GMER 2.1.19163 - http://www.gmer.net Rootkit scan 2013-07-02 11:13:46 Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 OCZ-VERTEX4 rev.1.5 119,24GB Running: pedmbxm7.exe; Driver: C:\Users\RK\AppData\Local\Temp\pftiipoc.sys ---- User code sections - GMER 2.1 ---- .text C:\Windows\system32\atiesrxx.exe[1184] C:\Windows\system32\kernel32.dll!Process32NextW + 1 0000000076e320f1 11 bytes [B8, B9, CE, 9D, 75, 00, 00, ...] .text C:\Windows\system32\atiesrxx.exe[1184] C:\Windows\system32\kernel32.dll!CreateToolhelp32Snapshot 0000000076e321e0 12 bytes [48, B8, F9, 39, 9D, 75, 00, ...] .text C:\Windows\system32\atiesrxx.exe[1184] C:\Windows\system32\kernel32.dll!CreateProcessInternalW 0000000076e4e750 12 bytes [48, B8, B9, 2D, 9D, 75, 00, ...] .text C:\Windows\system32\atiesrxx.exe[1184] C:\Windows\system32\kernel32.dll!GetStartupInfoA + 1 0000000076e51e31 11 bytes [B8, 39, E0, 9D, 75, 00, 00, ...] .text C:\Windows\system32\atiesrxx.exe[1184] C:\Windows\system32\kernel32.dll!ReadConsoleInputW + 1 0000000076e85011 11 bytes [B8, 79, 75, 9D, 75, 00, 00, ...] .text C:\Windows\system32\atiesrxx.exe[1184] C:\Windows\system32\kernel32.dll!ReadConsoleInputA + 1 0000000076e85031 11 bytes [B8, F9, 71, 9D, 75, 00, 00, ...] .text C:\Windows\system32\atiesrxx.exe[1184] C:\Windows\system32\kernel32.dll!ReadConsoleW 0000000076e9a560 12 bytes [48, B8, 79, 7C, 9D, 75, 00, ...] .text C:\Windows\system32\atiesrxx.exe[1184] C:\Windows\system32\kernel32.dll!ReadConsoleA 0000000076e9a670 12 bytes [48, B8, F9, 78, 9D, 75, 00, ...] .text C:\Windows\system32\atiesrxx.exe[1184] C:\Windows\system32\KERNELBASE.dll!CloseHandle + 1 000007fefd101861 11 bytes [B8, 39, 4D, 9D, 75, 00, 00, ...] .text C:\Windows\system32\atiesrxx.exe[1184] C:\Windows\system32\KERNELBASE.dll!GetProcAddress + 1 000007fefd1030f1 11 bytes [B8, 39, C4, 9D, 75, 00, 00, ...] .text C:\Windows\system32\atiesrxx.exe[1184] C:\Windows\system32\KERNELBASE.dll!CreateMutexW 000007fefd108b80 12 bytes [48, B8, 79, 4B, 9D, 75, 00, ...] .text C:\Windows\system32\atiesrxx.exe[1184] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd109940 12 bytes [48, B8, B9, C0, 9D, 75, 00, ...] .text C:\Windows\system32\atiesrxx.exe[1184] C:\Windows\system32\KERNELBASE.dll!FreeLibrary + 1 000007fefd109fb1 11 bytes [B8, 79, C2, 9D, 75, 00, 00, ...] .text C:\Windows\system32\atiesrxx.exe[1184] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExA + 1 000007fefd10bbb1 11 bytes [B8, F9, BE, 9D, 75, 00, 00, ...] .text C:\Windows\system32\atiesrxx.exe[1184] C:\Windows\system32\KERNELBASE.dll!OpenMutexW + 1 000007fefd1129c1 11 bytes [B8, B9, 49, 9D, 75, 00, 00, ...] .text C:\Windows\system32\atiesrxx.exe[1184] C:\Windows\system32\KERNELBASE.dll!WriteProcessMemory 000007fefd134320 12 bytes [48, B8, 79, 3D, 9D, 75, 00, ...] .text C:\Windows\system32\atiesrxx.exe[1184] C:\Windows\system32\KERNELBASE.dll!CreateRemoteThread + 1 000007fefd142841 8 bytes [B8, 39, 23, 9D, 75, 00, 00, ...] .text C:\Windows\system32\atiesrxx.exe[1184] C:\Windows\system32\KERNELBASE.dll!CreateRemoteThread + 10 000007fefd14284a 2 bytes [50, C3] .text C:\Windows\system32\atiesrxx.exe[1184] C:\Windows\system32\KERNELBASE.dll!CreateThread + 1 000007fefd142881 11 bytes [B8, B9, 3B, 9D, 75, 00, 00, ...] .text C:\Windows\System32\svchost.exe[1260] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateProcessParametersEx + 1 0000000076f892a1 5 bytes [B8, F9, 63, 9D, 75] .text C:\Windows\System32\svchost.exe[1260] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateProcessParametersEx + 7 0000000076f892a7 5 bytes [00, 00, 00, 50, C3] .text C:\Windows\System32\svchost.exe[1260] C:\Windows\SYSTEM32\ntdll.dll!NtWriteFile 0000000076fa1390 6 bytes [48, B8, 39, E7, 9D, 75] .text C:\Windows\System32\svchost.exe[1260] C:\Windows\SYSTEM32\ntdll.dll!NtWriteFile + 8 0000000076fa1398 4 bytes [00, 00, 50, C3] .text C:\Windows\System32\svchost.exe[1260] C:\Windows\SYSTEM32\ntdll.dll!NtClose 0000000076fa1400 6 bytes [48, B8, 79, D0, 9D, 75] .text C:\Windows\System32\svchost.exe[1260] C:\Windows\SYSTEM32\ntdll.dll!NtClose + 8 0000000076fa1408 4 bytes [00, 00, 50, C3] .text C:\Windows\System32\svchost.exe[1260] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess 0000000076fa14d0 6 bytes [48, B8, 39, BD, 9D, 75] .text C:\Windows\System32\svchost.exe[1260] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess + 8 0000000076fa14d8 4 bytes [00, 00, 50, C3] .text C:\Windows\System32\svchost.exe[1260] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000076fa1570 6 bytes [48, B8, F9, 32, 9D, 75] .text C:\Windows\System32\svchost.exe[1260] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess + 8 0000000076fa1578 4 bytes [00, 00, 50, C3] .text C:\Windows\System32\svchost.exe[1260] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 0000000076fa1590 6 bytes [48, B8, 39, 1C, 9D, 75] .text C:\Windows\System32\svchost.exe[1260] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection + 8 0000000076fa1598 4 bytes [00, 00, 50, C3] .text C:\Windows\System32\svchost.exe[1260] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection 0000000076fa15b0 6 bytes [48, B8, F9, 1D, 9D, 75] .text C:\Windows\System32\svchost.exe[1260] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection + 8 0000000076fa15b8 4 bytes [00, 00, 50, C3] .text C:\Windows\System32\svchost.exe[1260] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076fa15d0 6 bytes [48, B8, 79, BB, 9D, 75] .text C:\Windows\System32\svchost.exe[1260] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess + 8 0000000076fa15d8 4 bytes [00, 00, 50, C3] .text C:\Windows\System32\svchost.exe[1260] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076fa1680 6 bytes [48, B8, B9, E3, 9D, 75] .text C:\Windows\System32\svchost.exe[1260] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection + 8 0000000076fa1688 4 bytes [00, 00, 50, C3] .text C:\Windows\System32\svchost.exe[1260] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076fa16b0 6 bytes [48, B8, 79, 2F, 9D, 75] .text C:\Windows\System32\svchost.exe[1260] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory + 8 0000000076fa16b8 4 bytes [00, 00, 50, C3] .text C:\Windows\System32\svchost.exe[1260] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000076fa16d0 6 bytes [48, B8, 79, 36, 9D, 75] .text C:\Windows\System32\svchost.exe[1260] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject + 8 0000000076fa16d8 4 bytes [00, 00, 50, C3] .text C:\Windows\System32\svchost.exe[1260] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 0000000076fa1760 6 bytes [48, B8, B9, 34, 9D, 75] .text C:\Windows\System32\svchost.exe[1260] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread + 8 0000000076fa1768 4 bytes [00, 00, 50, C3] .text C:\Windows\System32\svchost.exe[1260] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076fa17b0 6 bytes [48, B8, F9, E8, 9D, 75] .text C:\Windows\System32\svchost.exe[1260] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection + 8 0000000076fa17b8 4 bytes [00, 00, 50, C3] .text C:\Windows\System32\svchost.exe[1260] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcessEx 0000000076fa17e0 6 bytes [48, B8, 39, 2A, 9D, 75] .text C:\Windows\System32\svchost.exe[1260] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcessEx + 8 0000000076fa17e8 4 bytes [00, 00, 50, C3] .text C:\Windows\System32\svchost.exe[1260] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076fa17f0 6 bytes [48, B8, B9, 26, 9D, 75] .text C:\Windows\System32\svchost.exe[1260] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread + 8 0000000076fa17f8 4 bytes [00, 00, 50, C3] .text C:\Windows\System32\svchost.exe[1260] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 0000000076fa1860 6 bytes [48, B8, 79, E5, 9D, 75] .text C:\Windows\System32\svchost.exe[1260] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile + 8 0000000076fa1868 4 bytes [00, 00, 50, C3] .text C:\Windows\System32\svchost.exe[1260] C:\Windows\SYSTEM32\ntdll.dll!NtSetValueKey 0000000076fa1910 6 bytes [48, B8, 79, EC, 9D, 75] .text C:\Windows\System32\svchost.exe[1260] C:\Windows\SYSTEM32\ntdll.dll!NtSetValueKey + 8 0000000076fa1918 4 bytes [00, 00, 50, C3] .text C:\Windows\System32\svchost.exe[1260] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076fa1ce0 6 bytes [48, B8, F9, E1, 9D, 75] .text C:\Windows\System32\svchost.exe[1260] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant + 8 0000000076fa1ce8 4 bytes [00, 00, 50, C3] .text C:\Windows\System32\svchost.exe[1260] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcess 0000000076fa1d30 6 bytes [48, B8, 79, 28, 9D, 75] .text C:\Windows\System32\svchost.exe[1260] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcess + 8 0000000076fa1d38 4 bytes [00, 00, 50, C3] .text C:\Windows\System32\svchost.exe[1260] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076fa1d90 6 bytes [48, B8, F9, 24, 9D, 75] .text C:\Windows\System32\svchost.exe[1260] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx + 8 0000000076fa1d98 4 bytes [00, 00, 50, C3] .text C:\Windows\System32\svchost.exe[1260] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076fa2100 6 bytes [48, B8, 39, D2, 9D, 75] .text C:\Windows\System32\svchost.exe[1260] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver + 8 0000000076fa2108 4 bytes [00, 00, 50, C3] .text C:\Windows\System32\svchost.exe[1260] C:\Windows\SYSTEM32\ntdll.dll!NtRaiseHardError 0000000076fa2640 6 bytes [48, B8, 39, 7E, 9D, 75] .text C:\Windows\System32\svchost.exe[1260] C:\Windows\SYSTEM32\ntdll.dll!NtRaiseHardError + 8 0000000076fa2648 4 bytes [00, 00, 50, C3] .text C:\Windows\System32\svchost.exe[1260] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076fa2840 6 bytes [48, B8, 39, 31, 9D, 75] .text C:\Windows\System32\svchost.exe[1260] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread + 8 0000000076fa2848 4 bytes [00, 00, 50, C3] .text C:\Windows\System32\svchost.exe[1260] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000076fa2a00 6 bytes [48, B8, F9, D3, 9D, 75] .text C:\Windows\System32\svchost.exe[1260] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation + 8 0000000076fa2a08 4 bytes [00, 00, 50, C3] .text C:\Windows\System32\svchost.exe[1260] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076fa2b00 6 bytes [48, B8, B9, EA, 9D, 75] .text C:\Windows\System32\svchost.exe[1260] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl + 8 0000000076fa2b08 4 bytes [00, 00, 50, C3] .text C:\Windows\System32\svchost.exe[1260] C:\Windows\SYSTEM32\ntdll.dll!RtlReportException + 1 00000000770131f1 11 bytes [B8, F9, 7F, 9D, 75, 00, 00, ...] .text C:\Windows\System32\svchost.exe[1260] C:\Windows\system32\kernel32.dll!Process32NextW + 1 0000000076e320f1 11 bytes [B8, B9, CE, 9D, 75, 00, 00, ...] .text C:\Windows\System32\svchost.exe[1260] C:\Windows\system32\kernel32.dll!CreateToolhelp32Snapshot 0000000076e321e0 12 bytes [48, B8, F9, 39, 9D, 75, 00, ...] .text C:\Windows\System32\svchost.exe[1260] C:\Windows\system32\kernel32.dll!CreateProcessInternalW 0000000076e4e750 12 bytes [48, B8, B9, 2D, 9D, 75, 00, ...] .text C:\Windows\System32\svchost.exe[1260] C:\Windows\system32\kernel32.dll!GetStartupInfoA + 1 0000000076e51e31 11 bytes [B8, 39, E0, 9D, 75, 00, 00, ...] .text C:\Windows\System32\svchost.exe[1260] C:\Windows\system32\kernel32.dll!ReadConsoleInputW + 1 0000000076e85011 11 bytes [B8, 79, 75, 9D, 75, 00, 00, ...] .text C:\Windows\System32\svchost.exe[1260] C:\Windows\system32\kernel32.dll!ReadConsoleInputA + 1 0000000076e85031 11 bytes [B8, F9, 71, 9D, 75, 00, 00, ...] .text C:\Windows\System32\svchost.exe[1260] C:\Windows\system32\kernel32.dll!ReadConsoleW 0000000076e9a560 12 bytes [48, B8, 79, 7C, 9D, 75, 00, ...] .text C:\Windows\System32\svchost.exe[1260] C:\Windows\system32\kernel32.dll!ReadConsoleA 0000000076e9a670 12 bytes [48, B8, F9, 78, 9D, 75, 00, ...] .text C:\Windows\System32\svchost.exe[1260] C:\Windows\system32\KERNELBASE.dll!CloseHandle + 1 000007fefd101861 11 bytes [B8, 39, 4D, 9D, 75, 00, 00, ...] .text C:\Windows\System32\svchost.exe[1260] C:\Windows\system32\KERNELBASE.dll!GetProcAddress + 1 000007fefd1030f1 11 bytes [B8, 39, C4, 9D, 75, 00, 00, ...] .text C:\Windows\System32\svchost.exe[1260] C:\Windows\system32\KERNELBASE.dll!CreateMutexW 000007fefd108b80 12 bytes [48, B8, 79, 4B, 9D, 75, 00, ...] .text C:\Windows\System32\svchost.exe[1260] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd109940 12 bytes [48, B8, B9, C0, 9D, 75, 00, ...] .text C:\Windows\System32\svchost.exe[1260] C:\Windows\system32\KERNELBASE.dll!FreeLibrary + 1 000007fefd109fb1 11 bytes [B8, 79, C2, 9D, 75, 00, 00, ...] .text C:\Windows\System32\svchost.exe[1260] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExA + 1 000007fefd10bbb1 11 bytes [B8, F9, BE, 9D, 75, 00, 00, ...] .text C:\Windows\System32\svchost.exe[1260] C:\Windows\system32\KERNELBASE.dll!OpenMutexW + 1 000007fefd1129c1 11 bytes [B8, B9, 49, 9D, 75, 00, 00, ...] .text C:\Windows\System32\svchost.exe[1260] C:\Windows\system32\KERNELBASE.dll!WriteProcessMemory 000007fefd134320 12 bytes [48, B8, 79, 3D, 9D, 75, 00, ...] .text C:\Windows\System32\svchost.exe[1260] C:\Windows\system32\KERNELBASE.dll!CreateRemoteThread + 1 000007fefd142841 8 bytes [B8, 39, 23, 9D, 75, 00, 00, ...] .text C:\Windows\System32\svchost.exe[1260] C:\Windows\system32\KERNELBASE.dll!CreateRemoteThread + 10 000007fefd14284a 2 bytes [50, C3] .text C:\Windows\System32\svchost.exe[1260] C:\Windows\system32\KERNELBASE.dll!CreateThread + 1 000007fefd142881 11 bytes [B8, B9, 3B, 9D, 75, 00, 00, ...] .text C:\Windows\System32\svchost.exe[1260] C:\Windows\system32\WS2_32.dll!WSASend + 1 000007fefdeb13b1 11 bytes [B8, B9, B9, 9D, 75, 00, 00, ...] .text C:\Windows\System32\svchost.exe[1260] C:\Windows\system32\WS2_32.dll!closesocket 000007fefdeb18e0 12 bytes [48, B8, F9, B7, 9D, 75, 00, ...] .text C:\Windows\System32\svchost.exe[1260] C:\Windows\system32\WS2_32.dll!WSASocketW + 1 000007fefdeb1bd1 11 bytes [B8, 39, B6, 9D, 75, 00, 00, ...] .text C:\Windows\System32\svchost.exe[1260] C:\Windows\system32\WS2_32.dll!WSARecv + 1 000007fefdeb2201 11 bytes [B8, B9, DC, 9D, 75, 00, 00, ...] .text C:\Windows\System32\svchost.exe[1260] C:\Windows\system32\WS2_32.dll!GetAddrInfoW 000007fefdeb23c0 12 bytes [48, B8, 39, A1, 9D, 75, 00, ...] .text C:\Windows\System32\svchost.exe[1260] C:\Windows\system32\WS2_32.dll!connect 000007fefdeb45c0 12 bytes [48, B8, 39, 62, 9D, 75, 00, ...] .text C:\Windows\System32\svchost.exe[1260] C:\Windows\system32\WS2_32.dll!send + 1 000007fefdeb8001 11 bytes [B8, 79, B4, 9D, 75, 00, 00, ...] .text C:\Windows\System32\svchost.exe[1260] C:\Windows\system32\WS2_32.dll!gethostbyname 000007fefdeb8df0 7 bytes [48, B8, F9, A2, 9D, 75, 00] .text C:\Windows\System32\svchost.exe[1260] C:\Windows\system32\WS2_32.dll!gethostbyname + 9 000007fefdeb8df9 3 bytes [00, 50, C3] .text C:\Windows\System32\svchost.exe[1260] C:\Windows\system32\WS2_32.dll!socket + 1 000007fefdebde91 11 bytes [B8, B9, D5, 9D, 75, 00, 00, ...] .text C:\Windows\System32\svchost.exe[1260] C:\Windows\system32\WS2_32.dll!recv + 1 000007fefdebdf41 11 bytes [B8, F9, DA, 9D, 75, 00, 00, ...] .text C:\Windows\System32\svchost.exe[1260] C:\Windows\system32\WS2_32.dll!WSAConnect + 1 000007fefdede0f1 11 bytes [B8, 39, D9, 9D, 75, 00, 00, ...] .text C:\Windows\System32\svchost.exe[1320] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateProcessParametersEx + 1 0000000076f892a1 5 bytes [B8, F9, 63, 9D, 75] .text C:\Windows\System32\svchost.exe[1320] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateProcessParametersEx + 7 0000000076f892a7 5 bytes [00, 00, 00, 50, C3] .text C:\Windows\System32\svchost.exe[1320] C:\Windows\SYSTEM32\ntdll.dll!NtWriteFile 0000000076fa1390 6 bytes [48, B8, 39, E7, 9D, 75] .text C:\Windows\System32\svchost.exe[1320] C:\Windows\SYSTEM32\ntdll.dll!NtWriteFile + 8 0000000076fa1398 4 bytes [00, 00, 50, C3] .text C:\Windows\System32\svchost.exe[1320] C:\Windows\SYSTEM32\ntdll.dll!NtClose 0000000076fa1400 6 bytes [48, B8, 79, D0, 9D, 75] .text C:\Windows\System32\svchost.exe[1320] C:\Windows\SYSTEM32\ntdll.dll!NtClose + 8 0000000076fa1408 4 bytes [00, 00, 50, C3] .text C:\Windows\System32\svchost.exe[1320] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess 0000000076fa14d0 6 bytes [48, B8, 39, BD, 9D, 75] .text C:\Windows\System32\svchost.exe[1320] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess + 8 0000000076fa14d8 4 bytes [00, 00, 50, C3] .text C:\Windows\System32\svchost.exe[1320] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000076fa1570 6 bytes [48, B8, F9, 32, 9D, 75] .text C:\Windows\System32\svchost.exe[1320] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess + 8 0000000076fa1578 4 bytes [00, 00, 50, C3] .text C:\Windows\System32\svchost.exe[1320] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 0000000076fa1590 6 bytes [48, B8, 39, 1C, 9D, 75] .text C:\Windows\System32\svchost.exe[1320] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection + 8 0000000076fa1598 4 bytes [00, 00, 50, C3] .text C:\Windows\System32\svchost.exe[1320] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection 0000000076fa15b0 6 bytes [48, B8, F9, 1D, 9D, 75] .text C:\Windows\System32\svchost.exe[1320] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection + 8 0000000076fa15b8 4 bytes [00, 00, 50, C3] .text C:\Windows\System32\svchost.exe[1320] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076fa15d0 6 bytes [48, B8, 79, BB, 9D, 75] .text C:\Windows\System32\svchost.exe[1320] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess + 8 0000000076fa15d8 4 bytes [00, 00, 50, C3] .text C:\Windows\System32\svchost.exe[1320] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076fa1680 6 bytes [48, B8, B9, E3, 9D, 75] .text C:\Windows\System32\svchost.exe[1320] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection + 8 0000000076fa1688 4 bytes [00, 00, 50, C3] .text C:\Windows\System32\svchost.exe[1320] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076fa16b0 6 bytes [48, B8, 79, 2F, 9D, 75] .text C:\Windows\System32\svchost.exe[1320] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory + 8 0000000076fa16b8 4 bytes [00, 00, 50, C3] .text C:\Windows\System32\svchost.exe[1320] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000076fa16d0 6 bytes [48, B8, 79, 36, 9D, 75] .text C:\Windows\System32\svchost.exe[1320] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject + 8 0000000076fa16d8 4 bytes [00, 00, 50, C3] .text C:\Windows\System32\svchost.exe[1320] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 0000000076fa1760 6 bytes [48, B8, B9, 34, 9D, 75] .text C:\Windows\System32\svchost.exe[1320] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread + 8 0000000076fa1768 4 bytes [00, 00, 50, C3] .text C:\Windows\System32\svchost.exe[1320] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076fa17b0 6 bytes [48, B8, F9, E8, 9D, 75] .text C:\Windows\System32\svchost.exe[1320] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection + 8 0000000076fa17b8 4 bytes [00, 00, 50, C3] .text C:\Windows\System32\svchost.exe[1320] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcessEx 0000000076fa17e0 6 bytes [48, B8, 39, 2A, 9D, 75] .text C:\Windows\System32\svchost.exe[1320] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcessEx + 8 0000000076fa17e8 4 bytes [00, 00, 50, C3] .text C:\Windows\System32\svchost.exe[1320] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076fa17f0 6 bytes [48, B8, B9, 26, 9D, 75] .text C:\Windows\System32\svchost.exe[1320] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread + 8 0000000076fa17f8 4 bytes [00, 00, 50, C3] .text C:\Windows\System32\svchost.exe[1320] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 0000000076fa1860 6 bytes [48, B8, 79, E5, 9D, 75] .text C:\Windows\System32\svchost.exe[1320] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile + 8 0000000076fa1868 4 bytes [00, 00, 50, C3] .text C:\Windows\System32\svchost.exe[1320] C:\Windows\SYSTEM32\ntdll.dll!NtSetValueKey 0000000076fa1910 6 bytes [48, B8, 79, EC, 9D, 75] .text C:\Windows\System32\svchost.exe[1320] C:\Windows\SYSTEM32\ntdll.dll!NtSetValueKey + 8 0000000076fa1918 4 bytes [00, 00, 50, C3] .text C:\Windows\System32\svchost.exe[1320] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076fa1ce0 6 bytes [48, B8, F9, E1, 9D, 75] .text C:\Windows\System32\svchost.exe[1320] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant + 8 0000000076fa1ce8 4 bytes [00, 00, 50, C3] .text C:\Windows\System32\svchost.exe[1320] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcess 0000000076fa1d30 6 bytes [48, B8, 79, 28, 9D, 75] .text C:\Windows\System32\svchost.exe[1320] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcess + 8 0000000076fa1d38 4 bytes [00, 00, 50, C3] .text C:\Windows\System32\svchost.exe[1320] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076fa1d90 6 bytes [48, B8, F9, 24, 9D, 75] .text C:\Windows\System32\svchost.exe[1320] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx + 8 0000000076fa1d98 4 bytes [00, 00, 50, C3] .text C:\Windows\System32\svchost.exe[1320] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076fa2100 6 bytes [48, B8, 39, D2, 9D, 75] .text C:\Windows\System32\svchost.exe[1320] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver + 8 0000000076fa2108 4 bytes [00, 00, 50, C3] .text C:\Windows\System32\svchost.exe[1320] C:\Windows\SYSTEM32\ntdll.dll!NtRaiseHardError 0000000076fa2640 6 bytes [48, B8, 39, 7E, 9D, 75] .text C:\Windows\System32\svchost.exe[1320] C:\Windows\SYSTEM32\ntdll.dll!NtRaiseHardError + 8 0000000076fa2648 4 bytes [00, 00, 50, C3] .text C:\Windows\System32\svchost.exe[1320] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076fa2840 6 bytes [48, B8, 39, 31, 9D, 75] .text C:\Windows\System32\svchost.exe[1320] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread + 8 0000000076fa2848 4 bytes [00, 00, 50, C3] .text C:\Windows\System32\svchost.exe[1320] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000076fa2a00 6 bytes [48, B8, F9, D3, 9D, 75] .text C:\Windows\System32\svchost.exe[1320] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation + 8 0000000076fa2a08 4 bytes [00, 00, 50, C3] .text C:\Windows\System32\svchost.exe[1320] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076fa2b00 6 bytes [48, B8, B9, EA, 9D, 75] .text C:\Windows\System32\svchost.exe[1320] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl + 8 0000000076fa2b08 4 bytes [00, 00, 50, C3] .text C:\Windows\System32\svchost.exe[1320] C:\Windows\SYSTEM32\ntdll.dll!RtlReportException + 1 00000000770131f1 11 bytes [B8, F9, 7F, 9D, 75, 00, 00, ...] .text C:\Windows\System32\svchost.exe[1320] C:\Windows\system32\kernel32.dll!Process32NextW + 1 0000000076e320f1 11 bytes [B8, B9, CE, 9D, 75, 00, 00, ...] .text C:\Windows\System32\svchost.exe[1320] C:\Windows\system32\kernel32.dll!CreateToolhelp32Snapshot 0000000076e321e0 12 bytes [48, B8, F9, 39, 9D, 75, 00, ...] .text C:\Windows\System32\svchost.exe[1320] C:\Windows\system32\kernel32.dll!CreateProcessInternalW 0000000076e4e750 12 bytes [48, B8, B9, 2D, 9D, 75, 00, ...] .text C:\Windows\System32\svchost.exe[1320] C:\Windows\system32\kernel32.dll!GetStartupInfoA + 1 0000000076e51e31 11 bytes [B8, 39, E0, 9D, 75, 00, 00, ...] .text C:\Windows\System32\svchost.exe[1320] C:\Windows\system32\kernel32.dll!ReadConsoleInputW + 1 0000000076e85011 11 bytes [B8, 79, 75, 9D, 75, 00, 00, ...] .text C:\Windows\System32\svchost.exe[1320] C:\Windows\system32\kernel32.dll!ReadConsoleInputA + 1 0000000076e85031 11 bytes [B8, F9, 71, 9D, 75, 00, 00, ...] .text C:\Windows\System32\svchost.exe[1320] C:\Windows\system32\kernel32.dll!ReadConsoleW 0000000076e9a560 12 bytes [48, B8, 79, 7C, 9D, 75, 00, ...] .text C:\Windows\System32\svchost.exe[1320] C:\Windows\system32\kernel32.dll!ReadConsoleA 0000000076e9a670 12 bytes [48, B8, F9, 78, 9D, 75, 00, ...] .text C:\Windows\System32\svchost.exe[1320] C:\Windows\system32\KERNELBASE.dll!CloseHandle + 1 000007fefd101861 11 bytes [B8, 39, 4D, 9D, 75, 00, 00, ...] .text C:\Windows\System32\svchost.exe[1320] C:\Windows\system32\KERNELBASE.dll!GetProcAddress + 1 000007fefd1030f1 11 bytes [B8, 39, C4, 9D, 75, 00, 00, ...] .text C:\Windows\System32\svchost.exe[1320] C:\Windows\system32\KERNELBASE.dll!CreateMutexW 000007fefd108b80 12 bytes [48, B8, 79, 4B, 9D, 75, 00, ...] .text C:\Windows\System32\svchost.exe[1320] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd109940 12 bytes [48, B8, B9, C0, 9D, 75, 00, ...] .text C:\Windows\System32\svchost.exe[1320] C:\Windows\system32\KERNELBASE.dll!FreeLibrary + 1 000007fefd109fb1 11 bytes [B8, 79, C2, 9D, 75, 00, 00, ...] .text C:\Windows\System32\svchost.exe[1320] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExA + 1 000007fefd10bbb1 11 bytes [B8, F9, BE, 9D, 75, 00, 00, ...] .text C:\Windows\System32\svchost.exe[1320] C:\Windows\system32\KERNELBASE.dll!OpenMutexW + 1 000007fefd1129c1 11 bytes [B8, B9, 49, 9D, 75, 00, 00, ...] .text C:\Windows\System32\svchost.exe[1320] C:\Windows\system32\KERNELBASE.dll!WriteProcessMemory 000007fefd134320 12 bytes [48, B8, 79, 3D, 9D, 75, 00, ...] .text C:\Windows\System32\svchost.exe[1320] C:\Windows\system32\KERNELBASE.dll!CreateRemoteThread + 1 000007fefd142841 8 bytes [B8, 39, 23, 9D, 75, 00, 00, ...] .text C:\Windows\System32\svchost.exe[1320] C:\Windows\system32\KERNELBASE.dll!CreateRemoteThread + 10 000007fefd14284a 2 bytes [50, C3] .text C:\Windows\System32\svchost.exe[1320] C:\Windows\system32\KERNELBASE.dll!CreateThread + 1 000007fefd142881 11 bytes [B8, B9, 3B, 9D, 75, 00, 00, ...] .text C:\Windows\system32\svchost.exe[1364] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateProcessParametersEx + 1 0000000076f892a1 5 bytes [B8, F9, 63, 9D, 75] .text C:\Windows\system32\svchost.exe[1364] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateProcessParametersEx + 7 0000000076f892a7 5 bytes [00, 00, 00, 50, C3] .text C:\Windows\system32\svchost.exe[1364] C:\Windows\SYSTEM32\ntdll.dll!NtWriteFile 0000000076fa1390 6 bytes [48, B8, 39, E7, 9D, 75] .text C:\Windows\system32\svchost.exe[1364] C:\Windows\SYSTEM32\ntdll.dll!NtWriteFile + 8 0000000076fa1398 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\svchost.exe[1364] C:\Windows\SYSTEM32\ntdll.dll!NtClose 0000000076fa1400 6 bytes [48, B8, 79, D0, 9D, 75] .text C:\Windows\system32\svchost.exe[1364] C:\Windows\SYSTEM32\ntdll.dll!NtClose + 8 0000000076fa1408 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\svchost.exe[1364] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess 0000000076fa14d0 6 bytes [48, B8, 39, BD, 9D, 75] .text C:\Windows\system32\svchost.exe[1364] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess + 8 0000000076fa14d8 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\svchost.exe[1364] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000076fa1570 6 bytes [48, B8, F9, 32, 9D, 75] .text C:\Windows\system32\svchost.exe[1364] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess + 8 0000000076fa1578 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\svchost.exe[1364] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 0000000076fa1590 6 bytes [48, B8, 39, 1C, 9D, 75] .text C:\Windows\system32\svchost.exe[1364] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection + 8 0000000076fa1598 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\svchost.exe[1364] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection 0000000076fa15b0 6 bytes [48, B8, F9, 1D, 9D, 75] .text C:\Windows\system32\svchost.exe[1364] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection + 8 0000000076fa15b8 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\svchost.exe[1364] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076fa15d0 6 bytes [48, B8, 79, BB, 9D, 75] .text C:\Windows\system32\svchost.exe[1364] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess + 8 0000000076fa15d8 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\svchost.exe[1364] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076fa1680 6 bytes [48, B8, B9, E3, 9D, 75] .text C:\Windows\system32\svchost.exe[1364] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection + 8 0000000076fa1688 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\svchost.exe[1364] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076fa16b0 6 bytes [48, B8, 79, 2F, 9D, 75] .text C:\Windows\system32\svchost.exe[1364] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory + 8 0000000076fa16b8 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\svchost.exe[1364] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000076fa16d0 6 bytes [48, B8, 79, 36, 9D, 75] .text C:\Windows\system32\svchost.exe[1364] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject + 8 0000000076fa16d8 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\svchost.exe[1364] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 0000000076fa1760 6 bytes [48, B8, B9, 34, 9D, 75] .text C:\Windows\system32\svchost.exe[1364] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread + 8 0000000076fa1768 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\svchost.exe[1364] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076fa17b0 6 bytes [48, B8, F9, E8, 9D, 75] .text C:\Windows\system32\svchost.exe[1364] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection + 8 0000000076fa17b8 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\svchost.exe[1364] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcessEx 0000000076fa17e0 6 bytes [48, B8, 39, 2A, 9D, 75] .text C:\Windows\system32\svchost.exe[1364] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcessEx + 8 0000000076fa17e8 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\svchost.exe[1364] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076fa17f0 6 bytes [48, B8, B9, 26, 9D, 75] .text C:\Windows\system32\svchost.exe[1364] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread + 8 0000000076fa17f8 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\svchost.exe[1364] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 0000000076fa1860 6 bytes [48, B8, 79, E5, 9D, 75] .text C:\Windows\system32\svchost.exe[1364] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile + 8 0000000076fa1868 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\svchost.exe[1364] C:\Windows\SYSTEM32\ntdll.dll!NtSetValueKey 0000000076fa1910 6 bytes [48, B8, 79, EC, 9D, 75] .text C:\Windows\system32\svchost.exe[1364] C:\Windows\SYSTEM32\ntdll.dll!NtSetValueKey + 8 0000000076fa1918 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\svchost.exe[1364] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076fa1ce0 6 bytes [48, B8, F9, E1, 9D, 75] .text C:\Windows\system32\svchost.exe[1364] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant + 8 0000000076fa1ce8 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\svchost.exe[1364] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcess 0000000076fa1d30 6 bytes [48, B8, 79, 28, 9D, 75] .text C:\Windows\system32\svchost.exe[1364] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcess + 8 0000000076fa1d38 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\svchost.exe[1364] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076fa1d90 6 bytes [48, B8, F9, 24, 9D, 75] .text C:\Windows\system32\svchost.exe[1364] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx + 8 0000000076fa1d98 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\svchost.exe[1364] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076fa2100 6 bytes [48, B8, 39, D2, 9D, 75] .text C:\Windows\system32\svchost.exe[1364] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver + 8 0000000076fa2108 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\svchost.exe[1364] C:\Windows\SYSTEM32\ntdll.dll!NtRaiseHardError 0000000076fa2640 6 bytes [48, B8, 39, 7E, 9D, 75] .text C:\Windows\system32\svchost.exe[1364] C:\Windows\SYSTEM32\ntdll.dll!NtRaiseHardError + 8 0000000076fa2648 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\svchost.exe[1364] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076fa2840 6 bytes [48, B8, 39, 31, 9D, 75] .text C:\Windows\system32\svchost.exe[1364] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread + 8 0000000076fa2848 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\svchost.exe[1364] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000076fa2a00 6 bytes [48, B8, F9, D3, 9D, 75] .text C:\Windows\system32\svchost.exe[1364] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation + 8 0000000076fa2a08 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\svchost.exe[1364] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076fa2b00 6 bytes [48, B8, B9, EA, 9D, 75] .text C:\Windows\system32\svchost.exe[1364] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl + 8 0000000076fa2b08 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\svchost.exe[1364] C:\Windows\SYSTEM32\ntdll.dll!RtlReportException + 1 00000000770131f1 11 bytes [B8, F9, 7F, 9D, 75, 00, 00, ...] .text C:\Windows\system32\svchost.exe[1364] C:\Windows\system32\kernel32.dll!Process32NextW + 1 0000000076e320f1 11 bytes [B8, B9, CE, 9D, 75, 00, 00, ...] .text C:\Windows\system32\svchost.exe[1364] C:\Windows\system32\kernel32.dll!CreateToolhelp32Snapshot 0000000076e321e0 12 bytes [48, B8, F9, 39, 9D, 75, 00, ...] .text C:\Windows\system32\svchost.exe[1364] C:\Windows\system32\kernel32.dll!CreateProcessInternalW 0000000076e4e750 12 bytes [48, B8, B9, 2D, 9D, 75, 00, ...] .text C:\Windows\system32\svchost.exe[1364] C:\Windows\system32\kernel32.dll!GetStartupInfoA + 1 0000000076e51e31 11 bytes [B8, 39, E0, 9D, 75, 00, 00, ...] .text C:\Windows\system32\svchost.exe[1364] C:\Windows\system32\kernel32.dll!ReadConsoleInputW + 1 0000000076e85011 11 bytes [B8, 79, 75, 9D, 75, 00, 00, ...] .text C:\Windows\system32\svchost.exe[1364] C:\Windows\system32\kernel32.dll!ReadConsoleInputA + 1 0000000076e85031 11 bytes [B8, F9, 71, 9D, 75, 00, 00, ...] .text C:\Windows\system32\svchost.exe[1364] C:\Windows\system32\kernel32.dll!ReadConsoleW 0000000076e9a560 12 bytes [48, B8, 79, 7C, 9D, 75, 00, ...] .text C:\Windows\system32\svchost.exe[1364] C:\Windows\system32\kernel32.dll!ReadConsoleA 0000000076e9a670 12 bytes [48, B8, F9, 78, 9D, 75, 00, ...] .text C:\Windows\system32\svchost.exe[1364] C:\Windows\system32\KERNELBASE.dll!CloseHandle + 1 000007fefd101861 11 bytes [B8, 39, 4D, 9D, 75, 00, 00, ...] .text C:\Windows\system32\svchost.exe[1364] C:\Windows\system32\KERNELBASE.dll!GetProcAddress + 1 000007fefd1030f1 11 bytes [B8, 39, C4, 9D, 75, 00, 00, ...] .text C:\Windows\system32\svchost.exe[1364] C:\Windows\system32\KERNELBASE.dll!CreateMutexW 000007fefd108b80 12 bytes [48, B8, 79, 4B, 9D, 75, 00, ...] .text C:\Windows\system32\svchost.exe[1364] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd109940 12 bytes [48, B8, B9, C0, 9D, 75, 00, ...] .text C:\Windows\system32\svchost.exe[1364] C:\Windows\system32\KERNELBASE.dll!FreeLibrary + 1 000007fefd109fb1 11 bytes [B8, 79, C2, 9D, 75, 00, 00, ...] .text C:\Windows\system32\svchost.exe[1364] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExA + 1 000007fefd10bbb1 11 bytes [B8, F9, BE, 9D, 75, 00, 00, ...] .text C:\Windows\system32\svchost.exe[1364] C:\Windows\system32\KERNELBASE.dll!OpenMutexW + 1 000007fefd1129c1 11 bytes [B8, B9, 49, 9D, 75, 00, 00, ...] .text C:\Windows\system32\svchost.exe[1364] C:\Windows\system32\KERNELBASE.dll!WriteProcessMemory 000007fefd134320 12 bytes [48, B8, 79, 3D, 9D, 75, 00, ...] .text C:\Windows\system32\svchost.exe[1364] C:\Windows\system32\KERNELBASE.dll!CreateRemoteThread + 1 000007fefd142841 8 bytes [B8, 39, 23, 9D, 75, 00, 00, ...] .text C:\Windows\system32\svchost.exe[1364] C:\Windows\system32\KERNELBASE.dll!CreateRemoteThread + 10 000007fefd14284a 2 bytes [50, C3] .text C:\Windows\system32\svchost.exe[1364] C:\Windows\system32\KERNELBASE.dll!CreateThread + 1 000007fefd142881 11 bytes [B8, B9, 3B, 9D, 75, 00, 00, ...] .text C:\Windows\system32\svchost.exe[1364] C:\Windows\system32\WS2_32.dll!WSASend + 1 000007fefdeb13b1 11 bytes [B8, B9, B9, 9D, 75, 00, 00, ...] .text C:\Windows\system32\svchost.exe[1364] C:\Windows\system32\WS2_32.dll!closesocket 000007fefdeb18e0 12 bytes [48, B8, F9, B7, 9D, 75, 00, ...] .text C:\Windows\system32\svchost.exe[1364] C:\Windows\system32\WS2_32.dll!WSASocketW + 1 000007fefdeb1bd1 11 bytes [B8, 39, B6, 9D, 75, 00, 00, ...] .text C:\Windows\system32\svchost.exe[1364] C:\Windows\system32\WS2_32.dll!WSARecv + 1 000007fefdeb2201 11 bytes [B8, B9, DC, 9D, 75, 00, 00, ...] .text C:\Windows\system32\svchost.exe[1364] C:\Windows\system32\WS2_32.dll!GetAddrInfoW 000007fefdeb23c0 12 bytes [48, B8, 39, A1, 9D, 75, 00, ...] .text C:\Windows\system32\svchost.exe[1364] C:\Windows\system32\WS2_32.dll!connect 000007fefdeb45c0 12 bytes [48, B8, 39, 62, 9D, 75, 00, ...] .text C:\Windows\system32\svchost.exe[1364] C:\Windows\system32\WS2_32.dll!send + 1 000007fefdeb8001 11 bytes [B8, 79, B4, 9D, 75, 00, 00, ...] .text C:\Windows\system32\svchost.exe[1364] C:\Windows\system32\WS2_32.dll!gethostbyname 000007fefdeb8df0 7 bytes [48, B8, F9, A2, 9D, 75, 00] .text C:\Windows\system32\svchost.exe[1364] C:\Windows\system32\WS2_32.dll!gethostbyname + 9 000007fefdeb8df9 3 bytes [00, 50, C3] .text C:\Windows\system32\svchost.exe[1364] C:\Windows\system32\WS2_32.dll!socket + 1 000007fefdebde91 11 bytes [B8, B9, D5, 9D, 75, 00, 00, ...] .text C:\Windows\system32\svchost.exe[1364] C:\Windows\system32\WS2_32.dll!recv + 1 000007fefdebdf41 11 bytes [B8, F9, DA, 9D, 75, 00, 00, ...] .text C:\Windows\system32\svchost.exe[1364] C:\Windows\system32\WS2_32.dll!WSAConnect + 1 000007fefdede0f1 11 bytes [B8, 39, D9, 9D, 75, 00, 00, ...] .text C:\Windows\system32\svchost.exe[1400] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateProcessParametersEx + 1 0000000076f892a1 5 bytes [B8, F9, 63, 9D, 75] .text C:\Windows\system32\svchost.exe[1400] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateProcessParametersEx + 7 0000000076f892a7 5 bytes [00, 00, 00, 50, C3] .text C:\Windows\system32\svchost.exe[1400] C:\Windows\SYSTEM32\ntdll.dll!NtWriteFile 0000000076fa1390 6 bytes [48, B8, 39, E7, 9D, 75] .text C:\Windows\system32\svchost.exe[1400] C:\Windows\SYSTEM32\ntdll.dll!NtWriteFile + 8 0000000076fa1398 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\svchost.exe[1400] C:\Windows\SYSTEM32\ntdll.dll!NtClose 0000000076fa1400 6 bytes [48, B8, 79, D0, 9D, 75] .text C:\Windows\system32\svchost.exe[1400] C:\Windows\SYSTEM32\ntdll.dll!NtClose + 8 0000000076fa1408 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\svchost.exe[1400] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess 0000000076fa14d0 6 bytes [48, B8, 39, BD, 9D, 75] .text C:\Windows\system32\svchost.exe[1400] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess + 8 0000000076fa14d8 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\svchost.exe[1400] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000076fa1570 6 bytes [48, B8, F9, 32, 9D, 75] .text C:\Windows\system32\svchost.exe[1400] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess + 8 0000000076fa1578 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\svchost.exe[1400] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 0000000076fa1590 6 bytes [48, B8, 39, 1C, 9D, 75] .text C:\Windows\system32\svchost.exe[1400] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection + 8 0000000076fa1598 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\svchost.exe[1400] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection 0000000076fa15b0 6 bytes [48, B8, F9, 1D, 9D, 75] .text C:\Windows\system32\svchost.exe[1400] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection + 8 0000000076fa15b8 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\svchost.exe[1400] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076fa15d0 6 bytes [48, B8, 79, BB, 9D, 75] .text C:\Windows\system32\svchost.exe[1400] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess + 8 0000000076fa15d8 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\svchost.exe[1400] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076fa1680 6 bytes [48, B8, B9, E3, 9D, 75] .text C:\Windows\system32\svchost.exe[1400] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection + 8 0000000076fa1688 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\svchost.exe[1400] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076fa16b0 6 bytes [48, B8, 79, 2F, 9D, 75] .text C:\Windows\system32\svchost.exe[1400] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory + 8 0000000076fa16b8 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\svchost.exe[1400] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000076fa16d0 6 bytes [48, B8, 79, 36, 9D, 75] .text C:\Windows\system32\svchost.exe[1400] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject + 8 0000000076fa16d8 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\svchost.exe[1400] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 0000000076fa1760 6 bytes [48, B8, B9, 34, 9D, 75] .text C:\Windows\system32\svchost.exe[1400] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread + 8 0000000076fa1768 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\svchost.exe[1400] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076fa17b0 6 bytes [48, B8, F9, E8, 9D, 75] .text C:\Windows\system32\svchost.exe[1400] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection + 8 0000000076fa17b8 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\svchost.exe[1400] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcessEx 0000000076fa17e0 6 bytes [48, B8, 39, 2A, 9D, 75] .text C:\Windows\system32\svchost.exe[1400] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcessEx + 8 0000000076fa17e8 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\svchost.exe[1400] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076fa17f0 6 bytes [48, B8, B9, 26, 9D, 75] .text C:\Windows\system32\svchost.exe[1400] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread + 8 0000000076fa17f8 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\svchost.exe[1400] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 0000000076fa1860 6 bytes [48, B8, 79, E5, 9D, 75] .text C:\Windows\system32\svchost.exe[1400] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile + 8 0000000076fa1868 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\svchost.exe[1400] C:\Windows\SYSTEM32\ntdll.dll!NtSetValueKey 0000000076fa1910 6 bytes [48, B8, 79, EC, 9D, 75] .text C:\Windows\system32\svchost.exe[1400] C:\Windows\SYSTEM32\ntdll.dll!NtSetValueKey + 8 0000000076fa1918 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\svchost.exe[1400] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076fa1ce0 6 bytes [48, B8, F9, E1, 9D, 75] .text C:\Windows\system32\svchost.exe[1400] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant + 8 0000000076fa1ce8 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\svchost.exe[1400] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcess 0000000076fa1d30 6 bytes [48, B8, 79, 28, 9D, 75] .text C:\Windows\system32\svchost.exe[1400] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcess + 8 0000000076fa1d38 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\svchost.exe[1400] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076fa1d90 6 bytes [48, B8, F9, 24, 9D, 75] .text C:\Windows\system32\svchost.exe[1400] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx + 8 0000000076fa1d98 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\svchost.exe[1400] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076fa2100 6 bytes [48, B8, 39, D2, 9D, 75] .text C:\Windows\system32\svchost.exe[1400] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver + 8 0000000076fa2108 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\svchost.exe[1400] C:\Windows\SYSTEM32\ntdll.dll!NtRaiseHardError 0000000076fa2640 6 bytes [48, B8, 39, 7E, 9D, 75] .text C:\Windows\system32\svchost.exe[1400] C:\Windows\SYSTEM32\ntdll.dll!NtRaiseHardError + 8 0000000076fa2648 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\svchost.exe[1400] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076fa2840 6 bytes [48, B8, 39, 31, 9D, 75] .text C:\Windows\system32\svchost.exe[1400] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread + 8 0000000076fa2848 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\svchost.exe[1400] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000076fa2a00 6 bytes [48, B8, F9, D3, 9D, 75] .text C:\Windows\system32\svchost.exe[1400] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation + 8 0000000076fa2a08 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\svchost.exe[1400] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076fa2b00 6 bytes [48, B8, B9, EA, 9D, 75] .text C:\Windows\system32\svchost.exe[1400] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl + 8 0000000076fa2b08 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\svchost.exe[1400] C:\Windows\SYSTEM32\ntdll.dll!RtlReportException + 1 00000000770131f1 11 bytes [B8, F9, 7F, 9D, 75, 00, 00, ...] .text C:\Windows\system32\svchost.exe[1400] C:\Windows\system32\kernel32.dll!Process32NextW + 1 0000000076e320f1 11 bytes [B8, B9, CE, 9D, 75, 00, 00, ...] .text C:\Windows\system32\svchost.exe[1400] C:\Windows\system32\kernel32.dll!CreateToolhelp32Snapshot 0000000076e321e0 12 bytes [48, B8, F9, 39, 9D, 75, 00, ...] .text C:\Windows\system32\svchost.exe[1400] C:\Windows\system32\kernel32.dll!CreateProcessInternalW 0000000076e4e750 12 bytes [48, B8, B9, 2D, 9D, 75, 00, ...] .text C:\Windows\system32\svchost.exe[1400] C:\Windows\system32\kernel32.dll!GetStartupInfoA + 1 0000000076e51e31 11 bytes [B8, 39, E0, 9D, 75, 00, 00, ...] .text C:\Windows\system32\svchost.exe[1400] C:\Windows\system32\kernel32.dll!ReadConsoleInputW + 1 0000000076e85011 11 bytes [B8, 79, 75, 9D, 75, 00, 00, ...] .text C:\Windows\system32\svchost.exe[1400] C:\Windows\system32\kernel32.dll!ReadConsoleInputA + 1 0000000076e85031 11 bytes [B8, F9, 71, 9D, 75, 00, 00, ...] .text C:\Windows\system32\svchost.exe[1400] C:\Windows\system32\kernel32.dll!ReadConsoleW 0000000076e9a560 12 bytes [48, B8, 79, 7C, 9D, 75, 00, ...] .text C:\Windows\system32\svchost.exe[1400] C:\Windows\system32\kernel32.dll!ReadConsoleA 0000000076e9a670 12 bytes [48, B8, F9, 78, 9D, 75, 00, ...] .text C:\Windows\system32\svchost.exe[1400] C:\Windows\system32\KERNELBASE.dll!CloseHandle + 1 000007fefd101861 11 bytes [B8, 39, 4D, 9D, 75, 00, 00, ...] .text C:\Windows\system32\svchost.exe[1400] C:\Windows\system32\KERNELBASE.dll!GetProcAddress + 1 000007fefd1030f1 11 bytes [B8, 39, C4, 9D, 75, 00, 00, ...] .text C:\Windows\system32\svchost.exe[1400] C:\Windows\system32\KERNELBASE.dll!CreateMutexW 000007fefd108b80 12 bytes [48, B8, 79, 4B, 9D, 75, 00, ...] .text C:\Windows\system32\svchost.exe[1400] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd109940 12 bytes [48, B8, B9, C0, 9D, 75, 00, ...] .text C:\Windows\system32\svchost.exe[1400] C:\Windows\system32\KERNELBASE.dll!FreeLibrary + 1 000007fefd109fb1 11 bytes [B8, 79, C2, 9D, 75, 00, 00, ...] .text C:\Windows\system32\svchost.exe[1400] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExA + 1 000007fefd10bbb1 11 bytes [B8, F9, BE, 9D, 75, 00, 00, ...] .text C:\Windows\system32\svchost.exe[1400] C:\Windows\system32\KERNELBASE.dll!OpenMutexW + 1 000007fefd1129c1 11 bytes [B8, B9, 49, 9D, 75, 00, 00, ...] .text C:\Windows\system32\svchost.exe[1400] C:\Windows\system32\KERNELBASE.dll!WriteProcessMemory 000007fefd134320 12 bytes [48, B8, 79, 3D, 9D, 75, 00, ...] .text C:\Windows\system32\svchost.exe[1400] C:\Windows\system32\KERNELBASE.dll!CreateRemoteThread + 1 000007fefd142841 8 bytes [B8, 39, 23, 9D, 75, 00, 00, ...] .text C:\Windows\system32\svchost.exe[1400] C:\Windows\system32\KERNELBASE.dll!CreateRemoteThread + 10 000007fefd14284a 2 bytes [50, C3] .text C:\Windows\system32\svchost.exe[1400] C:\Windows\system32\KERNELBASE.dll!CreateThread + 1 000007fefd142881 11 bytes [B8, B9, 3B, 9D, 75, 00, 00, ...] .text C:\Windows\system32\svchost.exe[1400] C:\Windows\system32\WS2_32.dll!WSASend + 1 000007fefdeb13b1 11 bytes [B8, B9, B9, 9D, 75, 00, 00, ...] .text C:\Windows\system32\svchost.exe[1400] C:\Windows\system32\WS2_32.dll!closesocket 000007fefdeb18e0 12 bytes [48, B8, F9, B7, 9D, 75, 00, ...] .text C:\Windows\system32\svchost.exe[1400] C:\Windows\system32\WS2_32.dll!WSASocketW + 1 000007fefdeb1bd1 11 bytes [B8, 39, B6, 9D, 75, 00, 00, ...] .text C:\Windows\system32\svchost.exe[1400] C:\Windows\system32\WS2_32.dll!WSARecv + 1 000007fefdeb2201 11 bytes [B8, B9, DC, 9D, 75, 00, 00, ...] .text C:\Windows\system32\svchost.exe[1400] C:\Windows\system32\WS2_32.dll!GetAddrInfoW 000007fefdeb23c0 12 bytes [48, B8, 39, A1, 9D, 75, 00, ...] .text C:\Windows\system32\svchost.exe[1400] C:\Windows\system32\WS2_32.dll!connect 000007fefdeb45c0 12 bytes [48, B8, 39, 62, 9D, 75, 00, ...] .text C:\Windows\system32\svchost.exe[1400] C:\Windows\system32\WS2_32.dll!send + 1 000007fefdeb8001 11 bytes [B8, 79, B4, 9D, 75, 00, 00, ...] .text C:\Windows\system32\svchost.exe[1400] C:\Windows\system32\WS2_32.dll!gethostbyname 000007fefdeb8df0 7 bytes [48, B8, F9, A2, 9D, 75, 00] .text C:\Windows\system32\svchost.exe[1400] C:\Windows\system32\WS2_32.dll!gethostbyname + 9 000007fefdeb8df9 3 bytes [00, 50, C3] .text C:\Windows\system32\svchost.exe[1400] C:\Windows\system32\WS2_32.dll!socket + 1 000007fefdebde91 11 bytes [B8, B9, D5, 9D, 75, 00, 00, ...] .text C:\Windows\system32\svchost.exe[1400] C:\Windows\system32\WS2_32.dll!recv + 1 000007fefdebdf41 11 bytes [B8, F9, DA, 9D, 75, 00, 00, ...] .text C:\Windows\system32\svchost.exe[1400] C:\Windows\system32\WS2_32.dll!WSAConnect + 1 000007fefdede0f1 11 bytes [B8, 39, D9, 9D, 75, 00, 00, ...] .text C:\Windows\system32\svchost.exe[1400] C:\Windows\system32\msi.dll!MsiDecomposeDescriptorW + 165 000007fef36e3eb1 11 bytes [B8, B9, F1, 9D, 75, 00, 00, ...] .text C:\Windows\system32\svchost.exe[1400] C:\Windows\system32\msi.dll!MsiQueryProductStateA + 1 000007fef3760aa5 11 bytes [B8, 39, 46, 9D, 75, 00, 00, ...] .text C:\Windows\system32\svchost.exe[1400] C:\Windows\system32\msi.dll!MsiInstallProductA + 1 000007fef3760f21 11 bytes [B8, B9, 42, 9D, 75, 00, 00, ...] .text C:\Windows\system32\svchost.exe[1400] C:\Windows\system32\msi.dll!MsiQueryProductStateW + 1 000007fef376f73d 11 bytes [B8, F9, 47, 9D, 75, 00, 00, ...] .text C:\Windows\system32\svchost.exe[1400] C:\Windows\system32\msi.dll!MsiInstallProductW + 1 000007fef376faa9 11 bytes [B8, 79, 44, 9D, 75, 00, 00, ...] .text C:\Windows\system32\svchost.exe[1400] C:\Windows\system32\msi.dll!MsiOpenDatabaseW + 1 000007fef378812d 11 bytes [B8, F9, 40, 9D, 75, 00, 00, ...] .text C:\Windows\system32\svchost.exe[1400] C:\Windows\system32\msi.dll!MsiOpenDatabaseA + 1 000007fef3788359 11 bytes [B8, 39, 3F, 9D, 75, 00, 00, ...] .text C:\Windows\system32\atieclxx.exe[1656] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateProcessParametersEx + 1 0000000076f892a1 5 bytes [B8, F9, 63, 9D, 75] .text C:\Windows\system32\atieclxx.exe[1656] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateProcessParametersEx + 7 0000000076f892a7 5 bytes [00, 00, 00, 50, C3] .text C:\Windows\system32\atieclxx.exe[1656] C:\Windows\SYSTEM32\ntdll.dll!NtWriteFile 0000000076fa1390 6 bytes [48, B8, 79, EC, 9D, 75] .text C:\Windows\system32\atieclxx.exe[1656] C:\Windows\SYSTEM32\ntdll.dll!NtWriteFile + 8 0000000076fa1398 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\atieclxx.exe[1656] C:\Windows\SYSTEM32\ntdll.dll!NtClose 0000000076fa1400 6 bytes [48, B8, 79, D0, 9D, 75] .text C:\Windows\system32\atieclxx.exe[1656] C:\Windows\SYSTEM32\ntdll.dll!NtClose + 8 0000000076fa1408 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\atieclxx.exe[1656] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess 0000000076fa14d0 6 bytes [48, B8, 39, BD, 9D, 75] .text C:\Windows\system32\atieclxx.exe[1656] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess + 8 0000000076fa14d8 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\atieclxx.exe[1656] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000076fa1570 6 bytes [48, B8, F9, 32, 9D, 75] .text C:\Windows\system32\atieclxx.exe[1656] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess + 8 0000000076fa1578 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\atieclxx.exe[1656] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 0000000076fa1590 6 bytes [48, B8, 39, 1C, 9D, 75] .text C:\Windows\system32\atieclxx.exe[1656] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection + 8 0000000076fa1598 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\atieclxx.exe[1656] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection 0000000076fa15b0 6 bytes [48, B8, F9, 1D, 9D, 75] .text C:\Windows\system32\atieclxx.exe[1656] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection + 8 0000000076fa15b8 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\atieclxx.exe[1656] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076fa15d0 6 bytes [48, B8, 79, BB, 9D, 75] .text C:\Windows\system32\atieclxx.exe[1656] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess + 8 0000000076fa15d8 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\atieclxx.exe[1656] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076fa1680 6 bytes [48, B8, F9, E8, 9D, 75] .text C:\Windows\system32\atieclxx.exe[1656] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection + 8 0000000076fa1688 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\atieclxx.exe[1656] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076fa16b0 6 bytes [48, B8, 79, 2F, 9D, 75] .text C:\Windows\system32\atieclxx.exe[1656] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory + 8 0000000076fa16b8 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\atieclxx.exe[1656] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000076fa16d0 6 bytes [48, B8, 79, 36, 9D, 75] .text C:\Windows\system32\atieclxx.exe[1656] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject + 8 0000000076fa16d8 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\atieclxx.exe[1656] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 0000000076fa1760 6 bytes [48, B8, B9, 34, 9D, 75] .text C:\Windows\system32\atieclxx.exe[1656] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread + 8 0000000076fa1768 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\atieclxx.exe[1656] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076fa17b0 6 bytes [48, B8, 39, EE, 9D, 75] .text C:\Windows\system32\atieclxx.exe[1656] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection + 8 0000000076fa17b8 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\atieclxx.exe[1656] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcessEx 0000000076fa17e0 6 bytes [48, B8, 39, 2A, 9D, 75] .text C:\Windows\system32\atieclxx.exe[1656] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcessEx + 8 0000000076fa17e8 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\atieclxx.exe[1656] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076fa17f0 6 bytes [48, B8, B9, 26, 9D, 75] .text C:\Windows\system32\atieclxx.exe[1656] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread + 8 0000000076fa17f8 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\atieclxx.exe[1656] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 0000000076fa1860 6 bytes [48, B8, B9, EA, 9D, 75] .text C:\Windows\system32\atieclxx.exe[1656] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile + 8 0000000076fa1868 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\atieclxx.exe[1656] C:\Windows\SYSTEM32\ntdll.dll!NtSetValueKey 0000000076fa1910 6 bytes [48, B8, B9, F1, 9D, 75] .text C:\Windows\system32\atieclxx.exe[1656] C:\Windows\SYSTEM32\ntdll.dll!NtSetValueKey + 8 0000000076fa1918 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\atieclxx.exe[1656] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076fa1ce0 6 bytes [48, B8, 39, E7, 9D, 75] .text C:\Windows\system32\atieclxx.exe[1656] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant + 8 0000000076fa1ce8 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\atieclxx.exe[1656] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcess 0000000076fa1d30 6 bytes [48, B8, 79, 28, 9D, 75] .text C:\Windows\system32\atieclxx.exe[1656] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcess + 8 0000000076fa1d38 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\atieclxx.exe[1656] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076fa1d90 6 bytes [48, B8, F9, 24, 9D, 75] .text C:\Windows\system32\atieclxx.exe[1656] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx + 8 0000000076fa1d98 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\atieclxx.exe[1656] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076fa2100 6 bytes [48, B8, 39, D2, 9D, 75] .text C:\Windows\system32\atieclxx.exe[1656] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver + 8 0000000076fa2108 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\atieclxx.exe[1656] C:\Windows\SYSTEM32\ntdll.dll!NtRaiseHardError 0000000076fa2640 6 bytes [48, B8, 39, 7E, 9D, 75] .text C:\Windows\system32\atieclxx.exe[1656] C:\Windows\SYSTEM32\ntdll.dll!NtRaiseHardError + 8 0000000076fa2648 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\atieclxx.exe[1656] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076fa2840 6 bytes [48, B8, 39, 31, 9D, 75] .text C:\Windows\system32\atieclxx.exe[1656] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread + 8 0000000076fa2848 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\atieclxx.exe[1656] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000076fa2a00 6 bytes [48, B8, F9, D3, 9D, 75] .text C:\Windows\system32\atieclxx.exe[1656] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation + 8 0000000076fa2a08 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\atieclxx.exe[1656] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076fa2b00 6 bytes [48, B8, F9, EF, 9D, 75] .text C:\Windows\system32\atieclxx.exe[1656] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl + 8 0000000076fa2b08 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\atieclxx.exe[1656] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000076fa2be0 6 bytes [48, B8, F9, E1, 9D, 75] .text C:\Windows\system32\atieclxx.exe[1656] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl + 8 0000000076fa2be8 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\atieclxx.exe[1656] C:\Windows\SYSTEM32\ntdll.dll!RtlReportException + 1 00000000770131f1 11 bytes [B8, F9, 7F, 9D, 75, 00, 00, ...] .text C:\Windows\system32\atieclxx.exe[1656] C:\Windows\system32\kernel32.dll!Process32NextW + 1 0000000076e320f1 11 bytes [B8, B9, CE, 9D, 75, 00, 00, ...] .text C:\Windows\system32\atieclxx.exe[1656] C:\Windows\system32\kernel32.dll!CreateToolhelp32Snapshot 0000000076e321e0 12 bytes [48, B8, F9, 39, 9D, 75, 00, ...] .text C:\Windows\system32\atieclxx.exe[1656] C:\Windows\system32\kernel32.dll!CreateProcessInternalW 0000000076e4e750 12 bytes [48, B8, B9, 2D, 9D, 75, 00, ...] .text C:\Windows\system32\atieclxx.exe[1656] C:\Windows\system32\kernel32.dll!GetStartupInfoA + 1 0000000076e51e31 11 bytes [B8, 39, E0, 9D, 75, 00, 00, ...] .text C:\Windows\system32\atieclxx.exe[1656] C:\Windows\system32\kernel32.dll!ReadConsoleInputW + 1 0000000076e85011 11 bytes [B8, 79, 75, 9D, 75, 00, 00, ...] .text C:\Windows\system32\atieclxx.exe[1656] C:\Windows\system32\kernel32.dll!ReadConsoleInputA + 1 0000000076e85031 11 bytes [B8, F9, 71, 9D, 75, 00, 00, ...] .text C:\Windows\system32\atieclxx.exe[1656] C:\Windows\system32\kernel32.dll!ReadConsoleW 0000000076e9a560 12 bytes [48, B8, 79, 7C, 9D, 75, 00, ...] .text C:\Windows\system32\atieclxx.exe[1656] C:\Windows\system32\kernel32.dll!ReadConsoleA 0000000076e9a670 12 bytes [48, B8, F9, 78, 9D, 75, 00, ...] .text C:\Windows\system32\atieclxx.exe[1656] C:\Windows\system32\KERNELBASE.dll!CloseHandle + 1 000007fefd101861 11 bytes [B8, 39, 4D, 9D, 75, 00, 00, ...] .text C:\Windows\system32\atieclxx.exe[1656] C:\Windows\system32\KERNELBASE.dll!GetProcAddress + 1 000007fefd1030f1 11 bytes [B8, 39, C4, 9D, 75, 00, 00, ...] .text C:\Windows\system32\atieclxx.exe[1656] C:\Windows\system32\KERNELBASE.dll!CreateMutexW 000007fefd108b80 12 bytes [48, B8, 79, 4B, 9D, 75, 00, ...] .text C:\Windows\system32\atieclxx.exe[1656] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd109940 12 bytes [48, B8, B9, C0, 9D, 75, 00, ...] .text C:\Windows\system32\atieclxx.exe[1656] C:\Windows\system32\KERNELBASE.dll!FreeLibrary + 1 000007fefd109fb1 11 bytes [B8, 79, C2, 9D, 75, 00, 00, ...] .text C:\Windows\system32\atieclxx.exe[1656] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExA + 1 000007fefd10bbb1 11 bytes [B8, F9, BE, 9D, 75, 00, 00, ...] .text C:\Windows\system32\atieclxx.exe[1656] C:\Windows\system32\KERNELBASE.dll!OpenMutexW + 1 000007fefd1129c1 11 bytes [B8, B9, 49, 9D, 75, 00, 00, ...] .text C:\Windows\system32\atieclxx.exe[1656] C:\Windows\system32\KERNELBASE.dll!WriteProcessMemory 000007fefd134320 12 bytes [48, B8, 79, 3D, 9D, 75, 00, ...] .text C:\Windows\system32\atieclxx.exe[1656] C:\Windows\system32\KERNELBASE.dll!CreateRemoteThread + 1 000007fefd142841 8 bytes [B8, 39, 23, 9D, 75, 00, 00, ...] .text C:\Windows\system32\atieclxx.exe[1656] C:\Windows\system32\KERNELBASE.dll!CreateRemoteThread + 10 000007fefd14284a 2 bytes [50, C3] .text C:\Windows\system32\atieclxx.exe[1656] C:\Windows\system32\KERNELBASE.dll!CreateThread + 1 000007fefd142881 11 bytes [B8, B9, 3B, 9D, 75, 00, 00, ...] .text C:\Windows\system32\svchost.exe[1724] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateProcessParametersEx + 1 0000000076f892a1 5 bytes [B8, F9, 63, 9D, 75] .text C:\Windows\system32\svchost.exe[1724] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateProcessParametersEx + 7 0000000076f892a7 5 bytes [00, 00, 00, 50, C3] .text C:\Windows\system32\svchost.exe[1724] C:\Windows\SYSTEM32\ntdll.dll!NtWriteFile 0000000076fa1390 6 bytes [48, B8, 39, E7, 9D, 75] .text C:\Windows\system32\svchost.exe[1724] C:\Windows\SYSTEM32\ntdll.dll!NtWriteFile + 8 0000000076fa1398 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\svchost.exe[1724] C:\Windows\SYSTEM32\ntdll.dll!NtClose 0000000076fa1400 6 bytes [48, B8, 79, D0, 9D, 75] .text C:\Windows\system32\svchost.exe[1724] C:\Windows\SYSTEM32\ntdll.dll!NtClose + 8 0000000076fa1408 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\svchost.exe[1724] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess 0000000076fa14d0 6 bytes [48, B8, 39, BD, 9D, 75] .text C:\Windows\system32\svchost.exe[1724] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess + 8 0000000076fa14d8 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\svchost.exe[1724] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000076fa1570 6 bytes [48, B8, F9, 32, 9D, 75] .text C:\Windows\system32\svchost.exe[1724] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess + 8 0000000076fa1578 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\svchost.exe[1724] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 0000000076fa1590 6 bytes [48, B8, 39, 1C, 9D, 75] .text C:\Windows\system32\svchost.exe[1724] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection + 8 0000000076fa1598 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\svchost.exe[1724] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection 0000000076fa15b0 6 bytes [48, B8, F9, 1D, 9D, 75] .text C:\Windows\system32\svchost.exe[1724] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection + 8 0000000076fa15b8 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\svchost.exe[1724] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076fa15d0 6 bytes [48, B8, 79, BB, 9D, 75] .text C:\Windows\system32\svchost.exe[1724] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess + 8 0000000076fa15d8 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\svchost.exe[1724] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076fa1680 6 bytes [48, B8, B9, E3, 9D, 75] .text C:\Windows\system32\svchost.exe[1724] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection + 8 0000000076fa1688 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\svchost.exe[1724] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076fa16b0 6 bytes [48, B8, 79, 2F, 9D, 75] .text C:\Windows\system32\svchost.exe[1724] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory + 8 0000000076fa16b8 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\svchost.exe[1724] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000076fa16d0 6 bytes [48, B8, 79, 36, 9D, 75] .text C:\Windows\system32\svchost.exe[1724] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject + 8 0000000076fa16d8 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\svchost.exe[1724] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 0000000076fa1760 6 bytes [48, B8, B9, 34, 9D, 75] .text C:\Windows\system32\svchost.exe[1724] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread + 8 0000000076fa1768 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\svchost.exe[1724] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076fa17b0 6 bytes [48, B8, F9, E8, 9D, 75] .text C:\Windows\system32\svchost.exe[1724] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection + 8 0000000076fa17b8 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\svchost.exe[1724] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcessEx 0000000076fa17e0 6 bytes [48, B8, 39, 2A, 9D, 75] .text C:\Windows\system32\svchost.exe[1724] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcessEx + 8 0000000076fa17e8 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\svchost.exe[1724] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076fa17f0 6 bytes [48, B8, B9, 26, 9D, 75] .text C:\Windows\system32\svchost.exe[1724] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread + 8 0000000076fa17f8 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\svchost.exe[1724] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 0000000076fa1860 6 bytes [48, B8, 79, E5, 9D, 75] .text C:\Windows\system32\svchost.exe[1724] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile + 8 0000000076fa1868 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\svchost.exe[1724] C:\Windows\SYSTEM32\ntdll.dll!NtSetValueKey 0000000076fa1910 6 bytes [48, B8, 79, EC, 9D, 75] .text C:\Windows\system32\svchost.exe[1724] C:\Windows\SYSTEM32\ntdll.dll!NtSetValueKey + 8 0000000076fa1918 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\svchost.exe[1724] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076fa1ce0 6 bytes [48, B8, F9, E1, 9D, 75] .text C:\Windows\system32\svchost.exe[1724] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant + 8 0000000076fa1ce8 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\svchost.exe[1724] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcess 0000000076fa1d30 6 bytes [48, B8, 79, 28, 9D, 75] .text C:\Windows\system32\svchost.exe[1724] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcess + 8 0000000076fa1d38 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\svchost.exe[1724] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076fa1d90 6 bytes [48, B8, F9, 24, 9D, 75] .text C:\Windows\system32\svchost.exe[1724] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx + 8 0000000076fa1d98 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\svchost.exe[1724] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076fa2100 6 bytes [48, B8, 39, D2, 9D, 75] .text C:\Windows\system32\svchost.exe[1724] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver + 8 0000000076fa2108 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\svchost.exe[1724] C:\Windows\SYSTEM32\ntdll.dll!NtRaiseHardError 0000000076fa2640 6 bytes [48, B8, 39, 7E, 9D, 75] .text C:\Windows\system32\svchost.exe[1724] C:\Windows\SYSTEM32\ntdll.dll!NtRaiseHardError + 8 0000000076fa2648 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\svchost.exe[1724] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076fa2840 6 bytes [48, B8, 39, 31, 9D, 75] .text C:\Windows\system32\svchost.exe[1724] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread + 8 0000000076fa2848 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\svchost.exe[1724] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000076fa2a00 6 bytes [48, B8, F9, D3, 9D, 75] .text C:\Windows\system32\svchost.exe[1724] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation + 8 0000000076fa2a08 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\svchost.exe[1724] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076fa2b00 6 bytes [48, B8, B9, EA, 9D, 75] .text C:\Windows\system32\svchost.exe[1724] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl + 8 0000000076fa2b08 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\svchost.exe[1724] C:\Windows\SYSTEM32\ntdll.dll!RtlReportException + 1 00000000770131f1 11 bytes [B8, F9, 7F, 9D, 75, 00, 00, ...] .text C:\Windows\system32\svchost.exe[1724] C:\Windows\system32\kernel32.dll!Process32NextW + 1 0000000076e320f1 11 bytes [B8, B9, CE, 9D, 75, 00, 00, ...] .text C:\Windows\system32\svchost.exe[1724] C:\Windows\system32\kernel32.dll!CreateToolhelp32Snapshot 0000000076e321e0 12 bytes [48, B8, F9, 39, 9D, 75, 00, ...] .text C:\Windows\system32\svchost.exe[1724] C:\Windows\system32\kernel32.dll!CreateProcessInternalW 0000000076e4e750 12 bytes [48, B8, B9, 2D, 9D, 75, 00, ...] .text C:\Windows\system32\svchost.exe[1724] C:\Windows\system32\kernel32.dll!GetStartupInfoA + 1 0000000076e51e31 11 bytes [B8, 39, E0, 9D, 75, 00, 00, ...] .text C:\Windows\system32\svchost.exe[1724] C:\Windows\system32\kernel32.dll!ReadConsoleInputW + 1 0000000076e85011 11 bytes [B8, 79, 75, 9D, 75, 00, 00, ...] .text C:\Windows\system32\svchost.exe[1724] C:\Windows\system32\kernel32.dll!ReadConsoleInputA + 1 0000000076e85031 11 bytes [B8, F9, 71, 9D, 75, 00, 00, ...] .text C:\Windows\system32\svchost.exe[1724] C:\Windows\system32\kernel32.dll!ReadConsoleW 0000000076e9a560 12 bytes [48, B8, 79, 7C, 9D, 75, 00, ...] .text C:\Windows\system32\svchost.exe[1724] C:\Windows\system32\kernel32.dll!ReadConsoleA 0000000076e9a670 12 bytes [48, B8, F9, 78, 9D, 75, 00, ...] .text C:\Windows\system32\svchost.exe[1724] C:\Windows\system32\KERNELBASE.dll!CloseHandle + 1 000007fefd101861 11 bytes [B8, 39, 4D, 9D, 75, 00, 00, ...] .text C:\Windows\system32\svchost.exe[1724] C:\Windows\system32\KERNELBASE.dll!GetProcAddress + 1 000007fefd1030f1 11 bytes [B8, 39, C4, 9D, 75, 00, 00, ...] .text C:\Windows\system32\svchost.exe[1724] C:\Windows\system32\KERNELBASE.dll!CreateMutexW 000007fefd108b80 12 bytes [48, B8, 79, 4B, 9D, 75, 00, ...] .text C:\Windows\system32\svchost.exe[1724] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd109940 12 bytes [48, B8, B9, C0, 9D, 75, 00, ...] .text C:\Windows\system32\svchost.exe[1724] C:\Windows\system32\KERNELBASE.dll!FreeLibrary + 1 000007fefd109fb1 11 bytes [B8, 79, C2, 9D, 75, 00, 00, ...] .text C:\Windows\system32\svchost.exe[1724] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExA + 1 000007fefd10bbb1 11 bytes [B8, F9, BE, 9D, 75, 00, 00, ...] .text C:\Windows\system32\svchost.exe[1724] C:\Windows\system32\KERNELBASE.dll!OpenMutexW + 1 000007fefd1129c1 11 bytes [B8, B9, 49, 9D, 75, 00, 00, ...] .text C:\Windows\system32\svchost.exe[1724] C:\Windows\system32\KERNELBASE.dll!WriteProcessMemory 000007fefd134320 12 bytes [48, B8, 79, 3D, 9D, 75, 00, ...] .text C:\Windows\system32\svchost.exe[1724] C:\Windows\system32\KERNELBASE.dll!CreateRemoteThread + 1 000007fefd142841 8 bytes [B8, 39, 23, 9D, 75, 00, 00, ...] .text C:\Windows\system32\svchost.exe[1724] C:\Windows\system32\KERNELBASE.dll!CreateRemoteThread + 10 000007fefd14284a 2 bytes [50, C3] .text C:\Windows\system32\svchost.exe[1724] C:\Windows\system32\KERNELBASE.dll!CreateThread + 1 000007fefd142881 11 bytes [B8, B9, 3B, 9D, 75, 00, 00, ...] .text C:\Windows\system32\WLANExt.exe[1864] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateProcessParametersEx + 1 0000000076f892a1 5 bytes [B8, F9, 63, 9D, 75] .text C:\Windows\system32\WLANExt.exe[1864] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateProcessParametersEx + 7 0000000076f892a7 5 bytes [00, 00, 00, 50, C3] .text C:\Windows\system32\WLANExt.exe[1864] C:\Windows\SYSTEM32\ntdll.dll!NtWriteFile 0000000076fa1390 6 bytes [48, B8, 79, EC, 9D, 75] .text C:\Windows\system32\WLANExt.exe[1864] C:\Windows\SYSTEM32\ntdll.dll!NtWriteFile + 8 0000000076fa1398 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\WLANExt.exe[1864] C:\Windows\SYSTEM32\ntdll.dll!NtClose 0000000076fa1400 6 bytes [48, B8, 79, D0, 9D, 75] .text C:\Windows\system32\WLANExt.exe[1864] C:\Windows\SYSTEM32\ntdll.dll!NtClose + 8 0000000076fa1408 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\WLANExt.exe[1864] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess 0000000076fa14d0 6 bytes [48, B8, 39, BD, 9D, 75] .text C:\Windows\system32\WLANExt.exe[1864] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess + 8 0000000076fa14d8 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\WLANExt.exe[1864] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000076fa1570 6 bytes [48, B8, F9, 32, 9D, 75] .text C:\Windows\system32\WLANExt.exe[1864] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess + 8 0000000076fa1578 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\WLANExt.exe[1864] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 0000000076fa1590 6 bytes [48, B8, 39, 1C, 9D, 75] .text C:\Windows\system32\WLANExt.exe[1864] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection + 8 0000000076fa1598 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\WLANExt.exe[1864] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection 0000000076fa15b0 6 bytes [48, B8, F9, 1D, 9D, 75] .text C:\Windows\system32\WLANExt.exe[1864] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection + 8 0000000076fa15b8 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\WLANExt.exe[1864] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076fa15d0 6 bytes [48, B8, 79, BB, 9D, 75] .text C:\Windows\system32\WLANExt.exe[1864] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess + 8 0000000076fa15d8 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\WLANExt.exe[1864] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076fa1680 6 bytes [48, B8, F9, E8, 9D, 75] .text C:\Windows\system32\WLANExt.exe[1864] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection + 8 0000000076fa1688 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\WLANExt.exe[1864] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076fa16b0 6 bytes [48, B8, 79, 2F, 9D, 75] .text C:\Windows\system32\WLANExt.exe[1864] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory + 8 0000000076fa16b8 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\WLANExt.exe[1864] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000076fa16d0 6 bytes [48, B8, 79, 36, 9D, 75] .text C:\Windows\system32\WLANExt.exe[1864] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject + 8 0000000076fa16d8 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\WLANExt.exe[1864] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 0000000076fa1760 6 bytes [48, B8, B9, 34, 9D, 75] .text C:\Windows\system32\WLANExt.exe[1864] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread + 8 0000000076fa1768 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\WLANExt.exe[1864] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076fa17b0 6 bytes [48, B8, 39, EE, 9D, 75] .text C:\Windows\system32\WLANExt.exe[1864] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection + 8 0000000076fa17b8 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\WLANExt.exe[1864] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcessEx 0000000076fa17e0 6 bytes [48, B8, 39, 2A, 9D, 75] .text C:\Windows\system32\WLANExt.exe[1864] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcessEx + 8 0000000076fa17e8 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\WLANExt.exe[1864] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076fa17f0 6 bytes [48, B8, B9, 26, 9D, 75] .text C:\Windows\system32\WLANExt.exe[1864] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread + 8 0000000076fa17f8 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\WLANExt.exe[1864] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 0000000076fa1860 6 bytes [48, B8, B9, EA, 9D, 75] .text C:\Windows\system32\WLANExt.exe[1864] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile + 8 0000000076fa1868 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\WLANExt.exe[1864] C:\Windows\SYSTEM32\ntdll.dll!NtSetValueKey 0000000076fa1910 6 bytes [48, B8, B9, F1, 9D, 75] .text C:\Windows\system32\WLANExt.exe[1864] C:\Windows\SYSTEM32\ntdll.dll!NtSetValueKey + 8 0000000076fa1918 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\WLANExt.exe[1864] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076fa1ce0 6 bytes [48, B8, 39, E7, 9D, 75] .text C:\Windows\system32\WLANExt.exe[1864] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant + 8 0000000076fa1ce8 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\WLANExt.exe[1864] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcess 0000000076fa1d30 6 bytes [48, B8, 79, 28, 9D, 75] .text C:\Windows\system32\WLANExt.exe[1864] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcess + 8 0000000076fa1d38 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\WLANExt.exe[1864] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076fa1d90 6 bytes [48, B8, F9, 24, 9D, 75] .text C:\Windows\system32\WLANExt.exe[1864] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx + 8 0000000076fa1d98 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\WLANExt.exe[1864] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076fa2100 6 bytes [48, B8, 39, D2, 9D, 75] .text C:\Windows\system32\WLANExt.exe[1864] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver + 8 0000000076fa2108 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\WLANExt.exe[1864] C:\Windows\SYSTEM32\ntdll.dll!NtRaiseHardError 0000000076fa2640 6 bytes [48, B8, 39, 7E, 9D, 75] .text C:\Windows\system32\WLANExt.exe[1864] C:\Windows\SYSTEM32\ntdll.dll!NtRaiseHardError + 8 0000000076fa2648 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\WLANExt.exe[1864] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076fa2840 6 bytes [48, B8, 39, 31, 9D, 75] .text C:\Windows\system32\WLANExt.exe[1864] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread + 8 0000000076fa2848 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\WLANExt.exe[1864] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000076fa2a00 6 bytes [48, B8, F9, D3, 9D, 75] .text C:\Windows\system32\WLANExt.exe[1864] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation + 8 0000000076fa2a08 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\WLANExt.exe[1864] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076fa2b00 6 bytes [48, B8, F9, EF, 9D, 75] .text C:\Windows\system32\WLANExt.exe[1864] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl + 8 0000000076fa2b08 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\WLANExt.exe[1864] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000076fa2be0 6 bytes [48, B8, F9, E1, 9D, 75] .text C:\Windows\system32\WLANExt.exe[1864] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl + 8 0000000076fa2be8 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\WLANExt.exe[1864] C:\Windows\SYSTEM32\ntdll.dll!RtlReportException + 1 00000000770131f1 11 bytes [B8, F9, 7F, 9D, 75, 00, 00, ...] .text C:\Windows\system32\WLANExt.exe[1864] C:\Windows\system32\kernel32.dll!Process32NextW + 1 0000000076e320f1 11 bytes [B8, B9, CE, 9D, 75, 00, 00, ...] .text C:\Windows\system32\WLANExt.exe[1864] C:\Windows\system32\kernel32.dll!CreateToolhelp32Snapshot 0000000076e321e0 12 bytes [48, B8, F9, 39, 9D, 75, 00, ...] .text C:\Windows\system32\WLANExt.exe[1864] C:\Windows\system32\kernel32.dll!CreateProcessInternalW 0000000076e4e750 12 bytes [48, B8, B9, 2D, 9D, 75, 00, ...] .text C:\Windows\system32\WLANExt.exe[1864] C:\Windows\system32\kernel32.dll!GetStartupInfoA + 1 0000000076e51e31 11 bytes [B8, 39, E0, 9D, 75, 00, 00, ...] .text C:\Windows\system32\WLANExt.exe[1864] C:\Windows\system32\kernel32.dll!ReadConsoleInputW + 1 0000000076e85011 11 bytes [B8, 79, 75, 9D, 75, 00, 00, ...] .text C:\Windows\system32\WLANExt.exe[1864] C:\Windows\system32\kernel32.dll!ReadConsoleInputA + 1 0000000076e85031 11 bytes [B8, F9, 71, 9D, 75, 00, 00, ...] .text C:\Windows\system32\WLANExt.exe[1864] C:\Windows\system32\kernel32.dll!ReadConsoleW 0000000076e9a560 12 bytes [48, B8, 79, 7C, 9D, 75, 00, ...] .text C:\Windows\system32\WLANExt.exe[1864] C:\Windows\system32\kernel32.dll!ReadConsoleA 0000000076e9a670 12 bytes [48, B8, F9, 78, 9D, 75, 00, ...] .text C:\Windows\system32\WLANExt.exe[1864] C:\Windows\system32\KERNELBASE.dll!CloseHandle + 1 000007fefd101861 11 bytes [B8, 39, 4D, 9D, 75, 00, 00, ...] .text C:\Windows\system32\WLANExt.exe[1864] C:\Windows\system32\KERNELBASE.dll!GetProcAddress + 1 000007fefd1030f1 11 bytes [B8, 39, C4, 9D, 75, 00, 00, ...] .text C:\Windows\system32\WLANExt.exe[1864] C:\Windows\system32\KERNELBASE.dll!CreateMutexW 000007fefd108b80 12 bytes [48, B8, 79, 4B, 9D, 75, 00, ...] .text C:\Windows\system32\WLANExt.exe[1864] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd109940 12 bytes [48, B8, B9, C0, 9D, 75, 00, ...] .text C:\Windows\system32\WLANExt.exe[1864] C:\Windows\system32\KERNELBASE.dll!FreeLibrary + 1 000007fefd109fb1 11 bytes [B8, 79, C2, 9D, 75, 00, 00, ...] .text C:\Windows\system32\WLANExt.exe[1864] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExA + 1 000007fefd10bbb1 11 bytes [B8, F9, BE, 9D, 75, 00, 00, ...] .text C:\Windows\system32\WLANExt.exe[1864] C:\Windows\system32\KERNELBASE.dll!OpenMutexW + 1 000007fefd1129c1 11 bytes [B8, B9, 49, 9D, 75, 00, 00, ...] .text C:\Windows\system32\WLANExt.exe[1864] C:\Windows\system32\KERNELBASE.dll!WriteProcessMemory 000007fefd134320 12 bytes [48, B8, 79, 3D, 9D, 75, 00, ...] .text C:\Windows\system32\WLANExt.exe[1864] C:\Windows\system32\KERNELBASE.dll!CreateRemoteThread + 1 000007fefd142841 8 bytes [B8, 39, 23, 9D, 75, 00, 00, ...] .text C:\Windows\system32\WLANExt.exe[1864] C:\Windows\system32\KERNELBASE.dll!CreateRemoteThread + 10 000007fefd14284a 2 bytes [50, C3] .text C:\Windows\system32\WLANExt.exe[1864] C:\Windows\system32\KERNELBASE.dll!CreateThread + 1 000007fefd142881 11 bytes [B8, B9, 3B, 9D, 75, 00, 00, ...] .text C:\Windows\system32\WLANExt.exe[1864] C:\Windows\SYSTEM32\sechost.dll!ControlService + 1 000007fefd27642d 11 bytes [B8, F9, 55, 9D, 75, 00, 00, ...] .text C:\Windows\system32\WLANExt.exe[1864] C:\Windows\SYSTEM32\sechost.dll!OpenServiceW 000007fefd276484 12 bytes [48, B8, B9, 50, 9D, 75, 00, ...] .text C:\Windows\system32\WLANExt.exe[1864] C:\Windows\SYSTEM32\sechost.dll!CloseServiceHandle + 1 000007fefd276519 11 bytes [B8, F9, 5C, 9D, 75, 00, 00, ...] .text C:\Windows\system32\WLANExt.exe[1864] C:\Windows\SYSTEM32\sechost.dll!OpenServiceA 000007fefd276c34 12 bytes [48, B8, F9, 4E, 9D, 75, 00, ...] .text C:\Windows\system32\WLANExt.exe[1864] C:\Windows\SYSTEM32\sechost.dll!DeleteService + 1 000007fefd277ab5 11 bytes [B8, B9, 57, 9D, 75, 00, 00, ...] .text C:\Windows\system32\WLANExt.exe[1864] C:\Windows\SYSTEM32\sechost.dll!ControlServiceExA + 1 000007fefd278b01 11 bytes [B8, 79, 52, 9D, 75, 00, 00, ...] .text C:\Windows\system32\WLANExt.exe[1864] C:\Windows\SYSTEM32\sechost.dll!ControlServiceExW + 1 000007fefd278c39 11 bytes [B8, 39, 54, 9D, 75, 00, 00, ...] .text C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe[1968] C:\Windows\SysWOW64\ntdll.dll!NtWriteFile 000000007714f908 5 bytes JMP 0000000173fa6661 .text C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe[1968] C:\Windows\SysWOW64\ntdll.dll!NtClose 000000007714f9c0 5 bytes JMP 0000000173fa5f11 .text C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe[1968] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationProcess 000000007714fb08 5 bytes JMP 0000000173fa5971 .text C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe[1968] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess 000000007714fc00 5 bytes JMP 0000000173fa3061 .text C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe[1968] C:\Windows\SysWOW64\ntdll.dll!NtMapViewOfSection 000000007714fc30 5 bytes JMP 0000000173fa15f1 .text C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe[1968] C:\Windows\SysWOW64\ntdll.dll!NtUnmapViewOfSection 000000007714fc60 5 bytes JMP 0000000173fa1681 .text C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe[1968] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 000000007714fc90 5 bytes JMP 0000000173fa58e1 .text C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe[1968] C:\Windows\SysWOW64\ntdll.dll!NtOpenSection 000000007714fda8 5 bytes JMP 0000000173fa65d1 .text C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe[1968] C:\Windows\SysWOW64\ntdll.dll!NtWriteVirtualMemory 000000007714fdf4 5 bytes JMP 0000000173fa2f41 .text C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe[1968] C:\Windows\SysWOW64\ntdll.dll!NtDuplicateObject 000000007714fe24 5 bytes JMP 0000000173fa3181 .text C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe[1968] C:\Windows\SysWOW64\ntdll.dll!NtQueueApcThread 000000007714ff04 5 bytes JMP 0000000173fa30f1 .text C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe[1968] C:\Windows\SysWOW64\ntdll.dll!NtCreateSection 000000007714ff84 5 bytes JMP 0000000173fa66f1 .text C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe[1968] C:\Windows\SysWOW64\ntdll.dll!NtCreateProcessEx 000000007714ffcc 5 bytes JMP 0000000173fa2d91 .text C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe[1968] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread 000000007714ffe4 5 bytes JMP 0000000173fa2c71 .text C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe[1968] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile 0000000077150094 5 bytes JMP 0000000173fa1e61 .text C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe[1968] C:\Windows\SysWOW64\ntdll.dll!NtSetValueKey 00000000771501a4 5 bytes JMP 0000000173fa2251 .text C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe[1968] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant 000000007715077c 5 bytes JMP 0000000173fa6541 .text C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe[1968] C:\Windows\SysWOW64\ntdll.dll!NtCreateProcess 00000000771507f4 5 bytes JMP 0000000173fa2d01 .text C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe[1968] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx 0000000077150884 5 bytes JMP 0000000173fa2be1 .text C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe[1968] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver 0000000077150dd4 5 bytes JMP 0000000173fa5fa1 .text C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe[1968] C:\Windows\SysWOW64\ntdll.dll!NtRaiseHardError 00000000771515e4 5 bytes JMP 0000000173fa4651 .text C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe[1968] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread 0000000077151900 5 bytes JMP 0000000173fa2fd1 .text C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe[1968] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation 0000000077151bc4 5 bytes JMP 0000000173fa6031 .text C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe[1968] C:\Windows\SysWOW64\ntdll.dll!NtSystemDebugControl 0000000077151d6c 5 bytes JMP 0000000173fa6781 .text C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe[1968] C:\Windows\SysWOW64\ntdll.dll!NtVdmControl 0000000077151ec8 5 bytes JMP 0000000173fa6391 .text C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe[1968] C:\Windows\SysWOW64\ntdll.dll!RtlQueryPerformanceCounter 00000000771688a4 5 bytes JMP 0000000173fa1a71 .text C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe[1968] C:\Windows\SysWOW64\ntdll.dll!RtlCreateProcessParametersEx 0000000077190cfb 5 bytes JMP 0000000173fa1f81 .text C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe[1968] C:\Windows\SysWOW64\ntdll.dll!RtlReportException 00000000771d857f 5 bytes JMP 0000000173fa46e1 .text C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe[1968] C:\Windows\SysWOW64\ntdll.dll!RtlCreateProcessParameters 00000000771de81b 5 bytes JMP 0000000173fa1ef1 .text C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe[1968] C:\Windows\syswow64\kernel32.dll!GetStartupInfoA 0000000075550e00 5 bytes JMP 0000000173fa1d41 .text C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe[1968] C:\Windows\syswow64\kernel32.dll!CreateProcessA 0000000075551072 5 bytes JMP 0000000173fa2911 .text C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe[1968] C:\Windows\syswow64\kernel32.dll!LoadLibraryA 00000000755549bf 5 bytes JMP 0000000173fa2521 .text C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe[1968] C:\Windows\syswow64\kernel32.dll!CreateProcessInternalW 0000000075563bdb 5 bytes JMP 0000000173fa2eb1 .text C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe[1968] C:\Windows\syswow64\kernel32.dll!CreateToolhelp32Snapshot 0000000075577347 5 bytes JMP 0000000173fa2641 .text C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe[1968] C:\Windows\syswow64\kernel32.dll!Process32NextW 0000000075578954 5 bytes JMP 0000000173fa5e81 .text C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe[1968] C:\Windows\syswow64\kernel32.dll!WinExec 00000000755d2c91 5 bytes JMP 0000000173fa27f1 .text C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe[1968] C:\Windows\syswow64\kernel32.dll!ReadConsoleInputA 00000000755f6f6b 5 bytes JMP 0000000173fa4261 .text C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe[1968] C:\Windows\syswow64\kernel32.dll!ReadConsoleInputW 00000000755f6f8e 5 bytes JMP 0000000173fa4381 .text C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe[1968] C:\Windows\syswow64\kernel32.dll!ReadConsoleA 00000000755f7339 5 bytes JMP 0000000173fa44a1 .text C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe[1968] C:\Windows\syswow64\kernel32.dll!ReadConsoleW 00000000755f73b2 5 bytes JMP 0000000173fa45c1 .text C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe[1968] C:\Windows\syswow64\KERNELBASE.dll!GetSystemTimeAsFileTime 0000000075bb8f7d 5 bytes JMP 0000000173fa19e1 .text C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe[1968] C:\Windows\syswow64\KERNELBASE.dll!CloseHandle 0000000075bbc428 5 bytes JMP 0000000173fa37b1 .text C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe[1968] C:\Windows\syswow64\KERNELBASE.dll!WriteProcessMemory 0000000075bbec98 5 bytes JMP 0000000173fa32a1 .text C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe[1968] C:\Windows\syswow64\KERNELBASE.dll!ExitProcess 0000000075bbf1f8 5 bytes JMP 0000000173fa22e1 .text C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe[1968] C:\Windows\syswow64\KERNELBASE.dll!GetStartupInfoW 0000000075bbfa7b 5 bytes JMP 0000000173fa1dd1 .text C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe[1968] C:\Windows\syswow64\KERNELBASE.dll!CreateMutexW 0000000075bc134a 5 bytes JMP 0000000173fa3721 .text C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe[1968] C:\Windows\syswow64\KERNELBASE.dll!OpenMutexW 0000000075bc1371 5 bytes JMP 0000000173fa3691 .text C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe[1968] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000075bc1d1b 5 bytes JMP 0000000173fa1951 .text C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe[1968] C:\Windows\syswow64\KERNELBASE.dll!GetProcAddress 0000000075bc1e07 5 bytes JMP 0000000173fa2401 .text C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe[1968] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000075bc2aa4 5 bytes JMP 0000000173fa5a91 .text C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe[1968] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExA 0000000075bc2ccc 5 bytes JMP 0000000173fa5a01 .text C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe[1968] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000075bc2d0a 5 bytes JMP 0000000173fa5b21 .text C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe[1968] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleA 0000000075bc2e6d 5 bytes JMP 0000000173fa18c1 .text C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe[1968] C:\Windows\syswow64\KERNELBASE.dll!SleepEx 0000000075bc3b63 5 bytes JMP 0000000173fa21c1 .text C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe[1968] C:\Windows\syswow64\KERNELBASE.dll!Sleep 0000000075bc4489 5 bytes JMP 0000000173fa2371 .text C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe[1968] C:\Windows\syswow64\KERNELBASE.dll!CreateThread 0000000075bc45fb 5 bytes JMP 0000000173fa3211 .text C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe[1968] C:\Windows\syswow64\KERNELBASE.dll!CreateRemoteThread 0000000075bc4624 5 bytes JMP 0000000173fa2b51 .text C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe[1968] C:\Windows\syswow64\KERNELBASE.dll!CreateFileA 0000000075bcc72c 5 bytes JMP 0000000173fa26d1 .text C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe[1968] C:\Windows\syswow64\ADVAPI32.dll!OpenServiceW 000000007604ca4c 5 bytes JMP 0000000173fa38d1 .text C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe[1968] C:\Windows\syswow64\ADVAPI32.dll!OpenServiceA 0000000076052bf0 5 bytes JMP 0000000173fa3841 .text C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe[1968] C:\Windows\syswow64\ADVAPI32.dll!CloseServiceHandle 000000007605369c 5 bytes JMP 0000000173fa3cc1 .text C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe[1968] C:\Windows\syswow64\ADVAPI32.dll!RegOpenKeyExA + 222 00000000760549e5 5 bytes JMP 0000000173fa6811 .text C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe[1968] C:\Windows\syswow64\ADVAPI32.dll!CreateServiceW 000000007606712c 5 bytes JMP 0000000173fa3f01 .text C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe[1968] C:\Windows\syswow64\ADVAPI32.dll!ControlService 0000000076067144 5 bytes JMP 0000000173fa3a81 .text C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe[1968] C:\Windows\syswow64\ADVAPI32.dll!DeleteService 000000007606715c 5 bytes JMP 0000000173fa3b11 .text C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe[1968] C:\Windows\syswow64\ADVAPI32.dll!ChangeServiceConfigA 00000000760830e8 5 bytes JMP 0000000173fa3ba1 .text C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe[1968] C:\Windows\syswow64\ADVAPI32.dll!ChangeServiceConfigW 00000000760830f8 5 bytes JMP 0000000173fa3c31 .text C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe[1968] C:\Windows\syswow64\ADVAPI32.dll!ControlServiceExA 0000000076083108 5 bytes JMP 0000000173fa3961 .text C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe[1968] C:\Windows\syswow64\ADVAPI32.dll!ControlServiceExW 0000000076083118 5 bytes JMP 0000000173fa39f1 .text C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe[1968] C:\Windows\syswow64\ADVAPI32.dll!CreateServiceA 0000000076083158 5 bytes JMP 0000000173fa3e71 .text C:\Windows\System32\spoolsv.exe[1768] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateProcessParametersEx + 1 0000000076f892a1 5 bytes [B8, F9, 63, 9D, 75] .text C:\Windows\System32\spoolsv.exe[1768] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateProcessParametersEx + 7 0000000076f892a7 5 bytes [00, 00, 00, 50, C3] .text C:\Windows\System32\spoolsv.exe[1768] C:\Windows\SYSTEM32\ntdll.dll!NtWriteFile 0000000076fa1390 6 bytes [48, B8, 79, EC, 9D, 75] .text C:\Windows\System32\spoolsv.exe[1768] C:\Windows\SYSTEM32\ntdll.dll!NtWriteFile + 8 0000000076fa1398 4 bytes [00, 00, 50, C3] .text C:\Windows\System32\spoolsv.exe[1768] C:\Windows\SYSTEM32\ntdll.dll!NtClose 0000000076fa1400 6 bytes [48, B8, 79, D0, 9D, 75] .text C:\Windows\System32\spoolsv.exe[1768] C:\Windows\SYSTEM32\ntdll.dll!NtClose + 8 0000000076fa1408 4 bytes [00, 00, 50, C3] .text C:\Windows\System32\spoolsv.exe[1768] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess 0000000076fa14d0 6 bytes [48, B8, 39, BD, 9D, 75] .text C:\Windows\System32\spoolsv.exe[1768] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess + 8 0000000076fa14d8 4 bytes [00, 00, 50, C3] .text C:\Windows\System32\spoolsv.exe[1768] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000076fa1570 6 bytes [48, B8, F9, 32, 9D, 75] .text C:\Windows\System32\spoolsv.exe[1768] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess + 8 0000000076fa1578 4 bytes [00, 00, 50, C3] .text C:\Windows\System32\spoolsv.exe[1768] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 0000000076fa1590 6 bytes [48, B8, 39, 1C, 9D, 75] .text C:\Windows\System32\spoolsv.exe[1768] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection + 8 0000000076fa1598 4 bytes [00, 00, 50, C3] .text C:\Windows\System32\spoolsv.exe[1768] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection 0000000076fa15b0 6 bytes [48, B8, F9, 1D, 9D, 75] .text C:\Windows\System32\spoolsv.exe[1768] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection + 8 0000000076fa15b8 4 bytes [00, 00, 50, C3] .text C:\Windows\System32\spoolsv.exe[1768] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076fa15d0 6 bytes [48, B8, 79, BB, 9D, 75] .text C:\Windows\System32\spoolsv.exe[1768] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess + 8 0000000076fa15d8 4 bytes [00, 00, 50, C3] .text C:\Windows\System32\spoolsv.exe[1768] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076fa1680 6 bytes [48, B8, F9, E8, 9D, 75] .text C:\Windows\System32\spoolsv.exe[1768] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection + 8 0000000076fa1688 4 bytes [00, 00, 50, C3] .text C:\Windows\System32\spoolsv.exe[1768] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076fa16b0 6 bytes [48, B8, 79, 2F, 9D, 75] .text C:\Windows\System32\spoolsv.exe[1768] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory + 8 0000000076fa16b8 4 bytes [00, 00, 50, C3] .text C:\Windows\System32\spoolsv.exe[1768] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000076fa16d0 6 bytes [48, B8, 79, 36, 9D, 75] .text C:\Windows\System32\spoolsv.exe[1768] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject + 8 0000000076fa16d8 4 bytes [00, 00, 50, C3] .text C:\Windows\System32\spoolsv.exe[1768] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 0000000076fa1760 6 bytes [48, B8, B9, 34, 9D, 75] .text C:\Windows\System32\spoolsv.exe[1768] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread + 8 0000000076fa1768 4 bytes [00, 00, 50, C3] .text C:\Windows\System32\spoolsv.exe[1768] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076fa17b0 6 bytes [48, B8, 39, EE, 9D, 75] .text C:\Windows\System32\spoolsv.exe[1768] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection + 8 0000000076fa17b8 4 bytes [00, 00, 50, C3] .text C:\Windows\System32\spoolsv.exe[1768] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcessEx 0000000076fa17e0 6 bytes [48, B8, 39, 2A, 9D, 75] .text C:\Windows\System32\spoolsv.exe[1768] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcessEx + 8 0000000076fa17e8 4 bytes [00, 00, 50, C3] .text C:\Windows\System32\spoolsv.exe[1768] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076fa17f0 6 bytes [48, B8, B9, 26, 9D, 75] .text C:\Windows\System32\spoolsv.exe[1768] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread + 8 0000000076fa17f8 4 bytes [00, 00, 50, C3] .text C:\Windows\System32\spoolsv.exe[1768] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 0000000076fa1860 6 bytes [48, B8, B9, EA, 9D, 75] .text C:\Windows\System32\spoolsv.exe[1768] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile + 8 0000000076fa1868 4 bytes [00, 00, 50, C3] .text C:\Windows\System32\spoolsv.exe[1768] C:\Windows\SYSTEM32\ntdll.dll!NtSetValueKey 0000000076fa1910 6 bytes [48, B8, B9, F1, 9D, 75] .text C:\Windows\System32\spoolsv.exe[1768] C:\Windows\SYSTEM32\ntdll.dll!NtSetValueKey + 8 0000000076fa1918 4 bytes [00, 00, 50, C3] .text C:\Windows\System32\spoolsv.exe[1768] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076fa1ce0 6 bytes [48, B8, 39, E7, 9D, 75] .text C:\Windows\System32\spoolsv.exe[1768] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant + 8 0000000076fa1ce8 4 bytes [00, 00, 50, C3] .text C:\Windows\System32\spoolsv.exe[1768] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcess 0000000076fa1d30 6 bytes [48, B8, 79, 28, 9D, 75] .text C:\Windows\System32\spoolsv.exe[1768] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcess + 8 0000000076fa1d38 4 bytes [00, 00, 50, C3] .text C:\Windows\System32\spoolsv.exe[1768] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076fa1d90 6 bytes [48, B8, F9, 24, 9D, 75] .text C:\Windows\System32\spoolsv.exe[1768] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx + 8 0000000076fa1d98 4 bytes [00, 00, 50, C3] .text C:\Windows\System32\spoolsv.exe[1768] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076fa2100 6 bytes [48, B8, 39, D2, 9D, 75] .text C:\Windows\System32\spoolsv.exe[1768] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver + 8 0000000076fa2108 4 bytes [00, 00, 50, C3] .text C:\Windows\System32\spoolsv.exe[1768] C:\Windows\SYSTEM32\ntdll.dll!NtRaiseHardError 0000000076fa2640 6 bytes [48, B8, 39, 7E, 9D, 75] .text C:\Windows\System32\spoolsv.exe[1768] C:\Windows\SYSTEM32\ntdll.dll!NtRaiseHardError + 8 0000000076fa2648 4 bytes [00, 00, 50, C3] .text C:\Windows\System32\spoolsv.exe[1768] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076fa2840 6 bytes [48, B8, 39, 31, 9D, 75] .text C:\Windows\System32\spoolsv.exe[1768] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread + 8 0000000076fa2848 4 bytes [00, 00, 50, C3] .text C:\Windows\System32\spoolsv.exe[1768] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000076fa2a00 6 bytes [48, B8, F9, D3, 9D, 75] .text C:\Windows\System32\spoolsv.exe[1768] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation + 8 0000000076fa2a08 4 bytes [00, 00, 50, C3] .text C:\Windows\System32\spoolsv.exe[1768] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076fa2b00 6 bytes [48, B8, F9, EF, 9D, 75] .text C:\Windows\System32\spoolsv.exe[1768] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl + 8 0000000076fa2b08 4 bytes [00, 00, 50, C3] .text C:\Windows\System32\spoolsv.exe[1768] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000076fa2be0 6 bytes [48, B8, F9, E1, 9D, 75] .text C:\Windows\System32\spoolsv.exe[1768] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl + 8 0000000076fa2be8 4 bytes [00, 00, 50, C3] .text C:\Windows\System32\spoolsv.exe[1768] C:\Windows\SYSTEM32\ntdll.dll!RtlReportException + 1 00000000770131f1 11 bytes [B8, F9, 7F, 9D, 75, 00, 00, ...] .text C:\Windows\System32\spoolsv.exe[1768] C:\Windows\system32\kernel32.dll!Process32NextW + 1 0000000076e320f1 11 bytes [B8, B9, CE, 9D, 75, 00, 00, ...] .text C:\Windows\System32\spoolsv.exe[1768] C:\Windows\system32\kernel32.dll!CreateToolhelp32Snapshot 0000000076e321e0 12 bytes [48, B8, F9, 39, 9D, 75, 00, ...] .text C:\Windows\System32\spoolsv.exe[1768] C:\Windows\system32\kernel32.dll!CreateProcessInternalW 0000000076e4e750 12 bytes [48, B8, B9, 2D, 9D, 75, 00, ...] .text C:\Windows\System32\spoolsv.exe[1768] C:\Windows\system32\kernel32.dll!GetStartupInfoA + 1 0000000076e51e31 11 bytes [B8, 39, E0, 9D, 75, 00, 00, ...] .text C:\Windows\System32\spoolsv.exe[1768] C:\Windows\system32\kernel32.dll!ReadConsoleInputW + 1 0000000076e85011 11 bytes [B8, 79, 75, 9D, 75, 00, 00, ...] .text C:\Windows\System32\spoolsv.exe[1768] C:\Windows\system32\kernel32.dll!ReadConsoleInputA + 1 0000000076e85031 11 bytes [B8, F9, 71, 9D, 75, 00, 00, ...] .text C:\Windows\System32\spoolsv.exe[1768] C:\Windows\system32\kernel32.dll!ReadConsoleW 0000000076e9a560 12 bytes [48, B8, 79, 7C, 9D, 75, 00, ...] .text C:\Windows\System32\spoolsv.exe[1768] C:\Windows\system32\kernel32.dll!ReadConsoleA 0000000076e9a670 12 bytes [48, B8, F9, 78, 9D, 75, 00, ...] .text C:\Windows\System32\spoolsv.exe[1768] C:\Windows\system32\KERNELBASE.dll!CloseHandle + 1 000007fefd101861 11 bytes [B8, 39, 4D, 9D, 75, 00, 00, ...] .text C:\Windows\System32\spoolsv.exe[1768] C:\Windows\system32\KERNELBASE.dll!GetProcAddress + 1 000007fefd1030f1 11 bytes [B8, 39, C4, 9D, 75, 00, 00, ...] .text C:\Windows\System32\spoolsv.exe[1768] C:\Windows\system32\KERNELBASE.dll!CreateMutexW 000007fefd108b80 12 bytes [48, B8, 79, 4B, 9D, 75, 00, ...] .text C:\Windows\System32\spoolsv.exe[1768] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd109940 12 bytes [48, B8, B9, C0, 9D, 75, 00, ...] .text C:\Windows\System32\spoolsv.exe[1768] C:\Windows\system32\KERNELBASE.dll!FreeLibrary + 1 000007fefd109fb1 11 bytes [B8, 79, C2, 9D, 75, 00, 00, ...] .text C:\Windows\System32\spoolsv.exe[1768] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExA + 1 000007fefd10bbb1 11 bytes [B8, F9, BE, 9D, 75, 00, 00, ...] .text C:\Windows\System32\spoolsv.exe[1768] C:\Windows\system32\KERNELBASE.dll!OpenMutexW + 1 000007fefd1129c1 11 bytes [B8, B9, 49, 9D, 75, 00, 00, ...] .text C:\Windows\System32\spoolsv.exe[1768] C:\Windows\system32\KERNELBASE.dll!WriteProcessMemory 000007fefd134320 12 bytes [48, B8, 79, 3D, 9D, 75, 00, ...] .text C:\Windows\System32\spoolsv.exe[1768] C:\Windows\system32\KERNELBASE.dll!CreateRemoteThread + 1 000007fefd142841 8 bytes [B8, 39, 23, 9D, 75, 00, 00, ...] .text C:\Windows\System32\spoolsv.exe[1768] C:\Windows\system32\KERNELBASE.dll!CreateRemoteThread + 10 000007fefd14284a 2 bytes [50, C3] .text C:\Windows\System32\spoolsv.exe[1768] C:\Windows\system32\KERNELBASE.dll!CreateThread + 1 000007fefd142881 11 bytes [B8, B9, 3B, 9D, 75, 00, 00, ...] .text C:\Windows\system32\svchost.exe[2060] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateProcessParametersEx + 1 0000000076f892a1 5 bytes [B8, F9, 63, 9D, 75] .text C:\Windows\system32\svchost.exe[2060] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateProcessParametersEx + 7 0000000076f892a7 5 bytes [00, 00, 00, 50, C3] .text C:\Windows\system32\svchost.exe[2060] C:\Windows\SYSTEM32\ntdll.dll!NtWriteFile 0000000076fa1390 6 bytes [48, B8, 39, E7, 9D, 75] .text C:\Windows\system32\svchost.exe[2060] C:\Windows\SYSTEM32\ntdll.dll!NtWriteFile + 8 0000000076fa1398 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\svchost.exe[2060] C:\Windows\SYSTEM32\ntdll.dll!NtClose 0000000076fa1400 6 bytes [48, B8, 79, D0, 9D, 75] .text C:\Windows\system32\svchost.exe[2060] C:\Windows\SYSTEM32\ntdll.dll!NtClose + 8 0000000076fa1408 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\svchost.exe[2060] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess 0000000076fa14d0 6 bytes [48, B8, 39, BD, 9D, 75] .text C:\Windows\system32\svchost.exe[2060] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess + 8 0000000076fa14d8 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\svchost.exe[2060] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000076fa1570 6 bytes [48, B8, F9, 32, 9D, 75] .text C:\Windows\system32\svchost.exe[2060] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess + 8 0000000076fa1578 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\svchost.exe[2060] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 0000000076fa1590 6 bytes [48, B8, 39, 1C, 9D, 75] .text C:\Windows\system32\svchost.exe[2060] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection + 8 0000000076fa1598 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\svchost.exe[2060] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection 0000000076fa15b0 6 bytes [48, B8, F9, 1D, 9D, 75] .text C:\Windows\system32\svchost.exe[2060] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection + 8 0000000076fa15b8 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\svchost.exe[2060] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076fa15d0 6 bytes [48, B8, 79, BB, 9D, 75] .text C:\Windows\system32\svchost.exe[2060] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess + 8 0000000076fa15d8 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\svchost.exe[2060] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076fa1680 6 bytes [48, B8, B9, E3, 9D, 75] .text C:\Windows\system32\svchost.exe[2060] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection + 8 0000000076fa1688 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\svchost.exe[2060] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076fa16b0 6 bytes [48, B8, 79, 2F, 9D, 75] .text C:\Windows\system32\svchost.exe[2060] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory + 8 0000000076fa16b8 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\svchost.exe[2060] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000076fa16d0 6 bytes [48, B8, 79, 36, 9D, 75] .text C:\Windows\system32\svchost.exe[2060] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject + 8 0000000076fa16d8 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\svchost.exe[2060] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 0000000076fa1760 6 bytes [48, B8, B9, 34, 9D, 75] .text C:\Windows\system32\svchost.exe[2060] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread + 8 0000000076fa1768 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\svchost.exe[2060] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076fa17b0 6 bytes [48, B8, F9, E8, 9D, 75] .text C:\Windows\system32\svchost.exe[2060] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection + 8 0000000076fa17b8 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\svchost.exe[2060] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcessEx 0000000076fa17e0 6 bytes [48, B8, 39, 2A, 9D, 75] .text C:\Windows\system32\svchost.exe[2060] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcessEx + 8 0000000076fa17e8 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\svchost.exe[2060] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076fa17f0 6 bytes [48, B8, B9, 26, 9D, 75] .text C:\Windows\system32\svchost.exe[2060] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread + 8 0000000076fa17f8 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\svchost.exe[2060] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 0000000076fa1860 6 bytes [48, B8, 79, E5, 9D, 75] .text C:\Windows\system32\svchost.exe[2060] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile + 8 0000000076fa1868 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\svchost.exe[2060] C:\Windows\SYSTEM32\ntdll.dll!NtSetValueKey 0000000076fa1910 6 bytes [48, B8, 79, EC, 9D, 75] .text C:\Windows\system32\svchost.exe[2060] C:\Windows\SYSTEM32\ntdll.dll!NtSetValueKey + 8 0000000076fa1918 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\svchost.exe[2060] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076fa1ce0 6 bytes [48, B8, F9, E1, 9D, 75] .text C:\Windows\system32\svchost.exe[2060] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant + 8 0000000076fa1ce8 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\svchost.exe[2060] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcess 0000000076fa1d30 6 bytes [48, B8, 79, 28, 9D, 75] .text C:\Windows\system32\svchost.exe[2060] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcess + 8 0000000076fa1d38 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\svchost.exe[2060] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076fa1d90 6 bytes [48, B8, F9, 24, 9D, 75] .text C:\Windows\system32\svchost.exe[2060] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx + 8 0000000076fa1d98 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\svchost.exe[2060] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076fa2100 6 bytes [48, B8, 39, D2, 9D, 75] .text C:\Windows\system32\svchost.exe[2060] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver + 8 0000000076fa2108 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\svchost.exe[2060] C:\Windows\SYSTEM32\ntdll.dll!NtRaiseHardError 0000000076fa2640 6 bytes [48, B8, 39, 7E, 9D, 75] .text C:\Windows\system32\svchost.exe[2060] C:\Windows\SYSTEM32\ntdll.dll!NtRaiseHardError + 8 0000000076fa2648 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\svchost.exe[2060] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076fa2840 6 bytes [48, B8, 39, 31, 9D, 75] .text C:\Windows\system32\svchost.exe[2060] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread + 8 0000000076fa2848 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\svchost.exe[2060] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000076fa2a00 6 bytes [48, B8, F9, D3, 9D, 75] .text C:\Windows\system32\svchost.exe[2060] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation + 8 0000000076fa2a08 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\svchost.exe[2060] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076fa2b00 6 bytes [48, B8, B9, EA, 9D, 75] .text C:\Windows\system32\svchost.exe[2060] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl + 8 0000000076fa2b08 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\svchost.exe[2060] C:\Windows\SYSTEM32\ntdll.dll!RtlReportException + 1 00000000770131f1 11 bytes [B8, F9, 7F, 9D, 75, 00, 00, ...] .text C:\Windows\system32\svchost.exe[2060] C:\Windows\system32\kernel32.dll!Process32NextW + 1 0000000076e320f1 11 bytes [B8, B9, CE, 9D, 75, 00, 00, ...] .text C:\Windows\system32\svchost.exe[2060] C:\Windows\system32\kernel32.dll!CreateToolhelp32Snapshot 0000000076e321e0 12 bytes [48, B8, F9, 39, 9D, 75, 00, ...] .text C:\Windows\system32\svchost.exe[2060] C:\Windows\system32\kernel32.dll!CreateProcessInternalW 0000000076e4e750 12 bytes [48, B8, B9, 2D, 9D, 75, 00, ...] .text C:\Windows\system32\svchost.exe[2060] C:\Windows\system32\kernel32.dll!GetStartupInfoA + 1 0000000076e51e31 11 bytes [B8, 39, E0, 9D, 75, 00, 00, ...] .text C:\Windows\system32\svchost.exe[2060] C:\Windows\system32\kernel32.dll!ReadConsoleInputW + 1 0000000076e85011 11 bytes [B8, 79, 75, 9D, 75, 00, 00, ...] .text C:\Windows\system32\svchost.exe[2060] C:\Windows\system32\kernel32.dll!ReadConsoleInputA + 1 0000000076e85031 11 bytes [B8, F9, 71, 9D, 75, 00, 00, ...] .text C:\Windows\system32\svchost.exe[2060] C:\Windows\system32\kernel32.dll!ReadConsoleW 0000000076e9a560 12 bytes [48, B8, 79, 7C, 9D, 75, 00, ...] .text C:\Windows\system32\svchost.exe[2060] C:\Windows\system32\kernel32.dll!ReadConsoleA 0000000076e9a670 12 bytes [48, B8, F9, 78, 9D, 75, 00, ...] .text C:\Windows\system32\svchost.exe[2060] C:\Windows\system32\KERNELBASE.dll!CloseHandle + 1 000007fefd101861 11 bytes [B8, 39, 4D, 9D, 75, 00, 00, ...] .text C:\Windows\system32\svchost.exe[2060] C:\Windows\system32\KERNELBASE.dll!GetProcAddress + 1 000007fefd1030f1 11 bytes [B8, 39, C4, 9D, 75, 00, 00, ...] .text C:\Windows\system32\svchost.exe[2060] C:\Windows\system32\KERNELBASE.dll!CreateMutexW 000007fefd108b80 12 bytes [48, B8, 79, 4B, 9D, 75, 00, ...] .text C:\Windows\system32\svchost.exe[2060] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd109940 12 bytes [48, B8, B9, C0, 9D, 75, 00, ...] .text C:\Windows\system32\svchost.exe[2060] C:\Windows\system32\KERNELBASE.dll!FreeLibrary + 1 000007fefd109fb1 11 bytes [B8, 79, C2, 9D, 75, 00, 00, ...] .text C:\Windows\system32\svchost.exe[2060] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExA + 1 000007fefd10bbb1 11 bytes [B8, F9, BE, 9D, 75, 00, 00, ...] .text C:\Windows\system32\svchost.exe[2060] C:\Windows\system32\KERNELBASE.dll!OpenMutexW + 1 000007fefd1129c1 11 bytes [B8, B9, 49, 9D, 75, 00, 00, ...] .text C:\Windows\system32\svchost.exe[2060] C:\Windows\system32\KERNELBASE.dll!WriteProcessMemory 000007fefd134320 12 bytes [48, B8, 79, 3D, 9D, 75, 00, ...] .text C:\Windows\system32\svchost.exe[2060] C:\Windows\system32\KERNELBASE.dll!CreateRemoteThread + 1 000007fefd142841 8 bytes [B8, 39, 23, 9D, 75, 00, 00, ...] .text C:\Windows\system32\svchost.exe[2060] C:\Windows\system32\KERNELBASE.dll!CreateRemoteThread + 10 000007fefd14284a 2 bytes [50, C3] .text C:\Windows\system32\svchost.exe[2060] C:\Windows\system32\KERNELBASE.dll!CreateThread + 1 000007fefd142881 11 bytes [B8, B9, 3B, 9D, 75, 00, 00, ...] .text C:\Windows\system32\svchost.exe[2060] C:\Windows\system32\WS2_32.dll!WSASend + 1 000007fefdeb13b1 11 bytes [B8, B9, B9, 9D, 75, 00, 00, ...] .text C:\Windows\system32\svchost.exe[2060] C:\Windows\system32\WS2_32.dll!closesocket 000007fefdeb18e0 12 bytes [48, B8, F9, B7, 9D, 75, 00, ...] .text C:\Windows\system32\svchost.exe[2060] C:\Windows\system32\WS2_32.dll!WSASocketW + 1 000007fefdeb1bd1 11 bytes [B8, 39, B6, 9D, 75, 00, 00, ...] .text C:\Windows\system32\svchost.exe[2060] C:\Windows\system32\WS2_32.dll!WSARecv + 1 000007fefdeb2201 11 bytes [B8, B9, DC, 9D, 75, 00, 00, ...] .text C:\Windows\system32\svchost.exe[2060] C:\Windows\system32\WS2_32.dll!GetAddrInfoW 000007fefdeb23c0 12 bytes [48, B8, 39, A1, 9D, 75, 00, ...] .text C:\Windows\system32\svchost.exe[2060] C:\Windows\system32\WS2_32.dll!connect 000007fefdeb45c0 12 bytes [48, B8, 39, 62, 9D, 75, 00, ...] .text C:\Windows\system32\svchost.exe[2060] C:\Windows\system32\WS2_32.dll!send + 1 000007fefdeb8001 11 bytes [B8, 79, B4, 9D, 75, 00, 00, ...] .text C:\Windows\system32\svchost.exe[2060] C:\Windows\system32\WS2_32.dll!gethostbyname 000007fefdeb8df0 7 bytes [48, B8, F9, A2, 9D, 75, 00] .text C:\Windows\system32\svchost.exe[2060] C:\Windows\system32\WS2_32.dll!gethostbyname + 9 000007fefdeb8df9 3 bytes [00, 50, C3] .text C:\Windows\system32\svchost.exe[2060] C:\Windows\system32\WS2_32.dll!socket + 1 000007fefdebde91 11 bytes [B8, B9, D5, 9D, 75, 00, 00, ...] .text C:\Windows\system32\svchost.exe[2060] C:\Windows\system32\WS2_32.dll!recv + 1 000007fefdebdf41 11 bytes [B8, F9, DA, 9D, 75, 00, 00, ...] .text C:\Windows\system32\svchost.exe[2060] C:\Windows\system32\WS2_32.dll!WSAConnect + 1 000007fefdede0f1 11 bytes [B8, 39, D9, 9D, 75, 00, 00, ...] .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[2208] C:\Windows\SysWOW64\ntdll.dll!NtWriteFile 000000007714f908 5 bytes JMP 0000000173fa6661 .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[2208] C:\Windows\SysWOW64\ntdll.dll!NtClose 000000007714f9c0 5 bytes JMP 0000000173fa5f11 .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[2208] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationProcess 000000007714fb08 5 bytes JMP 0000000173fa5971 .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[2208] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess 000000007714fc00 5 bytes JMP 0000000173fa3061 .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[2208] C:\Windows\SysWOW64\ntdll.dll!NtMapViewOfSection 000000007714fc30 5 bytes JMP 0000000173fa15f1 .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[2208] C:\Windows\SysWOW64\ntdll.dll!NtUnmapViewOfSection 000000007714fc60 5 bytes JMP 0000000173fa1681 .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[2208] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 000000007714fc90 5 bytes JMP 0000000173fa58e1 .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[2208] C:\Windows\SysWOW64\ntdll.dll!NtOpenSection 000000007714fda8 5 bytes JMP 0000000173fa65d1 .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[2208] C:\Windows\SysWOW64\ntdll.dll!NtWriteVirtualMemory 000000007714fdf4 5 bytes JMP 0000000173fa2f41 .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[2208] C:\Windows\SysWOW64\ntdll.dll!NtDuplicateObject 000000007714fe24 5 bytes JMP 0000000173fa3181 .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[2208] C:\Windows\SysWOW64\ntdll.dll!NtQueueApcThread 000000007714ff04 5 bytes JMP 0000000173fa30f1 .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[2208] C:\Windows\SysWOW64\ntdll.dll!NtCreateSection 000000007714ff84 5 bytes JMP 0000000173fa66f1 .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[2208] C:\Windows\SysWOW64\ntdll.dll!NtCreateProcessEx 000000007714ffcc 5 bytes JMP 0000000173fa2d91 .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[2208] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread 000000007714ffe4 5 bytes JMP 0000000173fa2c71 .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[2208] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile 0000000077150094 5 bytes JMP 0000000173fa1e61 .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[2208] C:\Windows\SysWOW64\ntdll.dll!NtSetValueKey 00000000771501a4 5 bytes JMP 0000000173fa2251 .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[2208] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant 000000007715077c 5 bytes JMP 0000000173fa6541 .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[2208] C:\Windows\SysWOW64\ntdll.dll!NtCreateProcess 00000000771507f4 5 bytes JMP 0000000173fa2d01 .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[2208] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx 0000000077150884 5 bytes JMP 0000000173fa2be1 .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[2208] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver 0000000077150dd4 5 bytes JMP 0000000173fa5fa1 .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[2208] C:\Windows\SysWOW64\ntdll.dll!NtRaiseHardError 00000000771515e4 5 bytes JMP 0000000173fa4651 .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[2208] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread 0000000077151900 5 bytes JMP 0000000173fa2fd1 .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[2208] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation 0000000077151bc4 5 bytes JMP 0000000173fa6031 .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[2208] C:\Windows\SysWOW64\ntdll.dll!NtSystemDebugControl 0000000077151d6c 5 bytes JMP 0000000173fa6781 .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[2208] C:\Windows\SysWOW64\ntdll.dll!NtVdmControl 0000000077151ec8 5 bytes JMP 0000000173fa6391 .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[2208] C:\Windows\SysWOW64\ntdll.dll!RtlQueryPerformanceCounter 00000000771688a4 5 bytes JMP 0000000173fa1a71 .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[2208] C:\Windows\SysWOW64\ntdll.dll!RtlCreateProcessParametersEx 0000000077190cfb 5 bytes JMP 0000000173fa1f81 .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[2208] C:\Windows\SysWOW64\ntdll.dll!RtlReportException 00000000771d857f 5 bytes JMP 0000000173fa46e1 .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[2208] C:\Windows\SysWOW64\ntdll.dll!RtlCreateProcessParameters 00000000771de81b 5 bytes JMP 0000000173fa1ef1 .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[2208] C:\Windows\syswow64\kernel32.dll!GetStartupInfoA 0000000075550e00 5 bytes JMP 0000000173fa1d41 .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[2208] C:\Windows\syswow64\kernel32.dll!CreateProcessA 0000000075551072 5 bytes JMP 0000000173fa2911 .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[2208] C:\Windows\syswow64\kernel32.dll!LoadLibraryA 00000000755549bf 5 bytes JMP 0000000173fa2521 .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[2208] C:\Windows\syswow64\kernel32.dll!CreateProcessInternalW 0000000075563bdb 5 bytes JMP 0000000173fa2eb1 .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[2208] C:\Windows\syswow64\kernel32.dll!CreateToolhelp32Snapshot 0000000075577347 5 bytes JMP 0000000173fa2641 .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[2208] C:\Windows\syswow64\kernel32.dll!Process32NextW 0000000075578954 5 bytes JMP 0000000173fa5e81 .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[2208] C:\Windows\syswow64\kernel32.dll!WinExec 00000000755d2c91 5 bytes JMP 0000000173fa27f1 .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[2208] C:\Windows\syswow64\kernel32.dll!ReadConsoleInputA 00000000755f6f6b 5 bytes JMP 0000000173fa4261 .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[2208] C:\Windows\syswow64\kernel32.dll!ReadConsoleInputW 00000000755f6f8e 5 bytes JMP 0000000173fa4381 .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[2208] C:\Windows\syswow64\kernel32.dll!ReadConsoleA 00000000755f7339 5 bytes JMP 0000000173fa44a1 .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[2208] C:\Windows\syswow64\kernel32.dll!ReadConsoleW 00000000755f73b2 5 bytes JMP 0000000173fa45c1 .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[2208] C:\Windows\syswow64\KERNELBASE.dll!GetSystemTimeAsFileTime 0000000075bb8f7d 5 bytes JMP 0000000173fa19e1 .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[2208] C:\Windows\syswow64\KERNELBASE.dll!CloseHandle 0000000075bbc428 5 bytes JMP 0000000173fa37b1 .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[2208] C:\Windows\syswow64\KERNELBASE.dll!WriteProcessMemory 0000000075bbec98 5 bytes JMP 0000000173fa32a1 .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[2208] C:\Windows\syswow64\KERNELBASE.dll!ExitProcess 0000000075bbf1f8 5 bytes JMP 0000000173fa22e1 .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[2208] C:\Windows\syswow64\KERNELBASE.dll!GetStartupInfoW 0000000075bbfa7b 5 bytes JMP 0000000173fa1dd1 .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[2208] C:\Windows\syswow64\KERNELBASE.dll!CreateMutexW 0000000075bc134a 5 bytes JMP 0000000173fa3721 .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[2208] C:\Windows\syswow64\KERNELBASE.dll!OpenMutexW 0000000075bc1371 5 bytes JMP 0000000173fa3691 .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[2208] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000075bc1d1b 5 bytes JMP 0000000173fa1951 .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[2208] C:\Windows\syswow64\KERNELBASE.dll!GetProcAddress 0000000075bc1e07 5 bytes JMP 0000000173fa2401 .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[2208] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000075bc2aa4 5 bytes JMP 0000000173fa5a91 .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[2208] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExA 0000000075bc2ccc 5 bytes JMP 0000000173fa5a01 .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[2208] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000075bc2d0a 5 bytes JMP 0000000173fa5b21 .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[2208] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleA 0000000075bc2e6d 5 bytes JMP 0000000173fa18c1 .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[2208] C:\Windows\syswow64\KERNELBASE.dll!SleepEx 0000000075bc3b63 5 bytes JMP 0000000173fa21c1 .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[2208] C:\Windows\syswow64\KERNELBASE.dll!Sleep 0000000075bc4489 5 bytes JMP 0000000173fa2371 .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[2208] C:\Windows\syswow64\KERNELBASE.dll!CreateThread 0000000075bc45fb 5 bytes JMP 0000000173fa3211 .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[2208] C:\Windows\syswow64\KERNELBASE.dll!CreateRemoteThread 0000000075bc4624 5 bytes JMP 0000000173fa2b51 .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[2208] C:\Windows\syswow64\KERNELBASE.dll!CreateFileA 0000000075bcc72c 5 bytes JMP 0000000173fa26d1 .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[2208] C:\Windows\syswow64\USER32.dll!GetMessageW 00000000758b78e2 5 bytes JMP 0000000173fa4021 .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[2208] C:\Windows\syswow64\USER32.dll!GetMessageA 00000000758b7bd3 5 bytes JMP 0000000173fa3f91 .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[2208] C:\Windows\syswow64\USER32.dll!CreateWindowExW 00000000758b8a29 5 bytes JMP 0000000173fa52b1 .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[2208] C:\Windows\syswow64\USER32.dll!FindWindowW 00000000758b98fd 5 bytes JMP 0000000173fa5cd1 .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[2208] C:\Windows\syswow64\USER32.dll!UserClientDllInitialize 00000000758bb6ed 5 bytes JMP 0000000173fa6811 .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[2208] C:\Windows\syswow64\USER32.dll!CreateWindowExA 00000000758bd22e 5 bytes JMP 0000000173fa5341 .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[2208] C:\Windows\syswow64\USER32.dll!FindWindowA 00000000758bffe6 5 bytes JMP 0000000173fa5bb1 .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[2208] C:\Windows\syswow64\USER32.dll!FindWindowExA 00000000758c00d9 5 bytes JMP 0000000173fa5c41 .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[2208] C:\Windows\syswow64\USER32.dll!PeekMessageW 00000000758c05ba 5 bytes JMP 0000000173fa4141 .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[2208] C:\Windows\syswow64\USER32.dll!ShowWindow 00000000758c0dfb 5 bytes JMP 0000000173fa53d1 .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[2208] C:\Windows\syswow64\USER32.dll!PostMessageW 00000000758c12a5 5 bytes JMP 0000000173fa64b1 .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[2208] C:\Windows\syswow64\USER32.dll!SetWindowTextW 00000000758c20ec 5 bytes JMP 0000000173fa5731 .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[2208] C:\Windows\syswow64\USER32.dll!PostMessageA 00000000758c3baa 5 bytes JMP 0000000173fa6421 .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[2208] C:\Windows\syswow64\USER32.dll!PeekMessageA 00000000758c5f74 5 bytes JMP 0000000173fa40b1 .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[2208] C:\Windows\syswow64\USER32.dll!CallNextHookEx 00000000758c6285 5 bytes JMP 0000000173fa4771 .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[2208] C:\Windows\syswow64\USER32.dll!SetWindowsHookExW 00000000758c7603 5 bytes JMP 0000000173fa2ac1 .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[2208] C:\Windows\syswow64\USER32.dll!SetWindowTextA 00000000758c7aee 5 bytes JMP 0000000173fa56a1 .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[2208] C:\Windows\syswow64\USER32.dll!SetWindowsHookExA 00000000758c835c 5 bytes JMP 0000000173fa2a31 .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[2208] C:\Windows\syswow64\USER32.dll!DialogBoxIndirectParamAorW 00000000758dce54 5 bytes JMP 0000000173fa54f1 .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[2208] C:\Windows\syswow64\USER32.dll!UnhookWindowsHookEx 00000000758df52b 5 bytes JMP 0000000173fa4801 .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[2208] C:\Windows\syswow64\USER32.dll!FindWindowExW 00000000758df588 5 bytes JMP 0000000173fa5d61 .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[2208] C:\Windows\syswow64\USER32.dll!CreateDialogIndirectParamAorW 00000000758e10a0 5 bytes JMP 0000000173fa5461 .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[2208] C:\Windows\syswow64\USER32.dll!MessageBoxExA 000000007590fcd6 5 bytes JMP 0000000173fa5581 .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[2208] C:\Windows\syswow64\USER32.dll!MessageBoxExW 000000007590fcfa 5 bytes JMP 0000000173fa5611 .text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[2228] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateProcessParametersEx + 1 0000000076f892a1 5 bytes [B8, F9, 63, 9D, 75] .text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[2228] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateProcessParametersEx + 7 0000000076f892a7 5 bytes [00, 00, 00, 50, C3] .text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[2228] C:\Windows\SYSTEM32\ntdll.dll!NtWriteFile 0000000076fa1390 6 bytes [48, B8, 79, EC, 9D, 75] .text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[2228] C:\Windows\SYSTEM32\ntdll.dll!NtWriteFile + 8 0000000076fa1398 4 bytes [00, 00, 50, C3] .text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[2228] C:\Windows\SYSTEM32\ntdll.dll!NtClose 0000000076fa1400 6 bytes [48, B8, 79, D0, 9D, 75] .text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[2228] C:\Windows\SYSTEM32\ntdll.dll!NtClose + 8 0000000076fa1408 4 bytes [00, 00, 50, C3] .text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[2228] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess 0000000076fa14d0 6 bytes [48, B8, 39, BD, 9D, 75] .text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[2228] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess + 8 0000000076fa14d8 4 bytes [00, 00, 50, C3] .text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[2228] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000076fa1570 6 bytes [48, B8, F9, 32, 9D, 75] .text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[2228] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess + 8 0000000076fa1578 4 bytes [00, 00, 50, C3] .text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[2228] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 0000000076fa1590 6 bytes [48, B8, 39, 1C, 9D, 75] .text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[2228] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection + 8 0000000076fa1598 4 bytes [00, 00, 50, C3] .text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[2228] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection 0000000076fa15b0 6 bytes [48, B8, F9, 1D, 9D, 75] .text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[2228] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection + 8 0000000076fa15b8 4 bytes [00, 00, 50, C3] .text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[2228] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076fa15d0 6 bytes [48, B8, 79, BB, 9D, 75] .text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[2228] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess + 8 0000000076fa15d8 4 bytes [00, 00, 50, C3] .text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[2228] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076fa1680 6 bytes [48, B8, F9, E8, 9D, 75] .text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[2228] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection + 8 0000000076fa1688 4 bytes [00, 00, 50, C3] .text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[2228] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076fa16b0 6 bytes [48, B8, 79, 2F, 9D, 75] .text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[2228] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory + 8 0000000076fa16b8 4 bytes [00, 00, 50, C3] .text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[2228] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000076fa16d0 6 bytes [48, B8, 79, 36, 9D, 75] .text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[2228] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject + 8 0000000076fa16d8 4 bytes [00, 00, 50, C3] .text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[2228] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 0000000076fa1760 6 bytes [48, B8, B9, 34, 9D, 75] .text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[2228] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread + 8 0000000076fa1768 4 bytes [00, 00, 50, C3] .text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[2228] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076fa17b0 6 bytes [48, B8, 39, EE, 9D, 75] .text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[2228] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection + 8 0000000076fa17b8 4 bytes [00, 00, 50, C3] .text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[2228] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcessEx 0000000076fa17e0 6 bytes [48, B8, 39, 2A, 9D, 75] .text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[2228] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcessEx + 8 0000000076fa17e8 4 bytes [00, 00, 50, C3] .text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[2228] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076fa17f0 6 bytes [48, B8, B9, 26, 9D, 75] .text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[2228] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread + 8 0000000076fa17f8 4 bytes [00, 00, 50, C3] .text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[2228] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 0000000076fa1860 6 bytes [48, B8, B9, EA, 9D, 75] .text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[2228] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile + 8 0000000076fa1868 4 bytes [00, 00, 50, C3] .text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[2228] C:\Windows\SYSTEM32\ntdll.dll!NtSetValueKey 0000000076fa1910 6 bytes [48, B8, B9, F1, 9D, 75] .text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[2228] C:\Windows\SYSTEM32\ntdll.dll!NtSetValueKey + 8 0000000076fa1918 4 bytes [00, 00, 50, C3] .text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[2228] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076fa1ce0 6 bytes [48, B8, 39, E7, 9D, 75] .text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[2228] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant + 8 0000000076fa1ce8 4 bytes [00, 00, 50, C3] .text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[2228] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcess 0000000076fa1d30 6 bytes [48, B8, 79, 28, 9D, 75] .text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[2228] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcess + 8 0000000076fa1d38 4 bytes [00, 00, 50, C3] .text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[2228] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076fa1d90 6 bytes [48, B8, F9, 24, 9D, 75] .text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[2228] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx + 8 0000000076fa1d98 4 bytes [00, 00, 50, C3] .text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[2228] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076fa2100 6 bytes [48, B8, 39, D2, 9D, 75] .text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[2228] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver + 8 0000000076fa2108 4 bytes [00, 00, 50, C3] .text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[2228] C:\Windows\SYSTEM32\ntdll.dll!NtRaiseHardError 0000000076fa2640 6 bytes [48, B8, 39, 7E, 9D, 75] .text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[2228] C:\Windows\SYSTEM32\ntdll.dll!NtRaiseHardError + 8 0000000076fa2648 4 bytes [00, 00, 50, C3] .text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[2228] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076fa2840 6 bytes [48, B8, 39, 31, 9D, 75] .text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[2228] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread + 8 0000000076fa2848 4 bytes [00, 00, 50, C3] .text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[2228] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000076fa2a00 6 bytes [48, B8, F9, D3, 9D, 75] .text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[2228] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation + 8 0000000076fa2a08 4 bytes [00, 00, 50, C3] .text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[2228] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076fa2b00 6 bytes [48, B8, F9, EF, 9D, 75] .text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[2228] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl + 8 0000000076fa2b08 4 bytes [00, 00, 50, C3] .text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[2228] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000076fa2be0 6 bytes [48, B8, F9, E1, 9D, 75] .text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[2228] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl + 8 0000000076fa2be8 4 bytes [00, 00, 50, C3] .text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[2228] C:\Windows\SYSTEM32\ntdll.dll!RtlReportException + 1 00000000770131f1 11 bytes [B8, F9, 7F, 9D, 75, 00, 00, ...] .text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[2228] C:\Windows\system32\kernel32.dll!Process32NextW + 1 0000000076e320f1 11 bytes [B8, B9, CE, 9D, 75, 00, 00, ...] .text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[2228] C:\Windows\system32\kernel32.dll!CreateToolhelp32Snapshot 0000000076e321e0 12 bytes [48, B8, F9, 39, 9D, 75, 00, ...] .text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[2228] C:\Windows\system32\kernel32.dll!CreateProcessInternalW 0000000076e4e750 12 bytes [48, B8, B9, 2D, 9D, 75, 00, ...] .text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[2228] C:\Windows\system32\kernel32.dll!GetStartupInfoA + 1 0000000076e51e31 11 bytes [B8, 39, E0, 9D, 75, 00, 00, ...] .text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[2228] C:\Windows\system32\kernel32.dll!ReadConsoleInputW + 1 0000000076e85011 11 bytes [B8, 79, 75, 9D, 75, 00, 00, ...] .text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[2228] C:\Windows\system32\kernel32.dll!ReadConsoleInputA + 1 0000000076e85031 11 bytes [B8, F9, 71, 9D, 75, 00, 00, ...] .text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[2228] C:\Windows\system32\kernel32.dll!ReadConsoleW 0000000076e9a560 12 bytes [48, B8, 79, 7C, 9D, 75, 00, ...] .text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[2228] C:\Windows\system32\kernel32.dll!ReadConsoleA 0000000076e9a670 12 bytes [48, B8, F9, 78, 9D, 75, 00, ...] .text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[2228] C:\Windows\system32\KERNELBASE.dll!CloseHandle + 1 000007fefd101861 11 bytes [B8, 39, 4D, 9D, 75, 00, 00, ...] .text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[2228] C:\Windows\system32\KERNELBASE.dll!GetProcAddress + 1 000007fefd1030f1 11 bytes [B8, 39, C4, 9D, 75, 00, 00, ...] .text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[2228] C:\Windows\system32\KERNELBASE.dll!CreateMutexW 000007fefd108b80 12 bytes [48, B8, 79, 4B, 9D, 75, 00, ...] .text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[2228] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd109940 12 bytes [48, B8, B9, C0, 9D, 75, 00, ...] .text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[2228] C:\Windows\system32\KERNELBASE.dll!FreeLibrary + 1 000007fefd109fb1 11 bytes [B8, 79, C2, 9D, 75, 00, 00, ...] .text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[2228] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExA + 1 000007fefd10bbb1 11 bytes [B8, F9, BE, 9D, 75, 00, 00, ...] .text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[2228] C:\Windows\system32\KERNELBASE.dll!OpenMutexW + 1 000007fefd1129c1 11 bytes [B8, B9, 49, 9D, 75, 00, 00, ...] .text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[2228] C:\Windows\system32\KERNELBASE.dll!WriteProcessMemory 000007fefd134320 12 bytes [48, B8, 79, 3D, 9D, 75, 00, ...] .text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[2228] C:\Windows\system32\KERNELBASE.dll!CreateRemoteThread + 1 000007fefd142841 8 bytes [B8, 39, 23, 9D, 75, 00, 00, ...] .text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[2228] C:\Windows\system32\KERNELBASE.dll!CreateRemoteThread + 10 000007fefd14284a 2 bytes [50, C3] .text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[2228] C:\Windows\system32\KERNELBASE.dll!CreateThread + 1 000007fefd142881 11 bytes [B8, B9, 3B, 9D, 75, 00, 00, ...] .text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[2228] C:\Windows\SYSTEM32\sechost.dll!ControlService + 1 000007fefd27642d 11 bytes [B8, F9, 55, 9D, 75, 00, 00, ...] .text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[2228] C:\Windows\SYSTEM32\sechost.dll!OpenServiceW 000007fefd276484 12 bytes [48, B8, B9, 50, 9D, 75, 00, ...] .text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[2228] C:\Windows\SYSTEM32\sechost.dll!CloseServiceHandle + 1 000007fefd276519 11 bytes [B8, F9, 5C, 9D, 75, 00, 00, ...] .text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[2228] C:\Windows\SYSTEM32\sechost.dll!OpenServiceA 000007fefd276c34 12 bytes [48, B8, F9, 4E, 9D, 75, 00, ...] .text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[2228] C:\Windows\SYSTEM32\sechost.dll!DeleteService + 1 000007fefd277ab5 11 bytes [B8, B9, 57, 9D, 75, 00, 00, ...] .text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[2228] C:\Windows\SYSTEM32\sechost.dll!ControlServiceExA + 1 000007fefd278b01 11 bytes [B8, 79, 52, 9D, 75, 00, 00, ...] .text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[2228] C:\Windows\SYSTEM32\sechost.dll!ControlServiceExW + 1 000007fefd278c39 11 bytes [B8, 39, 54, 9D, 75, 00, 00, ...] .text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[2228] C:\Windows\system32\urlmon.dll!URLDownloadToFileW + 1 000007fefd329959 11 bytes [B8, B9, 5E, 9D, 75, 00, 00, ...] .text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[2228] C:\Windows\system32\urlmon.dll!URLDownloadToCacheFileW 000007fefd329a38 12 bytes [48, B8, 79, 60, 9D, 75, 00, ...] .text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[2228] C:\Windows\system32\ws2_32.DLL!WSASend + 1 000007fefdeb13b1 11 bytes [B8, B9, B9, 9D, 75, 00, 00, ...] .text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[2228] C:\Windows\system32\ws2_32.DLL!closesocket 000007fefdeb18e0 12 bytes [48, B8, F9, B7, 9D, 75, 00, ...] .text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[2228] C:\Windows\system32\ws2_32.DLL!WSASocketW + 1 000007fefdeb1bd1 11 bytes [B8, 39, B6, 9D, 75, 00, 00, ...] .text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[2228] C:\Windows\system32\ws2_32.DLL!WSARecv + 1 000007fefdeb2201 11 bytes [B8, B9, DC, 9D, 75, 00, 00, ...] .text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[2228] C:\Windows\system32\ws2_32.DLL!GetAddrInfoW 000007fefdeb23c0 12 bytes [48, B8, 39, A1, 9D, 75, 00, ...] .text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[2228] C:\Windows\system32\ws2_32.DLL!connect 000007fefdeb45c0 12 bytes [48, B8, 39, 62, 9D, 75, 00, ...] .text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[2228] C:\Windows\system32\ws2_32.DLL!send + 1 000007fefdeb8001 11 bytes [B8, 79, B4, 9D, 75, 00, 00, ...] .text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[2228] C:\Windows\system32\ws2_32.DLL!gethostbyname 000007fefdeb8df0 7 bytes [48, B8, F9, A2, 9D, 75, 00] .text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[2228] C:\Windows\system32\ws2_32.DLL!gethostbyname + 9 000007fefdeb8df9 3 bytes [00, 50, C3] .text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[2228] C:\Windows\system32\ws2_32.DLL!socket + 1 000007fefdebde91 11 bytes [B8, B9, D5, 9D, 75, 00, 00, ...] .text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[2228] C:\Windows\system32\ws2_32.DLL!recv + 1 000007fefdebdf41 11 bytes [B8, F9, DA, 9D, 75, 00, 00, ...] .text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[2228] C:\Windows\system32\ws2_32.DLL!WSAConnect + 1 000007fefdede0f1 11 bytes [B8, 39, D9, 9D, 75, 00, 00, ...] .text C:\Program Files (x86)\AMD\OverDrive\AODAssist.exe[2340] C:\Windows\SysWOW64\ntdll.dll!NtWriteFile 000000007714f908 5 bytes JMP 0000000173fa6661 .text C:\Program Files (x86)\AMD\OverDrive\AODAssist.exe[2340] C:\Windows\SysWOW64\ntdll.dll!NtClose 000000007714f9c0 5 bytes JMP 0000000173fa5f11 .text C:\Program Files (x86)\AMD\OverDrive\AODAssist.exe[2340] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationProcess 000000007714fb08 5 bytes JMP 0000000173fa5971 .text C:\Program Files (x86)\AMD\OverDrive\AODAssist.exe[2340] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess 000000007714fc00 5 bytes JMP 0000000173fa3061 .text C:\Program Files (x86)\AMD\OverDrive\AODAssist.exe[2340] C:\Windows\SysWOW64\ntdll.dll!NtMapViewOfSection 000000007714fc30 5 bytes JMP 0000000173fa15f1 .text C:\Program Files (x86)\AMD\OverDrive\AODAssist.exe[2340] C:\Windows\SysWOW64\ntdll.dll!NtUnmapViewOfSection 000000007714fc60 5 bytes JMP 0000000173fa1681 .text C:\Program Files (x86)\AMD\OverDrive\AODAssist.exe[2340] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 000000007714fc90 5 bytes JMP 0000000173fa58e1 .text C:\Program Files (x86)\AMD\OverDrive\AODAssist.exe[2340] C:\Windows\SysWOW64\ntdll.dll!NtOpenSection 000000007714fda8 5 bytes JMP 0000000173fa65d1 .text C:\Program Files (x86)\AMD\OverDrive\AODAssist.exe[2340] C:\Windows\SysWOW64\ntdll.dll!NtWriteVirtualMemory 000000007714fdf4 5 bytes JMP 0000000173fa2f41 .text C:\Program Files (x86)\AMD\OverDrive\AODAssist.exe[2340] C:\Windows\SysWOW64\ntdll.dll!NtDuplicateObject 000000007714fe24 5 bytes JMP 0000000173fa3181 .text C:\Program Files (x86)\AMD\OverDrive\AODAssist.exe[2340] C:\Windows\SysWOW64\ntdll.dll!NtQueueApcThread 000000007714ff04 5 bytes JMP 0000000173fa30f1 .text C:\Program Files (x86)\AMD\OverDrive\AODAssist.exe[2340] C:\Windows\SysWOW64\ntdll.dll!NtCreateSection 000000007714ff84 5 bytes JMP 0000000173fa66f1 .text C:\Program Files (x86)\AMD\OverDrive\AODAssist.exe[2340] C:\Windows\SysWOW64\ntdll.dll!NtCreateProcessEx 000000007714ffcc 5 bytes JMP 0000000173fa2d91 .text C:\Program Files (x86)\AMD\OverDrive\AODAssist.exe[2340] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread 000000007714ffe4 5 bytes JMP 0000000173fa2c71 .text C:\Program Files (x86)\AMD\OverDrive\AODAssist.exe[2340] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile 0000000077150094 5 bytes JMP 0000000173fa1e61 .text C:\Program Files (x86)\AMD\OverDrive\AODAssist.exe[2340] C:\Windows\SysWOW64\ntdll.dll!NtSetValueKey 00000000771501a4 5 bytes JMP 0000000173fa2251 .text C:\Program Files (x86)\AMD\OverDrive\AODAssist.exe[2340] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant 000000007715077c 5 bytes JMP 0000000173fa6541 .text C:\Program Files (x86)\AMD\OverDrive\AODAssist.exe[2340] C:\Windows\SysWOW64\ntdll.dll!NtCreateProcess 00000000771507f4 5 bytes JMP 0000000173fa2d01 .text C:\Program Files (x86)\AMD\OverDrive\AODAssist.exe[2340] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx 0000000077150884 5 bytes JMP 0000000173fa2be1 .text C:\Program Files (x86)\AMD\OverDrive\AODAssist.exe[2340] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver 0000000077150dd4 5 bytes JMP 0000000173fa5fa1 .text C:\Program Files (x86)\AMD\OverDrive\AODAssist.exe[2340] C:\Windows\SysWOW64\ntdll.dll!NtRaiseHardError 00000000771515e4 5 bytes JMP 0000000173fa4651 .text C:\Program Files (x86)\AMD\OverDrive\AODAssist.exe[2340] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread 0000000077151900 5 bytes JMP 0000000173fa2fd1 .text C:\Program Files (x86)\AMD\OverDrive\AODAssist.exe[2340] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation 0000000077151bc4 5 bytes JMP 0000000173fa6031 .text C:\Program Files (x86)\AMD\OverDrive\AODAssist.exe[2340] C:\Windows\SysWOW64\ntdll.dll!NtSystemDebugControl 0000000077151d6c 5 bytes JMP 0000000173fa6781 .text C:\Program Files (x86)\AMD\OverDrive\AODAssist.exe[2340] C:\Windows\SysWOW64\ntdll.dll!NtVdmControl 0000000077151ec8 5 bytes JMP 0000000173fa6391 .text C:\Program Files (x86)\AMD\OverDrive\AODAssist.exe[2340] C:\Windows\SysWOW64\ntdll.dll!RtlQueryPerformanceCounter 00000000771688a4 5 bytes JMP 0000000173fa1a71 .text C:\Program Files (x86)\AMD\OverDrive\AODAssist.exe[2340] C:\Windows\SysWOW64\ntdll.dll!RtlCreateProcessParametersEx 0000000077190cfb 5 bytes JMP 0000000173fa1f81 .text C:\Program Files (x86)\AMD\OverDrive\AODAssist.exe[2340] C:\Windows\SysWOW64\ntdll.dll!RtlReportException 00000000771d857f 5 bytes JMP 0000000173fa46e1 .text C:\Program Files (x86)\AMD\OverDrive\AODAssist.exe[2340] C:\Windows\SysWOW64\ntdll.dll!RtlCreateProcessParameters 00000000771de81b 5 bytes JMP 0000000173fa1ef1 .text C:\Program Files (x86)\AMD\OverDrive\AODAssist.exe[2340] C:\Windows\syswow64\kernel32.dll!GetStartupInfoA 0000000075550e00 5 bytes JMP 0000000173fa1d41 .text C:\Program Files (x86)\AMD\OverDrive\AODAssist.exe[2340] C:\Windows\syswow64\kernel32.dll!CreateProcessA 0000000075551072 5 bytes JMP 0000000173fa2911 .text C:\Program Files (x86)\AMD\OverDrive\AODAssist.exe[2340] C:\Windows\syswow64\kernel32.dll!LoadLibraryA 00000000755549bf 5 bytes JMP 0000000173fa2521 .text C:\Program Files (x86)\AMD\OverDrive\AODAssist.exe[2340] C:\Windows\syswow64\kernel32.dll!CreateProcessInternalW 0000000075563bdb 5 bytes JMP 0000000173fa2eb1 .text C:\Program Files (x86)\AMD\OverDrive\AODAssist.exe[2340] C:\Windows\syswow64\kernel32.dll!CreateToolhelp32Snapshot 0000000075577347 5 bytes JMP 0000000173fa2641 .text C:\Program Files (x86)\AMD\OverDrive\AODAssist.exe[2340] C:\Windows\syswow64\kernel32.dll!Process32NextW 0000000075578954 5 bytes JMP 0000000173fa5e81 .text C:\Program Files (x86)\AMD\OverDrive\AODAssist.exe[2340] C:\Windows\syswow64\kernel32.dll!WinExec 00000000755d2c91 5 bytes JMP 0000000173fa27f1 .text C:\Program Files (x86)\AMD\OverDrive\AODAssist.exe[2340] C:\Windows\syswow64\kernel32.dll!ReadConsoleInputA 00000000755f6f6b 5 bytes JMP 0000000173fa4261 .text C:\Program Files (x86)\AMD\OverDrive\AODAssist.exe[2340] C:\Windows\syswow64\kernel32.dll!ReadConsoleInputW 00000000755f6f8e 5 bytes JMP 0000000173fa4381 .text C:\Program Files (x86)\AMD\OverDrive\AODAssist.exe[2340] C:\Windows\syswow64\kernel32.dll!ReadConsoleA 00000000755f7339 5 bytes JMP 0000000173fa44a1 .text C:\Program Files (x86)\AMD\OverDrive\AODAssist.exe[2340] C:\Windows\syswow64\kernel32.dll!ReadConsoleW 00000000755f73b2 5 bytes JMP 0000000173fa45c1 .text C:\Program Files (x86)\AMD\OverDrive\AODAssist.exe[2340] C:\Windows\syswow64\KERNELBASE.dll!GetSystemTimeAsFileTime 0000000075bb8f7d 5 bytes JMP 0000000173fa19e1 .text C:\Program Files (x86)\AMD\OverDrive\AODAssist.exe[2340] C:\Windows\syswow64\KERNELBASE.dll!CloseHandle 0000000075bbc428 5 bytes JMP 0000000173fa37b1 .text C:\Program Files (x86)\AMD\OverDrive\AODAssist.exe[2340] C:\Windows\syswow64\KERNELBASE.dll!WriteProcessMemory 0000000075bbec98 5 bytes JMP 0000000173fa32a1 .text C:\Program Files (x86)\AMD\OverDrive\AODAssist.exe[2340] C:\Windows\syswow64\KERNELBASE.dll!ExitProcess 0000000075bbf1f8 5 bytes JMP 0000000173fa22e1 .text C:\Program Files (x86)\AMD\OverDrive\AODAssist.exe[2340] C:\Windows\syswow64\KERNELBASE.dll!GetStartupInfoW 0000000075bbfa7b 5 bytes JMP 0000000173fa1dd1 .text C:\Program Files (x86)\AMD\OverDrive\AODAssist.exe[2340] C:\Windows\syswow64\KERNELBASE.dll!CreateMutexW 0000000075bc134a 5 bytes JMP 0000000173fa3721 .text C:\Program Files (x86)\AMD\OverDrive\AODAssist.exe[2340] C:\Windows\syswow64\KERNELBASE.dll!OpenMutexW 0000000075bc1371 5 bytes JMP 0000000173fa3691 .text C:\Program Files (x86)\AMD\OverDrive\AODAssist.exe[2340] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000075bc1d1b 5 bytes JMP 0000000173fa1951 .text C:\Program Files (x86)\AMD\OverDrive\AODAssist.exe[2340] C:\Windows\syswow64\KERNELBASE.dll!GetProcAddress 0000000075bc1e07 5 bytes JMP 0000000173fa2401 .text C:\Program Files (x86)\AMD\OverDrive\AODAssist.exe[2340] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000075bc2aa4 5 bytes JMP 0000000173fa5a91 .text C:\Program Files (x86)\AMD\OverDrive\AODAssist.exe[2340] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExA 0000000075bc2ccc 5 bytes JMP 0000000173fa5a01 .text C:\Program Files (x86)\AMD\OverDrive\AODAssist.exe[2340] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000075bc2d0a 5 bytes JMP 0000000173fa5b21 .text C:\Program Files (x86)\AMD\OverDrive\AODAssist.exe[2340] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleA 0000000075bc2e6d 5 bytes JMP 0000000173fa18c1 .text C:\Program Files (x86)\AMD\OverDrive\AODAssist.exe[2340] C:\Windows\syswow64\KERNELBASE.dll!SleepEx 0000000075bc3b63 5 bytes JMP 0000000173fa21c1 .text C:\Program Files (x86)\AMD\OverDrive\AODAssist.exe[2340] C:\Windows\syswow64\KERNELBASE.dll!Sleep 0000000075bc4489 5 bytes JMP 0000000173fa2371 .text C:\Program Files (x86)\AMD\OverDrive\AODAssist.exe[2340] C:\Windows\syswow64\KERNELBASE.dll!CreateThread 0000000075bc45fb 5 bytes JMP 0000000173fa3211 .text C:\Program Files (x86)\AMD\OverDrive\AODAssist.exe[2340] C:\Windows\syswow64\KERNELBASE.dll!CreateRemoteThread 0000000075bc4624 5 bytes JMP 0000000173fa2b51 .text C:\Program Files (x86)\AMD\OverDrive\AODAssist.exe[2340] C:\Windows\syswow64\KERNELBASE.dll!CreateFileA 0000000075bcc72c 5 bytes JMP 0000000173fa26d1 .text C:\Program Files (x86)\AMD\OverDrive\AODAssist.exe[2340] C:\Windows\syswow64\msvcrt.dll!_lock + 41 000000007540a472 5 bytes JMP 0000000173fa6811 .text C:\Program Files (x86)\AMD\OverDrive\AODAssist.exe[2340] C:\Windows\syswow64\msvcrt.dll!__p__fmode 00000000754127ce 5 bytes JMP 0000000173fa1b91 .text C:\Program Files (x86)\AMD\OverDrive\AODAssist.exe[2340] C:\Windows\syswow64\msvcrt.dll!__p__environ 000000007541e6cf 5 bytes JMP 0000000173fa1b01 .text C:\Program Files (x86)\AMD\OverDrive\AODAssist.exe[2340] C:\Windows\syswow64\WS2_32.dll!closesocket 0000000075343918 5 bytes JMP 0000000173fa5851 .text C:\Program Files (x86)\AMD\OverDrive\AODAssist.exe[2340] C:\Windows\syswow64\WS2_32.dll!WSASocketW 0000000075343cd3 5 bytes JMP 0000000173fa57c1 .text C:\Program Files (x86)\AMD\OverDrive\AODAssist.exe[2340] C:\Windows\syswow64\WS2_32.dll!socket 0000000075343eb8 5 bytes JMP 0000000173fa60c1 .text C:\Program Files (x86)\AMD\OverDrive\AODAssist.exe[2340] C:\Windows\syswow64\WS2_32.dll!WSASend 0000000075344406 5 bytes JMP 0000000173fa20a1 .text C:\Program Files (x86)\AMD\OverDrive\AODAssist.exe[2340] C:\Windows\syswow64\WS2_32.dll!GetAddrInfoW 0000000075344889 5 bytes JMP 0000000173fa5191 .text C:\Program Files (x86)\AMD\OverDrive\AODAssist.exe[2340] C:\Windows\syswow64\WS2_32.dll!recv 0000000075346b0e 5 bytes JMP 0000000173fa6271 .text C:\Program Files (x86)\AMD\OverDrive\AODAssist.exe[2340] C:\Windows\syswow64\WS2_32.dll!connect 0000000075346bdd 1 byte JMP 0000000173fa3de1 .text C:\Program Files (x86)\AMD\OverDrive\AODAssist.exe[2340] C:\Windows\syswow64\WS2_32.dll!connect + 2 0000000075346bdf 3 bytes {CALL RCX} .text C:\Program Files (x86)\AMD\OverDrive\AODAssist.exe[2340] C:\Windows\syswow64\WS2_32.dll!send 0000000075346f01 5 bytes JMP 0000000173fa2011 .text C:\Program Files (x86)\AMD\OverDrive\AODAssist.exe[2340] C:\Windows\syswow64\WS2_32.dll!WSARecv 0000000075347089 5 bytes JMP 0000000173fa6301 .text C:\Program Files (x86)\AMD\OverDrive\AODAssist.exe[2340] C:\Windows\syswow64\WS2_32.dll!WSAConnect 000000007534cc3f 5 bytes JMP 0000000173fa61e1 .text C:\Program Files (x86)\AMD\OverDrive\AODAssist.exe[2340] C:\Windows\syswow64\WS2_32.dll!gethostbyname 0000000075357673 5 bytes JMP 0000000173fa5221 .text C:\Program Files (x86)\AMD\OverDrive\AODAssist.exe[2340] C:\Windows\syswow64\SHELL32.dll!Shell_NotifyIconW 0000000076100171 5 bytes JMP 0000000173fa4891 .text C:\Program Files (x86)\AMD\OverDrive\AODAssist.exe[2340] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000074d51465 2 bytes [D5, 74] .text C:\Program Files (x86)\AMD\OverDrive\AODAssist.exe[2340] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000074d514bb 2 bytes [D5, 74] .text ... * 2 .text C:\xampp\apache\bin\httpd.exe[2424] C:\Windows\SysWOW64\ntdll.dll!NtWriteFile 000000007714f908 5 bytes JMP 0000000173fa6661 .text C:\xampp\apache\bin\httpd.exe[2424] C:\Windows\SysWOW64\ntdll.dll!NtClose 000000007714f9c0 5 bytes JMP 0000000173fa5f11 .text C:\xampp\apache\bin\httpd.exe[2424] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationProcess 000000007714fb08 5 bytes JMP 0000000173fa5971 .text C:\xampp\apache\bin\httpd.exe[2424] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess 000000007714fc00 5 bytes JMP 0000000173fa3061 .text C:\xampp\apache\bin\httpd.exe[2424] C:\Windows\SysWOW64\ntdll.dll!NtMapViewOfSection 000000007714fc30 5 bytes JMP 0000000173fa15f1 .text C:\xampp\apache\bin\httpd.exe[2424] C:\Windows\SysWOW64\ntdll.dll!NtUnmapViewOfSection 000000007714fc60 5 bytes JMP 0000000173fa1681 .text C:\xampp\apache\bin\httpd.exe[2424] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 000000007714fc90 5 bytes JMP 0000000173fa58e1 .text C:\xampp\apache\bin\httpd.exe[2424] C:\Windows\SysWOW64\ntdll.dll!NtOpenSection 000000007714fda8 5 bytes JMP 0000000173fa65d1 .text C:\xampp\apache\bin\httpd.exe[2424] C:\Windows\SysWOW64\ntdll.dll!NtWriteVirtualMemory 000000007714fdf4 5 bytes JMP 0000000173fa2f41 .text C:\xampp\apache\bin\httpd.exe[2424] C:\Windows\SysWOW64\ntdll.dll!NtDuplicateObject 000000007714fe24 5 bytes JMP 0000000173fa3181 .text C:\xampp\apache\bin\httpd.exe[2424] C:\Windows\SysWOW64\ntdll.dll!NtQueueApcThread 000000007714ff04 5 bytes JMP 0000000173fa30f1 .text C:\xampp\apache\bin\httpd.exe[2424] C:\Windows\SysWOW64\ntdll.dll!NtCreateSection 000000007714ff84 5 bytes JMP 0000000173fa66f1 .text C:\xampp\apache\bin\httpd.exe[2424] C:\Windows\SysWOW64\ntdll.dll!NtCreateProcessEx 000000007714ffcc 5 bytes JMP 0000000173fa2d91 .text C:\xampp\apache\bin\httpd.exe[2424] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread 000000007714ffe4 5 bytes JMP 0000000173fa2c71 .text C:\xampp\apache\bin\httpd.exe[2424] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile 0000000077150094 5 bytes JMP 0000000173fa1e61 .text C:\xampp\apache\bin\httpd.exe[2424] C:\Windows\SysWOW64\ntdll.dll!NtSetValueKey 00000000771501a4 5 bytes JMP 0000000173fa2251 .text C:\xampp\apache\bin\httpd.exe[2424] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant 000000007715077c 5 bytes JMP 0000000173fa6541 .text C:\xampp\apache\bin\httpd.exe[2424] C:\Windows\SysWOW64\ntdll.dll!NtCreateProcess 00000000771507f4 5 bytes JMP 0000000173fa2d01 .text C:\xampp\apache\bin\httpd.exe[2424] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx 0000000077150884 5 bytes JMP 0000000173fa2be1 .text C:\xampp\apache\bin\httpd.exe[2424] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver 0000000077150dd4 5 bytes JMP 0000000173fa5fa1 .text C:\xampp\apache\bin\httpd.exe[2424] C:\Windows\SysWOW64\ntdll.dll!NtRaiseHardError 00000000771515e4 5 bytes JMP 0000000173fa4651 .text C:\xampp\apache\bin\httpd.exe[2424] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread 0000000077151900 5 bytes JMP 0000000173fa2fd1 .text C:\xampp\apache\bin\httpd.exe[2424] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation 0000000077151bc4 5 bytes JMP 0000000173fa6031 .text C:\xampp\apache\bin\httpd.exe[2424] C:\Windows\SysWOW64\ntdll.dll!NtSystemDebugControl 0000000077151d6c 5 bytes JMP 0000000173fa6781 .text C:\xampp\apache\bin\httpd.exe[2424] C:\Windows\SysWOW64\ntdll.dll!NtVdmControl 0000000077151ec8 5 bytes JMP 0000000173fa6391 .text C:\xampp\apache\bin\httpd.exe[2424] C:\Windows\SysWOW64\ntdll.dll!RtlQueryPerformanceCounter 00000000771688a4 5 bytes JMP 0000000173fa1a71 .text C:\xampp\apache\bin\httpd.exe[2424] C:\Windows\SysWOW64\ntdll.dll!RtlCreateProcessParametersEx 0000000077190cfb 5 bytes JMP 0000000173fa1f81 .text C:\xampp\apache\bin\httpd.exe[2424] C:\Windows\SysWOW64\ntdll.dll!RtlReportException 00000000771d857f 5 bytes JMP 0000000173fa46e1 .text C:\xampp\apache\bin\httpd.exe[2424] C:\Windows\SysWOW64\ntdll.dll!RtlCreateProcessParameters 00000000771de81b 5 bytes JMP 0000000173fa1ef1 .text C:\xampp\apache\bin\httpd.exe[2424] C:\Windows\syswow64\kernel32.dll!GetStartupInfoA 0000000075550e00 5 bytes JMP 0000000173fa1d41 .text C:\xampp\apache\bin\httpd.exe[2424] C:\Windows\syswow64\kernel32.dll!CreateProcessA 0000000075551072 5 bytes JMP 0000000173fa2911 .text C:\xampp\apache\bin\httpd.exe[2424] C:\Windows\syswow64\kernel32.dll!LoadLibraryA 00000000755549bf 5 bytes JMP 0000000173fa2521 .text C:\xampp\apache\bin\httpd.exe[2424] C:\Windows\syswow64\kernel32.dll!CreateProcessInternalW 0000000075563bdb 5 bytes JMP 0000000173fa2eb1 .text C:\xampp\apache\bin\httpd.exe[2424] C:\Windows\syswow64\kernel32.dll!CreateToolhelp32Snapshot 0000000075577347 5 bytes JMP 0000000173fa2641 .text C:\xampp\apache\bin\httpd.exe[2424] C:\Windows\syswow64\kernel32.dll!Process32NextW 0000000075578954 5 bytes JMP 0000000173fa5e81 .text C:\xampp\apache\bin\httpd.exe[2424] C:\Windows\syswow64\kernel32.dll!WinExec 00000000755d2c91 5 bytes JMP 0000000173fa27f1 .text C:\xampp\apache\bin\httpd.exe[2424] C:\Windows\syswow64\kernel32.dll!ReadConsoleInputA 00000000755f6f6b 5 bytes JMP 0000000173fa4261 .text C:\xampp\apache\bin\httpd.exe[2424] C:\Windows\syswow64\kernel32.dll!ReadConsoleInputW 00000000755f6f8e 5 bytes JMP 0000000173fa4381 .text C:\xampp\apache\bin\httpd.exe[2424] C:\Windows\syswow64\kernel32.dll!ReadConsoleA 00000000755f7339 5 bytes JMP 0000000173fa44a1 .text C:\xampp\apache\bin\httpd.exe[2424] C:\Windows\syswow64\kernel32.dll!ReadConsoleW 00000000755f73b2 5 bytes JMP 0000000173fa45c1 .text C:\xampp\apache\bin\httpd.exe[2424] C:\Windows\syswow64\KERNELBASE.dll!GetSystemTimeAsFileTime 0000000075bb8f7d 5 bytes JMP 0000000173fa19e1 .text C:\xampp\apache\bin\httpd.exe[2424] C:\Windows\syswow64\KERNELBASE.dll!CloseHandle 0000000075bbc428 5 bytes JMP 0000000173fa37b1 .text C:\xampp\apache\bin\httpd.exe[2424] C:\Windows\syswow64\KERNELBASE.dll!WriteProcessMemory 0000000075bbec98 5 bytes JMP 0000000173fa32a1 .text C:\xampp\apache\bin\httpd.exe[2424] C:\Windows\syswow64\KERNELBASE.dll!ExitProcess 0000000075bbf1f8 5 bytes JMP 0000000173fa22e1 .text C:\xampp\apache\bin\httpd.exe[2424] C:\Windows\syswow64\KERNELBASE.dll!GetStartupInfoW 0000000075bbfa7b 5 bytes JMP 0000000173fa1dd1 .text C:\xampp\apache\bin\httpd.exe[2424] C:\Windows\syswow64\KERNELBASE.dll!CreateMutexW 0000000075bc134a 5 bytes JMP 0000000173fa3721 .text C:\xampp\apache\bin\httpd.exe[2424] C:\Windows\syswow64\KERNELBASE.dll!OpenMutexW 0000000075bc1371 5 bytes JMP 0000000173fa3691 .text C:\xampp\apache\bin\httpd.exe[2424] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000075bc1d1b 5 bytes JMP 0000000173fa1951 .text C:\xampp\apache\bin\httpd.exe[2424] C:\Windows\syswow64\KERNELBASE.dll!GetProcAddress 0000000075bc1e07 5 bytes JMP 0000000173fa2401 .text C:\xampp\apache\bin\httpd.exe[2424] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000075bc2aa4 5 bytes JMP 0000000173fa5a91 .text C:\xampp\apache\bin\httpd.exe[2424] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExA 0000000075bc2ccc 5 bytes JMP 0000000173fa5a01 .text C:\xampp\apache\bin\httpd.exe[2424] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000075bc2d0a 5 bytes JMP 0000000173fa5b21 .text C:\xampp\apache\bin\httpd.exe[2424] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleA 0000000075bc2e6d 5 bytes JMP 0000000173fa18c1 .text C:\xampp\apache\bin\httpd.exe[2424] C:\Windows\syswow64\KERNELBASE.dll!SleepEx 0000000075bc3b63 5 bytes JMP 0000000173fa21c1 .text C:\xampp\apache\bin\httpd.exe[2424] C:\Windows\syswow64\KERNELBASE.dll!Sleep 0000000075bc4489 5 bytes JMP 0000000173fa2371 .text C:\xampp\apache\bin\httpd.exe[2424] C:\Windows\syswow64\KERNELBASE.dll!CreateThread 0000000075bc45fb 5 bytes JMP 0000000173fa3211 .text C:\xampp\apache\bin\httpd.exe[2424] C:\Windows\syswow64\KERNELBASE.dll!CreateRemoteThread 0000000075bc4624 5 bytes JMP 0000000173fa2b51 .text C:\xampp\apache\bin\httpd.exe[2424] C:\Windows\syswow64\KERNELBASE.dll!CreateFileA 0000000075bcc72c 5 bytes JMP 0000000173fa26d1 .text C:\xampp\apache\bin\httpd.exe[2424] C:\Windows\syswow64\WS2_32.dll!closesocket 0000000075343918 5 bytes JMP 0000000173fa5851 .text C:\xampp\apache\bin\httpd.exe[2424] C:\Windows\syswow64\WS2_32.dll!WSASocketW 0000000075343cd3 5 bytes JMP 0000000173fa57c1 .text C:\xampp\apache\bin\httpd.exe[2424] C:\Windows\syswow64\WS2_32.dll!socket 0000000075343eb8 5 bytes JMP 0000000173fa60c1 .text C:\xampp\apache\bin\httpd.exe[2424] C:\Windows\syswow64\WS2_32.dll!WSASend 0000000075344406 5 bytes JMP 0000000173fa20a1 .text C:\xampp\apache\bin\httpd.exe[2424] C:\Windows\syswow64\WS2_32.dll!GetAddrInfoW 0000000075344889 5 bytes JMP 0000000173fa5191 .text C:\xampp\apache\bin\httpd.exe[2424] C:\Windows\syswow64\WS2_32.dll!recv 0000000075346b0e 5 bytes JMP 0000000173fa6271 .text C:\xampp\apache\bin\httpd.exe[2424] C:\Windows\syswow64\WS2_32.dll!connect 0000000075346bdd 1 byte JMP 0000000173fa3de1 .text C:\xampp\apache\bin\httpd.exe[2424] C:\Windows\syswow64\WS2_32.dll!connect + 2 0000000075346bdf 3 bytes {CALL RCX} .text C:\xampp\apache\bin\httpd.exe[2424] C:\Windows\syswow64\WS2_32.dll!send 0000000075346f01 5 bytes JMP 0000000173fa2011 .text C:\xampp\apache\bin\httpd.exe[2424] C:\Windows\syswow64\WS2_32.dll!WSARecv 0000000075347089 5 bytes JMP 0000000173fa6301 .text C:\xampp\apache\bin\httpd.exe[2424] C:\Windows\syswow64\WS2_32.dll!WSAConnect 000000007534cc3f 5 bytes JMP 0000000173fa61e1 .text C:\xampp\apache\bin\httpd.exe[2424] C:\Windows\syswow64\WS2_32.dll!gethostbyname 0000000075357673 5 bytes JMP 0000000173fa5221 .text C:\Program Files (x86)\Bluetooth Suite\adminservice.exe[2460] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateProcessParametersEx + 1 0000000076f892a1 5 bytes [B8, F9, 63, 9D, 75] .text C:\Program Files (x86)\Bluetooth Suite\adminservice.exe[2460] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateProcessParametersEx + 7 0000000076f892a7 5 bytes [00, 00, 00, 50, C3] .text C:\Program Files (x86)\Bluetooth Suite\adminservice.exe[2460] C:\Windows\SYSTEM32\ntdll.dll!NtWriteFile 0000000076fa1390 6 bytes [48, B8, 79, EC, 9D, 75] .text C:\Program Files (x86)\Bluetooth Suite\adminservice.exe[2460] C:\Windows\SYSTEM32\ntdll.dll!NtWriteFile + 8 0000000076fa1398 4 bytes [00, 00, 50, C3] .text C:\Program Files (x86)\Bluetooth Suite\adminservice.exe[2460] C:\Windows\SYSTEM32\ntdll.dll!NtClose 0000000076fa1400 6 bytes [48, B8, 79, D0, 9D, 75] .text C:\Program Files (x86)\Bluetooth Suite\adminservice.exe[2460] C:\Windows\SYSTEM32\ntdll.dll!NtClose + 8 0000000076fa1408 4 bytes [00, 00, 50, C3] .text C:\Program Files (x86)\Bluetooth Suite\adminservice.exe[2460] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess 0000000076fa14d0 6 bytes [48, B8, 39, BD, 9D, 75] .text C:\Program Files (x86)\Bluetooth Suite\adminservice.exe[2460] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess + 8 0000000076fa14d8 4 bytes [00, 00, 50, C3] .text C:\Program Files (x86)\Bluetooth Suite\adminservice.exe[2460] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000076fa1570 6 bytes [48, B8, F9, 32, 9D, 75] .text C:\Program Files (x86)\Bluetooth Suite\adminservice.exe[2460] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess + 8 0000000076fa1578 4 bytes [00, 00, 50, C3] .text C:\Program Files (x86)\Bluetooth Suite\adminservice.exe[2460] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 0000000076fa1590 6 bytes [48, B8, 39, 1C, 9D, 75] .text C:\Program Files (x86)\Bluetooth Suite\adminservice.exe[2460] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection + 8 0000000076fa1598 4 bytes [00, 00, 50, C3] .text C:\Program Files (x86)\Bluetooth Suite\adminservice.exe[2460] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection 0000000076fa15b0 6 bytes [48, B8, F9, 1D, 9D, 75] .text C:\Program Files (x86)\Bluetooth Suite\adminservice.exe[2460] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection + 8 0000000076fa15b8 4 bytes [00, 00, 50, C3] .text C:\Program Files (x86)\Bluetooth Suite\adminservice.exe[2460] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076fa15d0 6 bytes [48, B8, 79, BB, 9D, 75] .text C:\Program Files (x86)\Bluetooth Suite\adminservice.exe[2460] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess + 8 0000000076fa15d8 4 bytes [00, 00, 50, C3] .text C:\Program Files (x86)\Bluetooth Suite\adminservice.exe[2460] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076fa1680 6 bytes [48, B8, F9, E8, 9D, 75] .text C:\Program Files (x86)\Bluetooth Suite\adminservice.exe[2460] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection + 8 0000000076fa1688 4 bytes [00, 00, 50, C3] .text C:\Program Files (x86)\Bluetooth Suite\adminservice.exe[2460] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076fa16b0 6 bytes [48, B8, 79, 2F, 9D, 75] .text C:\Program Files (x86)\Bluetooth Suite\adminservice.exe[2460] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory + 8 0000000076fa16b8 4 bytes [00, 00, 50, C3] .text C:\Program Files (x86)\Bluetooth Suite\adminservice.exe[2460] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000076fa16d0 6 bytes [48, B8, 79, 36, 9D, 75] .text C:\Program Files (x86)\Bluetooth Suite\adminservice.exe[2460] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject + 8 0000000076fa16d8 4 bytes [00, 00, 50, C3] .text C:\Program Files (x86)\Bluetooth Suite\adminservice.exe[2460] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 0000000076fa1760 6 bytes [48, B8, B9, 34, 9D, 75] .text C:\Program Files (x86)\Bluetooth Suite\adminservice.exe[2460] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread + 8 0000000076fa1768 4 bytes [00, 00, 50, C3] .text C:\Program Files (x86)\Bluetooth Suite\adminservice.exe[2460] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076fa17b0 6 bytes [48, B8, 39, EE, 9D, 75] .text C:\Program Files (x86)\Bluetooth Suite\adminservice.exe[2460] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection + 8 0000000076fa17b8 4 bytes [00, 00, 50, C3] .text C:\Program Files (x86)\Bluetooth Suite\adminservice.exe[2460] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcessEx 0000000076fa17e0 6 bytes [48, B8, 39, 2A, 9D, 75] .text C:\Program Files (x86)\Bluetooth Suite\adminservice.exe[2460] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcessEx + 8 0000000076fa17e8 4 bytes [00, 00, 50, C3] .text C:\Program Files (x86)\Bluetooth Suite\adminservice.exe[2460] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076fa17f0 6 bytes [48, B8, B9, 26, 9D, 75] .text C:\Program Files (x86)\Bluetooth Suite\adminservice.exe[2460] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread + 8 0000000076fa17f8 4 bytes [00, 00, 50, C3] .text C:\Program Files (x86)\Bluetooth Suite\adminservice.exe[2460] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 0000000076fa1860 6 bytes [48, B8, B9, EA, 9D, 75] .text C:\Program Files (x86)\Bluetooth Suite\adminservice.exe[2460] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile + 8 0000000076fa1868 4 bytes [00, 00, 50, C3] .text C:\Program Files (x86)\Bluetooth Suite\adminservice.exe[2460] C:\Windows\SYSTEM32\ntdll.dll!NtSetValueKey 0000000076fa1910 6 bytes [48, B8, B9, F1, 9D, 75] .text C:\Program Files (x86)\Bluetooth Suite\adminservice.exe[2460] C:\Windows\SYSTEM32\ntdll.dll!NtSetValueKey + 8 0000000076fa1918 4 bytes [00, 00, 50, C3] .text C:\Program Files (x86)\Bluetooth Suite\adminservice.exe[2460] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076fa1ce0 6 bytes [48, B8, 39, E7, 9D, 75] .text C:\Program Files (x86)\Bluetooth Suite\adminservice.exe[2460] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant + 8 0000000076fa1ce8 4 bytes [00, 00, 50, C3] .text C:\Program Files (x86)\Bluetooth Suite\adminservice.exe[2460] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcess 0000000076fa1d30 6 bytes [48, B8, 79, 28, 9D, 75] .text C:\Program Files (x86)\Bluetooth Suite\adminservice.exe[2460] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcess + 8 0000000076fa1d38 4 bytes [00, 00, 50, C3] .text C:\Program Files (x86)\Bluetooth Suite\adminservice.exe[2460] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076fa1d90 6 bytes [48, B8, F9, 24, 9D, 75] .text C:\Program Files (x86)\Bluetooth Suite\adminservice.exe[2460] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx + 8 0000000076fa1d98 4 bytes [00, 00, 50, C3] .text C:\Program Files (x86)\Bluetooth Suite\adminservice.exe[2460] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076fa2100 6 bytes [48, B8, 39, D2, 9D, 75] .text C:\Program Files (x86)\Bluetooth Suite\adminservice.exe[2460] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver + 8 0000000076fa2108 4 bytes [00, 00, 50, C3] .text C:\Program Files (x86)\Bluetooth Suite\adminservice.exe[2460] C:\Windows\SYSTEM32\ntdll.dll!NtRaiseHardError 0000000076fa2640 6 bytes [48, B8, 39, 7E, 9D, 75] .text C:\Program Files (x86)\Bluetooth Suite\adminservice.exe[2460] C:\Windows\SYSTEM32\ntdll.dll!NtRaiseHardError + 8 0000000076fa2648 4 bytes [00, 00, 50, C3] .text C:\Program Files (x86)\Bluetooth Suite\adminservice.exe[2460] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076fa2840 6 bytes [48, B8, 39, 31, 9D, 75] .text C:\Program Files (x86)\Bluetooth Suite\adminservice.exe[2460] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread + 8 0000000076fa2848 4 bytes [00, 00, 50, C3] .text C:\Program Files (x86)\Bluetooth Suite\adminservice.exe[2460] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000076fa2a00 6 bytes [48, B8, F9, D3, 9D, 75] .text C:\Program Files (x86)\Bluetooth Suite\adminservice.exe[2460] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation + 8 0000000076fa2a08 4 bytes [00, 00, 50, C3] .text C:\Program Files (x86)\Bluetooth Suite\adminservice.exe[2460] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076fa2b00 6 bytes [48, B8, F9, EF, 9D, 75] .text C:\Program Files (x86)\Bluetooth Suite\adminservice.exe[2460] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl + 8 0000000076fa2b08 4 bytes [00, 00, 50, C3] .text C:\Program Files (x86)\Bluetooth Suite\adminservice.exe[2460] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000076fa2be0 6 bytes [48, B8, F9, E1, 9D, 75] .text C:\Program Files (x86)\Bluetooth Suite\adminservice.exe[2460] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl + 8 0000000076fa2be8 4 bytes [00, 00, 50, C3] .text C:\Program Files (x86)\Bluetooth Suite\adminservice.exe[2460] C:\Windows\SYSTEM32\ntdll.dll!RtlReportException + 1 00000000770131f1 11 bytes [B8, F9, 7F, 9D, 75, 00, 00, ...] .text C:\Program Files (x86)\Bluetooth Suite\adminservice.exe[2460] C:\Windows\system32\kernel32.dll!Process32NextW + 1 0000000076e320f1 11 bytes [B8, B9, CE, 9D, 75, 00, 00, ...] .text C:\Program Files (x86)\Bluetooth Suite\adminservice.exe[2460] C:\Windows\system32\kernel32.dll!CreateToolhelp32Snapshot 0000000076e321e0 12 bytes [48, B8, F9, 39, 9D, 75, 00, ...] .text C:\Program Files (x86)\Bluetooth Suite\adminservice.exe[2460] C:\Windows\system32\kernel32.dll!CreateProcessInternalW 0000000076e4e750 12 bytes [48, B8, B9, 2D, 9D, 75, 00, ...] .text C:\Program Files (x86)\Bluetooth Suite\adminservice.exe[2460] C:\Windows\system32\kernel32.dll!GetStartupInfoA + 1 0000000076e51e31 11 bytes [B8, 39, E0, 9D, 75, 00, 00, ...] .text C:\Program Files (x86)\Bluetooth Suite\adminservice.exe[2460] C:\Windows\system32\kernel32.dll!ReadConsoleInputW + 1 0000000076e85011 11 bytes [B8, 79, 75, 9D, 75, 00, 00, ...] .text C:\Program Files (x86)\Bluetooth Suite\adminservice.exe[2460] C:\Windows\system32\kernel32.dll!ReadConsoleInputA + 1 0000000076e85031 11 bytes [B8, F9, 71, 9D, 75, 00, 00, ...] .text C:\Program Files (x86)\Bluetooth Suite\adminservice.exe[2460] C:\Windows\system32\kernel32.dll!ReadConsoleW 0000000076e9a560 12 bytes [48, B8, 79, 7C, 9D, 75, 00, ...] .text C:\Program Files (x86)\Bluetooth Suite\adminservice.exe[2460] C:\Windows\system32\kernel32.dll!ReadConsoleA 0000000076e9a670 12 bytes [48, B8, F9, 78, 9D, 75, 00, ...] .text C:\Program Files (x86)\Bluetooth Suite\adminservice.exe[2460] C:\Windows\system32\KERNELBASE.dll!CloseHandle + 1 000007fefd101861 11 bytes [B8, 39, 4D, 9D, 75, 00, 00, ...] .text C:\Program Files (x86)\Bluetooth Suite\adminservice.exe[2460] C:\Windows\system32\KERNELBASE.dll!GetProcAddress + 1 000007fefd1030f1 11 bytes [B8, 39, C4, 9D, 75, 00, 00, ...] .text C:\Program Files (x86)\Bluetooth Suite\adminservice.exe[2460] C:\Windows\system32\KERNELBASE.dll!CreateMutexW 000007fefd108b80 12 bytes [48, B8, 79, 4B, 9D, 75, 00, ...] .text C:\Program Files (x86)\Bluetooth Suite\adminservice.exe[2460] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd109940 12 bytes [48, B8, B9, C0, 9D, 75, 00, ...] .text C:\Program Files (x86)\Bluetooth Suite\adminservice.exe[2460] C:\Windows\system32\KERNELBASE.dll!FreeLibrary + 1 000007fefd109fb1 11 bytes [B8, 79, C2, 9D, 75, 00, 00, ...] .text C:\Program Files (x86)\Bluetooth Suite\adminservice.exe[2460] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExA + 1 000007fefd10bbb1 11 bytes [B8, F9, BE, 9D, 75, 00, 00, ...] .text C:\Program Files (x86)\Bluetooth Suite\adminservice.exe[2460] C:\Windows\system32\KERNELBASE.dll!OpenMutexW + 1 000007fefd1129c1 11 bytes [B8, B9, 49, 9D, 75, 00, 00, ...] .text C:\Program Files (x86)\Bluetooth Suite\adminservice.exe[2460] C:\Windows\system32\KERNELBASE.dll!WriteProcessMemory 000007fefd134320 12 bytes [48, B8, 79, 3D, 9D, 75, 00, ...] .text C:\Program Files (x86)\Bluetooth Suite\adminservice.exe[2460] C:\Windows\system32\KERNELBASE.dll!CreateRemoteThread + 1 000007fefd142841 8 bytes [B8, 39, 23, 9D, 75, 00, 00, ...] .text C:\Program Files (x86)\Bluetooth Suite\adminservice.exe[2460] C:\Windows\system32\KERNELBASE.dll!CreateRemoteThread + 10 000007fefd14284a 2 bytes [50, C3] .text C:\Program Files (x86)\Bluetooth Suite\adminservice.exe[2460] C:\Windows\system32\KERNELBASE.dll!CreateThread + 1 000007fefd142881 11 bytes [B8, B9, 3B, 9D, 75, 00, 00, ...] .text C:\xampp\filezillaftp\filezillaserver.exe[2496] C:\Windows\SysWOW64\ntdll.dll!NtReadFile 000000007714f8d0 5 bytes JMP 0000000173fa60c1 .text C:\xampp\filezillaftp\filezillaserver.exe[2496] C:\Windows\SysWOW64\ntdll.dll!NtWriteFile 000000007714f908 5 bytes JMP 0000000173fa66f1 .text C:\xampp\filezillaftp\filezillaserver.exe[2496] C:\Windows\SysWOW64\ntdll.dll!NtClose 000000007714f9c0 5 bytes JMP 0000000173fa5f11 .text C:\xampp\filezillaftp\filezillaserver.exe[2496] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationProcess 000000007714fb08 5 bytes JMP 0000000173fa5971 .text C:\xampp\filezillaftp\filezillaserver.exe[2496] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess 000000007714fc00 5 bytes JMP 0000000173fa3061 .text C:\xampp\filezillaftp\filezillaserver.exe[2496] C:\Windows\SysWOW64\ntdll.dll!NtMapViewOfSection 000000007714fc30 5 bytes JMP 0000000173fa15f1 .text C:\xampp\filezillaftp\filezillaserver.exe[2496] C:\Windows\SysWOW64\ntdll.dll!NtUnmapViewOfSection 000000007714fc60 5 bytes JMP 0000000173fa1681 .text C:\xampp\filezillaftp\filezillaserver.exe[2496] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 000000007714fc90 5 bytes JMP 0000000173fa58e1 .text C:\xampp\filezillaftp\filezillaserver.exe[2496] C:\Windows\SysWOW64\ntdll.dll!NtOpenSection 000000007714fda8 5 bytes JMP 0000000173fa6661 .text C:\xampp\filezillaftp\filezillaserver.exe[2496] C:\Windows\SysWOW64\ntdll.dll!NtWriteVirtualMemory 000000007714fdf4 5 bytes JMP 0000000173fa2f41 .text C:\xampp\filezillaftp\filezillaserver.exe[2496] C:\Windows\SysWOW64\ntdll.dll!NtDuplicateObject 000000007714fe24 5 bytes JMP 0000000173fa3181 .text C:\xampp\filezillaftp\filezillaserver.exe[2496] C:\Windows\SysWOW64\ntdll.dll!NtQueueApcThread 000000007714ff04 5 bytes JMP 0000000173fa30f1 .text C:\xampp\filezillaftp\filezillaserver.exe[2496] C:\Windows\SysWOW64\ntdll.dll!NtCreateSection 000000007714ff84 5 bytes JMP 0000000173fa6781 .text C:\xampp\filezillaftp\filezillaserver.exe[2496] C:\Windows\SysWOW64\ntdll.dll!NtCreateProcessEx 000000007714ffcc 5 bytes JMP 0000000173fa2d91 .text C:\xampp\filezillaftp\filezillaserver.exe[2496] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread 000000007714ffe4 5 bytes JMP 0000000173fa2c71 .text C:\xampp\filezillaftp\filezillaserver.exe[2496] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile 0000000077150094 5 bytes JMP 0000000173fa1e61 .text C:\xampp\filezillaftp\filezillaserver.exe[2496] C:\Windows\SysWOW64\ntdll.dll!NtSetValueKey 00000000771501a4 5 bytes JMP 0000000173fa2251 .text C:\xampp\filezillaftp\filezillaserver.exe[2496] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant 000000007715077c 5 bytes JMP 0000000173fa65d1 .text C:\xampp\filezillaftp\filezillaserver.exe[2496] C:\Windows\SysWOW64\ntdll.dll!NtCreateProcess 00000000771507f4 5 bytes JMP 0000000173fa2d01 .text C:\xampp\filezillaftp\filezillaserver.exe[2496] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx 0000000077150884 5 bytes JMP 0000000173fa2be1 .text C:\xampp\filezillaftp\filezillaserver.exe[2496] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver 0000000077150dd4 5 bytes JMP 0000000173fa5fa1 .text C:\xampp\filezillaftp\filezillaserver.exe[2496] C:\Windows\SysWOW64\ntdll.dll!NtRaiseHardError 00000000771515e4 5 bytes JMP 0000000173fa4651 .text C:\xampp\filezillaftp\filezillaserver.exe[2496] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread 0000000077151900 5 bytes JMP 0000000173fa2fd1 .text C:\xampp\filezillaftp\filezillaserver.exe[2496] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation 0000000077151bc4 5 bytes JMP 0000000173fa6031 .text C:\xampp\filezillaftp\filezillaserver.exe[2496] C:\Windows\SysWOW64\ntdll.dll!NtSystemDebugControl 0000000077151d6c 5 bytes JMP 0000000173fa6811 .text C:\xampp\filezillaftp\filezillaserver.exe[2496] C:\Windows\SysWOW64\ntdll.dll!NtVdmControl 0000000077151ec8 5 bytes JMP 0000000173fa6421 .text C:\xampp\filezillaftp\filezillaserver.exe[2496] C:\Windows\SysWOW64\ntdll.dll!RtlQueryPerformanceCounter 00000000771688a4 5 bytes JMP 0000000173fa1a71 .text C:\xampp\filezillaftp\filezillaserver.exe[2496] C:\Windows\SysWOW64\ntdll.dll!RtlCreateProcessParametersEx 0000000077190cfb 5 bytes JMP 0000000173fa1f81 .text C:\xampp\filezillaftp\filezillaserver.exe[2496] C:\Windows\SysWOW64\ntdll.dll!RtlReportException 00000000771d857f 5 bytes JMP 0000000173fa46e1 .text C:\xampp\filezillaftp\filezillaserver.exe[2496] C:\Windows\SysWOW64\ntdll.dll!RtlCreateProcessParameters 00000000771de81b 5 bytes JMP 0000000173fa1ef1 .text C:\xampp\filezillaftp\filezillaserver.exe[2496] C:\Windows\syswow64\kernel32.dll!GetStartupInfoA 0000000075550e00 5 bytes JMP 0000000173fa1d41 .text C:\xampp\filezillaftp\filezillaserver.exe[2496] C:\Windows\syswow64\kernel32.dll!CreateProcessA 0000000075551072 5 bytes JMP 0000000173fa2911 .text C:\xampp\filezillaftp\filezillaserver.exe[2496] C:\Windows\syswow64\kernel32.dll!LoadLibraryA 00000000755549bf 5 bytes JMP 0000000173fa2521 .text C:\xampp\filezillaftp\filezillaserver.exe[2496] C:\Windows\syswow64\kernel32.dll!CreateProcessInternalW 0000000075563bdb 5 bytes JMP 0000000173fa2eb1 .text C:\xampp\filezillaftp\filezillaserver.exe[2496] C:\Windows\syswow64\kernel32.dll!CreateToolhelp32Snapshot 0000000075577347 5 bytes JMP 0000000173fa2641 .text C:\xampp\filezillaftp\filezillaserver.exe[2496] C:\Windows\syswow64\kernel32.dll!Process32NextW 0000000075578954 5 bytes JMP 0000000173fa5e81 .text C:\xampp\filezillaftp\filezillaserver.exe[2496] C:\Windows\syswow64\kernel32.dll!WinExec 00000000755d2c91 5 bytes JMP 0000000173fa27f1 .text C:\xampp\filezillaftp\filezillaserver.exe[2496] C:\Windows\syswow64\kernel32.dll!ReadConsoleInputA 00000000755f6f6b 5 bytes JMP 0000000173fa4261 .text C:\xampp\filezillaftp\filezillaserver.exe[2496] C:\Windows\syswow64\kernel32.dll!ReadConsoleInputW 00000000755f6f8e 5 bytes JMP 0000000173fa4381 .text C:\xampp\filezillaftp\filezillaserver.exe[2496] C:\Windows\syswow64\kernel32.dll!ReadConsoleA 00000000755f7339 5 bytes JMP 0000000173fa44a1 .text C:\xampp\filezillaftp\filezillaserver.exe[2496] C:\Windows\syswow64\kernel32.dll!ReadConsoleW 00000000755f73b2 5 bytes JMP 0000000173fa45c1 .text C:\xampp\filezillaftp\filezillaserver.exe[2496] C:\Windows\syswow64\KERNELBASE.dll!GetSystemTimeAsFileTime 0000000075bb8f7d 5 bytes JMP 0000000173fa19e1 .text C:\xampp\filezillaftp\filezillaserver.exe[2496] C:\Windows\syswow64\KERNELBASE.dll!CloseHandle 0000000075bbc428 5 bytes JMP 0000000173fa37b1 .text C:\xampp\filezillaftp\filezillaserver.exe[2496] C:\Windows\syswow64\KERNELBASE.dll!WriteProcessMemory 0000000075bbec98 5 bytes JMP 0000000173fa32a1 .text C:\xampp\filezillaftp\filezillaserver.exe[2496] C:\Windows\syswow64\KERNELBASE.dll!ExitProcess 0000000075bbf1f8 5 bytes JMP 0000000173fa22e1 .text C:\xampp\filezillaftp\filezillaserver.exe[2496] C:\Windows\syswow64\KERNELBASE.dll!GetStartupInfoW 0000000075bbfa7b 5 bytes JMP 0000000173fa1dd1 .text C:\xampp\filezillaftp\filezillaserver.exe[2496] C:\Windows\syswow64\KERNELBASE.dll!CreateMutexW 0000000075bc134a 5 bytes JMP 0000000173fa3721 .text C:\xampp\filezillaftp\filezillaserver.exe[2496] C:\Windows\syswow64\KERNELBASE.dll!OpenMutexW 0000000075bc1371 5 bytes JMP 0000000173fa3691 .text C:\xampp\filezillaftp\filezillaserver.exe[2496] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000075bc1d1b 5 bytes JMP 0000000173fa1951 .text C:\xampp\filezillaftp\filezillaserver.exe[2496] C:\Windows\syswow64\KERNELBASE.dll!GetProcAddress 0000000075bc1e07 5 bytes JMP 0000000173fa2401 .text C:\xampp\filezillaftp\filezillaserver.exe[2496] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000075bc2aa4 5 bytes JMP 0000000173fa5a91 .text C:\xampp\filezillaftp\filezillaserver.exe[2496] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExA 0000000075bc2ccc 5 bytes JMP 0000000173fa5a01 .text C:\xampp\filezillaftp\filezillaserver.exe[2496] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000075bc2d0a 5 bytes JMP 0000000173fa5b21 .text C:\xampp\filezillaftp\filezillaserver.exe[2496] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleA 0000000075bc2e6d 5 bytes JMP 0000000173fa18c1 .text C:\xampp\filezillaftp\filezillaserver.exe[2496] C:\Windows\syswow64\KERNELBASE.dll!SleepEx 0000000075bc3b63 5 bytes JMP 0000000173fa21c1 .text C:\xampp\filezillaftp\filezillaserver.exe[2496] C:\Windows\syswow64\KERNELBASE.dll!Sleep 0000000075bc4489 5 bytes JMP 0000000173fa2371 .text C:\xampp\filezillaftp\filezillaserver.exe[2496] C:\Windows\syswow64\KERNELBASE.dll!CreateThread 0000000075bc45fb 5 bytes JMP 0000000173fa3211 .text C:\xampp\filezillaftp\filezillaserver.exe[2496] C:\Windows\syswow64\KERNELBASE.dll!CreateRemoteThread 0000000075bc4624 5 bytes JMP 0000000173fa2b51 .text C:\xampp\filezillaftp\filezillaserver.exe[2496] C:\Windows\syswow64\KERNELBASE.dll!CreateFileA 0000000075bcc72c 5 bytes JMP 0000000173fa26d1 .text C:\xampp\filezillaftp\filezillaserver.exe[2496] C:\Windows\syswow64\msvcrt.dll!_lock + 41 000000007540a472 5 bytes JMP 0000000173fa68a1 .text C:\xampp\filezillaftp\filezillaserver.exe[2496] C:\Windows\syswow64\msvcrt.dll!__p__fmode 00000000754127ce 5 bytes JMP 0000000173fa1b91 .text C:\xampp\filezillaftp\filezillaserver.exe[2496] C:\Windows\syswow64\msvcrt.dll!__p__environ 000000007541e6cf 5 bytes JMP 0000000173fa1b01 .text C:\xampp\filezillaftp\filezillaserver.exe[2496] C:\Windows\syswow64\WS2_32.dll!closesocket 0000000075343918 5 bytes JMP 0000000173fa5851 .text C:\xampp\filezillaftp\filezillaserver.exe[2496] C:\Windows\syswow64\WS2_32.dll!WSASocketW 0000000075343cd3 5 bytes JMP 0000000173fa57c1 .text C:\xampp\filezillaftp\filezillaserver.exe[2496] C:\Windows\syswow64\WS2_32.dll!socket 0000000075343eb8 5 bytes JMP 0000000173fa6151 .text C:\xampp\filezillaftp\filezillaserver.exe[2496] C:\Windows\syswow64\WS2_32.dll!WSASend 0000000075344406 5 bytes JMP 0000000173fa20a1 .text C:\xampp\filezillaftp\filezillaserver.exe[2496] C:\Windows\syswow64\WS2_32.dll!GetAddrInfoW 0000000075344889 5 bytes JMP 0000000173fa5191 .text C:\xampp\filezillaftp\filezillaserver.exe[2496] C:\Windows\syswow64\WS2_32.dll!recv 0000000075346b0e 5 bytes JMP 0000000173fa6301 .text C:\xampp\filezillaftp\filezillaserver.exe[2496] C:\Windows\syswow64\WS2_32.dll!connect 0000000075346bdd 1 byte JMP 0000000173fa3de1 .text C:\xampp\filezillaftp\filezillaserver.exe[2496] C:\Windows\syswow64\WS2_32.dll!connect + 2 0000000075346bdf 3 bytes {CALL RCX} .text C:\xampp\filezillaftp\filezillaserver.exe[2496] C:\Windows\syswow64\WS2_32.dll!send 0000000075346f01 5 bytes JMP 0000000173fa2011 .text C:\xampp\filezillaftp\filezillaserver.exe[2496] C:\Windows\syswow64\WS2_32.dll!WSARecv 0000000075347089 5 bytes JMP 0000000173fa6391 .text C:\xampp\filezillaftp\filezillaserver.exe[2496] C:\Windows\syswow64\WS2_32.dll!WSAConnect 000000007534cc3f 5 bytes JMP 0000000173fa6271 .text C:\xampp\filezillaftp\filezillaserver.exe[2496] C:\Windows\syswow64\WS2_32.dll!gethostbyname 0000000075357673 5 bytes JMP 0000000173fa5221 .text C:\xampp\filezillaftp\filezillaserver.exe[2496] C:\Windows\syswow64\USER32.dll!GetMessageW 00000000758b78e2 5 bytes JMP 0000000173fa4021 .text C:\xampp\filezillaftp\filezillaserver.exe[2496] C:\Windows\syswow64\USER32.dll!GetMessageA 00000000758b7bd3 5 bytes JMP 0000000173fa3f91 .text C:\xampp\filezillaftp\filezillaserver.exe[2496] C:\Windows\syswow64\USER32.dll!CreateWindowExW 00000000758b8a29 5 bytes JMP 0000000173fa52b1 .text C:\xampp\filezillaftp\filezillaserver.exe[2496] C:\Windows\syswow64\USER32.dll!FindWindowW 00000000758b98fd 5 bytes JMP 0000000173fa5cd1 .text C:\xampp\filezillaftp\filezillaserver.exe[2496] C:\Windows\syswow64\USER32.dll!UserClientDllInitialize 00000000758bb6ed 5 bytes JMP 0000000173fa69c1 .text C:\xampp\filezillaftp\filezillaserver.exe[2496] C:\Windows\syswow64\USER32.dll!CreateWindowExA 00000000758bd22e 5 bytes JMP 0000000173fa5341 .text C:\xampp\filezillaftp\filezillaserver.exe[2496] C:\Windows\syswow64\USER32.dll!FindWindowA 00000000758bffe6 5 bytes JMP 0000000173fa5bb1 .text C:\xampp\filezillaftp\filezillaserver.exe[2496] C:\Windows\syswow64\USER32.dll!FindWindowExA 00000000758c00d9 5 bytes JMP 0000000173fa5c41 .text C:\xampp\filezillaftp\filezillaserver.exe[2496] C:\Windows\syswow64\USER32.dll!PeekMessageW 00000000758c05ba 5 bytes JMP 0000000173fa4141 .text C:\xampp\filezillaftp\filezillaserver.exe[2496] C:\Windows\syswow64\USER32.dll!ShowWindow 00000000758c0dfb 5 bytes JMP 0000000173fa53d1 .text C:\xampp\filezillaftp\filezillaserver.exe[2496] C:\Windows\syswow64\USER32.dll!PostMessageW 00000000758c12a5 5 bytes JMP 0000000173fa6541 .text C:\xampp\filezillaftp\filezillaserver.exe[2496] C:\Windows\syswow64\USER32.dll!SetWindowTextW 00000000758c20ec 5 bytes JMP 0000000173fa5731 .text C:\xampp\filezillaftp\filezillaserver.exe[2496] C:\Windows\syswow64\USER32.dll!PostMessageA 00000000758c3baa 5 bytes JMP 0000000173fa64b1 .text C:\xampp\filezillaftp\filezillaserver.exe[2496] C:\Windows\syswow64\USER32.dll!PeekMessageA 00000000758c5f74 5 bytes JMP 0000000173fa40b1 .text C:\xampp\filezillaftp\filezillaserver.exe[2496] C:\Windows\syswow64\USER32.dll!CallNextHookEx 00000000758c6285 5 bytes JMP 0000000173fa4771 .text C:\xampp\filezillaftp\filezillaserver.exe[2496] C:\Windows\syswow64\USER32.dll!SetWindowsHookExW 00000000758c7603 5 bytes JMP 0000000173fa2ac1 .text C:\xampp\filezillaftp\filezillaserver.exe[2496] C:\Windows\syswow64\USER32.dll!SetWindowTextA 00000000758c7aee 5 bytes JMP 0000000173fa56a1 .text C:\xampp\filezillaftp\filezillaserver.exe[2496] C:\Windows\syswow64\USER32.dll!SetWindowsHookExA 00000000758c835c 5 bytes JMP 0000000173fa2a31 .text C:\xampp\filezillaftp\filezillaserver.exe[2496] C:\Windows\syswow64\USER32.dll!DialogBoxIndirectParamAorW 00000000758dce54 5 bytes JMP 0000000173fa54f1 .text C:\xampp\filezillaftp\filezillaserver.exe[2496] C:\Windows\syswow64\USER32.dll!UnhookWindowsHookEx 00000000758df52b 5 bytes JMP 0000000173fa4801 .text C:\xampp\filezillaftp\filezillaserver.exe[2496] C:\Windows\syswow64\USER32.dll!FindWindowExW 00000000758df588 5 bytes JMP 0000000173fa5d61 .text C:\xampp\filezillaftp\filezillaserver.exe[2496] C:\Windows\syswow64\USER32.dll!CreateDialogIndirectParamAorW 00000000758e10a0 5 bytes JMP 0000000173fa5461 .text C:\xampp\filezillaftp\filezillaserver.exe[2496] C:\Windows\syswow64\USER32.dll!MessageBoxExA 000000007590fcd6 5 bytes JMP 0000000173fa5581 .text C:\xampp\filezillaftp\filezillaserver.exe[2496] C:\Windows\syswow64\USER32.dll!MessageBoxExW 000000007590fcfa 5 bytes JMP 0000000173fa5611 .text C:\xampp\filezillaftp\filezillaserver.exe[2496] C:\Windows\syswow64\ADVAPI32.dll!OpenServiceW 000000007604ca4c 5 bytes JMP 0000000173fa38d1 .text C:\xampp\filezillaftp\filezillaserver.exe[2496] C:\Windows\syswow64\ADVAPI32.dll!OpenServiceA 0000000076052bf0 5 bytes JMP 0000000173fa3841 .text C:\xampp\filezillaftp\filezillaserver.exe[2496] C:\Windows\syswow64\ADVAPI32.dll!CloseServiceHandle 000000007605369c 5 bytes JMP 0000000173fa3cc1 .text C:\xampp\filezillaftp\filezillaserver.exe[2496] C:\Windows\syswow64\ADVAPI32.dll!RegOpenKeyExA + 222 00000000760549e5 5 bytes JMP 0000000173fa6a51 .text C:\xampp\filezillaftp\filezillaserver.exe[2496] C:\Windows\syswow64\ADVAPI32.dll!CreateServiceW 000000007606712c 5 bytes JMP 0000000173fa3f01 .text C:\xampp\filezillaftp\filezillaserver.exe[2496] C:\Windows\syswow64\ADVAPI32.dll!ControlService 0000000076067144 5 bytes JMP 0000000173fa3a81 .text C:\xampp\filezillaftp\filezillaserver.exe[2496] C:\Windows\syswow64\ADVAPI32.dll!DeleteService 000000007606715c 5 bytes JMP 0000000173fa3b11 .text C:\xampp\filezillaftp\filezillaserver.exe[2496] C:\Windows\syswow64\ADVAPI32.dll!ChangeServiceConfigA 00000000760830e8 5 bytes JMP 0000000173fa3ba1 .text C:\xampp\filezillaftp\filezillaserver.exe[2496] C:\Windows\syswow64\ADVAPI32.dll!ChangeServiceConfigW 00000000760830f8 5 bytes JMP 0000000173fa3c31 .text C:\xampp\filezillaftp\filezillaserver.exe[2496] C:\Windows\syswow64\ADVAPI32.dll!ControlServiceExA 0000000076083108 5 bytes JMP 0000000173fa3961 .text C:\xampp\filezillaftp\filezillaserver.exe[2496] C:\Windows\syswow64\ADVAPI32.dll!ControlServiceExW 0000000076083118 5 bytes JMP 0000000173fa39f1 .text C:\xampp\filezillaftp\filezillaserver.exe[2496] C:\Windows\syswow64\ADVAPI32.dll!CreateServiceA 0000000076083158 5 bytes JMP 0000000173fa3e71 .text C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe[2624] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000074d51465 2 bytes [D5, 74] .text C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe[2624] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000074d514bb 2 bytes [D5, 74] .text ... * 2 .text C:\Windows\system32\svchost.exe[2744] C:\Windows\system32\kernel32.dll!Process32NextW + 1 0000000076e320f1 11 bytes [B8, B9, CE, 9D, 75, 00, 00, ...] .text C:\Windows\system32\svchost.exe[2744] C:\Windows\system32\kernel32.dll!CreateToolhelp32Snapshot 0000000076e321e0 12 bytes [48, B8, F9, 39, 9D, 75, 00, ...] .text C:\Windows\system32\svchost.exe[2744] C:\Windows\system32\kernel32.dll!CreateProcessInternalW 0000000076e4e750 12 bytes [48, B8, B9, 2D, 9D, 75, 00, ...] .text C:\Windows\system32\svchost.exe[2744] C:\Windows\system32\kernel32.dll!GetStartupInfoA + 1 0000000076e51e31 11 bytes [B8, 39, E0, 9D, 75, 00, 00, ...] .text C:\Windows\system32\svchost.exe[2744] C:\Windows\system32\kernel32.dll!ReadConsoleInputW + 1 0000000076e85011 11 bytes [B8, 79, 75, 9D, 75, 00, 00, ...] .text C:\Windows\system32\svchost.exe[2744] C:\Windows\system32\kernel32.dll!ReadConsoleInputA + 1 0000000076e85031 11 bytes [B8, F9, 71, 9D, 75, 00, 00, ...] .text C:\Windows\system32\svchost.exe[2744] C:\Windows\system32\kernel32.dll!ReadConsoleW 0000000076e9a560 12 bytes [48, B8, 79, 7C, 9D, 75, 00, ...] .text C:\Windows\system32\svchost.exe[2744] C:\Windows\system32\kernel32.dll!ReadConsoleA 0000000076e9a670 12 bytes [48, B8, F9, 78, 9D, 75, 00, ...] .text C:\Windows\system32\svchost.exe[2744] C:\Windows\system32\KERNELBASE.dll!CloseHandle + 1 000007fefd101861 11 bytes [B8, 39, 4D, 9D, 75, 00, 00, ...] .text C:\Windows\system32\svchost.exe[2744] C:\Windows\system32\KERNELBASE.dll!GetProcAddress + 1 000007fefd1030f1 11 bytes [B8, 39, C4, 9D, 75, 00, 00, ...] .text C:\Windows\system32\svchost.exe[2744] C:\Windows\system32\KERNELBASE.dll!CreateMutexW 000007fefd108b80 12 bytes [48, B8, 79, 4B, 9D, 75, 00, ...] .text C:\Windows\system32\svchost.exe[2744] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd109940 12 bytes [48, B8, B9, C0, 9D, 75, 00, ...] .text C:\Windows\system32\svchost.exe[2744] C:\Windows\system32\KERNELBASE.dll!FreeLibrary + 1 000007fefd109fb1 11 bytes [B8, 79, C2, 9D, 75, 00, 00, ...] .text C:\Windows\system32\svchost.exe[2744] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExA + 1 000007fefd10bbb1 11 bytes [B8, F9, BE, 9D, 75, 00, 00, ...] .text C:\Windows\system32\svchost.exe[2744] C:\Windows\system32\KERNELBASE.dll!OpenMutexW + 1 000007fefd1129c1 11 bytes [B8, B9, 49, 9D, 75, 00, 00, ...] .text C:\Windows\system32\svchost.exe[2744] C:\Windows\system32\KERNELBASE.dll!WriteProcessMemory 000007fefd134320 12 bytes [48, B8, 79, 3D, 9D, 75, 00, ...] .text C:\Windows\system32\svchost.exe[2744] C:\Windows\system32\KERNELBASE.dll!CreateRemoteThread + 1 000007fefd142841 8 bytes [B8, 39, 23, 9D, 75, 00, 00, ...] .text C:\Windows\system32\svchost.exe[2744] C:\Windows\system32\KERNELBASE.dll!CreateRemoteThread + 10 000007fefd14284a 2 bytes [50, C3] .text C:\Windows\system32\svchost.exe[2744] C:\Windows\system32\KERNELBASE.dll!CreateThread + 1 000007fefd142881 11 bytes [B8, B9, 3B, 9D, 75, 00, 00, ...] .text C:\Windows\system32\svchost.exe[2744] C:\Windows\SYSTEM32\sechost.dll!ControlService + 1 000007fefd27642d 11 bytes [B8, F9, 55, 9D, 75, 00, 00, ...] .text C:\Windows\system32\svchost.exe[2744] C:\Windows\SYSTEM32\sechost.dll!OpenServiceW 000007fefd276484 12 bytes [48, B8, B9, 50, 9D, 75, 00, ...] .text C:\Windows\system32\svchost.exe[2744] C:\Windows\SYSTEM32\sechost.dll!CloseServiceHandle + 1 000007fefd276519 11 bytes [B8, F9, 5C, 9D, 75, 00, 00, ...] .text C:\Windows\system32\svchost.exe[2744] C:\Windows\SYSTEM32\sechost.dll!OpenServiceA 000007fefd276c34 12 bytes [48, B8, F9, 4E, 9D, 75, 00, ...] .text C:\Windows\system32\svchost.exe[2744] C:\Windows\SYSTEM32\sechost.dll!DeleteService + 1 000007fefd277ab5 11 bytes [B8, B9, 57, 9D, 75, 00, 00, ...] .text C:\Windows\system32\svchost.exe[2744] C:\Windows\SYSTEM32\sechost.dll!ControlServiceExA + 1 000007fefd278b01 11 bytes [B8, 79, 52, 9D, 75, 00, 00, ...] .text C:\Windows\system32\svchost.exe[2744] C:\Windows\SYSTEM32\sechost.dll!ControlServiceExW + 1 000007fefd278c39 11 bytes [B8, 39, 54, 9D, 75, 00, 00, ...] .text C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe[2820] C:\Windows\SysWOW64\ntdll.dll!NtWriteFile 000000007714f908 5 bytes JMP 0000000173fa6661 .text C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe[2820] C:\Windows\SysWOW64\ntdll.dll!NtClose 000000007714f9c0 5 bytes JMP 0000000173fa5f11 .text C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe[2820] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationProcess 000000007714fb08 5 bytes JMP 0000000173fa5971 .text C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe[2820] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess 000000007714fc00 5 bytes JMP 0000000173fa3061 .text C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe[2820] C:\Windows\SysWOW64\ntdll.dll!NtMapViewOfSection 000000007714fc30 5 bytes JMP 0000000173fa15f1 .text C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe[2820] C:\Windows\SysWOW64\ntdll.dll!NtUnmapViewOfSection 000000007714fc60 5 bytes JMP 0000000173fa1681 .text C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe[2820] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 000000007714fc90 5 bytes JMP 0000000173fa58e1 .text C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe[2820] C:\Windows\SysWOW64\ntdll.dll!NtOpenSection 000000007714fda8 5 bytes JMP 0000000173fa65d1 .text C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe[2820] C:\Windows\SysWOW64\ntdll.dll!NtWriteVirtualMemory 000000007714fdf4 5 bytes JMP 0000000173fa2f41 .text C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe[2820] C:\Windows\SysWOW64\ntdll.dll!NtDuplicateObject 000000007714fe24 5 bytes JMP 0000000173fa3181 .text C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe[2820] C:\Windows\SysWOW64\ntdll.dll!NtQueueApcThread 000000007714ff04 5 bytes JMP 0000000173fa30f1 .text C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe[2820] C:\Windows\SysWOW64\ntdll.dll!NtCreateSection 000000007714ff84 5 bytes JMP 0000000173fa66f1 .text C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe[2820] C:\Windows\SysWOW64\ntdll.dll!NtCreateProcessEx 000000007714ffcc 5 bytes JMP 0000000173fa2d91 .text C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe[2820] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread 000000007714ffe4 5 bytes JMP 0000000173fa2c71 .text C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe[2820] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile 0000000077150094 5 bytes JMP 0000000173fa1e61 .text C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe[2820] C:\Windows\SysWOW64\ntdll.dll!NtSetValueKey 00000000771501a4 5 bytes JMP 0000000173fa2251 .text C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe[2820] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant 000000007715077c 5 bytes JMP 0000000173fa6541 .text C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe[2820] C:\Windows\SysWOW64\ntdll.dll!NtCreateProcess 00000000771507f4 5 bytes JMP 0000000173fa2d01 .text C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe[2820] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx 0000000077150884 5 bytes JMP 0000000173fa2be1 .text C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe[2820] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver 0000000077150dd4 5 bytes JMP 0000000173fa5fa1 .text C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe[2820] C:\Windows\SysWOW64\ntdll.dll!NtRaiseHardError 00000000771515e4 5 bytes JMP 0000000173fa4651 .text C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe[2820] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread 0000000077151900 5 bytes JMP 0000000173fa2fd1 .text C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe[2820] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation 0000000077151bc4 5 bytes JMP 0000000173fa6031 .text C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe[2820] C:\Windows\SysWOW64\ntdll.dll!NtSystemDebugControl 0000000077151d6c 5 bytes JMP 0000000173fa6781 .text C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe[2820] C:\Windows\SysWOW64\ntdll.dll!NtVdmControl 0000000077151ec8 5 bytes JMP 0000000173fa6391 .text C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe[2820] C:\Windows\SysWOW64\ntdll.dll!RtlQueryPerformanceCounter 00000000771688a4 5 bytes JMP 0000000173fa1a71 .text C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe[2820] C:\Windows\SysWOW64\ntdll.dll!RtlCreateProcessParametersEx 0000000077190cfb 5 bytes JMP 0000000173fa1f81 .text C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe[2820] C:\Windows\SysWOW64\ntdll.dll!RtlReportException 00000000771d857f 5 bytes JMP 0000000173fa46e1 .text C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe[2820] C:\Windows\SysWOW64\ntdll.dll!RtlCreateProcessParameters 00000000771de81b 5 bytes JMP 0000000173fa1ef1 .text C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe[2820] C:\Windows\syswow64\kernel32.dll!GetStartupInfoA 0000000075550e00 5 bytes JMP 0000000173fa1d41 .text C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe[2820] C:\Windows\syswow64\kernel32.dll!CreateProcessA 0000000075551072 5 bytes JMP 0000000173fa2911 .text C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe[2820] C:\Windows\syswow64\kernel32.dll!LoadLibraryA 00000000755549bf 5 bytes JMP 0000000173fa2521 .text C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe[2820] C:\Windows\syswow64\kernel32.dll!CreateProcessInternalW 0000000075563bdb 5 bytes JMP 0000000173fa2eb1 .text C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe[2820] C:\Windows\syswow64\kernel32.dll!CreateToolhelp32Snapshot 0000000075577347 5 bytes JMP 0000000173fa2641 .text C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe[2820] C:\Windows\syswow64\kernel32.dll!Process32NextW 0000000075578954 5 bytes JMP 0000000173fa5e81 .text C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe[2820] C:\Windows\syswow64\kernel32.dll!WinExec 00000000755d2c91 5 bytes JMP 0000000173fa27f1 .text C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe[2820] C:\Windows\syswow64\kernel32.dll!ReadConsoleInputA 00000000755f6f6b 5 bytes JMP 0000000173fa4261 .text C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe[2820] C:\Windows\syswow64\kernel32.dll!ReadConsoleInputW 00000000755f6f8e 5 bytes JMP 0000000173fa4381 .text C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe[2820] C:\Windows\syswow64\kernel32.dll!ReadConsoleA 00000000755f7339 5 bytes JMP 0000000173fa44a1 .text C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe[2820] C:\Windows\syswow64\kernel32.dll!ReadConsoleW 00000000755f73b2 5 bytes JMP 0000000173fa45c1 .text C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe[2820] C:\Windows\syswow64\KERNELBASE.dll!GetSystemTimeAsFileTime 0000000075bb8f7d 5 bytes JMP 0000000173fa19e1 .text C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe[2820] C:\Windows\syswow64\KERNELBASE.dll!CloseHandle 0000000075bbc428 5 bytes JMP 0000000173fa37b1 .text C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe[2820] C:\Windows\syswow64\KERNELBASE.dll!WriteProcessMemory 0000000075bbec98 5 bytes JMP 0000000173fa32a1 .text C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe[2820] C:\Windows\syswow64\KERNELBASE.dll!ExitProcess 0000000075bbf1f8 5 bytes JMP 0000000173fa22e1 .text C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe[2820] C:\Windows\syswow64\KERNELBASE.dll!GetStartupInfoW 0000000075bbfa7b 5 bytes JMP 0000000173fa1dd1 .text C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe[2820] C:\Windows\syswow64\KERNELBASE.dll!CreateMutexW 0000000075bc134a 5 bytes JMP 0000000173fa3721 .text C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe[2820] C:\Windows\syswow64\KERNELBASE.dll!OpenMutexW 0000000075bc1371 5 bytes JMP 0000000173fa3691 .text C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe[2820] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000075bc1d1b 5 bytes JMP 0000000173fa1951 .text C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe[2820] C:\Windows\syswow64\KERNELBASE.dll!GetProcAddress 0000000075bc1e07 5 bytes JMP 0000000173fa2401 .text C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe[2820] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000075bc2aa4 5 bytes JMP 0000000173fa5a91 .text C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe[2820] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExA 0000000075bc2ccc 5 bytes JMP 0000000173fa5a01 .text C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe[2820] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000075bc2d0a 5 bytes JMP 0000000173fa5b21 .text C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe[2820] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleA 0000000075bc2e6d 5 bytes JMP 0000000173fa18c1 .text C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe[2820] C:\Windows\syswow64\KERNELBASE.dll!SleepEx 0000000075bc3b63 5 bytes JMP 0000000173fa21c1 .text C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe[2820] C:\Windows\syswow64\KERNELBASE.dll!Sleep 0000000075bc4489 5 bytes JMP 0000000173fa2371 .text C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe[2820] C:\Windows\syswow64\KERNELBASE.dll!CreateThread 0000000075bc45fb 5 bytes JMP 0000000173fa3211 .text C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe[2820] C:\Windows\syswow64\KERNELBASE.dll!CreateRemoteThread 0000000075bc4624 5 bytes JMP 0000000173fa2b51 .text C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe[2820] C:\Windows\syswow64\KERNELBASE.dll!CreateFileA 0000000075bcc72c 5 bytes JMP 0000000173fa26d1 .text C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe[2820] C:\Windows\syswow64\USER32.dll!GetMessageW 00000000758b78e2 5 bytes JMP 0000000173fa4021 .text C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe[2820] C:\Windows\syswow64\USER32.dll!GetMessageA 00000000758b7bd3 5 bytes JMP 0000000173fa3f91 .text C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe[2820] C:\Windows\syswow64\USER32.dll!CreateWindowExW 00000000758b8a29 5 bytes JMP 0000000173fa52b1 .text C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe[2820] C:\Windows\syswow64\USER32.dll!FindWindowW 00000000758b98fd 5 bytes JMP 0000000173fa5cd1 .text C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe[2820] C:\Windows\syswow64\USER32.dll!UserClientDllInitialize 00000000758bb6ed 5 bytes JMP 0000000173fa6811 .text C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe[2820] C:\Windows\syswow64\USER32.dll!CreateWindowExA 00000000758bd22e 5 bytes JMP 0000000173fa5341 .text C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe[2820] C:\Windows\syswow64\USER32.dll!FindWindowA 00000000758bffe6 5 bytes JMP 0000000173fa5bb1 .text C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe[2820] C:\Windows\syswow64\USER32.dll!FindWindowExA 00000000758c00d9 5 bytes JMP 0000000173fa5c41 .text C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe[2820] C:\Windows\syswow64\USER32.dll!PeekMessageW 00000000758c05ba 5 bytes JMP 0000000173fa4141 .text C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe[2820] C:\Windows\syswow64\USER32.dll!ShowWindow 00000000758c0dfb 5 bytes JMP 0000000173fa53d1 .text C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe[2820] C:\Windows\syswow64\USER32.dll!PostMessageW 00000000758c12a5 5 bytes JMP 0000000173fa64b1 .text C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe[2820] C:\Windows\syswow64\USER32.dll!SetWindowTextW 00000000758c20ec 5 bytes JMP 0000000173fa5731 .text C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe[2820] C:\Windows\syswow64\USER32.dll!PostMessageA 00000000758c3baa 5 bytes JMP 0000000173fa6421 .text C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe[2820] C:\Windows\syswow64\USER32.dll!PeekMessageA 00000000758c5f74 5 bytes JMP 0000000173fa40b1 .text C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe[2820] C:\Windows\syswow64\USER32.dll!CallNextHookEx 00000000758c6285 5 bytes JMP 0000000173fa4771 .text C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe[2820] C:\Windows\syswow64\USER32.dll!SetWindowsHookExW 00000000758c7603 5 bytes JMP 0000000173fa2ac1 .text C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe[2820] C:\Windows\syswow64\USER32.dll!SetWindowTextA 00000000758c7aee 5 bytes JMP 0000000173fa56a1 .text C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe[2820] C:\Windows\syswow64\USER32.dll!SetWindowsHookExA 00000000758c835c 5 bytes JMP 0000000173fa2a31 .text C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe[2820] C:\Windows\syswow64\USER32.dll!DialogBoxIndirectParamAorW 00000000758dce54 5 bytes JMP 0000000173fa54f1 .text C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe[2820] C:\Windows\syswow64\USER32.dll!UnhookWindowsHookEx 00000000758df52b 5 bytes JMP 0000000173fa4801 .text C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe[2820] C:\Windows\syswow64\USER32.dll!FindWindowExW 00000000758df588 5 bytes JMP 0000000173fa5d61 .text C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe[2820] C:\Windows\syswow64\USER32.dll!CreateDialogIndirectParamAorW 00000000758e10a0 5 bytes JMP 0000000173fa5461 .text C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe[2820] C:\Windows\syswow64\USER32.dll!MessageBoxExA 000000007590fcd6 5 bytes JMP 0000000173fa5581 .text C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe[2820] C:\Windows\syswow64\USER32.dll!MessageBoxExW 000000007590fcfa 5 bytes JMP 0000000173fa5611 .text C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe[2916] C:\Windows\SysWOW64\ntdll.dll!NtWriteFile 000000007714f908 5 bytes JMP 0000000173fa6661 .text C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe[2916] C:\Windows\SysWOW64\ntdll.dll!NtClose 000000007714f9c0 5 bytes JMP 0000000173fa5f11 .text C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe[2916] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationProcess 000000007714fb08 5 bytes JMP 0000000173fa5971 .text C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe[2916] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess 000000007714fc00 5 bytes JMP 0000000173fa3061 .text C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe[2916] C:\Windows\SysWOW64\ntdll.dll!NtMapViewOfSection 000000007714fc30 5 bytes JMP 0000000173fa15f1 .text C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe[2916] C:\Windows\SysWOW64\ntdll.dll!NtUnmapViewOfSection 000000007714fc60 5 bytes JMP 0000000173fa1681 .text C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe[2916] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 000000007714fc90 5 bytes JMP 0000000173fa58e1 .text C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe[2916] C:\Windows\SysWOW64\ntdll.dll!NtOpenSection 000000007714fda8 5 bytes JMP 0000000173fa65d1 .text C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe[2916] C:\Windows\SysWOW64\ntdll.dll!NtWriteVirtualMemory 000000007714fdf4 5 bytes JMP 0000000173fa2f41 .text C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe[2916] C:\Windows\SysWOW64\ntdll.dll!NtDuplicateObject 000000007714fe24 5 bytes JMP 0000000173fa3181 .text C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe[2916] C:\Windows\SysWOW64\ntdll.dll!NtQueueApcThread 000000007714ff04 5 bytes JMP 0000000173fa30f1 .text C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe[2916] C:\Windows\SysWOW64\ntdll.dll!NtCreateSection 000000007714ff84 5 bytes JMP 0000000173fa66f1 .text C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe[2916] C:\Windows\SysWOW64\ntdll.dll!NtCreateProcessEx 000000007714ffcc 5 bytes JMP 0000000173fa2d91 .text C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe[2916] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread 000000007714ffe4 5 bytes JMP 0000000173fa2c71 .text C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe[2916] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile 0000000077150094 5 bytes JMP 0000000173fa1e61 .text C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe[2916] C:\Windows\SysWOW64\ntdll.dll!NtSetValueKey 00000000771501a4 5 bytes JMP 0000000173fa2251 .text C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe[2916] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant 000000007715077c 5 bytes JMP 0000000173fa6541 .text C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe[2916] C:\Windows\SysWOW64\ntdll.dll!NtCreateProcess 00000000771507f4 5 bytes JMP 0000000173fa2d01 .text C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe[2916] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx 0000000077150884 5 bytes JMP 0000000173fa2be1 .text C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe[2916] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver 0000000077150dd4 5 bytes JMP 0000000173fa5fa1 .text C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe[2916] C:\Windows\SysWOW64\ntdll.dll!NtRaiseHardError 00000000771515e4 5 bytes JMP 0000000173fa4651 .text C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe[2916] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread 0000000077151900 5 bytes JMP 0000000173fa2fd1 .text C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe[2916] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation 0000000077151bc4 5 bytes JMP 0000000173fa6031 .text C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe[2916] C:\Windows\SysWOW64\ntdll.dll!NtSystemDebugControl 0000000077151d6c 5 bytes JMP 0000000173fa6781 .text C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe[2916] C:\Windows\SysWOW64\ntdll.dll!NtVdmControl 0000000077151ec8 5 bytes JMP 0000000173fa6391 .text C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe[2916] C:\Windows\SysWOW64\ntdll.dll!RtlQueryPerformanceCounter 00000000771688a4 5 bytes JMP 0000000173fa1a71 .text C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe[2916] C:\Windows\SysWOW64\ntdll.dll!RtlCreateProcessParametersEx 0000000077190cfb 5 bytes JMP 0000000173fa1f81 .text C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe[2916] C:\Windows\SysWOW64\ntdll.dll!RtlReportException 00000000771d857f 5 bytes JMP 0000000173fa46e1 .text C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe[2916] C:\Windows\SysWOW64\ntdll.dll!RtlCreateProcessParameters 00000000771de81b 5 bytes JMP 0000000173fa1ef1 .text C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe[2916] C:\Windows\syswow64\kernel32.dll!GetStartupInfoA 0000000075550e00 5 bytes JMP 0000000173fa1d41 .text C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe[2916] C:\Windows\syswow64\kernel32.dll!CreateProcessA 0000000075551072 5 bytes JMP 0000000173fa2911 .text C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe[2916] C:\Windows\syswow64\kernel32.dll!LoadLibraryA 00000000755549bf 5 bytes JMP 0000000173fa2521 .text C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe[2916] C:\Windows\syswow64\kernel32.dll!CreateProcessInternalW 0000000075563bdb 5 bytes JMP 0000000173fa2eb1 .text C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe[2916] C:\Windows\syswow64\kernel32.dll!CreateToolhelp32Snapshot 0000000075577347 5 bytes JMP 0000000173fa2641 .text C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe[2916] C:\Windows\syswow64\kernel32.dll!Process32NextW 0000000075578954 5 bytes JMP 0000000173fa5e81 .text C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe[2916] C:\Windows\syswow64\kernel32.dll!WinExec 00000000755d2c91 5 bytes JMP 0000000173fa27f1 .text C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe[2916] C:\Windows\syswow64\kernel32.dll!ReadConsoleInputA 00000000755f6f6b 5 bytes JMP 0000000173fa4261 .text C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe[2916] C:\Windows\syswow64\kernel32.dll!ReadConsoleInputW 00000000755f6f8e 5 bytes JMP 0000000173fa4381 .text C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe[2916] C:\Windows\syswow64\kernel32.dll!ReadConsoleA 00000000755f7339 5 bytes JMP 0000000173fa44a1 .text C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe[2916] C:\Windows\syswow64\kernel32.dll!ReadConsoleW 00000000755f73b2 5 bytes JMP 0000000173fa45c1 .text C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe[2916] C:\Windows\syswow64\KERNELBASE.dll!GetSystemTimeAsFileTime 0000000075bb8f7d 5 bytes JMP 0000000173fa19e1 .text C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe[2916] C:\Windows\syswow64\KERNELBASE.dll!CloseHandle 0000000075bbc428 5 bytes JMP 0000000173fa37b1 .text C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe[2916] C:\Windows\syswow64\KERNELBASE.dll!WriteProcessMemory 0000000075bbec98 5 bytes JMP 0000000173fa32a1 .text C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe[2916] C:\Windows\syswow64\KERNELBASE.dll!ExitProcess 0000000075bbf1f8 5 bytes JMP 0000000173fa22e1 .text C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe[2916] C:\Windows\syswow64\KERNELBASE.dll!GetStartupInfoW 0000000075bbfa7b 5 bytes JMP 0000000173fa1dd1 .text C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe[2916] C:\Windows\syswow64\KERNELBASE.dll!CreateMutexW 0000000075bc134a 5 bytes JMP 0000000173fa3721 .text C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe[2916] C:\Windows\syswow64\KERNELBASE.dll!OpenMutexW 0000000075bc1371 5 bytes JMP 0000000173fa3691 .text C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe[2916] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000075bc1d1b 5 bytes JMP 0000000173fa1951 .text C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe[2916] C:\Windows\syswow64\KERNELBASE.dll!GetProcAddress 0000000075bc1e07 5 bytes JMP 0000000173fa2401 .text C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe[2916] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000075bc2aa4 5 bytes JMP 0000000173fa5a91 .text C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe[2916] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExA 0000000075bc2ccc 5 bytes JMP 0000000173fa5a01 .text C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe[2916] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000075bc2d0a 5 bytes JMP 0000000173fa5b21 .text C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe[2916] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleA 0000000075bc2e6d 5 bytes JMP 0000000173fa18c1 .text C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe[2916] C:\Windows\syswow64\KERNELBASE.dll!SleepEx 0000000075bc3b63 5 bytes JMP 0000000173fa21c1 .text C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe[2916] C:\Windows\syswow64\KERNELBASE.dll!Sleep 0000000075bc4489 5 bytes JMP 0000000173fa2371 .text C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe[2916] C:\Windows\syswow64\KERNELBASE.dll!CreateThread 0000000075bc45fb 5 bytes JMP 0000000173fa3211 .text C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe[2916] C:\Windows\syswow64\KERNELBASE.dll!CreateRemoteThread 0000000075bc4624 5 bytes JMP 0000000173fa2b51 .text C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe[2916] C:\Windows\syswow64\KERNELBASE.dll!CreateFileA 0000000075bcc72c 5 bytes JMP 0000000173fa26d1 .text C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe[2916] C:\Windows\syswow64\USER32.dll!GetMessageW 00000000758b78e2 5 bytes JMP 0000000173fa4021 .text C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe[2916] C:\Windows\syswow64\USER32.dll!GetMessageA 00000000758b7bd3 5 bytes JMP 0000000173fa3f91 .text C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe[2916] C:\Windows\syswow64\USER32.dll!CreateWindowExW 00000000758b8a29 5 bytes JMP 0000000173fa52b1 .text C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe[2916] C:\Windows\syswow64\USER32.dll!FindWindowW 00000000758b98fd 5 bytes JMP 0000000173fa5cd1 .text C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe[2916] C:\Windows\syswow64\USER32.dll!UserClientDllInitialize 00000000758bb6ed 5 bytes JMP 0000000173fa6811 .text C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe[2916] C:\Windows\syswow64\USER32.dll!CreateWindowExA 00000000758bd22e 5 bytes JMP 0000000173fa5341 .text C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe[2916] C:\Windows\syswow64\USER32.dll!FindWindowA 00000000758bffe6 5 bytes JMP 0000000173fa5bb1 .text C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe[2916] C:\Windows\syswow64\USER32.dll!FindWindowExA 00000000758c00d9 5 bytes JMP 0000000173fa5c41 .text C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe[2916] C:\Windows\syswow64\USER32.dll!PeekMessageW 00000000758c05ba 5 bytes JMP 0000000173fa4141 .text C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe[2916] C:\Windows\syswow64\USER32.dll!ShowWindow 00000000758c0dfb 5 bytes JMP 0000000173fa53d1 .text C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe[2916] C:\Windows\syswow64\USER32.dll!PostMessageW 00000000758c12a5 5 bytes JMP 0000000173fa64b1 .text C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe[2916] C:\Windows\syswow64\USER32.dll!SetWindowTextW 00000000758c20ec 5 bytes JMP 0000000173fa5731 .text C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe[2916] C:\Windows\syswow64\USER32.dll!PostMessageA 00000000758c3baa 5 bytes JMP 0000000173fa6421 .text C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe[2916] C:\Windows\syswow64\USER32.dll!PeekMessageA 00000000758c5f74 5 bytes JMP 0000000173fa40b1 .text C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe[2916] C:\Windows\syswow64\USER32.dll!CallNextHookEx 00000000758c6285 5 bytes JMP 0000000173fa4771 .text C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe[2916] C:\Windows\syswow64\USER32.dll!SetWindowsHookExW 00000000758c7603 5 bytes JMP 0000000173fa2ac1 .text C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe[2916] C:\Windows\syswow64\USER32.dll!SetWindowTextA 00000000758c7aee 5 bytes JMP 0000000173fa56a1 .text C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe[2916] C:\Windows\syswow64\USER32.dll!SetWindowsHookExA 00000000758c835c 5 bytes JMP 0000000173fa2a31 .text C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe[2916] C:\Windows\syswow64\USER32.dll!DialogBoxIndirectParamAorW 00000000758dce54 5 bytes JMP 0000000173fa54f1 .text C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe[2916] C:\Windows\syswow64\USER32.dll!UnhookWindowsHookEx 00000000758df52b 5 bytes JMP 0000000173fa4801 .text C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe[2916] C:\Windows\syswow64\USER32.dll!FindWindowExW 00000000758df588 5 bytes JMP 0000000173fa5d61 .text C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe[2916] C:\Windows\syswow64\USER32.dll!CreateDialogIndirectParamAorW 00000000758e10a0 5 bytes JMP 0000000173fa5461 .text C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe[2916] C:\Windows\syswow64\USER32.dll!MessageBoxExA 000000007590fcd6 5 bytes JMP 0000000173fa5581 .text C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe[2916] C:\Windows\syswow64\USER32.dll!MessageBoxExW 000000007590fcfa 5 bytes JMP 0000000173fa5611 .text C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe[2916] C:\Windows\syswow64\SHELL32.dll!Shell_NotifyIconW 0000000076100171 5 bytes JMP 0000000173fa4891 .text C:\Windows\system32\wbem\wmiprvse.exe[3120] C:\Windows\system32\kernel32.dll!Process32NextW + 1 0000000076e320f1 11 bytes [B8, B9, CE, 9D, 75, 00, 00, ...] .text C:\Windows\system32\wbem\wmiprvse.exe[3120] C:\Windows\system32\kernel32.dll!CreateToolhelp32Snapshot 0000000076e321e0 12 bytes [48, B8, F9, 39, 9D, 75, 00, ...] .text C:\Windows\system32\wbem\wmiprvse.exe[3120] C:\Windows\system32\kernel32.dll!CreateProcessInternalW 0000000076e4e750 12 bytes [48, B8, B9, 2D, 9D, 75, 00, ...] .text C:\Windows\system32\wbem\wmiprvse.exe[3120] C:\Windows\system32\kernel32.dll!GetStartupInfoA + 1 0000000076e51e31 11 bytes [B8, 39, E0, 9D, 75, 00, 00, ...] .text C:\Windows\system32\wbem\wmiprvse.exe[3120] C:\Windows\system32\kernel32.dll!ReadConsoleInputW + 1 0000000076e85011 11 bytes [B8, 79, 75, 9D, 75, 00, 00, ...] .text C:\Windows\system32\wbem\wmiprvse.exe[3120] C:\Windows\system32\kernel32.dll!ReadConsoleInputA + 1 0000000076e85031 11 bytes [B8, F9, 71, 9D, 75, 00, 00, ...] .text C:\Windows\system32\wbem\wmiprvse.exe[3120] C:\Windows\system32\kernel32.dll!ReadConsoleW 0000000076e9a560 12 bytes [48, B8, 79, 7C, 9D, 75, 00, ...] .text C:\Windows\system32\wbem\wmiprvse.exe[3120] C:\Windows\system32\kernel32.dll!ReadConsoleA 0000000076e9a670 12 bytes [48, B8, F9, 78, 9D, 75, 00, ...] .text C:\Windows\system32\wbem\wmiprvse.exe[3120] C:\Windows\system32\KERNELBASE.dll!CloseHandle + 1 000007fefd101861 11 bytes [B8, 39, 4D, 9D, 75, 00, 00, ...] .text C:\Windows\system32\wbem\wmiprvse.exe[3120] C:\Windows\system32\KERNELBASE.dll!GetProcAddress + 1 000007fefd1030f1 11 bytes [B8, 39, C4, 9D, 75, 00, 00, ...] .text C:\Windows\system32\wbem\wmiprvse.exe[3120] C:\Windows\system32\KERNELBASE.dll!CreateMutexW 000007fefd108b80 12 bytes [48, B8, 79, 4B, 9D, 75, 00, ...] .text C:\Windows\system32\wbem\wmiprvse.exe[3120] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd109940 12 bytes [48, B8, B9, C0, 9D, 75, 00, ...] .text C:\Windows\system32\wbem\wmiprvse.exe[3120] C:\Windows\system32\KERNELBASE.dll!FreeLibrary + 1 000007fefd109fb1 11 bytes [B8, 79, C2, 9D, 75, 00, 00, ...] .text C:\Windows\system32\wbem\wmiprvse.exe[3120] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExA + 1 000007fefd10bbb1 11 bytes [B8, F9, BE, 9D, 75, 00, 00, ...] .text C:\Windows\system32\wbem\wmiprvse.exe[3120] C:\Windows\system32\KERNELBASE.dll!OpenMutexW + 1 000007fefd1129c1 11 bytes [B8, B9, 49, 9D, 75, 00, 00, ...] .text C:\Windows\system32\wbem\wmiprvse.exe[3120] C:\Windows\system32\KERNELBASE.dll!WriteProcessMemory 000007fefd134320 12 bytes [48, B8, 79, 3D, 9D, 75, 00, ...] .text C:\Windows\system32\wbem\wmiprvse.exe[3120] C:\Windows\system32\KERNELBASE.dll!CreateRemoteThread + 1 000007fefd142841 8 bytes [B8, 39, 23, 9D, 75, 00, 00, ...] .text C:\Windows\system32\wbem\wmiprvse.exe[3120] C:\Windows\system32\KERNELBASE.dll!CreateRemoteThread + 10 000007fefd14284a 2 bytes [50, C3] .text C:\Windows\system32\wbem\wmiprvse.exe[3120] C:\Windows\system32\KERNELBASE.dll!CreateThread + 1 000007fefd142881 11 bytes [B8, B9, 3B, 9D, 75, 00, 00, ...] .text C:\Windows\system32\wbem\wmiprvse.exe[3120] C:\Windows\system32\ADVAPI32.dll!IsTextUnicode + 65 000007fefdaf0761 11 bytes [B8, 79, F3, 9D, 75, 00, 00, ...] .text C:\Windows\system32\wbem\wmiprvse.exe[3120] C:\Windows\system32\ADVAPI32.dll!CreateServiceW 000007fefdaf3b44 12 bytes [48, B8, 79, 67, 9D, 75, 00, ...] .text C:\Windows\system32\wbem\wmiprvse.exe[3120] C:\Windows\system32\ADVAPI32.dll!CreateServiceA 000007fefdb0b704 12 bytes [48, B8, B9, 65, 9D, 75, 00, ...] .text C:\Windows\system32\wbem\wmiprvse.exe[3120] C:\Windows\system32\ADVAPI32.dll!ChangeServiceConfigW 000007fefdb0b870 12 bytes [48, B8, 39, 5B, 9D, 75, 00, ...] .text C:\Windows\system32\wbem\wmiprvse.exe[3120] C:\Windows\system32\ADVAPI32.dll!ChangeServiceConfigA 000007fefdb0b8dc 12 bytes [48, B8, 79, 59, 9D, 75, 00, ...] .text C:\Windows\system32\wbem\wmiprvse.exe[3120] C:\Windows\SYSTEM32\sechost.dll!ControlService + 1 000007fefd27642d 11 bytes [B8, F9, 55, 9D, 75, 00, 00, ...] .text C:\Windows\system32\wbem\wmiprvse.exe[3120] C:\Windows\SYSTEM32\sechost.dll!OpenServiceW 000007fefd276484 12 bytes [48, B8, B9, 50, 9D, 75, 00, ...] .text C:\Windows\system32\wbem\wmiprvse.exe[3120] C:\Windows\SYSTEM32\sechost.dll!CloseServiceHandle + 1 000007fefd276519 11 bytes [B8, F9, 5C, 9D, 75, 00, 00, ...] .text C:\Windows\system32\wbem\wmiprvse.exe[3120] C:\Windows\SYSTEM32\sechost.dll!OpenServiceA 000007fefd276c34 12 bytes [48, B8, F9, 4E, 9D, 75, 00, ...] .text C:\Windows\system32\wbem\wmiprvse.exe[3120] C:\Windows\SYSTEM32\sechost.dll!DeleteService + 1 000007fefd277ab5 11 bytes [B8, B9, 57, 9D, 75, 00, 00, ...] .text C:\Windows\system32\wbem\wmiprvse.exe[3120] C:\Windows\SYSTEM32\sechost.dll!ControlServiceExA + 1 000007fefd278b01 11 bytes [B8, 79, 52, 9D, 75, 00, 00, ...] .text C:\Windows\system32\wbem\wmiprvse.exe[3120] C:\Windows\SYSTEM32\sechost.dll!ControlServiceExW + 1 000007fefd278c39 11 bytes [B8, 39, 54, 9D, 75, 00, 00, ...] .text C:\xampp\apache\bin\httpd.exe[3324] C:\Windows\SysWOW64\ntdll.dll!NtWriteFile 000000007714f908 5 bytes JMP 0000000173fa6661 .text C:\xampp\apache\bin\httpd.exe[3324] C:\Windows\SysWOW64\ntdll.dll!NtClose 000000007714f9c0 5 bytes JMP 0000000173fa5f11 .text C:\xampp\apache\bin\httpd.exe[3324] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationProcess 000000007714fb08 5 bytes JMP 0000000173fa5971 .text C:\xampp\apache\bin\httpd.exe[3324] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess 000000007714fc00 5 bytes JMP 0000000173fa3061 .text C:\xampp\apache\bin\httpd.exe[3324] C:\Windows\SysWOW64\ntdll.dll!NtMapViewOfSection 000000007714fc30 5 bytes JMP 0000000173fa15f1 .text C:\xampp\apache\bin\httpd.exe[3324] C:\Windows\SysWOW64\ntdll.dll!NtUnmapViewOfSection 000000007714fc60 5 bytes JMP 0000000173fa1681 .text C:\xampp\apache\bin\httpd.exe[3324] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 000000007714fc90 5 bytes JMP 0000000173fa58e1 .text C:\xampp\apache\bin\httpd.exe[3324] C:\Windows\SysWOW64\ntdll.dll!NtOpenSection 000000007714fda8 5 bytes JMP 0000000173fa65d1 .text C:\xampp\apache\bin\httpd.exe[3324] C:\Windows\SysWOW64\ntdll.dll!NtWriteVirtualMemory 000000007714fdf4 5 bytes JMP 0000000173fa2f41 .text C:\xampp\apache\bin\httpd.exe[3324] C:\Windows\SysWOW64\ntdll.dll!NtDuplicateObject 000000007714fe24 5 bytes JMP 0000000173fa3181 .text C:\xampp\apache\bin\httpd.exe[3324] C:\Windows\SysWOW64\ntdll.dll!NtQueueApcThread 000000007714ff04 5 bytes JMP 0000000173fa30f1 .text C:\xampp\apache\bin\httpd.exe[3324] C:\Windows\SysWOW64\ntdll.dll!NtCreateSection 000000007714ff84 5 bytes JMP 0000000173fa66f1 .text C:\xampp\apache\bin\httpd.exe[3324] C:\Windows\SysWOW64\ntdll.dll!NtCreateProcessEx 000000007714ffcc 5 bytes JMP 0000000173fa2d91 .text C:\xampp\apache\bin\httpd.exe[3324] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread 000000007714ffe4 5 bytes JMP 0000000173fa2c71 .text C:\xampp\apache\bin\httpd.exe[3324] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile 0000000077150094 5 bytes JMP 0000000173fa1e61 .text C:\xampp\apache\bin\httpd.exe[3324] C:\Windows\SysWOW64\ntdll.dll!NtSetValueKey 00000000771501a4 5 bytes JMP 0000000173fa2251 .text C:\xampp\apache\bin\httpd.exe[3324] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant 000000007715077c 5 bytes JMP 0000000173fa6541 .text C:\xampp\apache\bin\httpd.exe[3324] C:\Windows\SysWOW64\ntdll.dll!NtCreateProcess 00000000771507f4 5 bytes JMP 0000000173fa2d01 .text C:\xampp\apache\bin\httpd.exe[3324] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx 0000000077150884 5 bytes JMP 0000000173fa2be1 .text C:\xampp\apache\bin\httpd.exe[3324] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver 0000000077150dd4 5 bytes JMP 0000000173fa5fa1 .text C:\xampp\apache\bin\httpd.exe[3324] C:\Windows\SysWOW64\ntdll.dll!NtRaiseHardError 00000000771515e4 5 bytes JMP 0000000173fa4651 .text C:\xampp\apache\bin\httpd.exe[3324] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread 0000000077151900 5 bytes JMP 0000000173fa2fd1 .text C:\xampp\apache\bin\httpd.exe[3324] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation 0000000077151bc4 5 bytes JMP 0000000173fa6031 .text C:\xampp\apache\bin\httpd.exe[3324] C:\Windows\SysWOW64\ntdll.dll!NtSystemDebugControl 0000000077151d6c 5 bytes JMP 0000000173fa6781 .text C:\xampp\apache\bin\httpd.exe[3324] C:\Windows\SysWOW64\ntdll.dll!NtVdmControl 0000000077151ec8 5 bytes JMP 0000000173fa6391 .text C:\xampp\apache\bin\httpd.exe[3324] C:\Windows\SysWOW64\ntdll.dll!RtlQueryPerformanceCounter 00000000771688a4 5 bytes JMP 0000000173fa1a71 .text C:\xampp\apache\bin\httpd.exe[3324] C:\Windows\SysWOW64\ntdll.dll!RtlCreateProcessParametersEx 0000000077190cfb 5 bytes JMP 0000000173fa1f81 .text C:\xampp\apache\bin\httpd.exe[3324] C:\Windows\SysWOW64\ntdll.dll!RtlReportException 00000000771d857f 5 bytes JMP 0000000173fa46e1 .text C:\xampp\apache\bin\httpd.exe[3324] C:\Windows\SysWOW64\ntdll.dll!RtlCreateProcessParameters 00000000771de81b 5 bytes JMP 0000000173fa1ef1 .text C:\xampp\apache\bin\httpd.exe[3324] C:\Windows\syswow64\kernel32.dll!GetStartupInfoA 0000000075550e00 5 bytes JMP 0000000173fa1d41 .text C:\xampp\apache\bin\httpd.exe[3324] C:\Windows\syswow64\kernel32.dll!CreateProcessA 0000000075551072 5 bytes JMP 0000000173fa2911 .text C:\xampp\apache\bin\httpd.exe[3324] C:\Windows\syswow64\kernel32.dll!LoadLibraryA 00000000755549bf 5 bytes JMP 0000000173fa2521 .text C:\xampp\apache\bin\httpd.exe[3324] C:\Windows\syswow64\kernel32.dll!CreateProcessInternalW 0000000075563bdb 5 bytes JMP 0000000173fa2eb1 .text C:\xampp\apache\bin\httpd.exe[3324] C:\Windows\syswow64\kernel32.dll!CreateToolhelp32Snapshot 0000000075577347 5 bytes JMP 0000000173fa2641 .text C:\xampp\apache\bin\httpd.exe[3324] C:\Windows\syswow64\kernel32.dll!Process32NextW 0000000075578954 5 bytes JMP 0000000173fa5e81 .text C:\xampp\apache\bin\httpd.exe[3324] C:\Windows\syswow64\kernel32.dll!WinExec 00000000755d2c91 5 bytes JMP 0000000173fa27f1 .text C:\xampp\apache\bin\httpd.exe[3324] C:\Windows\syswow64\kernel32.dll!ReadConsoleInputA 00000000755f6f6b 5 bytes JMP 0000000173fa4261 .text C:\xampp\apache\bin\httpd.exe[3324] C:\Windows\syswow64\kernel32.dll!ReadConsoleInputW 00000000755f6f8e 5 bytes JMP 0000000173fa4381 .text C:\xampp\apache\bin\httpd.exe[3324] C:\Windows\syswow64\kernel32.dll!ReadConsoleA 00000000755f7339 5 bytes JMP 0000000173fa44a1 .text C:\xampp\apache\bin\httpd.exe[3324] C:\Windows\syswow64\kernel32.dll!ReadConsoleW 00000000755f73b2 5 bytes JMP 0000000173fa45c1 .text C:\xampp\apache\bin\httpd.exe[3324] C:\Windows\syswow64\KERNELBASE.dll!GetSystemTimeAsFileTime 0000000075bb8f7d 5 bytes JMP 0000000173fa19e1 .text C:\xampp\apache\bin\httpd.exe[3324] C:\Windows\syswow64\KERNELBASE.dll!CloseHandle 0000000075bbc428 5 bytes JMP 0000000173fa37b1 .text C:\xampp\apache\bin\httpd.exe[3324] C:\Windows\syswow64\KERNELBASE.dll!WriteProcessMemory 0000000075bbec98 5 bytes JMP 0000000173fa32a1 .text C:\xampp\apache\bin\httpd.exe[3324] C:\Windows\syswow64\KERNELBASE.dll!ExitProcess 0000000075bbf1f8 5 bytes JMP 0000000173fa22e1 .text C:\xampp\apache\bin\httpd.exe[3324] C:\Windows\syswow64\KERNELBASE.dll!GetStartupInfoW 0000000075bbfa7b 5 bytes JMP 0000000173fa1dd1 .text C:\xampp\apache\bin\httpd.exe[3324] C:\Windows\syswow64\KERNELBASE.dll!CreateMutexW 0000000075bc134a 5 bytes JMP 0000000173fa3721 .text C:\xampp\apache\bin\httpd.exe[3324] C:\Windows\syswow64\KERNELBASE.dll!OpenMutexW 0000000075bc1371 5 bytes JMP 0000000173fa3691 .text C:\xampp\apache\bin\httpd.exe[3324] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000075bc1d1b 5 bytes JMP 0000000173fa1951 .text C:\xampp\apache\bin\httpd.exe[3324] C:\Windows\syswow64\KERNELBASE.dll!GetProcAddress 0000000075bc1e07 5 bytes JMP 0000000173fa2401 .text C:\xampp\apache\bin\httpd.exe[3324] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000075bc2aa4 5 bytes JMP 0000000173fa5a91 .text C:\xampp\apache\bin\httpd.exe[3324] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExA 0000000075bc2ccc 5 bytes JMP 0000000173fa5a01 .text C:\xampp\apache\bin\httpd.exe[3324] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000075bc2d0a 5 bytes JMP 0000000173fa5b21 .text C:\xampp\apache\bin\httpd.exe[3324] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleA 0000000075bc2e6d 5 bytes JMP 0000000173fa18c1 .text C:\xampp\apache\bin\httpd.exe[3324] C:\Windows\syswow64\KERNELBASE.dll!SleepEx 0000000075bc3b63 5 bytes JMP 0000000173fa21c1 .text C:\xampp\apache\bin\httpd.exe[3324] C:\Windows\syswow64\KERNELBASE.dll!Sleep 0000000075bc4489 5 bytes JMP 0000000173fa2371 .text C:\xampp\apache\bin\httpd.exe[3324] C:\Windows\syswow64\KERNELBASE.dll!CreateThread 0000000075bc45fb 5 bytes JMP 0000000173fa3211 .text C:\xampp\apache\bin\httpd.exe[3324] C:\Windows\syswow64\KERNELBASE.dll!CreateRemoteThread 0000000075bc4624 5 bytes JMP 0000000173fa2b51 .text C:\xampp\apache\bin\httpd.exe[3324] C:\Windows\syswow64\KERNELBASE.dll!CreateFileA 0000000075bcc72c 5 bytes JMP 0000000173fa26d1 .text C:\xampp\apache\bin\httpd.exe[3324] C:\Windows\syswow64\WS2_32.dll!closesocket 0000000075343918 5 bytes JMP 0000000173fa5851 .text C:\xampp\apache\bin\httpd.exe[3324] C:\Windows\syswow64\WS2_32.dll!WSASocketW 0000000075343cd3 5 bytes JMP 0000000173fa57c1 .text C:\xampp\apache\bin\httpd.exe[3324] C:\Windows\syswow64\WS2_32.dll!socket 0000000075343eb8 5 bytes JMP 0000000173fa60c1 .text C:\xampp\apache\bin\httpd.exe[3324] C:\Windows\syswow64\WS2_32.dll!WSASend 0000000075344406 5 bytes JMP 0000000173fa20a1 .text C:\xampp\apache\bin\httpd.exe[3324] C:\Windows\syswow64\WS2_32.dll!GetAddrInfoW 0000000075344889 5 bytes JMP 0000000173fa5191 .text C:\xampp\apache\bin\httpd.exe[3324] C:\Windows\syswow64\WS2_32.dll!recv 0000000075346b0e 5 bytes JMP 0000000173fa6271 .text C:\xampp\apache\bin\httpd.exe[3324] C:\Windows\syswow64\WS2_32.dll!connect 0000000075346bdd 1 byte JMP 0000000173fa3de1 .text C:\xampp\apache\bin\httpd.exe[3324] C:\Windows\syswow64\WS2_32.dll!connect + 2 0000000075346bdf 3 bytes {CALL RCX} .text C:\xampp\apache\bin\httpd.exe[3324] C:\Windows\syswow64\WS2_32.dll!send 0000000075346f01 5 bytes JMP 0000000173fa2011 .text C:\xampp\apache\bin\httpd.exe[3324] C:\Windows\syswow64\WS2_32.dll!WSARecv 0000000075347089 5 bytes JMP 0000000173fa6301 .text C:\xampp\apache\bin\httpd.exe[3324] C:\Windows\syswow64\WS2_32.dll!WSAConnect 000000007534cc3f 5 bytes JMP 0000000173fa61e1 .text C:\xampp\apache\bin\httpd.exe[3324] C:\Windows\syswow64\WS2_32.dll!gethostbyname 0000000075357673 5 bytes JMP 0000000173fa5221 .text C:\xampp\apache\bin\httpd.exe[3324] C:\Windows\syswow64\user32.dll!GetMessageW 00000000758b78e2 5 bytes JMP 0000000173fa4021 .text C:\xampp\apache\bin\httpd.exe[3324] C:\Windows\syswow64\user32.dll!GetMessageA 00000000758b7bd3 5 bytes JMP 0000000173fa3f91 .text C:\xampp\apache\bin\httpd.exe[3324] C:\Windows\syswow64\user32.dll!CreateWindowExW 00000000758b8a29 5 bytes JMP 0000000173fa52b1 .text C:\xampp\apache\bin\httpd.exe[3324] C:\Windows\syswow64\user32.dll!FindWindowW 00000000758b98fd 5 bytes JMP 0000000173fa5cd1 .text C:\xampp\apache\bin\httpd.exe[3324] C:\Windows\syswow64\user32.dll!UserClientDllInitialize 00000000758bb6ed 5 bytes JMP 0000000173fa68a1 .text C:\xampp\apache\bin\httpd.exe[3324] C:\Windows\syswow64\user32.dll!CreateWindowExA 00000000758bd22e 5 bytes JMP 0000000173fa5341 .text C:\xampp\apache\bin\httpd.exe[3324] C:\Windows\syswow64\user32.dll!FindWindowA 00000000758bffe6 5 bytes JMP 0000000173fa5bb1 .text C:\xampp\apache\bin\httpd.exe[3324] C:\Windows\syswow64\user32.dll!FindWindowExA 00000000758c00d9 5 bytes JMP 0000000173fa5c41 .text C:\xampp\apache\bin\httpd.exe[3324] C:\Windows\syswow64\user32.dll!PeekMessageW 00000000758c05ba 5 bytes JMP 0000000173fa4141 .text C:\xampp\apache\bin\httpd.exe[3324] C:\Windows\syswow64\user32.dll!ShowWindow 00000000758c0dfb 5 bytes JMP 0000000173fa53d1 .text C:\xampp\apache\bin\httpd.exe[3324] C:\Windows\syswow64\user32.dll!PostMessageW 00000000758c12a5 5 bytes JMP 0000000173fa64b1 .text C:\xampp\apache\bin\httpd.exe[3324] C:\Windows\syswow64\user32.dll!SetWindowTextW 00000000758c20ec 5 bytes JMP 0000000173fa5731 .text C:\xampp\apache\bin\httpd.exe[3324] C:\Windows\syswow64\user32.dll!PostMessageA 00000000758c3baa 5 bytes JMP 0000000173fa6421 .text C:\xampp\apache\bin\httpd.exe[3324] C:\Windows\syswow64\user32.dll!PeekMessageA 00000000758c5f74 5 bytes JMP 0000000173fa40b1 .text C:\xampp\apache\bin\httpd.exe[3324] C:\Windows\syswow64\user32.dll!CallNextHookEx 00000000758c6285 5 bytes JMP 0000000173fa4771 .text C:\xampp\apache\bin\httpd.exe[3324] C:\Windows\syswow64\user32.dll!SetWindowsHookExW 00000000758c7603 5 bytes JMP 0000000173fa2ac1 .text C:\xampp\apache\bin\httpd.exe[3324] C:\Windows\syswow64\user32.dll!SetWindowTextA 00000000758c7aee 5 bytes JMP 0000000173fa56a1 .text C:\xampp\apache\bin\httpd.exe[3324] C:\Windows\syswow64\user32.dll!SetWindowsHookExA 00000000758c835c 5 bytes JMP 0000000173fa2a31 .text C:\xampp\apache\bin\httpd.exe[3324] C:\Windows\syswow64\user32.dll!DialogBoxIndirectParamAorW 00000000758dce54 5 bytes JMP 0000000173fa54f1 .text C:\xampp\apache\bin\httpd.exe[3324] C:\Windows\syswow64\user32.dll!UnhookWindowsHookEx 00000000758df52b 5 bytes JMP 0000000173fa4801 .text C:\xampp\apache\bin\httpd.exe[3324] C:\Windows\syswow64\user32.dll!FindWindowExW 00000000758df588 5 bytes JMP 0000000173fa5d61 .text C:\xampp\apache\bin\httpd.exe[3324] C:\Windows\syswow64\user32.dll!CreateDialogIndirectParamAorW 00000000758e10a0 5 bytes JMP 0000000173fa5461 .text C:\xampp\apache\bin\httpd.exe[3324] C:\Windows\syswow64\user32.dll!MessageBoxExA 000000007590fcd6 5 bytes JMP 0000000173fa5581 .text C:\xampp\apache\bin\httpd.exe[3324] C:\Windows\syswow64\user32.dll!MessageBoxExW 000000007590fcfa 5 bytes JMP 0000000173fa5611 .text C:\Windows\system32\svchost.exe[4140] C:\Windows\system32\kernel32.dll!Process32NextW + 1 0000000076e320f1 11 bytes [B8, B9, CE, 9D, 75, 00, 00, ...] .text C:\Windows\system32\svchost.exe[4140] C:\Windows\system32\kernel32.dll!CreateToolhelp32Snapshot 0000000076e321e0 12 bytes [48, B8, F9, 39, 9D, 75, 00, ...] .text C:\Windows\system32\svchost.exe[4140] C:\Windows\system32\kernel32.dll!CreateProcessInternalW 0000000076e4e750 12 bytes [48, B8, B9, 2D, 9D, 75, 00, ...] .text C:\Windows\system32\svchost.exe[4140] C:\Windows\system32\kernel32.dll!GetStartupInfoA + 1 0000000076e51e31 11 bytes [B8, 39, E0, 9D, 75, 00, 00, ...] .text C:\Windows\system32\svchost.exe[4140] C:\Windows\system32\kernel32.dll!ReadConsoleInputW + 1 0000000076e85011 11 bytes [B8, 79, 75, 9D, 75, 00, 00, ...] .text C:\Windows\system32\svchost.exe[4140] C:\Windows\system32\kernel32.dll!ReadConsoleInputA + 1 0000000076e85031 11 bytes [B8, F9, 71, 9D, 75, 00, 00, ...] .text C:\Windows\system32\svchost.exe[4140] C:\Windows\system32\kernel32.dll!ReadConsoleW 0000000076e9a560 12 bytes [48, B8, 79, 7C, 9D, 75, 00, ...] .text C:\Windows\system32\svchost.exe[4140] C:\Windows\system32\kernel32.dll!ReadConsoleA 0000000076e9a670 12 bytes [48, B8, F9, 78, 9D, 75, 00, ...] .text C:\Windows\system32\svchost.exe[4140] C:\Windows\system32\KERNELBASE.dll!CloseHandle + 1 000007fefd101861 11 bytes [B8, 39, 4D, 9D, 75, 00, 00, ...] .text C:\Windows\system32\svchost.exe[4140] C:\Windows\system32\KERNELBASE.dll!GetProcAddress + 1 000007fefd1030f1 11 bytes [B8, 39, C4, 9D, 75, 00, 00, ...] .text C:\Windows\system32\svchost.exe[4140] C:\Windows\system32\KERNELBASE.dll!CreateMutexW 000007fefd108b80 12 bytes [48, B8, 79, 4B, 9D, 75, 00, ...] .text C:\Windows\system32\svchost.exe[4140] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd109940 12 bytes [48, B8, B9, C0, 9D, 75, 00, ...] .text C:\Windows\system32\svchost.exe[4140] C:\Windows\system32\KERNELBASE.dll!FreeLibrary + 1 000007fefd109fb1 11 bytes [B8, 79, C2, 9D, 75, 00, 00, ...] .text C:\Windows\system32\svchost.exe[4140] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExA + 1 000007fefd10bbb1 11 bytes [B8, F9, BE, 9D, 75, 00, 00, ...] .text C:\Windows\system32\svchost.exe[4140] C:\Windows\system32\KERNELBASE.dll!OpenMutexW + 1 000007fefd1129c1 11 bytes [B8, B9, 49, 9D, 75, 00, 00, ...] .text C:\Windows\system32\svchost.exe[4140] C:\Windows\system32\KERNELBASE.dll!WriteProcessMemory 000007fefd134320 12 bytes [48, B8, 79, 3D, 9D, 75, 00, ...] .text C:\Windows\system32\svchost.exe[4140] C:\Windows\system32\KERNELBASE.dll!CreateRemoteThread + 1 000007fefd142841 8 bytes [B8, 39, 23, 9D, 75, 00, 00, ...] .text C:\Windows\system32\svchost.exe[4140] C:\Windows\system32\KERNELBASE.dll!CreateRemoteThread + 10 000007fefd14284a 2 bytes [50, C3] .text C:\Windows\system32\svchost.exe[4140] C:\Windows\system32\KERNELBASE.dll!CreateThread + 1 000007fefd142881 11 bytes [B8, B9, 3B, 9D, 75, 00, 00, ...] .text C:\Windows\system32\svchost.exe[4140] C:\Windows\SYSTEM32\sechost.dll!ControlService + 1 000007fefd27642d 11 bytes [B8, F9, 55, 9D, 75, 00, 00, ...] .text C:\Windows\system32\svchost.exe[4140] C:\Windows\SYSTEM32\sechost.dll!OpenServiceW 000007fefd276484 12 bytes [48, B8, B9, 50, 9D, 75, 00, ...] .text C:\Windows\system32\svchost.exe[4140] C:\Windows\SYSTEM32\sechost.dll!CloseServiceHandle + 1 000007fefd276519 11 bytes [B8, F9, 5C, 9D, 75, 00, 00, ...] .text C:\Windows\system32\svchost.exe[4140] C:\Windows\SYSTEM32\sechost.dll!OpenServiceA 000007fefd276c34 12 bytes [48, B8, F9, 4E, 9D, 75, 00, ...] .text C:\Windows\system32\svchost.exe[4140] C:\Windows\SYSTEM32\sechost.dll!DeleteService + 1 000007fefd277ab5 11 bytes [B8, B9, 57, 9D, 75, 00, 00, ...] .text C:\Windows\system32\svchost.exe[4140] C:\Windows\SYSTEM32\sechost.dll!ControlServiceExA + 1 000007fefd278b01 11 bytes [B8, 79, 52, 9D, 75, 00, 00, ...] .text C:\Windows\system32\svchost.exe[4140] C:\Windows\SYSTEM32\sechost.dll!ControlServiceExW + 1 000007fefd278c39 11 bytes [B8, 39, 54, 9D, 75, 00, 00, ...] .text C:\Windows\system32\taskhost.exe[4380] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateProcessParametersEx + 1 0000000076f892a1 5 bytes [B8, F9, 63, 9D, 75] .text C:\Windows\system32\taskhost.exe[4380] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateProcessParametersEx + 7 0000000076f892a7 5 bytes [00, 00, 00, 50, C3] .text C:\Windows\system32\taskhost.exe[4380] C:\Windows\SYSTEM32\ntdll.dll!NtWriteFile 0000000076fa1390 6 bytes [48, B8, 79, EC, 9D, 75] .text C:\Windows\system32\taskhost.exe[4380] C:\Windows\SYSTEM32\ntdll.dll!NtWriteFile + 8 0000000076fa1398 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\taskhost.exe[4380] C:\Windows\SYSTEM32\ntdll.dll!NtClose 0000000076fa1400 6 bytes [48, B8, 79, D0, 9D, 75] .text C:\Windows\system32\taskhost.exe[4380] C:\Windows\SYSTEM32\ntdll.dll!NtClose + 8 0000000076fa1408 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\taskhost.exe[4380] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess 0000000076fa14d0 6 bytes [48, B8, 39, BD, 9D, 75] .text C:\Windows\system32\taskhost.exe[4380] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess + 8 0000000076fa14d8 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\taskhost.exe[4380] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000076fa1570 6 bytes [48, B8, F9, 32, 9D, 75] .text C:\Windows\system32\taskhost.exe[4380] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess + 8 0000000076fa1578 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\taskhost.exe[4380] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 0000000076fa1590 6 bytes [48, B8, 39, 1C, 9D, 75] .text C:\Windows\system32\taskhost.exe[4380] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection + 8 0000000076fa1598 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\taskhost.exe[4380] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection 0000000076fa15b0 6 bytes [48, B8, F9, 1D, 9D, 75] .text C:\Windows\system32\taskhost.exe[4380] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection + 8 0000000076fa15b8 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\taskhost.exe[4380] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076fa15d0 6 bytes [48, B8, 79, BB, 9D, 75] .text C:\Windows\system32\taskhost.exe[4380] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess + 8 0000000076fa15d8 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\taskhost.exe[4380] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076fa1680 6 bytes [48, B8, F9, E8, 9D, 75] .text C:\Windows\system32\taskhost.exe[4380] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection + 8 0000000076fa1688 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\taskhost.exe[4380] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076fa16b0 6 bytes [48, B8, 79, 2F, 9D, 75] .text C:\Windows\system32\taskhost.exe[4380] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory + 8 0000000076fa16b8 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\taskhost.exe[4380] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000076fa16d0 6 bytes [48, B8, 79, 36, 9D, 75] .text C:\Windows\system32\taskhost.exe[4380] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject + 8 0000000076fa16d8 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\taskhost.exe[4380] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 0000000076fa1760 6 bytes [48, B8, B9, 34, 9D, 75] .text C:\Windows\system32\taskhost.exe[4380] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread + 8 0000000076fa1768 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\taskhost.exe[4380] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076fa17b0 6 bytes [48, B8, 39, EE, 9D, 75] .text C:\Windows\system32\taskhost.exe[4380] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection + 8 0000000076fa17b8 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\taskhost.exe[4380] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcessEx 0000000076fa17e0 6 bytes [48, B8, 39, 2A, 9D, 75] .text C:\Windows\system32\taskhost.exe[4380] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcessEx + 8 0000000076fa17e8 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\taskhost.exe[4380] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076fa17f0 6 bytes [48, B8, B9, 26, 9D, 75] .text C:\Windows\system32\taskhost.exe[4380] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread + 8 0000000076fa17f8 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\taskhost.exe[4380] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 0000000076fa1860 6 bytes [48, B8, B9, EA, 9D, 75] .text C:\Windows\system32\taskhost.exe[4380] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile + 8 0000000076fa1868 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\taskhost.exe[4380] C:\Windows\SYSTEM32\ntdll.dll!NtSetValueKey 0000000076fa1910 6 bytes [48, B8, B9, F1, 9D, 75] .text C:\Windows\system32\taskhost.exe[4380] C:\Windows\SYSTEM32\ntdll.dll!NtSetValueKey + 8 0000000076fa1918 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\taskhost.exe[4380] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076fa1ce0 6 bytes [48, B8, 39, E7, 9D, 75] .text C:\Windows\system32\taskhost.exe[4380] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant + 8 0000000076fa1ce8 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\taskhost.exe[4380] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcess 0000000076fa1d30 6 bytes [48, B8, 79, 28, 9D, 75] .text C:\Windows\system32\taskhost.exe[4380] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcess + 8 0000000076fa1d38 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\taskhost.exe[4380] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076fa1d90 6 bytes [48, B8, F9, 24, 9D, 75] .text C:\Windows\system32\taskhost.exe[4380] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx + 8 0000000076fa1d98 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\taskhost.exe[4380] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076fa2100 6 bytes [48, B8, 39, D2, 9D, 75] .text C:\Windows\system32\taskhost.exe[4380] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver + 8 0000000076fa2108 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\taskhost.exe[4380] C:\Windows\SYSTEM32\ntdll.dll!NtRaiseHardError 0000000076fa2640 6 bytes [48, B8, 39, 7E, 9D, 75] .text C:\Windows\system32\taskhost.exe[4380] C:\Windows\SYSTEM32\ntdll.dll!NtRaiseHardError + 8 0000000076fa2648 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\taskhost.exe[4380] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076fa2840 6 bytes [48, B8, 39, 31, 9D, 75] .text C:\Windows\system32\taskhost.exe[4380] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread + 8 0000000076fa2848 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\taskhost.exe[4380] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000076fa2a00 6 bytes [48, B8, F9, D3, 9D, 75] .text C:\Windows\system32\taskhost.exe[4380] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation + 8 0000000076fa2a08 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\taskhost.exe[4380] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076fa2b00 6 bytes [48, B8, F9, EF, 9D, 75] .text C:\Windows\system32\taskhost.exe[4380] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl + 8 0000000076fa2b08 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\taskhost.exe[4380] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000076fa2be0 6 bytes [48, B8, F9, E1, 9D, 75] .text C:\Windows\system32\taskhost.exe[4380] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl + 8 0000000076fa2be8 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\taskhost.exe[4380] C:\Windows\SYSTEM32\ntdll.dll!RtlReportException + 1 00000000770131f1 11 bytes [B8, F9, 7F, 9D, 75, 00, 00, ...] .text C:\Windows\system32\taskhost.exe[4380] C:\Windows\system32\kernel32.dll!Process32NextW + 1 0000000076e320f1 11 bytes [B8, B9, CE, 9D, 75, 00, 00, ...] .text C:\Windows\system32\taskhost.exe[4380] C:\Windows\system32\kernel32.dll!CreateToolhelp32Snapshot 0000000076e321e0 12 bytes [48, B8, F9, 39, 9D, 75, 00, ...] .text C:\Windows\system32\taskhost.exe[4380] C:\Windows\system32\kernel32.dll!CreateProcessInternalW 0000000076e4e750 12 bytes [48, B8, B9, 2D, 9D, 75, 00, ...] .text C:\Windows\system32\taskhost.exe[4380] C:\Windows\system32\kernel32.dll!GetStartupInfoA + 1 0000000076e51e31 11 bytes [B8, 39, E0, 9D, 75, 00, 00, ...] .text C:\Windows\system32\taskhost.exe[4380] C:\Windows\system32\kernel32.dll!ReadConsoleInputW + 1 0000000076e85011 11 bytes [B8, 79, 75, 9D, 75, 00, 00, ...] .text C:\Windows\system32\taskhost.exe[4380] C:\Windows\system32\kernel32.dll!ReadConsoleInputA + 1 0000000076e85031 11 bytes [B8, F9, 71, 9D, 75, 00, 00, ...] .text C:\Windows\system32\taskhost.exe[4380] C:\Windows\system32\kernel32.dll!ReadConsoleW 0000000076e9a560 12 bytes [48, B8, 79, 7C, 9D, 75, 00, ...] .text C:\Windows\system32\taskhost.exe[4380] C:\Windows\system32\kernel32.dll!ReadConsoleA 0000000076e9a670 12 bytes [48, B8, F9, 78, 9D, 75, 00, ...] .text C:\Windows\system32\taskhost.exe[4380] C:\Windows\system32\KERNELBASE.dll!CloseHandle + 1 000007fefd101861 11 bytes [B8, 39, 4D, 9D, 75, 00, 00, ...] .text C:\Windows\system32\taskhost.exe[4380] C:\Windows\system32\KERNELBASE.dll!GetProcAddress + 1 000007fefd1030f1 11 bytes [B8, 39, C4, 9D, 75, 00, 00, ...] .text C:\Windows\system32\taskhost.exe[4380] C:\Windows\system32\KERNELBASE.dll!CreateMutexW 000007fefd108b80 12 bytes [48, B8, 79, 4B, 9D, 75, 00, ...] .text C:\Windows\system32\taskhost.exe[4380] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd109940 12 bytes [48, B8, B9, C0, 9D, 75, 00, ...] .text C:\Windows\system32\taskhost.exe[4380] C:\Windows\system32\KERNELBASE.dll!FreeLibrary + 1 000007fefd109fb1 11 bytes [B8, 79, C2, 9D, 75, 00, 00, ...] .text C:\Windows\system32\taskhost.exe[4380] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExA + 1 000007fefd10bbb1 11 bytes [B8, F9, BE, 9D, 75, 00, 00, ...] .text C:\Windows\system32\taskhost.exe[4380] C:\Windows\system32\KERNELBASE.dll!OpenMutexW + 1 000007fefd1129c1 11 bytes [B8, B9, 49, 9D, 75, 00, 00, ...] .text C:\Windows\system32\taskhost.exe[4380] C:\Windows\system32\KERNELBASE.dll!WriteProcessMemory 000007fefd134320 12 bytes [48, B8, 79, 3D, 9D, 75, 00, ...] .text C:\Windows\system32\taskhost.exe[4380] C:\Windows\system32\KERNELBASE.dll!CreateRemoteThread + 1 000007fefd142841 8 bytes [B8, 39, 23, 9D, 75, 00, 00, ...] .text C:\Windows\system32\taskhost.exe[4380] C:\Windows\system32\KERNELBASE.dll!CreateRemoteThread + 10 000007fefd14284a 2 bytes [50, C3] .text C:\Windows\system32\taskhost.exe[4380] C:\Windows\system32\KERNELBASE.dll!CreateThread + 1 000007fefd142881 11 bytes [B8, B9, 3B, 9D, 75, 00, 00, ...] .text C:\Windows\System32\WUDFHost.exe[4412] C:\Windows\system32\kernel32.dll!Process32NextW + 1 0000000076e320f1 11 bytes [B8, B9, CE, 9D, 75, 00, 00, ...] .text C:\Windows\System32\WUDFHost.exe[4412] C:\Windows\system32\kernel32.dll!CreateToolhelp32Snapshot 0000000076e321e0 12 bytes [48, B8, F9, 39, 9D, 75, 00, ...] .text C:\Windows\System32\WUDFHost.exe[4412] C:\Windows\system32\kernel32.dll!CreateProcessInternalW 0000000076e4e750 12 bytes [48, B8, B9, 2D, 9D, 75, 00, ...] .text C:\Windows\System32\WUDFHost.exe[4412] C:\Windows\system32\kernel32.dll!GetStartupInfoA + 1 0000000076e51e31 11 bytes [B8, 39, E0, 9D, 75, 00, 00, ...] .text C:\Windows\System32\WUDFHost.exe[4412] C:\Windows\system32\kernel32.dll!ReadConsoleInputW + 1 0000000076e85011 11 bytes [B8, 79, 75, 9D, 75, 00, 00, ...] .text C:\Windows\System32\WUDFHost.exe[4412] C:\Windows\system32\kernel32.dll!ReadConsoleInputA + 1 0000000076e85031 11 bytes [B8, F9, 71, 9D, 75, 00, 00, ...] .text C:\Windows\System32\WUDFHost.exe[4412] C:\Windows\system32\kernel32.dll!ReadConsoleW 0000000076e9a560 12 bytes [48, B8, 79, 7C, 9D, 75, 00, ...] .text C:\Windows\System32\WUDFHost.exe[4412] C:\Windows\system32\kernel32.dll!ReadConsoleA 0000000076e9a670 12 bytes [48, B8, F9, 78, 9D, 75, 00, ...] .text C:\Windows\System32\WUDFHost.exe[4412] C:\Windows\system32\KERNELBASE.dll!CloseHandle + 1 000007fefd101861 11 bytes [B8, 39, 4D, 9D, 75, 00, 00, ...] .text C:\Windows\System32\WUDFHost.exe[4412] C:\Windows\system32\KERNELBASE.dll!GetProcAddress + 1 000007fefd1030f1 11 bytes [B8, 39, C4, 9D, 75, 00, 00, ...] .text C:\Windows\System32\WUDFHost.exe[4412] C:\Windows\system32\KERNELBASE.dll!CreateMutexW 000007fefd108b80 12 bytes [48, B8, 79, 4B, 9D, 75, 00, ...] .text C:\Windows\System32\WUDFHost.exe[4412] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd109940 12 bytes [48, B8, B9, C0, 9D, 75, 00, ...] .text C:\Windows\System32\WUDFHost.exe[4412] C:\Windows\system32\KERNELBASE.dll!FreeLibrary + 1 000007fefd109fb1 11 bytes [B8, 79, C2, 9D, 75, 00, 00, ...] .text C:\Windows\System32\WUDFHost.exe[4412] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExA + 1 000007fefd10bbb1 11 bytes [B8, F9, BE, 9D, 75, 00, 00, ...] .text C:\Windows\System32\WUDFHost.exe[4412] C:\Windows\system32\KERNELBASE.dll!OpenMutexW + 1 000007fefd1129c1 11 bytes [B8, B9, 49, 9D, 75, 00, 00, ...] .text C:\Windows\System32\WUDFHost.exe[4412] C:\Windows\system32\KERNELBASE.dll!WriteProcessMemory 000007fefd134320 12 bytes [48, B8, 79, 3D, 9D, 75, 00, ...] .text C:\Windows\System32\WUDFHost.exe[4412] C:\Windows\system32\KERNELBASE.dll!CreateRemoteThread + 1 000007fefd142841 8 bytes [B8, 39, 23, 9D, 75, 00, 00, ...] .text C:\Windows\System32\WUDFHost.exe[4412] C:\Windows\system32\KERNELBASE.dll!CreateRemoteThread + 10 000007fefd14284a 2 bytes [50, C3] .text C:\Windows\System32\WUDFHost.exe[4412] C:\Windows\system32\KERNELBASE.dll!CreateThread + 1 000007fefd142881 11 bytes [B8, B9, 3B, 9D, 75, 00, 00, ...] .text C:\Windows\System32\WUDFHost.exe[4412] C:\Windows\SYSTEM32\sechost.dll!ControlService + 1 000007fefd27642d 11 bytes [B8, F9, 55, 9D, 75, 00, 00, ...] .text C:\Windows\System32\WUDFHost.exe[4412] C:\Windows\SYSTEM32\sechost.dll!OpenServiceW 000007fefd276484 12 bytes [48, B8, B9, 50, 9D, 75, 00, ...] .text C:\Windows\System32\WUDFHost.exe[4412] C:\Windows\SYSTEM32\sechost.dll!CloseServiceHandle + 1 000007fefd276519 11 bytes [B8, F9, 5C, 9D, 75, 00, 00, ...] .text C:\Windows\System32\WUDFHost.exe[4412] C:\Windows\SYSTEM32\sechost.dll!OpenServiceA 000007fefd276c34 12 bytes [48, B8, F9, 4E, 9D, 75, 00, ...] .text C:\Windows\System32\WUDFHost.exe[4412] C:\Windows\SYSTEM32\sechost.dll!DeleteService + 1 000007fefd277ab5 11 bytes [B8, B9, 57, 9D, 75, 00, 00, ...] .text C:\Windows\System32\WUDFHost.exe[4412] C:\Windows\SYSTEM32\sechost.dll!ControlServiceExA + 1 000007fefd278b01 11 bytes [B8, 79, 52, 9D, 75, 00, 00, ...] .text C:\Windows\System32\WUDFHost.exe[4412] C:\Windows\SYSTEM32\sechost.dll!ControlServiceExW + 1 000007fefd278c39 11 bytes [B8, 39, 54, 9D, 75, 00, 00, ...] .text C:\Windows\system32\Dwm.exe[4688] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateProcessParametersEx + 1 0000000076f892a1 5 bytes [B8, F9, 63, 9D, 75] .text C:\Windows\system32\Dwm.exe[4688] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateProcessParametersEx + 7 0000000076f892a7 5 bytes [00, 00, 00, 50, C3] .text C:\Windows\system32\Dwm.exe[4688] C:\Windows\SYSTEM32\ntdll.dll!NtWriteFile 0000000076fa1390 6 bytes [48, B8, 79, EC, 9D, 75] .text C:\Windows\system32\Dwm.exe[4688] C:\Windows\SYSTEM32\ntdll.dll!NtWriteFile + 8 0000000076fa1398 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\Dwm.exe[4688] C:\Windows\SYSTEM32\ntdll.dll!NtClose 0000000076fa1400 6 bytes [48, B8, 79, D0, 9D, 75] .text C:\Windows\system32\Dwm.exe[4688] C:\Windows\SYSTEM32\ntdll.dll!NtClose + 8 0000000076fa1408 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\Dwm.exe[4688] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess 0000000076fa14d0 6 bytes [48, B8, 39, BD, 9D, 75] .text C:\Windows\system32\Dwm.exe[4688] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess + 8 0000000076fa14d8 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\Dwm.exe[4688] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000076fa1570 6 bytes [48, B8, F9, 32, 9D, 75] .text C:\Windows\system32\Dwm.exe[4688] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess + 8 0000000076fa1578 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\Dwm.exe[4688] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 0000000076fa1590 6 bytes [48, B8, 39, 1C, 9D, 75] .text C:\Windows\system32\Dwm.exe[4688] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection + 8 0000000076fa1598 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\Dwm.exe[4688] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection 0000000076fa15b0 6 bytes [48, B8, F9, 1D, 9D, 75] .text C:\Windows\system32\Dwm.exe[4688] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection + 8 0000000076fa15b8 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\Dwm.exe[4688] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076fa15d0 6 bytes [48, B8, 79, BB, 9D, 75] .text C:\Windows\system32\Dwm.exe[4688] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess + 8 0000000076fa15d8 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\Dwm.exe[4688] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076fa1680 6 bytes [48, B8, F9, E8, 9D, 75] .text C:\Windows\system32\Dwm.exe[4688] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection + 8 0000000076fa1688 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\Dwm.exe[4688] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076fa16b0 6 bytes [48, B8, 79, 2F, 9D, 75] .text C:\Windows\system32\Dwm.exe[4688] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory + 8 0000000076fa16b8 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\Dwm.exe[4688] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000076fa16d0 6 bytes [48, B8, 79, 36, 9D, 75] .text C:\Windows\system32\Dwm.exe[4688] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject + 8 0000000076fa16d8 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\Dwm.exe[4688] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 0000000076fa1760 6 bytes [48, B8, B9, 34, 9D, 75] .text C:\Windows\system32\Dwm.exe[4688] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread + 8 0000000076fa1768 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\Dwm.exe[4688] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076fa17b0 6 bytes [48, B8, 39, EE, 9D, 75] .text C:\Windows\system32\Dwm.exe[4688] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection + 8 0000000076fa17b8 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\Dwm.exe[4688] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcessEx 0000000076fa17e0 6 bytes [48, B8, 39, 2A, 9D, 75] .text C:\Windows\system32\Dwm.exe[4688] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcessEx + 8 0000000076fa17e8 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\Dwm.exe[4688] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076fa17f0 6 bytes [48, B8, B9, 26, 9D, 75] .text C:\Windows\system32\Dwm.exe[4688] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread + 8 0000000076fa17f8 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\Dwm.exe[4688] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 0000000076fa1860 6 bytes [48, B8, B9, EA, 9D, 75] .text C:\Windows\system32\Dwm.exe[4688] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile + 8 0000000076fa1868 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\Dwm.exe[4688] C:\Windows\SYSTEM32\ntdll.dll!NtSetValueKey 0000000076fa1910 6 bytes [48, B8, B9, F1, 9D, 75] .text C:\Windows\system32\Dwm.exe[4688] C:\Windows\SYSTEM32\ntdll.dll!NtSetValueKey + 8 0000000076fa1918 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\Dwm.exe[4688] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076fa1ce0 6 bytes [48, B8, 39, E7, 9D, 75] .text C:\Windows\system32\Dwm.exe[4688] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant + 8 0000000076fa1ce8 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\Dwm.exe[4688] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcess 0000000076fa1d30 6 bytes [48, B8, 79, 28, 9D, 75] .text C:\Windows\system32\Dwm.exe[4688] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcess + 8 0000000076fa1d38 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\Dwm.exe[4688] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076fa1d90 6 bytes [48, B8, F9, 24, 9D, 75] .text C:\Windows\system32\Dwm.exe[4688] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx + 8 0000000076fa1d98 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\Dwm.exe[4688] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076fa2100 6 bytes [48, B8, 39, D2, 9D, 75] .text C:\Windows\system32\Dwm.exe[4688] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver + 8 0000000076fa2108 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\Dwm.exe[4688] C:\Windows\SYSTEM32\ntdll.dll!NtRaiseHardError 0000000076fa2640 6 bytes [48, B8, 39, 7E, 9D, 75] .text C:\Windows\system32\Dwm.exe[4688] C:\Windows\SYSTEM32\ntdll.dll!NtRaiseHardError + 8 0000000076fa2648 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\Dwm.exe[4688] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076fa2840 6 bytes [48, B8, 39, 31, 9D, 75] .text C:\Windows\system32\Dwm.exe[4688] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread + 8 0000000076fa2848 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\Dwm.exe[4688] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000076fa2a00 6 bytes [48, B8, F9, D3, 9D, 75] .text C:\Windows\system32\Dwm.exe[4688] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation + 8 0000000076fa2a08 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\Dwm.exe[4688] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076fa2b00 6 bytes [48, B8, F9, EF, 9D, 75] .text C:\Windows\system32\Dwm.exe[4688] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl + 8 0000000076fa2b08 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\Dwm.exe[4688] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000076fa2be0 6 bytes [48, B8, F9, E1, 9D, 75] .text C:\Windows\system32\Dwm.exe[4688] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl + 8 0000000076fa2be8 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\Dwm.exe[4688] C:\Windows\SYSTEM32\ntdll.dll!RtlReportException + 1 00000000770131f1 11 bytes [B8, F9, 7F, 9D, 75, 00, 00, ...] .text C:\Windows\system32\Dwm.exe[4688] C:\Windows\system32\kernel32.dll!Process32NextW + 1 0000000076e320f1 11 bytes [B8, B9, CE, 9D, 75, 00, 00, ...] .text C:\Windows\system32\Dwm.exe[4688] C:\Windows\system32\kernel32.dll!CreateToolhelp32Snapshot 0000000076e321e0 12 bytes [48, B8, F9, 39, 9D, 75, 00, ...] .text C:\Windows\system32\Dwm.exe[4688] C:\Windows\system32\kernel32.dll!CreateProcessInternalW 0000000076e4e750 12 bytes [48, B8, B9, 2D, 9D, 75, 00, ...] .text C:\Windows\system32\Dwm.exe[4688] C:\Windows\system32\kernel32.dll!GetStartupInfoA + 1 0000000076e51e31 11 bytes [B8, 39, E0, 9D, 75, 00, 00, ...] .text C:\Windows\system32\Dwm.exe[4688] C:\Windows\system32\kernel32.dll!ReadConsoleInputW + 1 0000000076e85011 11 bytes [B8, 79, 75, 9D, 75, 00, 00, ...] .text C:\Windows\system32\Dwm.exe[4688] C:\Windows\system32\kernel32.dll!ReadConsoleInputA + 1 0000000076e85031 11 bytes [B8, F9, 71, 9D, 75, 00, 00, ...] .text C:\Windows\system32\Dwm.exe[4688] C:\Windows\system32\kernel32.dll!ReadConsoleW 0000000076e9a560 12 bytes [48, B8, 79, 7C, 9D, 75, 00, ...] .text C:\Windows\system32\Dwm.exe[4688] C:\Windows\system32\kernel32.dll!ReadConsoleA 0000000076e9a670 12 bytes [48, B8, F9, 78, 9D, 75, 00, ...] .text C:\Windows\system32\Dwm.exe[4688] C:\Windows\system32\KERNELBASE.dll!CloseHandle + 1 000007fefd101861 11 bytes [B8, 39, 4D, 9D, 75, 00, 00, ...] .text C:\Windows\system32\Dwm.exe[4688] C:\Windows\system32\KERNELBASE.dll!GetProcAddress + 1 000007fefd1030f1 11 bytes [B8, 39, C4, 9D, 75, 00, 00, ...] .text C:\Windows\system32\Dwm.exe[4688] C:\Windows\system32\KERNELBASE.dll!CreateMutexW 000007fefd108b80 12 bytes [48, B8, 79, 4B, 9D, 75, 00, ...] .text C:\Windows\system32\Dwm.exe[4688] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd109940 12 bytes [48, B8, B9, C0, 9D, 75, 00, ...] .text C:\Windows\system32\Dwm.exe[4688] C:\Windows\system32\KERNELBASE.dll!FreeLibrary + 1 000007fefd109fb1 11 bytes [B8, 79, C2, 9D, 75, 00, 00, ...] .text C:\Windows\system32\Dwm.exe[4688] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExA + 1 000007fefd10bbb1 11 bytes [B8, F9, BE, 9D, 75, 00, 00, ...] .text C:\Windows\system32\Dwm.exe[4688] C:\Windows\system32\KERNELBASE.dll!OpenMutexW + 1 000007fefd1129c1 11 bytes [B8, B9, 49, 9D, 75, 00, 00, ...] .text C:\Windows\system32\Dwm.exe[4688] C:\Windows\system32\KERNELBASE.dll!WriteProcessMemory 000007fefd134320 12 bytes [48, B8, 79, 3D, 9D, 75, 00, ...] .text C:\Windows\system32\Dwm.exe[4688] C:\Windows\system32\KERNELBASE.dll!CreateRemoteThread + 1 000007fefd142841 8 bytes [B8, 39, 23, 9D, 75, 00, 00, ...] .text C:\Windows\system32\Dwm.exe[4688] C:\Windows\system32\KERNELBASE.dll!CreateRemoteThread + 10 000007fefd14284a 2 bytes [50, C3] .text C:\Windows\system32\Dwm.exe[4688] C:\Windows\system32\KERNELBASE.dll!CreateThread + 1 000007fefd142881 11 bytes [B8, B9, 3B, 9D, 75, 00, 00, ...] .text C:\Windows\system32\Dwm.exe[4688] C:\Windows\system32\d3d11.dll!D3D11CreateDeviceAndSwapChain 000007fef4df00f8 12 bytes [48, B8, 39, 8C, 9D, 75, 00, ...] .text C:\Windows\Explorer.EXE[4968] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateProcessParametersEx + 1 0000000076f892a1 5 bytes [B8, B9, 50, 9D, 75] .text C:\Windows\Explorer.EXE[4968] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateProcessParametersEx + 7 0000000076f892a7 5 bytes [00, 00, 00, 50, C3] .text C:\Windows\Explorer.EXE[4968] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess 0000000076fa14d0 6 bytes [48, B8, B9, 57, 9D, 75] .text C:\Windows\Explorer.EXE[4968] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess + 8 0000000076fa14d8 4 bytes [00, 00, 50, C3] .text C:\Windows\Explorer.EXE[4968] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000076fa1570 6 bytes [48, B8, F9, 32, 9D, 75] .text C:\Windows\Explorer.EXE[4968] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess + 8 0000000076fa1578 4 bytes [00, 00, 50, C3] .text C:\Windows\Explorer.EXE[4968] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 0000000076fa1590 6 bytes [48, B8, 39, 1C, 9D, 75] .text C:\Windows\Explorer.EXE[4968] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection + 8 0000000076fa1598 4 bytes [00, 00, 50, C3] .text C:\Windows\Explorer.EXE[4968] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection 0000000076fa15b0 6 bytes [48, B8, F9, 1D, 9D, 75] .text C:\Windows\Explorer.EXE[4968] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection + 8 0000000076fa15b8 4 bytes [00, 00, 50, C3] .text C:\Windows\Explorer.EXE[4968] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076fa15d0 6 bytes [48, B8, F9, 55, 9D, 75] .text C:\Windows\Explorer.EXE[4968] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess + 8 0000000076fa15d8 4 bytes [00, 00, 50, C3] .text C:\Windows\Explorer.EXE[4968] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076fa1680 6 bytes [48, B8, F9, 71, 9D, 75] .text C:\Windows\Explorer.EXE[4968] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection + 8 0000000076fa1688 4 bytes [00, 00, 50, C3] .text C:\Windows\Explorer.EXE[4968] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076fa16b0 6 bytes [48, B8, 79, 2F, 9D, 75] .text C:\Windows\Explorer.EXE[4968] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory + 8 0000000076fa16b8 4 bytes [00, 00, 50, C3] .text C:\Windows\Explorer.EXE[4968] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000076fa16d0 6 bytes [48, B8, 79, 36, 9D, 75] .text C:\Windows\Explorer.EXE[4968] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject + 8 0000000076fa16d8 4 bytes [00, 00, 50, C3] .text C:\Windows\Explorer.EXE[4968] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 0000000076fa1760 6 bytes [48, B8, B9, 34, 9D, 75] .text C:\Windows\Explorer.EXE[4968] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread + 8 0000000076fa1768 4 bytes [00, 00, 50, C3] .text C:\Windows\Explorer.EXE[4968] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076fa17b0 6 bytes [48, B8, B9, 73, 9D, 75] .text C:\Windows\Explorer.EXE[4968] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection + 8 0000000076fa17b8 4 bytes [00, 00, 50, C3] .text C:\Windows\Explorer.EXE[4968] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcessEx 0000000076fa17e0 6 bytes [48, B8, 39, 2A, 9D, 75] .text C:\Windows\Explorer.EXE[4968] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcessEx + 8 0000000076fa17e8 4 bytes [00, 00, 50, C3] .text C:\Windows\Explorer.EXE[4968] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076fa17f0 6 bytes [48, B8, B9, 26, 9D, 75] .text C:\Windows\Explorer.EXE[4968] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread + 8 0000000076fa17f8 4 bytes [00, 00, 50, C3] .text C:\Windows\Explorer.EXE[4968] C:\Windows\SYSTEM32\ntdll.dll!NtSetValueKey 0000000076fa1910 6 bytes [48, B8, 39, 77, 9D, 75] .text C:\Windows\Explorer.EXE[4968] C:\Windows\SYSTEM32\ntdll.dll!NtSetValueKey + 8 0000000076fa1918 4 bytes [00, 00, 50, C3] .text C:\Windows\Explorer.EXE[4968] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076fa1ce0 6 bytes [48, B8, 39, 70, 9D, 75] .text C:\Windows\Explorer.EXE[4968] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant + 8 0000000076fa1ce8 4 bytes [00, 00, 50, C3] .text C:\Windows\Explorer.EXE[4968] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcess 0000000076fa1d30 6 bytes [48, B8, 79, 28, 9D, 75] .text C:\Windows\Explorer.EXE[4968] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcess + 8 0000000076fa1d38 4 bytes [00, 00, 50, C3] .text C:\Windows\Explorer.EXE[4968] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076fa1d90 6 bytes [48, B8, F9, 24, 9D, 75] .text C:\Windows\Explorer.EXE[4968] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx + 8 0000000076fa1d98 4 bytes [00, 00, 50, C3] .text C:\Windows\Explorer.EXE[4968] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076fa2100 6 bytes [48, B8, 79, 60, 9D, 75] .text C:\Windows\Explorer.EXE[4968] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver + 8 0000000076fa2108 4 bytes [00, 00, 50, C3] .text C:\Windows\Explorer.EXE[4968] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076fa2840 6 bytes [48, B8, 39, 31, 9D, 75] .text C:\Windows\Explorer.EXE[4968] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread + 8 0000000076fa2848 4 bytes [00, 00, 50, C3] .text C:\Windows\Explorer.EXE[4968] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000076fa2a00 6 bytes [48, B8, 39, 62, 9D, 75] .text C:\Windows\Explorer.EXE[4968] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation + 8 0000000076fa2a08 4 bytes [00, 00, 50, C3] .text C:\Windows\Explorer.EXE[4968] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076fa2b00 6 bytes [48, B8, 79, 75, 9D, 75] .text C:\Windows\Explorer.EXE[4968] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl + 8 0000000076fa2b08 4 bytes [00, 00, 50, C3] .text C:\Windows\Explorer.EXE[4968] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000076fa2be0 6 bytes [48, B8, 79, 67, 9D, 75] .text C:\Windows\Explorer.EXE[4968] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl + 8 0000000076fa2be8 4 bytes [00, 00, 50, C3] .text C:\Windows\Explorer.EXE[4968] C:\Windows\system32\kernel32.dll!CreateToolhelp32Snapshot 0000000076e321e0 12 bytes [48, B8, F9, 39, 9D, 75, 00, ...] .text C:\Windows\Explorer.EXE[4968] C:\Windows\system32\kernel32.dll!CreateProcessInternalW 0000000076e4e750 12 bytes [48, B8, B9, 2D, 9D, 75, 00, ...] .text C:\Windows\Explorer.EXE[4968] C:\Windows\system32\kernel32.dll!GetStartupInfoA + 1 0000000076e51e31 11 bytes [B8, B9, 65, 9D, 75, 00, 00, ...] .text C:\Windows\Explorer.EXE[4968] C:\Windows\system32\KERNELBASE.dll!WriteProcessMemory 000007fefd134320 12 bytes [48, B8, 79, 3D, 9D, 75, 00, ...] .text C:\Windows\Explorer.EXE[4968] C:\Windows\system32\KERNELBASE.dll!CreateRemoteThread + 1 000007fefd142841 8 bytes [B8, 39, 23, 9D, 75, 00, 00, ...] .text C:\Windows\Explorer.EXE[4968] C:\Windows\system32\KERNELBASE.dll!CreateRemoteThread + 10 000007fefd14284a 2 bytes [50, C3] .text C:\Windows\Explorer.EXE[4968] C:\Windows\system32\KERNELBASE.dll!CreateThread + 1 000007fefd142881 11 bytes [B8, B9, 3B, 9D, 75, 00, 00, ...] .text C:\Windows\Explorer.EXE[4968] C:\Windows\SYSTEM32\sechost.dll!ControlService + 1 000007fefd27642d 11 bytes [B8, 39, 46, 9D, 75, 00, 00, ...] .text C:\Windows\Explorer.EXE[4968] C:\Windows\SYSTEM32\sechost.dll!OpenServiceW 000007fefd276484 12 bytes [48, B8, F9, 40, 9D, 75, 00, ...] .text C:\Windows\Explorer.EXE[4968] C:\Windows\SYSTEM32\sechost.dll!CloseServiceHandle + 1 000007fefd276519 11 bytes [B8, 39, 4D, 9D, 75, 00, 00, ...] .text C:\Windows\Explorer.EXE[4968] C:\Windows\SYSTEM32\sechost.dll!OpenServiceA 000007fefd276c34 12 bytes [48, B8, 39, 3F, 9D, 75, 00, ...] .text C:\Windows\Explorer.EXE[4968] C:\Windows\SYSTEM32\sechost.dll!DeleteService + 1 000007fefd277ab5 11 bytes [B8, F9, 47, 9D, 75, 00, 00, ...] .text C:\Windows\Explorer.EXE[4968] C:\Windows\SYSTEM32\sechost.dll!ControlServiceExA + 1 000007fefd278b01 11 bytes [B8, B9, 42, 9D, 75, 00, 00, ...] .text C:\Windows\Explorer.EXE[4968] C:\Windows\SYSTEM32\sechost.dll!ControlServiceExW + 1 000007fefd278c39 11 bytes [B8, 79, 44, 9D, 75, 00, 00, ...] .text C:\Windows\Explorer.EXE[4968] C:\Windows\system32\WS2_32.dll!connect 000007fefdeb45c0 12 bytes [48, B8, F9, 4E, 9D, 75, 00, ...] .text C:\Windows\System32\rundll32.exe[4720] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateProcessParametersEx + 1 0000000076f892a1 5 bytes [B8, B9, 65, 9D, 75] .text C:\Windows\System32\rundll32.exe[4720] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateProcessParametersEx + 7 0000000076f892a7 5 bytes [00, 00, 00, 50, C3] .text C:\Windows\System32\rundll32.exe[4720] C:\Windows\SYSTEM32\ntdll.dll!NtWriteFile 0000000076fa1390 6 bytes [48, B8, 79, EC, 9D, 75] .text C:\Windows\System32\rundll32.exe[4720] C:\Windows\SYSTEM32\ntdll.dll!NtWriteFile + 8 0000000076fa1398 4 bytes [00, 00, 50, C3] .text C:\Windows\System32\rundll32.exe[4720] C:\Windows\SYSTEM32\ntdll.dll!NtClose 0000000076fa1400 6 bytes [48, B8, 79, D0, 9D, 75] .text C:\Windows\System32\rundll32.exe[4720] C:\Windows\SYSTEM32\ntdll.dll!NtClose + 8 0000000076fa1408 4 bytes [00, 00, 50, C3] .text C:\Windows\System32\rundll32.exe[4720] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess 0000000076fa14d0 6 bytes [48, B8, F9, BE, 9D, 75] .text C:\Windows\System32\rundll32.exe[4720] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess + 8 0000000076fa14d8 4 bytes [00, 00, 50, C3] .text C:\Windows\System32\rundll32.exe[4720] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000076fa1570 6 bytes [48, B8, B9, 34, 9D, 75] .text C:\Windows\System32\rundll32.exe[4720] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess + 8 0000000076fa1578 4 bytes [00, 00, 50, C3] .text C:\Windows\System32\rundll32.exe[4720] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 0000000076fa1590 6 bytes [48, B8, 39, 1C, 9D, 75] .text C:\Windows\System32\rundll32.exe[4720] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection + 8 0000000076fa1598 4 bytes [00, 00, 50, C3] .text C:\Windows\System32\rundll32.exe[4720] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection 0000000076fa15b0 6 bytes [48, B8, F9, 1D, 9D, 75] .text C:\Windows\System32\rundll32.exe[4720] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection + 8 0000000076fa15b8 4 bytes [00, 00, 50, C3] .text C:\Windows\System32\rundll32.exe[4720] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076fa15d0 6 bytes [48, B8, 39, BD, 9D, 75] .text C:\Windows\System32\rundll32.exe[4720] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess + 8 0000000076fa15d8 4 bytes [00, 00, 50, C3] .text C:\Windows\System32\rundll32.exe[4720] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076fa1680 6 bytes [48, B8, F9, E8, 9D, 75] .text C:\Windows\System32\rundll32.exe[4720] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection + 8 0000000076fa1688 4 bytes [00, 00, 50, C3] .text C:\Windows\System32\rundll32.exe[4720] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076fa16b0 6 bytes [48, B8, 39, 31, 9D, 75] .text C:\Windows\System32\rundll32.exe[4720] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory + 8 0000000076fa16b8 4 bytes [00, 00, 50, C3] .text C:\Windows\System32\rundll32.exe[4720] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000076fa16d0 6 bytes [48, B8, 39, 38, 9D, 75] .text C:\Windows\System32\rundll32.exe[4720] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject + 8 0000000076fa16d8 4 bytes [00, 00, 50, C3] .text C:\Windows\System32\rundll32.exe[4720] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 0000000076fa1760 6 bytes [48, B8, 79, 36, 9D, 75] .text C:\Windows\System32\rundll32.exe[4720] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread + 8 0000000076fa1768 4 bytes [00, 00, 50, C3] .text C:\Windows\System32\rundll32.exe[4720] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076fa17b0 6 bytes [48, B8, 39, EE, 9D, 75] .text C:\Windows\System32\rundll32.exe[4720] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection + 8 0000000076fa17b8 4 bytes [00, 00, 50, C3] .text C:\Windows\System32\rundll32.exe[4720] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcessEx 0000000076fa17e0 6 bytes [48, B8, F9, 2B, 9D, 75] .text C:\Windows\System32\rundll32.exe[4720] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcessEx + 8 0000000076fa17e8 4 bytes [00, 00, 50, C3] .text C:\Windows\System32\rundll32.exe[4720] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076fa17f0 6 bytes [48, B8, 79, 28, 9D, 75] .text C:\Windows\System32\rundll32.exe[4720] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread + 8 0000000076fa17f8 4 bytes [00, 00, 50, C3] .text C:\Windows\System32\rundll32.exe[4720] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 0000000076fa1860 6 bytes [48, B8, B9, EA, 9D, 75] .text C:\Windows\System32\rundll32.exe[4720] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile + 8 0000000076fa1868 4 bytes [00, 00, 50, C3] .text C:\Windows\System32\rundll32.exe[4720] C:\Windows\SYSTEM32\ntdll.dll!NtSetValueKey 0000000076fa1910 6 bytes [48, B8, B9, F1, 9D, 75] .text C:\Windows\System32\rundll32.exe[4720] C:\Windows\SYSTEM32\ntdll.dll!NtSetValueKey + 8 0000000076fa1918 4 bytes [00, 00, 50, C3] .text C:\Windows\System32\rundll32.exe[4720] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076fa1ce0 6 bytes [48, B8, 39, E7, 9D, 75] .text C:\Windows\System32\rundll32.exe[4720] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant + 8 0000000076fa1ce8 4 bytes [00, 00, 50, C3] .text C:\Windows\System32\rundll32.exe[4720] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcess 0000000076fa1d30 6 bytes [48, B8, 39, 2A, 9D, 75] .text C:\Windows\System32\rundll32.exe[4720] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcess + 8 0000000076fa1d38 4 bytes [00, 00, 50, C3] .text C:\Windows\System32\rundll32.exe[4720] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076fa1d90 6 bytes [48, B8, B9, 26, 9D, 75] .text C:\Windows\System32\rundll32.exe[4720] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx + 8 0000000076fa1d98 4 bytes [00, 00, 50, C3] .text C:\Windows\System32\rundll32.exe[4720] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076fa2100 6 bytes [48, B8, 39, D2, 9D, 75] .text C:\Windows\System32\rundll32.exe[4720] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver + 8 0000000076fa2108 4 bytes [00, 00, 50, C3] .text C:\Windows\System32\rundll32.exe[4720] C:\Windows\SYSTEM32\ntdll.dll!NtRaiseHardError 0000000076fa2640 6 bytes [48, B8, F9, 7F, 9D, 75] .text C:\Windows\System32\rundll32.exe[4720] C:\Windows\SYSTEM32\ntdll.dll!NtRaiseHardError + 8 0000000076fa2648 4 bytes [00, 00, 50, C3] .text C:\Windows\System32\rundll32.exe[4720] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076fa2840 6 bytes [48, B8, F9, 32, 9D, 75] .text C:\Windows\System32\rundll32.exe[4720] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread + 8 0000000076fa2848 4 bytes [00, 00, 50, C3] .text C:\Windows\System32\rundll32.exe[4720] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000076fa2a00 6 bytes [48, B8, F9, D3, 9D, 75] .text C:\Windows\System32\rundll32.exe[4720] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation + 8 0000000076fa2a08 4 bytes [00, 00, 50, C3] .text C:\Windows\System32\rundll32.exe[4720] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076fa2b00 6 bytes [48, B8, F9, EF, 9D, 75] .text C:\Windows\System32\rundll32.exe[4720] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl + 8 0000000076fa2b08 4 bytes [00, 00, 50, C3] .text C:\Windows\System32\rundll32.exe[4720] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000076fa2be0 6 bytes [48, B8, F9, E1, 9D, 75] .text C:\Windows\System32\rundll32.exe[4720] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl + 8 0000000076fa2be8 4 bytes [00, 00, 50, C3] .text C:\Windows\System32\rundll32.exe[4720] C:\Windows\SYSTEM32\ntdll.dll!RtlReportException + 1 00000000770131f1 11 bytes [B8, B9, 81, 9D, 75, 00, 00, ...] .text C:\Windows\System32\rundll32.exe[4720] C:\Windows\system32\kernel32.dll!Process32NextW + 1 0000000076e320f1 11 bytes [B8, B9, CE, 9D, 75, 00, 00, ...] .text C:\Windows\System32\rundll32.exe[4720] C:\Windows\system32\kernel32.dll!CreateToolhelp32Snapshot 0000000076e321e0 12 bytes [48, B8, B9, 3B, 9D, 75, 00, ...] .text C:\Windows\System32\rundll32.exe[4720] C:\Windows\system32\kernel32.dll!CreateProcessInternalW 0000000076e4e750 12 bytes [48, B8, 79, 2F, 9D, 75, 00, ...] .text C:\Windows\System32\rundll32.exe[4720] C:\Windows\system32\kernel32.dll!GetStartupInfoA + 1 0000000076e51e31 11 bytes [B8, 39, E0, 9D, 75, 00, 00, ...] .text C:\Windows\System32\rundll32.exe[4720] C:\Windows\system32\kernel32.dll!ReadConsoleInputW + 1 0000000076e85011 11 bytes [B8, 39, 77, 9D, 75, 00, 00, ...] .text C:\Windows\System32\rundll32.exe[4720] C:\Windows\system32\kernel32.dll!ReadConsoleInputA + 1 0000000076e85031 11 bytes [B8, B9, 73, 9D, 75, 00, 00, ...] .text C:\Windows\System32\rundll32.exe[4720] C:\Windows\system32\kernel32.dll!ReadConsoleW 0000000076e9a560 12 bytes [48, B8, 39, 7E, 9D, 75, 00, ...] .text C:\Windows\System32\rundll32.exe[4720] C:\Windows\system32\kernel32.dll!ReadConsoleA 0000000076e9a670 12 bytes [48, B8, B9, 7A, 9D, 75, 00, ...] .text C:\Windows\System32\rundll32.exe[4720] C:\Windows\system32\KERNELBASE.dll!CloseHandle + 1 000007fefd101861 11 bytes [B8, F9, 4E, 9D, 75, 00, 00, ...] .text C:\Windows\System32\rundll32.exe[4720] C:\Windows\system32\KERNELBASE.dll!GetProcAddress + 1 000007fefd1030f1 11 bytes [B8, 39, C4, 9D, 75, 00, 00, ...] .text C:\Windows\System32\rundll32.exe[4720] C:\Windows\system32\KERNELBASE.dll!CreateMutexW 000007fefd108b80 12 bytes [48, B8, 39, 4D, 9D, 75, 00, ...] .text C:\Windows\System32\rundll32.exe[4720] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd109940 12 bytes [48, B8, B9, 1F, 9D, 75, 00, ...] .text C:\Windows\System32\rundll32.exe[4720] C:\Windows\system32\KERNELBASE.dll!FreeLibrary + 1 000007fefd109fb1 11 bytes [B8, 79, C2, 9D, 75, 00, 00, ...] .text C:\Windows\System32\rundll32.exe[4720] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExA + 1 000007fefd10bbb1 11 bytes [B8, B9, C0, 9D, 75, 00, 00, ...] .text C:\Windows\System32\rundll32.exe[4720] C:\Windows\system32\KERNELBASE.dll!OpenMutexW + 1 000007fefd1129c1 11 bytes [B8, 79, 4B, 9D, 75, 00, 00, ...] .text C:\Windows\System32\rundll32.exe[4720] C:\Windows\system32\KERNELBASE.dll!WriteProcessMemory 000007fefd134320 12 bytes [48, B8, 39, 3F, 9D, 75, 00, ...] .text C:\Windows\System32\rundll32.exe[4720] C:\Windows\system32\KERNELBASE.dll!CreateRemoteThread + 1 000007fefd142841 8 bytes [B8, F9, 24, 9D, 75, 00, 00, ...] .text C:\Windows\System32\rundll32.exe[4720] C:\Windows\system32\KERNELBASE.dll!CreateRemoteThread + 10 000007fefd14284a 2 bytes [50, C3] .text C:\Windows\System32\rundll32.exe[4720] C:\Windows\system32\KERNELBASE.dll!CreateThread + 1 000007fefd142881 11 bytes [B8, 79, 3D, 9D, 75, 00, 00, ...] .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe[4960] C:\Windows\SysWOW64\ntdll.dll!NtWriteFile 000000007714f908 5 bytes JMP 0000000173fa6661 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe[4960] C:\Windows\SysWOW64\ntdll.dll!NtClose 000000007714f9c0 5 bytes JMP 0000000173fa5f11 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe[4960] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationProcess 000000007714fb08 5 bytes JMP 0000000173fa5971 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe[4960] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess 000000007714fc00 5 bytes JMP 0000000173fa3061 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe[4960] C:\Windows\SysWOW64\ntdll.dll!NtMapViewOfSection 000000007714fc30 5 bytes JMP 0000000173fa15f1 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe[4960] C:\Windows\SysWOW64\ntdll.dll!NtUnmapViewOfSection 000000007714fc60 5 bytes JMP 0000000173fa1681 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe[4960] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 000000007714fc90 5 bytes JMP 0000000173fa58e1 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe[4960] C:\Windows\SysWOW64\ntdll.dll!NtOpenSection 000000007714fda8 5 bytes JMP 0000000173fa65d1 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe[4960] C:\Windows\SysWOW64\ntdll.dll!NtWriteVirtualMemory 000000007714fdf4 5 bytes JMP 0000000173fa2f41 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe[4960] C:\Windows\SysWOW64\ntdll.dll!NtDuplicateObject 000000007714fe24 5 bytes JMP 0000000173fa3181 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe[4960] C:\Windows\SysWOW64\ntdll.dll!NtQueueApcThread 000000007714ff04 5 bytes JMP 0000000173fa30f1 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe[4960] C:\Windows\SysWOW64\ntdll.dll!NtCreateSection 000000007714ff84 5 bytes JMP 0000000173fa66f1 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe[4960] C:\Windows\SysWOW64\ntdll.dll!NtCreateProcessEx 000000007714ffcc 5 bytes JMP 0000000173fa2d91 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe[4960] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread 000000007714ffe4 5 bytes JMP 0000000173fa2c71 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe[4960] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile 0000000077150094 5 bytes JMP 0000000173fa1e61 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe[4960] C:\Windows\SysWOW64\ntdll.dll!NtSetValueKey 00000000771501a4 5 bytes JMP 0000000173fa2251 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe[4960] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant 000000007715077c 5 bytes JMP 0000000173fa6541 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe[4960] C:\Windows\SysWOW64\ntdll.dll!NtCreateProcess 00000000771507f4 5 bytes JMP 0000000173fa2d01 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe[4960] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx 0000000077150884 5 bytes JMP 0000000173fa2be1 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe[4960] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver 0000000077150dd4 5 bytes JMP 0000000173fa5fa1 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe[4960] C:\Windows\SysWOW64\ntdll.dll!NtRaiseHardError 00000000771515e4 5 bytes JMP 0000000173fa4651 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe[4960] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread 0000000077151900 5 bytes JMP 0000000173fa2fd1 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe[4960] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation 0000000077151bc4 5 bytes JMP 0000000173fa6031 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe[4960] C:\Windows\SysWOW64\ntdll.dll!NtSystemDebugControl 0000000077151d6c 5 bytes JMP 0000000173fa6781 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe[4960] C:\Windows\SysWOW64\ntdll.dll!NtVdmControl 0000000077151ec8 5 bytes JMP 0000000173fa6391 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe[4960] C:\Windows\SysWOW64\ntdll.dll!RtlQueryPerformanceCounter 00000000771688a4 5 bytes JMP 0000000173fa1a71 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe[4960] C:\Windows\SysWOW64\ntdll.dll!RtlCreateProcessParametersEx 0000000077190cfb 5 bytes JMP 0000000173fa1f81 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe[4960] C:\Windows\SysWOW64\ntdll.dll!RtlReportException 00000000771d857f 5 bytes JMP 0000000173fa46e1 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe[4960] C:\Windows\SysWOW64\ntdll.dll!RtlCreateProcessParameters 00000000771de81b 5 bytes JMP 0000000173fa1ef1 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe[4960] C:\Windows\syswow64\kernel32.dll!GetStartupInfoA 0000000075550e00 5 bytes JMP 0000000173fa1d41 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe[4960] C:\Windows\syswow64\kernel32.dll!CreateProcessA 0000000075551072 5 bytes JMP 0000000173fa2911 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe[4960] C:\Windows\syswow64\kernel32.dll!LoadLibraryA 00000000755549bf 5 bytes JMP 0000000173fa2521 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe[4960] C:\Windows\syswow64\kernel32.dll!CreateProcessInternalW 0000000075563bdb 5 bytes JMP 0000000173fa2eb1 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe[4960] C:\Windows\syswow64\kernel32.dll!CreateToolhelp32Snapshot 0000000075577347 5 bytes JMP 0000000173fa2641 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe[4960] C:\Windows\syswow64\kernel32.dll!Process32NextW 0000000075578954 5 bytes JMP 0000000173fa5e81 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe[4960] C:\Windows\syswow64\kernel32.dll!WinExec 00000000755d2c91 5 bytes JMP 0000000173fa27f1 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe[4960] C:\Windows\syswow64\kernel32.dll!ReadConsoleInputA 00000000755f6f6b 5 bytes JMP 0000000173fa4261 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe[4960] C:\Windows\syswow64\kernel32.dll!ReadConsoleInputW 00000000755f6f8e 5 bytes JMP 0000000173fa4381 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe[4960] C:\Windows\syswow64\kernel32.dll!ReadConsoleA 00000000755f7339 5 bytes JMP 0000000173fa44a1 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe[4960] C:\Windows\syswow64\kernel32.dll!ReadConsoleW 00000000755f73b2 5 bytes JMP 0000000173fa45c1 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe[4960] C:\Windows\syswow64\KERNELBASE.dll!GetSystemTimeAsFileTime 0000000075bb8f7d 5 bytes JMP 0000000173fa19e1 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe[4960] C:\Windows\syswow64\KERNELBASE.dll!CloseHandle 0000000075bbc428 5 bytes JMP 0000000173fa37b1 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe[4960] C:\Windows\syswow64\KERNELBASE.dll!WriteProcessMemory 0000000075bbec98 5 bytes JMP 0000000173fa32a1 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe[4960] C:\Windows\syswow64\KERNELBASE.dll!ExitProcess 0000000075bbf1f8 5 bytes JMP 0000000173fa22e1 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe[4960] C:\Windows\syswow64\KERNELBASE.dll!GetStartupInfoW 0000000075bbfa7b 5 bytes JMP 0000000173fa1dd1 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe[4960] C:\Windows\syswow64\KERNELBASE.dll!CreateMutexW 0000000075bc134a 5 bytes JMP 0000000173fa3721 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe[4960] C:\Windows\syswow64\KERNELBASE.dll!OpenMutexW 0000000075bc1371 5 bytes JMP 0000000173fa3691 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe[4960] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000075bc1d1b 5 bytes JMP 0000000173fa1951 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe[4960] C:\Windows\syswow64\KERNELBASE.dll!GetProcAddress 0000000075bc1e07 5 bytes JMP 0000000173fa2401 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe[4960] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000075bc2aa4 5 bytes JMP 0000000173fa5a91 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe[4960] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExA 0000000075bc2ccc 5 bytes JMP 0000000173fa5a01 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe[4960] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000075bc2d0a 5 bytes JMP 0000000173fa5b21 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe[4960] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleA 0000000075bc2e6d 5 bytes JMP 0000000173fa18c1 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe[4960] C:\Windows\syswow64\KERNELBASE.dll!SleepEx 0000000075bc3b63 5 bytes JMP 0000000173fa21c1 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe[4960] C:\Windows\syswow64\KERNELBASE.dll!Sleep 0000000075bc4489 5 bytes JMP 0000000173fa2371 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe[4960] C:\Windows\syswow64\KERNELBASE.dll!CreateThread 0000000075bc45fb 5 bytes JMP 0000000173fa3211 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe[4960] C:\Windows\syswow64\KERNELBASE.dll!CreateRemoteThread 0000000075bc4624 5 bytes JMP 0000000173fa2b51 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe[4960] C:\Windows\syswow64\KERNELBASE.dll!CreateFileA 0000000075bcc72c 5 bytes JMP 0000000173fa26d1 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe[4960] C:\Windows\syswow64\USER32.dll!GetMessageW 00000000758b78e2 5 bytes JMP 0000000173fa4021 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe[4960] C:\Windows\syswow64\USER32.dll!GetMessageA 00000000758b7bd3 5 bytes JMP 0000000173fa3f91 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe[4960] C:\Windows\syswow64\USER32.dll!CreateWindowExW 00000000758b8a29 5 bytes JMP 0000000173fa52b1 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe[4960] C:\Windows\syswow64\USER32.dll!FindWindowW 00000000758b98fd 5 bytes JMP 0000000173fa5cd1 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe[4960] C:\Windows\syswow64\USER32.dll!UserClientDllInitialize 00000000758bb6ed 5 bytes JMP 0000000173fa6811 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe[4960] C:\Windows\syswow64\USER32.dll!CreateWindowExA 00000000758bd22e 5 bytes JMP 0000000173fa5341 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe[4960] C:\Windows\syswow64\USER32.dll!FindWindowA 00000000758bffe6 5 bytes JMP 0000000173fa5bb1 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe[4960] C:\Windows\syswow64\USER32.dll!FindWindowExA 00000000758c00d9 5 bytes JMP 0000000173fa5c41 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe[4960] C:\Windows\syswow64\USER32.dll!PeekMessageW 00000000758c05ba 5 bytes JMP 0000000173fa4141 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe[4960] C:\Windows\syswow64\USER32.dll!ShowWindow 00000000758c0dfb 5 bytes JMP 0000000173fa53d1 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe[4960] C:\Windows\syswow64\USER32.dll!PostMessageW 00000000758c12a5 5 bytes JMP 0000000173fa64b1 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe[4960] C:\Windows\syswow64\USER32.dll!SetWindowTextW 00000000758c20ec 5 bytes JMP 0000000173fa5731 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe[4960] C:\Windows\syswow64\USER32.dll!PostMessageA 00000000758c3baa 5 bytes JMP 0000000173fa6421 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe[4960] C:\Windows\syswow64\USER32.dll!PeekMessageA 00000000758c5f74 5 bytes JMP 0000000173fa40b1 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe[4960] C:\Windows\syswow64\USER32.dll!CallNextHookEx 00000000758c6285 5 bytes JMP 0000000173fa4771 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe[4960] C:\Windows\syswow64\USER32.dll!SetWindowsHookExW 00000000758c7603 5 bytes JMP 0000000173fa2ac1 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe[4960] C:\Windows\syswow64\USER32.dll!SetWindowTextA 00000000758c7aee 5 bytes JMP 0000000173fa56a1 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe[4960] C:\Windows\syswow64\USER32.dll!SetWindowsHookExA 00000000758c835c 5 bytes JMP 0000000173fa2a31 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe[4960] C:\Windows\syswow64\USER32.dll!DialogBoxIndirectParamAorW 00000000758dce54 5 bytes JMP 0000000173fa54f1 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe[4960] C:\Windows\syswow64\USER32.dll!UnhookWindowsHookEx 00000000758df52b 5 bytes JMP 0000000173fa4801 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe[4960] C:\Windows\syswow64\USER32.dll!FindWindowExW 00000000758df588 5 bytes JMP 0000000173fa5d61 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe[4960] C:\Windows\syswow64\USER32.dll!CreateDialogIndirectParamAorW 00000000758e10a0 5 bytes JMP 0000000173fa5461 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe[4960] C:\Windows\syswow64\USER32.dll!MessageBoxExA 000000007590fcd6 5 bytes JMP 0000000173fa5581 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe[4960] C:\Windows\syswow64\USER32.dll!MessageBoxExW 000000007590fcfa 5 bytes JMP 0000000173fa5611 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe[4960] C:\Windows\syswow64\WS2_32.dll!closesocket 0000000075343918 5 bytes JMP 0000000173fa5851 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe[4960] C:\Windows\syswow64\WS2_32.dll!WSASocketW 0000000075343cd3 5 bytes JMP 0000000173fa57c1 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe[4960] C:\Windows\syswow64\WS2_32.dll!socket 0000000075343eb8 5 bytes JMP 0000000173fa60c1 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe[4960] C:\Windows\syswow64\WS2_32.dll!WSASend 0000000075344406 5 bytes JMP 0000000173fa20a1 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe[4960] C:\Windows\syswow64\WS2_32.dll!GetAddrInfoW 0000000075344889 5 bytes JMP 0000000173fa5191 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe[4960] C:\Windows\syswow64\WS2_32.dll!recv 0000000075346b0e 5 bytes JMP 0000000173fa6271 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe[4960] C:\Windows\syswow64\WS2_32.dll!connect 0000000075346bdd 1 byte JMP 0000000173fa3de1 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe[4960] C:\Windows\syswow64\WS2_32.dll!connect + 2 0000000075346bdf 3 bytes {CALL RCX} .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe[4960] C:\Windows\syswow64\WS2_32.dll!send 0000000075346f01 5 bytes JMP 0000000173fa2011 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe[4960] C:\Windows\syswow64\WS2_32.dll!WSARecv 0000000075347089 5 bytes JMP 0000000173fa6301 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe[4960] C:\Windows\syswow64\WS2_32.dll!WSAConnect 000000007534cc3f 5 bytes JMP 0000000173fa61e1 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe[4960] C:\Windows\syswow64\WS2_32.dll!gethostbyname 0000000075357673 5 bytes JMP 0000000173fa5221 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe[4784] C:\Windows\SysWOW64\ntdll.dll!NtWriteFile 000000007714f908 5 bytes JMP 0000000173fa6661 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe[4784] C:\Windows\SysWOW64\ntdll.dll!NtClose 000000007714f9c0 5 bytes JMP 0000000173fa5f11 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe[4784] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationProcess 000000007714fb08 5 bytes JMP 0000000173fa5971 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe[4784] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess 000000007714fc00 5 bytes JMP 0000000173fa3061 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe[4784] C:\Windows\SysWOW64\ntdll.dll!NtMapViewOfSection 000000007714fc30 5 bytes JMP 0000000173fa15f1 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe[4784] C:\Windows\SysWOW64\ntdll.dll!NtUnmapViewOfSection 000000007714fc60 5 bytes JMP 0000000173fa1681 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe[4784] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 000000007714fc90 5 bytes JMP 0000000173fa58e1 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe[4784] C:\Windows\SysWOW64\ntdll.dll!NtOpenSection 000000007714fda8 5 bytes JMP 0000000173fa65d1 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe[4784] C:\Windows\SysWOW64\ntdll.dll!NtWriteVirtualMemory 000000007714fdf4 5 bytes JMP 0000000173fa2f41 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe[4784] C:\Windows\SysWOW64\ntdll.dll!NtDuplicateObject 000000007714fe24 5 bytes JMP 0000000173fa3181 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe[4784] C:\Windows\SysWOW64\ntdll.dll!NtQueueApcThread 000000007714ff04 5 bytes JMP 0000000173fa30f1 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe[4784] C:\Windows\SysWOW64\ntdll.dll!NtCreateSection 000000007714ff84 5 bytes JMP 0000000173fa66f1 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe[4784] C:\Windows\SysWOW64\ntdll.dll!NtCreateProcessEx 000000007714ffcc 5 bytes JMP 0000000173fa2d91 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe[4784] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread 000000007714ffe4 5 bytes JMP 0000000173fa2c71 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe[4784] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile 0000000077150094 5 bytes JMP 0000000173fa1e61 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe[4784] C:\Windows\SysWOW64\ntdll.dll!NtSetValueKey 00000000771501a4 5 bytes JMP 0000000173fa2251 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe[4784] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant 000000007715077c 5 bytes JMP 0000000173fa6541 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe[4784] C:\Windows\SysWOW64\ntdll.dll!NtCreateProcess 00000000771507f4 5 bytes JMP 0000000173fa2d01 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe[4784] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx 0000000077150884 5 bytes JMP 0000000173fa2be1 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe[4784] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver 0000000077150dd4 5 bytes JMP 0000000173fa5fa1 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe[4784] C:\Windows\SysWOW64\ntdll.dll!NtRaiseHardError 00000000771515e4 5 bytes JMP 0000000173fa4651 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe[4784] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread 0000000077151900 5 bytes JMP 0000000173fa2fd1 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe[4784] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation 0000000077151bc4 5 bytes JMP 0000000173fa6031 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe[4784] C:\Windows\SysWOW64\ntdll.dll!NtSystemDebugControl 0000000077151d6c 5 bytes JMP 0000000173fa6781 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe[4784] C:\Windows\SysWOW64\ntdll.dll!NtVdmControl 0000000077151ec8 5 bytes JMP 0000000173fa6391 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe[4784] C:\Windows\SysWOW64\ntdll.dll!RtlQueryPerformanceCounter 00000000771688a4 5 bytes JMP 0000000173fa1a71 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe[4784] C:\Windows\SysWOW64\ntdll.dll!RtlCreateProcessParametersEx 0000000077190cfb 5 bytes JMP 0000000173fa1f81 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe[4784] C:\Windows\SysWOW64\ntdll.dll!RtlReportException 00000000771d857f 5 bytes JMP 0000000173fa46e1 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe[4784] C:\Windows\SysWOW64\ntdll.dll!RtlCreateProcessParameters 00000000771de81b 5 bytes JMP 0000000173fa1ef1 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe[4784] C:\Windows\syswow64\kernel32.dll!GetStartupInfoA 0000000075550e00 5 bytes JMP 0000000173fa1d41 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe[4784] C:\Windows\syswow64\kernel32.dll!CreateProcessA 0000000075551072 5 bytes JMP 0000000173fa2911 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe[4784] C:\Windows\syswow64\kernel32.dll!LoadLibraryA 00000000755549bf 5 bytes JMP 0000000173fa2521 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe[4784] C:\Windows\syswow64\kernel32.dll!CreateProcessInternalW 0000000075563bdb 5 bytes JMP 0000000173fa2eb1 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe[4784] C:\Windows\syswow64\kernel32.dll!CreateToolhelp32Snapshot 0000000075577347 5 bytes JMP 0000000173fa2641 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe[4784] C:\Windows\syswow64\kernel32.dll!Process32NextW 0000000075578954 5 bytes JMP 0000000173fa5e81 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe[4784] C:\Windows\syswow64\kernel32.dll!WinExec 00000000755d2c91 5 bytes JMP 0000000173fa27f1 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe[4784] C:\Windows\syswow64\kernel32.dll!ReadConsoleInputA 00000000755f6f6b 5 bytes JMP 0000000173fa4261 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe[4784] C:\Windows\syswow64\kernel32.dll!ReadConsoleInputW 00000000755f6f8e 5 bytes JMP 0000000173fa4381 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe[4784] C:\Windows\syswow64\kernel32.dll!ReadConsoleA 00000000755f7339 5 bytes JMP 0000000173fa44a1 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe[4784] C:\Windows\syswow64\kernel32.dll!ReadConsoleW 00000000755f73b2 5 bytes JMP 0000000173fa45c1 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe[4784] C:\Windows\syswow64\KERNELBASE.dll!GetSystemTimeAsFileTime 0000000075bb8f7d 5 bytes JMP 0000000173fa19e1 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe[4784] C:\Windows\syswow64\KERNELBASE.dll!CloseHandle 0000000075bbc428 5 bytes JMP 0000000173fa37b1 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe[4784] C:\Windows\syswow64\KERNELBASE.dll!WriteProcessMemory 0000000075bbec98 5 bytes JMP 0000000173fa32a1 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe[4784] C:\Windows\syswow64\KERNELBASE.dll!ExitProcess 0000000075bbf1f8 5 bytes JMP 0000000173fa22e1 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe[4784] C:\Windows\syswow64\KERNELBASE.dll!GetStartupInfoW 0000000075bbfa7b 5 bytes JMP 0000000173fa1dd1 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe[4784] C:\Windows\syswow64\KERNELBASE.dll!CreateMutexW 0000000075bc134a 5 bytes JMP 0000000173fa3721 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe[4784] C:\Windows\syswow64\KERNELBASE.dll!OpenMutexW 0000000075bc1371 5 bytes JMP 0000000173fa3691 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe[4784] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000075bc1d1b 5 bytes JMP 0000000173fa1951 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe[4784] C:\Windows\syswow64\KERNELBASE.dll!GetProcAddress 0000000075bc1e07 5 bytes JMP 0000000173fa2401 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe[4784] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000075bc2aa4 5 bytes JMP 0000000173fa5a91 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe[4784] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExA 0000000075bc2ccc 5 bytes JMP 0000000173fa5a01 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe[4784] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000075bc2d0a 5 bytes JMP 0000000173fa5b21 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe[4784] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleA 0000000075bc2e6d 5 bytes JMP 0000000173fa18c1 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe[4784] C:\Windows\syswow64\KERNELBASE.dll!SleepEx 0000000075bc3b63 5 bytes JMP 0000000173fa21c1 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe[4784] C:\Windows\syswow64\KERNELBASE.dll!Sleep 0000000075bc4489 5 bytes JMP 0000000173fa2371 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe[4784] C:\Windows\syswow64\KERNELBASE.dll!CreateThread 0000000075bc45fb 5 bytes JMP 0000000173fa3211 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe[4784] C:\Windows\syswow64\KERNELBASE.dll!CreateRemoteThread 0000000075bc4624 5 bytes JMP 0000000173fa2b51 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe[4784] C:\Windows\syswow64\KERNELBASE.dll!CreateFileA 0000000075bcc72c 5 bytes JMP 0000000173fa26d1 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe[4784] C:\Windows\syswow64\USER32.dll!GetMessageW 00000000758b78e2 5 bytes JMP 0000000173fa4021 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe[4784] C:\Windows\syswow64\USER32.dll!GetMessageA 00000000758b7bd3 5 bytes JMP 0000000173fa3f91 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe[4784] C:\Windows\syswow64\USER32.dll!CreateWindowExW 00000000758b8a29 5 bytes JMP 0000000173fa52b1 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe[4784] C:\Windows\syswow64\USER32.dll!FindWindowW 00000000758b98fd 5 bytes JMP 0000000173fa5cd1 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe[4784] C:\Windows\syswow64\USER32.dll!UserClientDllInitialize 00000000758bb6ed 5 bytes JMP 0000000173fa6811 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe[4784] C:\Windows\syswow64\USER32.dll!CreateWindowExA 00000000758bd22e 5 bytes JMP 0000000173fa5341 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe[4784] C:\Windows\syswow64\USER32.dll!FindWindowA 00000000758bffe6 5 bytes JMP 0000000173fa5bb1 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe[4784] C:\Windows\syswow64\USER32.dll!FindWindowExA 00000000758c00d9 5 bytes JMP 0000000173fa5c41 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe[4784] C:\Windows\syswow64\USER32.dll!PeekMessageW 00000000758c05ba 5 bytes JMP 0000000173fa4141 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe[4784] C:\Windows\syswow64\USER32.dll!ShowWindow 00000000758c0dfb 5 bytes JMP 0000000173fa53d1 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe[4784] C:\Windows\syswow64\USER32.dll!PostMessageW 00000000758c12a5 5 bytes JMP 0000000173fa64b1 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe[4784] C:\Windows\syswow64\USER32.dll!SetWindowTextW 00000000758c20ec 5 bytes JMP 0000000173fa5731 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe[4784] C:\Windows\syswow64\USER32.dll!PostMessageA 00000000758c3baa 5 bytes JMP 0000000173fa6421 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe[4784] C:\Windows\syswow64\USER32.dll!PeekMessageA 00000000758c5f74 5 bytes JMP 0000000173fa40b1 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe[4784] C:\Windows\syswow64\USER32.dll!CallNextHookEx 00000000758c6285 5 bytes JMP 0000000173fa4771 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe[4784] C:\Windows\syswow64\USER32.dll!SetWindowsHookExW 00000000758c7603 5 bytes JMP 0000000173fa2ac1 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe[4784] C:\Windows\syswow64\USER32.dll!SetWindowTextA 00000000758c7aee 5 bytes JMP 0000000173fa56a1 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe[4784] C:\Windows\syswow64\USER32.dll!SetWindowsHookExA 00000000758c835c 5 bytes JMP 0000000173fa2a31 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe[4784] C:\Windows\syswow64\USER32.dll!DialogBoxIndirectParamAorW 00000000758dce54 5 bytes JMP 0000000173fa54f1 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe[4784] C:\Windows\syswow64\USER32.dll!UnhookWindowsHookEx 00000000758df52b 5 bytes JMP 0000000173fa4801 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe[4784] C:\Windows\syswow64\USER32.dll!FindWindowExW 00000000758df588 5 bytes JMP 0000000173fa5d61 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe[4784] C:\Windows\syswow64\USER32.dll!CreateDialogIndirectParamAorW 00000000758e10a0 5 bytes JMP 0000000173fa5461 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe[4784] C:\Windows\syswow64\USER32.dll!MessageBoxExA 000000007590fcd6 5 bytes JMP 0000000173fa5581 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe[4784] C:\Windows\syswow64\USER32.dll!MessageBoxExW 000000007590fcfa 5 bytes JMP 0000000173fa5611 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe[4428] C:\Windows\SysWOW64\ntdll.dll!NtWriteFile 000000007714f908 5 bytes JMP 0000000173fa6661 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe[4428] C:\Windows\SysWOW64\ntdll.dll!NtClose 000000007714f9c0 5 bytes JMP 0000000173fa5f11 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe[4428] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationProcess 000000007714fb08 5 bytes JMP 0000000173fa5971 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe[4428] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess 000000007714fc00 5 bytes JMP 0000000173fa3061 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe[4428] C:\Windows\SysWOW64\ntdll.dll!NtMapViewOfSection 000000007714fc30 5 bytes JMP 0000000173fa15f1 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe[4428] C:\Windows\SysWOW64\ntdll.dll!NtUnmapViewOfSection 000000007714fc60 5 bytes JMP 0000000173fa1681 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe[4428] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 000000007714fc90 5 bytes JMP 0000000173fa58e1 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe[4428] C:\Windows\SysWOW64\ntdll.dll!NtOpenSection 000000007714fda8 5 bytes JMP 0000000173fa65d1 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe[4428] C:\Windows\SysWOW64\ntdll.dll!NtWriteVirtualMemory 000000007714fdf4 5 bytes JMP 0000000173fa2f41 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe[4428] C:\Windows\SysWOW64\ntdll.dll!NtDuplicateObject 000000007714fe24 5 bytes JMP 0000000173fa3181 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe[4428] C:\Windows\SysWOW64\ntdll.dll!NtQueueApcThread 000000007714ff04 5 bytes JMP 0000000173fa30f1 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe[4428] C:\Windows\SysWOW64\ntdll.dll!NtCreateSection 000000007714ff84 5 bytes JMP 0000000173fa66f1 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe[4428] C:\Windows\SysWOW64\ntdll.dll!NtCreateProcessEx 000000007714ffcc 5 bytes JMP 0000000173fa2d91 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe[4428] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread 000000007714ffe4 5 bytes JMP 0000000173fa2c71 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe[4428] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile 0000000077150094 5 bytes JMP 0000000173fa1e61 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe[4428] C:\Windows\SysWOW64\ntdll.dll!NtSetValueKey 00000000771501a4 5 bytes JMP 0000000173fa2251 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe[4428] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant 000000007715077c 5 bytes JMP 0000000173fa6541 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe[4428] C:\Windows\SysWOW64\ntdll.dll!NtCreateProcess 00000000771507f4 5 bytes JMP 0000000173fa2d01 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe[4428] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx 0000000077150884 5 bytes JMP 0000000173fa2be1 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe[4428] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver 0000000077150dd4 5 bytes JMP 0000000173fa5fa1 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe[4428] C:\Windows\SysWOW64\ntdll.dll!NtRaiseHardError 00000000771515e4 5 bytes JMP 0000000173fa4651 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe[4428] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread 0000000077151900 5 bytes JMP 0000000173fa2fd1 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe[4428] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation 0000000077151bc4 5 bytes JMP 0000000173fa6031 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe[4428] C:\Windows\SysWOW64\ntdll.dll!NtSystemDebugControl 0000000077151d6c 5 bytes JMP 0000000173fa6781 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe[4428] C:\Windows\SysWOW64\ntdll.dll!NtVdmControl 0000000077151ec8 5 bytes JMP 0000000173fa6391 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe[4428] C:\Windows\SysWOW64\ntdll.dll!RtlQueryPerformanceCounter 00000000771688a4 5 bytes JMP 0000000173fa1a71 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe[4428] C:\Windows\SysWOW64\ntdll.dll!RtlCreateProcessParametersEx 0000000077190cfb 5 bytes JMP 0000000173fa1f81 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe[4428] C:\Windows\SysWOW64\ntdll.dll!RtlReportException 00000000771d857f 5 bytes JMP 0000000173fa46e1 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe[4428] C:\Windows\SysWOW64\ntdll.dll!RtlCreateProcessParameters 00000000771de81b 5 bytes JMP 0000000173fa1ef1 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe[4428] C:\Windows\syswow64\kernel32.dll!GetStartupInfoA 0000000075550e00 5 bytes JMP 0000000173fa1d41 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe[4428] C:\Windows\syswow64\kernel32.dll!CreateProcessA 0000000075551072 5 bytes JMP 0000000173fa2911 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe[4428] C:\Windows\syswow64\kernel32.dll!LoadLibraryA 00000000755549bf 5 bytes JMP 0000000173fa2521 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe[4428] C:\Windows\syswow64\kernel32.dll!CreateProcessInternalW 0000000075563bdb 5 bytes JMP 0000000173fa2eb1 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe[4428] C:\Windows\syswow64\kernel32.dll!CreateToolhelp32Snapshot 0000000075577347 5 bytes JMP 0000000173fa2641 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe[4428] C:\Windows\syswow64\kernel32.dll!Process32NextW 0000000075578954 5 bytes JMP 0000000173fa5e81 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe[4428] C:\Windows\syswow64\kernel32.dll!WinExec 00000000755d2c91 5 bytes JMP 0000000173fa27f1 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe[4428] C:\Windows\syswow64\kernel32.dll!ReadConsoleInputA 00000000755f6f6b 5 bytes JMP 0000000173fa4261 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe[4428] C:\Windows\syswow64\kernel32.dll!ReadConsoleInputW 00000000755f6f8e 5 bytes JMP 0000000173fa4381 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe[4428] C:\Windows\syswow64\kernel32.dll!ReadConsoleA 00000000755f7339 5 bytes JMP 0000000173fa44a1 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe[4428] C:\Windows\syswow64\kernel32.dll!ReadConsoleW 00000000755f73b2 5 bytes JMP 0000000173fa45c1 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe[4428] C:\Windows\syswow64\KERNELBASE.dll!GetSystemTimeAsFileTime 0000000075bb8f7d 5 bytes JMP 0000000173fa19e1 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe[4428] C:\Windows\syswow64\KERNELBASE.dll!CloseHandle 0000000075bbc428 5 bytes JMP 0000000173fa37b1 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe[4428] C:\Windows\syswow64\KERNELBASE.dll!WriteProcessMemory 0000000075bbec98 5 bytes JMP 0000000173fa32a1 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe[4428] C:\Windows\syswow64\KERNELBASE.dll!ExitProcess 0000000075bbf1f8 5 bytes JMP 0000000173fa22e1 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe[4428] C:\Windows\syswow64\KERNELBASE.dll!GetStartupInfoW 0000000075bbfa7b 5 bytes JMP 0000000173fa1dd1 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe[4428] C:\Windows\syswow64\KERNELBASE.dll!CreateMutexW 0000000075bc134a 5 bytes JMP 0000000173fa3721 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe[4428] C:\Windows\syswow64\KERNELBASE.dll!OpenMutexW 0000000075bc1371 5 bytes JMP 0000000173fa3691 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe[4428] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000075bc1d1b 5 bytes JMP 0000000173fa1951 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe[4428] C:\Windows\syswow64\KERNELBASE.dll!GetProcAddress 0000000075bc1e07 5 bytes JMP 0000000173fa2401 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe[4428] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000075bc2aa4 5 bytes JMP 0000000173fa5a91 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe[4428] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExA 0000000075bc2ccc 5 bytes JMP 0000000173fa5a01 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe[4428] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000075bc2d0a 5 bytes JMP 0000000173fa5b21 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe[4428] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleA 0000000075bc2e6d 5 bytes JMP 0000000173fa18c1 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe[4428] C:\Windows\syswow64\KERNELBASE.dll!SleepEx 0000000075bc3b63 5 bytes JMP 0000000173fa21c1 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe[4428] C:\Windows\syswow64\KERNELBASE.dll!Sleep 0000000075bc4489 5 bytes JMP 0000000173fa2371 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe[4428] C:\Windows\syswow64\KERNELBASE.dll!CreateThread 0000000075bc45fb 5 bytes JMP 0000000173fa3211 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe[4428] C:\Windows\syswow64\KERNELBASE.dll!CreateRemoteThread 0000000075bc4624 5 bytes JMP 0000000173fa2b51 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe[4428] C:\Windows\syswow64\KERNELBASE.dll!CreateFileA 0000000075bcc72c 5 bytes JMP 0000000173fa26d1 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe[4428] C:\Windows\syswow64\USER32.dll!GetMessageW 00000000758b78e2 5 bytes JMP 0000000173fa4021 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe[4428] C:\Windows\syswow64\USER32.dll!GetMessageA 00000000758b7bd3 5 bytes JMP 0000000173fa3f91 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe[4428] C:\Windows\syswow64\USER32.dll!CreateWindowExW 00000000758b8a29 5 bytes JMP 0000000173fa52b1 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe[4428] C:\Windows\syswow64\USER32.dll!FindWindowW 00000000758b98fd 5 bytes JMP 0000000173fa5cd1 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe[4428] C:\Windows\syswow64\USER32.dll!UserClientDllInitialize 00000000758bb6ed 5 bytes JMP 0000000173fa6811 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe[4428] C:\Windows\syswow64\USER32.dll!CreateWindowExA 00000000758bd22e 5 bytes JMP 0000000173fa5341 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe[4428] C:\Windows\syswow64\USER32.dll!FindWindowA 00000000758bffe6 5 bytes JMP 0000000173fa5bb1 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe[4428] C:\Windows\syswow64\USER32.dll!FindWindowExA 00000000758c00d9 5 bytes JMP 0000000173fa5c41 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe[4428] C:\Windows\syswow64\USER32.dll!PeekMessageW 00000000758c05ba 5 bytes JMP 0000000173fa4141 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe[4428] C:\Windows\syswow64\USER32.dll!ShowWindow 00000000758c0dfb 5 bytes JMP 0000000173fa53d1 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe[4428] C:\Windows\syswow64\USER32.dll!PostMessageW 00000000758c12a5 5 bytes JMP 0000000173fa64b1 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe[4428] C:\Windows\syswow64\USER32.dll!SetWindowTextW 00000000758c20ec 5 bytes JMP 0000000173fa5731 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe[4428] C:\Windows\syswow64\USER32.dll!PostMessageA 00000000758c3baa 5 bytes JMP 0000000173fa6421 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe[4428] C:\Windows\syswow64\USER32.dll!PeekMessageA 00000000758c5f74 5 bytes JMP 0000000173fa40b1 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe[4428] C:\Windows\syswow64\USER32.dll!CallNextHookEx 00000000758c6285 5 bytes JMP 0000000173fa4771 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe[4428] C:\Windows\syswow64\USER32.dll!SetWindowsHookExW 00000000758c7603 5 bytes JMP 0000000173fa2ac1 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe[4428] C:\Windows\syswow64\USER32.dll!SetWindowTextA 00000000758c7aee 5 bytes JMP 0000000173fa56a1 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe[4428] C:\Windows\syswow64\USER32.dll!SetWindowsHookExA 00000000758c835c 5 bytes JMP 0000000173fa2a31 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe[4428] C:\Windows\syswow64\USER32.dll!DialogBoxIndirectParamAorW 00000000758dce54 5 bytes JMP 0000000173fa54f1 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe[4428] C:\Windows\syswow64\USER32.dll!UnhookWindowsHookEx 00000000758df52b 5 bytes JMP 0000000173fa4801 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe[4428] C:\Windows\syswow64\USER32.dll!FindWindowExW 00000000758df588 5 bytes JMP 0000000173fa5d61 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe[4428] C:\Windows\syswow64\USER32.dll!CreateDialogIndirectParamAorW 00000000758e10a0 5 bytes JMP 0000000173fa5461 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe[4428] C:\Windows\syswow64\USER32.dll!MessageBoxExA 000000007590fcd6 5 bytes JMP 0000000173fa5581 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe[4428] C:\Windows\syswow64\USER32.dll!MessageBoxExW 000000007590fcfa 5 bytes JMP 0000000173fa5611 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe[4584] C:\Windows\SysWOW64\ntdll.dll!NtWriteFile 000000007714f908 5 bytes JMP 0000000173fa6661 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe[4584] C:\Windows\SysWOW64\ntdll.dll!NtClose 000000007714f9c0 5 bytes JMP 0000000173fa5f11 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe[4584] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationProcess 000000007714fb08 5 bytes JMP 0000000173fa5971 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe[4584] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess 000000007714fc00 5 bytes JMP 0000000173fa3061 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe[4584] C:\Windows\SysWOW64\ntdll.dll!NtMapViewOfSection 000000007714fc30 5 bytes JMP 0000000173fa15f1 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe[4584] C:\Windows\SysWOW64\ntdll.dll!NtUnmapViewOfSection 000000007714fc60 5 bytes JMP 0000000173fa1681 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe[4584] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 000000007714fc90 5 bytes JMP 0000000173fa58e1 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe[4584] C:\Windows\SysWOW64\ntdll.dll!NtOpenSection 000000007714fda8 5 bytes JMP 0000000173fa65d1 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe[4584] C:\Windows\SysWOW64\ntdll.dll!NtWriteVirtualMemory 000000007714fdf4 5 bytes JMP 0000000173fa2f41 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe[4584] C:\Windows\SysWOW64\ntdll.dll!NtDuplicateObject 000000007714fe24 5 bytes JMP 0000000173fa3181 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe[4584] C:\Windows\SysWOW64\ntdll.dll!NtQueueApcThread 000000007714ff04 5 bytes JMP 0000000173fa30f1 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe[4584] C:\Windows\SysWOW64\ntdll.dll!NtCreateSection 000000007714ff84 5 bytes JMP 0000000173fa66f1 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe[4584] C:\Windows\SysWOW64\ntdll.dll!NtCreateProcessEx 000000007714ffcc 5 bytes JMP 0000000173fa2d91 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe[4584] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread 000000007714ffe4 5 bytes JMP 0000000173fa2c71 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe[4584] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile 0000000077150094 5 bytes JMP 0000000173fa1e61 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe[4584] C:\Windows\SysWOW64\ntdll.dll!NtSetValueKey 00000000771501a4 5 bytes JMP 0000000173fa2251 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe[4584] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant 000000007715077c 5 bytes JMP 0000000173fa6541 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe[4584] C:\Windows\SysWOW64\ntdll.dll!NtCreateProcess 00000000771507f4 5 bytes JMP 0000000173fa2d01 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe[4584] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx 0000000077150884 5 bytes JMP 0000000173fa2be1 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe[4584] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver 0000000077150dd4 5 bytes JMP 0000000173fa5fa1 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe[4584] C:\Windows\SysWOW64\ntdll.dll!NtRaiseHardError 00000000771515e4 5 bytes JMP 0000000173fa4651 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe[4584] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread 0000000077151900 5 bytes JMP 0000000173fa2fd1 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe[4584] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation 0000000077151bc4 5 bytes JMP 0000000173fa6031 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe[4584] C:\Windows\SysWOW64\ntdll.dll!NtSystemDebugControl 0000000077151d6c 5 bytes JMP 0000000173fa6781 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe[4584] C:\Windows\SysWOW64\ntdll.dll!NtVdmControl 0000000077151ec8 5 bytes JMP 0000000173fa6391 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe[4584] C:\Windows\SysWOW64\ntdll.dll!RtlQueryPerformanceCounter 00000000771688a4 5 bytes JMP 0000000173fa1a71 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe[4584] C:\Windows\SysWOW64\ntdll.dll!RtlCreateProcessParametersEx 0000000077190cfb 5 bytes JMP 0000000173fa1f81 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe[4584] C:\Windows\SysWOW64\ntdll.dll!RtlReportException 00000000771d857f 5 bytes JMP 0000000173fa46e1 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe[4584] C:\Windows\SysWOW64\ntdll.dll!RtlCreateProcessParameters 00000000771de81b 5 bytes JMP 0000000173fa1ef1 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe[4584] C:\Windows\syswow64\kernel32.dll!GetStartupInfoA 0000000075550e00 5 bytes JMP 0000000173fa1d41 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe[4584] C:\Windows\syswow64\kernel32.dll!CreateProcessA 0000000075551072 5 bytes JMP 0000000173fa2911 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe[4584] C:\Windows\syswow64\kernel32.dll!LoadLibraryA 00000000755549bf 5 bytes JMP 0000000173fa2521 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe[4584] C:\Windows\syswow64\kernel32.dll!CreateProcessInternalW 0000000075563bdb 5 bytes JMP 0000000173fa2eb1 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe[4584] C:\Windows\syswow64\kernel32.dll!CreateToolhelp32Snapshot 0000000075577347 5 bytes JMP 0000000173fa2641 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe[4584] C:\Windows\syswow64\kernel32.dll!Process32NextW 0000000075578954 5 bytes JMP 0000000173fa5e81 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe[4584] C:\Windows\syswow64\kernel32.dll!WinExec 00000000755d2c91 5 bytes JMP 0000000173fa27f1 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe[4584] C:\Windows\syswow64\kernel32.dll!ReadConsoleInputA 00000000755f6f6b 5 bytes JMP 0000000173fa4261 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe[4584] C:\Windows\syswow64\kernel32.dll!ReadConsoleInputW 00000000755f6f8e 5 bytes JMP 0000000173fa4381 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe[4584] C:\Windows\syswow64\kernel32.dll!ReadConsoleA 00000000755f7339 5 bytes JMP 0000000173fa44a1 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe[4584] C:\Windows\syswow64\kernel32.dll!ReadConsoleW 00000000755f73b2 5 bytes JMP 0000000173fa45c1 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe[4584] C:\Windows\syswow64\KERNELBASE.dll!GetSystemTimeAsFileTime 0000000075bb8f7d 5 bytes JMP 0000000173fa19e1 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe[4584] C:\Windows\syswow64\KERNELBASE.dll!CloseHandle 0000000075bbc428 5 bytes JMP 0000000173fa37b1 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe[4584] C:\Windows\syswow64\KERNELBASE.dll!WriteProcessMemory 0000000075bbec98 5 bytes JMP 0000000173fa32a1 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe[4584] C:\Windows\syswow64\KERNELBASE.dll!ExitProcess 0000000075bbf1f8 5 bytes JMP 0000000173fa22e1 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe[4584] C:\Windows\syswow64\KERNELBASE.dll!GetStartupInfoW 0000000075bbfa7b 5 bytes JMP 0000000173fa1dd1 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe[4584] C:\Windows\syswow64\KERNELBASE.dll!CreateMutexW 0000000075bc134a 5 bytes JMP 0000000173fa3721 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe[4584] C:\Windows\syswow64\KERNELBASE.dll!OpenMutexW 0000000075bc1371 5 bytes JMP 0000000173fa3691 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe[4584] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000075bc1d1b 5 bytes JMP 0000000173fa1951 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe[4584] C:\Windows\syswow64\KERNELBASE.dll!GetProcAddress 0000000075bc1e07 5 bytes JMP 0000000173fa2401 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe[4584] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000075bc2aa4 5 bytes JMP 0000000173fa5a91 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe[4584] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExA 0000000075bc2ccc 5 bytes JMP 0000000173fa5a01 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe[4584] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000075bc2d0a 5 bytes JMP 0000000173fa5b21 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe[4584] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleA 0000000075bc2e6d 5 bytes JMP 0000000173fa18c1 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe[4584] C:\Windows\syswow64\KERNELBASE.dll!SleepEx 0000000075bc3b63 5 bytes JMP 0000000173fa21c1 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe[4584] C:\Windows\syswow64\KERNELBASE.dll!Sleep 0000000075bc4489 5 bytes JMP 0000000173fa2371 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe[4584] C:\Windows\syswow64\KERNELBASE.dll!CreateThread 0000000075bc45fb 5 bytes JMP 0000000173fa3211 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe[4584] C:\Windows\syswow64\KERNELBASE.dll!CreateRemoteThread 0000000075bc4624 5 bytes JMP 0000000173fa2b51 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe[4584] C:\Windows\syswow64\KERNELBASE.dll!CreateFileA 0000000075bcc72c 5 bytes JMP 0000000173fa26d1 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe[4584] C:\Windows\syswow64\USER32.dll!GetMessageW 00000000758b78e2 5 bytes JMP 0000000173fa4021 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe[4584] C:\Windows\syswow64\USER32.dll!GetMessageA 00000000758b7bd3 5 bytes JMP 0000000173fa3f91 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe[4584] C:\Windows\syswow64\USER32.dll!CreateWindowExW 00000000758b8a29 5 bytes JMP 0000000173fa52b1 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe[4584] C:\Windows\syswow64\USER32.dll!FindWindowW 00000000758b98fd 5 bytes JMP 0000000173fa5cd1 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe[4584] C:\Windows\syswow64\USER32.dll!UserClientDllInitialize 00000000758bb6ed 5 bytes JMP 0000000173fa6811 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe[4584] C:\Windows\syswow64\USER32.dll!CreateWindowExA 00000000758bd22e 5 bytes JMP 0000000173fa5341 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe[4584] C:\Windows\syswow64\USER32.dll!FindWindowA 00000000758bffe6 5 bytes JMP 0000000173fa5bb1 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe[4584] C:\Windows\syswow64\USER32.dll!FindWindowExA 00000000758c00d9 5 bytes JMP 0000000173fa5c41 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe[4584] C:\Windows\syswow64\USER32.dll!PeekMessageW 00000000758c05ba 5 bytes JMP 0000000173fa4141 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe[4584] C:\Windows\syswow64\USER32.dll!ShowWindow 00000000758c0dfb 5 bytes JMP 0000000173fa53d1 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe[4584] C:\Windows\syswow64\USER32.dll!PostMessageW 00000000758c12a5 5 bytes JMP 0000000173fa64b1 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe[4584] C:\Windows\syswow64\USER32.dll!SetWindowTextW 00000000758c20ec 5 bytes JMP 0000000173fa5731 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe[4584] C:\Windows\syswow64\USER32.dll!PostMessageA 00000000758c3baa 5 bytes JMP 0000000173fa6421 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe[4584] C:\Windows\syswow64\USER32.dll!PeekMessageA 00000000758c5f74 5 bytes JMP 0000000173fa40b1 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe[4584] C:\Windows\syswow64\USER32.dll!CallNextHookEx 00000000758c6285 5 bytes JMP 0000000173fa4771 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe[4584] C:\Windows\syswow64\USER32.dll!SetWindowsHookExW 00000000758c7603 5 bytes JMP 0000000173fa2ac1 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe[4584] C:\Windows\syswow64\USER32.dll!SetWindowTextA 00000000758c7aee 5 bytes JMP 0000000173fa56a1 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe[4584] C:\Windows\syswow64\USER32.dll!SetWindowsHookExA 00000000758c835c 5 bytes JMP 0000000173fa2a31 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe[4584] C:\Windows\syswow64\USER32.dll!DialogBoxIndirectParamAorW 00000000758dce54 5 bytes JMP 0000000173fa54f1 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe[4584] C:\Windows\syswow64\USER32.dll!UnhookWindowsHookEx 00000000758df52b 5 bytes JMP 0000000173fa4801 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe[4584] C:\Windows\syswow64\USER32.dll!FindWindowExW 00000000758df588 5 bytes JMP 0000000173fa5d61 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe[4584] C:\Windows\syswow64\USER32.dll!CreateDialogIndirectParamAorW 00000000758e10a0 5 bytes JMP 0000000173fa5461 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe[4584] C:\Windows\syswow64\USER32.dll!MessageBoxExA 000000007590fcd6 5 bytes JMP 0000000173fa5581 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe[4584] C:\Windows\syswow64\USER32.dll!MessageBoxExW 000000007590fcfa 5 bytes JMP 0000000173fa5611 .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[3304] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateProcessParametersEx + 1 0000000076f892a1 5 bytes [B8, F9, 63, 9D, 75] .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[3304] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateProcessParametersEx + 7 0000000076f892a7 5 bytes [00, 00, 00, 50, C3] .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[3304] C:\Windows\SYSTEM32\ntdll.dll!NtWriteFile 0000000076fa1390 6 bytes [48, B8, 79, EC, 9D, 75] .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[3304] C:\Windows\SYSTEM32\ntdll.dll!NtWriteFile + 8 0000000076fa1398 4 bytes [00, 00, 50, C3] .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[3304] C:\Windows\SYSTEM32\ntdll.dll!NtClose 0000000076fa1400 6 bytes [48, B8, 79, D0, 9D, 75] .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[3304] C:\Windows\SYSTEM32\ntdll.dll!NtClose + 8 0000000076fa1408 4 bytes [00, 00, 50, C3] .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[3304] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess 0000000076fa14d0 6 bytes [48, B8, 39, BD, 9D, 75] .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[3304] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess + 8 0000000076fa14d8 4 bytes [00, 00, 50, C3] .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[3304] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000076fa1570 6 bytes [48, B8, F9, 32, 9D, 75] .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[3304] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess + 8 0000000076fa1578 4 bytes [00, 00, 50, C3] .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[3304] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 0000000076fa1590 6 bytes [48, B8, 39, 1C, 9D, 75] .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[3304] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection + 8 0000000076fa1598 4 bytes [00, 00, 50, C3] .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[3304] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection 0000000076fa15b0 6 bytes [48, B8, F9, 1D, 9D, 75] .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[3304] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection + 8 0000000076fa15b8 4 bytes [00, 00, 50, C3] .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[3304] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076fa15d0 6 bytes [48, B8, 79, BB, 9D, 75] .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[3304] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess + 8 0000000076fa15d8 4 bytes [00, 00, 50, C3] .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[3304] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076fa1680 6 bytes [48, B8, F9, E8, 9D, 75] .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[3304] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection + 8 0000000076fa1688 4 bytes [00, 00, 50, C3] .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[3304] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076fa16b0 6 bytes [48, B8, 79, 2F, 9D, 75] .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[3304] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory + 8 0000000076fa16b8 4 bytes [00, 00, 50, C3] .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[3304] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000076fa16d0 6 bytes [48, B8, 79, 36, 9D, 75] .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[3304] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject + 8 0000000076fa16d8 4 bytes [00, 00, 50, C3] .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[3304] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 0000000076fa1760 6 bytes [48, B8, B9, 34, 9D, 75] .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[3304] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread + 8 0000000076fa1768 4 bytes [00, 00, 50, C3] .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[3304] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076fa17b0 6 bytes [48, B8, 39, EE, 9D, 75] .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[3304] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection + 8 0000000076fa17b8 4 bytes [00, 00, 50, C3] .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[3304] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcessEx 0000000076fa17e0 6 bytes [48, B8, 39, 2A, 9D, 75] .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[3304] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcessEx + 8 0000000076fa17e8 4 bytes [00, 00, 50, C3] .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[3304] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076fa17f0 6 bytes [48, B8, B9, 26, 9D, 75] .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[3304] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread + 8 0000000076fa17f8 4 bytes [00, 00, 50, C3] .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[3304] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 0000000076fa1860 6 bytes [48, B8, B9, EA, 9D, 75] .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[3304] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile + 8 0000000076fa1868 4 bytes [00, 00, 50, C3] .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[3304] C:\Windows\SYSTEM32\ntdll.dll!NtSetValueKey 0000000076fa1910 6 bytes [48, B8, B9, F1, 9D, 75] .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[3304] C:\Windows\SYSTEM32\ntdll.dll!NtSetValueKey + 8 0000000076fa1918 4 bytes [00, 00, 50, C3] .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[3304] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076fa1ce0 6 bytes [48, B8, 39, E7, 9D, 75] .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[3304] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant + 8 0000000076fa1ce8 4 bytes [00, 00, 50, C3] .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[3304] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcess 0000000076fa1d30 6 bytes [48, B8, 79, 28, 9D, 75] .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[3304] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcess + 8 0000000076fa1d38 4 bytes [00, 00, 50, C3] .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[3304] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076fa1d90 6 bytes [48, B8, F9, 24, 9D, 75] .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[3304] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx + 8 0000000076fa1d98 4 bytes [00, 00, 50, C3] .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[3304] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076fa2100 6 bytes [48, B8, 39, D2, 9D, 75] .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[3304] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver + 8 0000000076fa2108 4 bytes [00, 00, 50, C3] .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[3304] C:\Windows\SYSTEM32\ntdll.dll!NtRaiseHardError 0000000076fa2640 6 bytes [48, B8, 39, 7E, 9D, 75] .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[3304] C:\Windows\SYSTEM32\ntdll.dll!NtRaiseHardError + 8 0000000076fa2648 4 bytes [00, 00, 50, C3] .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[3304] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076fa2840 6 bytes [48, B8, 39, 31, 9D, 75] .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[3304] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread + 8 0000000076fa2848 4 bytes [00, 00, 50, C3] .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[3304] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000076fa2a00 6 bytes [48, B8, F9, D3, 9D, 75] .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[3304] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation + 8 0000000076fa2a08 4 bytes [00, 00, 50, C3] .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[3304] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076fa2b00 6 bytes [48, B8, F9, EF, 9D, 75] .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[3304] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl + 8 0000000076fa2b08 4 bytes [00, 00, 50, C3] .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[3304] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000076fa2be0 6 bytes [48, B8, F9, E1, 9D, 75] .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[3304] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl + 8 0000000076fa2be8 4 bytes [00, 00, 50, C3] .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[3304] C:\Windows\SYSTEM32\ntdll.dll!RtlReportException + 1 00000000770131f1 11 bytes [B8, F9, 7F, 9D, 75, 00, 00, ...] .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[3304] C:\Windows\system32\kernel32.dll!Process32NextW + 1 0000000076e320f1 11 bytes [B8, B9, CE, 9D, 75, 00, 00, ...] .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[3304] C:\Windows\system32\kernel32.dll!CreateToolhelp32Snapshot 0000000076e321e0 12 bytes [48, B8, F9, 39, 9D, 75, 00, ...] .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[3304] C:\Windows\system32\kernel32.dll!CreateProcessInternalW 0000000076e4e750 12 bytes [48, B8, B9, 2D, 9D, 75, 00, ...] .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[3304] C:\Windows\system32\kernel32.dll!GetStartupInfoA + 1 0000000076e51e31 11 bytes [B8, 39, E0, 9D, 75, 00, 00, ...] .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[3304] C:\Windows\system32\kernel32.dll!ReadConsoleInputW + 1 0000000076e85011 11 bytes [B8, 79, 75, 9D, 75, 00, 00, ...] .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[3304] C:\Windows\system32\kernel32.dll!ReadConsoleInputA + 1 0000000076e85031 11 bytes [B8, F9, 71, 9D, 75, 00, 00, ...] .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[3304] C:\Windows\system32\kernel32.dll!ReadConsoleW 0000000076e9a560 12 bytes [48, B8, 79, 7C, 9D, 75, 00, ...] .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[3304] C:\Windows\system32\kernel32.dll!ReadConsoleA 0000000076e9a670 12 bytes [48, B8, F9, 78, 9D, 75, 00, ...] .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[3304] C:\Windows\system32\KERNELBASE.dll!CloseHandle + 1 000007fefd101861 11 bytes [B8, 39, 4D, 9D, 75, 00, 00, ...] .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[3304] C:\Windows\system32\KERNELBASE.dll!GetProcAddress + 1 000007fefd1030f1 11 bytes [B8, 39, C4, 9D, 75, 00, 00, ...] .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[3304] C:\Windows\system32\KERNELBASE.dll!CreateMutexW 000007fefd108b80 12 bytes [48, B8, 79, 4B, 9D, 75, 00, ...] .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[3304] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd109940 12 bytes [48, B8, B9, C0, 9D, 75, 00, ...] .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[3304] C:\Windows\system32\KERNELBASE.dll!FreeLibrary + 1 000007fefd109fb1 11 bytes [B8, 79, C2, 9D, 75, 00, 00, ...] .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[3304] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExA + 1 000007fefd10bbb1 11 bytes [B8, F9, BE, 9D, 75, 00, 00, ...] .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[3304] C:\Windows\system32\KERNELBASE.dll!OpenMutexW + 1 000007fefd1129c1 11 bytes [B8, B9, 49, 9D, 75, 00, 00, ...] .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[3304] C:\Windows\system32\KERNELBASE.dll!WriteProcessMemory 000007fefd134320 12 bytes [48, B8, 79, 3D, 9D, 75, 00, ...] .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[3304] C:\Windows\system32\KERNELBASE.dll!CreateRemoteThread + 1 000007fefd142841 8 bytes [B8, 39, 23, 9D, 75, 00, 00, ...] .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[3304] C:\Windows\system32\KERNELBASE.dll!CreateRemoteThread + 10 000007fefd14284a 2 bytes [50, C3] .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[3304] C:\Windows\system32\KERNELBASE.dll!CreateThread + 1 000007fefd142881 11 bytes [B8, B9, 3B, 9D, 75, 00, 00, ...] .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[3304] C:\Windows\SYSTEM32\sechost.dll!ControlService + 1 000007fefd27642d 11 bytes [B8, F9, 55, 9D, 75, 00, 00, ...] .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[3304] C:\Windows\SYSTEM32\sechost.dll!OpenServiceW 000007fefd276484 12 bytes [48, B8, B9, 50, 9D, 75, 00, ...] .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[3304] C:\Windows\SYSTEM32\sechost.dll!CloseServiceHandle + 1 000007fefd276519 11 bytes [B8, F9, 5C, 9D, 75, 00, 00, ...] .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[3304] C:\Windows\SYSTEM32\sechost.dll!OpenServiceA 000007fefd276c34 12 bytes [48, B8, F9, 4E, 9D, 75, 00, ...] .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[3304] C:\Windows\SYSTEM32\sechost.dll!DeleteService + 1 000007fefd277ab5 11 bytes [B8, B9, 57, 9D, 75, 00, 00, ...] .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[3304] C:\Windows\SYSTEM32\sechost.dll!ControlServiceExA + 1 000007fefd278b01 11 bytes [B8, 79, 52, 9D, 75, 00, 00, ...] .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[3304] C:\Windows\SYSTEM32\sechost.dll!ControlServiceExW + 1 000007fefd278c39 11 bytes [B8, 39, 54, 9D, 75, 00, 00, ...] .text C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe[4792] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateProcessParametersEx + 1 0000000076f892a1 5 bytes [B8, F9, 63, 9D, 75] .text C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe[4792] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateProcessParametersEx + 7 0000000076f892a7 5 bytes [00, 00, 00, 50, C3] .text C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe[4792] C:\Windows\SYSTEM32\ntdll.dll!NtWriteFile 0000000076fa1390 6 bytes [48, B8, 79, EC, 9D, 75] .text C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe[4792] C:\Windows\SYSTEM32\ntdll.dll!NtWriteFile + 8 0000000076fa1398 4 bytes [00, 00, 50, C3] .text C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe[4792] C:\Windows\SYSTEM32\ntdll.dll!NtClose 0000000076fa1400 6 bytes [48, B8, 79, D0, 9D, 75] .text C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe[4792] C:\Windows\SYSTEM32\ntdll.dll!NtClose + 8 0000000076fa1408 4 bytes [00, 00, 50, C3] .text C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe[4792] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess 0000000076fa14d0 6 bytes [48, B8, 39, BD, 9D, 75] .text C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe[4792] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess + 8 0000000076fa14d8 4 bytes [00, 00, 50, C3] .text C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe[4792] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000076fa1570 6 bytes [48, B8, F9, 32, 9D, 75] .text C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe[4792] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess + 8 0000000076fa1578 4 bytes [00, 00, 50, C3] .text C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe[4792] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 0000000076fa1590 6 bytes [48, B8, 39, 1C, 9D, 75] .text C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe[4792] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection + 8 0000000076fa1598 4 bytes [00, 00, 50, C3] .text C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe[4792] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection 0000000076fa15b0 6 bytes [48, B8, F9, 1D, 9D, 75] .text C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe[4792] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection + 8 0000000076fa15b8 4 bytes [00, 00, 50, C3] .text C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe[4792] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076fa15d0 6 bytes [48, B8, 79, BB, 9D, 75] .text C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe[4792] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess + 8 0000000076fa15d8 4 bytes [00, 00, 50, C3] .text C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe[4792] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076fa1680 6 bytes [48, B8, F9, E8, 9D, 75] .text C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe[4792] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection + 8 0000000076fa1688 4 bytes [00, 00, 50, C3] .text C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe[4792] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076fa16b0 6 bytes [48, B8, 79, 2F, 9D, 75] .text C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe[4792] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory + 8 0000000076fa16b8 4 bytes [00, 00, 50, C3] .text C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe[4792] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000076fa16d0 6 bytes [48, B8, 79, 36, 9D, 75] .text C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe[4792] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject + 8 0000000076fa16d8 4 bytes [00, 00, 50, C3] .text C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe[4792] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 0000000076fa1760 6 bytes [48, B8, B9, 34, 9D, 75] .text C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe[4792] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread + 8 0000000076fa1768 4 bytes [00, 00, 50, C3] .text C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe[4792] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076fa17b0 6 bytes [48, B8, 39, EE, 9D, 75] .text C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe[4792] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection + 8 0000000076fa17b8 4 bytes [00, 00, 50, C3] .text C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe[4792] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcessEx 0000000076fa17e0 6 bytes [48, B8, 39, 2A, 9D, 75] .text C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe[4792] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcessEx + 8 0000000076fa17e8 4 bytes [00, 00, 50, C3] .text C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe[4792] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076fa17f0 6 bytes [48, B8, B9, 26, 9D, 75] .text C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe[4792] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread + 8 0000000076fa17f8 4 bytes [00, 00, 50, C3] .text C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe[4792] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 0000000076fa1860 6 bytes [48, B8, B9, EA, 9D, 75] .text C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe[4792] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile + 8 0000000076fa1868 4 bytes [00, 00, 50, C3] .text C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe[4792] C:\Windows\SYSTEM32\ntdll.dll!NtSetValueKey 0000000076fa1910 6 bytes [48, B8, B9, F1, 9D, 75] .text C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe[4792] C:\Windows\SYSTEM32\ntdll.dll!NtSetValueKey + 8 0000000076fa1918 4 bytes [00, 00, 50, C3] .text C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe[4792] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076fa1ce0 6 bytes [48, B8, 39, E7, 9D, 75] .text C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe[4792] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant + 8 0000000076fa1ce8 4 bytes [00, 00, 50, C3] .text C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe[4792] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcess 0000000076fa1d30 6 bytes [48, B8, 79, 28, 9D, 75] .text C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe[4792] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcess + 8 0000000076fa1d38 4 bytes [00, 00, 50, C3] .text C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe[4792] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076fa1d90 6 bytes [48, B8, F9, 24, 9D, 75] .text C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe[4792] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx + 8 0000000076fa1d98 4 bytes [00, 00, 50, C3] .text C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe[4792] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076fa2100 6 bytes [48, B8, 39, D2, 9D, 75] .text C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe[4792] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver + 8 0000000076fa2108 4 bytes [00, 00, 50, C3] .text C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe[4792] C:\Windows\SYSTEM32\ntdll.dll!NtRaiseHardError 0000000076fa2640 6 bytes [48, B8, 39, 7E, 9D, 75] .text C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe[4792] C:\Windows\SYSTEM32\ntdll.dll!NtRaiseHardError + 8 0000000076fa2648 4 bytes [00, 00, 50, C3] .text C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe[4792] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076fa2840 6 bytes [48, B8, 39, 31, 9D, 75] .text C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe[4792] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread + 8 0000000076fa2848 4 bytes [00, 00, 50, C3] .text C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe[4792] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000076fa2a00 6 bytes [48, B8, F9, D3, 9D, 75] .text C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe[4792] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation + 8 0000000076fa2a08 4 bytes [00, 00, 50, C3] .text C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe[4792] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076fa2b00 6 bytes [48, B8, F9, EF, 9D, 75] .text C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe[4792] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl + 8 0000000076fa2b08 4 bytes [00, 00, 50, C3] .text C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe[4792] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000076fa2be0 6 bytes [48, B8, F9, E1, 9D, 75] .text C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe[4792] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl + 8 0000000076fa2be8 4 bytes [00, 00, 50, C3] .text C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe[4792] C:\Windows\SYSTEM32\ntdll.dll!RtlReportException + 1 00000000770131f1 11 bytes [B8, F9, 7F, 9D, 75, 00, 00, ...] .text C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe[4792] C:\Windows\system32\kernel32.dll!Process32NextW + 1 0000000076e320f1 11 bytes [B8, B9, CE, 9D, 75, 00, 00, ...] .text C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe[4792] C:\Windows\system32\kernel32.dll!CreateToolhelp32Snapshot 0000000076e321e0 12 bytes [48, B8, F9, 39, 9D, 75, 00, ...] .text C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe[4792] C:\Windows\system32\kernel32.dll!CreateProcessInternalW 0000000076e4e750 12 bytes [48, B8, B9, 2D, 9D, 75, 00, ...] .text C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe[4792] C:\Windows\system32\kernel32.dll!GetStartupInfoA + 1 0000000076e51e31 11 bytes [B8, 39, E0, 9D, 75, 00, 00, ...] .text C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe[4792] C:\Windows\system32\kernel32.dll!ReadConsoleInputW + 1 0000000076e85011 11 bytes [B8, 79, 75, 9D, 75, 00, 00, ...] .text C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe[4792] C:\Windows\system32\kernel32.dll!ReadConsoleInputA + 1 0000000076e85031 11 bytes [B8, F9, 71, 9D, 75, 00, 00, ...] .text C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe[4792] C:\Windows\system32\kernel32.dll!ReadConsoleW 0000000076e9a560 12 bytes [48, B8, 79, 7C, 9D, 75, 00, ...] .text C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe[4792] C:\Windows\system32\kernel32.dll!ReadConsoleA 0000000076e9a670 12 bytes [48, B8, F9, 78, 9D, 75, 00, ...] .text C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe[4792] C:\Windows\system32\KERNELBASE.dll!CloseHandle + 1 000007fefd101861 11 bytes [B8, 39, 4D, 9D, 75, 00, 00, ...] .text C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe[4792] C:\Windows\system32\KERNELBASE.dll!GetProcAddress + 1 000007fefd1030f1 11 bytes [B8, 39, C4, 9D, 75, 00, 00, ...] .text C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe[4792] C:\Windows\system32\KERNELBASE.dll!CreateMutexW 000007fefd108b80 12 bytes [48, B8, 79, 4B, 9D, 75, 00, ...] .text C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe[4792] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd109940 12 bytes [48, B8, B9, C0, 9D, 75, 00, ...] .text C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe[4792] C:\Windows\system32\KERNELBASE.dll!FreeLibrary + 1 000007fefd109fb1 11 bytes [B8, 79, C2, 9D, 75, 00, 00, ...] .text C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe[4792] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExA + 1 000007fefd10bbb1 11 bytes [B8, F9, BE, 9D, 75, 00, 00, ...] .text C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe[4792] C:\Windows\system32\KERNELBASE.dll!OpenMutexW + 1 000007fefd1129c1 11 bytes [B8, B9, 49, 9D, 75, 00, 00, ...] .text C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe[4792] C:\Windows\system32\KERNELBASE.dll!WriteProcessMemory 000007fefd134320 12 bytes [48, B8, 79, 3D, 9D, 75, 00, ...] .text C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe[4792] C:\Windows\system32\KERNELBASE.dll!CreateRemoteThread + 1 000007fefd142841 8 bytes [B8, 39, 23, 9D, 75, 00, 00, ...] .text C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe[4792] C:\Windows\system32\KERNELBASE.dll!CreateRemoteThread + 10 000007fefd14284a 2 bytes [50, C3] .text C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe[4792] C:\Windows\system32\KERNELBASE.dll!CreateThread + 1 000007fefd142881 11 bytes [B8, B9, 3B, 9D, 75, 00, 00, ...] .text C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe[4792] C:\Windows\system32\WS2_32.dll!WSASend + 1 000007fefdeb13b1 11 bytes [B8, B9, B9, 9D, 75, 00, 00, ...] .text C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe[4792] C:\Windows\system32\WS2_32.dll!closesocket 000007fefdeb18e0 12 bytes [48, B8, F9, B7, 9D, 75, 00, ...] .text C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe[4792] C:\Windows\system32\WS2_32.dll!WSASocketW + 1 000007fefdeb1bd1 11 bytes [B8, 39, B6, 9D, 75, 00, 00, ...] .text C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe[4792] C:\Windows\system32\WS2_32.dll!WSARecv + 1 000007fefdeb2201 11 bytes [B8, B9, DC, 9D, 75, 00, 00, ...] .text C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe[4792] C:\Windows\system32\WS2_32.dll!GetAddrInfoW 000007fefdeb23c0 12 bytes [48, B8, 39, A1, 9D, 75, 00, ...] .text C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe[4792] C:\Windows\system32\WS2_32.dll!connect 000007fefdeb45c0 12 bytes [48, B8, 39, 62, 9D, 75, 00, ...] .text C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe[4792] C:\Windows\system32\WS2_32.dll!send + 1 000007fefdeb8001 11 bytes [B8, 79, B4, 9D, 75, 00, 00, ...] .text C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe[4792] C:\Windows\system32\WS2_32.dll!gethostbyname 000007fefdeb8df0 7 bytes [48, B8, F9, A2, 9D, 75, 00] .text C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe[4792] C:\Windows\system32\WS2_32.dll!gethostbyname + 9 000007fefdeb8df9 3 bytes [00, 50, C3] .text C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe[4792] C:\Windows\system32\WS2_32.dll!socket + 1 000007fefdebde91 11 bytes [B8, B9, D5, 9D, 75, 00, 00, ...] .text C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe[4792] C:\Windows\system32\WS2_32.dll!recv + 1 000007fefdebdf41 11 bytes [B8, F9, DA, 9D, 75, 00, 00, ...] .text C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe[4792] C:\Windows\system32\WS2_32.dll!WSAConnect + 1 000007fefdede0f1 11 bytes [B8, 39, D9, 9D, 75, 00, 00, ...] .text C:\Program Files\Elantech\ETDCtrl.exe[4916] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateProcessParametersEx + 1 0000000076f892a1 5 bytes [B8, F9, 63, 9D, 75] .text C:\Program Files\Elantech\ETDCtrl.exe[4916] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateProcessParametersEx + 7 0000000076f892a7 5 bytes [00, 00, 00, 50, C3] .text C:\Program Files\Elantech\ETDCtrl.exe[4916] C:\Windows\SYSTEM32\ntdll.dll!NtWriteFile 0000000076fa1390 6 bytes [48, B8, 79, EC, 9D, 75] .text C:\Program Files\Elantech\ETDCtrl.exe[4916] C:\Windows\SYSTEM32\ntdll.dll!NtWriteFile + 8 0000000076fa1398 4 bytes [00, 00, 50, C3] .text C:\Program Files\Elantech\ETDCtrl.exe[4916] C:\Windows\SYSTEM32\ntdll.dll!NtClose 0000000076fa1400 6 bytes [48, B8, 79, D0, 9D, 75] .text C:\Program Files\Elantech\ETDCtrl.exe[4916] C:\Windows\SYSTEM32\ntdll.dll!NtClose + 8 0000000076fa1408 4 bytes [00, 00, 50, C3] .text C:\Program Files\Elantech\ETDCtrl.exe[4916] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess 0000000076fa14d0 6 bytes [48, B8, 39, BD, 9D, 75] .text C:\Program Files\Elantech\ETDCtrl.exe[4916] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess + 8 0000000076fa14d8 4 bytes [00, 00, 50, C3] .text C:\Program Files\Elantech\ETDCtrl.exe[4916] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000076fa1570 6 bytes [48, B8, F9, 32, 9D, 75] .text C:\Program Files\Elantech\ETDCtrl.exe[4916] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess + 8 0000000076fa1578 4 bytes [00, 00, 50, C3] .text C:\Program Files\Elantech\ETDCtrl.exe[4916] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 0000000076fa1590 6 bytes [48, B8, 39, 1C, 9D, 75] .text C:\Program Files\Elantech\ETDCtrl.exe[4916] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection + 8 0000000076fa1598 4 bytes [00, 00, 50, C3] .text C:\Program Files\Elantech\ETDCtrl.exe[4916] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection 0000000076fa15b0 6 bytes [48, B8, F9, 1D, 9D, 75] .text C:\Program Files\Elantech\ETDCtrl.exe[4916] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection + 8 0000000076fa15b8 4 bytes [00, 00, 50, C3] .text C:\Program Files\Elantech\ETDCtrl.exe[4916] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076fa15d0 6 bytes [48, B8, 79, BB, 9D, 75] .text C:\Program Files\Elantech\ETDCtrl.exe[4916] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess + 8 0000000076fa15d8 4 bytes [00, 00, 50, C3] .text C:\Program Files\Elantech\ETDCtrl.exe[4916] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076fa1680 6 bytes [48, B8, F9, E8, 9D, 75] .text C:\Program Files\Elantech\ETDCtrl.exe[4916] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection + 8 0000000076fa1688 4 bytes [00, 00, 50, C3] .text C:\Program Files\Elantech\ETDCtrl.exe[4916] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076fa16b0 6 bytes [48, B8, 79, 2F, 9D, 75] .text C:\Program Files\Elantech\ETDCtrl.exe[4916] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory + 8 0000000076fa16b8 4 bytes [00, 00, 50, C3] .text C:\Program Files\Elantech\ETDCtrl.exe[4916] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000076fa16d0 6 bytes [48, B8, 79, 36, 9D, 75] .text C:\Program Files\Elantech\ETDCtrl.exe[4916] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject + 8 0000000076fa16d8 4 bytes [00, 00, 50, C3] .text C:\Program Files\Elantech\ETDCtrl.exe[4916] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 0000000076fa1760 6 bytes [48, B8, B9, 34, 9D, 75] .text C:\Program Files\Elantech\ETDCtrl.exe[4916] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread + 8 0000000076fa1768 4 bytes [00, 00, 50, C3] .text C:\Program Files\Elantech\ETDCtrl.exe[4916] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076fa17b0 6 bytes [48, B8, 39, EE, 9D, 75] .text C:\Program Files\Elantech\ETDCtrl.exe[4916] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection + 8 0000000076fa17b8 4 bytes [00, 00, 50, C3] .text C:\Program Files\Elantech\ETDCtrl.exe[4916] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcessEx 0000000076fa17e0 6 bytes [48, B8, 39, 2A, 9D, 75] .text C:\Program Files\Elantech\ETDCtrl.exe[4916] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcessEx + 8 0000000076fa17e8 4 bytes [00, 00, 50, C3] .text C:\Program Files\Elantech\ETDCtrl.exe[4916] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076fa17f0 6 bytes [48, B8, B9, 26, 9D, 75] .text C:\Program Files\Elantech\ETDCtrl.exe[4916] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread + 8 0000000076fa17f8 4 bytes [00, 00, 50, C3] .text C:\Program Files\Elantech\ETDCtrl.exe[4916] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 0000000076fa1860 6 bytes [48, B8, B9, EA, 9D, 75] .text C:\Program Files\Elantech\ETDCtrl.exe[4916] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile + 8 0000000076fa1868 4 bytes [00, 00, 50, C3] .text C:\Program Files\Elantech\ETDCtrl.exe[4916] C:\Windows\SYSTEM32\ntdll.dll!NtSetValueKey 0000000076fa1910 6 bytes [48, B8, B9, F1, 9D, 75] .text C:\Program Files\Elantech\ETDCtrl.exe[4916] C:\Windows\SYSTEM32\ntdll.dll!NtSetValueKey + 8 0000000076fa1918 4 bytes [00, 00, 50, C3] .text C:\Program Files\Elantech\ETDCtrl.exe[4916] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076fa1ce0 6 bytes [48, B8, 39, E7, 9D, 75] .text C:\Program Files\Elantech\ETDCtrl.exe[4916] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant + 8 0000000076fa1ce8 4 bytes [00, 00, 50, C3] .text C:\Program Files\Elantech\ETDCtrl.exe[4916] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcess 0000000076fa1d30 6 bytes [48, B8, 79, 28, 9D, 75] .text C:\Program Files\Elantech\ETDCtrl.exe[4916] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcess + 8 0000000076fa1d38 4 bytes [00, 00, 50, C3] .text C:\Program Files\Elantech\ETDCtrl.exe[4916] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076fa1d90 6 bytes [48, B8, F9, 24, 9D, 75] .text C:\Program Files\Elantech\ETDCtrl.exe[4916] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx + 8 0000000076fa1d98 4 bytes [00, 00, 50, C3] .text C:\Program Files\Elantech\ETDCtrl.exe[4916] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076fa2100 6 bytes [48, B8, 39, D2, 9D, 75] .text C:\Program Files\Elantech\ETDCtrl.exe[4916] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver + 8 0000000076fa2108 4 bytes [00, 00, 50, C3] .text C:\Program Files\Elantech\ETDCtrl.exe[4916] C:\Windows\SYSTEM32\ntdll.dll!NtRaiseHardError 0000000076fa2640 6 bytes [48, B8, 39, 7E, 9D, 75] .text C:\Program Files\Elantech\ETDCtrl.exe[4916] C:\Windows\SYSTEM32\ntdll.dll!NtRaiseHardError + 8 0000000076fa2648 4 bytes [00, 00, 50, C3] .text C:\Program Files\Elantech\ETDCtrl.exe[4916] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076fa2840 6 bytes [48, B8, 39, 31, 9D, 75] .text C:\Program Files\Elantech\ETDCtrl.exe[4916] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread + 8 0000000076fa2848 4 bytes [00, 00, 50, C3] .text C:\Program Files\Elantech\ETDCtrl.exe[4916] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000076fa2a00 6 bytes [48, B8, F9, D3, 9D, 75] .text C:\Program Files\Elantech\ETDCtrl.exe[4916] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation + 8 0000000076fa2a08 4 bytes [00, 00, 50, C3] .text C:\Program Files\Elantech\ETDCtrl.exe[4916] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076fa2b00 6 bytes [48, B8, F9, EF, 9D, 75] .text C:\Program Files\Elantech\ETDCtrl.exe[4916] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl + 8 0000000076fa2b08 4 bytes [00, 00, 50, C3] .text C:\Program Files\Elantech\ETDCtrl.exe[4916] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000076fa2be0 6 bytes [48, B8, F9, E1, 9D, 75] .text C:\Program Files\Elantech\ETDCtrl.exe[4916] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl + 8 0000000076fa2be8 4 bytes [00, 00, 50, C3] .text C:\Program Files\Elantech\ETDCtrl.exe[4916] C:\Windows\SYSTEM32\ntdll.dll!RtlReportException + 1 00000000770131f1 11 bytes [B8, F9, 7F, 9D, 75, 00, 00, ...] .text C:\Program Files\Elantech\ETDCtrl.exe[4916] C:\Windows\system32\kernel32.dll!Process32NextW + 1 0000000076e320f1 11 bytes [B8, B9, CE, 9D, 75, 00, 00, ...] .text C:\Program Files\Elantech\ETDCtrl.exe[4916] C:\Windows\system32\kernel32.dll!CreateToolhelp32Snapshot 0000000076e321e0 12 bytes [48, B8, F9, 39, 9D, 75, 00, ...] .text C:\Program Files\Elantech\ETDCtrl.exe[4916] C:\Windows\system32\kernel32.dll!CreateProcessInternalW 0000000076e4e750 12 bytes [48, B8, B9, 2D, 9D, 75, 00, ...] .text C:\Program Files\Elantech\ETDCtrl.exe[4916] C:\Windows\system32\kernel32.dll!GetStartupInfoA + 1 0000000076e51e31 11 bytes [B8, 39, E0, 9D, 75, 00, 00, ...] .text C:\Program Files\Elantech\ETDCtrl.exe[4916] C:\Windows\system32\kernel32.dll!ReadConsoleInputW + 1 0000000076e85011 11 bytes [B8, 79, 75, 9D, 75, 00, 00, ...] .text C:\Program Files\Elantech\ETDCtrl.exe[4916] C:\Windows\system32\kernel32.dll!ReadConsoleInputA + 1 0000000076e85031 11 bytes [B8, F9, 71, 9D, 75, 00, 00, ...] .text C:\Program Files\Elantech\ETDCtrl.exe[4916] C:\Windows\system32\kernel32.dll!ReadConsoleW 0000000076e9a560 12 bytes [48, B8, 79, 7C, 9D, 75, 00, ...] .text C:\Program Files\Elantech\ETDCtrl.exe[4916] C:\Windows\system32\kernel32.dll!ReadConsoleA 0000000076e9a670 12 bytes [48, B8, F9, 78, 9D, 75, 00, ...] .text C:\Program Files\Elantech\ETDCtrl.exe[4916] C:\Windows\system32\KERNELBASE.dll!CloseHandle + 1 000007fefd101861 11 bytes [B8, 39, 4D, 9D, 75, 00, 00, ...] .text C:\Program Files\Elantech\ETDCtrl.exe[4916] C:\Windows\system32\KERNELBASE.dll!GetProcAddress + 1 000007fefd1030f1 11 bytes [B8, 39, C4, 9D, 75, 00, 00, ...] .text C:\Program Files\Elantech\ETDCtrl.exe[4916] C:\Windows\system32\KERNELBASE.dll!CreateMutexW 000007fefd108b80 12 bytes [48, B8, 79, 4B, 9D, 75, 00, ...] .text C:\Program Files\Elantech\ETDCtrl.exe[4916] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd109940 12 bytes [48, B8, B9, C0, 9D, 75, 00, ...] .text C:\Program Files\Elantech\ETDCtrl.exe[4916] C:\Windows\system32\KERNELBASE.dll!FreeLibrary + 1 000007fefd109fb1 11 bytes [B8, 79, C2, 9D, 75, 00, 00, ...] .text C:\Program Files\Elantech\ETDCtrl.exe[4916] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExA + 1 000007fefd10bbb1 11 bytes [B8, F9, BE, 9D, 75, 00, 00, ...] .text C:\Program Files\Elantech\ETDCtrl.exe[4916] C:\Windows\system32\KERNELBASE.dll!OpenMutexW + 1 000007fefd1129c1 11 bytes [B8, B9, 49, 9D, 75, 00, 00, ...] .text C:\Program Files\Elantech\ETDCtrl.exe[4916] C:\Windows\system32\KERNELBASE.dll!WriteProcessMemory 000007fefd134320 12 bytes [48, B8, 79, 3D, 9D, 75, 00, ...] .text C:\Program Files\Elantech\ETDCtrl.exe[4916] C:\Windows\system32\KERNELBASE.dll!CreateRemoteThread + 1 000007fefd142841 8 bytes [B8, 39, 23, 9D, 75, 00, 00, ...] .text C:\Program Files\Elantech\ETDCtrl.exe[4916] C:\Windows\system32\KERNELBASE.dll!CreateRemoteThread + 10 000007fefd14284a 2 bytes [50, C3] .text C:\Program Files\Elantech\ETDCtrl.exe[4916] C:\Windows\system32\KERNELBASE.dll!CreateThread + 1 000007fefd142881 11 bytes [B8, B9, 3B, 9D, 75, 00, 00, ...] .text C:\Program Files\Elantech\ETDCtrl.exe[4916] C:\Windows\SYSTEM32\sechost.dll!ControlService + 1 000007fefd27642d 11 bytes [B8, F9, 55, 9D, 75, 00, 00, ...] .text C:\Program Files\Elantech\ETDCtrl.exe[4916] C:\Windows\SYSTEM32\sechost.dll!OpenServiceW 000007fefd276484 12 bytes [48, B8, B9, 50, 9D, 75, 00, ...] .text C:\Program Files\Elantech\ETDCtrl.exe[4916] C:\Windows\SYSTEM32\sechost.dll!CloseServiceHandle + 1 000007fefd276519 11 bytes [B8, F9, 5C, 9D, 75, 00, 00, ...] .text C:\Program Files\Elantech\ETDCtrl.exe[4916] C:\Windows\SYSTEM32\sechost.dll!OpenServiceA 000007fefd276c34 12 bytes [48, B8, F9, 4E, 9D, 75, 00, ...] .text C:\Program Files\Elantech\ETDCtrl.exe[4916] C:\Windows\SYSTEM32\sechost.dll!DeleteService + 1 000007fefd277ab5 11 bytes [B8, B9, 57, 9D, 75, 00, 00, ...] .text C:\Program Files\Elantech\ETDCtrl.exe[4916] C:\Windows\SYSTEM32\sechost.dll!ControlServiceExA + 1 000007fefd278b01 11 bytes [B8, 79, 52, 9D, 75, 00, 00, ...] .text C:\Program Files\Elantech\ETDCtrl.exe[4916] C:\Windows\SYSTEM32\sechost.dll!ControlServiceExW + 1 000007fefd278c39 11 bytes [B8, 39, 54, 9D, 75, 00, 00, ...] .text C:\Program Files\Elantech\ETDCtrl.exe[4916] C:\Windows\system32\urlmon.dll!URLDownloadToFileW + 1 000007fefd329959 11 bytes [B8, B9, 5E, 9D, 75, 00, 00, ...] .text C:\Program Files\Elantech\ETDCtrl.exe[4916] C:\Windows\system32\urlmon.dll!URLDownloadToCacheFileW 000007fefd329a38 12 bytes [48, B8, 79, 60, 9D, 75, 00, ...] .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[5044] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateProcessParametersEx + 1 0000000076f892a1 5 bytes [B8, F9, 63, 9D, 75] .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[5044] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateProcessParametersEx + 7 0000000076f892a7 5 bytes [00, 00, 00, 50, C3] .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[5044] C:\Windows\SYSTEM32\ntdll.dll!NtWriteFile 0000000076fa1390 6 bytes [48, B8, 79, EC, 9D, 75] .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[5044] C:\Windows\SYSTEM32\ntdll.dll!NtWriteFile + 8 0000000076fa1398 4 bytes [00, 00, 50, C3] .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[5044] C:\Windows\SYSTEM32\ntdll.dll!NtClose 0000000076fa1400 6 bytes [48, B8, 79, D0, 9D, 75] .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[5044] C:\Windows\SYSTEM32\ntdll.dll!NtClose + 8 0000000076fa1408 4 bytes [00, 00, 50, C3] .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[5044] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess 0000000076fa14d0 6 bytes [48, B8, 39, BD, 9D, 75] .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[5044] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess + 8 0000000076fa14d8 4 bytes [00, 00, 50, C3] .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[5044] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000076fa1570 6 bytes [48, B8, F9, 32, 9D, 75] .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[5044] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess + 8 0000000076fa1578 4 bytes [00, 00, 50, C3] .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[5044] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 0000000076fa1590 6 bytes [48, B8, 39, 1C, 9D, 75] .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[5044] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection + 8 0000000076fa1598 4 bytes [00, 00, 50, C3] .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[5044] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection 0000000076fa15b0 6 bytes [48, B8, F9, 1D, 9D, 75] .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[5044] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection + 8 0000000076fa15b8 4 bytes [00, 00, 50, C3] .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[5044] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076fa15d0 6 bytes [48, B8, 79, BB, 9D, 75] .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[5044] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess + 8 0000000076fa15d8 4 bytes [00, 00, 50, C3] .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[5044] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076fa1680 6 bytes [48, B8, F9, E8, 9D, 75] .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[5044] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection + 8 0000000076fa1688 4 bytes [00, 00, 50, C3] .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[5044] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076fa16b0 6 bytes [48, B8, 79, 2F, 9D, 75] .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[5044] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory + 8 0000000076fa16b8 4 bytes [00, 00, 50, C3] .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[5044] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000076fa16d0 6 bytes [48, B8, 79, 36, 9D, 75] .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[5044] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject + 8 0000000076fa16d8 4 bytes [00, 00, 50, C3] .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[5044] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 0000000076fa1760 6 bytes [48, B8, B9, 34, 9D, 75] .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[5044] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread + 8 0000000076fa1768 4 bytes [00, 00, 50, C3] .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[5044] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076fa17b0 6 bytes [48, B8, 39, EE, 9D, 75] .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[5044] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection + 8 0000000076fa17b8 4 bytes [00, 00, 50, C3] .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[5044] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcessEx 0000000076fa17e0 6 bytes [48, B8, 39, 2A, 9D, 75] .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[5044] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcessEx + 8 0000000076fa17e8 4 bytes [00, 00, 50, C3] .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[5044] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076fa17f0 6 bytes [48, B8, B9, 26, 9D, 75] .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[5044] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread + 8 0000000076fa17f8 4 bytes [00, 00, 50, C3] .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[5044] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 0000000076fa1860 6 bytes [48, B8, B9, EA, 9D, 75] .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[5044] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile + 8 0000000076fa1868 4 bytes [00, 00, 50, C3] .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[5044] C:\Windows\SYSTEM32\ntdll.dll!NtSetValueKey 0000000076fa1910 6 bytes [48, B8, B9, F1, 9D, 75] .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[5044] C:\Windows\SYSTEM32\ntdll.dll!NtSetValueKey + 8 0000000076fa1918 4 bytes [00, 00, 50, C3] .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[5044] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076fa1ce0 6 bytes [48, B8, 39, E7, 9D, 75] .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[5044] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant + 8 0000000076fa1ce8 4 bytes [00, 00, 50, C3] .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[5044] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcess 0000000076fa1d30 6 bytes [48, B8, 79, 28, 9D, 75] .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[5044] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcess + 8 0000000076fa1d38 4 bytes [00, 00, 50, C3] .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[5044] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076fa1d90 6 bytes [48, B8, F9, 24, 9D, 75] .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[5044] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx + 8 0000000076fa1d98 4 bytes [00, 00, 50, C3] .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[5044] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076fa2100 6 bytes [48, B8, 39, D2, 9D, 75] .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[5044] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver + 8 0000000076fa2108 4 bytes [00, 00, 50, C3] .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[5044] C:\Windows\SYSTEM32\ntdll.dll!NtRaiseHardError 0000000076fa2640 6 bytes [48, B8, 39, 7E, 9D, 75] .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[5044] C:\Windows\SYSTEM32\ntdll.dll!NtRaiseHardError + 8 0000000076fa2648 4 bytes [00, 00, 50, C3] .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[5044] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076fa2840 6 bytes [48, B8, 39, 31, 9D, 75] .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[5044] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread + 8 0000000076fa2848 4 bytes [00, 00, 50, C3] .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[5044] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000076fa2a00 6 bytes [48, B8, F9, D3, 9D, 75] .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[5044] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation + 8 0000000076fa2a08 4 bytes [00, 00, 50, C3] .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[5044] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076fa2b00 6 bytes [48, B8, F9, EF, 9D, 75] .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[5044] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl + 8 0000000076fa2b08 4 bytes [00, 00, 50, C3] .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[5044] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000076fa2be0 6 bytes [48, B8, F9, E1, 9D, 75] .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[5044] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl + 8 0000000076fa2be8 4 bytes [00, 00, 50, C3] .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[5044] C:\Windows\SYSTEM32\ntdll.dll!RtlReportException + 1 00000000770131f1 11 bytes [B8, F9, 7F, 9D, 75, 00, 00, ...] .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[5044] C:\Windows\system32\kernel32.dll!Process32NextW + 1 0000000076e320f1 11 bytes [B8, B9, CE, 9D, 75, 00, 00, ...] .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[5044] C:\Windows\system32\kernel32.dll!CreateToolhelp32Snapshot 0000000076e321e0 12 bytes [48, B8, F9, 39, 9D, 75, 00, ...] .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[5044] C:\Windows\system32\kernel32.dll!CreateProcessInternalW 0000000076e4e750 12 bytes [48, B8, B9, 2D, 9D, 75, 00, ...] .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[5044] C:\Windows\system32\kernel32.dll!GetStartupInfoA + 1 0000000076e51e31 11 bytes [B8, 39, E0, 9D, 75, 00, 00, ...] .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[5044] C:\Windows\system32\kernel32.dll!ReadConsoleInputW + 1 0000000076e85011 11 bytes [B8, 79, 75, 9D, 75, 00, 00, ...] .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[5044] C:\Windows\system32\kernel32.dll!ReadConsoleInputA + 1 0000000076e85031 11 bytes [B8, F9, 71, 9D, 75, 00, 00, ...] .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[5044] C:\Windows\system32\kernel32.dll!ReadConsoleW 0000000076e9a560 12 bytes [48, B8, 79, 7C, 9D, 75, 00, ...] .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[5044] C:\Windows\system32\kernel32.dll!ReadConsoleA 0000000076e9a670 12 bytes [48, B8, F9, 78, 9D, 75, 00, ...] .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[5044] C:\Windows\system32\KERNELBASE.dll!CloseHandle + 1 000007fefd101861 11 bytes [B8, 39, 4D, 9D, 75, 00, 00, ...] .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[5044] C:\Windows\system32\KERNELBASE.dll!GetProcAddress + 1 000007fefd1030f1 11 bytes [B8, 39, C4, 9D, 75, 00, 00, ...] .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[5044] C:\Windows\system32\KERNELBASE.dll!CreateMutexW 000007fefd108b80 12 bytes [48, B8, 79, 4B, 9D, 75, 00, ...] .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[5044] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd109940 12 bytes [48, B8, B9, C0, 9D, 75, 00, ...] .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[5044] C:\Windows\system32\KERNELBASE.dll!FreeLibrary + 1 000007fefd109fb1 11 bytes [B8, 79, C2, 9D, 75, 00, 00, ...] .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[5044] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExA + 1 000007fefd10bbb1 11 bytes [B8, F9, BE, 9D, 75, 00, 00, ...] .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[5044] C:\Windows\system32\KERNELBASE.dll!OpenMutexW + 1 000007fefd1129c1 11 bytes [B8, B9, 49, 9D, 75, 00, 00, ...] .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[5044] C:\Windows\system32\KERNELBASE.dll!WriteProcessMemory 000007fefd134320 12 bytes [48, B8, 79, 3D, 9D, 75, 00, ...] .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[5044] C:\Windows\system32\KERNELBASE.dll!CreateRemoteThread + 1 000007fefd142841 8 bytes [B8, 39, 23, 9D, 75, 00, 00, ...] .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[5044] C:\Windows\system32\KERNELBASE.dll!CreateRemoteThread + 10 000007fefd14284a 2 bytes [50, C3] .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[5044] C:\Windows\system32\KERNELBASE.dll!CreateThread + 1 000007fefd142881 11 bytes [B8, B9, 3B, 9D, 75, 00, 00, ...] .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[5044] C:\Windows\SYSTEM32\sechost.dll!ControlService + 1 000007fefd27642d 11 bytes [B8, F9, 55, 9D, 75, 00, 00, ...] .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[5044] C:\Windows\SYSTEM32\sechost.dll!OpenServiceW 000007fefd276484 12 bytes [48, B8, B9, 50, 9D, 75, 00, ...] .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[5044] C:\Windows\SYSTEM32\sechost.dll!CloseServiceHandle + 1 000007fefd276519 11 bytes [B8, F9, 5C, 9D, 75, 00, 00, ...] .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[5044] C:\Windows\SYSTEM32\sechost.dll!OpenServiceA 000007fefd276c34 12 bytes [48, B8, F9, 4E, 9D, 75, 00, ...] .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[5044] C:\Windows\SYSTEM32\sechost.dll!DeleteService + 1 000007fefd277ab5 11 bytes [B8, B9, 57, 9D, 75, 00, 00, ...] .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[5044] C:\Windows\SYSTEM32\sechost.dll!ControlServiceExA + 1 000007fefd278b01 11 bytes [B8, 79, 52, 9D, 75, 00, 00, ...] .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[5044] C:\Windows\SYSTEM32\sechost.dll!ControlServiceExW + 1 000007fefd278c39 11 bytes [B8, 39, 54, 9D, 75, 00, 00, ...] .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[5044] C:\Windows\system32\OPENGL32.dll!wglMakeCurrent 000007feef4354b0 12 bytes [48, B8, B9, 96, 9D, 75, 00, ...] .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[4468] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateProcessParametersEx + 1 0000000076f892a1 5 bytes [B8, F9, 63, 9D, 75] .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[4468] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateProcessParametersEx + 7 0000000076f892a7 5 bytes [00, 00, 00, 50, C3] .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[4468] C:\Windows\SYSTEM32\ntdll.dll!NtWriteFile 0000000076fa1390 6 bytes [48, B8, 79, EC, 9D, 75] .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[4468] C:\Windows\SYSTEM32\ntdll.dll!NtWriteFile + 8 0000000076fa1398 4 bytes [00, 00, 50, C3] .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[4468] C:\Windows\SYSTEM32\ntdll.dll!NtClose 0000000076fa1400 6 bytes [48, B8, 79, D0, 9D, 75] .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[4468] C:\Windows\SYSTEM32\ntdll.dll!NtClose + 8 0000000076fa1408 4 bytes [00, 00, 50, C3] .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[4468] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess 0000000076fa14d0 6 bytes [48, B8, 39, BD, 9D, 75] .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[4468] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess + 8 0000000076fa14d8 4 bytes [00, 00, 50, C3] .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[4468] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000076fa1570 6 bytes [48, B8, F9, 32, 9D, 75] .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[4468] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess + 8 0000000076fa1578 4 bytes [00, 00, 50, C3] .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[4468] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 0000000076fa1590 6 bytes [48, B8, 39, 1C, 9D, 75] .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[4468] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection + 8 0000000076fa1598 4 bytes [00, 00, 50, C3] .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[4468] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection 0000000076fa15b0 6 bytes [48, B8, F9, 1D, 9D, 75] .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[4468] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection + 8 0000000076fa15b8 4 bytes [00, 00, 50, C3] .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[4468] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076fa15d0 6 bytes [48, B8, 79, BB, 9D, 75] .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[4468] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess + 8 0000000076fa15d8 4 bytes [00, 00, 50, C3] .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[4468] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076fa1680 6 bytes [48, B8, F9, E8, 9D, 75] .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[4468] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection + 8 0000000076fa1688 4 bytes [00, 00, 50, C3] .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[4468] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076fa16b0 6 bytes [48, B8, 79, 2F, 9D, 75] .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[4468] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory + 8 0000000076fa16b8 4 bytes [00, 00, 50, C3] .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[4468] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000076fa16d0 6 bytes [48, B8, 79, 36, 9D, 75] .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[4468] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject + 8 0000000076fa16d8 4 bytes [00, 00, 50, C3] .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[4468] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 0000000076fa1760 6 bytes [48, B8, B9, 34, 9D, 75] .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[4468] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread + 8 0000000076fa1768 4 bytes [00, 00, 50, C3] .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[4468] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076fa17b0 6 bytes [48, B8, 39, EE, 9D, 75] .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[4468] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection + 8 0000000076fa17b8 4 bytes [00, 00, 50, C3] .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[4468] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcessEx 0000000076fa17e0 6 bytes [48, B8, 39, 2A, 9D, 75] .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[4468] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcessEx + 8 0000000076fa17e8 4 bytes [00, 00, 50, C3] .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[4468] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076fa17f0 6 bytes [48, B8, B9, 26, 9D, 75] .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[4468] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread + 8 0000000076fa17f8 4 bytes [00, 00, 50, C3] .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[4468] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 0000000076fa1860 6 bytes [48, B8, B9, EA, 9D, 75] .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[4468] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile + 8 0000000076fa1868 4 bytes [00, 00, 50, C3] .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[4468] C:\Windows\SYSTEM32\ntdll.dll!NtSetValueKey 0000000076fa1910 6 bytes [48, B8, B9, F1, 9D, 75] .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[4468] C:\Windows\SYSTEM32\ntdll.dll!NtSetValueKey + 8 0000000076fa1918 4 bytes [00, 00, 50, C3] .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[4468] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076fa1ce0 6 bytes [48, B8, 39, E7, 9D, 75] .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[4468] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant + 8 0000000076fa1ce8 4 bytes [00, 00, 50, C3] .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[4468] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcess 0000000076fa1d30 6 bytes [48, B8, 79, 28, 9D, 75] .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[4468] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcess + 8 0000000076fa1d38 4 bytes [00, 00, 50, C3] .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[4468] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076fa1d90 6 bytes [48, B8, F9, 24, 9D, 75] .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[4468] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx + 8 0000000076fa1d98 4 bytes [00, 00, 50, C3] .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[4468] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076fa2100 6 bytes [48, B8, 39, D2, 9D, 75] .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[4468] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver + 8 0000000076fa2108 4 bytes [00, 00, 50, C3] .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[4468] C:\Windows\SYSTEM32\ntdll.dll!NtRaiseHardError 0000000076fa2640 6 bytes [48, B8, 39, 7E, 9D, 75] .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[4468] C:\Windows\SYSTEM32\ntdll.dll!NtRaiseHardError + 8 0000000076fa2648 4 bytes [00, 00, 50, C3] .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[4468] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076fa2840 6 bytes [48, B8, 39, 31, 9D, 75] .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[4468] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread + 8 0000000076fa2848 4 bytes [00, 00, 50, C3] .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[4468] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000076fa2a00 6 bytes [48, B8, F9, D3, 9D, 75] .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[4468] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation + 8 0000000076fa2a08 4 bytes [00, 00, 50, C3] .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[4468] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076fa2b00 6 bytes [48, B8, F9, EF, 9D, 75] .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[4468] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl + 8 0000000076fa2b08 4 bytes [00, 00, 50, C3] .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[4468] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000076fa2be0 6 bytes [48, B8, F9, E1, 9D, 75] .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[4468] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl + 8 0000000076fa2be8 4 bytes [00, 00, 50, C3] .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[4468] C:\Windows\SYSTEM32\ntdll.dll!RtlReportException + 1 00000000770131f1 11 bytes [B8, F9, 7F, 9D, 75, 00, 00, ...] .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[4468] C:\Windows\system32\kernel32.dll!Process32NextW + 1 0000000076e320f1 11 bytes [B8, B9, CE, 9D, 75, 00, 00, ...] .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[4468] C:\Windows\system32\kernel32.dll!CreateToolhelp32Snapshot 0000000076e321e0 12 bytes [48, B8, F9, 39, 9D, 75, 00, ...] .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[4468] C:\Windows\system32\kernel32.dll!CreateProcessInternalW 0000000076e4e750 12 bytes [48, B8, B9, 2D, 9D, 75, 00, ...] .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[4468] C:\Windows\system32\kernel32.dll!GetStartupInfoA + 1 0000000076e51e31 11 bytes [B8, 39, E0, 9D, 75, 00, 00, ...] .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[4468] C:\Windows\system32\kernel32.dll!ReadConsoleInputW + 1 0000000076e85011 11 bytes [B8, 79, 75, 9D, 75, 00, 00, ...] .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[4468] C:\Windows\system32\kernel32.dll!ReadConsoleInputA + 1 0000000076e85031 11 bytes [B8, F9, 71, 9D, 75, 00, 00, ...] .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[4468] C:\Windows\system32\kernel32.dll!ReadConsoleW 0000000076e9a560 12 bytes [48, B8, 79, 7C, 9D, 75, 00, ...] .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[4468] C:\Windows\system32\kernel32.dll!ReadConsoleA 0000000076e9a670 12 bytes [48, B8, F9, 78, 9D, 75, 00, ...] .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[4468] C:\Windows\system32\KERNELBASE.dll!CloseHandle + 1 000007fefd101861 11 bytes [B8, 39, 4D, 9D, 75, 00, 00, ...] .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[4468] C:\Windows\system32\KERNELBASE.dll!GetProcAddress + 1 000007fefd1030f1 11 bytes [B8, 39, C4, 9D, 75, 00, 00, ...] .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[4468] C:\Windows\system32\KERNELBASE.dll!CreateMutexW 000007fefd108b80 12 bytes [48, B8, 79, 4B, 9D, 75, 00, ...] .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[4468] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd109940 12 bytes [48, B8, B9, C0, 9D, 75, 00, ...] .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[4468] C:\Windows\system32\KERNELBASE.dll!FreeLibrary + 1 000007fefd109fb1 11 bytes [B8, 79, C2, 9D, 75, 00, 00, ...] .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[4468] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExA + 1 000007fefd10bbb1 11 bytes [B8, F9, BE, 9D, 75, 00, 00, ...] .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[4468] C:\Windows\system32\KERNELBASE.dll!OpenMutexW + 1 000007fefd1129c1 11 bytes [B8, B9, 49, 9D, 75, 00, 00, ...] .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[4468] C:\Windows\system32\KERNELBASE.dll!WriteProcessMemory 000007fefd134320 12 bytes [48, B8, 79, 3D, 9D, 75, 00, ...] .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[4468] C:\Windows\system32\KERNELBASE.dll!CreateRemoteThread + 1 000007fefd142841 8 bytes [B8, 39, 23, 9D, 75, 00, 00, ...] .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[4468] C:\Windows\system32\KERNELBASE.dll!CreateRemoteThread + 10 000007fefd14284a 2 bytes [50, C3] .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[4468] C:\Windows\system32\KERNELBASE.dll!CreateThread + 1 000007fefd142881 11 bytes [B8, B9, 3B, 9D, 75, 00, 00, ...] .text C:\Program Files\WapSter\WapSter AQQ\AQQ.exe[5084] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateProcessParametersEx + 1 0000000076f892a1 5 bytes [B8, F9, 63, 9D, 75] .text C:\Program Files\WapSter\WapSter AQQ\AQQ.exe[5084] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateProcessParametersEx + 7 0000000076f892a7 5 bytes [00, 00, 00, 50, C3] .text C:\Program Files\WapSter\WapSter AQQ\AQQ.exe[5084] C:\Windows\SYSTEM32\ntdll.dll!NtWriteFile 0000000076fa1390 6 bytes [48, B8, 79, EC, 9D, 75] .text C:\Program Files\WapSter\WapSter AQQ\AQQ.exe[5084] C:\Windows\SYSTEM32\ntdll.dll!NtWriteFile + 8 0000000076fa1398 4 bytes [00, 00, 50, C3] .text C:\Program Files\WapSter\WapSter AQQ\AQQ.exe[5084] C:\Windows\SYSTEM32\ntdll.dll!NtClose 0000000076fa1400 6 bytes [48, B8, 79, D0, 9D, 75] .text C:\Program Files\WapSter\WapSter AQQ\AQQ.exe[5084] C:\Windows\SYSTEM32\ntdll.dll!NtClose + 8 0000000076fa1408 4 bytes [00, 00, 50, C3] .text C:\Program Files\WapSter\WapSter AQQ\AQQ.exe[5084] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess 0000000076fa14d0 6 bytes [48, B8, 39, BD, 9D, 75] .text C:\Program Files\WapSter\WapSter AQQ\AQQ.exe[5084] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess + 8 0000000076fa14d8 4 bytes [00, 00, 50, C3] .text C:\Program Files\WapSter\WapSter AQQ\AQQ.exe[5084] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000076fa1570 6 bytes [48, B8, F9, 32, 9D, 75] .text C:\Program Files\WapSter\WapSter AQQ\AQQ.exe[5084] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess + 8 0000000076fa1578 4 bytes [00, 00, 50, C3] .text C:\Program Files\WapSter\WapSter AQQ\AQQ.exe[5084] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 0000000076fa1590 6 bytes [48, B8, 39, 1C, 9D, 75] .text C:\Program Files\WapSter\WapSter AQQ\AQQ.exe[5084] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection + 8 0000000076fa1598 4 bytes [00, 00, 50, C3] .text C:\Program Files\WapSter\WapSter AQQ\AQQ.exe[5084] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection 0000000076fa15b0 6 bytes [48, B8, F9, 1D, 9D, 75] .text C:\Program Files\WapSter\WapSter AQQ\AQQ.exe[5084] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection + 8 0000000076fa15b8 4 bytes [00, 00, 50, C3] .text C:\Program Files\WapSter\WapSter AQQ\AQQ.exe[5084] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076fa15d0 6 bytes [48, B8, 79, BB, 9D, 75] .text C:\Program Files\WapSter\WapSter AQQ\AQQ.exe[5084] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess + 8 0000000076fa15d8 4 bytes [00, 00, 50, C3] .text C:\Program Files\WapSter\WapSter AQQ\AQQ.exe[5084] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076fa1680 6 bytes [48, B8, F9, E8, 9D, 75] .text C:\Program Files\WapSter\WapSter AQQ\AQQ.exe[5084] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection + 8 0000000076fa1688 4 bytes [00, 00, 50, C3] .text C:\Program Files\WapSter\WapSter AQQ\AQQ.exe[5084] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076fa16b0 6 bytes [48, B8, 79, 2F, 9D, 75] .text C:\Program Files\WapSter\WapSter AQQ\AQQ.exe[5084] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory + 8 0000000076fa16b8 4 bytes [00, 00, 50, C3] .text C:\Program Files\WapSter\WapSter AQQ\AQQ.exe[5084] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000076fa16d0 6 bytes [48, B8, 79, 36, 9D, 75] .text C:\Program Files\WapSter\WapSter AQQ\AQQ.exe[5084] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject + 8 0000000076fa16d8 4 bytes [00, 00, 50, C3] .text C:\Program Files\WapSter\WapSter AQQ\AQQ.exe[5084] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 0000000076fa1760 6 bytes [48, B8, B9, 34, 9D, 75] .text C:\Program Files\WapSter\WapSter AQQ\AQQ.exe[5084] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread + 8 0000000076fa1768 4 bytes [00, 00, 50, C3] .text C:\Program Files\WapSter\WapSter AQQ\AQQ.exe[5084] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076fa17b0 6 bytes [48, B8, 39, EE, 9D, 75] .text C:\Program Files\WapSter\WapSter AQQ\AQQ.exe[5084] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection + 8 0000000076fa17b8 4 bytes [00, 00, 50, C3] .text C:\Program Files\WapSter\WapSter AQQ\AQQ.exe[5084] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcessEx 0000000076fa17e0 6 bytes [48, B8, 39, 2A, 9D, 75] .text C:\Program Files\WapSter\WapSter AQQ\AQQ.exe[5084] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcessEx + 8 0000000076fa17e8 4 bytes [00, 00, 50, C3] .text C:\Program Files\WapSter\WapSter AQQ\AQQ.exe[5084] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076fa17f0 6 bytes [48, B8, B9, 26, 9D, 75] .text C:\Program Files\WapSter\WapSter AQQ\AQQ.exe[5084] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread + 8 0000000076fa17f8 4 bytes [00, 00, 50, C3] .text C:\Program Files\WapSter\WapSter AQQ\AQQ.exe[5084] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 0000000076fa1860 6 bytes [48, B8, B9, EA, 9D, 75] .text C:\Program Files\WapSter\WapSter AQQ\AQQ.exe[5084] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile + 8 0000000076fa1868 4 bytes [00, 00, 50, C3] .text C:\Program Files\WapSter\WapSter AQQ\AQQ.exe[5084] C:\Windows\SYSTEM32\ntdll.dll!NtSetValueKey 0000000076fa1910 6 bytes [48, B8, B9, F1, 9D, 75] .text C:\Program Files\WapSter\WapSter AQQ\AQQ.exe[5084] C:\Windows\SYSTEM32\ntdll.dll!NtSetValueKey + 8 0000000076fa1918 4 bytes [00, 00, 50, C3] .text C:\Program Files\WapSter\WapSter AQQ\AQQ.exe[5084] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076fa1ce0 6 bytes [48, B8, 39, E7, 9D, 75] .text C:\Program Files\WapSter\WapSter AQQ\AQQ.exe[5084] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant + 8 0000000076fa1ce8 4 bytes [00, 00, 50, C3] .text C:\Program Files\WapSter\WapSter AQQ\AQQ.exe[5084] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcess 0000000076fa1d30 6 bytes [48, B8, 79, 28, 9D, 75] .text C:\Program Files\WapSter\WapSter AQQ\AQQ.exe[5084] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcess + 8 0000000076fa1d38 4 bytes [00, 00, 50, C3] .text C:\Program Files\WapSter\WapSter AQQ\AQQ.exe[5084] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076fa1d90 6 bytes [48, B8, F9, 24, 9D, 75] .text C:\Program Files\WapSter\WapSter AQQ\AQQ.exe[5084] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx + 8 0000000076fa1d98 4 bytes [00, 00, 50, C3] .text C:\Program Files\WapSter\WapSter AQQ\AQQ.exe[5084] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076fa2100 6 bytes [48, B8, 39, D2, 9D, 75] .text C:\Program Files\WapSter\WapSter AQQ\AQQ.exe[5084] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver + 8 0000000076fa2108 4 bytes [00, 00, 50, C3] .text C:\Program Files\WapSter\WapSter AQQ\AQQ.exe[5084] C:\Windows\SYSTEM32\ntdll.dll!NtRaiseHardError 0000000076fa2640 6 bytes [48, B8, 39, 7E, 9D, 75] .text C:\Program Files\WapSter\WapSter AQQ\AQQ.exe[5084] C:\Windows\SYSTEM32\ntdll.dll!NtRaiseHardError + 8 0000000076fa2648 4 bytes [00, 00, 50, C3] .text C:\Program Files\WapSter\WapSter AQQ\AQQ.exe[5084] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076fa2840 6 bytes [48, B8, 39, 31, 9D, 75] .text C:\Program Files\WapSter\WapSter AQQ\AQQ.exe[5084] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread + 8 0000000076fa2848 4 bytes [00, 00, 50, C3] .text C:\Program Files\WapSter\WapSter AQQ\AQQ.exe[5084] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000076fa2a00 6 bytes [48, B8, F9, D3, 9D, 75] .text C:\Program Files\WapSter\WapSter AQQ\AQQ.exe[5084] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation + 8 0000000076fa2a08 4 bytes [00, 00, 50, C3] .text C:\Program Files\WapSter\WapSter AQQ\AQQ.exe[5084] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076fa2b00 6 bytes [48, B8, F9, EF, 9D, 75] .text C:\Program Files\WapSter\WapSter AQQ\AQQ.exe[5084] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl + 8 0000000076fa2b08 4 bytes [00, 00, 50, C3] .text C:\Program Files\WapSter\WapSter AQQ\AQQ.exe[5084] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000076fa2be0 6 bytes [48, B8, F9, E1, 9D, 75] .text C:\Program Files\WapSter\WapSter AQQ\AQQ.exe[5084] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl + 8 0000000076fa2be8 4 bytes [00, 00, 50, C3] .text C:\Program Files\WapSter\WapSter AQQ\AQQ.exe[5084] C:\Windows\SYSTEM32\ntdll.dll!RtlReportException + 1 00000000770131f1 11 bytes [B8, F9, 7F, 9D, 75, 00, 00, ...] .text C:\Program Files\WapSter\WapSter AQQ\AQQ.exe[5084] C:\Windows\system32\kernel32.dll!Process32NextW + 1 0000000076e320f1 11 bytes [B8, B9, CE, 9D, 75, 00, 00, ...] .text C:\Program Files\WapSter\WapSter AQQ\AQQ.exe[5084] C:\Windows\system32\kernel32.dll!CreateToolhelp32Snapshot 0000000076e321e0 12 bytes [48, B8, F9, 39, 9D, 75, 00, ...] .text C:\Program Files\WapSter\WapSter AQQ\AQQ.exe[5084] C:\Windows\system32\kernel32.dll!CreateProcessInternalW 0000000076e4e750 12 bytes [48, B8, B9, 2D, 9D, 75, 00, ...] .text C:\Program Files\WapSter\WapSter AQQ\AQQ.exe[5084] C:\Windows\system32\kernel32.dll!GetStartupInfoA + 1 0000000076e51e31 11 bytes [B8, 39, E0, 9D, 75, 00, 00, ...] .text C:\Program Files\WapSter\WapSter AQQ\AQQ.exe[5084] C:\Windows\system32\kernel32.dll!ReadConsoleInputW + 1 0000000076e85011 11 bytes [B8, 79, 75, 9D, 75, 00, 00, ...] .text C:\Program Files\WapSter\WapSter AQQ\AQQ.exe[5084] C:\Windows\system32\kernel32.dll!ReadConsoleInputA + 1 0000000076e85031 11 bytes [B8, F9, 71, 9D, 75, 00, 00, ...] .text C:\Program Files\WapSter\WapSter AQQ\AQQ.exe[5084] C:\Windows\system32\kernel32.dll!ReadConsoleW 0000000076e9a560 12 bytes [48, B8, 79, 7C, 9D, 75, 00, ...] .text C:\Program Files\WapSter\WapSter AQQ\AQQ.exe[5084] C:\Windows\system32\kernel32.dll!ReadConsoleA 0000000076e9a670 12 bytes [48, B8, F9, 78, 9D, 75, 00, ...] .text C:\Program Files\WapSter\WapSter AQQ\AQQ.exe[5084] C:\Windows\system32\KERNELBASE.dll!CloseHandle + 1 000007fefd101861 11 bytes [B8, 39, 4D, 9D, 75, 00, 00, ...] .text C:\Program Files\WapSter\WapSter AQQ\AQQ.exe[5084] C:\Windows\system32\KERNELBASE.dll!GetProcAddress + 1 000007fefd1030f1 11 bytes [B8, 39, C4, 9D, 75, 00, 00, ...] .text C:\Program Files\WapSter\WapSter AQQ\AQQ.exe[5084] C:\Windows\system32\KERNELBASE.dll!CreateMutexW 000007fefd108b80 12 bytes [48, B8, 79, 4B, 9D, 75, 00, ...] .text C:\Program Files\WapSter\WapSter AQQ\AQQ.exe[5084] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd109940 12 bytes [48, B8, B9, C0, 9D, 75, 00, ...] .text C:\Program Files\WapSter\WapSter AQQ\AQQ.exe[5084] C:\Windows\system32\KERNELBASE.dll!FreeLibrary + 1 000007fefd109fb1 11 bytes [B8, 79, C2, 9D, 75, 00, 00, ...] .text C:\Program Files\WapSter\WapSter AQQ\AQQ.exe[5084] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExA + 1 000007fefd10bbb1 11 bytes [B8, F9, BE, 9D, 75, 00, 00, ...] .text C:\Program Files\WapSter\WapSter AQQ\AQQ.exe[5084] C:\Windows\system32\KERNELBASE.dll!OpenMutexW + 1 000007fefd1129c1 11 bytes [B8, B9, 49, 9D, 75, 00, 00, ...] .text C:\Program Files\WapSter\WapSter AQQ\AQQ.exe[5084] C:\Windows\system32\KERNELBASE.dll!WriteProcessMemory 000007fefd134320 12 bytes [48, B8, 79, 3D, 9D, 75, 00, ...] .text C:\Program Files\WapSter\WapSter AQQ\AQQ.exe[5084] C:\Windows\system32\KERNELBASE.dll!CreateRemoteThread + 1 000007fefd142841 8 bytes [B8, 39, 23, 9D, 75, 00, 00, ...] .text C:\Program Files\WapSter\WapSter AQQ\AQQ.exe[5084] C:\Windows\system32\KERNELBASE.dll!CreateRemoteThread + 10 000007fefd14284a 2 bytes [50, C3] .text C:\Program Files\WapSter\WapSter AQQ\AQQ.exe[5084] C:\Windows\system32\KERNELBASE.dll!CreateThread + 1 000007fefd142881 11 bytes [B8, B9, 3B, 9D, 75, 00, 00, ...] .text C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe[4316] C:\Windows\SysWOW64\ntdll.dll!DbgBreakPoint 000000007714000c 1 byte [C3] .text C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe[4316] C:\Windows\SysWOW64\ntdll.dll!NtWriteFile 000000007714f908 5 bytes JMP 0000000173fa6661 .text C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe[4316] C:\Windows\SysWOW64\ntdll.dll!NtClose 000000007714f9c0 5 bytes JMP 0000000173fa5f11 .text C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe[4316] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationProcess 000000007714fb08 5 bytes JMP 0000000173fa5971 .text C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe[4316] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess 000000007714fc00 5 bytes JMP 0000000173fa3061 .text C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe[4316] C:\Windows\SysWOW64\ntdll.dll!NtMapViewOfSection 000000007714fc30 5 bytes JMP 0000000173fa15f1 .text C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe[4316] C:\Windows\SysWOW64\ntdll.dll!NtUnmapViewOfSection 000000007714fc60 5 bytes JMP 0000000173fa1681 .text C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe[4316] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 000000007714fc90 5 bytes JMP 0000000173fa58e1 .text C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe[4316] C:\Windows\SysWOW64\ntdll.dll!NtOpenSection 000000007714fda8 5 bytes JMP 0000000173fa65d1 .text C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe[4316] C:\Windows\SysWOW64\ntdll.dll!NtWriteVirtualMemory 000000007714fdf4 5 bytes JMP 0000000173fa2f41 .text C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe[4316] C:\Windows\SysWOW64\ntdll.dll!NtDuplicateObject 000000007714fe24 5 bytes JMP 0000000173fa3181 .text C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe[4316] C:\Windows\SysWOW64\ntdll.dll!NtQueueApcThread 000000007714ff04 5 bytes JMP 0000000173fa30f1 .text C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe[4316] C:\Windows\SysWOW64\ntdll.dll!NtCreateSection 000000007714ff84 5 bytes JMP 0000000173fa66f1 .text C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe[4316] C:\Windows\SysWOW64\ntdll.dll!NtCreateProcessEx 000000007714ffcc 5 bytes JMP 0000000173fa2d91 .text C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe[4316] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread 000000007714ffe4 5 bytes JMP 0000000173fa2c71 .text C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe[4316] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile 0000000077150094 5 bytes JMP 0000000173fa1e61 .text C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe[4316] C:\Windows\SysWOW64\ntdll.dll!NtSetValueKey 00000000771501a4 5 bytes JMP 0000000173fa2251 .text C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe[4316] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant 000000007715077c 5 bytes JMP 0000000173fa6541 .text C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe[4316] C:\Windows\SysWOW64\ntdll.dll!NtCreateProcess 00000000771507f4 5 bytes JMP 0000000173fa2d01 .text C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe[4316] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx 0000000077150884 5 bytes JMP 0000000173fa2be1 .text C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe[4316] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver 0000000077150dd4 5 bytes JMP 0000000173fa5fa1 .text C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe[4316] C:\Windows\SysWOW64\ntdll.dll!NtRaiseHardError 00000000771515e4 5 bytes JMP 0000000173fa4651 .text C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe[4316] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread 0000000077151900 5 bytes JMP 0000000173fa2fd1 .text C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe[4316] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation 0000000077151bc4 5 bytes JMP 0000000173fa6031 .text C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe[4316] C:\Windows\SysWOW64\ntdll.dll!NtSystemDebugControl 0000000077151d6c 5 bytes JMP 0000000173fa6781 .text C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe[4316] C:\Windows\SysWOW64\ntdll.dll!NtVdmControl 0000000077151ec8 5 bytes JMP 0000000173fa6391 .text C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe[4316] C:\Windows\SysWOW64\ntdll.dll!RtlQueryPerformanceCounter 00000000771688a4 5 bytes JMP 0000000173fa1a71 .text C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe[4316] C:\Windows\SysWOW64\ntdll.dll!RtlCreateProcessParametersEx 0000000077190cfb 5 bytes JMP 0000000173fa1f81 .text C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe[4316] C:\Windows\SysWOW64\ntdll.dll!DbgUiRemoteBreakin 00000000771cf85a 5 bytes JMP 000000017717d571 .text C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe[4316] C:\Windows\SysWOW64\ntdll.dll!RtlReportException 00000000771d857f 5 bytes JMP 0000000173fa46e1 .text C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe[4316] C:\Windows\SysWOW64\ntdll.dll!RtlCreateProcessParameters 00000000771de81b 5 bytes JMP 0000000173fa1ef1 .text C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe[4316] C:\Windows\syswow64\kernel32.dll!GetStartupInfoA 0000000075550e00 5 bytes JMP 0000000173fa1d41 .text C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe[4316] C:\Windows\syswow64\kernel32.dll!CreateProcessA 0000000075551072 5 bytes JMP 0000000173fa2911 .text C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe[4316] C:\Windows\syswow64\kernel32.dll!LoadLibraryA 00000000755549bf 5 bytes JMP 0000000173fa2521 .text C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe[4316] C:\Windows\syswow64\kernel32.dll!CreateProcessInternalW 0000000075563bdb 5 bytes JMP 0000000173fa2eb1 .text C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe[4316] C:\Windows\syswow64\kernel32.dll!CreateToolhelp32Snapshot 0000000075577347 5 bytes JMP 0000000173fa2641 .text C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe[4316] C:\Windows\syswow64\kernel32.dll!Process32NextW 0000000075578954 5 bytes JMP 0000000173fa5e81 .text C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe[4316] C:\Windows\syswow64\kernel32.dll!WinExec 00000000755d2c91 5 bytes JMP 0000000173fa27f1 .text C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe[4316] C:\Windows\syswow64\kernel32.dll!ReadConsoleInputA 00000000755f6f6b 5 bytes JMP 0000000173fa4261 .text C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe[4316] C:\Windows\syswow64\kernel32.dll!ReadConsoleInputW 00000000755f6f8e 5 bytes JMP 0000000173fa4381 .text C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe[4316] C:\Windows\syswow64\kernel32.dll!ReadConsoleA 00000000755f7339 5 bytes JMP 0000000173fa44a1 .text C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe[4316] C:\Windows\syswow64\kernel32.dll!ReadConsoleW 00000000755f73b2 5 bytes JMP 0000000173fa45c1 .text C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe[4316] C:\Windows\syswow64\KERNELBASE.dll!GetSystemTimeAsFileTime 0000000075bb8f7d 5 bytes JMP 0000000173fa19e1 .text C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe[4316] C:\Windows\syswow64\KERNELBASE.dll!CloseHandle 0000000075bbc428 5 bytes JMP 0000000173fa37b1 .text C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe[4316] C:\Windows\syswow64\KERNELBASE.dll!WriteProcessMemory 0000000075bbec98 5 bytes JMP 0000000173fa32a1 .text C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe[4316] C:\Windows\syswow64\KERNELBASE.dll!ExitProcess 0000000075bbf1f8 5 bytes JMP 0000000173fa22e1 .text C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe[4316] C:\Windows\syswow64\KERNELBASE.dll!GetStartupInfoW 0000000075bbfa7b 5 bytes JMP 0000000173fa1dd1 .text C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe[4316] C:\Windows\syswow64\KERNELBASE.dll!CreateMutexW 0000000075bc134a 5 bytes JMP 0000000173fa3721 .text C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe[4316] C:\Windows\syswow64\KERNELBASE.dll!OpenMutexW 0000000075bc1371 5 bytes JMP 0000000173fa3691 .text C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe[4316] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000075bc1d1b 5 bytes JMP 0000000173fa1951 .text C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe[4316] C:\Windows\syswow64\KERNELBASE.dll!GetProcAddress 0000000075bc1e07 5 bytes JMP 0000000173fa2401 .text C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe[4316] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000075bc2aa4 5 bytes JMP 0000000173fa5a91 .text C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe[4316] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExA 0000000075bc2ccc 5 bytes JMP 0000000173fa5a01 .text C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe[4316] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000075bc2d0a 5 bytes JMP 0000000173fa5b21 .text C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe[4316] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleA 0000000075bc2e6d 5 bytes JMP 0000000173fa18c1 .text C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe[4316] C:\Windows\syswow64\KERNELBASE.dll!SleepEx 0000000075bc3b63 5 bytes JMP 0000000173fa21c1 .text C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe[4316] C:\Windows\syswow64\KERNELBASE.dll!Sleep 0000000075bc4489 5 bytes JMP 0000000173fa2371 .text C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe[4316] C:\Windows\syswow64\KERNELBASE.dll!CreateThread 0000000075bc45fb 5 bytes JMP 0000000173fa3211 .text C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe[4316] C:\Windows\syswow64\KERNELBASE.dll!CreateRemoteThread 0000000075bc4624 5 bytes JMP 0000000173fa2b51 .text C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe[4316] C:\Windows\syswow64\KERNELBASE.dll!CreateFileA 0000000075bcc72c 5 bytes JMP 0000000173fa26d1 .text C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe[4316] C:\Windows\syswow64\ADVAPI32.dll!OpenServiceW 000000007604ca4c 5 bytes JMP 0000000173fa38d1 .text C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe[4316] C:\Windows\syswow64\ADVAPI32.dll!OpenServiceA 0000000076052bf0 5 bytes JMP 0000000173fa3841 .text C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe[4316] C:\Windows\syswow64\ADVAPI32.dll!CloseServiceHandle 000000007605369c 5 bytes JMP 0000000173fa3cc1 .text C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe[4316] C:\Windows\syswow64\ADVAPI32.dll!RegOpenKeyExA + 222 00000000760549e5 5 bytes JMP 0000000173fa6811 .text C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe[4316] C:\Windows\syswow64\ADVAPI32.dll!CreateServiceW 000000007606712c 5 bytes JMP 0000000173fa3f01 .text C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe[4316] C:\Windows\syswow64\ADVAPI32.dll!ControlService 0000000076067144 5 bytes JMP 0000000173fa3a81 .text C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe[4316] C:\Windows\syswow64\ADVAPI32.dll!DeleteService 000000007606715c 5 bytes JMP 0000000173fa3b11 .text C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe[4316] C:\Windows\syswow64\ADVAPI32.dll!ChangeServiceConfigA 00000000760830e8 5 bytes JMP 0000000173fa3ba1 .text C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe[4316] C:\Windows\syswow64\ADVAPI32.dll!ChangeServiceConfigW 00000000760830f8 5 bytes JMP 0000000173fa3c31 .text C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe[4316] C:\Windows\syswow64\ADVAPI32.dll!ControlServiceExA 0000000076083108 5 bytes JMP 0000000173fa3961 .text C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe[4316] C:\Windows\syswow64\ADVAPI32.dll!ControlServiceExW 0000000076083118 5 bytes JMP 0000000173fa39f1 .text C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe[4316] C:\Windows\syswow64\ADVAPI32.dll!CreateServiceA 0000000076083158 5 bytes JMP 0000000173fa3e71 .text C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe[4316] C:\Windows\syswow64\SHELL32.dll!Shell_NotifyIconW 0000000076100171 5 bytes JMP 0000000173fa4891 .text C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe[4316] C:\Windows\syswow64\urlmon.dll!URLDownloadToCacheFileW 0000000075aa8fb0 5 bytes JMP 0000000173fa3d51 .text C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe[4316] C:\Windows\syswow64\urlmon.dll!URLDownloadToFileW 0000000075b06ade 5 bytes JMP 0000000173fa2131 .text C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe[4316] C:\Windows\syswow64\urlmon.dll!URLDownloadToFileA 0000000075b06cb8 5 bytes JMP 0000000173fa29a1 .text C:\Program Files\Windows Sidebar\sidebar.exe[5064] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateProcessParametersEx + 1 0000000076f892a1 5 bytes [B8, F9, 63, 9D, 75] .text C:\Program Files\Windows Sidebar\sidebar.exe[5064] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateProcessParametersEx + 7 0000000076f892a7 5 bytes [00, 00, 00, 50, C3] .text C:\Program Files\Windows Sidebar\sidebar.exe[5064] C:\Windows\SYSTEM32\ntdll.dll!NtWriteFile 0000000076fa1390 6 bytes [48, B8, 79, EC, 9D, 75] .text C:\Program Files\Windows Sidebar\sidebar.exe[5064] C:\Windows\SYSTEM32\ntdll.dll!NtWriteFile + 8 0000000076fa1398 4 bytes [00, 00, 50, C3] .text C:\Program Files\Windows Sidebar\sidebar.exe[5064] C:\Windows\SYSTEM32\ntdll.dll!NtClose 0000000076fa1400 6 bytes [48, B8, 79, D0, 9D, 75] .text C:\Program Files\Windows Sidebar\sidebar.exe[5064] C:\Windows\SYSTEM32\ntdll.dll!NtClose + 8 0000000076fa1408 4 bytes [00, 00, 50, C3] .text C:\Program Files\Windows Sidebar\sidebar.exe[5064] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess 0000000076fa14d0 6 bytes [48, B8, 39, BD, 9D, 75] .text C:\Program Files\Windows Sidebar\sidebar.exe[5064] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess + 8 0000000076fa14d8 4 bytes [00, 00, 50, C3] .text C:\Program Files\Windows Sidebar\sidebar.exe[5064] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000076fa1570 6 bytes [48, B8, F9, 32, 9D, 75] .text C:\Program Files\Windows Sidebar\sidebar.exe[5064] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess + 8 0000000076fa1578 4 bytes [00, 00, 50, C3] .text C:\Program Files\Windows Sidebar\sidebar.exe[5064] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 0000000076fa1590 6 bytes [48, B8, 39, 1C, 9D, 75] .text C:\Program Files\Windows Sidebar\sidebar.exe[5064] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection + 8 0000000076fa1598 4 bytes [00, 00, 50, C3] .text C:\Program Files\Windows Sidebar\sidebar.exe[5064] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection 0000000076fa15b0 6 bytes [48, B8, F9, 1D, 9D, 75] .text C:\Program Files\Windows Sidebar\sidebar.exe[5064] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection + 8 0000000076fa15b8 4 bytes [00, 00, 50, C3] .text C:\Program Files\Windows Sidebar\sidebar.exe[5064] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076fa15d0 6 bytes [48, B8, 79, BB, 9D, 75] .text C:\Program Files\Windows Sidebar\sidebar.exe[5064] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess + 8 0000000076fa15d8 4 bytes [00, 00, 50, C3] .text C:\Program Files\Windows Sidebar\sidebar.exe[5064] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076fa1680 6 bytes [48, B8, F9, E8, 9D, 75] .text C:\Program Files\Windows Sidebar\sidebar.exe[5064] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection + 8 0000000076fa1688 4 bytes [00, 00, 50, C3] .text C:\Program Files\Windows Sidebar\sidebar.exe[5064] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076fa16b0 6 bytes [48, B8, 79, 2F, 9D, 75] .text C:\Program Files\Windows Sidebar\sidebar.exe[5064] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory + 8 0000000076fa16b8 4 bytes [00, 00, 50, C3] .text C:\Program Files\Windows Sidebar\sidebar.exe[5064] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000076fa16d0 6 bytes [48, B8, 79, 36, 9D, 75] .text C:\Program Files\Windows Sidebar\sidebar.exe[5064] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject + 8 0000000076fa16d8 4 bytes [00, 00, 50, C3] .text C:\Program Files\Windows Sidebar\sidebar.exe[5064] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 0000000076fa1760 6 bytes [48, B8, B9, 34, 9D, 75] .text C:\Program Files\Windows Sidebar\sidebar.exe[5064] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread + 8 0000000076fa1768 4 bytes [00, 00, 50, C3] .text C:\Program Files\Windows Sidebar\sidebar.exe[5064] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076fa17b0 6 bytes [48, B8, 39, EE, 9D, 75] .text C:\Program Files\Windows Sidebar\sidebar.exe[5064] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection + 8 0000000076fa17b8 4 bytes [00, 00, 50, C3] .text C:\Program Files\Windows Sidebar\sidebar.exe[5064] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcessEx 0000000076fa17e0 6 bytes [48, B8, 39, 2A, 9D, 75] .text C:\Program Files\Windows Sidebar\sidebar.exe[5064] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcessEx + 8 0000000076fa17e8 4 bytes [00, 00, 50, C3] .text C:\Program Files\Windows Sidebar\sidebar.exe[5064] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076fa17f0 6 bytes [48, B8, B9, 26, 9D, 75] .text C:\Program Files\Windows Sidebar\sidebar.exe[5064] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread + 8 0000000076fa17f8 4 bytes [00, 00, 50, C3] .text C:\Program Files\Windows Sidebar\sidebar.exe[5064] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 0000000076fa1860 6 bytes [48, B8, B9, EA, 9D, 75] .text C:\Program Files\Windows Sidebar\sidebar.exe[5064] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile + 8 0000000076fa1868 4 bytes [00, 00, 50, C3] .text C:\Program Files\Windows Sidebar\sidebar.exe[5064] C:\Windows\SYSTEM32\ntdll.dll!NtSetValueKey 0000000076fa1910 6 bytes [48, B8, B9, F1, 9D, 75] .text C:\Program Files\Windows Sidebar\sidebar.exe[5064] C:\Windows\SYSTEM32\ntdll.dll!NtSetValueKey + 8 0000000076fa1918 4 bytes [00, 00, 50, C3] .text C:\Program Files\Windows Sidebar\sidebar.exe[5064] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076fa1ce0 6 bytes [48, B8, 39, E7, 9D, 75] .text C:\Program Files\Windows Sidebar\sidebar.exe[5064] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant + 8 0000000076fa1ce8 4 bytes [00, 00, 50, C3] .text C:\Program Files\Windows Sidebar\sidebar.exe[5064] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcess 0000000076fa1d30 6 bytes [48, B8, 79, 28, 9D, 75] .text C:\Program Files\Windows Sidebar\sidebar.exe[5064] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcess + 8 0000000076fa1d38 4 bytes [00, 00, 50, C3] .text C:\Program Files\Windows Sidebar\sidebar.exe[5064] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076fa1d90 6 bytes [48, B8, F9, 24, 9D, 75] .text C:\Program Files\Windows Sidebar\sidebar.exe[5064] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx + 8 0000000076fa1d98 4 bytes [00, 00, 50, C3] .text C:\Program Files\Windows Sidebar\sidebar.exe[5064] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076fa2100 6 bytes [48, B8, 39, D2, 9D, 75] .text C:\Program Files\Windows Sidebar\sidebar.exe[5064] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver + 8 0000000076fa2108 4 bytes [00, 00, 50, C3] .text C:\Program Files\Windows Sidebar\sidebar.exe[5064] C:\Windows\SYSTEM32\ntdll.dll!NtRaiseHardError 0000000076fa2640 6 bytes [48, B8, 39, 7E, 9D, 75] .text C:\Program Files\Windows Sidebar\sidebar.exe[5064] C:\Windows\SYSTEM32\ntdll.dll!NtRaiseHardError + 8 0000000076fa2648 4 bytes [00, 00, 50, C3] .text C:\Program Files\Windows Sidebar\sidebar.exe[5064] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076fa2840 6 bytes [48, B8, 39, 31, 9D, 75] .text C:\Program Files\Windows Sidebar\sidebar.exe[5064] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread + 8 0000000076fa2848 4 bytes [00, 00, 50, C3] .text C:\Program Files\Windows Sidebar\sidebar.exe[5064] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000076fa2a00 6 bytes [48, B8, F9, D3, 9D, 75] .text C:\Program Files\Windows Sidebar\sidebar.exe[5064] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation + 8 0000000076fa2a08 4 bytes [00, 00, 50, C3] .text C:\Program Files\Windows Sidebar\sidebar.exe[5064] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076fa2b00 6 bytes [48, B8, F9, EF, 9D, 75] .text C:\Program Files\Windows Sidebar\sidebar.exe[5064] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl + 8 0000000076fa2b08 4 bytes [00, 00, 50, C3] .text C:\Program Files\Windows Sidebar\sidebar.exe[5064] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000076fa2be0 6 bytes [48, B8, F9, E1, 9D, 75] .text C:\Program Files\Windows Sidebar\sidebar.exe[5064] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl + 8 0000000076fa2be8 4 bytes [00, 00, 50, C3] .text C:\Program Files\Windows Sidebar\sidebar.exe[5064] C:\Windows\SYSTEM32\ntdll.dll!RtlReportException + 1 00000000770131f1 11 bytes [B8, F9, 7F, 9D, 75, 00, 00, ...] .text C:\Program Files\Windows Sidebar\sidebar.exe[5064] C:\Windows\system32\kernel32.dll!Process32NextW + 1 0000000076e320f1 11 bytes [B8, B9, CE, 9D, 75, 00, 00, ...] .text C:\Program Files\Windows Sidebar\sidebar.exe[5064] C:\Windows\system32\kernel32.dll!CreateToolhelp32Snapshot 0000000076e321e0 12 bytes [48, B8, F9, 39, 9D, 75, 00, ...] .text C:\Program Files\Windows Sidebar\sidebar.exe[5064] C:\Windows\system32\kernel32.dll!CreateProcessInternalW 0000000076e4e750 12 bytes [48, B8, B9, 2D, 9D, 75, 00, ...] .text C:\Program Files\Windows Sidebar\sidebar.exe[5064] C:\Windows\system32\kernel32.dll!GetStartupInfoA + 1 0000000076e51e31 11 bytes [B8, 39, E0, 9D, 75, 00, 00, ...] .text C:\Program Files\Windows Sidebar\sidebar.exe[5064] C:\Windows\system32\kernel32.dll!ReadConsoleInputW + 1 0000000076e85011 11 bytes [B8, 79, 75, 9D, 75, 00, 00, ...] .text C:\Program Files\Windows Sidebar\sidebar.exe[5064] C:\Windows\system32\kernel32.dll!ReadConsoleInputA + 1 0000000076e85031 11 bytes [B8, F9, 71, 9D, 75, 00, 00, ...] .text C:\Program Files\Windows Sidebar\sidebar.exe[5064] C:\Windows\system32\kernel32.dll!ReadConsoleW 0000000076e9a560 12 bytes [48, B8, 79, 7C, 9D, 75, 00, ...] .text C:\Program Files\Windows Sidebar\sidebar.exe[5064] C:\Windows\system32\kernel32.dll!ReadConsoleA 0000000076e9a670 12 bytes [48, B8, F9, 78, 9D, 75, 00, ...] .text C:\Program Files\Windows Sidebar\sidebar.exe[5064] C:\Windows\system32\KERNELBASE.dll!CloseHandle + 1 000007fefd101861 11 bytes [B8, 39, 4D, 9D, 75, 00, 00, ...] .text C:\Program Files\Windows Sidebar\sidebar.exe[5064] C:\Windows\system32\KERNELBASE.dll!GetProcAddress + 1 000007fefd1030f1 11 bytes [B8, 39, C4, 9D, 75, 00, 00, ...] .text C:\Program Files\Windows Sidebar\sidebar.exe[5064] C:\Windows\system32\KERNELBASE.dll!CreateMutexW 000007fefd108b80 12 bytes [48, B8, 79, 4B, 9D, 75, 00, ...] .text C:\Program Files\Windows Sidebar\sidebar.exe[5064] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd109940 12 bytes [48, B8, B9, C0, 9D, 75, 00, ...] .text C:\Program Files\Windows Sidebar\sidebar.exe[5064] C:\Windows\system32\KERNELBASE.dll!FreeLibrary + 1 000007fefd109fb1 11 bytes [B8, 79, C2, 9D, 75, 00, 00, ...] .text C:\Program Files\Windows Sidebar\sidebar.exe[5064] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExA + 1 000007fefd10bbb1 11 bytes [B8, F9, BE, 9D, 75, 00, 00, ...] .text C:\Program Files\Windows Sidebar\sidebar.exe[5064] C:\Windows\system32\KERNELBASE.dll!OpenMutexW + 1 000007fefd1129c1 11 bytes [B8, B9, 49, 9D, 75, 00, 00, ...] .text C:\Program Files\Windows Sidebar\sidebar.exe[5064] C:\Windows\system32\KERNELBASE.dll!WriteProcessMemory 000007fefd134320 12 bytes [48, B8, 79, 3D, 9D, 75, 00, ...] .text C:\Program Files\Windows Sidebar\sidebar.exe[5064] C:\Windows\system32\KERNELBASE.dll!CreateRemoteThread + 1 000007fefd142841 8 bytes [B8, 39, 23, 9D, 75, 00, 00, ...] .text C:\Program Files\Windows Sidebar\sidebar.exe[5064] C:\Windows\system32\KERNELBASE.dll!CreateRemoteThread + 10 000007fefd14284a 2 bytes [50, C3] .text C:\Program Files\Windows Sidebar\sidebar.exe[5064] C:\Windows\system32\KERNELBASE.dll!CreateThread + 1 000007fefd142881 11 bytes [B8, B9, 3B, 9D, 75, 00, 00, ...] .text C:\Program Files\Windows Sidebar\sidebar.exe[5064] C:\Windows\SYSTEM32\sechost.dll!ControlService + 1 000007fefd27642d 11 bytes [B8, F9, 55, 9D, 75, 00, 00, ...] .text C:\Program Files\Windows Sidebar\sidebar.exe[5064] C:\Windows\SYSTEM32\sechost.dll!OpenServiceW 000007fefd276484 12 bytes [48, B8, B9, 50, 9D, 75, 00, ...] .text C:\Program Files\Windows Sidebar\sidebar.exe[5064] C:\Windows\SYSTEM32\sechost.dll!CloseServiceHandle + 1 000007fefd276519 11 bytes [B8, F9, 5C, 9D, 75, 00, 00, ...] .text C:\Program Files\Windows Sidebar\sidebar.exe[5064] C:\Windows\SYSTEM32\sechost.dll!OpenServiceA 000007fefd276c34 12 bytes [48, B8, F9, 4E, 9D, 75, 00, ...] .text C:\Program Files\Windows Sidebar\sidebar.exe[5064] C:\Windows\SYSTEM32\sechost.dll!DeleteService + 1 000007fefd277ab5 11 bytes [B8, B9, 57, 9D, 75, 00, 00, ...] .text C:\Program Files\Windows Sidebar\sidebar.exe[5064] C:\Windows\SYSTEM32\sechost.dll!ControlServiceExA + 1 000007fefd278b01 11 bytes [B8, 79, 52, 9D, 75, 00, 00, ...] .text C:\Program Files\Windows Sidebar\sidebar.exe[5064] C:\Windows\SYSTEM32\sechost.dll!ControlServiceExW + 1 000007fefd278c39 11 bytes [B8, 39, 54, 9D, 75, 00, 00, ...] .text C:\Program Files\Windows Sidebar\sidebar.exe[5064] C:\Windows\system32\urlmon.dll!URLDownloadToFileW + 1 000007fefd329959 11 bytes [B8, B9, 5E, 9D, 75, 00, 00, ...] .text C:\Program Files\Windows Sidebar\sidebar.exe[5064] C:\Windows\system32\urlmon.dll!URLDownloadToCacheFileW 000007fefd329a38 12 bytes [48, B8, 79, 60, 9D, 75, 00, ...] .text C:\Windows\system32\taskeng.exe[5404] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateProcessParametersEx + 1 0000000076f892a1 5 bytes [B8, F9, 63, 9D, 75] .text C:\Windows\system32\taskeng.exe[5404] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateProcessParametersEx + 7 0000000076f892a7 5 bytes [00, 00, 00, 50, C3] .text C:\Windows\system32\taskeng.exe[5404] C:\Windows\SYSTEM32\ntdll.dll!NtWriteFile 0000000076fa1390 6 bytes [48, B8, 79, EC, 9D, 75] .text C:\Windows\system32\taskeng.exe[5404] C:\Windows\SYSTEM32\ntdll.dll!NtWriteFile + 8 0000000076fa1398 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\taskeng.exe[5404] C:\Windows\SYSTEM32\ntdll.dll!NtClose 0000000076fa1400 6 bytes [48, B8, 79, D0, 9D, 75] .text C:\Windows\system32\taskeng.exe[5404] C:\Windows\SYSTEM32\ntdll.dll!NtClose + 8 0000000076fa1408 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\taskeng.exe[5404] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess 0000000076fa14d0 6 bytes [48, B8, 39, BD, 9D, 75] .text C:\Windows\system32\taskeng.exe[5404] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess + 8 0000000076fa14d8 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\taskeng.exe[5404] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000076fa1570 6 bytes [48, B8, F9, 32, 9D, 75] .text C:\Windows\system32\taskeng.exe[5404] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess + 8 0000000076fa1578 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\taskeng.exe[5404] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 0000000076fa1590 6 bytes [48, B8, 39, 1C, 9D, 75] .text C:\Windows\system32\taskeng.exe[5404] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection + 8 0000000076fa1598 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\taskeng.exe[5404] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection 0000000076fa15b0 6 bytes [48, B8, F9, 1D, 9D, 75] .text C:\Windows\system32\taskeng.exe[5404] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection + 8 0000000076fa15b8 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\taskeng.exe[5404] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076fa15d0 6 bytes [48, B8, 79, BB, 9D, 75] .text C:\Windows\system32\taskeng.exe[5404] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess + 8 0000000076fa15d8 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\taskeng.exe[5404] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076fa1680 6 bytes [48, B8, F9, E8, 9D, 75] .text C:\Windows\system32\taskeng.exe[5404] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection + 8 0000000076fa1688 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\taskeng.exe[5404] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076fa16b0 6 bytes [48, B8, 79, 2F, 9D, 75] .text C:\Windows\system32\taskeng.exe[5404] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory + 8 0000000076fa16b8 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\taskeng.exe[5404] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000076fa16d0 6 bytes [48, B8, 79, 36, 9D, 75] .text C:\Windows\system32\taskeng.exe[5404] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject + 8 0000000076fa16d8 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\taskeng.exe[5404] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 0000000076fa1760 6 bytes [48, B8, B9, 34, 9D, 75] .text C:\Windows\system32\taskeng.exe[5404] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread + 8 0000000076fa1768 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\taskeng.exe[5404] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076fa17b0 6 bytes [48, B8, 39, EE, 9D, 75] .text C:\Windows\system32\taskeng.exe[5404] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection + 8 0000000076fa17b8 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\taskeng.exe[5404] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcessEx 0000000076fa17e0 6 bytes [48, B8, 39, 2A, 9D, 75] .text C:\Windows\system32\taskeng.exe[5404] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcessEx + 8 0000000076fa17e8 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\taskeng.exe[5404] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076fa17f0 6 bytes [48, B8, B9, 26, 9D, 75] .text C:\Windows\system32\taskeng.exe[5404] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread + 8 0000000076fa17f8 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\taskeng.exe[5404] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 0000000076fa1860 6 bytes [48, B8, B9, EA, 9D, 75] .text C:\Windows\system32\taskeng.exe[5404] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile + 8 0000000076fa1868 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\taskeng.exe[5404] C:\Windows\SYSTEM32\ntdll.dll!NtSetValueKey 0000000076fa1910 6 bytes [48, B8, B9, F1, 9D, 75] .text C:\Windows\system32\taskeng.exe[5404] C:\Windows\SYSTEM32\ntdll.dll!NtSetValueKey + 8 0000000076fa1918 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\taskeng.exe[5404] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076fa1ce0 6 bytes [48, B8, 39, E7, 9D, 75] .text C:\Windows\system32\taskeng.exe[5404] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant + 8 0000000076fa1ce8 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\taskeng.exe[5404] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcess 0000000076fa1d30 6 bytes [48, B8, 79, 28, 9D, 75] .text C:\Windows\system32\taskeng.exe[5404] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcess + 8 0000000076fa1d38 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\taskeng.exe[5404] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076fa1d90 6 bytes [48, B8, F9, 24, 9D, 75] .text C:\Windows\system32\taskeng.exe[5404] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx + 8 0000000076fa1d98 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\taskeng.exe[5404] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076fa2100 6 bytes [48, B8, 39, D2, 9D, 75] .text C:\Windows\system32\taskeng.exe[5404] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver + 8 0000000076fa2108 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\taskeng.exe[5404] C:\Windows\SYSTEM32\ntdll.dll!NtRaiseHardError 0000000076fa2640 6 bytes [48, B8, 39, 7E, 9D, 75] .text C:\Windows\system32\taskeng.exe[5404] C:\Windows\SYSTEM32\ntdll.dll!NtRaiseHardError + 8 0000000076fa2648 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\taskeng.exe[5404] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076fa2840 6 bytes [48, B8, 39, 31, 9D, 75] .text C:\Windows\system32\taskeng.exe[5404] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread + 8 0000000076fa2848 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\taskeng.exe[5404] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000076fa2a00 6 bytes [48, B8, F9, D3, 9D, 75] .text C:\Windows\system32\taskeng.exe[5404] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation + 8 0000000076fa2a08 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\taskeng.exe[5404] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076fa2b00 6 bytes [48, B8, F9, EF, 9D, 75] .text C:\Windows\system32\taskeng.exe[5404] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl + 8 0000000076fa2b08 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\taskeng.exe[5404] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000076fa2be0 6 bytes [48, B8, F9, E1, 9D, 75] .text C:\Windows\system32\taskeng.exe[5404] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl + 8 0000000076fa2be8 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\taskeng.exe[5404] C:\Windows\SYSTEM32\ntdll.dll!RtlReportException + 1 00000000770131f1 11 bytes [B8, F9, 7F, 9D, 75, 00, 00, ...] .text C:\Windows\system32\taskeng.exe[5404] C:\Windows\system32\kernel32.dll!Process32NextW + 1 0000000076e320f1 11 bytes [B8, B9, CE, 9D, 75, 00, 00, ...] .text C:\Windows\system32\taskeng.exe[5404] C:\Windows\system32\kernel32.dll!CreateToolhelp32Snapshot 0000000076e321e0 12 bytes [48, B8, F9, 39, 9D, 75, 00, ...] .text C:\Windows\system32\taskeng.exe[5404] C:\Windows\system32\kernel32.dll!CreateProcessInternalW 0000000076e4e750 12 bytes [48, B8, B9, 2D, 9D, 75, 00, ...] .text C:\Windows\system32\taskeng.exe[5404] C:\Windows\system32\kernel32.dll!GetStartupInfoA + 1 0000000076e51e31 11 bytes [B8, 39, E0, 9D, 75, 00, 00, ...] .text C:\Windows\system32\taskeng.exe[5404] C:\Windows\system32\kernel32.dll!ReadConsoleInputW + 1 0000000076e85011 11 bytes [B8, 79, 75, 9D, 75, 00, 00, ...] .text C:\Windows\system32\taskeng.exe[5404] C:\Windows\system32\kernel32.dll!ReadConsoleInputA + 1 0000000076e85031 11 bytes [B8, F9, 71, 9D, 75, 00, 00, ...] .text C:\Windows\system32\taskeng.exe[5404] C:\Windows\system32\kernel32.dll!ReadConsoleW 0000000076e9a560 12 bytes [48, B8, 79, 7C, 9D, 75, 00, ...] .text C:\Windows\system32\taskeng.exe[5404] C:\Windows\system32\kernel32.dll!ReadConsoleA 0000000076e9a670 12 bytes [48, B8, F9, 78, 9D, 75, 00, ...] .text C:\Windows\system32\taskeng.exe[5404] C:\Windows\system32\KERNELBASE.dll!CloseHandle + 1 000007fefd101861 11 bytes [B8, 39, 4D, 9D, 75, 00, 00, ...] .text C:\Windows\system32\taskeng.exe[5404] C:\Windows\system32\KERNELBASE.dll!GetProcAddress + 1 000007fefd1030f1 11 bytes [B8, 39, C4, 9D, 75, 00, 00, ...] .text C:\Windows\system32\taskeng.exe[5404] C:\Windows\system32\KERNELBASE.dll!CreateMutexW 000007fefd108b80 12 bytes [48, B8, 79, 4B, 9D, 75, 00, ...] .text C:\Windows\system32\taskeng.exe[5404] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd109940 12 bytes [48, B8, B9, C0, 9D, 75, 00, ...] .text C:\Windows\system32\taskeng.exe[5404] C:\Windows\system32\KERNELBASE.dll!FreeLibrary + 1 000007fefd109fb1 11 bytes [B8, 79, C2, 9D, 75, 00, 00, ...] .text C:\Windows\system32\taskeng.exe[5404] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExA + 1 000007fefd10bbb1 11 bytes [B8, F9, BE, 9D, 75, 00, 00, ...] .text C:\Windows\system32\taskeng.exe[5404] C:\Windows\system32\KERNELBASE.dll!OpenMutexW + 1 000007fefd1129c1 11 bytes [B8, B9, 49, 9D, 75, 00, 00, ...] .text C:\Windows\system32\taskeng.exe[5404] C:\Windows\system32\KERNELBASE.dll!WriteProcessMemory 000007fefd134320 12 bytes [48, B8, 79, 3D, 9D, 75, 00, ...] .text C:\Windows\system32\taskeng.exe[5404] C:\Windows\system32\KERNELBASE.dll!CreateRemoteThread + 1 000007fefd142841 8 bytes [B8, 39, 23, 9D, 75, 00, 00, ...] .text C:\Windows\system32\taskeng.exe[5404] C:\Windows\system32\KERNELBASE.dll!CreateRemoteThread + 10 000007fefd14284a 2 bytes [50, C3] .text C:\Windows\system32\taskeng.exe[5404] C:\Windows\system32\KERNELBASE.dll!CreateThread + 1 000007fefd142881 11 bytes [B8, B9, 3B, 9D, 75, 00, 00, ...] .text C:\Users\RK\AppData\Roaming\Dropbox\bin\Dropbox.exe[5644] C:\Windows\SysWOW64\ntdll.dll!NtReadFile 000000007714f8d0 5 bytes JMP 0000000173fa60c1 .text C:\Users\RK\AppData\Roaming\Dropbox\bin\Dropbox.exe[5644] C:\Windows\SysWOW64\ntdll.dll!NtWriteFile 000000007714f908 5 bytes JMP 0000000173fa66f1 .text C:\Users\RK\AppData\Roaming\Dropbox\bin\Dropbox.exe[5644] C:\Windows\SysWOW64\ntdll.dll!NtClose 000000007714f9c0 5 bytes JMP 0000000173fa5f11 .text C:\Users\RK\AppData\Roaming\Dropbox\bin\Dropbox.exe[5644] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationProcess 000000007714fb08 5 bytes JMP 0000000173fa5971 .text C:\Users\RK\AppData\Roaming\Dropbox\bin\Dropbox.exe[5644] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess 000000007714fc00 5 bytes JMP 0000000173fa3061 .text C:\Users\RK\AppData\Roaming\Dropbox\bin\Dropbox.exe[5644] C:\Windows\SysWOW64\ntdll.dll!NtMapViewOfSection 000000007714fc30 5 bytes JMP 0000000173fa15f1 .text C:\Users\RK\AppData\Roaming\Dropbox\bin\Dropbox.exe[5644] C:\Windows\SysWOW64\ntdll.dll!NtUnmapViewOfSection 000000007714fc60 5 bytes JMP 0000000173fa1681 .text C:\Users\RK\AppData\Roaming\Dropbox\bin\Dropbox.exe[5644] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 000000007714fc90 5 bytes JMP 0000000173fa58e1 .text C:\Users\RK\AppData\Roaming\Dropbox\bin\Dropbox.exe[5644] C:\Windows\SysWOW64\ntdll.dll!NtOpenSection 000000007714fda8 5 bytes JMP 0000000173fa6661 .text C:\Users\RK\AppData\Roaming\Dropbox\bin\Dropbox.exe[5644] C:\Windows\SysWOW64\ntdll.dll!NtWriteVirtualMemory 000000007714fdf4 5 bytes JMP 0000000173fa2f41 .text C:\Users\RK\AppData\Roaming\Dropbox\bin\Dropbox.exe[5644] C:\Windows\SysWOW64\ntdll.dll!NtDuplicateObject 000000007714fe24 5 bytes JMP 0000000173fa3181 .text C:\Users\RK\AppData\Roaming\Dropbox\bin\Dropbox.exe[5644] C:\Windows\SysWOW64\ntdll.dll!NtQueueApcThread 000000007714ff04 5 bytes JMP 0000000173fa30f1 .text C:\Users\RK\AppData\Roaming\Dropbox\bin\Dropbox.exe[5644] C:\Windows\SysWOW64\ntdll.dll!NtCreateSection 000000007714ff84 5 bytes JMP 0000000173fa6781 .text C:\Users\RK\AppData\Roaming\Dropbox\bin\Dropbox.exe[5644] C:\Windows\SysWOW64\ntdll.dll!NtCreateProcessEx 000000007714ffcc 5 bytes JMP 0000000173fa2d91 .text C:\Users\RK\AppData\Roaming\Dropbox\bin\Dropbox.exe[5644] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread 000000007714ffe4 5 bytes JMP 0000000173fa2c71 .text C:\Users\RK\AppData\Roaming\Dropbox\bin\Dropbox.exe[5644] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile 0000000077150094 5 bytes JMP 0000000173fa1e61 .text C:\Users\RK\AppData\Roaming\Dropbox\bin\Dropbox.exe[5644] C:\Windows\SysWOW64\ntdll.dll!NtSetValueKey 00000000771501a4 5 bytes JMP 0000000173fa2251 .text C:\Users\RK\AppData\Roaming\Dropbox\bin\Dropbox.exe[5644] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant 000000007715077c 5 bytes JMP 0000000173fa65d1 .text C:\Users\RK\AppData\Roaming\Dropbox\bin\Dropbox.exe[5644] C:\Windows\SysWOW64\ntdll.dll!NtCreateProcess 00000000771507f4 5 bytes JMP 0000000173fa2d01 .text C:\Users\RK\AppData\Roaming\Dropbox\bin\Dropbox.exe[5644] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx 0000000077150884 5 bytes JMP 0000000173fa2be1 .text C:\Users\RK\AppData\Roaming\Dropbox\bin\Dropbox.exe[5644] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver 0000000077150dd4 5 bytes JMP 0000000173fa5fa1 .text C:\Users\RK\AppData\Roaming\Dropbox\bin\Dropbox.exe[5644] C:\Windows\SysWOW64\ntdll.dll!NtRaiseHardError 00000000771515e4 5 bytes JMP 0000000173fa4651 .text C:\Users\RK\AppData\Roaming\Dropbox\bin\Dropbox.exe[5644] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread 0000000077151900 5 bytes JMP 0000000173fa2fd1 .text C:\Users\RK\AppData\Roaming\Dropbox\bin\Dropbox.exe[5644] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation 0000000077151bc4 5 bytes JMP 0000000173fa6031 .text C:\Users\RK\AppData\Roaming\Dropbox\bin\Dropbox.exe[5644] C:\Windows\SysWOW64\ntdll.dll!NtSystemDebugControl 0000000077151d6c 5 bytes JMP 0000000173fa6811 .text C:\Users\RK\AppData\Roaming\Dropbox\bin\Dropbox.exe[5644] C:\Windows\SysWOW64\ntdll.dll!NtVdmControl 0000000077151ec8 5 bytes JMP 0000000173fa6421 .text C:\Users\RK\AppData\Roaming\Dropbox\bin\Dropbox.exe[5644] C:\Windows\SysWOW64\ntdll.dll!RtlQueryPerformanceCounter 00000000771688a4 5 bytes JMP 0000000173fa1a71 .text C:\Users\RK\AppData\Roaming\Dropbox\bin\Dropbox.exe[5644] C:\Windows\SysWOW64\ntdll.dll!RtlCreateProcessParametersEx 0000000077190cfb 5 bytes JMP 0000000173fa1f81 .text C:\Users\RK\AppData\Roaming\Dropbox\bin\Dropbox.exe[5644] C:\Windows\SysWOW64\ntdll.dll!RtlReportException 00000000771d857f 5 bytes JMP 0000000173fa46e1 .text C:\Users\RK\AppData\Roaming\Dropbox\bin\Dropbox.exe[5644] C:\Windows\SysWOW64\ntdll.dll!RtlCreateProcessParameters 00000000771de81b 5 bytes JMP 0000000173fa1ef1 .text C:\Users\RK\AppData\Roaming\Dropbox\bin\Dropbox.exe[5644] C:\Windows\syswow64\kernel32.dll!GetStartupInfoA 0000000075550e00 5 bytes JMP 0000000173fa1d41 .text C:\Users\RK\AppData\Roaming\Dropbox\bin\Dropbox.exe[5644] C:\Windows\syswow64\kernel32.dll!CreateProcessA 0000000075551072 5 bytes JMP 0000000173fa2911 .text C:\Users\RK\AppData\Roaming\Dropbox\bin\Dropbox.exe[5644] C:\Windows\syswow64\kernel32.dll!LoadLibraryA 00000000755549bf 5 bytes JMP 0000000173fa2521 .text C:\Users\RK\AppData\Roaming\Dropbox\bin\Dropbox.exe[5644] C:\Windows\syswow64\kernel32.dll!CreateProcessInternalW 0000000075563bdb 5 bytes JMP 0000000173fa2eb1 .text C:\Users\RK\AppData\Roaming\Dropbox\bin\Dropbox.exe[5644] C:\Windows\syswow64\kernel32.dll!CreateToolhelp32Snapshot 0000000075577347 5 bytes JMP 0000000173fa2641 .text C:\Users\RK\AppData\Roaming\Dropbox\bin\Dropbox.exe[5644] C:\Windows\syswow64\kernel32.dll!Process32NextW 0000000075578954 5 bytes JMP 0000000173fa5e81 .text C:\Users\RK\AppData\Roaming\Dropbox\bin\Dropbox.exe[5644] C:\Windows\syswow64\kernel32.dll!WinExec 00000000755d2c91 5 bytes JMP 0000000173fa27f1 .text C:\Users\RK\AppData\Roaming\Dropbox\bin\Dropbox.exe[5644] C:\Windows\syswow64\kernel32.dll!ReadConsoleInputA 00000000755f6f6b 5 bytes JMP 0000000173fa4261 .text C:\Users\RK\AppData\Roaming\Dropbox\bin\Dropbox.exe[5644] C:\Windows\syswow64\kernel32.dll!ReadConsoleInputW 00000000755f6f8e 5 bytes JMP 0000000173fa4381 .text C:\Users\RK\AppData\Roaming\Dropbox\bin\Dropbox.exe[5644] C:\Windows\syswow64\kernel32.dll!ReadConsoleA 00000000755f7339 5 bytes JMP 0000000173fa44a1 .text C:\Users\RK\AppData\Roaming\Dropbox\bin\Dropbox.exe[5644] C:\Windows\syswow64\kernel32.dll!ReadConsoleW 00000000755f73b2 5 bytes JMP 0000000173fa45c1 .text C:\Users\RK\AppData\Roaming\Dropbox\bin\Dropbox.exe[5644] C:\Windows\syswow64\KERNELBASE.dll!GetSystemTimeAsFileTime 0000000075bb8f7d 5 bytes JMP 0000000173fa19e1 .text C:\Users\RK\AppData\Roaming\Dropbox\bin\Dropbox.exe[5644] C:\Windows\syswow64\KERNELBASE.dll!CloseHandle 0000000075bbc428 5 bytes JMP 0000000173fa37b1 .text C:\Users\RK\AppData\Roaming\Dropbox\bin\Dropbox.exe[5644] C:\Windows\syswow64\KERNELBASE.dll!WriteProcessMemory 0000000075bbec98 5 bytes JMP 0000000173fa32a1 .text C:\Users\RK\AppData\Roaming\Dropbox\bin\Dropbox.exe[5644] C:\Windows\syswow64\KERNELBASE.dll!ExitProcess 0000000075bbf1f8 5 bytes JMP 0000000173fa22e1 .text C:\Users\RK\AppData\Roaming\Dropbox\bin\Dropbox.exe[5644] C:\Windows\syswow64\KERNELBASE.dll!GetStartupInfoW 0000000075bbfa7b 5 bytes JMP 0000000173fa1dd1 .text C:\Users\RK\AppData\Roaming\Dropbox\bin\Dropbox.exe[5644] C:\Windows\syswow64\KERNELBASE.dll!CreateMutexW 0000000075bc134a 5 bytes JMP 0000000173fa3721 .text C:\Users\RK\AppData\Roaming\Dropbox\bin\Dropbox.exe[5644] C:\Windows\syswow64\KERNELBASE.dll!OpenMutexW 0000000075bc1371 5 bytes JMP 0000000173fa3691 .text C:\Users\RK\AppData\Roaming\Dropbox\bin\Dropbox.exe[5644] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000075bc1d1b 5 bytes JMP 0000000173fa1951 .text C:\Users\RK\AppData\Roaming\Dropbox\bin\Dropbox.exe[5644] C:\Windows\syswow64\KERNELBASE.dll!GetProcAddress 0000000075bc1e07 5 bytes JMP 0000000173fa2401 .text C:\Users\RK\AppData\Roaming\Dropbox\bin\Dropbox.exe[5644] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000075bc2aa4 5 bytes JMP 0000000173fa5a91 .text C:\Users\RK\AppData\Roaming\Dropbox\bin\Dropbox.exe[5644] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExA 0000000075bc2ccc 5 bytes JMP 0000000173fa5a01 .text C:\Users\RK\AppData\Roaming\Dropbox\bin\Dropbox.exe[5644] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000075bc2d0a 5 bytes JMP 0000000173fa5b21 .text C:\Users\RK\AppData\Roaming\Dropbox\bin\Dropbox.exe[5644] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleA 0000000075bc2e6d 5 bytes JMP 0000000173fa18c1 .text C:\Users\RK\AppData\Roaming\Dropbox\bin\Dropbox.exe[5644] C:\Windows\syswow64\KERNELBASE.dll!SleepEx 0000000075bc3b63 5 bytes JMP 0000000173fa21c1 .text C:\Users\RK\AppData\Roaming\Dropbox\bin\Dropbox.exe[5644] C:\Windows\syswow64\KERNELBASE.dll!Sleep 0000000075bc4489 5 bytes JMP 0000000173fa2371 .text C:\Users\RK\AppData\Roaming\Dropbox\bin\Dropbox.exe[5644] C:\Windows\syswow64\KERNELBASE.dll!CreateThread 0000000075bc45fb 5 bytes JMP 0000000173fa3211 .text C:\Users\RK\AppData\Roaming\Dropbox\bin\Dropbox.exe[5644] C:\Windows\syswow64\KERNELBASE.dll!CreateRemoteThread 0000000075bc4624 5 bytes JMP 0000000173fa2b51 .text C:\Users\RK\AppData\Roaming\Dropbox\bin\Dropbox.exe[5644] C:\Windows\syswow64\KERNELBASE.dll!CreateFileA 0000000075bcc72c 5 bytes JMP 0000000173fa26d1 .text C:\Users\RK\AppData\Roaming\Dropbox\bin\Dropbox.exe[5644] C:\Windows\syswow64\USER32.dll!GetMessageW 00000000758b78e2 5 bytes JMP 0000000173fa4021 .text C:\Users\RK\AppData\Roaming\Dropbox\bin\Dropbox.exe[5644] C:\Windows\syswow64\USER32.dll!GetMessageA 00000000758b7bd3 5 bytes JMP 0000000173fa3f91 .text C:\Users\RK\AppData\Roaming\Dropbox\bin\Dropbox.exe[5644] C:\Windows\syswow64\USER32.dll!CreateWindowExW 00000000758b8a29 5 bytes JMP 0000000173fa52b1 .text C:\Users\RK\AppData\Roaming\Dropbox\bin\Dropbox.exe[5644] C:\Windows\syswow64\USER32.dll!FindWindowW 00000000758b98fd 5 bytes JMP 0000000173fa5cd1 .text C:\Users\RK\AppData\Roaming\Dropbox\bin\Dropbox.exe[5644] C:\Windows\syswow64\USER32.dll!UserClientDllInitialize 00000000758bb6ed 5 bytes JMP 0000000173fa68a1 .text C:\Users\RK\AppData\Roaming\Dropbox\bin\Dropbox.exe[5644] C:\Windows\syswow64\USER32.dll!CreateWindowExA 00000000758bd22e 5 bytes JMP 0000000173fa5341 .text C:\Users\RK\AppData\Roaming\Dropbox\bin\Dropbox.exe[5644] C:\Windows\syswow64\USER32.dll!FindWindowA 00000000758bffe6 5 bytes JMP 0000000173fa5bb1 .text C:\Users\RK\AppData\Roaming\Dropbox\bin\Dropbox.exe[5644] C:\Windows\syswow64\USER32.dll!FindWindowExA 00000000758c00d9 5 bytes JMP 0000000173fa5c41 .text C:\Users\RK\AppData\Roaming\Dropbox\bin\Dropbox.exe[5644] C:\Windows\syswow64\USER32.dll!PeekMessageW 00000000758c05ba 5 bytes JMP 0000000173fa4141 .text C:\Users\RK\AppData\Roaming\Dropbox\bin\Dropbox.exe[5644] C:\Windows\syswow64\USER32.dll!ShowWindow 00000000758c0dfb 5 bytes JMP 0000000173fa53d1 .text C:\Users\RK\AppData\Roaming\Dropbox\bin\Dropbox.exe[5644] C:\Windows\syswow64\USER32.dll!PostMessageW 00000000758c12a5 5 bytes JMP 0000000173fa6541 .text C:\Users\RK\AppData\Roaming\Dropbox\bin\Dropbox.exe[5644] C:\Windows\syswow64\USER32.dll!SetWindowTextW 00000000758c20ec 5 bytes JMP 0000000173fa5731 .text C:\Users\RK\AppData\Roaming\Dropbox\bin\Dropbox.exe[5644] C:\Windows\syswow64\USER32.dll!PostMessageA 00000000758c3baa 5 bytes JMP 0000000173fa64b1 .text C:\Users\RK\AppData\Roaming\Dropbox\bin\Dropbox.exe[5644] C:\Windows\syswow64\USER32.dll!PeekMessageA 00000000758c5f74 5 bytes JMP 0000000173fa40b1 .text C:\Users\RK\AppData\Roaming\Dropbox\bin\Dropbox.exe[5644] C:\Windows\syswow64\USER32.dll!CallNextHookEx 00000000758c6285 5 bytes JMP 0000000173fa4771 .text C:\Users\RK\AppData\Roaming\Dropbox\bin\Dropbox.exe[5644] C:\Windows\syswow64\USER32.dll!SetWindowsHookExW 00000000758c7603 5 bytes JMP 0000000173fa2ac1 .text C:\Users\RK\AppData\Roaming\Dropbox\bin\Dropbox.exe[5644] C:\Windows\syswow64\USER32.dll!SetWindowTextA 00000000758c7aee 5 bytes JMP 0000000173fa56a1 .text C:\Users\RK\AppData\Roaming\Dropbox\bin\Dropbox.exe[5644] C:\Windows\syswow64\USER32.dll!SetWindowsHookExA 00000000758c835c 5 bytes JMP 0000000173fa2a31 .text C:\Users\RK\AppData\Roaming\Dropbox\bin\Dropbox.exe[5644] C:\Windows\syswow64\USER32.dll!DialogBoxIndirectParamAorW 00000000758dce54 5 bytes JMP 0000000173fa54f1 .text C:\Users\RK\AppData\Roaming\Dropbox\bin\Dropbox.exe[5644] C:\Windows\syswow64\USER32.dll!UnhookWindowsHookEx 00000000758df52b 5 bytes JMP 0000000173fa4801 .text C:\Users\RK\AppData\Roaming\Dropbox\bin\Dropbox.exe[5644] C:\Windows\syswow64\USER32.dll!FindWindowExW 00000000758df588 5 bytes JMP 0000000173fa5d61 .text C:\Users\RK\AppData\Roaming\Dropbox\bin\Dropbox.exe[5644] C:\Windows\syswow64\USER32.dll!CreateDialogIndirectParamAorW 00000000758e10a0 5 bytes JMP 0000000173fa5461 .text C:\Users\RK\AppData\Roaming\Dropbox\bin\Dropbox.exe[5644] C:\Windows\syswow64\USER32.dll!MessageBoxExA 000000007590fcd6 5 bytes JMP 0000000173fa5581 .text C:\Users\RK\AppData\Roaming\Dropbox\bin\Dropbox.exe[5644] C:\Windows\syswow64\USER32.dll!MessageBoxExW 000000007590fcfa 5 bytes JMP 0000000173fa5611 .text C:\Users\RK\AppData\Roaming\Dropbox\bin\Dropbox.exe[5644] C:\Windows\syswow64\msvcrt.dll!_lock + 41 000000007540a472 5 bytes JMP 0000000173fa6931 .text C:\Users\RK\AppData\Roaming\Dropbox\bin\Dropbox.exe[5644] C:\Windows\syswow64\msvcrt.dll!__p__fmode 00000000754127ce 5 bytes JMP 0000000173fa1b91 .text C:\Users\RK\AppData\Roaming\Dropbox\bin\Dropbox.exe[5644] C:\Windows\syswow64\msvcrt.dll!__p__environ 000000007541e6cf 5 bytes JMP 0000000173fa1b01 .text C:\Users\RK\AppData\Roaming\Dropbox\bin\Dropbox.exe[5644] C:\Windows\syswow64\ADVAPI32.dll!OpenServiceW 000000007604ca4c 5 bytes JMP 0000000173fa38d1 .text C:\Users\RK\AppData\Roaming\Dropbox\bin\Dropbox.exe[5644] C:\Windows\syswow64\ADVAPI32.dll!OpenServiceA 0000000076052bf0 5 bytes JMP 0000000173fa3841 .text C:\Users\RK\AppData\Roaming\Dropbox\bin\Dropbox.exe[5644] C:\Windows\syswow64\ADVAPI32.dll!CloseServiceHandle 000000007605369c 5 bytes JMP 0000000173fa3cc1 .text C:\Users\RK\AppData\Roaming\Dropbox\bin\Dropbox.exe[5644] C:\Windows\syswow64\ADVAPI32.dll!RegOpenKeyExA + 222 00000000760549e5 5 bytes JMP 0000000173fa69c1 .text C:\Users\RK\AppData\Roaming\Dropbox\bin\Dropbox.exe[5644] C:\Windows\syswow64\ADVAPI32.dll!CreateServiceW 000000007606712c 5 bytes JMP 0000000173fa3f01 .text C:\Users\RK\AppData\Roaming\Dropbox\bin\Dropbox.exe[5644] C:\Windows\syswow64\ADVAPI32.dll!ControlService 0000000076067144 5 bytes JMP 0000000173fa3a81 .text C:\Users\RK\AppData\Roaming\Dropbox\bin\Dropbox.exe[5644] C:\Windows\syswow64\ADVAPI32.dll!DeleteService 000000007606715c 5 bytes JMP 0000000173fa3b11 .text C:\Users\RK\AppData\Roaming\Dropbox\bin\Dropbox.exe[5644] C:\Windows\syswow64\ADVAPI32.dll!ChangeServiceConfigA 00000000760830e8 5 bytes JMP 0000000173fa3ba1 .text C:\Users\RK\AppData\Roaming\Dropbox\bin\Dropbox.exe[5644] C:\Windows\syswow64\ADVAPI32.dll!ChangeServiceConfigW 00000000760830f8 5 bytes JMP 0000000173fa3c31 .text C:\Users\RK\AppData\Roaming\Dropbox\bin\Dropbox.exe[5644] C:\Windows\syswow64\ADVAPI32.dll!ControlServiceExA 0000000076083108 5 bytes JMP 0000000173fa3961 .text C:\Users\RK\AppData\Roaming\Dropbox\bin\Dropbox.exe[5644] C:\Windows\syswow64\ADVAPI32.dll!ControlServiceExW 0000000076083118 5 bytes JMP 0000000173fa39f1 .text C:\Users\RK\AppData\Roaming\Dropbox\bin\Dropbox.exe[5644] C:\Windows\syswow64\ADVAPI32.dll!CreateServiceA 0000000076083158 5 bytes JMP 0000000173fa3e71 .text C:\Users\RK\AppData\Roaming\Dropbox\bin\Dropbox.exe[5644] C:\Windows\syswow64\WS2_32.dll!closesocket 0000000075343918 5 bytes JMP 0000000173fa5851 .text C:\Users\RK\AppData\Roaming\Dropbox\bin\Dropbox.exe[5644] C:\Windows\syswow64\WS2_32.dll!WSASocketW 0000000075343cd3 5 bytes JMP 0000000173fa57c1 .text C:\Users\RK\AppData\Roaming\Dropbox\bin\Dropbox.exe[5644] C:\Windows\syswow64\WS2_32.dll!socket 0000000075343eb8 5 bytes JMP 0000000173fa6151 .text C:\Users\RK\AppData\Roaming\Dropbox\bin\Dropbox.exe[5644] C:\Windows\syswow64\WS2_32.dll!WSASend 0000000075344406 5 bytes JMP 0000000173fa20a1 .text C:\Users\RK\AppData\Roaming\Dropbox\bin\Dropbox.exe[5644] C:\Windows\syswow64\WS2_32.dll!GetAddrInfoW 0000000075344889 5 bytes JMP 0000000173fa5191 .text C:\Users\RK\AppData\Roaming\Dropbox\bin\Dropbox.exe[5644] C:\Windows\syswow64\WS2_32.dll!recv 0000000075346b0e 5 bytes JMP 0000000173fa6301 .text C:\Users\RK\AppData\Roaming\Dropbox\bin\Dropbox.exe[5644] C:\Windows\syswow64\WS2_32.dll!connect 0000000075346bdd 1 byte JMP 0000000173fa3de1 .text C:\Users\RK\AppData\Roaming\Dropbox\bin\Dropbox.exe[5644] C:\Windows\syswow64\WS2_32.dll!connect + 2 0000000075346bdf 3 bytes {CALL RCX} .text C:\Users\RK\AppData\Roaming\Dropbox\bin\Dropbox.exe[5644] C:\Windows\syswow64\WS2_32.dll!send 0000000075346f01 5 bytes JMP 0000000173fa2011 .text C:\Users\RK\AppData\Roaming\Dropbox\bin\Dropbox.exe[5644] C:\Windows\syswow64\WS2_32.dll!WSARecv 0000000075347089 5 bytes JMP 0000000173fa6391 .text C:\Users\RK\AppData\Roaming\Dropbox\bin\Dropbox.exe[5644] C:\Windows\syswow64\WS2_32.dll!WSAConnect 000000007534cc3f 5 bytes JMP 0000000173fa6271 .text C:\Users\RK\AppData\Roaming\Dropbox\bin\Dropbox.exe[5644] C:\Windows\syswow64\WS2_32.dll!gethostbyname 0000000075357673 5 bytes JMP 0000000173fa5221 .text C:\Users\RK\AppData\Roaming\Dropbox\bin\Dropbox.exe[5644] C:\Windows\syswow64\SHELL32.dll!Shell_NotifyIconW 0000000076100171 5 bytes JMP 0000000173fa4891 .text C:\Users\RK\AppData\Roaming\Dropbox\bin\Dropbox.exe[5644] C:\Windows\syswow64\urlmon.dll!URLDownloadToCacheFileW 0000000075aa8fb0 5 bytes JMP 0000000173fa3d51 .text C:\Users\RK\AppData\Roaming\Dropbox\bin\Dropbox.exe[5644] C:\Windows\syswow64\urlmon.dll!URLDownloadToFileW 0000000075b06ade 5 bytes JMP 0000000173fa2131 .text C:\Users\RK\AppData\Roaming\Dropbox\bin\Dropbox.exe[5644] C:\Windows\syswow64\urlmon.dll!URLDownloadToFileA 0000000075b06cb8 5 bytes JMP 0000000173fa29a1 .text C:\Users\RK\AppData\Roaming\Dropbox\bin\Dropbox.exe[5644] C:\Windows\syswow64\Psapi.dll!GetModuleInformation + 69 0000000074d51465 2 bytes [D5, 74] .text C:\Users\RK\AppData\Roaming\Dropbox\bin\Dropbox.exe[5644] C:\Windows\syswow64\Psapi.dll!GetModuleInformation + 155 0000000074d514bb 2 bytes [D5, 74] .text ... * 2 .text C:\Users\RK\AppData\Local\Facebook\Messenger\2.1.4814.0\FacebookMessenger.exe[5728] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000074d51465 2 bytes [D5, 74] .text C:\Users\RK\AppData\Local\Facebook\Messenger\2.1.4814.0\FacebookMessenger.exe[5728] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000074d514bb 2 bytes [D5, 74] .text ... * 2 .text C:\Program Files (x86)\KatMouse\KatMouse.exe[5844] C:\Windows\SysWOW64\ntdll.dll!NtWriteFile 000000007714f908 5 bytes JMP 0000000173fa6661 .text C:\Program Files (x86)\KatMouse\KatMouse.exe[5844] C:\Windows\SysWOW64\ntdll.dll!NtClose 000000007714f9c0 5 bytes JMP 0000000173fa5f11 .text C:\Program Files (x86)\KatMouse\KatMouse.exe[5844] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationProcess 000000007714fb08 5 bytes JMP 0000000173fa5971 .text C:\Program Files (x86)\KatMouse\KatMouse.exe[5844] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess 000000007714fc00 5 bytes JMP 0000000173fa3061 .text C:\Program Files (x86)\KatMouse\KatMouse.exe[5844] C:\Windows\SysWOW64\ntdll.dll!NtMapViewOfSection 000000007714fc30 5 bytes JMP 0000000173fa15f1 .text C:\Program Files (x86)\KatMouse\KatMouse.exe[5844] C:\Windows\SysWOW64\ntdll.dll!NtUnmapViewOfSection 000000007714fc60 5 bytes JMP 0000000173fa1681 .text C:\Program Files (x86)\KatMouse\KatMouse.exe[5844] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 000000007714fc90 5 bytes JMP 0000000173fa58e1 .text C:\Program Files (x86)\KatMouse\KatMouse.exe[5844] C:\Windows\SysWOW64\ntdll.dll!NtOpenSection 000000007714fda8 5 bytes JMP 0000000173fa65d1 .text C:\Program Files (x86)\KatMouse\KatMouse.exe[5844] C:\Windows\SysWOW64\ntdll.dll!NtWriteVirtualMemory 000000007714fdf4 5 bytes JMP 0000000173fa2f41 .text C:\Program Files (x86)\KatMouse\KatMouse.exe[5844] C:\Windows\SysWOW64\ntdll.dll!NtDuplicateObject 000000007714fe24 5 bytes JMP 0000000173fa3181 .text C:\Program Files (x86)\KatMouse\KatMouse.exe[5844] C:\Windows\SysWOW64\ntdll.dll!NtQueueApcThread 000000007714ff04 5 bytes JMP 0000000173fa30f1 .text C:\Program Files (x86)\KatMouse\KatMouse.exe[5844] C:\Windows\SysWOW64\ntdll.dll!NtCreateSection 000000007714ff84 5 bytes JMP 0000000173fa66f1 .text C:\Program Files (x86)\KatMouse\KatMouse.exe[5844] C:\Windows\SysWOW64\ntdll.dll!NtCreateProcessEx 000000007714ffcc 5 bytes JMP 0000000173fa2d91 .text C:\Program Files (x86)\KatMouse\KatMouse.exe[5844] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread 000000007714ffe4 5 bytes JMP 0000000173fa2c71 .text C:\Program Files (x86)\KatMouse\KatMouse.exe[5844] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile 0000000077150094 5 bytes JMP 0000000173fa1e61 .text C:\Program Files (x86)\KatMouse\KatMouse.exe[5844] C:\Windows\SysWOW64\ntdll.dll!NtSetValueKey 00000000771501a4 5 bytes JMP 0000000173fa2251 .text C:\Program Files (x86)\KatMouse\KatMouse.exe[5844] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant 000000007715077c 5 bytes JMP 0000000173fa6541 .text C:\Program Files (x86)\KatMouse\KatMouse.exe[5844] C:\Windows\SysWOW64\ntdll.dll!NtCreateProcess 00000000771507f4 5 bytes JMP 0000000173fa2d01 .text C:\Program Files (x86)\KatMouse\KatMouse.exe[5844] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx 0000000077150884 5 bytes JMP 0000000173fa2be1 .text C:\Program Files (x86)\KatMouse\KatMouse.exe[5844] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver 0000000077150dd4 5 bytes JMP 0000000173fa5fa1 .text C:\Program Files (x86)\KatMouse\KatMouse.exe[5844] C:\Windows\SysWOW64\ntdll.dll!NtRaiseHardError 00000000771515e4 5 bytes JMP 0000000173fa4651 .text C:\Program Files (x86)\KatMouse\KatMouse.exe[5844] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread 0000000077151900 5 bytes JMP 0000000173fa2fd1 .text C:\Program Files (x86)\KatMouse\KatMouse.exe[5844] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation 0000000077151bc4 5 bytes JMP 0000000173fa6031 .text C:\Program Files (x86)\KatMouse\KatMouse.exe[5844] C:\Windows\SysWOW64\ntdll.dll!NtSystemDebugControl 0000000077151d6c 5 bytes JMP 0000000173fa6781 .text C:\Program Files (x86)\KatMouse\KatMouse.exe[5844] C:\Windows\SysWOW64\ntdll.dll!NtVdmControl 0000000077151ec8 5 bytes JMP 0000000173fa6391 .text C:\Program Files (x86)\KatMouse\KatMouse.exe[5844] C:\Windows\SysWOW64\ntdll.dll!RtlQueryPerformanceCounter 00000000771688a4 5 bytes JMP 0000000173fa1a71 .text C:\Program Files (x86)\KatMouse\KatMouse.exe[5844] C:\Windows\SysWOW64\ntdll.dll!RtlCreateProcessParametersEx 0000000077190cfb 5 bytes JMP 0000000173fa1f81 .text C:\Program Files (x86)\KatMouse\KatMouse.exe[5844] C:\Windows\SysWOW64\ntdll.dll!RtlReportException 00000000771d857f 5 bytes JMP 0000000173fa46e1 .text C:\Program Files (x86)\KatMouse\KatMouse.exe[5844] C:\Windows\SysWOW64\ntdll.dll!RtlCreateProcessParameters 00000000771de81b 5 bytes JMP 0000000173fa1ef1 .text C:\Program Files (x86)\KatMouse\KatMouse.exe[5844] C:\Windows\syswow64\kernel32.dll!GetStartupInfoA 0000000075550e00 5 bytes JMP 0000000173fa1d41 .text C:\Program Files (x86)\KatMouse\KatMouse.exe[5844] C:\Windows\syswow64\kernel32.dll!CreateProcessA 0000000075551072 5 bytes JMP 0000000173fa2911 .text C:\Program Files (x86)\KatMouse\KatMouse.exe[5844] C:\Windows\syswow64\kernel32.dll!LoadLibraryA 00000000755549bf 5 bytes JMP 0000000173fa2521 .text C:\Program Files (x86)\KatMouse\KatMouse.exe[5844] C:\Windows\syswow64\kernel32.dll!CreateProcessInternalW 0000000075563bdb 5 bytes JMP 0000000173fa2eb1 .text C:\Program Files (x86)\KatMouse\KatMouse.exe[5844] C:\Windows\syswow64\kernel32.dll!CreateToolhelp32Snapshot 0000000075577347 5 bytes JMP 0000000173fa2641 .text C:\Program Files (x86)\KatMouse\KatMouse.exe[5844] C:\Windows\syswow64\kernel32.dll!Process32NextW 0000000075578954 5 bytes JMP 0000000173fa5e81 .text C:\Program Files (x86)\KatMouse\KatMouse.exe[5844] C:\Windows\syswow64\kernel32.dll!WinExec 00000000755d2c91 5 bytes JMP 0000000173fa27f1 .text C:\Program Files (x86)\KatMouse\KatMouse.exe[5844] C:\Windows\syswow64\kernel32.dll!ReadConsoleInputA 00000000755f6f6b 5 bytes JMP 0000000173fa4261 .text C:\Program Files (x86)\KatMouse\KatMouse.exe[5844] C:\Windows\syswow64\kernel32.dll!ReadConsoleInputW 00000000755f6f8e 5 bytes JMP 0000000173fa4381 .text C:\Program Files (x86)\KatMouse\KatMouse.exe[5844] C:\Windows\syswow64\kernel32.dll!ReadConsoleA 00000000755f7339 5 bytes JMP 0000000173fa44a1 .text C:\Program Files (x86)\KatMouse\KatMouse.exe[5844] C:\Windows\syswow64\kernel32.dll!ReadConsoleW 00000000755f73b2 5 bytes JMP 0000000173fa45c1 .text C:\Program Files (x86)\KatMouse\KatMouse.exe[5844] C:\Windows\syswow64\KERNELBASE.dll!GetSystemTimeAsFileTime 0000000075bb8f7d 5 bytes JMP 0000000173fa19e1 .text C:\Program Files (x86)\KatMouse\KatMouse.exe[5844] C:\Windows\syswow64\KERNELBASE.dll!CloseHandle 0000000075bbc428 5 bytes JMP 0000000173fa37b1 .text C:\Program Files (x86)\KatMouse\KatMouse.exe[5844] C:\Windows\syswow64\KERNELBASE.dll!WriteProcessMemory 0000000075bbec98 5 bytes JMP 0000000173fa32a1 .text C:\Program Files (x86)\KatMouse\KatMouse.exe[5844] C:\Windows\syswow64\KERNELBASE.dll!ExitProcess 0000000075bbf1f8 5 bytes JMP 0000000173fa22e1 .text C:\Program Files (x86)\KatMouse\KatMouse.exe[5844] C:\Windows\syswow64\KERNELBASE.dll!GetStartupInfoW 0000000075bbfa7b 5 bytes JMP 0000000173fa1dd1 .text C:\Program Files (x86)\KatMouse\KatMouse.exe[5844] C:\Windows\syswow64\KERNELBASE.dll!CreateMutexW 0000000075bc134a 5 bytes JMP 0000000173fa3721 .text C:\Program Files (x86)\KatMouse\KatMouse.exe[5844] C:\Windows\syswow64\KERNELBASE.dll!OpenMutexW 0000000075bc1371 5 bytes JMP 0000000173fa3691 .text C:\Program Files (x86)\KatMouse\KatMouse.exe[5844] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000075bc1d1b 5 bytes JMP 0000000173fa1951 .text C:\Program Files (x86)\KatMouse\KatMouse.exe[5844] C:\Windows\syswow64\KERNELBASE.dll!GetProcAddress 0000000075bc1e07 5 bytes JMP 0000000173fa2401 .text C:\Program Files (x86)\KatMouse\KatMouse.exe[5844] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000075bc2aa4 5 bytes JMP 0000000173fa5a91 .text C:\Program Files (x86)\KatMouse\KatMouse.exe[5844] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExA 0000000075bc2ccc 5 bytes JMP 0000000173fa5a01 .text C:\Program Files (x86)\KatMouse\KatMouse.exe[5844] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000075bc2d0a 5 bytes JMP 0000000173fa5b21 .text C:\Program Files (x86)\KatMouse\KatMouse.exe[5844] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleA 0000000075bc2e6d 5 bytes JMP 0000000173fa18c1 .text C:\Program Files (x86)\KatMouse\KatMouse.exe[5844] C:\Windows\syswow64\KERNELBASE.dll!SleepEx 0000000075bc3b63 5 bytes JMP 0000000173fa21c1 .text C:\Program Files (x86)\KatMouse\KatMouse.exe[5844] C:\Windows\syswow64\KERNELBASE.dll!Sleep 0000000075bc4489 5 bytes JMP 0000000173fa2371 .text C:\Program Files (x86)\KatMouse\KatMouse.exe[5844] C:\Windows\syswow64\KERNELBASE.dll!CreateThread 0000000075bc45fb 5 bytes JMP 0000000173fa3211 .text C:\Program Files (x86)\KatMouse\KatMouse.exe[5844] C:\Windows\syswow64\KERNELBASE.dll!CreateRemoteThread 0000000075bc4624 5 bytes JMP 0000000173fa2b51 .text C:\Program Files (x86)\KatMouse\KatMouse.exe[5844] C:\Windows\syswow64\KERNELBASE.dll!CreateFileA 0000000075bcc72c 5 bytes JMP 0000000173fa26d1 .text C:\Program Files (x86)\KatMouse\KatMouse.exe[5844] C:\Windows\syswow64\USER32.dll!GetMessageW 00000000758b78e2 5 bytes JMP 0000000173fa4021 .text C:\Program Files (x86)\KatMouse\KatMouse.exe[5844] C:\Windows\syswow64\USER32.dll!GetMessageA 00000000758b7bd3 5 bytes JMP 0000000173fa3f91 .text C:\Program Files (x86)\KatMouse\KatMouse.exe[5844] C:\Windows\syswow64\USER32.dll!CreateWindowExW 00000000758b8a29 5 bytes JMP 0000000173fa52b1 .text C:\Program Files (x86)\KatMouse\KatMouse.exe[5844] C:\Windows\syswow64\USER32.dll!FindWindowW 00000000758b98fd 5 bytes JMP 0000000173fa5cd1 .text C:\Program Files (x86)\KatMouse\KatMouse.exe[5844] C:\Windows\syswow64\USER32.dll!UserClientDllInitialize 00000000758bb6ed 5 bytes JMP 0000000173fa6811 .text C:\Program Files (x86)\KatMouse\KatMouse.exe[5844] C:\Windows\syswow64\USER32.dll!CreateWindowExA 00000000758bd22e 5 bytes JMP 0000000173fa5341 .text C:\Program Files (x86)\KatMouse\KatMouse.exe[5844] C:\Windows\syswow64\USER32.dll!FindWindowA 00000000758bffe6 5 bytes JMP 0000000173fa5bb1 .text C:\Program Files (x86)\KatMouse\KatMouse.exe[5844] C:\Windows\syswow64\USER32.dll!FindWindowExA 00000000758c00d9 5 bytes JMP 0000000173fa5c41 .text C:\Program Files (x86)\KatMouse\KatMouse.exe[5844] C:\Windows\syswow64\USER32.dll!PeekMessageW 00000000758c05ba 5 bytes JMP 0000000173fa4141 .text C:\Program Files (x86)\KatMouse\KatMouse.exe[5844] C:\Windows\syswow64\USER32.dll!ShowWindow 00000000758c0dfb 5 bytes JMP 0000000173fa53d1 .text C:\Program Files (x86)\KatMouse\KatMouse.exe[5844] C:\Windows\syswow64\USER32.dll!PostMessageW 00000000758c12a5 5 bytes JMP 0000000173fa64b1 .text C:\Program Files (x86)\KatMouse\KatMouse.exe[5844] C:\Windows\syswow64\USER32.dll!SetWindowTextW 00000000758c20ec 5 bytes JMP 0000000173fa5731 .text C:\Program Files (x86)\KatMouse\KatMouse.exe[5844] C:\Windows\syswow64\USER32.dll!PostMessageA 00000000758c3baa 5 bytes JMP 0000000173fa6421 .text C:\Program Files (x86)\KatMouse\KatMouse.exe[5844] C:\Windows\syswow64\USER32.dll!PeekMessageA 00000000758c5f74 5 bytes JMP 0000000173fa40b1 .text C:\Program Files (x86)\KatMouse\KatMouse.exe[5844] C:\Windows\syswow64\USER32.dll!CallNextHookEx 00000000758c6285 5 bytes JMP 0000000173fa4771 .text C:\Program Files (x86)\KatMouse\KatMouse.exe[5844] C:\Windows\syswow64\USER32.dll!SetWindowsHookExW 00000000758c7603 5 bytes JMP 0000000173fa2ac1 .text C:\Program Files (x86)\KatMouse\KatMouse.exe[5844] C:\Windows\syswow64\USER32.dll!SetWindowTextA 00000000758c7aee 5 bytes JMP 0000000173fa56a1 .text C:\Program Files (x86)\KatMouse\KatMouse.exe[5844] C:\Windows\syswow64\USER32.dll!SetWindowsHookExA 00000000758c835c 5 bytes JMP 0000000173fa2a31 .text C:\Program Files (x86)\KatMouse\KatMouse.exe[5844] C:\Windows\syswow64\USER32.dll!DialogBoxIndirectParamAorW 00000000758dce54 5 bytes JMP 0000000173fa54f1 .text C:\Program Files (x86)\KatMouse\KatMouse.exe[5844] C:\Windows\syswow64\USER32.dll!UnhookWindowsHookEx 00000000758df52b 5 bytes JMP 0000000173fa4801 .text C:\Program Files (x86)\KatMouse\KatMouse.exe[5844] C:\Windows\syswow64\USER32.dll!FindWindowExW 00000000758df588 5 bytes JMP 0000000173fa5d61 .text C:\Program Files (x86)\KatMouse\KatMouse.exe[5844] C:\Windows\syswow64\USER32.dll!CreateDialogIndirectParamAorW 00000000758e10a0 5 bytes JMP 0000000173fa5461 .text C:\Program Files (x86)\KatMouse\KatMouse.exe[5844] C:\Windows\syswow64\USER32.dll!MessageBoxExA 000000007590fcd6 5 bytes JMP 0000000173fa5581 .text C:\Program Files (x86)\KatMouse\KatMouse.exe[5844] C:\Windows\syswow64\USER32.dll!MessageBoxExW 000000007590fcfa 5 bytes JMP 0000000173fa5611 .text C:\Program Files (x86)\KatMouse\KatMouse.exe[5844] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000074d51465 2 bytes [D5, 74] .text C:\Program Files (x86)\KatMouse\KatMouse.exe[5844] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000074d514bb 2 bytes [D5, 74] .text ... * 2 .text C:\Program Files\ASUS\P4G\BatteryLife.exe[5264] C:\Windows\system32\kernel32.dll!Process32NextW + 1 0000000076e320f1 11 bytes [B8, B9, CE, 9D, 75, 00, 00, ...] .text C:\Program Files\ASUS\P4G\BatteryLife.exe[5264] C:\Windows\system32\kernel32.dll!CreateToolhelp32Snapshot 0000000076e321e0 12 bytes [48, B8, F9, 39, 9D, 75, 00, ...] .text C:\Program Files\ASUS\P4G\BatteryLife.exe[5264] C:\Windows\system32\kernel32.dll!CreateProcessInternalW 0000000076e4e750 12 bytes [48, B8, B9, 2D, 9D, 75, 00, ...] .text C:\Program Files\ASUS\P4G\BatteryLife.exe[5264] C:\Windows\system32\kernel32.dll!GetStartupInfoA + 1 0000000076e51e31 11 bytes [B8, 39, E0, 9D, 75, 00, 00, ...] .text C:\Program Files\ASUS\P4G\BatteryLife.exe[5264] C:\Windows\system32\kernel32.dll!ReadConsoleInputW + 1 0000000076e85011 11 bytes [B8, 79, 75, 9D, 75, 00, 00, ...] .text C:\Program Files\ASUS\P4G\BatteryLife.exe[5264] C:\Windows\system32\kernel32.dll!ReadConsoleInputA + 1 0000000076e85031 11 bytes [B8, F9, 71, 9D, 75, 00, 00, ...] .text C:\Program Files\ASUS\P4G\BatteryLife.exe[5264] C:\Windows\system32\kernel32.dll!ReadConsoleW 0000000076e9a560 12 bytes [48, B8, 79, 7C, 9D, 75, 00, ...] .text C:\Program Files\ASUS\P4G\BatteryLife.exe[5264] C:\Windows\system32\kernel32.dll!ReadConsoleA 0000000076e9a670 12 bytes [48, B8, F9, 78, 9D, 75, 00, ...] .text C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe[5300] C:\Windows\SysWOW64\ntdll.dll!NtWriteFile 000000007714f908 5 bytes JMP 0000000173fa6661 .text C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe[5300] C:\Windows\SysWOW64\ntdll.dll!NtClose 000000007714f9c0 5 bytes JMP 0000000173fa5f11 .text C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe[5300] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationProcess 000000007714fb08 5 bytes JMP 0000000173fa5971 .text C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe[5300] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess 000000007714fc00 5 bytes JMP 0000000173fa3061 .text C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe[5300] C:\Windows\SysWOW64\ntdll.dll!NtMapViewOfSection 000000007714fc30 5 bytes JMP 0000000173fa15f1 .text C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe[5300] C:\Windows\SysWOW64\ntdll.dll!NtUnmapViewOfSection 000000007714fc60 5 bytes JMP 0000000173fa1681 .text C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe[5300] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 000000007714fc90 5 bytes JMP 0000000173fa58e1 .text C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe[5300] C:\Windows\SysWOW64\ntdll.dll!NtOpenSection 000000007714fda8 5 bytes JMP 0000000173fa65d1 .text C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe[5300] C:\Windows\SysWOW64\ntdll.dll!NtWriteVirtualMemory 000000007714fdf4 5 bytes JMP 0000000173fa2f41 .text C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe[5300] C:\Windows\SysWOW64\ntdll.dll!NtDuplicateObject 000000007714fe24 5 bytes JMP 0000000173fa3181 .text C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe[5300] C:\Windows\SysWOW64\ntdll.dll!NtQueueApcThread 000000007714ff04 5 bytes JMP 0000000173fa30f1 .text C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe[5300] C:\Windows\SysWOW64\ntdll.dll!NtCreateSection 000000007714ff84 5 bytes JMP 0000000173fa66f1 .text C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe[5300] C:\Windows\SysWOW64\ntdll.dll!NtCreateProcessEx 000000007714ffcc 5 bytes JMP 0000000173fa2d91 .text C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe[5300] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread 000000007714ffe4 5 bytes JMP 0000000173fa2c71 .text C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe[5300] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile 0000000077150094 5 bytes JMP 0000000173fa1e61 .text C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe[5300] C:\Windows\SysWOW64\ntdll.dll!NtSetValueKey 00000000771501a4 5 bytes JMP 0000000173fa2251 .text C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe[5300] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant 000000007715077c 5 bytes JMP 0000000173fa6541 .text C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe[5300] C:\Windows\SysWOW64\ntdll.dll!NtCreateProcess 00000000771507f4 5 bytes JMP 0000000173fa2d01 .text C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe[5300] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx 0000000077150884 5 bytes JMP 0000000173fa2be1 .text C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe[5300] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver 0000000077150dd4 5 bytes JMP 0000000173fa5fa1 .text C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe[5300] C:\Windows\SysWOW64\ntdll.dll!NtRaiseHardError 00000000771515e4 5 bytes JMP 0000000173fa4651 .text C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe[5300] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread 0000000077151900 5 bytes JMP 0000000173fa2fd1 .text C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe[5300] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation 0000000077151bc4 5 bytes JMP 0000000173fa6031 .text C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe[5300] C:\Windows\SysWOW64\ntdll.dll!NtSystemDebugControl 0000000077151d6c 5 bytes JMP 0000000173fa6781 .text C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe[5300] C:\Windows\SysWOW64\ntdll.dll!NtVdmControl 0000000077151ec8 5 bytes JMP 0000000173fa6391 .text C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe[5300] C:\Windows\SysWOW64\ntdll.dll!RtlQueryPerformanceCounter 00000000771688a4 5 bytes JMP 0000000173fa1a71 .text C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe[5300] C:\Windows\SysWOW64\ntdll.dll!RtlCreateProcessParametersEx 0000000077190cfb 5 bytes JMP 0000000173fa1f81 .text C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe[5300] C:\Windows\SysWOW64\ntdll.dll!RtlReportException 00000000771d857f 5 bytes JMP 0000000173fa46e1 .text C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe[5300] C:\Windows\SysWOW64\ntdll.dll!RtlCreateProcessParameters 00000000771de81b 5 bytes JMP 0000000173fa1ef1 .text C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe[5300] C:\Windows\syswow64\kernel32.dll!GetStartupInfoA 0000000075550e00 5 bytes JMP 0000000173fa1d41 .text C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe[5300] C:\Windows\syswow64\kernel32.dll!CreateProcessA 0000000075551072 5 bytes JMP 0000000173fa2911 .text C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe[5300] C:\Windows\syswow64\kernel32.dll!LoadLibraryA 00000000755549bf 5 bytes JMP 0000000173fa2521 .text C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe[5300] C:\Windows\syswow64\kernel32.dll!CreateProcessInternalW 0000000075563bdb 5 bytes JMP 0000000173fa2eb1 .text C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe[5300] C:\Windows\syswow64\kernel32.dll!CreateToolhelp32Snapshot 0000000075577347 5 bytes JMP 0000000173fa2641 .text C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe[5300] C:\Windows\syswow64\kernel32.dll!Process32NextW 0000000075578954 5 bytes JMP 0000000173fa5e81 .text C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe[5300] C:\Windows\syswow64\kernel32.dll!WinExec 00000000755d2c91 5 bytes JMP 0000000173fa27f1 .text C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe[5300] C:\Windows\syswow64\kernel32.dll!ReadConsoleInputA 00000000755f6f6b 5 bytes JMP 0000000173fa4261 .text C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe[5300] C:\Windows\syswow64\kernel32.dll!ReadConsoleInputW 00000000755f6f8e 5 bytes JMP 0000000173fa4381 .text C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe[5300] C:\Windows\syswow64\kernel32.dll!ReadConsoleA 00000000755f7339 5 bytes JMP 0000000173fa44a1 .text C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe[5300] C:\Windows\syswow64\kernel32.dll!ReadConsoleW 00000000755f73b2 5 bytes JMP 0000000173fa45c1 .text C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe[5300] C:\Windows\syswow64\KERNELBASE.dll!GetSystemTimeAsFileTime 0000000075bb8f7d 5 bytes JMP 0000000173fa19e1 .text C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe[5300] C:\Windows\syswow64\KERNELBASE.dll!CloseHandle 0000000075bbc428 5 bytes JMP 0000000173fa37b1 .text C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe[5300] C:\Windows\syswow64\KERNELBASE.dll!WriteProcessMemory 0000000075bbec98 5 bytes JMP 0000000173fa32a1 .text C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe[5300] C:\Windows\syswow64\KERNELBASE.dll!ExitProcess 0000000075bbf1f8 5 bytes JMP 0000000173fa22e1 .text C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe[5300] C:\Windows\syswow64\KERNELBASE.dll!GetStartupInfoW 0000000075bbfa7b 5 bytes JMP 0000000173fa1dd1 .text C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe[5300] C:\Windows\syswow64\KERNELBASE.dll!CreateMutexW 0000000075bc134a 5 bytes JMP 0000000173fa3721 .text C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe[5300] C:\Windows\syswow64\KERNELBASE.dll!OpenMutexW 0000000075bc1371 5 bytes JMP 0000000173fa3691 .text C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe[5300] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000075bc1d1b 5 bytes JMP 0000000173fa1951 .text C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe[5300] C:\Windows\syswow64\KERNELBASE.dll!GetProcAddress 0000000075bc1e07 5 bytes JMP 0000000173fa2401 .text C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe[5300] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000075bc2aa4 5 bytes JMP 0000000173fa5a91 .text C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe[5300] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExA 0000000075bc2ccc 5 bytes JMP 0000000173fa5a01 .text C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe[5300] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000075bc2d0a 5 bytes JMP 0000000173fa5b21 .text C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe[5300] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleA 0000000075bc2e6d 5 bytes JMP 0000000173fa18c1 .text C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe[5300] C:\Windows\syswow64\KERNELBASE.dll!SleepEx 0000000075bc3b63 5 bytes JMP 0000000173fa21c1 .text C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe[5300] C:\Windows\syswow64\KERNELBASE.dll!Sleep 0000000075bc4489 5 bytes JMP 0000000173fa2371 .text C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe[5300] C:\Windows\syswow64\KERNELBASE.dll!CreateThread 0000000075bc45fb 5 bytes JMP 0000000173fa3211 .text C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe[5300] C:\Windows\syswow64\KERNELBASE.dll!CreateRemoteThread 0000000075bc4624 5 bytes JMP 0000000173fa2b51 .text C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe[5300] C:\Windows\syswow64\KERNELBASE.dll!CreateFileA 0000000075bcc72c 5 bytes JMP 0000000173fa26d1 .text C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe[5300] C:\Windows\syswow64\USER32.dll!GetMessageW 00000000758b78e2 5 bytes JMP 0000000173fa4021 .text C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe[5300] C:\Windows\syswow64\USER32.dll!GetMessageA 00000000758b7bd3 5 bytes JMP 0000000173fa3f91 .text C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe[5300] C:\Windows\syswow64\USER32.dll!CreateWindowExW 00000000758b8a29 5 bytes JMP 0000000173fa52b1 .text C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe[5300] C:\Windows\syswow64\USER32.dll!FindWindowW 00000000758b98fd 5 bytes JMP 0000000173fa5cd1 .text C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe[5300] C:\Windows\syswow64\USER32.dll!UserClientDllInitialize 00000000758bb6ed 5 bytes JMP 0000000173fa6811 .text C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe[5300] C:\Windows\syswow64\USER32.dll!CreateWindowExA 00000000758bd22e 5 bytes JMP 0000000173fa5341 .text C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe[5300] C:\Windows\syswow64\USER32.dll!FindWindowA 00000000758bffe6 5 bytes JMP 0000000173fa5bb1 .text C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe[5300] C:\Windows\syswow64\USER32.dll!FindWindowExA 00000000758c00d9 5 bytes JMP 0000000173fa5c41 .text C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe[5300] C:\Windows\syswow64\USER32.dll!PeekMessageW 00000000758c05ba 5 bytes JMP 0000000173fa4141 .text C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe[5300] C:\Windows\syswow64\USER32.dll!ShowWindow 00000000758c0dfb 5 bytes JMP 0000000173fa53d1 .text C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe[5300] C:\Windows\syswow64\USER32.dll!PostMessageW 00000000758c12a5 5 bytes JMP 0000000173fa64b1 .text C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe[5300] C:\Windows\syswow64\USER32.dll!SetWindowTextW 00000000758c20ec 5 bytes JMP 0000000173fa5731 .text C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe[5300] C:\Windows\syswow64\USER32.dll!PostMessageA 00000000758c3baa 5 bytes JMP 0000000173fa6421 .text C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe[5300] C:\Windows\syswow64\USER32.dll!PeekMessageA 00000000758c5f74 5 bytes JMP 0000000173fa40b1 .text C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe[5300] C:\Windows\syswow64\USER32.dll!CallNextHookEx 00000000758c6285 5 bytes JMP 0000000173fa4771 .text C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe[5300] C:\Windows\syswow64\USER32.dll!SetWindowsHookExW 00000000758c7603 5 bytes JMP 0000000173fa2ac1 .text C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe[5300] C:\Windows\syswow64\USER32.dll!SetWindowTextA 00000000758c7aee 5 bytes JMP 0000000173fa56a1 .text C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe[5300] C:\Windows\syswow64\USER32.dll!SetWindowsHookExA 00000000758c835c 5 bytes JMP 0000000173fa2a31 .text C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe[5300] C:\Windows\syswow64\USER32.dll!DialogBoxIndirectParamAorW 00000000758dce54 5 bytes JMP 0000000173fa54f1 .text C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe[5300] C:\Windows\syswow64\USER32.dll!UnhookWindowsHookEx 00000000758df52b 5 bytes JMP 0000000173fa4801 .text C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe[5300] C:\Windows\syswow64\USER32.dll!FindWindowExW 00000000758df588 5 bytes JMP 0000000173fa5d61 .text C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe[5300] C:\Windows\syswow64\USER32.dll!CreateDialogIndirectParamAorW 00000000758e10a0 5 bytes JMP 0000000173fa5461 .text C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe[5300] C:\Windows\syswow64\USER32.dll!MessageBoxExA 000000007590fcd6 5 bytes JMP 0000000173fa5581 .text C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe[5300] C:\Windows\syswow64\USER32.dll!MessageBoxExW 000000007590fcfa 5 bytes JMP 0000000173fa5611 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe[5484] C:\Windows\SysWOW64\ntdll.dll!NtWriteFile 000000007714f908 5 bytes JMP 0000000173fa6661 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe[5484] C:\Windows\SysWOW64\ntdll.dll!NtClose 000000007714f9c0 5 bytes JMP 0000000173fa5f11 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe[5484] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationProcess 000000007714fb08 5 bytes JMP 0000000173fa5971 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe[5484] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess 000000007714fc00 5 bytes JMP 0000000173fa3061 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe[5484] C:\Windows\SysWOW64\ntdll.dll!NtMapViewOfSection 000000007714fc30 5 bytes JMP 0000000173fa15f1 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe[5484] C:\Windows\SysWOW64\ntdll.dll!NtUnmapViewOfSection 000000007714fc60 5 bytes JMP 0000000173fa1681 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe[5484] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 000000007714fc90 5 bytes JMP 0000000173fa58e1 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe[5484] C:\Windows\SysWOW64\ntdll.dll!NtOpenSection 000000007714fda8 5 bytes JMP 0000000173fa65d1 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe[5484] C:\Windows\SysWOW64\ntdll.dll!NtWriteVirtualMemory 000000007714fdf4 5 bytes JMP 0000000173fa2f41 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe[5484] C:\Windows\SysWOW64\ntdll.dll!NtDuplicateObject 000000007714fe24 5 bytes JMP 0000000173fa3181 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe[5484] C:\Windows\SysWOW64\ntdll.dll!NtQueueApcThread 000000007714ff04 5 bytes JMP 0000000173fa30f1 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe[5484] C:\Windows\SysWOW64\ntdll.dll!NtCreateSection 000000007714ff84 5 bytes JMP 0000000173fa66f1 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe[5484] C:\Windows\SysWOW64\ntdll.dll!NtCreateProcessEx 000000007714ffcc 5 bytes JMP 0000000173fa2d91 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe[5484] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread 000000007714ffe4 5 bytes JMP 0000000173fa2c71 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe[5484] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile 0000000077150094 5 bytes JMP 0000000173fa1e61 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe[5484] C:\Windows\SysWOW64\ntdll.dll!NtSetValueKey 00000000771501a4 5 bytes JMP 0000000173fa2251 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe[5484] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant 000000007715077c 5 bytes JMP 0000000173fa6541 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe[5484] C:\Windows\SysWOW64\ntdll.dll!NtCreateProcess 00000000771507f4 5 bytes JMP 0000000173fa2d01 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe[5484] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx 0000000077150884 5 bytes JMP 0000000173fa2be1 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe[5484] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver 0000000077150dd4 5 bytes JMP 0000000173fa5fa1 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe[5484] C:\Windows\SysWOW64\ntdll.dll!NtRaiseHardError 00000000771515e4 5 bytes JMP 0000000173fa4651 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe[5484] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread 0000000077151900 5 bytes JMP 0000000173fa2fd1 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe[5484] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation 0000000077151bc4 5 bytes JMP 0000000173fa6031 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe[5484] C:\Windows\SysWOW64\ntdll.dll!NtSystemDebugControl 0000000077151d6c 5 bytes JMP 0000000173fa6781 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe[5484] C:\Windows\SysWOW64\ntdll.dll!NtVdmControl 0000000077151ec8 5 bytes JMP 0000000173fa6391 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe[5484] C:\Windows\SysWOW64\ntdll.dll!RtlQueryPerformanceCounter 00000000771688a4 5 bytes JMP 0000000173fa1a71 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe[5484] C:\Windows\SysWOW64\ntdll.dll!RtlCreateProcessParametersEx 0000000077190cfb 5 bytes JMP 0000000173fa1f81 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe[5484] C:\Windows\SysWOW64\ntdll.dll!RtlReportException 00000000771d857f 5 bytes JMP 0000000173fa46e1 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe[5484] C:\Windows\SysWOW64\ntdll.dll!RtlCreateProcessParameters 00000000771de81b 5 bytes JMP 0000000173fa1ef1 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe[5484] C:\Windows\syswow64\kernel32.dll!GetStartupInfoA 0000000075550e00 5 bytes JMP 0000000173fa1d41 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe[5484] C:\Windows\syswow64\kernel32.dll!CreateProcessA 0000000075551072 5 bytes JMP 0000000173fa2911 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe[5484] C:\Windows\syswow64\kernel32.dll!LoadLibraryA 00000000755549bf 5 bytes JMP 0000000173fa2521 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe[5484] C:\Windows\syswow64\kernel32.dll!CreateProcessInternalW 0000000075563bdb 5 bytes JMP 0000000173fa2eb1 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe[5484] C:\Windows\syswow64\kernel32.dll!CreateToolhelp32Snapshot 0000000075577347 5 bytes JMP 0000000173fa2641 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe[5484] C:\Windows\syswow64\kernel32.dll!Process32NextW 0000000075578954 5 bytes JMP 0000000173fa5e81 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe[5484] C:\Windows\syswow64\kernel32.dll!WinExec 00000000755d2c91 5 bytes JMP 0000000173fa27f1 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe[5484] C:\Windows\syswow64\kernel32.dll!ReadConsoleInputA 00000000755f6f6b 5 bytes JMP 0000000173fa4261 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe[5484] C:\Windows\syswow64\kernel32.dll!ReadConsoleInputW 00000000755f6f8e 5 bytes JMP 0000000173fa4381 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe[5484] C:\Windows\syswow64\kernel32.dll!ReadConsoleA 00000000755f7339 5 bytes JMP 0000000173fa44a1 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe[5484] C:\Windows\syswow64\kernel32.dll!ReadConsoleW 00000000755f73b2 5 bytes JMP 0000000173fa45c1 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe[5484] C:\Windows\syswow64\KERNELBASE.dll!GetSystemTimeAsFileTime 0000000075bb8f7d 5 bytes JMP 0000000173fa19e1 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe[5484] C:\Windows\syswow64\KERNELBASE.dll!CloseHandle 0000000075bbc428 5 bytes JMP 0000000173fa37b1 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe[5484] C:\Windows\syswow64\KERNELBASE.dll!WriteProcessMemory 0000000075bbec98 5 bytes JMP 0000000173fa32a1 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe[5484] C:\Windows\syswow64\KERNELBASE.dll!ExitProcess 0000000075bbf1f8 5 bytes JMP 0000000173fa22e1 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe[5484] C:\Windows\syswow64\KERNELBASE.dll!GetStartupInfoW 0000000075bbfa7b 5 bytes JMP 0000000173fa1dd1 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe[5484] C:\Windows\syswow64\KERNELBASE.dll!CreateMutexW 0000000075bc134a 5 bytes JMP 0000000173fa3721 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe[5484] C:\Windows\syswow64\KERNELBASE.dll!OpenMutexW 0000000075bc1371 5 bytes JMP 0000000173fa3691 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe[5484] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000075bc1d1b 5 bytes JMP 0000000173fa1951 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe[5484] C:\Windows\syswow64\KERNELBASE.dll!GetProcAddress 0000000075bc1e07 5 bytes JMP 0000000173fa2401 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe[5484] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000075bc2aa4 5 bytes JMP 0000000173fa5a91 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe[5484] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExA 0000000075bc2ccc 5 bytes JMP 0000000173fa5a01 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe[5484] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000075bc2d0a 5 bytes JMP 0000000173fa5b21 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe[5484] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleA 0000000075bc2e6d 5 bytes JMP 0000000173fa18c1 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe[5484] C:\Windows\syswow64\KERNELBASE.dll!SleepEx 0000000075bc3b63 5 bytes JMP 0000000173fa21c1 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe[5484] C:\Windows\syswow64\KERNELBASE.dll!Sleep 0000000075bc4489 5 bytes JMP 0000000173fa2371 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe[5484] C:\Windows\syswow64\KERNELBASE.dll!CreateThread 0000000075bc45fb 5 bytes JMP 0000000173fa3211 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe[5484] C:\Windows\syswow64\KERNELBASE.dll!CreateRemoteThread 0000000075bc4624 5 bytes JMP 0000000173fa2b51 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe[5484] C:\Windows\syswow64\KERNELBASE.dll!CreateFileA 0000000075bcc72c 5 bytes JMP 0000000173fa26d1 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe[5484] C:\Windows\syswow64\USER32.dll!GetMessageW 00000000758b78e2 5 bytes JMP 0000000173fa4021 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe[5484] C:\Windows\syswow64\USER32.dll!GetMessageA 00000000758b7bd3 5 bytes JMP 0000000173fa3f91 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe[5484] C:\Windows\syswow64\USER32.dll!CreateWindowExW 00000000758b8a29 5 bytes JMP 0000000173fa52b1 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe[5484] C:\Windows\syswow64\USER32.dll!FindWindowW 00000000758b98fd 5 bytes JMP 0000000173fa5cd1 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe[5484] C:\Windows\syswow64\USER32.dll!UserClientDllInitialize 00000000758bb6ed 5 bytes JMP 0000000173fa6811 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe[5484] C:\Windows\syswow64\USER32.dll!CreateWindowExA 00000000758bd22e 5 bytes JMP 0000000173fa5341 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe[5484] C:\Windows\syswow64\USER32.dll!FindWindowA 00000000758bffe6 5 bytes JMP 0000000173fa5bb1 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe[5484] C:\Windows\syswow64\USER32.dll!FindWindowExA 00000000758c00d9 5 bytes JMP 0000000173fa5c41 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe[5484] C:\Windows\syswow64\USER32.dll!PeekMessageW 00000000758c05ba 5 bytes JMP 0000000173fa4141 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe[5484] C:\Windows\syswow64\USER32.dll!ShowWindow 00000000758c0dfb 5 bytes JMP 0000000173fa53d1 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe[5484] C:\Windows\syswow64\USER32.dll!PostMessageW 00000000758c12a5 5 bytes JMP 0000000173fa64b1 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe[5484] C:\Windows\syswow64\USER32.dll!SetWindowTextW 00000000758c20ec 5 bytes JMP 0000000173fa5731 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe[5484] C:\Windows\syswow64\USER32.dll!PostMessageA 00000000758c3baa 5 bytes JMP 0000000173fa6421 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe[5484] C:\Windows\syswow64\USER32.dll!PeekMessageA 00000000758c5f74 5 bytes JMP 0000000173fa40b1 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe[5484] C:\Windows\syswow64\USER32.dll!CallNextHookEx 00000000758c6285 5 bytes JMP 0000000173fa4771 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe[5484] C:\Windows\syswow64\USER32.dll!SetWindowsHookExW 00000000758c7603 5 bytes JMP 0000000173fa2ac1 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe[5484] C:\Windows\syswow64\USER32.dll!SetWindowTextA 00000000758c7aee 5 bytes JMP 0000000173fa56a1 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe[5484] C:\Windows\syswow64\USER32.dll!SetWindowsHookExA 00000000758c835c 5 bytes JMP 0000000173fa2a31 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe[5484] C:\Windows\syswow64\USER32.dll!DialogBoxIndirectParamAorW 00000000758dce54 5 bytes JMP 0000000173fa54f1 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe[5484] C:\Windows\syswow64\USER32.dll!UnhookWindowsHookEx 00000000758df52b 5 bytes JMP 0000000173fa4801 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe[5484] C:\Windows\syswow64\USER32.dll!FindWindowExW 00000000758df588 5 bytes JMP 0000000173fa5d61 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe[5484] C:\Windows\syswow64\USER32.dll!CreateDialogIndirectParamAorW 00000000758e10a0 5 bytes JMP 0000000173fa5461 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe[5484] C:\Windows\syswow64\USER32.dll!MessageBoxExA 000000007590fcd6 5 bytes JMP 0000000173fa5581 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe[5484] C:\Windows\syswow64\USER32.dll!MessageBoxExW 000000007590fcfa 5 bytes JMP 0000000173fa5611 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe[5584] C:\Windows\SysWOW64\ntdll.dll!NtWriteFile 000000007714f908 5 bytes JMP 0000000173fa6661 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe[5584] C:\Windows\SysWOW64\ntdll.dll!NtClose 000000007714f9c0 5 bytes JMP 0000000173fa5f11 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe[5584] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationProcess 000000007714fb08 5 bytes JMP 0000000173fa5971 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe[5584] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess 000000007714fc00 5 bytes JMP 0000000173fa3061 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe[5584] C:\Windows\SysWOW64\ntdll.dll!NtMapViewOfSection 000000007714fc30 5 bytes JMP 0000000173fa15f1 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe[5584] C:\Windows\SysWOW64\ntdll.dll!NtUnmapViewOfSection 000000007714fc60 5 bytes JMP 0000000173fa1681 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe[5584] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 000000007714fc90 5 bytes JMP 0000000173fa58e1 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe[5584] C:\Windows\SysWOW64\ntdll.dll!NtOpenSection 000000007714fda8 5 bytes JMP 0000000173fa65d1 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe[5584] C:\Windows\SysWOW64\ntdll.dll!NtWriteVirtualMemory 000000007714fdf4 5 bytes JMP 0000000173fa2f41 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe[5584] C:\Windows\SysWOW64\ntdll.dll!NtDuplicateObject 000000007714fe24 5 bytes JMP 0000000173fa3181 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe[5584] C:\Windows\SysWOW64\ntdll.dll!NtQueueApcThread 000000007714ff04 5 bytes JMP 0000000173fa30f1 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe[5584] C:\Windows\SysWOW64\ntdll.dll!NtCreateSection 000000007714ff84 5 bytes JMP 0000000173fa66f1 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe[5584] C:\Windows\SysWOW64\ntdll.dll!NtCreateProcessEx 000000007714ffcc 5 bytes JMP 0000000173fa2d91 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe[5584] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread 000000007714ffe4 5 bytes JMP 0000000173fa2c71 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe[5584] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile 0000000077150094 5 bytes JMP 0000000173fa1e61 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe[5584] C:\Windows\SysWOW64\ntdll.dll!NtSetValueKey 00000000771501a4 5 bytes JMP 0000000173fa2251 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe[5584] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant 000000007715077c 5 bytes JMP 0000000173fa6541 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe[5584] C:\Windows\SysWOW64\ntdll.dll!NtCreateProcess 00000000771507f4 5 bytes JMP 0000000173fa2d01 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe[5584] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx 0000000077150884 5 bytes JMP 0000000173fa2be1 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe[5584] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver 0000000077150dd4 5 bytes JMP 0000000173fa5fa1 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe[5584] C:\Windows\SysWOW64\ntdll.dll!NtRaiseHardError 00000000771515e4 5 bytes JMP 0000000173fa4651 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe[5584] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread 0000000077151900 5 bytes JMP 0000000173fa2fd1 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe[5584] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation 0000000077151bc4 5 bytes JMP 0000000173fa6031 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe[5584] C:\Windows\SysWOW64\ntdll.dll!NtSystemDebugControl 0000000077151d6c 5 bytes JMP 0000000173fa6781 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe[5584] C:\Windows\SysWOW64\ntdll.dll!NtVdmControl 0000000077151ec8 5 bytes JMP 0000000173fa6391 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe[5584] C:\Windows\SysWOW64\ntdll.dll!RtlQueryPerformanceCounter 00000000771688a4 5 bytes JMP 0000000173fa1a71 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe[5584] C:\Windows\SysWOW64\ntdll.dll!RtlCreateProcessParametersEx 0000000077190cfb 5 bytes JMP 0000000173fa1f81 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe[5584] C:\Windows\SysWOW64\ntdll.dll!RtlReportException 00000000771d857f 5 bytes JMP 0000000173fa46e1 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe[5584] C:\Windows\SysWOW64\ntdll.dll!RtlCreateProcessParameters 00000000771de81b 5 bytes JMP 0000000173fa1ef1 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe[5584] C:\Windows\syswow64\kernel32.dll!GetStartupInfoA 0000000075550e00 5 bytes JMP 0000000173fa1d41 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe[5584] C:\Windows\syswow64\kernel32.dll!CreateProcessA 0000000075551072 5 bytes JMP 0000000173fa2911 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe[5584] C:\Windows\syswow64\kernel32.dll!LoadLibraryA 00000000755549bf 5 bytes JMP 0000000173fa2521 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe[5584] C:\Windows\syswow64\kernel32.dll!CreateProcessInternalW 0000000075563bdb 5 bytes JMP 0000000173fa2eb1 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe[5584] C:\Windows\syswow64\kernel32.dll!CreateToolhelp32Snapshot 0000000075577347 5 bytes JMP 0000000173fa2641 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe[5584] C:\Windows\syswow64\kernel32.dll!Process32NextW 0000000075578954 5 bytes JMP 0000000173fa5e81 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe[5584] C:\Windows\syswow64\kernel32.dll!WinExec 00000000755d2c91 5 bytes JMP 0000000173fa27f1 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe[5584] C:\Windows\syswow64\kernel32.dll!ReadConsoleInputA 00000000755f6f6b 5 bytes JMP 0000000173fa4261 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe[5584] C:\Windows\syswow64\kernel32.dll!ReadConsoleInputW 00000000755f6f8e 5 bytes JMP 0000000173fa4381 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe[5584] C:\Windows\syswow64\kernel32.dll!ReadConsoleA 00000000755f7339 5 bytes JMP 0000000173fa44a1 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe[5584] C:\Windows\syswow64\kernel32.dll!ReadConsoleW 00000000755f73b2 5 bytes JMP 0000000173fa45c1 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe[5584] C:\Windows\syswow64\KERNELBASE.dll!GetSystemTimeAsFileTime 0000000075bb8f7d 5 bytes JMP 0000000173fa19e1 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe[5584] C:\Windows\syswow64\KERNELBASE.dll!CloseHandle 0000000075bbc428 5 bytes JMP 0000000173fa37b1 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe[5584] C:\Windows\syswow64\KERNELBASE.dll!WriteProcessMemory 0000000075bbec98 5 bytes JMP 0000000173fa32a1 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe[5584] C:\Windows\syswow64\KERNELBASE.dll!ExitProcess 0000000075bbf1f8 5 bytes JMP 0000000173fa22e1 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe[5584] C:\Windows\syswow64\KERNELBASE.dll!GetStartupInfoW 0000000075bbfa7b 5 bytes JMP 0000000173fa1dd1 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe[5584] C:\Windows\syswow64\KERNELBASE.dll!CreateMutexW 0000000075bc134a 5 bytes JMP 0000000173fa3721 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe[5584] C:\Windows\syswow64\KERNELBASE.dll!OpenMutexW 0000000075bc1371 5 bytes JMP 0000000173fa3691 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe[5584] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000075bc1d1b 5 bytes JMP 0000000173fa1951 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe[5584] C:\Windows\syswow64\KERNELBASE.dll!GetProcAddress 0000000075bc1e07 5 bytes JMP 0000000173fa2401 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe[5584] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000075bc2aa4 5 bytes JMP 0000000173fa5a91 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe[5584] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExA 0000000075bc2ccc 5 bytes JMP 0000000173fa5a01 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe[5584] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000075bc2d0a 5 bytes JMP 0000000173fa5b21 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe[5584] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleA 0000000075bc2e6d 5 bytes JMP 0000000173fa18c1 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe[5584] C:\Windows\syswow64\KERNELBASE.dll!SleepEx 0000000075bc3b63 5 bytes JMP 0000000173fa21c1 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe[5584] C:\Windows\syswow64\KERNELBASE.dll!Sleep 0000000075bc4489 5 bytes JMP 0000000173fa2371 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe[5584] C:\Windows\syswow64\KERNELBASE.dll!CreateThread 0000000075bc45fb 5 bytes JMP 0000000173fa3211 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe[5584] C:\Windows\syswow64\KERNELBASE.dll!CreateRemoteThread 0000000075bc4624 5 bytes JMP 0000000173fa2b51 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe[5584] C:\Windows\syswow64\KERNELBASE.dll!CreateFileA 0000000075bcc72c 5 bytes JMP 0000000173fa26d1 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe[5584] C:\Windows\syswow64\USER32.dll!GetMessageW 00000000758b78e2 5 bytes JMP 0000000173fa4021 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe[5584] C:\Windows\syswow64\USER32.dll!GetMessageA 00000000758b7bd3 5 bytes JMP 0000000173fa3f91 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe[5584] C:\Windows\syswow64\USER32.dll!CreateWindowExW 00000000758b8a29 5 bytes JMP 0000000173fa52b1 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe[5584] C:\Windows\syswow64\USER32.dll!FindWindowW 00000000758b98fd 5 bytes JMP 0000000173fa5cd1 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe[5584] C:\Windows\syswow64\USER32.dll!UserClientDllInitialize 00000000758bb6ed 5 bytes JMP 0000000173fa6811 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe[5584] C:\Windows\syswow64\USER32.dll!CreateWindowExA 00000000758bd22e 5 bytes JMP 0000000173fa5341 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe[5584] C:\Windows\syswow64\USER32.dll!FindWindowA 00000000758bffe6 5 bytes JMP 0000000173fa5bb1 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe[5584] C:\Windows\syswow64\USER32.dll!FindWindowExA 00000000758c00d9 5 bytes JMP 0000000173fa5c41 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe[5584] C:\Windows\syswow64\USER32.dll!PeekMessageW 00000000758c05ba 5 bytes JMP 0000000173fa4141 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe[5584] C:\Windows\syswow64\USER32.dll!ShowWindow 00000000758c0dfb 5 bytes JMP 0000000173fa53d1 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe[5584] C:\Windows\syswow64\USER32.dll!PostMessageW 00000000758c12a5 5 bytes JMP 0000000173fa64b1 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe[5584] C:\Windows\syswow64\USER32.dll!SetWindowTextW 00000000758c20ec 5 bytes JMP 0000000173fa5731 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe[5584] C:\Windows\syswow64\USER32.dll!PostMessageA 00000000758c3baa 5 bytes JMP 0000000173fa6421 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe[5584] C:\Windows\syswow64\USER32.dll!PeekMessageA 00000000758c5f74 5 bytes JMP 0000000173fa40b1 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe[5584] C:\Windows\syswow64\USER32.dll!CallNextHookEx 00000000758c6285 5 bytes JMP 0000000173fa4771 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe[5584] C:\Windows\syswow64\USER32.dll!SetWindowsHookExW 00000000758c7603 5 bytes JMP 0000000173fa2ac1 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe[5584] C:\Windows\syswow64\USER32.dll!SetWindowTextA 00000000758c7aee 5 bytes JMP 0000000173fa56a1 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe[5584] C:\Windows\syswow64\USER32.dll!SetWindowsHookExA 00000000758c835c 5 bytes JMP 0000000173fa2a31 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe[5584] C:\Windows\syswow64\USER32.dll!DialogBoxIndirectParamAorW 00000000758dce54 5 bytes JMP 0000000173fa54f1 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe[5584] C:\Windows\syswow64\USER32.dll!UnhookWindowsHookEx 00000000758df52b 5 bytes JMP 0000000173fa4801 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe[5584] C:\Windows\syswow64\USER32.dll!FindWindowExW 00000000758df588 5 bytes JMP 0000000173fa5d61 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe[5584] C:\Windows\syswow64\USER32.dll!CreateDialogIndirectParamAorW 00000000758e10a0 5 bytes JMP 0000000173fa5461 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe[5584] C:\Windows\syswow64\USER32.dll!MessageBoxExA 000000007590fcd6 5 bytes JMP 0000000173fa5581 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe[5584] C:\Windows\syswow64\USER32.dll!MessageBoxExW 000000007590fcfa 5 bytes JMP 0000000173fa5611 .text C:\Program Files (x86)\ASUS\ASUS Sonic Focus\SonicFocusTray.exe[1360] C:\Windows\SysWOW64\ntdll.dll!NtWriteFile 000000007714f908 5 bytes JMP 0000000173fa6661 .text C:\Program Files (x86)\ASUS\ASUS Sonic Focus\SonicFocusTray.exe[1360] C:\Windows\SysWOW64\ntdll.dll!NtClose 000000007714f9c0 5 bytes JMP 0000000173fa5f11 .text C:\Program Files (x86)\ASUS\ASUS Sonic Focus\SonicFocusTray.exe[1360] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationProcess 000000007714fb08 5 bytes JMP 0000000173fa5971 .text C:\Program Files (x86)\ASUS\ASUS Sonic Focus\SonicFocusTray.exe[1360] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess 000000007714fc00 5 bytes JMP 0000000173fa3061 .text C:\Program Files (x86)\ASUS\ASUS Sonic Focus\SonicFocusTray.exe[1360] C:\Windows\SysWOW64\ntdll.dll!NtMapViewOfSection 000000007714fc30 5 bytes JMP 0000000173fa15f1 .text C:\Program Files (x86)\ASUS\ASUS Sonic Focus\SonicFocusTray.exe[1360] C:\Windows\SysWOW64\ntdll.dll!NtUnmapViewOfSection 000000007714fc60 5 bytes JMP 0000000173fa1681 .text C:\Program Files (x86)\ASUS\ASUS Sonic Focus\SonicFocusTray.exe[1360] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 000000007714fc90 5 bytes JMP 0000000173fa58e1 .text C:\Program Files (x86)\ASUS\ASUS Sonic Focus\SonicFocusTray.exe[1360] C:\Windows\SysWOW64\ntdll.dll!NtOpenSection 000000007714fda8 5 bytes JMP 0000000173fa65d1 .text C:\Program Files (x86)\ASUS\ASUS Sonic Focus\SonicFocusTray.exe[1360] C:\Windows\SysWOW64\ntdll.dll!NtWriteVirtualMemory 000000007714fdf4 5 bytes JMP 0000000173fa2f41 .text C:\Program Files (x86)\ASUS\ASUS Sonic Focus\SonicFocusTray.exe[1360] C:\Windows\SysWOW64\ntdll.dll!NtDuplicateObject 000000007714fe24 5 bytes JMP 0000000173fa3181 .text C:\Program Files (x86)\ASUS\ASUS Sonic Focus\SonicFocusTray.exe[1360] C:\Windows\SysWOW64\ntdll.dll!NtQueueApcThread 000000007714ff04 5 bytes JMP 0000000173fa30f1 .text C:\Program Files (x86)\ASUS\ASUS Sonic Focus\SonicFocusTray.exe[1360] C:\Windows\SysWOW64\ntdll.dll!NtCreateSection 000000007714ff84 5 bytes JMP 0000000173fa66f1 .text C:\Program Files (x86)\ASUS\ASUS Sonic Focus\SonicFocusTray.exe[1360] C:\Windows\SysWOW64\ntdll.dll!NtCreateProcessEx 000000007714ffcc 5 bytes JMP 0000000173fa2d91 .text C:\Program Files (x86)\ASUS\ASUS Sonic Focus\SonicFocusTray.exe[1360] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread 000000007714ffe4 5 bytes JMP 0000000173fa2c71 .text C:\Program Files (x86)\ASUS\ASUS Sonic Focus\SonicFocusTray.exe[1360] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile 0000000077150094 5 bytes JMP 0000000173fa1e61 .text C:\Program Files (x86)\ASUS\ASUS Sonic Focus\SonicFocusTray.exe[1360] C:\Windows\SysWOW64\ntdll.dll!NtSetValueKey 00000000771501a4 5 bytes JMP 0000000173fa2251 .text C:\Program Files (x86)\ASUS\ASUS Sonic Focus\SonicFocusTray.exe[1360] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant 000000007715077c 5 bytes JMP 0000000173fa6541 .text C:\Program Files (x86)\ASUS\ASUS Sonic Focus\SonicFocusTray.exe[1360] C:\Windows\SysWOW64\ntdll.dll!NtCreateProcess 00000000771507f4 5 bytes JMP 0000000173fa2d01 .text C:\Program Files (x86)\ASUS\ASUS Sonic Focus\SonicFocusTray.exe[1360] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx 0000000077150884 5 bytes JMP 0000000173fa2be1 .text C:\Program Files (x86)\ASUS\ASUS Sonic Focus\SonicFocusTray.exe[1360] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver 0000000077150dd4 5 bytes JMP 0000000173fa5fa1 .text C:\Program Files (x86)\ASUS\ASUS Sonic Focus\SonicFocusTray.exe[1360] C:\Windows\SysWOW64\ntdll.dll!NtRaiseHardError 00000000771515e4 5 bytes JMP 0000000173fa4651 .text C:\Program Files (x86)\ASUS\ASUS Sonic Focus\SonicFocusTray.exe[1360] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread 0000000077151900 5 bytes JMP 0000000173fa2fd1 .text C:\Program Files (x86)\ASUS\ASUS Sonic Focus\SonicFocusTray.exe[1360] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation 0000000077151bc4 5 bytes JMP 0000000173fa6031 .text C:\Program Files (x86)\ASUS\ASUS Sonic Focus\SonicFocusTray.exe[1360] C:\Windows\SysWOW64\ntdll.dll!NtSystemDebugControl 0000000077151d6c 5 bytes JMP 0000000173fa6781 .text C:\Program Files (x86)\ASUS\ASUS Sonic Focus\SonicFocusTray.exe[1360] C:\Windows\SysWOW64\ntdll.dll!NtVdmControl 0000000077151ec8 5 bytes JMP 0000000173fa6391 .text C:\Program Files (x86)\ASUS\ASUS Sonic Focus\SonicFocusTray.exe[1360] C:\Windows\SysWOW64\ntdll.dll!RtlQueryPerformanceCounter 00000000771688a4 5 bytes JMP 0000000173fa1a71 .text C:\Program Files (x86)\ASUS\ASUS Sonic Focus\SonicFocusTray.exe[1360] C:\Windows\SysWOW64\ntdll.dll!RtlCreateProcessParametersEx 0000000077190cfb 5 bytes JMP 0000000173fa1f81 .text C:\Program Files (x86)\ASUS\ASUS Sonic Focus\SonicFocusTray.exe[1360] C:\Windows\SysWOW64\ntdll.dll!RtlReportException 00000000771d857f 5 bytes JMP 0000000173fa46e1 .text C:\Program Files (x86)\ASUS\ASUS Sonic Focus\SonicFocusTray.exe[1360] C:\Windows\SysWOW64\ntdll.dll!RtlCreateProcessParameters 00000000771de81b 5 bytes JMP 0000000173fa1ef1 .text C:\Program Files (x86)\ASUS\ASUS Sonic Focus\SonicFocusTray.exe[1360] C:\Windows\syswow64\kernel32.dll!GetStartupInfoA 0000000075550e00 5 bytes JMP 0000000173fa1d41 .text C:\Program Files (x86)\ASUS\ASUS Sonic Focus\SonicFocusTray.exe[1360] C:\Windows\syswow64\kernel32.dll!CreateProcessA 0000000075551072 5 bytes JMP 0000000173fa2911 .text C:\Program Files (x86)\ASUS\ASUS Sonic Focus\SonicFocusTray.exe[1360] C:\Windows\syswow64\kernel32.dll!LoadLibraryA 00000000755549bf 5 bytes JMP 0000000173fa2521 .text C:\Program Files (x86)\ASUS\ASUS Sonic Focus\SonicFocusTray.exe[1360] C:\Windows\syswow64\kernel32.dll!CreateProcessInternalW 0000000075563bdb 5 bytes JMP 0000000173fa2eb1 .text C:\Program Files (x86)\ASUS\ASUS Sonic Focus\SonicFocusTray.exe[1360] C:\Windows\syswow64\kernel32.dll!CreateToolhelp32Snapshot 0000000075577347 5 bytes JMP 0000000173fa2641 .text C:\Program Files (x86)\ASUS\ASUS Sonic Focus\SonicFocusTray.exe[1360] C:\Windows\syswow64\kernel32.dll!Process32NextW 0000000075578954 5 bytes JMP 0000000173fa5e81 .text C:\Program Files (x86)\ASUS\ASUS Sonic Focus\SonicFocusTray.exe[1360] C:\Windows\syswow64\kernel32.dll!WinExec 00000000755d2c91 5 bytes JMP 0000000173fa27f1 .text C:\Program Files (x86)\ASUS\ASUS Sonic Focus\SonicFocusTray.exe[1360] C:\Windows\syswow64\kernel32.dll!ReadConsoleInputA 00000000755f6f6b 5 bytes JMP 0000000173fa4261 .text C:\Program Files (x86)\ASUS\ASUS Sonic Focus\SonicFocusTray.exe[1360] C:\Windows\syswow64\kernel32.dll!ReadConsoleInputW 00000000755f6f8e 5 bytes JMP 0000000173fa4381 .text C:\Program Files (x86)\ASUS\ASUS Sonic Focus\SonicFocusTray.exe[1360] C:\Windows\syswow64\kernel32.dll!ReadConsoleA 00000000755f7339 5 bytes JMP 0000000173fa44a1 .text C:\Program Files (x86)\ASUS\ASUS Sonic Focus\SonicFocusTray.exe[1360] C:\Windows\syswow64\kernel32.dll!ReadConsoleW 00000000755f73b2 5 bytes JMP 0000000173fa45c1 .text C:\Program Files (x86)\ASUS\ASUS Sonic Focus\SonicFocusTray.exe[1360] C:\Windows\syswow64\KERNELBASE.dll!GetSystemTimeAsFileTime 0000000075bb8f7d 5 bytes JMP 0000000173fa19e1 .text C:\Program Files (x86)\ASUS\ASUS Sonic Focus\SonicFocusTray.exe[1360] C:\Windows\syswow64\KERNELBASE.dll!CloseHandle 0000000075bbc428 5 bytes JMP 0000000173fa37b1 .text C:\Program Files (x86)\ASUS\ASUS Sonic Focus\SonicFocusTray.exe[1360] C:\Windows\syswow64\KERNELBASE.dll!WriteProcessMemory 0000000075bbec98 5 bytes JMP 0000000173fa32a1 .text C:\Program Files (x86)\ASUS\ASUS Sonic Focus\SonicFocusTray.exe[1360] C:\Windows\syswow64\KERNELBASE.dll!ExitProcess 0000000075bbf1f8 5 bytes JMP 0000000173fa22e1 .text C:\Program Files (x86)\ASUS\ASUS Sonic Focus\SonicFocusTray.exe[1360] C:\Windows\syswow64\KERNELBASE.dll!GetStartupInfoW 0000000075bbfa7b 5 bytes JMP 0000000173fa1dd1 .text C:\Program Files (x86)\ASUS\ASUS Sonic Focus\SonicFocusTray.exe[1360] C:\Windows\syswow64\KERNELBASE.dll!CreateMutexW 0000000075bc134a 5 bytes JMP 0000000173fa3721 .text C:\Program Files (x86)\ASUS\ASUS Sonic Focus\SonicFocusTray.exe[1360] C:\Windows\syswow64\KERNELBASE.dll!OpenMutexW 0000000075bc1371 5 bytes JMP 0000000173fa3691 .text C:\Program Files (x86)\ASUS\ASUS Sonic Focus\SonicFocusTray.exe[1360] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000075bc1d1b 5 bytes JMP 0000000173fa1951 .text C:\Program Files (x86)\ASUS\ASUS Sonic Focus\SonicFocusTray.exe[1360] C:\Windows\syswow64\KERNELBASE.dll!GetProcAddress 0000000075bc1e07 5 bytes JMP 0000000173fa2401 .text C:\Program Files (x86)\ASUS\ASUS Sonic Focus\SonicFocusTray.exe[1360] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000075bc2aa4 5 bytes JMP 0000000173fa5a91 .text C:\Program Files (x86)\ASUS\ASUS Sonic Focus\SonicFocusTray.exe[1360] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExA 0000000075bc2ccc 5 bytes JMP 0000000173fa5a01 .text C:\Program Files (x86)\ASUS\ASUS Sonic Focus\SonicFocusTray.exe[1360] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000075bc2d0a 5 bytes JMP 0000000173fa5b21 .text C:\Program Files (x86)\ASUS\ASUS Sonic Focus\SonicFocusTray.exe[1360] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleA 0000000075bc2e6d 5 bytes JMP 0000000173fa18c1 .text C:\Program Files (x86)\ASUS\ASUS Sonic Focus\SonicFocusTray.exe[1360] C:\Windows\syswow64\KERNELBASE.dll!SleepEx 0000000075bc3b63 5 bytes JMP 0000000173fa21c1 .text C:\Program Files (x86)\ASUS\ASUS Sonic Focus\SonicFocusTray.exe[1360] C:\Windows\syswow64\KERNELBASE.dll!Sleep 0000000075bc4489 5 bytes JMP 0000000173fa2371 .text C:\Program Files (x86)\ASUS\ASUS Sonic Focus\SonicFocusTray.exe[1360] C:\Windows\syswow64\KERNELBASE.dll!CreateThread 0000000075bc45fb 5 bytes JMP 0000000173fa3211 .text C:\Program Files (x86)\ASUS\ASUS Sonic Focus\SonicFocusTray.exe[1360] C:\Windows\syswow64\KERNELBASE.dll!CreateRemoteThread 0000000075bc4624 5 bytes JMP 0000000173fa2b51 .text C:\Program Files (x86)\ASUS\ASUS Sonic Focus\SonicFocusTray.exe[1360] C:\Windows\syswow64\KERNELBASE.dll!CreateFileA 0000000075bcc72c 5 bytes JMP 0000000173fa26d1 .text C:\Program Files (x86)\ASUS\ASUS Sonic Focus\SonicFocusTray.exe[1360] C:\Windows\syswow64\msvcrt.dll!_lock + 41 000000007540a472 5 bytes JMP 0000000173fa6811 .text C:\Program Files (x86)\ASUS\ASUS Sonic Focus\SonicFocusTray.exe[1360] C:\Windows\syswow64\msvcrt.dll!__p__fmode 00000000754127ce 5 bytes JMP 0000000173fa1b91 .text C:\Program Files (x86)\ASUS\ASUS Sonic Focus\SonicFocusTray.exe[1360] C:\Windows\syswow64\msvcrt.dll!__p__environ 000000007541e6cf 5 bytes JMP 0000000173fa1b01 .text C:\Program Files (x86)\ASUS\ASUS Sonic Focus\SonicFocusTray.exe[1360] C:\Windows\syswow64\SHELL32.dll!Shell_NotifyIconW 0000000076100171 5 bytes JMP 0000000173fa4891 .text C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe[6092] C:\Windows\SysWOW64\ntdll.dll!NtWriteFile 000000007714f908 5 bytes JMP 0000000173fa6661 .text C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe[6092] C:\Windows\SysWOW64\ntdll.dll!NtClose 000000007714f9c0 5 bytes JMP 0000000173fa5f11 .text C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe[6092] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationProcess 000000007714fb08 5 bytes JMP 0000000173fa5971 .text C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe[6092] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess 000000007714fc00 5 bytes JMP 0000000173fa3061 .text C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe[6092] C:\Windows\SysWOW64\ntdll.dll!NtMapViewOfSection 000000007714fc30 5 bytes JMP 0000000173fa15f1 .text C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe[6092] C:\Windows\SysWOW64\ntdll.dll!NtUnmapViewOfSection 000000007714fc60 5 bytes JMP 0000000173fa1681 .text C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe[6092] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 000000007714fc90 5 bytes JMP 0000000173fa58e1 .text C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe[6092] C:\Windows\SysWOW64\ntdll.dll!NtOpenSection 000000007714fda8 5 bytes JMP 0000000173fa65d1 .text C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe[6092] C:\Windows\SysWOW64\ntdll.dll!NtWriteVirtualMemory 000000007714fdf4 5 bytes JMP 0000000173fa2f41 .text C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe[6092] C:\Windows\SysWOW64\ntdll.dll!NtDuplicateObject 000000007714fe24 5 bytes JMP 0000000173fa3181 .text C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe[6092] C:\Windows\SysWOW64\ntdll.dll!NtQueueApcThread 000000007714ff04 5 bytes JMP 0000000173fa30f1 .text C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe[6092] C:\Windows\SysWOW64\ntdll.dll!NtCreateSection 000000007714ff84 5 bytes JMP 0000000173fa66f1 .text C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe[6092] C:\Windows\SysWOW64\ntdll.dll!NtCreateProcessEx 000000007714ffcc 5 bytes JMP 0000000173fa2d91 .text C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe[6092] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread 000000007714ffe4 5 bytes JMP 0000000173fa2c71 .text C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe[6092] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile 0000000077150094 5 bytes JMP 0000000173fa1e61 .text C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe[6092] C:\Windows\SysWOW64\ntdll.dll!NtSetValueKey 00000000771501a4 5 bytes JMP 0000000173fa2251 .text C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe[6092] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant 000000007715077c 5 bytes JMP 0000000173fa6541 .text C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe[6092] C:\Windows\SysWOW64\ntdll.dll!NtCreateProcess 00000000771507f4 5 bytes JMP 0000000173fa2d01 .text C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe[6092] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx 0000000077150884 5 bytes JMP 0000000173fa2be1 .text C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe[6092] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver 0000000077150dd4 5 bytes JMP 0000000173fa5fa1 .text C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe[6092] C:\Windows\SysWOW64\ntdll.dll!NtRaiseHardError 00000000771515e4 5 bytes JMP 0000000173fa4651 .text C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe[6092] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread 0000000077151900 5 bytes JMP 0000000173fa2fd1 .text C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe[6092] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation 0000000077151bc4 5 bytes JMP 0000000173fa6031 .text C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe[6092] C:\Windows\SysWOW64\ntdll.dll!NtSystemDebugControl 0000000077151d6c 5 bytes JMP 0000000173fa6781 .text C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe[6092] C:\Windows\SysWOW64\ntdll.dll!NtVdmControl 0000000077151ec8 5 bytes JMP 0000000173fa6391 .text C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe[6092] C:\Windows\SysWOW64\ntdll.dll!RtlQueryPerformanceCounter 00000000771688a4 5 bytes JMP 0000000173fa1a71 .text C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe[6092] C:\Windows\SysWOW64\ntdll.dll!RtlCreateProcessParametersEx 0000000077190cfb 5 bytes JMP 0000000173fa1f81 .text C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe[6092] C:\Windows\SysWOW64\ntdll.dll!RtlReportException 00000000771d857f 5 bytes JMP 0000000173fa46e1 .text C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe[6092] C:\Windows\SysWOW64\ntdll.dll!RtlCreateProcessParameters 00000000771de81b 5 bytes JMP 0000000173fa1ef1 .text C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe[6092] C:\Windows\syswow64\kernel32.dll!GetStartupInfoA 0000000075550e00 5 bytes JMP 0000000173fa1d41 .text C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe[6092] C:\Windows\syswow64\kernel32.dll!CreateProcessA 0000000075551072 5 bytes JMP 0000000173fa2911 .text C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe[6092] C:\Windows\syswow64\kernel32.dll!LoadLibraryA 00000000755549bf 5 bytes JMP 0000000173fa2521 .text C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe[6092] C:\Windows\syswow64\kernel32.dll!CreateProcessInternalW 0000000075563bdb 5 bytes JMP 0000000173fa2eb1 .text C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe[6092] C:\Windows\syswow64\kernel32.dll!CreateToolhelp32Snapshot 0000000075577347 5 bytes JMP 0000000173fa2641 .text C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe[6092] C:\Windows\syswow64\kernel32.dll!Process32NextW 0000000075578954 5 bytes JMP 0000000173fa5e81 .text C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe[6092] C:\Windows\syswow64\kernel32.dll!WinExec 00000000755d2c91 5 bytes JMP 0000000173fa27f1 .text C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe[6092] C:\Windows\syswow64\kernel32.dll!ReadConsoleInputA 00000000755f6f6b 5 bytes JMP 0000000173fa4261 .text C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe[6092] C:\Windows\syswow64\kernel32.dll!ReadConsoleInputW 00000000755f6f8e 5 bytes JMP 0000000173fa4381 .text C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe[6092] C:\Windows\syswow64\kernel32.dll!ReadConsoleA 00000000755f7339 5 bytes JMP 0000000173fa44a1 .text C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe[6092] C:\Windows\syswow64\kernel32.dll!ReadConsoleW 00000000755f73b2 5 bytes JMP 0000000173fa45c1 .text C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe[6092] C:\Windows\syswow64\KERNELBASE.dll!GetSystemTimeAsFileTime 0000000075bb8f7d 5 bytes JMP 0000000173fa19e1 .text C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe[6092] C:\Windows\syswow64\KERNELBASE.dll!CloseHandle 0000000075bbc428 5 bytes JMP 0000000173fa37b1 .text C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe[6092] C:\Windows\syswow64\KERNELBASE.dll!WriteProcessMemory 0000000075bbec98 5 bytes JMP 0000000173fa32a1 .text C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe[6092] C:\Windows\syswow64\KERNELBASE.dll!ExitProcess 0000000075bbf1f8 5 bytes JMP 0000000173fa22e1 .text C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe[6092] C:\Windows\syswow64\KERNELBASE.dll!GetStartupInfoW 0000000075bbfa7b 5 bytes JMP 0000000173fa1dd1 .text C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe[6092] C:\Windows\syswow64\KERNELBASE.dll!CreateMutexW 0000000075bc134a 5 bytes JMP 0000000173fa3721 .text C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe[6092] C:\Windows\syswow64\KERNELBASE.dll!OpenMutexW 0000000075bc1371 5 bytes JMP 0000000173fa3691 .text C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe[6092] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000075bc1d1b 5 bytes JMP 0000000173fa1951 .text C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe[6092] C:\Windows\syswow64\KERNELBASE.dll!GetProcAddress 0000000075bc1e07 5 bytes JMP 0000000173fa2401 .text C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe[6092] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000075bc2aa4 5 bytes JMP 0000000173fa5a91 .text C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe[6092] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExA 0000000075bc2ccc 5 bytes JMP 0000000173fa5a01 .text C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe[6092] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000075bc2d0a 5 bytes JMP 0000000173fa5b21 .text C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe[6092] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleA 0000000075bc2e6d 5 bytes JMP 0000000173fa18c1 .text C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe[6092] C:\Windows\syswow64\KERNELBASE.dll!SleepEx 0000000075bc3b63 5 bytes JMP 0000000173fa21c1 .text C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe[6092] C:\Windows\syswow64\KERNELBASE.dll!Sleep 0000000075bc4489 5 bytes JMP 0000000173fa2371 .text C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe[6092] C:\Windows\syswow64\KERNELBASE.dll!CreateThread 0000000075bc45fb 5 bytes JMP 0000000173fa3211 .text C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe[6092] C:\Windows\syswow64\KERNELBASE.dll!CreateRemoteThread 0000000075bc4624 5 bytes JMP 0000000173fa2b51 .text C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe[6092] C:\Windows\syswow64\KERNELBASE.dll!CreateFileA 0000000075bcc72c 5 bytes JMP 0000000173fa26d1 .text C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe[6092] C:\Windows\syswow64\USER32.dll!GetMessageW 00000000758b78e2 5 bytes JMP 0000000173fa4021 .text C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe[6092] C:\Windows\syswow64\USER32.dll!GetMessageA 00000000758b7bd3 5 bytes JMP 0000000173fa3f91 .text C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe[6092] C:\Windows\syswow64\USER32.dll!CreateWindowExW 00000000758b8a29 5 bytes JMP 0000000173fa52b1 .text C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe[6092] C:\Windows\syswow64\USER32.dll!FindWindowW 00000000758b98fd 5 bytes JMP 0000000173fa5cd1 .text C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe[6092] C:\Windows\syswow64\USER32.dll!UserClientDllInitialize 00000000758bb6ed 5 bytes JMP 0000000173fa6811 .text C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe[6092] C:\Windows\syswow64\USER32.dll!CreateWindowExA 00000000758bd22e 5 bytes JMP 0000000173fa5341 .text C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe[6092] C:\Windows\syswow64\USER32.dll!FindWindowA 00000000758bffe6 5 bytes JMP 0000000173fa5bb1 .text C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe[6092] C:\Windows\syswow64\USER32.dll!FindWindowExA 00000000758c00d9 5 bytes JMP 0000000173fa5c41 .text C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe[6092] C:\Windows\syswow64\USER32.dll!PeekMessageW 00000000758c05ba 5 bytes JMP 0000000173fa4141 .text C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe[6092] C:\Windows\syswow64\USER32.dll!ShowWindow 00000000758c0dfb 5 bytes JMP 0000000173fa53d1 .text C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe[6092] C:\Windows\syswow64\USER32.dll!PostMessageW 00000000758c12a5 5 bytes JMP 0000000173fa64b1 .text C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe[6092] C:\Windows\syswow64\USER32.dll!SetWindowTextW 00000000758c20ec 5 bytes JMP 0000000173fa5731 .text C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe[6092] C:\Windows\syswow64\USER32.dll!PostMessageA 00000000758c3baa 5 bytes JMP 0000000173fa6421 .text C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe[6092] C:\Windows\syswow64\USER32.dll!PeekMessageA 00000000758c5f74 5 bytes JMP 0000000173fa40b1 .text C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe[6092] C:\Windows\syswow64\USER32.dll!CallNextHookEx 00000000758c6285 5 bytes JMP 0000000173fa4771 .text C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe[6092] C:\Windows\syswow64\USER32.dll!SetWindowsHookExW 00000000758c7603 5 bytes JMP 0000000173fa2ac1 .text C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe[6092] C:\Windows\syswow64\USER32.dll!SetWindowTextA 00000000758c7aee 5 bytes JMP 0000000173fa56a1 .text C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe[6092] C:\Windows\syswow64\USER32.dll!SetWindowsHookExA 00000000758c835c 5 bytes JMP 0000000173fa2a31 .text C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe[6092] C:\Windows\syswow64\USER32.dll!DialogBoxIndirectParamAorW 00000000758dce54 5 bytes JMP 0000000173fa54f1 .text C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe[6092] C:\Windows\syswow64\USER32.dll!UnhookWindowsHookEx 00000000758df52b 5 bytes JMP 0000000173fa4801 .text C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe[6092] C:\Windows\syswow64\USER32.dll!FindWindowExW 00000000758df588 5 bytes JMP 0000000173fa5d61 .text C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe[6092] C:\Windows\syswow64\USER32.dll!CreateDialogIndirectParamAorW 00000000758e10a0 5 bytes JMP 0000000173fa5461 .text C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe[6092] C:\Windows\syswow64\USER32.dll!MessageBoxExA 000000007590fcd6 5 bytes JMP 0000000173fa5581 .text C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe[6092] C:\Windows\syswow64\USER32.dll!MessageBoxExW 000000007590fcfa 5 bytes JMP 0000000173fa5611 .text C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe[6092] C:\Windows\syswow64\SHELL32.dll!Shell_NotifyIconW 0000000076100171 5 bytes JMP 0000000173fa4891 .text C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe[6092] C:\Windows\syswow64\ws2_32.DLL!closesocket 0000000075343918 5 bytes JMP 0000000173fa5851 .text C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe[6092] C:\Windows\syswow64\ws2_32.DLL!WSASocketW 0000000075343cd3 5 bytes JMP 0000000173fa57c1 .text C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe[6092] C:\Windows\syswow64\ws2_32.DLL!socket 0000000075343eb8 5 bytes JMP 0000000173fa60c1 .text C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe[6092] C:\Windows\syswow64\ws2_32.DLL!WSASend 0000000075344406 5 bytes JMP 0000000173fa20a1 .text C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe[6092] C:\Windows\syswow64\ws2_32.DLL!GetAddrInfoW 0000000075344889 5 bytes JMP 0000000173fa5191 .text C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe[6092] C:\Windows\syswow64\ws2_32.DLL!recv 0000000075346b0e 5 bytes JMP 0000000173fa6271 .text C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe[6092] C:\Windows\syswow64\ws2_32.DLL!connect 0000000075346bdd 1 byte JMP 0000000173fa3de1 .text C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe[6092] C:\Windows\syswow64\ws2_32.DLL!connect + 2 0000000075346bdf 3 bytes {CALL RCX} .text C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe[6092] C:\Windows\syswow64\ws2_32.DLL!send 0000000075346f01 5 bytes JMP 0000000173fa2011 .text C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe[6092] C:\Windows\syswow64\ws2_32.DLL!WSARecv 0000000075347089 5 bytes JMP 0000000173fa6301 .text C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe[6092] C:\Windows\syswow64\ws2_32.DLL!WSAConnect 000000007534cc3f 5 bytes JMP 0000000173fa61e1 .text C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe[6092] C:\Windows\syswow64\ws2_32.DLL!gethostbyname 0000000075357673 5 bytes JMP 0000000173fa5221 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[5512] C:\Windows\SysWOW64\ntdll.dll!NtWriteFile 000000007714f908 5 bytes JMP 0000000173fa6661 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[5512] C:\Windows\SysWOW64\ntdll.dll!NtClose 000000007714f9c0 5 bytes JMP 0000000173fa5f11 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[5512] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationProcess 000000007714fb08 5 bytes JMP 0000000173fa5971 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[5512] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess 000000007714fc00 5 bytes JMP 0000000173fa3061 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[5512] C:\Windows\SysWOW64\ntdll.dll!NtMapViewOfSection 000000007714fc30 5 bytes JMP 0000000173fa15f1 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[5512] C:\Windows\SysWOW64\ntdll.dll!NtUnmapViewOfSection 000000007714fc60 5 bytes JMP 0000000173fa1681 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[5512] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 000000007714fc90 5 bytes JMP 0000000173fa58e1 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[5512] C:\Windows\SysWOW64\ntdll.dll!NtOpenSection 000000007714fda8 5 bytes JMP 0000000173fa65d1 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[5512] C:\Windows\SysWOW64\ntdll.dll!NtWriteVirtualMemory 000000007714fdf4 5 bytes JMP 0000000173fa2f41 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[5512] C:\Windows\SysWOW64\ntdll.dll!NtDuplicateObject 000000007714fe24 5 bytes JMP 0000000173fa3181 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[5512] C:\Windows\SysWOW64\ntdll.dll!NtQueueApcThread 000000007714ff04 5 bytes JMP 0000000173fa30f1 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[5512] C:\Windows\SysWOW64\ntdll.dll!NtCreateSection 000000007714ff84 5 bytes JMP 0000000173fa66f1 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[5512] C:\Windows\SysWOW64\ntdll.dll!NtCreateProcessEx 000000007714ffcc 5 bytes JMP 0000000173fa2d91 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[5512] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread 000000007714ffe4 5 bytes JMP 0000000173fa2c71 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[5512] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile 0000000077150094 5 bytes JMP 0000000173fa1e61 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[5512] C:\Windows\SysWOW64\ntdll.dll!NtSetValueKey 00000000771501a4 5 bytes JMP 0000000173fa2251 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[5512] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant 000000007715077c 5 bytes JMP 0000000173fa6541 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[5512] C:\Windows\SysWOW64\ntdll.dll!NtCreateProcess 00000000771507f4 5 bytes JMP 0000000173fa2d01 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[5512] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx 0000000077150884 5 bytes JMP 0000000173fa2be1 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[5512] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver 0000000077150dd4 5 bytes JMP 0000000173fa5fa1 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[5512] C:\Windows\SysWOW64\ntdll.dll!NtRaiseHardError 00000000771515e4 5 bytes JMP 0000000173fa4651 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[5512] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread 0000000077151900 5 bytes JMP 0000000173fa2fd1 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[5512] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation 0000000077151bc4 5 bytes JMP 0000000173fa6031 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[5512] C:\Windows\SysWOW64\ntdll.dll!NtSystemDebugControl 0000000077151d6c 5 bytes JMP 0000000173fa6781 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[5512] C:\Windows\SysWOW64\ntdll.dll!NtVdmControl 0000000077151ec8 5 bytes JMP 0000000173fa6391 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[5512] C:\Windows\SysWOW64\ntdll.dll!RtlQueryPerformanceCounter 00000000771688a4 5 bytes JMP 0000000173fa1a71 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[5512] C:\Windows\SysWOW64\ntdll.dll!RtlCreateProcessParametersEx 0000000077190cfb 5 bytes JMP 0000000173fa1f81 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[5512] C:\Windows\SysWOW64\ntdll.dll!RtlReportException 00000000771d857f 5 bytes JMP 0000000173fa46e1 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[5512] C:\Windows\SysWOW64\ntdll.dll!RtlCreateProcessParameters 00000000771de81b 5 bytes JMP 0000000173fa1ef1 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[5512] C:\Windows\syswow64\kernel32.dll!GetStartupInfoA 0000000075550e00 5 bytes JMP 0000000173fa1d41 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[5512] C:\Windows\syswow64\kernel32.dll!CreateProcessA 0000000075551072 5 bytes JMP 0000000173fa2911 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[5512] C:\Windows\syswow64\kernel32.dll!LoadLibraryA 00000000755549bf 5 bytes JMP 0000000173fa2521 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[5512] C:\Windows\syswow64\kernel32.dll!CreateProcessInternalW 0000000075563bdb 5 bytes JMP 0000000173fa2eb1 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[5512] C:\Windows\syswow64\kernel32.dll!CreateToolhelp32Snapshot 0000000075577347 5 bytes JMP 0000000173fa2641 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[5512] C:\Windows\syswow64\kernel32.dll!Process32NextW 0000000075578954 5 bytes JMP 0000000173fa5e81 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[5512] C:\Windows\syswow64\kernel32.dll!WinExec 00000000755d2c91 5 bytes JMP 0000000173fa27f1 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[5512] C:\Windows\syswow64\kernel32.dll!ReadConsoleInputA 00000000755f6f6b 5 bytes JMP 0000000173fa4261 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[5512] C:\Windows\syswow64\kernel32.dll!ReadConsoleInputW 00000000755f6f8e 5 bytes JMP 0000000173fa4381 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[5512] C:\Windows\syswow64\kernel32.dll!ReadConsoleA 00000000755f7339 5 bytes JMP 0000000173fa44a1 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[5512] C:\Windows\syswow64\kernel32.dll!ReadConsoleW 00000000755f73b2 5 bytes JMP 0000000173fa45c1 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[5512] C:\Windows\syswow64\KERNELBASE.dll!GetSystemTimeAsFileTime 0000000075bb8f7d 5 bytes JMP 0000000173fa19e1 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[5512] C:\Windows\syswow64\KERNELBASE.dll!CloseHandle 0000000075bbc428 5 bytes JMP 0000000173fa37b1 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[5512] C:\Windows\syswow64\KERNELBASE.dll!WriteProcessMemory 0000000075bbec98 5 bytes JMP 0000000173fa32a1 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[5512] C:\Windows\syswow64\KERNELBASE.dll!ExitProcess 0000000075bbf1f8 5 bytes JMP 0000000173fa22e1 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[5512] C:\Windows\syswow64\KERNELBASE.dll!GetStartupInfoW 0000000075bbfa7b 5 bytes JMP 0000000173fa1dd1 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[5512] C:\Windows\syswow64\KERNELBASE.dll!CreateMutexW 0000000075bc134a 5 bytes JMP 0000000173fa3721 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[5512] C:\Windows\syswow64\KERNELBASE.dll!OpenMutexW 0000000075bc1371 5 bytes JMP 0000000173fa3691 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[5512] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000075bc1d1b 5 bytes JMP 0000000173fa1951 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[5512] C:\Windows\syswow64\KERNELBASE.dll!GetProcAddress 0000000075bc1e07 5 bytes JMP 0000000173fa2401 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[5512] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000075bc2aa4 5 bytes JMP 0000000173fa5a91 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[5512] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExA 0000000075bc2ccc 5 bytes JMP 0000000173fa5a01 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[5512] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000075bc2d0a 5 bytes JMP 0000000173fa5b21 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[5512] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleA 0000000075bc2e6d 5 bytes JMP 0000000173fa18c1 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[5512] C:\Windows\syswow64\KERNELBASE.dll!SleepEx 0000000075bc3b63 5 bytes JMP 0000000173fa21c1 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[5512] C:\Windows\syswow64\KERNELBASE.dll!Sleep 0000000075bc4489 5 bytes JMP 0000000173fa2371 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[5512] C:\Windows\syswow64\KERNELBASE.dll!CreateThread 0000000075bc45fb 5 bytes JMP 0000000173fa3211 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[5512] C:\Windows\syswow64\KERNELBASE.dll!CreateRemoteThread 0000000075bc4624 5 bytes JMP 0000000173fa2b51 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[5512] C:\Windows\syswow64\KERNELBASE.dll!CreateFileA 0000000075bcc72c 5 bytes JMP 0000000173fa26d1 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[5512] C:\Windows\syswow64\ADVAPI32.dll!OpenServiceW 000000007604ca4c 5 bytes JMP 0000000173fa38d1 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[5512] C:\Windows\syswow64\ADVAPI32.dll!OpenServiceA 0000000076052bf0 5 bytes JMP 0000000173fa3841 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[5512] C:\Windows\syswow64\ADVAPI32.dll!CloseServiceHandle 000000007605369c 5 bytes JMP 0000000173fa3cc1 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[5512] C:\Windows\syswow64\ADVAPI32.dll!RegOpenKeyExA + 222 00000000760549e5 5 bytes JMP 0000000173fa6811 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[5512] C:\Windows\syswow64\ADVAPI32.dll!CreateServiceW 000000007606712c 5 bytes JMP 0000000173fa3f01 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[5512] C:\Windows\syswow64\ADVAPI32.dll!ControlService 0000000076067144 5 bytes JMP 0000000173fa3a81 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[5512] C:\Windows\syswow64\ADVAPI32.dll!DeleteService 000000007606715c 5 bytes JMP 0000000173fa3b11 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[5512] C:\Windows\syswow64\ADVAPI32.dll!ChangeServiceConfigA 00000000760830e8 5 bytes JMP 0000000173fa3ba1 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[5512] C:\Windows\syswow64\ADVAPI32.dll!ChangeServiceConfigW 00000000760830f8 5 bytes JMP 0000000173fa3c31 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[5512] C:\Windows\syswow64\ADVAPI32.dll!ControlServiceExA 0000000076083108 5 bytes JMP 0000000173fa3961 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[5512] C:\Windows\syswow64\ADVAPI32.dll!ControlServiceExW 0000000076083118 5 bytes JMP 0000000173fa39f1 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[5512] C:\Windows\syswow64\ADVAPI32.dll!CreateServiceA 0000000076083158 5 bytes JMP 0000000173fa3e71 .text C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe[5572] C:\Windows\SysWOW64\ntdll.dll!NtWriteFile 000000007714f908 5 bytes JMP 0000000173fa6661 .text C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe[5572] C:\Windows\SysWOW64\ntdll.dll!NtClose 000000007714f9c0 5 bytes JMP 0000000173fa5f11 .text C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe[5572] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationProcess 000000007714fb08 5 bytes JMP 0000000173fa5971 .text C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe[5572] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess 000000007714fc00 5 bytes JMP 0000000173fa3061 .text C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe[5572] C:\Windows\SysWOW64\ntdll.dll!NtMapViewOfSection 000000007714fc30 5 bytes JMP 0000000173fa15f1 .text C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe[5572] C:\Windows\SysWOW64\ntdll.dll!NtUnmapViewOfSection 000000007714fc60 5 bytes JMP 0000000173fa1681 .text C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe[5572] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 000000007714fc90 5 bytes JMP 0000000173fa58e1 .text C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe[5572] C:\Windows\SysWOW64\ntdll.dll!NtOpenSection 000000007714fda8 5 bytes JMP 0000000173fa65d1 .text C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe[5572] C:\Windows\SysWOW64\ntdll.dll!NtWriteVirtualMemory 000000007714fdf4 5 bytes JMP 0000000173fa2f41 .text C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe[5572] C:\Windows\SysWOW64\ntdll.dll!NtDuplicateObject 000000007714fe24 5 bytes JMP 0000000173fa3181 .text C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe[5572] C:\Windows\SysWOW64\ntdll.dll!NtQueueApcThread 000000007714ff04 5 bytes JMP 0000000173fa30f1 .text C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe[5572] C:\Windows\SysWOW64\ntdll.dll!NtCreateSection 000000007714ff84 5 bytes JMP 0000000173fa66f1 .text C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe[5572] C:\Windows\SysWOW64\ntdll.dll!NtCreateProcessEx 000000007714ffcc 5 bytes JMP 0000000173fa2d91 .text C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe[5572] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread 000000007714ffe4 5 bytes JMP 0000000173fa2c71 .text C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe[5572] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile 0000000077150094 5 bytes JMP 0000000173fa1e61 .text C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe[5572] C:\Windows\SysWOW64\ntdll.dll!NtSetValueKey 00000000771501a4 5 bytes JMP 0000000173fa2251 .text C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe[5572] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant 000000007715077c 5 bytes JMP 0000000173fa6541 .text C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe[5572] C:\Windows\SysWOW64\ntdll.dll!NtCreateProcess 00000000771507f4 5 bytes JMP 0000000173fa2d01 .text C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe[5572] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx 0000000077150884 5 bytes JMP 0000000173fa2be1 .text C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe[5572] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver 0000000077150dd4 5 bytes JMP 0000000173fa5fa1 .text C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe[5572] C:\Windows\SysWOW64\ntdll.dll!NtRaiseHardError 00000000771515e4 5 bytes JMP 0000000173fa4651 .text C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe[5572] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread 0000000077151900 5 bytes JMP 0000000173fa2fd1 .text C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe[5572] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation 0000000077151bc4 5 bytes JMP 0000000173fa6031 .text C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe[5572] C:\Windows\SysWOW64\ntdll.dll!NtSystemDebugControl 0000000077151d6c 5 bytes JMP 0000000173fa6781 .text C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe[5572] C:\Windows\SysWOW64\ntdll.dll!NtVdmControl 0000000077151ec8 5 bytes JMP 0000000173fa6391 .text C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe[5572] C:\Windows\SysWOW64\ntdll.dll!RtlQueryPerformanceCounter 00000000771688a4 5 bytes JMP 0000000173fa1a71 .text C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe[5572] C:\Windows\SysWOW64\ntdll.dll!RtlCreateProcessParametersEx 0000000077190cfb 5 bytes JMP 0000000173fa1f81 .text C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe[5572] C:\Windows\SysWOW64\ntdll.dll!RtlReportException 00000000771d857f 5 bytes JMP 0000000173fa46e1 .text C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe[5572] C:\Windows\SysWOW64\ntdll.dll!RtlCreateProcessParameters 00000000771de81b 5 bytes JMP 0000000173fa1ef1 .text C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe[5572] C:\Windows\syswow64\kernel32.dll!GetStartupInfoA 0000000075550e00 5 bytes JMP 0000000173fa1d41 .text C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe[5572] C:\Windows\syswow64\kernel32.dll!CreateProcessA 0000000075551072 5 bytes JMP 0000000173fa2911 .text C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe[5572] C:\Windows\syswow64\kernel32.dll!LoadLibraryA 00000000755549bf 5 bytes JMP 0000000173fa2521 .text C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe[5572] C:\Windows\syswow64\kernel32.dll!CreateProcessInternalW 0000000075563bdb 5 bytes JMP 0000000173fa2eb1 .text C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe[5572] C:\Windows\syswow64\kernel32.dll!CreateToolhelp32Snapshot 0000000075577347 5 bytes JMP 0000000173fa2641 .text C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe[5572] C:\Windows\syswow64\kernel32.dll!Process32NextW 0000000075578954 5 bytes JMP 0000000173fa5e81 .text C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe[5572] C:\Windows\syswow64\kernel32.dll!WinExec 00000000755d2c91 5 bytes JMP 0000000173fa27f1 .text C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe[5572] C:\Windows\syswow64\kernel32.dll!ReadConsoleInputA 00000000755f6f6b 5 bytes JMP 0000000173fa4261 .text C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe[5572] C:\Windows\syswow64\kernel32.dll!ReadConsoleInputW 00000000755f6f8e 5 bytes JMP 0000000173fa4381 .text C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe[5572] C:\Windows\syswow64\kernel32.dll!ReadConsoleA 00000000755f7339 5 bytes JMP 0000000173fa44a1 .text C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe[5572] C:\Windows\syswow64\kernel32.dll!ReadConsoleW 00000000755f73b2 5 bytes JMP 0000000173fa45c1 .text C:\Program Files\Elantech\ETDCtrlHelper.exe[5988] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateProcessParametersEx + 1 0000000076f892a1 5 bytes [B8, F9, 63, 9D, 75] .text C:\Program Files\Elantech\ETDCtrlHelper.exe[5988] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateProcessParametersEx + 7 0000000076f892a7 5 bytes [00, 00, 00, 50, C3] .text C:\Program Files\Elantech\ETDCtrlHelper.exe[5988] C:\Windows\SYSTEM32\ntdll.dll!NtWriteFile 0000000076fa1390 6 bytes [48, B8, 79, EC, 9D, 75] .text C:\Program Files\Elantech\ETDCtrlHelper.exe[5988] C:\Windows\SYSTEM32\ntdll.dll!NtWriteFile + 8 0000000076fa1398 4 bytes [00, 00, 50, C3] .text C:\Program Files\Elantech\ETDCtrlHelper.exe[5988] C:\Windows\SYSTEM32\ntdll.dll!NtClose 0000000076fa1400 6 bytes [48, B8, 79, D0, 9D, 75] .text C:\Program Files\Elantech\ETDCtrlHelper.exe[5988] C:\Windows\SYSTEM32\ntdll.dll!NtClose + 8 0000000076fa1408 4 bytes [00, 00, 50, C3] .text C:\Program Files\Elantech\ETDCtrlHelper.exe[5988] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess 0000000076fa14d0 6 bytes [48, B8, 39, BD, 9D, 75] .text C:\Program Files\Elantech\ETDCtrlHelper.exe[5988] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess + 8 0000000076fa14d8 4 bytes [00, 00, 50, C3] .text C:\Program Files\Elantech\ETDCtrlHelper.exe[5988] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000076fa1570 6 bytes [48, B8, F9, 32, 9D, 75] .text C:\Program Files\Elantech\ETDCtrlHelper.exe[5988] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess + 8 0000000076fa1578 4 bytes [00, 00, 50, C3] .text C:\Program Files\Elantech\ETDCtrlHelper.exe[5988] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 0000000076fa1590 6 bytes [48, B8, 39, 1C, 9D, 75] .text C:\Program Files\Elantech\ETDCtrlHelper.exe[5988] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection + 8 0000000076fa1598 4 bytes [00, 00, 50, C3] .text C:\Program Files\Elantech\ETDCtrlHelper.exe[5988] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection 0000000076fa15b0 6 bytes [48, B8, F9, 1D, 9D, 75] .text C:\Program Files\Elantech\ETDCtrlHelper.exe[5988] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection + 8 0000000076fa15b8 4 bytes [00, 00, 50, C3] .text C:\Program Files\Elantech\ETDCtrlHelper.exe[5988] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076fa15d0 6 bytes [48, B8, 79, BB, 9D, 75] .text C:\Program Files\Elantech\ETDCtrlHelper.exe[5988] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess + 8 0000000076fa15d8 4 bytes [00, 00, 50, C3] .text C:\Program Files\Elantech\ETDCtrlHelper.exe[5988] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076fa1680 6 bytes [48, B8, F9, E8, 9D, 75] .text C:\Program Files\Elantech\ETDCtrlHelper.exe[5988] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection + 8 0000000076fa1688 4 bytes [00, 00, 50, C3] .text C:\Program Files\Elantech\ETDCtrlHelper.exe[5988] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076fa16b0 6 bytes [48, B8, 79, 2F, 9D, 75] .text C:\Program Files\Elantech\ETDCtrlHelper.exe[5988] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory + 8 0000000076fa16b8 4 bytes [00, 00, 50, C3] .text C:\Program Files\Elantech\ETDCtrlHelper.exe[5988] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000076fa16d0 6 bytes [48, B8, 79, 36, 9D, 75] .text C:\Program Files\Elantech\ETDCtrlHelper.exe[5988] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject + 8 0000000076fa16d8 4 bytes [00, 00, 50, C3] .text C:\Program Files\Elantech\ETDCtrlHelper.exe[5988] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 0000000076fa1760 6 bytes [48, B8, B9, 34, 9D, 75] .text C:\Program Files\Elantech\ETDCtrlHelper.exe[5988] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread + 8 0000000076fa1768 4 bytes [00, 00, 50, C3] .text C:\Program Files\Elantech\ETDCtrlHelper.exe[5988] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076fa17b0 6 bytes [48, B8, 39, EE, 9D, 75] .text C:\Program Files\Elantech\ETDCtrlHelper.exe[5988] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection + 8 0000000076fa17b8 4 bytes [00, 00, 50, C3] .text C:\Program Files\Elantech\ETDCtrlHelper.exe[5988] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcessEx 0000000076fa17e0 6 bytes [48, B8, 39, 2A, 9D, 75] .text C:\Program Files\Elantech\ETDCtrlHelper.exe[5988] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcessEx + 8 0000000076fa17e8 4 bytes [00, 00, 50, C3] .text C:\Program Files\Elantech\ETDCtrlHelper.exe[5988] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076fa17f0 6 bytes [48, B8, B9, 26, 9D, 75] .text C:\Program Files\Elantech\ETDCtrlHelper.exe[5988] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread + 8 0000000076fa17f8 4 bytes [00, 00, 50, C3] .text C:\Program Files\Elantech\ETDCtrlHelper.exe[5988] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 0000000076fa1860 6 bytes [48, B8, B9, EA, 9D, 75] .text C:\Program Files\Elantech\ETDCtrlHelper.exe[5988] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile + 8 0000000076fa1868 4 bytes [00, 00, 50, C3] .text C:\Program Files\Elantech\ETDCtrlHelper.exe[5988] C:\Windows\SYSTEM32\ntdll.dll!NtSetValueKey 0000000076fa1910 6 bytes [48, B8, B9, F1, 9D, 75] .text C:\Program Files\Elantech\ETDCtrlHelper.exe[5988] C:\Windows\SYSTEM32\ntdll.dll!NtSetValueKey + 8 0000000076fa1918 4 bytes [00, 00, 50, C3] .text C:\Program Files\Elantech\ETDCtrlHelper.exe[5988] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076fa1ce0 6 bytes [48, B8, 39, E7, 9D, 75] .text C:\Program Files\Elantech\ETDCtrlHelper.exe[5988] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant + 8 0000000076fa1ce8 4 bytes [00, 00, 50, C3] .text C:\Program Files\Elantech\ETDCtrlHelper.exe[5988] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcess 0000000076fa1d30 6 bytes [48, B8, 79, 28, 9D, 75] .text C:\Program Files\Elantech\ETDCtrlHelper.exe[5988] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcess + 8 0000000076fa1d38 4 bytes [00, 00, 50, C3] .text C:\Program Files\Elantech\ETDCtrlHelper.exe[5988] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076fa1d90 6 bytes [48, B8, F9, 24, 9D, 75] .text C:\Program Files\Elantech\ETDCtrlHelper.exe[5988] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx + 8 0000000076fa1d98 4 bytes [00, 00, 50, C3] .text C:\Program Files\Elantech\ETDCtrlHelper.exe[5988] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076fa2100 6 bytes [48, B8, 39, D2, 9D, 75] .text C:\Program Files\Elantech\ETDCtrlHelper.exe[5988] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver + 8 0000000076fa2108 4 bytes [00, 00, 50, C3] .text C:\Program Files\Elantech\ETDCtrlHelper.exe[5988] C:\Windows\SYSTEM32\ntdll.dll!NtRaiseHardError 0000000076fa2640 6 bytes [48, B8, 39, 7E, 9D, 75] .text C:\Program Files\Elantech\ETDCtrlHelper.exe[5988] C:\Windows\SYSTEM32\ntdll.dll!NtRaiseHardError + 8 0000000076fa2648 4 bytes [00, 00, 50, C3] .text C:\Program Files\Elantech\ETDCtrlHelper.exe[5988] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076fa2840 6 bytes [48, B8, 39, 31, 9D, 75] .text C:\Program Files\Elantech\ETDCtrlHelper.exe[5988] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread + 8 0000000076fa2848 4 bytes [00, 00, 50, C3] .text C:\Program Files\Elantech\ETDCtrlHelper.exe[5988] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000076fa2a00 6 bytes [48, B8, F9, D3, 9D, 75] .text C:\Program Files\Elantech\ETDCtrlHelper.exe[5988] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation + 8 0000000076fa2a08 4 bytes [00, 00, 50, C3] .text C:\Program Files\Elantech\ETDCtrlHelper.exe[5988] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076fa2b00 6 bytes [48, B8, F9, EF, 9D, 75] .text C:\Program Files\Elantech\ETDCtrlHelper.exe[5988] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl + 8 0000000076fa2b08 4 bytes [00, 00, 50, C3] .text C:\Program Files\Elantech\ETDCtrlHelper.exe[5988] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000076fa2be0 6 bytes [48, B8, F9, E1, 9D, 75] .text C:\Program Files\Elantech\ETDCtrlHelper.exe[5988] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl + 8 0000000076fa2be8 4 bytes [00, 00, 50, C3] .text C:\Program Files\Elantech\ETDCtrlHelper.exe[5988] C:\Windows\SYSTEM32\ntdll.dll!RtlReportException + 1 00000000770131f1 11 bytes [B8, F9, 7F, 9D, 75, 00, 00, ...] .text C:\Program Files\Elantech\ETDCtrlHelper.exe[5988] C:\Windows\system32\kernel32.dll!Process32NextW + 1 0000000076e320f1 11 bytes [B8, B9, CE, 9D, 75, 00, 00, ...] .text C:\Program Files\Elantech\ETDCtrlHelper.exe[5988] C:\Windows\system32\kernel32.dll!CreateToolhelp32Snapshot 0000000076e321e0 12 bytes [48, B8, F9, 39, 9D, 75, 00, ...] .text C:\Program Files\Elantech\ETDCtrlHelper.exe[5988] C:\Windows\system32\kernel32.dll!CreateProcessInternalW 0000000076e4e750 12 bytes [48, B8, B9, 2D, 9D, 75, 00, ...] .text C:\Program Files\Elantech\ETDCtrlHelper.exe[5988] C:\Windows\system32\kernel32.dll!GetStartupInfoA + 1 0000000076e51e31 11 bytes [B8, 39, E0, 9D, 75, 00, 00, ...] .text C:\Program Files\Elantech\ETDCtrlHelper.exe[5988] C:\Windows\system32\kernel32.dll!ReadConsoleInputW + 1 0000000076e85011 11 bytes [B8, 79, 75, 9D, 75, 00, 00, ...] .text C:\Program Files\Elantech\ETDCtrlHelper.exe[5988] C:\Windows\system32\kernel32.dll!ReadConsoleInputA + 1 0000000076e85031 11 bytes [B8, F9, 71, 9D, 75, 00, 00, ...] .text C:\Program Files\Elantech\ETDCtrlHelper.exe[5988] C:\Windows\system32\kernel32.dll!ReadConsoleW 0000000076e9a560 12 bytes [48, B8, 79, 7C, 9D, 75, 00, ...] .text C:\Program Files\Elantech\ETDCtrlHelper.exe[5988] C:\Windows\system32\kernel32.dll!ReadConsoleA 0000000076e9a670 12 bytes [48, B8, F9, 78, 9D, 75, 00, ...] .text C:\Program Files\Elantech\ETDCtrlHelper.exe[5988] C:\Windows\system32\KERNELBASE.dll!CloseHandle + 1 000007fefd101861 11 bytes [B8, 39, 4D, 9D, 75, 00, 00, ...] .text C:\Program Files\Elantech\ETDCtrlHelper.exe[5988] C:\Windows\system32\KERNELBASE.dll!GetProcAddress + 1 000007fefd1030f1 11 bytes [B8, 39, C4, 9D, 75, 00, 00, ...] .text C:\Program Files\Elantech\ETDCtrlHelper.exe[5988] C:\Windows\system32\KERNELBASE.dll!CreateMutexW 000007fefd108b80 12 bytes [48, B8, 79, 4B, 9D, 75, 00, ...] .text C:\Program Files\Elantech\ETDCtrlHelper.exe[5988] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd109940 12 bytes [48, B8, B9, C0, 9D, 75, 00, ...] .text C:\Program Files\Elantech\ETDCtrlHelper.exe[5988] C:\Windows\system32\KERNELBASE.dll!FreeLibrary + 1 000007fefd109fb1 11 bytes [B8, 79, C2, 9D, 75, 00, 00, ...] .text C:\Program Files\Elantech\ETDCtrlHelper.exe[5988] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExA + 1 000007fefd10bbb1 11 bytes [B8, F9, BE, 9D, 75, 00, 00, ...] .text C:\Program Files\Elantech\ETDCtrlHelper.exe[5988] C:\Windows\system32\KERNELBASE.dll!OpenMutexW + 1 000007fefd1129c1 11 bytes [B8, B9, 49, 9D, 75, 00, 00, ...] .text C:\Program Files\Elantech\ETDCtrlHelper.exe[5988] C:\Windows\system32\KERNELBASE.dll!WriteProcessMemory 000007fefd134320 12 bytes [48, B8, 79, 3D, 9D, 75, 00, ...] .text C:\Program Files\Elantech\ETDCtrlHelper.exe[5988] C:\Windows\system32\KERNELBASE.dll!CreateRemoteThread + 1 000007fefd142841 8 bytes [B8, 39, 23, 9D, 75, 00, 00, ...] .text C:\Program Files\Elantech\ETDCtrlHelper.exe[5988] C:\Windows\system32\KERNELBASE.dll!CreateRemoteThread + 10 000007fefd14284a 2 bytes [50, C3] .text C:\Program Files\Elantech\ETDCtrlHelper.exe[5988] C:\Windows\system32\KERNELBASE.dll!CreateThread + 1 000007fefd142881 11 bytes [B8, B9, 3B, 9D, 75, 00, 00, ...] .text C:\Program Files\Elantech\ETDCtrlHelper.exe[5988] C:\Windows\SYSTEM32\sechost.dll!ControlService + 1 000007fefd27642d 11 bytes [B8, F9, 55, 9D, 75, 00, 00, ...] .text C:\Program Files\Elantech\ETDCtrlHelper.exe[5988] C:\Windows\SYSTEM32\sechost.dll!OpenServiceW 000007fefd276484 12 bytes [48, B8, B9, 50, 9D, 75, 00, ...] .text C:\Program Files\Elantech\ETDCtrlHelper.exe[5988] C:\Windows\SYSTEM32\sechost.dll!CloseServiceHandle + 1 000007fefd276519 11 bytes [B8, F9, 5C, 9D, 75, 00, 00, ...] .text C:\Program Files\Elantech\ETDCtrlHelper.exe[5988] C:\Windows\SYSTEM32\sechost.dll!OpenServiceA 000007fefd276c34 12 bytes [48, B8, F9, 4E, 9D, 75, 00, ...] .text C:\Program Files\Elantech\ETDCtrlHelper.exe[5988] C:\Windows\SYSTEM32\sechost.dll!DeleteService + 1 000007fefd277ab5 11 bytes [B8, B9, 57, 9D, 75, 00, 00, ...] .text C:\Program Files\Elantech\ETDCtrlHelper.exe[5988] C:\Windows\SYSTEM32\sechost.dll!ControlServiceExA + 1 000007fefd278b01 11 bytes [B8, 79, 52, 9D, 75, 00, 00, ...] .text C:\Program Files\Elantech\ETDCtrlHelper.exe[5988] C:\Windows\SYSTEM32\sechost.dll!ControlServiceExW + 1 000007fefd278c39 11 bytes [B8, 39, 54, 9D, 75, 00, 00, ...] .text C:\Windows\system32\SearchIndexer.exe[5684] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateProcessParametersEx + 1 0000000076f892a1 5 bytes [B8, F9, 63, 9D, 75] .text C:\Windows\system32\SearchIndexer.exe[5684] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateProcessParametersEx + 7 0000000076f892a7 5 bytes [00, 00, 00, 50, C3] .text C:\Windows\system32\SearchIndexer.exe[5684] C:\Windows\SYSTEM32\ntdll.dll!NtWriteFile 0000000076fa1390 6 bytes [48, B8, 79, EC, 9D, 75] .text C:\Windows\system32\SearchIndexer.exe[5684] C:\Windows\SYSTEM32\ntdll.dll!NtWriteFile + 8 0000000076fa1398 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\SearchIndexer.exe[5684] C:\Windows\SYSTEM32\ntdll.dll!NtClose 0000000076fa1400 6 bytes [48, B8, 79, D0, 9D, 75] .text C:\Windows\system32\SearchIndexer.exe[5684] C:\Windows\SYSTEM32\ntdll.dll!NtClose + 8 0000000076fa1408 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\SearchIndexer.exe[5684] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess 0000000076fa14d0 6 bytes [48, B8, 39, BD, 9D, 75] .text C:\Windows\system32\SearchIndexer.exe[5684] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess + 8 0000000076fa14d8 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\SearchIndexer.exe[5684] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000076fa1570 6 bytes [48, B8, F9, 32, 9D, 75] .text C:\Windows\system32\SearchIndexer.exe[5684] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess + 8 0000000076fa1578 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\SearchIndexer.exe[5684] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 0000000076fa1590 6 bytes [48, B8, 39, 1C, 9D, 75] .text C:\Windows\system32\SearchIndexer.exe[5684] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection + 8 0000000076fa1598 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\SearchIndexer.exe[5684] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection 0000000076fa15b0 6 bytes [48, B8, F9, 1D, 9D, 75] .text C:\Windows\system32\SearchIndexer.exe[5684] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection + 8 0000000076fa15b8 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\SearchIndexer.exe[5684] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076fa15d0 6 bytes [48, B8, 79, BB, 9D, 75] .text C:\Windows\system32\SearchIndexer.exe[5684] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess + 8 0000000076fa15d8 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\SearchIndexer.exe[5684] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076fa1680 6 bytes [48, B8, F9, E8, 9D, 75] .text C:\Windows\system32\SearchIndexer.exe[5684] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection + 8 0000000076fa1688 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\SearchIndexer.exe[5684] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076fa16b0 6 bytes [48, B8, 79, 2F, 9D, 75] .text C:\Windows\system32\SearchIndexer.exe[5684] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory + 8 0000000076fa16b8 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\SearchIndexer.exe[5684] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000076fa16d0 6 bytes [48, B8, 79, 36, 9D, 75] .text C:\Windows\system32\SearchIndexer.exe[5684] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject + 8 0000000076fa16d8 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\SearchIndexer.exe[5684] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 0000000076fa1760 6 bytes [48, B8, B9, 34, 9D, 75] .text C:\Windows\system32\SearchIndexer.exe[5684] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread + 8 0000000076fa1768 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\SearchIndexer.exe[5684] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076fa17b0 6 bytes [48, B8, 39, EE, 9D, 75] .text C:\Windows\system32\SearchIndexer.exe[5684] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection + 8 0000000076fa17b8 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\SearchIndexer.exe[5684] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcessEx 0000000076fa17e0 6 bytes [48, B8, 39, 2A, 9D, 75] .text C:\Windows\system32\SearchIndexer.exe[5684] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcessEx + 8 0000000076fa17e8 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\SearchIndexer.exe[5684] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076fa17f0 6 bytes [48, B8, B9, 26, 9D, 75] .text C:\Windows\system32\SearchIndexer.exe[5684] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread + 8 0000000076fa17f8 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\SearchIndexer.exe[5684] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 0000000076fa1860 6 bytes [48, B8, B9, EA, 9D, 75] .text C:\Windows\system32\SearchIndexer.exe[5684] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile + 8 0000000076fa1868 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\SearchIndexer.exe[5684] C:\Windows\SYSTEM32\ntdll.dll!NtSetValueKey 0000000076fa1910 6 bytes [48, B8, B9, F1, 9D, 75] .text C:\Windows\system32\SearchIndexer.exe[5684] C:\Windows\SYSTEM32\ntdll.dll!NtSetValueKey + 8 0000000076fa1918 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\SearchIndexer.exe[5684] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076fa1ce0 6 bytes [48, B8, 39, E7, 9D, 75] .text C:\Windows\system32\SearchIndexer.exe[5684] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant + 8 0000000076fa1ce8 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\SearchIndexer.exe[5684] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcess 0000000076fa1d30 6 bytes [48, B8, 79, 28, 9D, 75] .text C:\Windows\system32\SearchIndexer.exe[5684] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcess + 8 0000000076fa1d38 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\SearchIndexer.exe[5684] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076fa1d90 6 bytes [48, B8, F9, 24, 9D, 75] .text C:\Windows\system32\SearchIndexer.exe[5684] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx + 8 0000000076fa1d98 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\SearchIndexer.exe[5684] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076fa2100 6 bytes [48, B8, 39, D2, 9D, 75] .text C:\Windows\system32\SearchIndexer.exe[5684] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver + 8 0000000076fa2108 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\SearchIndexer.exe[5684] C:\Windows\SYSTEM32\ntdll.dll!NtRaiseHardError 0000000076fa2640 6 bytes [48, B8, 39, 7E, 9D, 75] .text C:\Windows\system32\SearchIndexer.exe[5684] C:\Windows\SYSTEM32\ntdll.dll!NtRaiseHardError + 8 0000000076fa2648 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\SearchIndexer.exe[5684] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076fa2840 6 bytes [48, B8, 39, 31, 9D, 75] .text C:\Windows\system32\SearchIndexer.exe[5684] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread + 8 0000000076fa2848 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\SearchIndexer.exe[5684] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000076fa2a00 6 bytes [48, B8, F9, D3, 9D, 75] .text C:\Windows\system32\SearchIndexer.exe[5684] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation + 8 0000000076fa2a08 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\SearchIndexer.exe[5684] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076fa2b00 6 bytes [48, B8, F9, EF, 9D, 75] .text C:\Windows\system32\SearchIndexer.exe[5684] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl + 8 0000000076fa2b08 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\SearchIndexer.exe[5684] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000076fa2be0 6 bytes [48, B8, F9, E1, 9D, 75] .text C:\Windows\system32\SearchIndexer.exe[5684] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl + 8 0000000076fa2be8 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\SearchIndexer.exe[5684] C:\Windows\SYSTEM32\ntdll.dll!RtlReportException + 1 00000000770131f1 11 bytes [B8, F9, 7F, 9D, 75, 00, 00, ...] .text C:\Windows\system32\SearchIndexer.exe[5684] C:\Windows\system32\kernel32.dll!Process32NextW + 1 0000000076e320f1 11 bytes [B8, B9, CE, 9D, 75, 00, 00, ...] .text C:\Windows\system32\SearchIndexer.exe[5684] C:\Windows\system32\kernel32.dll!CreateToolhelp32Snapshot 0000000076e321e0 12 bytes [48, B8, F9, 39, 9D, 75, 00, ...] .text C:\Windows\system32\SearchIndexer.exe[5684] C:\Windows\system32\kernel32.dll!CreateProcessInternalW 0000000076e4e750 12 bytes [48, B8, B9, 2D, 9D, 75, 00, ...] .text C:\Windows\system32\SearchIndexer.exe[5684] C:\Windows\system32\kernel32.dll!GetStartupInfoA + 1 0000000076e51e31 11 bytes [B8, 39, E0, 9D, 75, 00, 00, ...] .text C:\Windows\system32\SearchIndexer.exe[5684] C:\Windows\system32\kernel32.dll!ReadConsoleInputW + 1 0000000076e85011 11 bytes [B8, 79, 75, 9D, 75, 00, 00, ...] .text C:\Windows\system32\SearchIndexer.exe[5684] C:\Windows\system32\kernel32.dll!ReadConsoleInputA + 1 0000000076e85031 11 bytes [B8, F9, 71, 9D, 75, 00, 00, ...] .text C:\Windows\system32\SearchIndexer.exe[5684] C:\Windows\system32\kernel32.dll!ReadConsoleW 0000000076e9a560 12 bytes [48, B8, 79, 7C, 9D, 75, 00, ...] .text C:\Windows\system32\SearchIndexer.exe[5684] C:\Windows\system32\kernel32.dll!ReadConsoleA 0000000076e9a670 12 bytes [48, B8, F9, 78, 9D, 75, 00, ...] .text C:\Windows\system32\SearchIndexer.exe[5684] C:\Windows\system32\KERNELBASE.dll!CloseHandle + 1 000007fefd101861 11 bytes [B8, 39, 4D, 9D, 75, 00, 00, ...] .text C:\Windows\system32\SearchIndexer.exe[5684] C:\Windows\system32\KERNELBASE.dll!GetProcAddress + 1 000007fefd1030f1 11 bytes [B8, 39, C4, 9D, 75, 00, 00, ...] .text C:\Windows\system32\SearchIndexer.exe[5684] C:\Windows\system32\KERNELBASE.dll!CreateMutexW 000007fefd108b80 12 bytes [48, B8, 79, 4B, 9D, 75, 00, ...] .text C:\Windows\system32\SearchIndexer.exe[5684] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd109940 12 bytes [48, B8, B9, C0, 9D, 75, 00, ...] .text C:\Windows\system32\SearchIndexer.exe[5684] C:\Windows\system32\KERNELBASE.dll!FreeLibrary + 1 000007fefd109fb1 11 bytes [B8, 79, C2, 9D, 75, 00, 00, ...] .text C:\Windows\system32\SearchIndexer.exe[5684] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExA + 1 000007fefd10bbb1 11 bytes [B8, F9, BE, 9D, 75, 00, 00, ...] .text C:\Windows\system32\SearchIndexer.exe[5684] C:\Windows\system32\KERNELBASE.dll!OpenMutexW + 1 000007fefd1129c1 11 bytes [B8, B9, 49, 9D, 75, 00, 00, ...] .text C:\Windows\system32\SearchIndexer.exe[5684] C:\Windows\system32\KERNELBASE.dll!WriteProcessMemory 000007fefd134320 12 bytes [48, B8, 79, 3D, 9D, 75, 00, ...] .text C:\Windows\system32\SearchIndexer.exe[5684] C:\Windows\system32\KERNELBASE.dll!CreateRemoteThread + 1 000007fefd142841 8 bytes [B8, 39, 23, 9D, 75, 00, 00, ...] .text C:\Windows\system32\SearchIndexer.exe[5684] C:\Windows\system32\KERNELBASE.dll!CreateRemoteThread + 10 000007fefd14284a 2 bytes [50, C3] .text C:\Windows\system32\SearchIndexer.exe[5684] C:\Windows\system32\KERNELBASE.dll!CreateThread + 1 000007fefd142881 11 bytes [B8, B9, 3B, 9D, 75, 00, 00, ...] .text C:\Windows\system32\SearchIndexer.exe[5684] C:\Windows\SYSTEM32\sechost.dll!ControlService + 1 000007fefd27642d 11 bytes [B8, F9, 55, 9D, 75, 00, 00, ...] .text C:\Windows\system32\SearchIndexer.exe[5684] C:\Windows\SYSTEM32\sechost.dll!OpenServiceW 000007fefd276484 12 bytes [48, B8, B9, 50, 9D, 75, 00, ...] .text C:\Windows\system32\SearchIndexer.exe[5684] C:\Windows\SYSTEM32\sechost.dll!CloseServiceHandle + 1 000007fefd276519 11 bytes [B8, F9, 5C, 9D, 75, 00, 00, ...] .text C:\Windows\system32\SearchIndexer.exe[5684] C:\Windows\SYSTEM32\sechost.dll!OpenServiceA 000007fefd276c34 12 bytes [48, B8, F9, 4E, 9D, 75, 00, ...] .text C:\Windows\system32\SearchIndexer.exe[5684] C:\Windows\SYSTEM32\sechost.dll!DeleteService + 1 000007fefd277ab5 11 bytes [B8, B9, 57, 9D, 75, 00, 00, ...] .text C:\Windows\system32\SearchIndexer.exe[5684] C:\Windows\SYSTEM32\sechost.dll!ControlServiceExA + 1 000007fefd278b01 11 bytes [B8, 79, 52, 9D, 75, 00, 00, ...] .text C:\Windows\system32\SearchIndexer.exe[5684] C:\Windows\SYSTEM32\sechost.dll!ControlServiceExW + 1 000007fefd278c39 11 bytes [B8, 39, 54, 9D, 75, 00, 00, ...] .text C:\Program Files\Windows Media Player\wmpnetwk.exe[6028] C:\Windows\system32\kernel32.dll!Process32NextW + 1 0000000076e320f1 11 bytes [B8, B9, CE, 9D, 75, 00, 00, ...] .text C:\Program Files\Windows Media Player\wmpnetwk.exe[6028] C:\Windows\system32\kernel32.dll!CreateToolhelp32Snapshot 0000000076e321e0 12 bytes [48, B8, F9, 39, 9D, 75, 00, ...] .text C:\Program Files\Windows Media Player\wmpnetwk.exe[6028] C:\Windows\system32\kernel32.dll!CreateProcessInternalW 0000000076e4e750 12 bytes [48, B8, B9, 2D, 9D, 75, 00, ...] .text C:\Program Files\Windows Media Player\wmpnetwk.exe[6028] C:\Windows\system32\kernel32.dll!GetStartupInfoA + 1 0000000076e51e31 11 bytes [B8, 39, E0, 9D, 75, 00, 00, ...] .text C:\Program Files\Windows Media Player\wmpnetwk.exe[6028] C:\Windows\system32\kernel32.dll!ReadConsoleInputW + 1 0000000076e85011 11 bytes [B8, 79, 75, 9D, 75, 00, 00, ...] .text C:\Program Files\Windows Media Player\wmpnetwk.exe[6028] C:\Windows\system32\kernel32.dll!ReadConsoleInputA + 1 0000000076e85031 11 bytes [B8, F9, 71, 9D, 75, 00, 00, ...] .text C:\Program Files\Windows Media Player\wmpnetwk.exe[6028] C:\Windows\system32\kernel32.dll!ReadConsoleW 0000000076e9a560 12 bytes [48, B8, 79, 7C, 9D, 75, 00, ...] .text C:\Program Files\Windows Media Player\wmpnetwk.exe[6028] C:\Windows\system32\kernel32.dll!ReadConsoleA 0000000076e9a670 12 bytes [48, B8, F9, 78, 9D, 75, 00, ...] .text C:\Program Files\Windows Media Player\wmpnetwk.exe[6028] C:\Windows\system32\KERNELBASE.dll!CloseHandle + 1 000007fefd101861 11 bytes [B8, 39, 4D, 9D, 75, 00, 00, ...] .text C:\Program Files\Windows Media Player\wmpnetwk.exe[6028] C:\Windows\system32\KERNELBASE.dll!GetProcAddress + 1 000007fefd1030f1 11 bytes [B8, 39, C4, 9D, 75, 00, 00, ...] .text C:\Program Files\Windows Media Player\wmpnetwk.exe[6028] C:\Windows\system32\KERNELBASE.dll!CreateMutexW 000007fefd108b80 12 bytes [48, B8, 79, 4B, 9D, 75, 00, ...] .text C:\Program Files\Windows Media Player\wmpnetwk.exe[6028] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd109940 12 bytes [48, B8, B9, C0, 9D, 75, 00, ...] .text C:\Program Files\Windows Media Player\wmpnetwk.exe[6028] C:\Windows\system32\KERNELBASE.dll!FreeLibrary + 1 000007fefd109fb1 11 bytes [B8, 79, C2, 9D, 75, 00, 00, ...] .text C:\Program Files\Windows Media Player\wmpnetwk.exe[6028] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExA + 1 000007fefd10bbb1 11 bytes [B8, F9, BE, 9D, 75, 00, 00, ...] .text C:\Program Files\Windows Media Player\wmpnetwk.exe[6028] C:\Windows\system32\KERNELBASE.dll!OpenMutexW + 1 000007fefd1129c1 11 bytes [B8, B9, 49, 9D, 75, 00, 00, ...] .text C:\Program Files\Windows Media Player\wmpnetwk.exe[6028] C:\Windows\system32\KERNELBASE.dll!WriteProcessMemory 000007fefd134320 12 bytes [48, B8, 79, 3D, 9D, 75, 00, ...] .text C:\Program Files\Windows Media Player\wmpnetwk.exe[6028] C:\Windows\system32\KERNELBASE.dll!CreateRemoteThread + 1 000007fefd142841 8 bytes [B8, 39, 23, 9D, 75, 00, 00, ...] .text C:\Program Files\Windows Media Player\wmpnetwk.exe[6028] C:\Windows\system32\KERNELBASE.dll!CreateRemoteThread + 10 000007fefd14284a 2 bytes [50, C3] .text C:\Program Files\Windows Media Player\wmpnetwk.exe[6028] C:\Windows\system32\KERNELBASE.dll!CreateThread + 1 000007fefd142881 11 bytes [B8, B9, 3B, 9D, 75, 00, 00, ...] .text C:\Windows\system32\svchost.exe[5776] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateProcessParametersEx + 1 0000000076f892a1 5 bytes [B8, F9, 63, 9D, 75] .text C:\Windows\system32\svchost.exe[5776] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateProcessParametersEx + 7 0000000076f892a7 5 bytes [00, 00, 00, 50, C3] .text C:\Windows\system32\svchost.exe[5776] C:\Windows\SYSTEM32\ntdll.dll!NtWriteFile 0000000076fa1390 6 bytes [48, B8, 39, E7, 9D, 75] .text C:\Windows\system32\svchost.exe[5776] C:\Windows\SYSTEM32\ntdll.dll!NtWriteFile + 8 0000000076fa1398 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\svchost.exe[5776] C:\Windows\SYSTEM32\ntdll.dll!NtClose 0000000076fa1400 6 bytes [48, B8, 79, D0, 9D, 75] .text C:\Windows\system32\svchost.exe[5776] C:\Windows\SYSTEM32\ntdll.dll!NtClose + 8 0000000076fa1408 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\svchost.exe[5776] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess 0000000076fa14d0 6 bytes [48, B8, 39, BD, 9D, 75] .text C:\Windows\system32\svchost.exe[5776] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess + 8 0000000076fa14d8 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\svchost.exe[5776] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000076fa1570 6 bytes [48, B8, F9, 32, 9D, 75] .text C:\Windows\system32\svchost.exe[5776] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess + 8 0000000076fa1578 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\svchost.exe[5776] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 0000000076fa1590 6 bytes [48, B8, 39, 1C, 9D, 75] .text C:\Windows\system32\svchost.exe[5776] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection + 8 0000000076fa1598 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\svchost.exe[5776] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection 0000000076fa15b0 6 bytes [48, B8, F9, 1D, 9D, 75] .text C:\Windows\system32\svchost.exe[5776] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection + 8 0000000076fa15b8 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\svchost.exe[5776] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076fa15d0 6 bytes [48, B8, 79, BB, 9D, 75] .text C:\Windows\system32\svchost.exe[5776] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess + 8 0000000076fa15d8 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\svchost.exe[5776] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076fa1680 6 bytes [48, B8, B9, E3, 9D, 75] .text C:\Windows\system32\svchost.exe[5776] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection + 8 0000000076fa1688 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\svchost.exe[5776] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076fa16b0 6 bytes [48, B8, 79, 2F, 9D, 75] .text C:\Windows\system32\svchost.exe[5776] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory + 8 0000000076fa16b8 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\svchost.exe[5776] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000076fa16d0 6 bytes [48, B8, 79, 36, 9D, 75] .text C:\Windows\system32\svchost.exe[5776] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject + 8 0000000076fa16d8 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\svchost.exe[5776] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 0000000076fa1760 6 bytes [48, B8, B9, 34, 9D, 75] .text C:\Windows\system32\svchost.exe[5776] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread + 8 0000000076fa1768 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\svchost.exe[5776] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076fa17b0 6 bytes [48, B8, F9, E8, 9D, 75] .text C:\Windows\system32\svchost.exe[5776] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection + 8 0000000076fa17b8 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\svchost.exe[5776] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcessEx 0000000076fa17e0 6 bytes [48, B8, 39, 2A, 9D, 75] .text C:\Windows\system32\svchost.exe[5776] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcessEx + 8 0000000076fa17e8 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\svchost.exe[5776] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076fa17f0 6 bytes [48, B8, B9, 26, 9D, 75] .text C:\Windows\system32\svchost.exe[5776] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread + 8 0000000076fa17f8 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\svchost.exe[5776] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 0000000076fa1860 6 bytes [48, B8, 79, E5, 9D, 75] .text C:\Windows\system32\svchost.exe[5776] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile + 8 0000000076fa1868 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\svchost.exe[5776] C:\Windows\SYSTEM32\ntdll.dll!NtSetValueKey 0000000076fa1910 6 bytes [48, B8, 79, EC, 9D, 75] .text C:\Windows\system32\svchost.exe[5776] C:\Windows\SYSTEM32\ntdll.dll!NtSetValueKey + 8 0000000076fa1918 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\svchost.exe[5776] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076fa1ce0 6 bytes [48, B8, F9, E1, 9D, 75] .text C:\Windows\system32\svchost.exe[5776] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant + 8 0000000076fa1ce8 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\svchost.exe[5776] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcess 0000000076fa1d30 6 bytes [48, B8, 79, 28, 9D, 75] .text C:\Windows\system32\svchost.exe[5776] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcess + 8 0000000076fa1d38 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\svchost.exe[5776] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076fa1d90 6 bytes [48, B8, F9, 24, 9D, 75] .text C:\Windows\system32\svchost.exe[5776] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx + 8 0000000076fa1d98 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\svchost.exe[5776] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076fa2100 6 bytes [48, B8, 39, D2, 9D, 75] .text C:\Windows\system32\svchost.exe[5776] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver + 8 0000000076fa2108 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\svchost.exe[5776] C:\Windows\SYSTEM32\ntdll.dll!NtRaiseHardError 0000000076fa2640 6 bytes [48, B8, 39, 7E, 9D, 75] .text C:\Windows\system32\svchost.exe[5776] C:\Windows\SYSTEM32\ntdll.dll!NtRaiseHardError + 8 0000000076fa2648 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\svchost.exe[5776] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076fa2840 6 bytes [48, B8, 39, 31, 9D, 75] .text C:\Windows\system32\svchost.exe[5776] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread + 8 0000000076fa2848 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\svchost.exe[5776] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000076fa2a00 6 bytes [48, B8, F9, D3, 9D, 75] .text C:\Windows\system32\svchost.exe[5776] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation + 8 0000000076fa2a08 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\svchost.exe[5776] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076fa2b00 6 bytes [48, B8, B9, EA, 9D, 75] .text C:\Windows\system32\svchost.exe[5776] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl + 8 0000000076fa2b08 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\svchost.exe[5776] C:\Windows\SYSTEM32\ntdll.dll!RtlReportException + 1 00000000770131f1 11 bytes [B8, F9, 7F, 9D, 75, 00, 00, ...] .text C:\Windows\system32\svchost.exe[5776] C:\Windows\system32\kernel32.dll!Process32NextW + 1 0000000076e320f1 11 bytes [B8, B9, CE, 9D, 75, 00, 00, ...] .text C:\Windows\system32\svchost.exe[5776] C:\Windows\system32\kernel32.dll!CreateToolhelp32Snapshot 0000000076e321e0 12 bytes [48, B8, F9, 39, 9D, 75, 00, ...] .text C:\Windows\system32\svchost.exe[5776] C:\Windows\system32\kernel32.dll!CreateProcessInternalW 0000000076e4e750 12 bytes [48, B8, B9, 2D, 9D, 75, 00, ...] .text C:\Windows\system32\svchost.exe[5776] C:\Windows\system32\kernel32.dll!GetStartupInfoA + 1 0000000076e51e31 11 bytes [B8, 39, E0, 9D, 75, 00, 00, ...] .text C:\Windows\system32\svchost.exe[5776] C:\Windows\system32\kernel32.dll!ReadConsoleInputW + 1 0000000076e85011 11 bytes [B8, 79, 75, 9D, 75, 00, 00, ...] .text C:\Windows\system32\svchost.exe[5776] C:\Windows\system32\kernel32.dll!ReadConsoleInputA + 1 0000000076e85031 11 bytes [B8, F9, 71, 9D, 75, 00, 00, ...] .text C:\Windows\system32\svchost.exe[5776] C:\Windows\system32\kernel32.dll!ReadConsoleW 0000000076e9a560 12 bytes [48, B8, 79, 7C, 9D, 75, 00, ...] .text C:\Windows\system32\svchost.exe[5776] C:\Windows\system32\kernel32.dll!ReadConsoleA 0000000076e9a670 12 bytes [48, B8, F9, 78, 9D, 75, 00, ...] .text C:\Windows\system32\svchost.exe[5776] C:\Windows\system32\KERNELBASE.dll!CloseHandle + 1 000007fefd101861 11 bytes [B8, 39, 4D, 9D, 75, 00, 00, ...] .text C:\Windows\system32\svchost.exe[5776] C:\Windows\system32\KERNELBASE.dll!GetProcAddress + 1 000007fefd1030f1 11 bytes [B8, 39, C4, 9D, 75, 00, 00, ...] .text C:\Windows\system32\svchost.exe[5776] C:\Windows\system32\KERNELBASE.dll!CreateMutexW 000007fefd108b80 12 bytes [48, B8, 79, 4B, 9D, 75, 00, ...] .text C:\Windows\system32\svchost.exe[5776] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd109940 12 bytes [48, B8, B9, C0, 9D, 75, 00, ...] .text C:\Windows\system32\svchost.exe[5776] C:\Windows\system32\KERNELBASE.dll!FreeLibrary + 1 000007fefd109fb1 11 bytes [B8, 79, C2, 9D, 75, 00, 00, ...] .text C:\Windows\system32\svchost.exe[5776] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExA + 1 000007fefd10bbb1 11 bytes [B8, F9, BE, 9D, 75, 00, 00, ...] .text C:\Windows\system32\svchost.exe[5776] C:\Windows\system32\KERNELBASE.dll!OpenMutexW + 1 000007fefd1129c1 11 bytes [B8, B9, 49, 9D, 75, 00, 00, ...] .text C:\Windows\system32\svchost.exe[5776] C:\Windows\system32\KERNELBASE.dll!WriteProcessMemory 000007fefd134320 12 bytes [48, B8, 79, 3D, 9D, 75, 00, ...] .text C:\Windows\system32\svchost.exe[5776] C:\Windows\system32\KERNELBASE.dll!CreateRemoteThread + 1 000007fefd142841 8 bytes [B8, 39, 23, 9D, 75, 00, 00, ...] .text C:\Windows\system32\svchost.exe[5776] C:\Windows\system32\KERNELBASE.dll!CreateRemoteThread + 10 000007fefd14284a 2 bytes [50, C3] .text C:\Windows\system32\svchost.exe[5776] C:\Windows\system32\KERNELBASE.dll!CreateThread + 1 000007fefd142881 11 bytes [B8, B9, 3B, 9D, 75, 00, 00, ...] .text C:\Windows\System32\svchost.exe[6452] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateProcessParametersEx + 1 0000000076f892a1 5 bytes [B8, F9, 63, 9D, 75] .text C:\Windows\System32\svchost.exe[6452] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateProcessParametersEx + 7 0000000076f892a7 5 bytes [00, 00, 00, 50, C3] .text C:\Windows\System32\svchost.exe[6452] C:\Windows\SYSTEM32\ntdll.dll!NtWriteFile 0000000076fa1390 6 bytes [48, B8, 39, E7, 9D, 75] .text C:\Windows\System32\svchost.exe[6452] C:\Windows\SYSTEM32\ntdll.dll!NtWriteFile + 8 0000000076fa1398 4 bytes [00, 00, 50, C3] .text C:\Windows\System32\svchost.exe[6452] C:\Windows\SYSTEM32\ntdll.dll!NtClose 0000000076fa1400 6 bytes [48, B8, 79, D0, 9D, 75] .text C:\Windows\System32\svchost.exe[6452] C:\Windows\SYSTEM32\ntdll.dll!NtClose + 8 0000000076fa1408 4 bytes [00, 00, 50, C3] .text C:\Windows\System32\svchost.exe[6452] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess 0000000076fa14d0 6 bytes [48, B8, 39, BD, 9D, 75] .text C:\Windows\System32\svchost.exe[6452] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess + 8 0000000076fa14d8 4 bytes [00, 00, 50, C3] .text C:\Windows\System32\svchost.exe[6452] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000076fa1570 6 bytes [48, B8, F9, 32, 9D, 75] .text C:\Windows\System32\svchost.exe[6452] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess + 8 0000000076fa1578 4 bytes [00, 00, 50, C3] .text C:\Windows\System32\svchost.exe[6452] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 0000000076fa1590 6 bytes [48, B8, 39, 1C, 9D, 75] .text C:\Windows\System32\svchost.exe[6452] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection + 8 0000000076fa1598 4 bytes [00, 00, 50, C3] .text C:\Windows\System32\svchost.exe[6452] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection 0000000076fa15b0 6 bytes [48, B8, F9, 1D, 9D, 75] .text C:\Windows\System32\svchost.exe[6452] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection + 8 0000000076fa15b8 4 bytes [00, 00, 50, C3] .text C:\Windows\System32\svchost.exe[6452] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076fa15d0 6 bytes [48, B8, 79, BB, 9D, 75] .text C:\Windows\System32\svchost.exe[6452] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess + 8 0000000076fa15d8 4 bytes [00, 00, 50, C3] .text C:\Windows\System32\svchost.exe[6452] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076fa1680 6 bytes [48, B8, B9, E3, 9D, 75] .text C:\Windows\System32\svchost.exe[6452] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection + 8 0000000076fa1688 4 bytes [00, 00, 50, C3] .text C:\Windows\System32\svchost.exe[6452] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076fa16b0 6 bytes [48, B8, 79, 2F, 9D, 75] .text C:\Windows\System32\svchost.exe[6452] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory + 8 0000000076fa16b8 4 bytes [00, 00, 50, C3] .text C:\Windows\System32\svchost.exe[6452] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000076fa16d0 6 bytes [48, B8, 79, 36, 9D, 75] .text C:\Windows\System32\svchost.exe[6452] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject + 8 0000000076fa16d8 4 bytes [00, 00, 50, C3] .text C:\Windows\System32\svchost.exe[6452] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 0000000076fa1760 6 bytes [48, B8, B9, 34, 9D, 75] .text C:\Windows\System32\svchost.exe[6452] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread + 8 0000000076fa1768 4 bytes [00, 00, 50, C3] .text C:\Windows\System32\svchost.exe[6452] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076fa17b0 6 bytes [48, B8, F9, E8, 9D, 75] .text C:\Windows\System32\svchost.exe[6452] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection + 8 0000000076fa17b8 4 bytes [00, 00, 50, C3] .text C:\Windows\System32\svchost.exe[6452] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcessEx 0000000076fa17e0 6 bytes [48, B8, 39, 2A, 9D, 75] .text C:\Windows\System32\svchost.exe[6452] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcessEx + 8 0000000076fa17e8 4 bytes [00, 00, 50, C3] .text C:\Windows\System32\svchost.exe[6452] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076fa17f0 6 bytes [48, B8, B9, 26, 9D, 75] .text C:\Windows\System32\svchost.exe[6452] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread + 8 0000000076fa17f8 4 bytes [00, 00, 50, C3] .text C:\Windows\System32\svchost.exe[6452] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 0000000076fa1860 6 bytes [48, B8, 79, E5, 9D, 75] .text C:\Windows\System32\svchost.exe[6452] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile + 8 0000000076fa1868 4 bytes [00, 00, 50, C3] .text C:\Windows\System32\svchost.exe[6452] C:\Windows\SYSTEM32\ntdll.dll!NtSetValueKey 0000000076fa1910 6 bytes [48, B8, 79, EC, 9D, 75] .text C:\Windows\System32\svchost.exe[6452] C:\Windows\SYSTEM32\ntdll.dll!NtSetValueKey + 8 0000000076fa1918 4 bytes [00, 00, 50, C3] .text C:\Windows\System32\svchost.exe[6452] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076fa1ce0 6 bytes [48, B8, F9, E1, 9D, 75] .text C:\Windows\System32\svchost.exe[6452] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant + 8 0000000076fa1ce8 4 bytes [00, 00, 50, C3] .text C:\Windows\System32\svchost.exe[6452] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcess 0000000076fa1d30 6 bytes [48, B8, 79, 28, 9D, 75] .text C:\Windows\System32\svchost.exe[6452] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcess + 8 0000000076fa1d38 4 bytes [00, 00, 50, C3] .text C:\Windows\System32\svchost.exe[6452] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076fa1d90 6 bytes [48, B8, F9, 24, 9D, 75] .text C:\Windows\System32\svchost.exe[6452] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx + 8 0000000076fa1d98 4 bytes [00, 00, 50, C3] .text C:\Windows\System32\svchost.exe[6452] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076fa2100 6 bytes [48, B8, 39, D2, 9D, 75] .text C:\Windows\System32\svchost.exe[6452] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver + 8 0000000076fa2108 4 bytes [00, 00, 50, C3] .text C:\Windows\System32\svchost.exe[6452] C:\Windows\SYSTEM32\ntdll.dll!NtRaiseHardError 0000000076fa2640 6 bytes [48, B8, 39, 7E, 9D, 75] .text C:\Windows\System32\svchost.exe[6452] C:\Windows\SYSTEM32\ntdll.dll!NtRaiseHardError + 8 0000000076fa2648 4 bytes [00, 00, 50, C3] .text C:\Windows\System32\svchost.exe[6452] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076fa2840 6 bytes [48, B8, 39, 31, 9D, 75] .text C:\Windows\System32\svchost.exe[6452] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread + 8 0000000076fa2848 4 bytes [00, 00, 50, C3] .text C:\Windows\System32\svchost.exe[6452] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000076fa2a00 6 bytes [48, B8, F9, D3, 9D, 75] .text C:\Windows\System32\svchost.exe[6452] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation + 8 0000000076fa2a08 4 bytes [00, 00, 50, C3] .text C:\Windows\System32\svchost.exe[6452] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076fa2b00 6 bytes [48, B8, B9, EA, 9D, 75] .text C:\Windows\System32\svchost.exe[6452] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl + 8 0000000076fa2b08 4 bytes [00, 00, 50, C3] .text C:\Windows\System32\svchost.exe[6452] C:\Windows\SYSTEM32\ntdll.dll!RtlReportException + 1 00000000770131f1 11 bytes [B8, F9, 7F, 9D, 75, 00, 00, ...] .text C:\Windows\System32\svchost.exe[6452] C:\Windows\system32\kernel32.dll!Process32NextW + 1 0000000076e320f1 11 bytes [B8, B9, CE, 9D, 75, 00, 00, ...] .text C:\Windows\System32\svchost.exe[6452] C:\Windows\system32\kernel32.dll!CreateToolhelp32Snapshot 0000000076e321e0 12 bytes [48, B8, F9, 39, 9D, 75, 00, ...] .text C:\Windows\System32\svchost.exe[6452] C:\Windows\system32\kernel32.dll!CreateProcessInternalW 0000000076e4e750 12 bytes [48, B8, B9, 2D, 9D, 75, 00, ...] .text C:\Windows\System32\svchost.exe[6452] C:\Windows\system32\kernel32.dll!GetStartupInfoA + 1 0000000076e51e31 11 bytes [B8, 39, E0, 9D, 75, 00, 00, ...] .text C:\Windows\System32\svchost.exe[6452] C:\Windows\system32\kernel32.dll!ReadConsoleInputW + 1 0000000076e85011 11 bytes [B8, 79, 75, 9D, 75, 00, 00, ...] .text C:\Windows\System32\svchost.exe[6452] C:\Windows\system32\kernel32.dll!ReadConsoleInputA + 1 0000000076e85031 11 bytes [B8, F9, 71, 9D, 75, 00, 00, ...] .text C:\Windows\System32\svchost.exe[6452] C:\Windows\system32\kernel32.dll!ReadConsoleW 0000000076e9a560 12 bytes [48, B8, 79, 7C, 9D, 75, 00, ...] .text C:\Windows\System32\svchost.exe[6452] C:\Windows\system32\kernel32.dll!ReadConsoleA 0000000076e9a670 12 bytes [48, B8, F9, 78, 9D, 75, 00, ...] .text C:\Windows\System32\svchost.exe[6452] C:\Windows\system32\KERNELBASE.dll!CloseHandle + 1 000007fefd101861 11 bytes [B8, 39, 4D, 9D, 75, 00, 00, ...] .text C:\Windows\System32\svchost.exe[6452] C:\Windows\system32\KERNELBASE.dll!GetProcAddress + 1 000007fefd1030f1 11 bytes [B8, 39, C4, 9D, 75, 00, 00, ...] .text C:\Windows\System32\svchost.exe[6452] C:\Windows\system32\KERNELBASE.dll!CreateMutexW 000007fefd108b80 12 bytes [48, B8, 79, 4B, 9D, 75, 00, ...] .text C:\Windows\System32\svchost.exe[6452] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd109940 12 bytes [48, B8, B9, C0, 9D, 75, 00, ...] .text C:\Windows\System32\svchost.exe[6452] C:\Windows\system32\KERNELBASE.dll!FreeLibrary + 1 000007fefd109fb1 11 bytes [B8, 79, C2, 9D, 75, 00, 00, ...] .text C:\Windows\System32\svchost.exe[6452] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExA + 1 000007fefd10bbb1 11 bytes [B8, F9, BE, 9D, 75, 00, 00, ...] .text C:\Windows\System32\svchost.exe[6452] C:\Windows\system32\KERNELBASE.dll!OpenMutexW + 1 000007fefd1129c1 11 bytes [B8, B9, 49, 9D, 75, 00, 00, ...] .text C:\Windows\System32\svchost.exe[6452] C:\Windows\system32\KERNELBASE.dll!WriteProcessMemory 000007fefd134320 12 bytes [48, B8, 79, 3D, 9D, 75, 00, ...] .text C:\Windows\System32\svchost.exe[6452] C:\Windows\system32\KERNELBASE.dll!CreateRemoteThread + 1 000007fefd142841 8 bytes [B8, 39, 23, 9D, 75, 00, 00, ...] .text C:\Windows\System32\svchost.exe[6452] C:\Windows\system32\KERNELBASE.dll!CreateRemoteThread + 10 000007fefd14284a 2 bytes [50, C3] .text C:\Windows\System32\svchost.exe[6452] C:\Windows\system32\KERNELBASE.dll!CreateThread + 1 000007fefd142881 11 bytes [B8, B9, 3B, 9D, 75, 00, 00, ...] .text C:\Windows\System32\svchost.exe[6452] C:\Windows\system32\WS2_32.dll!WSASend + 1 000007fefdeb13b1 11 bytes [B8, B9, B9, 9D, 75, 00, 00, ...] .text C:\Windows\System32\svchost.exe[6452] C:\Windows\system32\WS2_32.dll!closesocket 000007fefdeb18e0 12 bytes [48, B8, F9, B7, 9D, 75, 00, ...] .text C:\Windows\System32\svchost.exe[6452] C:\Windows\system32\WS2_32.dll!WSASocketW + 1 000007fefdeb1bd1 11 bytes [B8, 39, B6, 9D, 75, 00, 00, ...] .text C:\Windows\System32\svchost.exe[6452] C:\Windows\system32\WS2_32.dll!WSARecv + 1 000007fefdeb2201 11 bytes [B8, B9, DC, 9D, 75, 00, 00, ...] .text C:\Windows\System32\svchost.exe[6452] C:\Windows\system32\WS2_32.dll!GetAddrInfoW 000007fefdeb23c0 12 bytes [48, B8, 39, A1, 9D, 75, 00, ...] .text C:\Windows\System32\svchost.exe[6452] C:\Windows\system32\WS2_32.dll!connect 000007fefdeb45c0 12 bytes [48, B8, 39, 62, 9D, 75, 00, ...] .text C:\Windows\System32\svchost.exe[6452] C:\Windows\system32\WS2_32.dll!send + 1 000007fefdeb8001 11 bytes [B8, 79, B4, 9D, 75, 00, 00, ...] .text C:\Windows\System32\svchost.exe[6452] C:\Windows\system32\WS2_32.dll!gethostbyname 000007fefdeb8df0 7 bytes [48, B8, F9, A2, 9D, 75, 00] .text C:\Windows\System32\svchost.exe[6452] C:\Windows\system32\WS2_32.dll!gethostbyname + 9 000007fefdeb8df9 3 bytes [00, 50, C3] .text C:\Windows\System32\svchost.exe[6452] C:\Windows\system32\WS2_32.dll!socket + 1 000007fefdebde91 11 bytes [B8, B9, D5, 9D, 75, 00, 00, ...] .text C:\Windows\System32\svchost.exe[6452] C:\Windows\system32\WS2_32.dll!recv + 1 000007fefdebdf41 11 bytes [B8, F9, DA, 9D, 75, 00, 00, ...] .text C:\Windows\System32\svchost.exe[6452] C:\Windows\system32\WS2_32.dll!WSAConnect + 1 000007fefdede0f1 11 bytes [B8, 39, D9, 9D, 75, 00, 00, ...] .text D:\Downloads\FDM\pedmbxm7.exe[5768] C:\Windows\SysWOW64\ntdll.dll!NtReadFile 000000007714f8d0 5 bytes JMP 0000000173fa60c1 .text D:\Downloads\FDM\pedmbxm7.exe[5768] C:\Windows\SysWOW64\ntdll.dll!NtWriteFile 000000007714f908 5 bytes JMP 0000000173fa66f1 .text D:\Downloads\FDM\pedmbxm7.exe[5768] C:\Windows\SysWOW64\ntdll.dll!NtClose 000000007714f9c0 5 bytes JMP 0000000173fa5f11 .text D:\Downloads\FDM\pedmbxm7.exe[5768] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationProcess 000000007714fb08 5 bytes JMP 0000000173fa5971 .text D:\Downloads\FDM\pedmbxm7.exe[5768] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess 000000007714fc00 5 bytes JMP 0000000173fa3061 .text D:\Downloads\FDM\pedmbxm7.exe[5768] C:\Windows\SysWOW64\ntdll.dll!NtMapViewOfSection 000000007714fc30 5 bytes JMP 0000000173fa15f1 .text D:\Downloads\FDM\pedmbxm7.exe[5768] C:\Windows\SysWOW64\ntdll.dll!NtUnmapViewOfSection 000000007714fc60 5 bytes JMP 0000000173fa1681 .text D:\Downloads\FDM\pedmbxm7.exe[5768] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 000000007714fc90 5 bytes JMP 0000000173fa58e1 .text D:\Downloads\FDM\pedmbxm7.exe[5768] C:\Windows\SysWOW64\ntdll.dll!NtOpenSection 000000007714fda8 5 bytes JMP 0000000173fa6661 .text D:\Downloads\FDM\pedmbxm7.exe[5768] C:\Windows\SysWOW64\ntdll.dll!NtWriteVirtualMemory 000000007714fdf4 5 bytes JMP 0000000173fa2f41 .text D:\Downloads\FDM\pedmbxm7.exe[5768] C:\Windows\SysWOW64\ntdll.dll!NtDuplicateObject 000000007714fe24 5 bytes JMP 0000000173fa3181 .text D:\Downloads\FDM\pedmbxm7.exe[5768] C:\Windows\SysWOW64\ntdll.dll!NtQueueApcThread 000000007714ff04 5 bytes JMP 0000000173fa30f1 .text D:\Downloads\FDM\pedmbxm7.exe[5768] C:\Windows\SysWOW64\ntdll.dll!NtCreateSection 000000007714ff84 5 bytes JMP 0000000173fa6781 .text D:\Downloads\FDM\pedmbxm7.exe[5768] C:\Windows\SysWOW64\ntdll.dll!NtCreateProcessEx 000000007714ffcc 5 bytes JMP 0000000173fa2d91 .text D:\Downloads\FDM\pedmbxm7.exe[5768] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread 000000007714ffe4 5 bytes JMP 0000000173fa2c71 .text D:\Downloads\FDM\pedmbxm7.exe[5768] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile 0000000077150094 5 bytes JMP 0000000173fa1e61 .text D:\Downloads\FDM\pedmbxm7.exe[5768] C:\Windows\SysWOW64\ntdll.dll!NtSetValueKey 00000000771501a4 5 bytes JMP 0000000173fa2251 .text D:\Downloads\FDM\pedmbxm7.exe[5768] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant 000000007715077c 5 bytes JMP 0000000173fa65d1 .text D:\Downloads\FDM\pedmbxm7.exe[5768] C:\Windows\SysWOW64\ntdll.dll!NtCreateProcess 00000000771507f4 5 bytes JMP 0000000173fa2d01 .text D:\Downloads\FDM\pedmbxm7.exe[5768] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx 0000000077150884 5 bytes JMP 0000000173fa2be1 .text D:\Downloads\FDM\pedmbxm7.exe[5768] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver 0000000077150dd4 5 bytes JMP 0000000173fa5fa1 .text D:\Downloads\FDM\pedmbxm7.exe[5768] C:\Windows\SysWOW64\ntdll.dll!NtRaiseHardError 00000000771515e4 5 bytes JMP 0000000173fa4651 .text D:\Downloads\FDM\pedmbxm7.exe[5768] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread 0000000077151900 5 bytes JMP 0000000173fa2fd1 .text D:\Downloads\FDM\pedmbxm7.exe[5768] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation 0000000077151bc4 5 bytes JMP 0000000173fa6031 .text D:\Downloads\FDM\pedmbxm7.exe[5768] C:\Windows\SysWOW64\ntdll.dll!NtSystemDebugControl 0000000077151d6c 5 bytes JMP 0000000173fa6811 .text D:\Downloads\FDM\pedmbxm7.exe[5768] C:\Windows\SysWOW64\ntdll.dll!NtVdmControl 0000000077151ec8 5 bytes JMP 0000000173fa6421 .text D:\Downloads\FDM\pedmbxm7.exe[5768] C:\Windows\SysWOW64\ntdll.dll!RtlQueryPerformanceCounter 00000000771688a4 5 bytes JMP 0000000173fa1a71 .text D:\Downloads\FDM\pedmbxm7.exe[5768] C:\Windows\SysWOW64\ntdll.dll!RtlCreateProcessParametersEx 0000000077190cfb 5 bytes JMP 0000000173fa1f81 .text D:\Downloads\FDM\pedmbxm7.exe[5768] C:\Windows\SysWOW64\ntdll.dll!RtlReportException 00000000771d857f 5 bytes JMP 0000000173fa46e1 .text D:\Downloads\FDM\pedmbxm7.exe[5768] C:\Windows\SysWOW64\ntdll.dll!RtlCreateProcessParameters 00000000771de81b 5 bytes JMP 0000000173fa1ef1 .text D:\Downloads\FDM\pedmbxm7.exe[5768] C:\Windows\syswow64\kernel32.dll!GetStartupInfoA 0000000075550e00 5 bytes JMP 0000000173fa1d41 .text D:\Downloads\FDM\pedmbxm7.exe[5768] C:\Windows\syswow64\kernel32.dll!CreateProcessA 0000000075551072 5 bytes JMP 0000000173fa2911 .text D:\Downloads\FDM\pedmbxm7.exe[5768] C:\Windows\syswow64\kernel32.dll!LoadLibraryA 00000000755549bf 5 bytes JMP 0000000173fa2521 .text D:\Downloads\FDM\pedmbxm7.exe[5768] C:\Windows\syswow64\kernel32.dll!CreateProcessInternalW 0000000075563bdb 5 bytes JMP 0000000173fa2eb1 .text D:\Downloads\FDM\pedmbxm7.exe[5768] C:\Windows\syswow64\kernel32.dll!CreateToolhelp32Snapshot 0000000075577347 5 bytes JMP 0000000173fa2641 .text D:\Downloads\FDM\pedmbxm7.exe[5768] C:\Windows\syswow64\kernel32.dll!Process32NextW 0000000075578954 5 bytes JMP 0000000173fa5e81 .text D:\Downloads\FDM\pedmbxm7.exe[5768] C:\Windows\syswow64\kernel32.dll!WinExec 00000000755d2c91 5 bytes JMP 0000000173fa27f1 .text D:\Downloads\FDM\pedmbxm7.exe[5768] C:\Windows\syswow64\kernel32.dll!ReadConsoleInputA 00000000755f6f6b 5 bytes JMP 0000000173fa4261 .text D:\Downloads\FDM\pedmbxm7.exe[5768] C:\Windows\syswow64\kernel32.dll!ReadConsoleInputW 00000000755f6f8e 5 bytes JMP 0000000173fa4381 .text D:\Downloads\FDM\pedmbxm7.exe[5768] C:\Windows\syswow64\kernel32.dll!ReadConsoleA 00000000755f7339 5 bytes JMP 0000000173fa44a1 .text D:\Downloads\FDM\pedmbxm7.exe[5768] C:\Windows\syswow64\kernel32.dll!ReadConsoleW 00000000755f73b2 5 bytes JMP 0000000173fa45c1 .text D:\Downloads\FDM\pedmbxm7.exe[5768] C:\Windows\syswow64\KERNELBASE.dll!GetSystemTimeAsFileTime 0000000075bb8f7d 5 bytes JMP 0000000173fa19e1 .text D:\Downloads\FDM\pedmbxm7.exe[5768] C:\Windows\syswow64\KERNELBASE.dll!CloseHandle 0000000075bbc428 5 bytes JMP 0000000173fa37b1 .text D:\Downloads\FDM\pedmbxm7.exe[5768] C:\Windows\syswow64\KERNELBASE.dll!WriteProcessMemory 0000000075bbec98 5 bytes JMP 0000000173fa32a1 .text D:\Downloads\FDM\pedmbxm7.exe[5768] C:\Windows\syswow64\KERNELBASE.dll!ExitProcess 0000000075bbf1f8 5 bytes JMP 0000000173fa22e1 .text D:\Downloads\FDM\pedmbxm7.exe[5768] C:\Windows\syswow64\KERNELBASE.dll!GetStartupInfoW 0000000075bbfa7b 5 bytes JMP 0000000173fa1dd1 .text D:\Downloads\FDM\pedmbxm7.exe[5768] C:\Windows\syswow64\KERNELBASE.dll!CreateMutexW 0000000075bc134a 5 bytes JMP 0000000173fa3721 .text D:\Downloads\FDM\pedmbxm7.exe[5768] C:\Windows\syswow64\KERNELBASE.dll!OpenMutexW 0000000075bc1371 5 bytes JMP 0000000173fa3691 .text D:\Downloads\FDM\pedmbxm7.exe[5768] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000075bc1d1b 5 bytes JMP 0000000173fa1951 .text D:\Downloads\FDM\pedmbxm7.exe[5768] C:\Windows\syswow64\KERNELBASE.dll!GetProcAddress 0000000075bc1e07 5 bytes JMP 0000000173fa2401 .text D:\Downloads\FDM\pedmbxm7.exe[5768] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000075bc2aa4 5 bytes JMP 0000000173fa5a91 .text D:\Downloads\FDM\pedmbxm7.exe[5768] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExA 0000000075bc2ccc 5 bytes JMP 0000000173fa5a01 .text D:\Downloads\FDM\pedmbxm7.exe[5768] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000075bc2d0a 5 bytes JMP 0000000173fa5b21 .text D:\Downloads\FDM\pedmbxm7.exe[5768] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleA 0000000075bc2e6d 5 bytes JMP 0000000173fa18c1 .text D:\Downloads\FDM\pedmbxm7.exe[5768] C:\Windows\syswow64\KERNELBASE.dll!SleepEx 0000000075bc3b63 5 bytes JMP 0000000173fa21c1 .text D:\Downloads\FDM\pedmbxm7.exe[5768] C:\Windows\syswow64\KERNELBASE.dll!Sleep 0000000075bc4489 5 bytes JMP 0000000173fa2371 .text D:\Downloads\FDM\pedmbxm7.exe[5768] C:\Windows\syswow64\KERNELBASE.dll!CreateThread 0000000075bc45fb 5 bytes JMP 0000000173fa3211 .text D:\Downloads\FDM\pedmbxm7.exe[5768] C:\Windows\syswow64\KERNELBASE.dll!CreateRemoteThread 0000000075bc4624 5 bytes JMP 0000000173fa2b51 .text D:\Downloads\FDM\pedmbxm7.exe[5768] C:\Windows\syswow64\KERNELBASE.dll!CreateFileA 0000000075bcc72c 5 bytes JMP 0000000173fa26d1 .text D:\Downloads\FDM\pedmbxm7.exe[5768] C:\Windows\syswow64\ADVAPI32.dll!OpenServiceW 000000007604ca4c 5 bytes JMP 0000000173fa38d1 .text D:\Downloads\FDM\pedmbxm7.exe[5768] C:\Windows\syswow64\ADVAPI32.dll!OpenServiceA 0000000076052bf0 5 bytes JMP 0000000173fa3841 .text D:\Downloads\FDM\pedmbxm7.exe[5768] C:\Windows\syswow64\ADVAPI32.dll!CloseServiceHandle 000000007605369c 5 bytes JMP 0000000173fa3cc1 .text D:\Downloads\FDM\pedmbxm7.exe[5768] C:\Windows\syswow64\ADVAPI32.dll!RegOpenKeyExA + 222 00000000760549e5 5 bytes JMP 0000000173fa68a1 .text D:\Downloads\FDM\pedmbxm7.exe[5768] C:\Windows\syswow64\ADVAPI32.dll!CreateServiceW 000000007606712c 5 bytes JMP 0000000173fa3f01 .text D:\Downloads\FDM\pedmbxm7.exe[5768] C:\Windows\syswow64\ADVAPI32.dll!ControlService 0000000076067144 5 bytes JMP 0000000173fa3a81 .text D:\Downloads\FDM\pedmbxm7.exe[5768] C:\Windows\syswow64\ADVAPI32.dll!DeleteService 000000007606715c 5 bytes JMP 0000000173fa3b11 .text D:\Downloads\FDM\pedmbxm7.exe[5768] C:\Windows\syswow64\ADVAPI32.dll!ChangeServiceConfigA 00000000760830e8 5 bytes JMP 0000000173fa3ba1 .text D:\Downloads\FDM\pedmbxm7.exe[5768] C:\Windows\syswow64\ADVAPI32.dll!ChangeServiceConfigW 00000000760830f8 5 bytes JMP 0000000173fa3c31 .text D:\Downloads\FDM\pedmbxm7.exe[5768] C:\Windows\syswow64\ADVAPI32.dll!ControlServiceExA 0000000076083108 5 bytes JMP 0000000173fa3961 .text D:\Downloads\FDM\pedmbxm7.exe[5768] C:\Windows\syswow64\ADVAPI32.dll!ControlServiceExW 0000000076083118 5 bytes JMP 0000000173fa39f1 .text D:\Downloads\FDM\pedmbxm7.exe[5768] C:\Windows\syswow64\ADVAPI32.dll!CreateServiceA 0000000076083158 5 bytes JMP 0000000173fa3e71 .text D:\Downloads\FDM\pedmbxm7.exe[5768] C:\Windows\syswow64\msvcrt.dll!_lock + 41 000000007540a472 5 bytes JMP 0000000173fa6931 .text D:\Downloads\FDM\pedmbxm7.exe[5768] C:\Windows\syswow64\msvcrt.dll!__p__fmode 00000000754127ce 5 bytes JMP 0000000173fa1b91 .text D:\Downloads\FDM\pedmbxm7.exe[5768] C:\Windows\syswow64\msvcrt.dll!__p__environ 000000007541e6cf 5 bytes JMP 0000000173fa1b01 .text D:\Downloads\FDM\pedmbxm7.exe[5768] C:\Windows\syswow64\USER32.dll!GetMessageW 00000000758b78e2 5 bytes JMP 0000000173fa4021 .text D:\Downloads\FDM\pedmbxm7.exe[5768] C:\Windows\syswow64\USER32.dll!GetMessageA 00000000758b7bd3 5 bytes JMP 0000000173fa3f91 .text D:\Downloads\FDM\pedmbxm7.exe[5768] C:\Windows\syswow64\USER32.dll!CreateWindowExW 00000000758b8a29 5 bytes JMP 0000000173fa52b1 .text D:\Downloads\FDM\pedmbxm7.exe[5768] C:\Windows\syswow64\USER32.dll!FindWindowW 00000000758b98fd 5 bytes JMP 0000000173fa5cd1 .text D:\Downloads\FDM\pedmbxm7.exe[5768] C:\Windows\syswow64\USER32.dll!UserClientDllInitialize 00000000758bb6ed 5 bytes JMP 0000000173fa69c1 .text D:\Downloads\FDM\pedmbxm7.exe[5768] C:\Windows\syswow64\USER32.dll!CreateWindowExA 00000000758bd22e 5 bytes JMP 0000000173fa5341 .text D:\Downloads\FDM\pedmbxm7.exe[5768] C:\Windows\syswow64\USER32.dll!FindWindowA 00000000758bffe6 5 bytes JMP 0000000173fa5bb1 .text D:\Downloads\FDM\pedmbxm7.exe[5768] C:\Windows\syswow64\USER32.dll!FindWindowExA 00000000758c00d9 5 bytes JMP 0000000173fa5c41 .text D:\Downloads\FDM\pedmbxm7.exe[5768] C:\Windows\syswow64\USER32.dll!PeekMessageW 00000000758c05ba 5 bytes JMP 0000000173fa4141 .text D:\Downloads\FDM\pedmbxm7.exe[5768] C:\Windows\syswow64\USER32.dll!ShowWindow 00000000758c0dfb 5 bytes JMP 0000000173fa53d1 .text D:\Downloads\FDM\pedmbxm7.exe[5768] C:\Windows\syswow64\USER32.dll!PostMessageW 00000000758c12a5 5 bytes JMP 0000000173fa6541 .text D:\Downloads\FDM\pedmbxm7.exe[5768] C:\Windows\syswow64\USER32.dll!SetWindowTextW 00000000758c20ec 5 bytes JMP 0000000173fa5731 .text D:\Downloads\FDM\pedmbxm7.exe[5768] C:\Windows\syswow64\USER32.dll!PostMessageA 00000000758c3baa 5 bytes JMP 0000000173fa64b1 .text D:\Downloads\FDM\pedmbxm7.exe[5768] C:\Windows\syswow64\USER32.dll!PeekMessageA 00000000758c5f74 5 bytes JMP 0000000173fa40b1 .text D:\Downloads\FDM\pedmbxm7.exe[5768] C:\Windows\syswow64\USER32.dll!CallNextHookEx 00000000758c6285 5 bytes JMP 0000000173fa4771 .text D:\Downloads\FDM\pedmbxm7.exe[5768] C:\Windows\syswow64\USER32.dll!SetWindowsHookExW 00000000758c7603 5 bytes JMP 0000000173fa2ac1 .text D:\Downloads\FDM\pedmbxm7.exe[5768] C:\Windows\syswow64\USER32.dll!SetWindowTextA 00000000758c7aee 5 bytes JMP 0000000173fa56a1 .text D:\Downloads\FDM\pedmbxm7.exe[5768] C:\Windows\syswow64\USER32.dll!SetWindowsHookExA 00000000758c835c 5 bytes JMP 0000000173fa2a31 .text D:\Downloads\FDM\pedmbxm7.exe[5768] C:\Windows\syswow64\USER32.dll!DialogBoxIndirectParamAorW 00000000758dce54 5 bytes JMP 0000000173fa54f1 .text D:\Downloads\FDM\pedmbxm7.exe[5768] C:\Windows\syswow64\USER32.dll!UnhookWindowsHookEx 00000000758df52b 5 bytes JMP 0000000173fa4801 .text D:\Downloads\FDM\pedmbxm7.exe[5768] C:\Windows\syswow64\USER32.dll!FindWindowExW 00000000758df588 5 bytes JMP 0000000173fa5d61 .text D:\Downloads\FDM\pedmbxm7.exe[5768] C:\Windows\syswow64\USER32.dll!CreateDialogIndirectParamAorW 00000000758e10a0 5 bytes JMP 0000000173fa5461 .text D:\Downloads\FDM\pedmbxm7.exe[5768] C:\Windows\syswow64\USER32.dll!MessageBoxExA 000000007590fcd6 5 bytes JMP 0000000173fa5581 .text D:\Downloads\FDM\pedmbxm7.exe[5768] C:\Windows\syswow64\USER32.dll!MessageBoxExW 000000007590fcfa 5 bytes JMP 0000000173fa5611 ---- Threads - GMER 2.1 ---- Thread C:\Windows\Explorer.EXE [4968:2076] 000000001f2bc6a0 ---- Registry - GMER 2.1 ---- Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\0008ca3cc7cb Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\0008ca3cc7cb@98f537734f84 0xDB 0xB2 0x68 0xCC ... Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\0008ca3cc7cb@0021fc344d65 0x23 0xB7 0xAA 0x76 ... Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\0008ca3cc7cb@001979daa4a7 0xAC 0x23 0x3E 0xA4 ... Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\0008ca3cc7cb@6cf373bd1beb 0xDB 0xA4 0xBC 0x2D ... Reg HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Epoch@Epoch 52799 Reg HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Epoch2@Epoch 40216 Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\0008ca3cc7cb (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\0008ca3cc7cb@98f537734f84 0xDB 0xB2 0x68 0xCC ... Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\0008ca3cc7cb@0021fc344d65 0x23 0xB7 0xAA 0x76 ... Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\0008ca3cc7cb@001979daa4a7 0xAC 0x23 0x3E 0xA4 ... Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\0008ca3cc7cb@6cf373bd1beb 0xDB 0xA4 0xBC 0x2D ... ---- EOF - GMER 2.1 ----