e4381 .text D:\pedmbxm7.exe[6424] C:\Windows\syswow64\kernel32.dll!ReadConsoleA 0000000076547339 5 bytes JMP 00000001741e44a1 .text D:\pedmbxm7.exe[6424] C:\Windows\syswow64\kernel32.dll!ReadConsoleW 00000000765473b2 5 bytes JMP 00000001741e45c1 .text D:\pedmbxm7.exe[6424] C:\Windows\syswow64\KERNELBASE.dll!GetSystemTimeAsFileTime 00000000750d8f7d 5 bytes JMP 00000001741e19e1 .text D:\pedmbxm7.exe[6424] C:\Windows\syswow64\KERNELBASE.dll!CloseHandle 00000000750dc428 5 bytes JMP 00000001741e37b1 .text D:\pedmbxm7.exe[6424] C:\Windows\syswow64\KERNELBASE.dll!WriteProcessMemory 00000000750dec98 5 bytes JMP 00000001741e32a1 .text D:\pedmbxm7.exe[6424] C:\Windows\syswow64\KERNELBASE.dll!ExitProcess 00000000750df1f8 4 bytes JMP 00000001741e22e1 .text D:\pedmbxm7.exe[6424] C:\Windows\syswow64\KERNELBASE.dll!GetStartupInfoW 00000000750dfa7b 5 bytes JMP 00000001741e1dd1 .text D:\pedmbxm7.exe[6424] C:\Windows\syswow64\KERNELBASE.dll!CreateMutexW 00000000750e134a 5 bytes JMP 00000001741e3721 .text D:\pedmbxm7.exe[6424] C:\Windows\syswow64\KERNELBASE.dll!OpenMutexW 00000000750e1371 5 bytes JMP 00000001741e3691 .text D:\pedmbxm7.exe[6424] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 00000000750e1d1b 5 bytes JMP 00000001741e1951 .text D:\pedmbxm7.exe[6424] C:\Windows\syswow64\KERNELBASE.dll!GetProcAddress 00000000750e1e07 5 bytes JMP 00000001741e2401 .text D:\pedmbxm7.exe[6424] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 00000000750e2aa4 5 bytes JMP 00000001741e5a91 .text D:\pedmbxm7.exe[6424] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExA 00000000750e2ccc 5 bytes JMP 00000001741e5a01 .text D:\pedmbxm7.exe[6424] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 00000000750e2d0a 5 bytes JMP 00000001741e5b21 .text D:\pedmbxm7.exe[6424] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleA 00000000750e2e6d 5 bytes JMP 00000001741e18c1 .text D:\pedmbxm7.exe[6424] C:\Windows\syswow64\KERNELBASE.dll!SleepEx 00000000750e3b63 5 bytes JMP 00000001741e21c1 .text D:\pedmbxm7.exe[6424] C:\Windows\syswow64\KERNELBASE.dll!Sleep 00000000750e4489 5 bytes JMP 00000001741e2371 .text D:\pedmbxm7.exe[6424] C:\Windows\syswow64\KERNELBASE.dll!CreateThread 00000000750e45fb 5 bytes JMP 00000001741e3211 .text D:\pedmbxm7.exe[6424] C:\Windows\syswow64\KERNELBASE.dll!CreateRemoteThread 00000000750e4624 5 bytes JMP 00000001741e2b51 .text D:\pedmbxm7.exe[6424] C:\Windows\syswow64\KERNELBASE.dll!CreateFileA 00000000750ec72c 5 bytes JMP 00000001741e26d1 .text D:\pedmbxm7.exe[6424] C:\Windows\syswow64\ADVAPI32.dll!OpenServiceW 0000000076e8ca4c 5 bytes JMP 00000001741e38d1 .text D:\pedmbxm7.exe[6424] C:\Windows\syswow64\ADVAPI32.dll!OpenServiceA 0000000076e92bf0 5 bytes JMP 00000001741e3841 .text D:\pedmbxm7.exe[6424] C:\Windows\syswow64\ADVAPI32.dll!CloseServiceHandle 0000000076e9369c 5 bytes JMP 00000001741e3cc1 .text D:\pedmbxm7.exe[6424] C:\Windows\syswow64\ADVAPI32.dll!RegOpenKeyExA + 222 0000000076e949e5 5 bytes JMP 00000001741e68a1 .text D:\pedmbxm7.exe[6424] C:\Windows\syswow64\ADVAPI32.dll!CreateServiceW 0000000076ea712c 5 bytes JMP 00000001741e3f01 .text D:\pedmbxm7.exe[6424] C:\Windows\syswow64\ADVAPI32.dll!ControlService 0000000076ea7144 5 bytes JMP 00000001741e3a81 .text D:\pedmbxm7.exe[6424] C:\Windows\syswow64\ADVAPI32.dll!DeleteService 0000000076ea715c 5 bytes JMP 00000001741e3b11 .text D:\pedmbxm7.exe[6424] C:\Windows\syswow64\ADVAPI32.dll!ChangeServiceConfigA 0000000076ec30e8 5 bytes JMP 00000001741e3ba1 .text D:\pedmbxm7.exe[6424] C:\Windows\syswow64\ADVAPI32.dll!ChangeServiceConfigW 0000000076ec30f8 5 bytes JMP 00000001741e3c31 .text D:\pedmbxm7.exe[6424] C:\Windows\syswow64\ADVAPI32.dll!ControlServiceExA 0000000076ec3108 5 bytes JMP 00000001741e3961 .text D:\pedmbxm7.exe[6424] C:\Windows\syswow64\ADVAPI32.dll!ControlServiceExW 0000000076ec3118 5 bytes JMP 00000001741e39f1 .text D:\pedmbxm7.exe[6424] C:\Windows\syswow64\ADVAPI32.dll!CreateServiceA 0000000076ec3158 5 bytes JMP 00000001741e3e71 .text D:\pedmbxm7.exe[6424] C:\Windows\syswow64\msvcrt.dll!_lock + 41 00000000753ca472 5 bytes JMP 00000001741e6931 .text D:\pedmbxm7.exe[6424] C:\Windows\syswow64\msvcrt.dll!__p__fmode 00000000753d27ce 5 bytes JMP 00000001741e1b91 .text D:\pedmbxm7.exe[6424] C:\Windows\syswow64\msvcrt.dll!__p__environ 00000000753de6cf 5 bytes JMP 00000001741e1b01 .text D:\pedmbxm7.exe[6424] C:\Windows\syswow64\USER32.dll!GetMessageW 00000000767a78e2 5 bytes JMP 00000001741e4021 .text D:\pedmbxm7.exe[6424] C:\Windows\syswow64\USER32.dll!GetMessageA 00000000767a7bd3 5 bytes JMP 00000001741e3f91 .text D:\pedmbxm7.exe[6424] C:\Windows\syswow64\USER32.dll!CreateWindowExW 00000000767a8a29 5 bytes JMP 00000001741e52b1 .text D:\pedmbxm7.exe[6424] C:\Windows\syswow64\USER32.dll!FindWindowW 00000000767a98fd 5 bytes JMP 00000001741e5cd1 .text D:\pedmbxm7.exe[6424] C:\Windows\syswow64\USER32.dll!UserClientDllInitialize 00000000767ab6ed 5 bytes JMP 00000001741e69c1 .text D:\pedmbxm7.exe[6424] C:\Windows\syswow64\USER32.dll!CreateWindowExA 00000000767ad22e 5 bytes JMP 00000001741e5341 .text D:\pedmbxm7.exe[6424] C:\Windows\syswow64\USER32.dll!FindWindowA 00000000767affe6 5 bytes JMP 00000001741e5bb1 .text D:\pedmbxm7.exe[6424] C:\Windows\syswow64\USER32.dll!FindWindowExA 00000000767b00d9 5 bytes JMP 00000001741e5c41 .text D:\pedmbxm7.exe[6424] C:\Windows\syswow64\USER32.dll!PeekMessageW 00000000767b05ba 5 bytes JMP 00000001741e4141 .text D:\pedmbxm7.exe[6424] C:\Windows\syswow64\USER32.dll!ShowWindow 00000000767b0dfb 5 bytes JMP 00000001741e53d1 .text D:\pedmbxm7.exe[6424] C:\Windows\syswow64\USER32.dll!PostMessageW 00000000767b12a5 5 bytes JMP 00000001741e6541 .text D:\pedmbxm7.exe[6424] C:\Windows\syswow64\USER32.dll!SetWindowTextW 00000000767b20ec 5 bytes JMP 00000001741e5731 .text D:\pedmbxm7.exe[6424] C:\Windows\syswow64\USER32.dll!PostMessageA 00000000767b3baa 5 bytes JMP 00000001741e64b1 .text D:\pedmbxm7.exe[6424] C:\Windows\syswow64\USER32.dll!PeekMessageA 00000000767b5f74 5 bytes JMP 00000001741e40b1 .text D:\pedmbxm7.exe[6424] C:\Windows\syswow64\USER32.dll!CallNextHookEx 00000000767b6285 5 bytes JMP 00000001741e4771 .text D:\pedmbxm7.exe[6424] C:\Windows\syswow64\USER32.dll!SetWindowsHookExW 00000000767b7603 5 bytes JMP 00000001741e2ac1 .text D:\pedmbxm7.exe[6424] C:\Windows\syswow64\USER32.dll!SetWindowTextA 00000000767b7aee 5 bytes JMP 00000001741e56a1 .text D:\pedmbxm7.exe[6424] C:\Windows\syswow64\USER32.dll!SetWindowsHookExA 00000000767b835c 5 bytes JMP 00000001741e2a31 .text D:\pedmbxm7.exe[6424] C:\Windows\syswow64\USER32.dll!DialogBoxIndirectParamAorW 00000000767cce54 5 bytes JMP 00000001741e54f1 .text D:\pedmbxm7.exe[6424] C:\Windows\syswow64\USER32.dll!UnhookWindowsHookEx 00000000767cf52b 5 bytes JMP 00000001741e4801 .text D:\pedmbxm7.exe[6424] C:\Windows\syswow64\USER32.dll!FindWindowExW 00000000767cf588 5 bytes JMP 00000001741e5d61 .text D:\pedmbxm7.exe[6424] C:\Windows\syswow64\USER32.dll!CreateDialogIndirectParamAorW 00000000767d10a0 5 bytes JMP 00000001741e5461 .text D:\pedmbxm7.exe[6424] C:\Windows\syswow64\USER32.dll!MessageBoxExA 00000000767ffcd6 5 bytes JMP 00000001741e5581 .text D:\pedmbxm7.exe[6424] C:\Windows\syswow64\USER32.dll!MessageBoxExW 00000000767ffcfa 5 bytes JMP 00000001741e5611 ---- Registry - GMER 2.1 ---- Reg HKLM\SYSTEM\CurrentControlSet\Control\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}\{069C4733-9739-4D98-B153-FED91F6F85AA}\Connection@Name isatap.{C5B60DF0-5C7A-4224-B4F5-AB5DD7FA6534} Reg HKLM\SYSTEM\CurrentControlSet\Control\Network\{4d36e975-e325-11ce-bfc1-08002be10318}\{2B07FAA1-8217-4E30-B5EC-FD4501E773BB}\Linkage@Bind \Device\{E717CAAC-C434-4BF7-80EE-2229492C3A89}?\Device\{069C4733-9739-4D98-B153-FED91F6F85AA}?\Device\{F29D6DF2-B905-4410-92C5-FBC2C3B4B058}?\Device\{AE21065A-2A9B-434E-BAD5-AD2246FC3BB8}?\Device\{FF30CC2A-C51A-487A-B50D-9B7036C83E0F}? Reg HKLM\SYSTEM\CurrentControlSet\Control\Network\{4d36e975-e325-11ce-bfc1-08002be10318}\{2B07FAA1-8217-4E30-B5EC-FD4501E773BB}\Linkage@Route "{E717CAAC-C434-4BF7-80EE-2229492C3A89}"?"{069C4733-9739-4D98-B153-FED91F6F85AA}"?"{F29D6DF2-B905-4410-92C5-FBC2C3B4B058}"?"{AE21065A-2A9B-434E-BAD5-AD2246FC3BB8}"?"{FF30CC2A-C51A-487A-B50D-9B7036C83E0F}"? Reg HKLM\SYSTEM\CurrentControlSet\Control\Network\{4d36e975-e325-11ce-bfc1-08002be10318}\{2B07FAA1-8217-4E30-B5EC-FD4501E773BB}\Linkage@Export \Device\TCPIP6TUNNEL_{E717CAAC-C434-4BF7-80EE-2229492C3A89}?\Device\TCPIP6TUNNEL_{069C4733-9739-4D98-B153-FED91F6F85AA}?\Device\TCPIP6TUNNEL_{F29D6DF2-B905-4410-92C5-FBC2C3B4B058}?\Device\TCPIP6TUNNEL_{AE21065A-2A9B-434E-BAD5-AD2246FC3BB8}?\Device\TCPIP6TUNNEL_{FF30CC2A-C51A-487A-B50D-9B7036C83E0F}? Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\0008ca3cc7cb Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\0008ca3cc7cb@98f537734f84 0xDB 0xB2 0x68 0xCC ... Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\0008ca3cc7cb@0021fc344d65 0x23 0xB7 0xAA 0x76 ... Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\0008ca3cc7cb@001979daa4a7 0xAC 0x23 0x3E 0xA4 ... Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\0008ca3cc7cb@6cf373bd1beb 0xDB 0xA4 0xBC 0x2D ... Reg HKLM\SYSTEM\CurrentControlSet\services\iphlpsvc\Parameters\Isatap\{069C4733-9739-4D98-B153-FED91F6F85AA}@InterfaceName isatap.{C5B60DF0-5C7A-4224-B4F5-AB5DD7FA6534} Reg HKLM\SYSTEM\CurrentControlSet\services\iphlpsvc\Parameters\Isatap\{069C4733-9739-4D98-B153-FED91F6F85AA}@ReusableType 0 Reg HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Epoch@Epoch 52832 Reg HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Epoch2@Epoch 40246 Reg HKLM\SYSTEM\CurrentControlSet\services\WmiApRpl\Performance@Object List 94100 94106 94118 94128 94138 94158 94202 94212 94250 94256 94272 Reg HKLM\SYSTEM\CurrentControlSet\services\WmiApRpl\Performance@Last Counter 94278 Reg HKLM\SYSTEM\CurrentControlSet\services\WmiApRpl\Performance@Last Help 94279 Reg HKLM\SYSTEM\CurrentControlSet\services\WmiApRpl\Performance@First Counter 94100 Reg HKLM\SYSTEM\CurrentControlSet\services\WmiApRpl\Performance@First Help 94101 Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\0008ca3cc7cb (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\0008ca3cc7cb@98f537734f84 0xDB 0xB2 0x68 0xCC ... Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\0008ca3cc7cb@0021fc344d65 0x23 0xB7 0xAA 0x76 ... Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\0008ca3cc7cb@001979daa4a7 0xAC 0x23 0x3E 0xA4 ... Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\0008ca3cc7cb@6cf373bd1beb 0xDB 0xA4 0xBC 0x2D ... ---- Files - GMER 2.1 ---- File C:\Windows\System32\wdi\{533a67eb-9fb5-473d-b884-958cf4b9c4a3}\{ce3e2bd0-6958-4ebf-a183-96abb7eacc22} 0 bytes File C:\Windows\System32\wdi\{533a67eb-9fb5-473d-b884-958cf4b9c4a3}\{ce3e2bd0-6958-4ebf-a183-96abb7eacc22}\snapshot.etl 1327104 bytes File C:\Windows\System32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\{24b6fa3e-2f89-428f-9578-6727897b4850} 0 bytes File C:\Windows\System32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\{24b6fa3e-2f89-428f-9578-6727897b4850}\snapshot.etl 360448 bytes File C:\Windows\System32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\{352286f2-73f7-42b9-87f4-834dad3cf3f2} 0 bytes File C:\Windows\System32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\{352286f2-73f7-42b9-87f4-834dad3cf3f2}\snapshot.etl 344064 bytes File C:\Windows\System32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\{67b25643-7a7f-4bc0-bb07-948519472ab0} 0 bytes File C:\Windows\System32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\{67b25643-7a7f-4bc0-bb07-948519472ab0}\snapshot.etl 327680 bytes File C:\Windows\System32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\{a4f05fc6-e07d-4668-ab46-e8e7cef8462a} 0 bytes File C:\Windows\System32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\{a4f05fc6-e07d-4668-ab46-e8e7cef8462a}\snapshot.etl 360448 bytes File C:\Windows\System32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\{d7367f6d-cd90-48fa-adc8-5f99c9175e71} 0 bytes File C:\Windows\System32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\{d7367f6d-cd90-48fa-adc8-5f99c9175e71}\snapshot.etl 344064 bytes File C:\Windows\System32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\{f0cfee64-720f-4dbc-9cac-879b77a3c142} 0 bytes File C:\Windows\System32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\{f0cfee64-720f-4dbc-9cac-879b77a3c142}\snapshot.etl 360448 bytes File C:\Windows\System32\wdi\{ffc42108-4920-4acf-a4fc-8abdcc68ada4}\{5a3db0d5-06e7-4fc0-a574-afc7d454e51b} 0 bytes File C:\Windows\System32\wdi\{ffc42108-4920-4acf-a4fc-8abdcc68ada4}\{5a3db0d5-06e7-4fc0-a574-afc7d454e51b}\snapshot.etl 1327104 bytes ---- EOF - GMER 2.1 ----