GMER 2.1.19357 - http://www.gmer.net Rootkit scan 2014-09-20 18:33:31 Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\00000069 SAMSUNG_ rev.1AC0 232,89GB Running: sdgwxpdu.exe; Driver: C:\Users\OEM\AppData\Local\Temp\uxriqpow.sys ---- Kernel code sections - GMER 2.1 ---- INITKDBG C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 544 fffff800031f2000 45 bytes [43, 4D, 35, 33, 01, 00, 00, ...] INITKDBG C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 591 fffff800031f202f 16 bytes [00, 00, 00, 00, 00, 00, 00, ...] ---- User code sections - GMER 2.1 ---- .text C:\Windows\system32\svchost.exe[548] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateProcessParametersEx + 1 0000000076d192d1 5 bytes [B8, 39, 69, 1F, 75] .text C:\Windows\system32\svchost.exe[548] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateProcessParametersEx + 7 0000000076d192d7 5 bytes [00, 00, 00, 50, C3] .text C:\Windows\system32\svchost.exe[548] C:\Windows\SYSTEM32\ntdll.dll!NtWriteFile 0000000076d31330 6 bytes [48, B8, 79, EC, 1F, 75] .text C:\Windows\system32\svchost.exe[548] C:\Windows\SYSTEM32\ntdll.dll!NtWriteFile + 8 0000000076d31338 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\svchost.exe[548] C:\Windows\SYSTEM32\ntdll.dll!NtClose 0000000076d313a0 6 bytes [48, B8, B9, D5, 1F, 75] .text C:\Windows\system32\svchost.exe[548] C:\Windows\SYSTEM32\ntdll.dll!NtClose + 8 0000000076d313a8 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\svchost.exe[548] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess 0000000076d31470 6 bytes [48, B8, 79, C2, 1F, 75] .text C:\Windows\system32\svchost.exe[548] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess + 8 0000000076d31478 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\svchost.exe[548] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000076d31510 6 bytes [48, B8, F9, 32, 1F, 75] .text C:\Windows\system32\svchost.exe[548] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess + 8 0000000076d31518 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\svchost.exe[548] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 0000000076d31530 6 bytes [48, B8, 39, 1C, 1F, 75] .text C:\Windows\system32\svchost.exe[548] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection + 8 0000000076d31538 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\svchost.exe[548] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection 0000000076d31550 6 bytes [48, B8, F9, 1D, 1F, 75] .text C:\Windows\system32\svchost.exe[548] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection + 8 0000000076d31558 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\svchost.exe[548] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076d31570 6 bytes [48, B8, B9, C0, 1F, 75] .text C:\Windows\system32\svchost.exe[548] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess + 8 0000000076d31578 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\svchost.exe[548] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076d31620 6 bytes [48, B8, F9, E8, 1F, 75] .text C:\Windows\system32\svchost.exe[548] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection + 8 0000000076d31628 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\svchost.exe[548] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076d31650 6 bytes [48, B8, 79, 2F, 1F, 75] .text C:\Windows\system32\svchost.exe[548] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory + 8 0000000076d31658 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\svchost.exe[548] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000076d31670 6 bytes [48, B8, 79, 36, 1F, 75] .text C:\Windows\system32\svchost.exe[548] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject + 8 0000000076d31678 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\svchost.exe[548] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 0000000076d31700 6 bytes [48, B8, B9, 34, 1F, 75] .text C:\Windows\system32\svchost.exe[548] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread + 8 0000000076d31708 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\svchost.exe[548] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076d31750 6 bytes [48, B8, 39, EE, 1F, 75] .text C:\Windows\system32\svchost.exe[548] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection + 8 0000000076d31758 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\svchost.exe[548] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcessEx 0000000076d31780 6 bytes [48, B8, 39, 2A, 1F, 75] .text C:\Windows\system32\svchost.exe[548] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcessEx + 8 0000000076d31788 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\svchost.exe[548] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076d31790 6 bytes [48, B8, B9, 26, 1F, 75] .text C:\Windows\system32\svchost.exe[548] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread + 8 0000000076d31798 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\svchost.exe[548] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 0000000076d31800 6 bytes [48, B8, B9, EA, 1F, 75] .text C:\Windows\system32\svchost.exe[548] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile + 8 0000000076d31808 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\svchost.exe[548] C:\Windows\SYSTEM32\ntdll.dll!NtSetValueKey 0000000076d318b0 6 bytes [48, B8, B9, F1, 1F, 75] .text C:\Windows\system32\svchost.exe[548] C:\Windows\SYSTEM32\ntdll.dll!NtSetValueKey + 8 0000000076d318b8 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\svchost.exe[548] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076d31c80 6 bytes [48, B8, 39, E7, 1F, 75] .text C:\Windows\system32\svchost.exe[548] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant + 8 0000000076d31c88 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\svchost.exe[548] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcess 0000000076d31cd0 6 bytes [48, B8, 79, 28, 1F, 75] .text C:\Windows\system32\svchost.exe[548] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcess + 8 0000000076d31cd8 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\svchost.exe[548] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076d31d30 6 bytes [48, B8, F9, 24, 1F, 75] .text C:\Windows\system32\svchost.exe[548] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx + 8 0000000076d31d38 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\svchost.exe[548] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076d320a0 6 bytes [48, B8, 79, D7, 1F, 75] .text C:\Windows\system32\svchost.exe[548] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver + 8 0000000076d320a8 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\svchost.exe[548] C:\Windows\SYSTEM32\ntdll.dll!NtRaiseHardError 0000000076d325e0 6 bytes [48, B8, 79, 83, 1F, 75] .text C:\Windows\system32\svchost.exe[548] C:\Windows\SYSTEM32\ntdll.dll!NtRaiseHardError + 8 0000000076d325e8 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\svchost.exe[548] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076d327e0 6 bytes [48, B8, 39, 31, 1F, 75] .text C:\Windows\system32\svchost.exe[548] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread + 8 0000000076d327e8 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\svchost.exe[548] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000076d329a0 6 bytes [48, B8, 39, D9, 1F, 75] .text C:\Windows\system32\svchost.exe[548] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation + 8 0000000076d329a8 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\svchost.exe[548] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000076d32a80 6 bytes [48, B8, 79, 3D, 1F, 75] .text C:\Windows\system32\svchost.exe[548] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess + 8 0000000076d32a88 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\svchost.exe[548] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000076d32a90 6 bytes [48, B8, B9, 3B, 1F, 75] .text C:\Windows\system32\svchost.exe[548] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread + 8 0000000076d32a98 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\svchost.exe[548] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076d32aa0 6 bytes [48, B8, F9, EF, 1F, 75] .text C:\Windows\system32\svchost.exe[548] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl + 8 0000000076d32aa8 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\svchost.exe[548] C:\Windows\SYSTEM32\ntdll.dll!RtlReportException + 1 0000000076da3201 11 bytes [B8, 39, 85, 1F, 75, 00, 00, ...] .text C:\Windows\system32\svchost.exe[548] C:\Windows\system32\WS2_32.dll!WSASend + 1 000007fefe0013b1 11 bytes [B8, F9, BE, 1F, 75, 00, 00, ...] .text C:\Windows\system32\svchost.exe[548] C:\Windows\system32\WS2_32.dll!closesocket 000007fefe0018e0 12 bytes [48, B8, 39, BD, 1F, 75, 00, ...] .text C:\Windows\system32\svchost.exe[548] C:\Windows\system32\WS2_32.dll!WSASocketW + 1 000007fefe001bd1 11 bytes [B8, 79, BB, 1F, 75, 00, 00, ...] .text C:\Windows\system32\svchost.exe[548] C:\Windows\system32\WS2_32.dll!WSARecv + 1 000007fefe002201 11 bytes [B8, F9, E1, 1F, 75, 00, 00, ...] .text C:\Windows\system32\svchost.exe[548] C:\Windows\system32\WS2_32.dll!GetAddrInfoW 000007fefe0023c0 12 bytes [48, B8, 79, A6, 1F, 75, 00, ...] .text C:\Windows\system32\svchost.exe[548] C:\Windows\system32\WS2_32.dll!connect 000007fefe0045c0 12 bytes [48, B8, 79, 67, 1F, 75, 00, ...] .text C:\Windows\system32\svchost.exe[548] C:\Windows\system32\WS2_32.dll!send + 1 000007fefe008001 11 bytes [B8, B9, B9, 1F, 75, 00, 00, ...] .text C:\Windows\system32\svchost.exe[548] C:\Windows\system32\WS2_32.dll!gethostbyname 000007fefe008df0 7 bytes [48, B8, 39, A8, 1F, 75, 00] .text C:\Windows\system32\svchost.exe[548] C:\Windows\system32\WS2_32.dll!gethostbyname + 9 000007fefe008df9 3 bytes [00, 50, C3] .text C:\Windows\system32\svchost.exe[548] C:\Windows\system32\WS2_32.dll!socket + 1 000007fefe00de91 11 bytes [B8, F9, DA, 1F, 75, 00, 00, ...] .text C:\Windows\system32\svchost.exe[548] C:\Windows\system32\WS2_32.dll!recv + 1 000007fefe00df41 11 bytes [B8, 39, E0, 1F, 75, 00, 00, ...] .text C:\Windows\system32\svchost.exe[548] C:\Windows\system32\WS2_32.dll!WSAConnect + 1 000007fefe02e0f1 11 bytes [B8, 79, DE, 1F, 75, 00, 00, ...] .text C:\Windows\System32\svchost.exe[480] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateProcessParametersEx + 1 0000000076d192d1 5 bytes [B8, 39, 69, 1F, 75] .text C:\Windows\System32\svchost.exe[480] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateProcessParametersEx + 7 0000000076d192d7 5 bytes [00, 00, 00, 50, C3] .text C:\Windows\System32\svchost.exe[480] C:\Windows\SYSTEM32\ntdll.dll!NtWriteFile 0000000076d31330 6 bytes [48, B8, 79, EC, 1F, 75] .text C:\Windows\System32\svchost.exe[480] C:\Windows\SYSTEM32\ntdll.dll!NtWriteFile + 8 0000000076d31338 4 bytes [00, 00, 50, C3] .text C:\Windows\System32\svchost.exe[480] C:\Windows\SYSTEM32\ntdll.dll!NtClose 0000000076d313a0 6 bytes [48, B8, B9, D5, 1F, 75] .text C:\Windows\System32\svchost.exe[480] C:\Windows\SYSTEM32\ntdll.dll!NtClose + 8 0000000076d313a8 4 bytes [00, 00, 50, C3] .text C:\Windows\System32\svchost.exe[480] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess 0000000076d31470 6 bytes [48, B8, 79, C2, 1F, 75] .text C:\Windows\System32\svchost.exe[480] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess + 8 0000000076d31478 4 bytes [00, 00, 50, C3] .text C:\Windows\System32\svchost.exe[480] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000076d31510 6 bytes [48, B8, F9, 32, 1F, 75] .text C:\Windows\System32\svchost.exe[480] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess + 8 0000000076d31518 4 bytes [00, 00, 50, C3] .text C:\Windows\System32\svchost.exe[480] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 0000000076d31530 6 bytes [48, B8, 39, 1C, 1F, 75] .text C:\Windows\System32\svchost.exe[480] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection + 8 0000000076d31538 4 bytes [00, 00, 50, C3] .text C:\Windows\System32\svchost.exe[480] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection 0000000076d31550 6 bytes [48, B8, F9, 1D, 1F, 75] .text C:\Windows\System32\svchost.exe[480] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection + 8 0000000076d31558 4 bytes [00, 00, 50, C3] .text C:\Windows\System32\svchost.exe[480] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076d31570 6 bytes [48, B8, B9, C0, 1F, 75] .text C:\Windows\System32\svchost.exe[480] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess + 8 0000000076d31578 4 bytes [00, 00, 50, C3] .text C:\Windows\System32\svchost.exe[480] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076d31620 6 bytes [48, B8, F9, E8, 1F, 75] .text C:\Windows\System32\svchost.exe[480] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection + 8 0000000076d31628 4 bytes [00, 00, 50, C3] .text C:\Windows\System32\svchost.exe[480] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076d31650 6 bytes [48, B8, 79, 2F, 1F, 75] .text C:\Windows\System32\svchost.exe[480] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory + 8 0000000076d31658 4 bytes [00, 00, 50, C3] .text C:\Windows\System32\svchost.exe[480] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000076d31670 6 bytes [48, B8, 79, 36, 1F, 75] .text C:\Windows\System32\svchost.exe[480] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject + 8 0000000076d31678 4 bytes [00, 00, 50, C3] .text C:\Windows\System32\svchost.exe[480] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 0000000076d31700 6 bytes [48, B8, B9, 34, 1F, 75] .text C:\Windows\System32\svchost.exe[480] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread + 8 0000000076d31708 4 bytes [00, 00, 50, C3] .text C:\Windows\System32\svchost.exe[480] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076d31750 6 bytes [48, B8, 39, EE, 1F, 75] .text C:\Windows\System32\svchost.exe[480] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection + 8 0000000076d31758 4 bytes [00, 00, 50, C3] .text C:\Windows\System32\svchost.exe[480] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcessEx 0000000076d31780 6 bytes [48, B8, 39, 2A, 1F, 75] .text C:\Windows\System32\svchost.exe[480] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcessEx + 8 0000000076d31788 4 bytes [00, 00, 50, C3] .text C:\Windows\System32\svchost.exe[480] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076d31790 6 bytes [48, B8, B9, 26, 1F, 75] .text C:\Windows\System32\svchost.exe[480] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread + 8 0000000076d31798 4 bytes [00, 00, 50, C3] .text C:\Windows\System32\svchost.exe[480] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 0000000076d31800 6 bytes [48, B8, B9, EA, 1F, 75] .text C:\Windows\System32\svchost.exe[480] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile + 8 0000000076d31808 4 bytes [00, 00, 50, C3] .text C:\Windows\System32\svchost.exe[480] C:\Windows\SYSTEM32\ntdll.dll!NtSetValueKey 0000000076d318b0 6 bytes [48, B8, B9, F1, 1F, 75] .text C:\Windows\System32\svchost.exe[480] C:\Windows\SYSTEM32\ntdll.dll!NtSetValueKey + 8 0000000076d318b8 4 bytes [00, 00, 50, C3] .text C:\Windows\System32\svchost.exe[480] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076d31c80 6 bytes [48, B8, 39, E7, 1F, 75] .text C:\Windows\System32\svchost.exe[480] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant + 8 0000000076d31c88 4 bytes [00, 00, 50, C3] .text C:\Windows\System32\svchost.exe[480] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcess 0000000076d31cd0 6 bytes [48, B8, 79, 28, 1F, 75] .text C:\Windows\System32\svchost.exe[480] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcess + 8 0000000076d31cd8 4 bytes [00, 00, 50, C3] .text C:\Windows\System32\svchost.exe[480] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076d31d30 6 bytes [48, B8, F9, 24, 1F, 75] .text C:\Windows\System32\svchost.exe[480] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx + 8 0000000076d31d38 4 bytes [00, 00, 50, C3] .text C:\Windows\System32\svchost.exe[480] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076d320a0 6 bytes [48, B8, 79, D7, 1F, 75] .text C:\Windows\System32\svchost.exe[480] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver + 8 0000000076d320a8 4 bytes [00, 00, 50, C3] .text C:\Windows\System32\svchost.exe[480] C:\Windows\SYSTEM32\ntdll.dll!NtRaiseHardError 0000000076d325e0 6 bytes [48, B8, 79, 83, 1F, 75] .text C:\Windows\System32\svchost.exe[480] C:\Windows\SYSTEM32\ntdll.dll!NtRaiseHardError + 8 0000000076d325e8 4 bytes [00, 00, 50, C3] .text C:\Windows\System32\svchost.exe[480] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076d327e0 6 bytes [48, B8, 39, 31, 1F, 75] .text C:\Windows\System32\svchost.exe[480] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread + 8 0000000076d327e8 4 bytes [00, 00, 50, C3] .text C:\Windows\System32\svchost.exe[480] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000076d329a0 6 bytes [48, B8, 39, D9, 1F, 75] .text C:\Windows\System32\svchost.exe[480] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation + 8 0000000076d329a8 4 bytes [00, 00, 50, C3] .text C:\Windows\System32\svchost.exe[480] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000076d32a80 6 bytes [48, B8, 79, 3D, 1F, 75] .text C:\Windows\System32\svchost.exe[480] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess + 8 0000000076d32a88 4 bytes [00, 00, 50, C3] .text C:\Windows\System32\svchost.exe[480] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000076d32a90 6 bytes [48, B8, B9, 3B, 1F, 75] .text C:\Windows\System32\svchost.exe[480] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread + 8 0000000076d32a98 4 bytes [00, 00, 50, C3] .text C:\Windows\System32\svchost.exe[480] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076d32aa0 6 bytes [48, B8, F9, EF, 1F, 75] .text C:\Windows\System32\svchost.exe[480] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl + 8 0000000076d32aa8 4 bytes [00, 00, 50, C3] .text C:\Windows\System32\svchost.exe[480] C:\Windows\SYSTEM32\ntdll.dll!RtlReportException + 1 0000000076da3201 11 bytes [B8, 39, 85, 1F, 75, 00, 00, ...] .text C:\Windows\System32\svchost.exe[480] C:\Windows\system32\kernel32.dll!Process32NextW + 1 00000000769b20f1 11 bytes [B8, F9, D3, 1F, 75, 00, 00, ...] .text C:\Windows\System32\svchost.exe[480] C:\Windows\system32\kernel32.dll!CreateToolhelp32Snapshot 00000000769b21e0 12 bytes [48, B8, F9, 39, 1F, 75, 00, ...] .text C:\Windows\System32\svchost.exe[480] C:\Windows\system32\kernel32.dll!CreateProcessInternalW 00000000769ce750 12 bytes [48, B8, B9, 2D, 1F, 75, 00, ...] .text C:\Windows\System32\svchost.exe[480] C:\Windows\system32\kernel32.dll!GetStartupInfoA + 1 00000000769d1e31 11 bytes [B8, 79, E5, 1F, 75, 00, 00, ...] .text C:\Windows\System32\svchost.exe[480] C:\Windows\system32\kernel32.dll!ReadConsoleInputW + 1 0000000076a05011 11 bytes [B8, B9, 7A, 1F, 75, 00, 00, ...] .text C:\Windows\System32\svchost.exe[480] C:\Windows\system32\kernel32.dll!ReadConsoleInputA + 1 0000000076a05031 11 bytes [B8, 39, 77, 1F, 75, 00, 00, ...] .text C:\Windows\System32\svchost.exe[480] C:\Windows\system32\kernel32.dll!ReadConsoleW 0000000076a1a560 12 bytes [48, B8, B9, 81, 1F, 75, 00, ...] .text C:\Windows\System32\svchost.exe[480] C:\Windows\system32\kernel32.dll!ReadConsoleA 0000000076a1a670 12 bytes [48, B8, 39, 7E, 1F, 75, 00, ...] .text C:\Windows\System32\svchost.exe[480] C:\Windows\SYSTEM32\sechost.dll!ControlService + 1 000007fefd7f642d 11 bytes [B8, 39, 5B, 1F, 75, 00, 00, ...] .text C:\Windows\System32\svchost.exe[480] C:\Windows\SYSTEM32\sechost.dll!OpenServiceW 000007fefd7f6484 12 bytes [48, B8, F9, 55, 1F, 75, 00, ...] .text C:\Windows\System32\svchost.exe[480] C:\Windows\SYSTEM32\sechost.dll!CloseServiceHandle + 1 000007fefd7f6519 11 bytes [B8, 39, 62, 1F, 75, 00, 00, ...] .text C:\Windows\System32\svchost.exe[480] C:\Windows\SYSTEM32\sechost.dll!OpenServiceA 000007fefd7f6c34 12 bytes [48, B8, 39, 54, 1F, 75, 00, ...] .text C:\Windows\System32\svchost.exe[480] C:\Windows\SYSTEM32\sechost.dll!DeleteService + 1 000007fefd7f7ab5 11 bytes [B8, F9, 5C, 1F, 75, 00, 00, ...] .text C:\Windows\System32\svchost.exe[480] C:\Windows\SYSTEM32\sechost.dll!ControlServiceExA + 1 000007fefd7f8b01 11 bytes [B8, B9, 57, 1F, 75, 00, 00, ...] .text C:\Windows\System32\svchost.exe[480] C:\Windows\SYSTEM32\sechost.dll!ControlServiceExW + 1 000007fefd7f8c39 11 bytes [B8, 79, 59, 1F, 75, 00, 00, ...] .text C:\Windows\System32\svchost.exe[1100] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateProcessParametersEx + 1 0000000076d192d1 5 bytes [B8, 39, 69, 1F, 75] .text C:\Windows\System32\svchost.exe[1100] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateProcessParametersEx + 7 0000000076d192d7 5 bytes [00, 00, 00, 50, C3] .text C:\Windows\System32\svchost.exe[1100] C:\Windows\SYSTEM32\ntdll.dll!NtWriteFile 0000000076d31330 6 bytes [48, B8, 79, EC, 1F, 75] .text C:\Windows\System32\svchost.exe[1100] C:\Windows\SYSTEM32\ntdll.dll!NtWriteFile + 8 0000000076d31338 4 bytes [00, 00, 50, C3] .text C:\Windows\System32\svchost.exe[1100] C:\Windows\SYSTEM32\ntdll.dll!NtClose 0000000076d313a0 6 bytes [48, B8, B9, D5, 1F, 75] .text C:\Windows\System32\svchost.exe[1100] C:\Windows\SYSTEM32\ntdll.dll!NtClose + 8 0000000076d313a8 4 bytes [00, 00, 50, C3] .text C:\Windows\System32\svchost.exe[1100] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess 0000000076d31470 6 bytes [48, B8, 79, C2, 1F, 75] .text C:\Windows\System32\svchost.exe[1100] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess + 8 0000000076d31478 4 bytes [00, 00, 50, C3] .text C:\Windows\System32\svchost.exe[1100] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000076d31510 6 bytes [48, B8, F9, 32, 1F, 75] .text C:\Windows\System32\svchost.exe[1100] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess + 8 0000000076d31518 4 bytes [00, 00, 50, C3] .text C:\Windows\System32\svchost.exe[1100] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 0000000076d31530 6 bytes [48, B8, 39, 1C, 1F, 75] .text C:\Windows\System32\svchost.exe[1100] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection + 8 0000000076d31538 4 bytes [00, 00, 50, C3] .text C:\Windows\System32\svchost.exe[1100] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection 0000000076d31550 6 bytes [48, B8, F9, 1D, 1F, 75] .text C:\Windows\System32\svchost.exe[1100] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection + 8 0000000076d31558 4 bytes [00, 00, 50, C3] .text C:\Windows\System32\svchost.exe[1100] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076d31570 6 bytes [48, B8, B9, C0, 1F, 75] .text C:\Windows\System32\svchost.exe[1100] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess + 8 0000000076d31578 4 bytes [00, 00, 50, C3] .text C:\Windows\System32\svchost.exe[1100] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076d31620 6 bytes [48, B8, F9, E8, 1F, 75] .text C:\Windows\System32\svchost.exe[1100] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection + 8 0000000076d31628 4 bytes [00, 00, 50, C3] .text C:\Windows\System32\svchost.exe[1100] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076d31650 6 bytes [48, B8, 79, 2F, 1F, 75] .text C:\Windows\System32\svchost.exe[1100] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory + 8 0000000076d31658 4 bytes [00, 00, 50, C3] .text C:\Windows\System32\svchost.exe[1100] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000076d31670 6 bytes [48, B8, 79, 36, 1F, 75] .text C:\Windows\System32\svchost.exe[1100] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject + 8 0000000076d31678 4 bytes [00, 00, 50, C3] .text C:\Windows\System32\svchost.exe[1100] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 0000000076d31700 6 bytes [48, B8, B9, 34, 1F, 75] .text C:\Windows\System32\svchost.exe[1100] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread + 8 0000000076d31708 4 bytes [00, 00, 50, C3] .text C:\Windows\System32\svchost.exe[1100] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076d31750 6 bytes [48, B8, 39, EE, 1F, 75] .text C:\Windows\System32\svchost.exe[1100] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection + 8 0000000076d31758 4 bytes [00, 00, 50, C3] .text C:\Windows\System32\svchost.exe[1100] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcessEx 0000000076d31780 6 bytes [48, B8, 39, 2A, 1F, 75] .text C:\Windows\System32\svchost.exe[1100] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcessEx + 8 0000000076d31788 4 bytes [00, 00, 50, C3] .text C:\Windows\System32\svchost.exe[1100] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076d31790 6 bytes [48, B8, B9, 26, 1F, 75] .text C:\Windows\System32\svchost.exe[1100] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread + 8 0000000076d31798 4 bytes [00, 00, 50, C3] .text C:\Windows\System32\svchost.exe[1100] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 0000000076d31800 6 bytes [48, B8, B9, EA, 1F, 75] .text C:\Windows\System32\svchost.exe[1100] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile + 8 0000000076d31808 4 bytes [00, 00, 50, C3] .text C:\Windows\System32\svchost.exe[1100] C:\Windows\SYSTEM32\ntdll.dll!NtSetValueKey 0000000076d318b0 6 bytes [48, B8, B9, F1, 1F, 75] .text C:\Windows\System32\svchost.exe[1100] C:\Windows\SYSTEM32\ntdll.dll!NtSetValueKey + 8 0000000076d318b8 4 bytes [00, 00, 50, C3] .text C:\Windows\System32\svchost.exe[1100] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076d31c80 6 bytes [48, B8, 39, E7, 1F, 75] .text C:\Windows\System32\svchost.exe[1100] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant + 8 0000000076d31c88 4 bytes [00, 00, 50, C3] .text C:\Windows\System32\svchost.exe[1100] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcess 0000000076d31cd0 6 bytes [48, B8, 79, 28, 1F, 75] .text C:\Windows\System32\svchost.exe[1100] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcess + 8 0000000076d31cd8 4 bytes [00, 00, 50, C3] .text C:\Windows\System32\svchost.exe[1100] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076d31d30 6 bytes [48, B8, F9, 24, 1F, 75] .text C:\Windows\System32\svchost.exe[1100] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx + 8 0000000076d31d38 4 bytes [00, 00, 50, C3] .text C:\Windows\System32\svchost.exe[1100] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076d320a0 6 bytes [48, B8, 79, D7, 1F, 75] .text C:\Windows\System32\svchost.exe[1100] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver + 8 0000000076d320a8 4 bytes [00, 00, 50, C3] .text C:\Windows\System32\svchost.exe[1100] C:\Windows\SYSTEM32\ntdll.dll!NtRaiseHardError 0000000076d325e0 6 bytes [48, B8, 79, 83, 1F, 75] .text C:\Windows\System32\svchost.exe[1100] C:\Windows\SYSTEM32\ntdll.dll!NtRaiseHardError + 8 0000000076d325e8 4 bytes [00, 00, 50, C3] .text C:\Windows\System32\svchost.exe[1100] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076d327e0 6 bytes [48, B8, 39, 31, 1F, 75] .text C:\Windows\System32\svchost.exe[1100] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread + 8 0000000076d327e8 4 bytes [00, 00, 50, C3] .text C:\Windows\System32\svchost.exe[1100] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000076d329a0 6 bytes [48, B8, 39, D9, 1F, 75] .text C:\Windows\System32\svchost.exe[1100] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation + 8 0000000076d329a8 4 bytes [00, 00, 50, C3] .text C:\Windows\System32\svchost.exe[1100] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000076d32a80 6 bytes [48, B8, 79, 3D, 1F, 75] .text C:\Windows\System32\svchost.exe[1100] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess + 8 0000000076d32a88 4 bytes [00, 00, 50, C3] .text C:\Windows\System32\svchost.exe[1100] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000076d32a90 6 bytes [48, B8, B9, 3B, 1F, 75] .text C:\Windows\System32\svchost.exe[1100] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread + 8 0000000076d32a98 4 bytes [00, 00, 50, C3] .text C:\Windows\System32\svchost.exe[1100] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076d32aa0 6 bytes [48, B8, F9, EF, 1F, 75] .text C:\Windows\System32\svchost.exe[1100] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl + 8 0000000076d32aa8 4 bytes [00, 00, 50, C3] .text C:\Windows\System32\svchost.exe[1100] C:\Windows\SYSTEM32\ntdll.dll!RtlReportException + 1 0000000076da3201 11 bytes [B8, 39, 85, 1F, 75, 00, 00, ...] .text C:\Windows\System32\svchost.exe[1100] C:\Windows\system32\kernel32.dll!Process32NextW + 1 00000000769b20f1 11 bytes [B8, F9, D3, 1F, 75, 00, 00, ...] .text C:\Windows\System32\svchost.exe[1100] C:\Windows\system32\kernel32.dll!CreateToolhelp32Snapshot 00000000769b21e0 12 bytes [48, B8, F9, 39, 1F, 75, 00, ...] .text C:\Windows\System32\svchost.exe[1100] C:\Windows\system32\kernel32.dll!CreateProcessInternalW 00000000769ce750 12 bytes [48, B8, B9, 2D, 1F, 75, 00, ...] .text C:\Windows\System32\svchost.exe[1100] C:\Windows\system32\kernel32.dll!GetStartupInfoA + 1 00000000769d1e31 11 bytes [B8, 79, E5, 1F, 75, 00, 00, ...] .text C:\Windows\System32\svchost.exe[1100] C:\Windows\system32\kernel32.dll!ReadConsoleInputW + 1 0000000076a05011 11 bytes [B8, B9, 7A, 1F, 75, 00, 00, ...] .text C:\Windows\System32\svchost.exe[1100] C:\Windows\system32\kernel32.dll!ReadConsoleInputA + 1 0000000076a05031 11 bytes [B8, 39, 77, 1F, 75, 00, 00, ...] .text C:\Windows\System32\svchost.exe[1100] C:\Windows\system32\kernel32.dll!ReadConsoleW 0000000076a1a560 12 bytes [48, B8, B9, 81, 1F, 75, 00, ...] .text C:\Windows\System32\svchost.exe[1100] C:\Windows\system32\kernel32.dll!ReadConsoleA 0000000076a1a670 12 bytes [48, B8, 39, 7E, 1F, 75, 00, ...] .text C:\Windows\System32\svchost.exe[1100] C:\Windows\system32\KERNELBASE.dll!CloseHandle + 1 000007fefd251861 11 bytes [B8, 79, 52, 1F, 75, 00, 00, ...] .text C:\Windows\System32\svchost.exe[1100] C:\Windows\system32\KERNELBASE.dll!GetProcAddress + 1 000007fefd2530f1 11 bytes [B8, 79, C9, 1F, 75, 00, 00, ...] .text C:\Windows\System32\svchost.exe[1100] C:\Windows\system32\KERNELBASE.dll!CreateMutexW 000007fefd258b80 12 bytes [48, B8, B9, 50, 1F, 75, 00, ...] .text C:\Windows\System32\svchost.exe[1100] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd259940 12 bytes [48, B8, F9, C5, 1F, 75, 00, ...] .text C:\Windows\System32\svchost.exe[1100] C:\Windows\system32\KERNELBASE.dll!FreeLibrary + 1 000007fefd259fb1 11 bytes [B8, B9, C7, 1F, 75, 00, 00, ...] .text C:\Windows\System32\svchost.exe[1100] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExA + 1 000007fefd25bbb1 11 bytes [B8, 39, C4, 1F, 75, 00, 00, ...] .text C:\Windows\System32\svchost.exe[1100] C:\Windows\system32\KERNELBASE.dll!OpenMutexW + 1 000007fefd2629c1 11 bytes [B8, F9, 4E, 1F, 75, 00, 00, ...] .text C:\Windows\System32\svchost.exe[1100] C:\Windows\system32\KERNELBASE.dll!WriteProcessMemory 000007fefd284320 12 bytes [48, B8, B9, 42, 1F, 75, 00, ...] .text C:\Windows\System32\svchost.exe[1100] C:\Windows\system32\KERNELBASE.dll!CreateRemoteThread + 1 000007fefd292841 8 bytes [B8, 39, 23, 1F, 75, 00, 00, ...] .text C:\Windows\System32\svchost.exe[1100] C:\Windows\system32\KERNELBASE.dll!CreateRemoteThread + 10 000007fefd29284a 2 bytes [50, C3] .text C:\Windows\System32\svchost.exe[1100] C:\Windows\system32\KERNELBASE.dll!CreateThread + 1 000007fefd292881 11 bytes [B8, F9, 40, 1F, 75, 00, 00, ...] .text C:\Windows\System32\svchost.exe[1100] C:\Windows\SYSTEM32\sechost.dll!ControlService + 1 000007fefd7f642d 11 bytes [B8, 39, 5B, 1F, 75, 00, 00, ...] .text C:\Windows\System32\svchost.exe[1100] C:\Windows\SYSTEM32\sechost.dll!OpenServiceW 000007fefd7f6484 12 bytes [48, B8, F9, 55, 1F, 75, 00, ...] .text C:\Windows\System32\svchost.exe[1100] C:\Windows\SYSTEM32\sechost.dll!CloseServiceHandle + 1 000007fefd7f6519 11 bytes [B8, 39, 62, 1F, 75, 00, 00, ...] .text C:\Windows\System32\svchost.exe[1100] C:\Windows\SYSTEM32\sechost.dll!OpenServiceA 000007fefd7f6c34 12 bytes [48, B8, 39, 54, 1F, 75, 00, ...] .text C:\Windows\System32\svchost.exe[1100] C:\Windows\SYSTEM32\sechost.dll!DeleteService + 1 000007fefd7f7ab5 11 bytes [B8, F9, 5C, 1F, 75, 00, 00, ...] .text C:\Windows\System32\svchost.exe[1100] C:\Windows\SYSTEM32\sechost.dll!ControlServiceExA + 1 000007fefd7f8b01 11 bytes [B8, B9, 57, 1F, 75, 00, 00, ...] .text C:\Windows\System32\svchost.exe[1100] C:\Windows\SYSTEM32\sechost.dll!ControlServiceExW + 1 000007fefd7f8c39 11 bytes [B8, 79, 59, 1F, 75, 00, 00, ...] .text C:\Windows\system32\svchost.exe[1140] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateProcessParametersEx + 1 0000000076d192d1 5 bytes [B8, 39, 69, 1F, 75] .text C:\Windows\system32\svchost.exe[1140] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateProcessParametersEx + 7 0000000076d192d7 5 bytes [00, 00, 00, 50, C3] .text C:\Windows\system32\svchost.exe[1140] C:\Windows\SYSTEM32\ntdll.dll!NtWriteFile 0000000076d31330 6 bytes [48, B8, 79, EC, 1F, 75] .text C:\Windows\system32\svchost.exe[1140] C:\Windows\SYSTEM32\ntdll.dll!NtWriteFile + 8 0000000076d31338 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\svchost.exe[1140] C:\Windows\SYSTEM32\ntdll.dll!NtClose 0000000076d313a0 6 bytes [48, B8, B9, D5, 1F, 75] .text C:\Windows\system32\svchost.exe[1140] C:\Windows\SYSTEM32\ntdll.dll!NtClose + 8 0000000076d313a8 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\svchost.exe[1140] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess 0000000076d31470 6 bytes [48, B8, 79, C2, 1F, 75] .text C:\Windows\system32\svchost.exe[1140] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess + 8 0000000076d31478 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\svchost.exe[1140] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000076d31510 6 bytes [48, B8, F9, 32, 1F, 75] .text C:\Windows\system32\svchost.exe[1140] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess + 8 0000000076d31518 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\svchost.exe[1140] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 0000000076d31530 6 bytes [48, B8, 39, 1C, 1F, 75] .text C:\Windows\system32\svchost.exe[1140] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection + 8 0000000076d31538 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\svchost.exe[1140] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection 0000000076d31550 6 bytes [48, B8, F9, 1D, 1F, 75] .text C:\Windows\system32\svchost.exe[1140] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection + 8 0000000076d31558 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\svchost.exe[1140] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076d31570 6 bytes [48, B8, B9, C0, 1F, 75] .text C:\Windows\system32\svchost.exe[1140] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess + 8 0000000076d31578 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\svchost.exe[1140] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076d31620 6 bytes [48, B8, F9, E8, 1F, 75] .text C:\Windows\system32\svchost.exe[1140] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection + 8 0000000076d31628 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\svchost.exe[1140] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076d31650 6 bytes [48, B8, 79, 2F, 1F, 75] .text C:\Windows\system32\svchost.exe[1140] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory + 8 0000000076d31658 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\svchost.exe[1140] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000076d31670 6 bytes [48, B8, 79, 36, 1F, 75] .text C:\Windows\system32\svchost.exe[1140] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject + 8 0000000076d31678 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\svchost.exe[1140] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 0000000076d31700 6 bytes [48, B8, B9, 34, 1F, 75] .text C:\Windows\system32\svchost.exe[1140] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread + 8 0000000076d31708 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\svchost.exe[1140] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076d31750 6 bytes [48, B8, 39, EE, 1F, 75] .text C:\Windows\system32\svchost.exe[1140] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection + 8 0000000076d31758 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\svchost.exe[1140] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcessEx 0000000076d31780 6 bytes [48, B8, 39, 2A, 1F, 75] .text C:\Windows\system32\svchost.exe[1140] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcessEx + 8 0000000076d31788 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\svchost.exe[1140] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076d31790 6 bytes [48, B8, B9, 26, 1F, 75] .text C:\Windows\system32\svchost.exe[1140] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread + 8 0000000076d31798 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\svchost.exe[1140] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 0000000076d31800 6 bytes [48, B8, B9, EA, 1F, 75] .text C:\Windows\system32\svchost.exe[1140] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile + 8 0000000076d31808 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\svchost.exe[1140] C:\Windows\SYSTEM32\ntdll.dll!NtSetValueKey 0000000076d318b0 6 bytes [48, B8, B9, F1, 1F, 75] .text C:\Windows\system32\svchost.exe[1140] C:\Windows\SYSTEM32\ntdll.dll!NtSetValueKey + 8 0000000076d318b8 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\svchost.exe[1140] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076d31c80 6 bytes [48, B8, 39, E7, 1F, 75] .text C:\Windows\system32\svchost.exe[1140] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant + 8 0000000076d31c88 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\svchost.exe[1140] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcess 0000000076d31cd0 6 bytes [48, B8, 79, 28, 1F, 75] .text C:\Windows\system32\svchost.exe[1140] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcess + 8 0000000076d31cd8 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\svchost.exe[1140] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076d31d30 6 bytes [48, B8, F9, 24, 1F, 75] .text C:\Windows\system32\svchost.exe[1140] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx + 8 0000000076d31d38 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\svchost.exe[1140] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076d320a0 6 bytes [48, B8, 79, D7, 1F, 75] .text C:\Windows\system32\svchost.exe[1140] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver + 8 0000000076d320a8 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\svchost.exe[1140] C:\Windows\SYSTEM32\ntdll.dll!NtRaiseHardError 0000000076d325e0 6 bytes [48, B8, 79, 83, 1F, 75] .text C:\Windows\system32\svchost.exe[1140] C:\Windows\SYSTEM32\ntdll.dll!NtRaiseHardError + 8 0000000076d325e8 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\svchost.exe[1140] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076d327e0 6 bytes [48, B8, 39, 31, 1F, 75] .text C:\Windows\system32\svchost.exe[1140] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread + 8 0000000076d327e8 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\svchost.exe[1140] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000076d329a0 6 bytes [48, B8, 39, D9, 1F, 75] .text C:\Windows\system32\svchost.exe[1140] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation + 8 0000000076d329a8 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\svchost.exe[1140] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000076d32a80 6 bytes [48, B8, 79, 3D, 1F, 75] .text C:\Windows\system32\svchost.exe[1140] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess + 8 0000000076d32a88 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\svchost.exe[1140] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000076d32a90 6 bytes [48, B8, B9, 3B, 1F, 75] .text C:\Windows\system32\svchost.exe[1140] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread + 8 0000000076d32a98 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\svchost.exe[1140] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076d32aa0 6 bytes [48, B8, F9, EF, 1F, 75] .text C:\Windows\system32\svchost.exe[1140] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl + 8 0000000076d32aa8 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\svchost.exe[1140] C:\Windows\SYSTEM32\ntdll.dll!RtlReportException + 1 0000000076da3201 11 bytes [B8, 39, 85, 1F, 75, 00, 00, ...] .text C:\Windows\system32\svchost.exe[1140] C:\Windows\system32\kernel32.dll!Process32NextW + 1 00000000769b20f1 11 bytes [B8, F9, D3, 1F, 75, 00, 00, ...] .text C:\Windows\system32\svchost.exe[1140] C:\Windows\system32\kernel32.dll!CreateToolhelp32Snapshot 00000000769b21e0 12 bytes [48, B8, F9, 39, 1F, 75, 00, ...] .text C:\Windows\system32\svchost.exe[1140] C:\Windows\system32\kernel32.dll!CreateProcessInternalW 00000000769ce750 12 bytes [48, B8, B9, 2D, 1F, 75, 00, ...] .text C:\Windows\system32\svchost.exe[1140] C:\Windows\system32\kernel32.dll!GetStartupInfoA + 1 00000000769d1e31 11 bytes [B8, 79, E5, 1F, 75, 00, 00, ...] .text C:\Windows\system32\svchost.exe[1140] C:\Windows\system32\kernel32.dll!ReadConsoleInputW + 1 0000000076a05011 11 bytes [B8, B9, 7A, 1F, 75, 00, 00, ...] .text C:\Windows\system32\svchost.exe[1140] C:\Windows\system32\kernel32.dll!ReadConsoleInputA + 1 0000000076a05031 11 bytes [B8, 39, 77, 1F, 75, 00, 00, ...] .text C:\Windows\system32\svchost.exe[1140] C:\Windows\system32\kernel32.dll!ReadConsoleW 0000000076a1a560 12 bytes [48, B8, B9, 81, 1F, 75, 00, ...] .text C:\Windows\system32\svchost.exe[1140] C:\Windows\system32\kernel32.dll!ReadConsoleA 0000000076a1a670 12 bytes [48, B8, 39, 7E, 1F, 75, 00, ...] .text C:\Windows\system32\svchost.exe[1140] C:\Windows\system32\KERNELBASE.dll!CloseHandle + 1 000007fefd251861 11 bytes [B8, 79, 52, 1F, 75, 00, 00, ...] .text C:\Windows\system32\svchost.exe[1140] C:\Windows\system32\KERNELBASE.dll!GetProcAddress + 1 000007fefd2530f1 11 bytes [B8, 79, C9, 1F, 75, 00, 00, ...] .text C:\Windows\system32\svchost.exe[1140] C:\Windows\system32\KERNELBASE.dll!CreateMutexW 000007fefd258b80 12 bytes [48, B8, B9, 50, 1F, 75, 00, ...] .text C:\Windows\system32\svchost.exe[1140] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd259940 12 bytes [48, B8, F9, C5, 1F, 75, 00, ...] .text C:\Windows\system32\svchost.exe[1140] C:\Windows\system32\KERNELBASE.dll!FreeLibrary + 1 000007fefd259fb1 11 bytes [B8, B9, C7, 1F, 75, 00, 00, ...] .text C:\Windows\system32\svchost.exe[1140] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExA + 1 000007fefd25bbb1 11 bytes [B8, 39, C4, 1F, 75, 00, 00, ...] .text C:\Windows\system32\svchost.exe[1140] C:\Windows\system32\KERNELBASE.dll!OpenMutexW + 1 000007fefd2629c1 11 bytes [B8, F9, 4E, 1F, 75, 00, 00, ...] .text C:\Windows\system32\svchost.exe[1140] C:\Windows\system32\KERNELBASE.dll!WriteProcessMemory 000007fefd284320 12 bytes [48, B8, B9, 42, 1F, 75, 00, ...] .text C:\Windows\system32\svchost.exe[1140] C:\Windows\system32\KERNELBASE.dll!CreateRemoteThread + 1 000007fefd292841 8 bytes [B8, 39, 23, 1F, 75, 00, 00, ...] .text C:\Windows\system32\svchost.exe[1140] C:\Windows\system32\KERNELBASE.dll!CreateRemoteThread + 10 000007fefd29284a 2 bytes [50, C3] .text C:\Windows\system32\svchost.exe[1140] C:\Windows\system32\KERNELBASE.dll!CreateThread + 1 000007fefd292881 11 bytes [B8, F9, 40, 1F, 75, 00, 00, ...] .text C:\Windows\system32\svchost.exe[1140] C:\Windows\SYSTEM32\sechost.dll!ControlService + 1 000007fefd7f642d 11 bytes [B8, 39, 5B, 1F, 75, 00, 00, ...] .text C:\Windows\system32\svchost.exe[1140] C:\Windows\SYSTEM32\sechost.dll!OpenServiceW 000007fefd7f6484 12 bytes [48, B8, F9, 55, 1F, 75, 00, ...] .text C:\Windows\system32\svchost.exe[1140] C:\Windows\SYSTEM32\sechost.dll!CloseServiceHandle + 1 000007fefd7f6519 11 bytes [B8, 39, 62, 1F, 75, 00, 00, ...] .text C:\Windows\system32\svchost.exe[1140] C:\Windows\SYSTEM32\sechost.dll!OpenServiceA 000007fefd7f6c34 12 bytes [48, B8, 39, 54, 1F, 75, 00, ...] .text C:\Windows\system32\svchost.exe[1140] C:\Windows\SYSTEM32\sechost.dll!DeleteService + 1 000007fefd7f7ab5 11 bytes [B8, F9, 5C, 1F, 75, 00, 00, ...] .text C:\Windows\system32\svchost.exe[1140] C:\Windows\SYSTEM32\sechost.dll!ControlServiceExA + 1 000007fefd7f8b01 11 bytes [B8, B9, 57, 1F, 75, 00, 00, ...] .text C:\Windows\system32\svchost.exe[1140] C:\Windows\SYSTEM32\sechost.dll!ControlServiceExW + 1 000007fefd7f8c39 11 bytes [B8, 79, 59, 1F, 75, 00, 00, ...] .text C:\Windows\system32\svchost.exe[1140] C:\Windows\system32\WS2_32.dll!WSASend + 1 000007fefe0013b1 11 bytes [B8, F9, BE, 1F, 75, 00, 00, ...] .text C:\Windows\system32\svchost.exe[1140] C:\Windows\system32\WS2_32.dll!closesocket 000007fefe0018e0 12 bytes [48, B8, 39, BD, 1F, 75, 00, ...] .text C:\Windows\system32\svchost.exe[1140] C:\Windows\system32\WS2_32.dll!WSASocketW + 1 000007fefe001bd1 11 bytes [B8, 79, BB, 1F, 75, 00, 00, ...] .text C:\Windows\system32\svchost.exe[1140] C:\Windows\system32\WS2_32.dll!WSARecv + 1 000007fefe002201 11 bytes [B8, F9, E1, 1F, 75, 00, 00, ...] .text C:\Windows\system32\svchost.exe[1140] C:\Windows\system32\WS2_32.dll!GetAddrInfoW 000007fefe0023c0 12 bytes [48, B8, 79, A6, 1F, 75, 00, ...] .text C:\Windows\system32\svchost.exe[1140] C:\Windows\system32\WS2_32.dll!connect 000007fefe0045c0 12 bytes [48, B8, 79, 67, 1F, 75, 00, ...] .text C:\Windows\system32\svchost.exe[1140] C:\Windows\system32\WS2_32.dll!send + 1 000007fefe008001 11 bytes [B8, B9, B9, 1F, 75, 00, 00, ...] .text C:\Windows\system32\svchost.exe[1140] C:\Windows\system32\WS2_32.dll!gethostbyname 000007fefe008df0 7 bytes [48, B8, 39, A8, 1F, 75, 00] .text C:\Windows\system32\svchost.exe[1140] C:\Windows\system32\WS2_32.dll!gethostbyname + 9 000007fefe008df9 3 bytes [00, 50, C3] .text C:\Windows\system32\svchost.exe[1140] C:\Windows\system32\WS2_32.dll!socket + 1 000007fefe00de91 11 bytes [B8, F9, DA, 1F, 75, 00, 00, ...] .text C:\Windows\system32\svchost.exe[1140] C:\Windows\system32\WS2_32.dll!recv + 1 000007fefe00df41 11 bytes [B8, 39, E0, 1F, 75, 00, 00, ...] .text C:\Windows\system32\svchost.exe[1140] C:\Windows\system32\WS2_32.dll!WSAConnect + 1 000007fefe02e0f1 11 bytes [B8, 79, DE, 1F, 75, 00, 00, ...] .text C:\Windows\system32\svchost.exe[1308] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateProcessParametersEx + 1 0000000076d192d1 5 bytes [B8, 39, 69, 1F, 75] .text C:\Windows\system32\svchost.exe[1308] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateProcessParametersEx + 7 0000000076d192d7 5 bytes [00, 00, 00, 50, C3] .text C:\Windows\system32\svchost.exe[1308] C:\Windows\SYSTEM32\ntdll.dll!NtWriteFile 0000000076d31330 6 bytes [48, B8, 79, EC, 1F, 75] .text C:\Windows\system32\svchost.exe[1308] C:\Windows\SYSTEM32\ntdll.dll!NtWriteFile + 8 0000000076d31338 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\svchost.exe[1308] C:\Windows\SYSTEM32\ntdll.dll!NtClose 0000000076d313a0 6 bytes [48, B8, B9, D5, 1F, 75] .text C:\Windows\system32\svchost.exe[1308] C:\Windows\SYSTEM32\ntdll.dll!NtClose + 8 0000000076d313a8 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\svchost.exe[1308] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess 0000000076d31470 6 bytes [48, B8, 79, C2, 1F, 75] .text C:\Windows\system32\svchost.exe[1308] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess + 8 0000000076d31478 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\svchost.exe[1308] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000076d31510 6 bytes [48, B8, F9, 32, 1F, 75] .text C:\Windows\system32\svchost.exe[1308] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess + 8 0000000076d31518 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\svchost.exe[1308] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 0000000076d31530 6 bytes [48, B8, 39, 1C, 1F, 75] .text C:\Windows\system32\svchost.exe[1308] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection + 8 0000000076d31538 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\svchost.exe[1308] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection 0000000076d31550 6 bytes [48, B8, F9, 1D, 1F, 75] .text C:\Windows\system32\svchost.exe[1308] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection + 8 0000000076d31558 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\svchost.exe[1308] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076d31570 6 bytes [48, B8, B9, C0, 1F, 75] .text C:\Windows\system32\svchost.exe[1308] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess + 8 0000000076d31578 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\svchost.exe[1308] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076d31620 6 bytes [48, B8, F9, E8, 1F, 75] .text C:\Windows\system32\svchost.exe[1308] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection + 8 0000000076d31628 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\svchost.exe[1308] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076d31650 6 bytes [48, B8, 79, 2F, 1F, 75] .text C:\Windows\system32\svchost.exe[1308] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory + 8 0000000076d31658 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\svchost.exe[1308] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000076d31670 6 bytes [48, B8, 79, 36, 1F, 75] .text C:\Windows\system32\svchost.exe[1308] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject + 8 0000000076d31678 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\svchost.exe[1308] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 0000000076d31700 6 bytes [48, B8, B9, 34, 1F, 75] .text C:\Windows\system32\svchost.exe[1308] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread + 8 0000000076d31708 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\svchost.exe[1308] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076d31750 6 bytes [48, B8, 39, EE, 1F, 75] .text C:\Windows\system32\svchost.exe[1308] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection + 8 0000000076d31758 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\svchost.exe[1308] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcessEx 0000000076d31780 6 bytes [48, B8, 39, 2A, 1F, 75] .text C:\Windows\system32\svchost.exe[1308] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcessEx + 8 0000000076d31788 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\svchost.exe[1308] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076d31790 6 bytes [48, B8, B9, 26, 1F, 75] .text C:\Windows\system32\svchost.exe[1308] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread + 8 0000000076d31798 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\svchost.exe[1308] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 0000000076d31800 6 bytes [48, B8, B9, EA, 1F, 75] .text C:\Windows\system32\svchost.exe[1308] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile + 8 0000000076d31808 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\svchost.exe[1308] C:\Windows\SYSTEM32\ntdll.dll!NtSetValueKey 0000000076d318b0 6 bytes [48, B8, B9, F1, 1F, 75] .text C:\Windows\system32\svchost.exe[1308] C:\Windows\SYSTEM32\ntdll.dll!NtSetValueKey + 8 0000000076d318b8 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\svchost.exe[1308] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076d31c80 6 bytes [48, B8, 39, E7, 1F, 75] .text C:\Windows\system32\svchost.exe[1308] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant + 8 0000000076d31c88 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\svchost.exe[1308] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcess 0000000076d31cd0 6 bytes [48, B8, 79, 28, 1F, 75] .text C:\Windows\system32\svchost.exe[1308] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcess + 8 0000000076d31cd8 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\svchost.exe[1308] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076d31d30 6 bytes [48, B8, F9, 24, 1F, 75] .text C:\Windows\system32\svchost.exe[1308] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx + 8 0000000076d31d38 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\svchost.exe[1308] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076d320a0 6 bytes [48, B8, 79, D7, 1F, 75] .text C:\Windows\system32\svchost.exe[1308] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver + 8 0000000076d320a8 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\svchost.exe[1308] C:\Windows\SYSTEM32\ntdll.dll!NtRaiseHardError 0000000076d325e0 6 bytes [48, B8, 79, 83, 1F, 75] .text C:\Windows\system32\svchost.exe[1308] C:\Windows\SYSTEM32\ntdll.dll!NtRaiseHardError + 8 0000000076d325e8 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\svchost.exe[1308] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076d327e0 6 bytes [48, B8, 39, 31, 1F, 75] .text C:\Windows\system32\svchost.exe[1308] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread + 8 0000000076d327e8 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\svchost.exe[1308] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000076d329a0 6 bytes [48, B8, 39, D9, 1F, 75] .text C:\Windows\system32\svchost.exe[1308] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation + 8 0000000076d329a8 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\svchost.exe[1308] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000076d32a80 6 bytes [48, B8, 79, 3D, 1F, 75] .text C:\Windows\system32\svchost.exe[1308] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess + 8 0000000076d32a88 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\svchost.exe[1308] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000076d32a90 6 bytes [48, B8, B9, 3B, 1F, 75] .text C:\Windows\system32\svchost.exe[1308] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread + 8 0000000076d32a98 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\svchost.exe[1308] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076d32aa0 6 bytes [48, B8, F9, EF, 1F, 75] .text C:\Windows\system32\svchost.exe[1308] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl + 8 0000000076d32aa8 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\svchost.exe[1308] C:\Windows\SYSTEM32\ntdll.dll!RtlReportException + 1 0000000076da3201 11 bytes [B8, 39, 85, 1F, 75, 00, 00, ...] .text C:\Windows\system32\svchost.exe[1308] C:\Windows\system32\KERNELBASE.dll!CloseHandle + 1 000007fefd251861 11 bytes [B8, 79, 52, 1F, 75, 00, 00, ...] .text C:\Windows\system32\svchost.exe[1308] C:\Windows\system32\KERNELBASE.dll!GetProcAddress + 1 000007fefd2530f1 11 bytes [B8, 79, C9, 1F, 75, 00, 00, ...] .text C:\Windows\system32\svchost.exe[1308] C:\Windows\system32\KERNELBASE.dll!CreateMutexW 000007fefd258b80 12 bytes [48, B8, B9, 50, 1F, 75, 00, ...] .text C:\Windows\system32\svchost.exe[1308] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd259940 12 bytes [48, B8, F9, C5, 1F, 75, 00, ...] .text C:\Windows\system32\svchost.exe[1308] C:\Windows\system32\KERNELBASE.dll!FreeLibrary + 1 000007fefd259fb1 11 bytes [B8, B9, C7, 1F, 75, 00, 00, ...] .text C:\Windows\system32\svchost.exe[1308] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExA + 1 000007fefd25bbb1 11 bytes [B8, 39, C4, 1F, 75, 00, 00, ...] .text C:\Windows\system32\svchost.exe[1308] C:\Windows\system32\KERNELBASE.dll!OpenMutexW + 1 000007fefd2629c1 11 bytes [B8, F9, 4E, 1F, 75, 00, 00, ...] .text C:\Windows\system32\svchost.exe[1308] C:\Windows\system32\KERNELBASE.dll!WriteProcessMemory 000007fefd284320 12 bytes [48, B8, B9, 42, 1F, 75, 00, ...] .text C:\Windows\system32\svchost.exe[1308] C:\Windows\system32\KERNELBASE.dll!CreateRemoteThread + 1 000007fefd292841 8 bytes [B8, 39, 23, 1F, 75, 00, 00, ...] .text C:\Windows\system32\svchost.exe[1308] C:\Windows\system32\KERNELBASE.dll!CreateRemoteThread + 10 000007fefd29284a 2 bytes [50, C3] .text C:\Windows\system32\svchost.exe[1308] C:\Windows\system32\KERNELBASE.dll!CreateThread + 1 000007fefd292881 11 bytes [B8, F9, 40, 1F, 75, 00, 00, ...] .text C:\Windows\system32\svchost.exe[1420] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateProcessParametersEx + 1 0000000076d192d1 5 bytes [B8, 39, 69, 1F, 75] .text C:\Windows\system32\svchost.exe[1420] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateProcessParametersEx + 7 0000000076d192d7 5 bytes [00, 00, 00, 50, C3] .text C:\Windows\system32\svchost.exe[1420] C:\Windows\SYSTEM32\ntdll.dll!NtWriteFile 0000000076d31330 6 bytes [48, B8, 79, EC, 1F, 75] .text C:\Windows\system32\svchost.exe[1420] C:\Windows\SYSTEM32\ntdll.dll!NtWriteFile + 8 0000000076d31338 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\svchost.exe[1420] C:\Windows\SYSTEM32\ntdll.dll!NtClose 0000000076d313a0 6 bytes [48, B8, B9, D5, 1F, 75] .text C:\Windows\system32\svchost.exe[1420] C:\Windows\SYSTEM32\ntdll.dll!NtClose + 8 0000000076d313a8 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\svchost.exe[1420] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess 0000000076d31470 6 bytes [48, B8, 79, C2, 1F, 75] .text C:\Windows\system32\svchost.exe[1420] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess + 8 0000000076d31478 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\svchost.exe[1420] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000076d31510 6 bytes [48, B8, F9, 32, 1F, 75] .text C:\Windows\system32\svchost.exe[1420] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess + 8 0000000076d31518 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\svchost.exe[1420] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 0000000076d31530 6 bytes [48, B8, 39, 1C, 1F, 75] .text C:\Windows\system32\svchost.exe[1420] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection + 8 0000000076d31538 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\svchost.exe[1420] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection 0000000076d31550 6 bytes [48, B8, F9, 1D, 1F, 75] .text C:\Windows\system32\svchost.exe[1420] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection + 8 0000000076d31558 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\svchost.exe[1420] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076d31570 6 bytes [48, B8, B9, C0, 1F, 75] .text C:\Windows\system32\svchost.exe[1420] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess + 8 0000000076d31578 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\svchost.exe[1420] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076d31620 6 bytes [48, B8, F9, E8, 1F, 75] .text C:\Windows\system32\svchost.exe[1420] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection + 8 0000000076d31628 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\svchost.exe[1420] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076d31650 6 bytes [48, B8, 79, 2F, 1F, 75] .text C:\Windows\system32\svchost.exe[1420] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory + 8 0000000076d31658 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\svchost.exe[1420] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000076d31670 6 bytes [48, B8, 79, 36, 1F, 75] .text C:\Windows\system32\svchost.exe[1420] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject + 8 0000000076d31678 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\svchost.exe[1420] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 0000000076d31700 6 bytes [48, B8, B9, 34, 1F, 75] .text C:\Windows\system32\svchost.exe[1420] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread + 8 0000000076d31708 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\svchost.exe[1420] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076d31750 6 bytes [48, B8, 39, EE, 1F, 75] .text C:\Windows\system32\svchost.exe[1420] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection + 8 0000000076d31758 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\svchost.exe[1420] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcessEx 0000000076d31780 6 bytes [48, B8, 39, 2A, 1F, 75] .text C:\Windows\system32\svchost.exe[1420] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcessEx + 8 0000000076d31788 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\svchost.exe[1420] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076d31790 6 bytes [48, B8, B9, 26, 1F, 75] .text C:\Windows\system32\svchost.exe[1420] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread + 8 0000000076d31798 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\svchost.exe[1420] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 0000000076d31800 6 bytes [48, B8, B9, EA, 1F, 75] .text C:\Windows\system32\svchost.exe[1420] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile + 8 0000000076d31808 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\svchost.exe[1420] C:\Windows\SYSTEM32\ntdll.dll!NtSetValueKey 0000000076d318b0 6 bytes [48, B8, B9, F1, 1F, 75] .text C:\Windows\system32\svchost.exe[1420] C:\Windows\SYSTEM32\ntdll.dll!NtSetValueKey + 8 0000000076d318b8 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\svchost.exe[1420] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076d31c80 6 bytes [48, B8, 39, E7, 1F, 75] .text C:\Windows\system32\svchost.exe[1420] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant + 8 0000000076d31c88 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\svchost.exe[1420] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcess 0000000076d31cd0 6 bytes [48, B8, 79, 28, 1F, 75] .text C:\Windows\system32\svchost.exe[1420] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcess + 8 0000000076d31cd8 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\svchost.exe[1420] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076d31d30 6 bytes [48, B8, F9, 24, 1F, 75] .text C:\Windows\system32\svchost.exe[1420] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx + 8 0000000076d31d38 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\svchost.exe[1420] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076d320a0 6 bytes [48, B8, 79, D7, 1F, 75] .text C:\Windows\system32\svchost.exe[1420] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver + 8 0000000076d320a8 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\svchost.exe[1420] C:\Windows\SYSTEM32\ntdll.dll!NtRaiseHardError 0000000076d325e0 6 bytes [48, B8, 79, 83, 1F, 75] .text C:\Windows\system32\svchost.exe[1420] C:\Windows\SYSTEM32\ntdll.dll!NtRaiseHardError + 8 0000000076d325e8 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\svchost.exe[1420] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076d327e0 6 bytes [48, B8, 39, 31, 1F, 75] .text C:\Windows\system32\svchost.exe[1420] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread + 8 0000000076d327e8 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\svchost.exe[1420] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000076d329a0 6 bytes [48, B8, 39, D9, 1F, 75] .text C:\Windows\system32\svchost.exe[1420] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation + 8 0000000076d329a8 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\svchost.exe[1420] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000076d32a80 6 bytes [48, B8, 79, 3D, 1F, 75] .text C:\Windows\system32\svchost.exe[1420] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess + 8 0000000076d32a88 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\svchost.exe[1420] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000076d32a90 6 bytes [48, B8, B9, 3B, 1F, 75] .text C:\Windows\system32\svchost.exe[1420] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread + 8 0000000076d32a98 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\svchost.exe[1420] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076d32aa0 6 bytes [48, B8, F9, EF, 1F, 75] .text C:\Windows\system32\svchost.exe[1420] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl + 8 0000000076d32aa8 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\svchost.exe[1420] C:\Windows\SYSTEM32\ntdll.dll!RtlReportException + 1 0000000076da3201 11 bytes [B8, 39, 85, 1F, 75, 00, 00, ...] .text C:\Windows\system32\svchost.exe[1420] C:\Windows\system32\kernel32.dll!Process32NextW + 1 00000000769b20f1 11 bytes [B8, F9, D3, 1F, 75, 00, 00, ...] .text C:\Windows\system32\svchost.exe[1420] C:\Windows\system32\kernel32.dll!CreateToolhelp32Snapshot 00000000769b21e0 12 bytes [48, B8, F9, 39, 1F, 75, 00, ...] .text C:\Windows\system32\svchost.exe[1420] C:\Windows\system32\kernel32.dll!CreateProcessInternalW 00000000769ce750 12 bytes [48, B8, B9, 2D, 1F, 75, 00, ...] .text C:\Windows\system32\svchost.exe[1420] C:\Windows\system32\kernel32.dll!GetStartupInfoA + 1 00000000769d1e31 11 bytes [B8, 79, E5, 1F, 75, 00, 00, ...] .text C:\Windows\system32\svchost.exe[1420] C:\Windows\system32\kernel32.dll!ReadConsoleInputW + 1 0000000076a05011 11 bytes [B8, B9, 7A, 1F, 75, 00, 00, ...] .text C:\Windows\system32\svchost.exe[1420] C:\Windows\system32\kernel32.dll!ReadConsoleInputA + 1 0000000076a05031 11 bytes [B8, 39, 77, 1F, 75, 00, 00, ...] .text C:\Windows\system32\svchost.exe[1420] C:\Windows\system32\kernel32.dll!ReadConsoleW 0000000076a1a560 12 bytes [48, B8, B9, 81, 1F, 75, 00, ...] .text C:\Windows\system32\svchost.exe[1420] C:\Windows\system32\kernel32.dll!ReadConsoleA 0000000076a1a670 12 bytes [48, B8, 39, 7E, 1F, 75, 00, ...] .text C:\Windows\system32\svchost.exe[1420] C:\Windows\system32\KERNELBASE.dll!CloseHandle + 1 000007fefd251861 11 bytes [B8, 79, 52, 1F, 75, 00, 00, ...] .text C:\Windows\system32\svchost.exe[1420] C:\Windows\system32\KERNELBASE.dll!GetProcAddress + 1 000007fefd2530f1 11 bytes [B8, 79, C9, 1F, 75, 00, 00, ...] .text C:\Windows\system32\svchost.exe[1420] C:\Windows\system32\KERNELBASE.dll!CreateMutexW 000007fefd258b80 12 bytes [48, B8, B9, 50, 1F, 75, 00, ...] .text C:\Windows\system32\svchost.exe[1420] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd259940 12 bytes [48, B8, F9, C5, 1F, 75, 00, ...] .text C:\Windows\system32\svchost.exe[1420] C:\Windows\system32\KERNELBASE.dll!FreeLibrary + 1 000007fefd259fb1 11 bytes [B8, B9, C7, 1F, 75, 00, 00, ...] .text C:\Windows\system32\svchost.exe[1420] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExA + 1 000007fefd25bbb1 11 bytes [B8, 39, C4, 1F, 75, 00, 00, ...] .text C:\Windows\system32\svchost.exe[1420] C:\Windows\system32\KERNELBASE.dll!OpenMutexW + 1 000007fefd2629c1 11 bytes [B8, F9, 4E, 1F, 75, 00, 00, ...] .text C:\Windows\system32\svchost.exe[1420] C:\Windows\system32\KERNELBASE.dll!WriteProcessMemory 000007fefd284320 12 bytes [48, B8, B9, 42, 1F, 75, 00, ...] .text C:\Windows\system32\svchost.exe[1420] C:\Windows\system32\KERNELBASE.dll!CreateRemoteThread + 1 000007fefd292841 8 bytes [B8, 39, 23, 1F, 75, 00, 00, ...] .text C:\Windows\system32\svchost.exe[1420] C:\Windows\system32\KERNELBASE.dll!CreateRemoteThread + 10 000007fefd29284a 2 bytes [50, C3] .text C:\Windows\system32\svchost.exe[1420] C:\Windows\system32\KERNELBASE.dll!CreateThread + 1 000007fefd292881 11 bytes [B8, F9, 40, 1F, 75, 00, 00, ...] .text C:\Windows\system32\svchost.exe[1420] C:\Windows\SYSTEM32\sechost.dll!ControlService + 1 000007fefd7f642d 11 bytes [B8, 39, 5B, 1F, 75, 00, 00, ...] .text C:\Windows\system32\svchost.exe[1420] C:\Windows\SYSTEM32\sechost.dll!OpenServiceW 000007fefd7f6484 12 bytes [48, B8, F9, 55, 1F, 75, 00, ...] .text C:\Windows\system32\svchost.exe[1420] C:\Windows\SYSTEM32\sechost.dll!CloseServiceHandle + 1 000007fefd7f6519 11 bytes [B8, 39, 62, 1F, 75, 00, 00, ...] .text C:\Windows\system32\svchost.exe[1420] C:\Windows\SYSTEM32\sechost.dll!OpenServiceA 000007fefd7f6c34 12 bytes [48, B8, 39, 54, 1F, 75, 00, ...] .text C:\Windows\system32\svchost.exe[1420] C:\Windows\SYSTEM32\sechost.dll!DeleteService + 1 000007fefd7f7ab5 11 bytes [B8, F9, 5C, 1F, 75, 00, 00, ...] .text C:\Windows\system32\svchost.exe[1420] C:\Windows\SYSTEM32\sechost.dll!ControlServiceExA + 1 000007fefd7f8b01 11 bytes [B8, B9, 57, 1F, 75, 00, 00, ...] .text C:\Windows\system32\svchost.exe[1420] C:\Windows\SYSTEM32\sechost.dll!ControlServiceExW + 1 000007fefd7f8c39 11 bytes [B8, 79, 59, 1F, 75, 00, 00, ...] .text C:\Windows\system32\svchost.exe[1420] C:\Windows\system32\WS2_32.dll!WSASend + 1 000007fefe0013b1 11 bytes [B8, F9, BE, 1F, 75, 00, 00, ...] .text C:\Windows\system32\svchost.exe[1420] C:\Windows\system32\WS2_32.dll!closesocket 000007fefe0018e0 12 bytes [48, B8, 39, BD, 1F, 75, 00, ...] .text C:\Windows\system32\svchost.exe[1420] C:\Windows\system32\WS2_32.dll!WSASocketW + 1 000007fefe001bd1 11 bytes [B8, 79, BB, 1F, 75, 00, 00, ...] .text C:\Windows\system32\svchost.exe[1420] C:\Windows\system32\WS2_32.dll!WSARecv + 1 000007fefe002201 11 bytes [B8, F9, E1, 1F, 75, 00, 00, ...] .text C:\Windows\system32\svchost.exe[1420] C:\Windows\system32\WS2_32.dll!GetAddrInfoW 000007fefe0023c0 12 bytes [48, B8, 79, A6, 1F, 75, 00, ...] .text C:\Windows\system32\svchost.exe[1420] C:\Windows\system32\WS2_32.dll!connect 000007fefe0045c0 12 bytes [48, B8, 79, 67, 1F, 75, 00, ...] .text C:\Windows\system32\svchost.exe[1420] C:\Windows\system32\WS2_32.dll!send + 1 000007fefe008001 11 bytes [B8, B9, B9, 1F, 75, 00, 00, ...] .text C:\Windows\system32\svchost.exe[1420] C:\Windows\system32\WS2_32.dll!gethostbyname 000007fefe008df0 7 bytes [48, B8, 39, A8, 1F, 75, 00] .text C:\Windows\system32\svchost.exe[1420] C:\Windows\system32\WS2_32.dll!gethostbyname + 9 000007fefe008df9 3 bytes [00, 50, C3] .text C:\Windows\system32\svchost.exe[1420] C:\Windows\system32\WS2_32.dll!socket + 1 000007fefe00de91 11 bytes [B8, F9, DA, 1F, 75, 00, 00, ...] .text C:\Windows\system32\svchost.exe[1420] C:\Windows\system32\WS2_32.dll!recv + 1 000007fefe00df41 11 bytes [B8, 39, E0, 1F, 75, 00, 00, ...] .text C:\Windows\system32\svchost.exe[1420] C:\Windows\system32\WS2_32.dll!WSAConnect + 1 000007fefe02e0f1 11 bytes [B8, 79, DE, 1F, 75, 00, 00, ...] .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1524] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateProcessParametersEx + 1 0000000076d192d1 5 bytes [B8, 39, 69, 1F, 75] .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1524] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateProcessParametersEx + 7 0000000076d192d7 5 bytes [00, 00, 00, 50, C3] .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1524] C:\Windows\SYSTEM32\ntdll.dll!NtWriteFile 0000000076d31330 6 bytes [48, B8, B9, F1, 1F, 75] .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1524] C:\Windows\SYSTEM32\ntdll.dll!NtWriteFile + 8 0000000076d31338 4 bytes [00, 00, 50, C3] .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1524] C:\Windows\SYSTEM32\ntdll.dll!NtClose 0000000076d313a0 6 bytes [48, B8, B9, D5, 1F, 75] .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1524] C:\Windows\SYSTEM32\ntdll.dll!NtClose + 8 0000000076d313a8 4 bytes [00, 00, 50, C3] .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1524] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess 0000000076d31470 6 bytes [48, B8, 79, C2, 1F, 75] .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1524] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess + 8 0000000076d31478 4 bytes [00, 00, 50, C3] .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1524] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000076d31510 6 bytes [48, B8, F9, 32, 1F, 75] .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1524] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess + 8 0000000076d31518 4 bytes [00, 00, 50, C3] .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1524] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 0000000076d31530 6 bytes [48, B8, 39, 1C, 1F, 75] .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1524] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection + 8 0000000076d31538 4 bytes [00, 00, 50, C3] .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1524] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection 0000000076d31550 6 bytes [48, B8, F9, 1D, 1F, 75] .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1524] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection + 8 0000000076d31558 4 bytes [00, 00, 50, C3] .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1524] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076d31570 6 bytes [48, B8, B9, C0, 1F, 75] .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1524] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess + 8 0000000076d31578 4 bytes [00, 00, 50, C3] .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1524] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076d31620 6 bytes [48, B8, 39, EE, 1F, 75] .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1524] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection + 8 0000000076d31628 4 bytes [00, 00, 50, C3] .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1524] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076d31650 6 bytes [48, B8, 79, 2F, 1F, 75] .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1524] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory + 8 0000000076d31658 4 bytes [00, 00, 50, C3] .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1524] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000076d31670 6 bytes [48, B8, 79, 36, 1F, 75] .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1524] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject + 8 0000000076d31678 4 bytes [00, 00, 50, C3] .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1524] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 0000000076d31700 6 bytes [48, B8, B9, 34, 1F, 75] .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1524] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread + 8 0000000076d31708 4 bytes [00, 00, 50, C3] .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1524] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076d31750 6 bytes [48, B8, 79, F3, 1F, 75] .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1524] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection + 8 0000000076d31758 4 bytes [00, 00, 50, C3] .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1524] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcessEx 0000000076d31780 6 bytes [48, B8, 39, 2A, 1F, 75] .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1524] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcessEx + 8 0000000076d31788 4 bytes [00, 00, 50, C3] .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1524] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076d31790 6 bytes [48, B8, B9, 26, 1F, 75] .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1524] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread + 8 0000000076d31798 4 bytes [00, 00, 50, C3] .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1524] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 0000000076d31800 6 bytes [48, B8, F9, EF, 1F, 75] .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1524] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile + 8 0000000076d31808 4 bytes [00, 00, 50, C3] .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1524] C:\Windows\SYSTEM32\ntdll.dll!NtSetValueKey 0000000076d318b0 6 bytes [48, B8, F9, F6, 1F, 75] .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1524] C:\Windows\SYSTEM32\ntdll.dll!NtSetValueKey + 8 0000000076d318b8 4 bytes [00, 00, 50, C3] .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1524] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076d31c80 6 bytes [48, B8, 79, EC, 1F, 75] .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1524] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant + 8 0000000076d31c88 4 bytes [00, 00, 50, C3] .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1524] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcess 0000000076d31cd0 6 bytes [48, B8, 79, 28, 1F, 75] .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1524] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcess + 8 0000000076d31cd8 4 bytes [00, 00, 50, C3] .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1524] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076d31d30 6 bytes [48, B8, F9, 24, 1F, 75] .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1524] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx + 8 0000000076d31d38 4 bytes [00, 00, 50, C3] .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1524] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076d320a0 6 bytes [48, B8, 79, D7, 1F, 75] .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1524] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver + 8 0000000076d320a8 4 bytes [00, 00, 50, C3] .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1524] C:\Windows\SYSTEM32\ntdll.dll!NtRaiseHardError 0000000076d325e0 6 bytes [48, B8, 79, 83, 1F, 75] .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1524] C:\Windows\SYSTEM32\ntdll.dll!NtRaiseHardError + 8 0000000076d325e8 4 bytes [00, 00, 50, C3] .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1524] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076d327e0 6 bytes [48, B8, 39, 31, 1F, 75] .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1524] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread + 8 0000000076d327e8 4 bytes [00, 00, 50, C3] .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1524] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000076d329a0 6 bytes [48, B8, 39, D9, 1F, 75] .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1524] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation + 8 0000000076d329a8 4 bytes [00, 00, 50, C3] .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1524] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000076d32a80 6 bytes [48, B8, 79, 3D, 1F, 75] .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1524] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess + 8 0000000076d32a88 4 bytes [00, 00, 50, C3] .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1524] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000076d32a90 6 bytes [48, B8, B9, 3B, 1F, 75] .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1524] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread + 8 0000000076d32a98 4 bytes [00, 00, 50, C3] .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1524] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076d32aa0 6 bytes [48, B8, 39, F5, 1F, 75] .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1524] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl + 8 0000000076d32aa8 4 bytes [00, 00, 50, C3] .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1524] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000076d32b80 6 bytes [48, B8, 39, E7, 1F, 75] .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1524] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl + 8 0000000076d32b88 4 bytes [00, 00, 50, C3] .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1524] C:\Windows\SYSTEM32\ntdll.dll!RtlReportException + 1 0000000076da3201 11 bytes [B8, 39, 85, 1F, 75, 00, 00, ...] .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1524] C:\Windows\system32\kernel32.dll!Process32NextW + 1 00000000769b20f1 11 bytes [B8, F9, D3, 1F, 75, 00, 00, ...] .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1524] C:\Windows\system32\kernel32.dll!CreateToolhelp32Snapshot 00000000769b21e0 12 bytes [48, B8, F9, 39, 1F, 75, 00, ...] .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1524] C:\Windows\system32\kernel32.dll!CreateProcessInternalW 00000000769ce750 12 bytes [48, B8, B9, 2D, 1F, 75, 00, ...] .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1524] C:\Windows\system32\kernel32.dll!GetStartupInfoA + 1 00000000769d1e31 11 bytes [B8, 79, E5, 1F, 75, 00, 00, ...] .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1524] C:\Windows\system32\kernel32.dll!ReadConsoleInputW + 1 0000000076a05011 11 bytes [B8, B9, 7A, 1F, 75, 00, 00, ...] .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1524] C:\Windows\system32\kernel32.dll!ReadConsoleInputA + 1 0000000076a05031 11 bytes [B8, 39, 77, 1F, 75, 00, 00, ...] .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1524] C:\Windows\system32\kernel32.dll!ReadConsoleW 0000000076a1a560 12 bytes [48, B8, B9, 81, 1F, 75, 00, ...] .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1524] C:\Windows\system32\kernel32.dll!ReadConsoleA 0000000076a1a670 12 bytes [48, B8, 39, 7E, 1F, 75, 00, ...] .text C:\Windows\System32\spoolsv.exe[1588] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateProcessParametersEx + 1 0000000076d192d1 5 bytes [B8, 39, 69, 1F, 75] .text C:\Windows\System32\spoolsv.exe[1588] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateProcessParametersEx + 7 0000000076d192d7 5 bytes [00, 00, 00, 50, C3] .text C:\Windows\System32\spoolsv.exe[1588] C:\Windows\SYSTEM32\ntdll.dll!NtWriteFile 0000000076d31330 6 bytes [48, B8, B9, F1, 1F, 75] .text C:\Windows\System32\spoolsv.exe[1588] C:\Windows\SYSTEM32\ntdll.dll!NtWriteFile + 8 0000000076d31338 4 bytes [00, 00, 50, C3] .text C:\Windows\System32\spoolsv.exe[1588] C:\Windows\SYSTEM32\ntdll.dll!NtClose 0000000076d313a0 6 bytes [48, B8, B9, D5, 1F, 75] .text C:\Windows\System32\spoolsv.exe[1588] C:\Windows\SYSTEM32\ntdll.dll!NtClose + 8 0000000076d313a8 4 bytes [00, 00, 50, C3] .text C:\Windows\System32\spoolsv.exe[1588] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess 0000000076d31470 6 bytes [48, B8, 79, C2, 1F, 75] .text C:\Windows\System32\spoolsv.exe[1588] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess + 8 0000000076d31478 4 bytes [00, 00, 50, C3] .text C:\Windows\System32\spoolsv.exe[1588] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000076d31510 6 bytes [48, B8, F9, 32, 1F, 75] .text C:\Windows\System32\spoolsv.exe[1588] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess + 8 0000000076d31518 4 bytes [00, 00, 50, C3] .text C:\Windows\System32\spoolsv.exe[1588] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 0000000076d31530 6 bytes [48, B8, 39, 1C, 1F, 75] .text C:\Windows\System32\spoolsv.exe[1588] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection + 8 0000000076d31538 4 bytes [00, 00, 50, C3] .text C:\Windows\System32\spoolsv.exe[1588] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection 0000000076d31550 6 bytes [48, B8, F9, 1D, 1F, 75] .text C:\Windows\System32\spoolsv.exe[1588] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection + 8 0000000076d31558 4 bytes [00, 00, 50, C3] .text C:\Windows\System32\spoolsv.exe[1588] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076d31570 6 bytes [48, B8, B9, C0, 1F, 75] .text C:\Windows\System32\spoolsv.exe[1588] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess + 8 0000000076d31578 4 bytes [00, 00, 50, C3] .text C:\Windows\System32\spoolsv.exe[1588] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076d31620 6 bytes [48, B8, 39, EE, 1F, 75] .text C:\Windows\System32\spoolsv.exe[1588] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection + 8 0000000076d31628 4 bytes [00, 00, 50, C3] .text C:\Windows\System32\spoolsv.exe[1588] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076d31650 6 bytes [48, B8, 79, 2F, 1F, 75] .text C:\Windows\System32\spoolsv.exe[1588] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory + 8 0000000076d31658 4 bytes [00, 00, 50, C3] .text C:\Windows\System32\spoolsv.exe[1588] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000076d31670 6 bytes [48, B8, 79, 36, 1F, 75] .text C:\Windows\System32\spoolsv.exe[1588] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject + 8 0000000076d31678 4 bytes [00, 00, 50, C3] .text C:\Windows\System32\spoolsv.exe[1588] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 0000000076d31700 6 bytes [48, B8, B9, 34, 1F, 75] .text C:\Windows\System32\spoolsv.exe[1588] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread + 8 0000000076d31708 4 bytes [00, 00, 50, C3] .text C:\Windows\System32\spoolsv.exe[1588] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076d31750 6 bytes [48, B8, 79, F3, 1F, 75] .text C:\Windows\System32\spoolsv.exe[1588] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection + 8 0000000076d31758 4 bytes [00, 00, 50, C3] .text C:\Windows\System32\spoolsv.exe[1588] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcessEx 0000000076d31780 6 bytes [48, B8, 39, 2A, 1F, 75] .text C:\Windows\System32\spoolsv.exe[1588] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcessEx + 8 0000000076d31788 4 bytes [00, 00, 50, C3] .text C:\Windows\System32\spoolsv.exe[1588] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076d31790 6 bytes [48, B8, B9, 26, 1F, 75] .text C:\Windows\System32\spoolsv.exe[1588] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread + 8 0000000076d31798 4 bytes [00, 00, 50, C3] .text C:\Windows\System32\spoolsv.exe[1588] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 0000000076d31800 6 bytes [48, B8, F9, EF, 1F, 75] .text C:\Windows\System32\spoolsv.exe[1588] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile + 8 0000000076d31808 4 bytes [00, 00, 50, C3] .text C:\Windows\System32\spoolsv.exe[1588] C:\Windows\SYSTEM32\ntdll.dll!NtSetValueKey 0000000076d318b0 6 bytes [48, B8, F9, F6, 1F, 75] .text C:\Windows\System32\spoolsv.exe[1588] C:\Windows\SYSTEM32\ntdll.dll!NtSetValueKey + 8 0000000076d318b8 4 bytes [00, 00, 50, C3] .text C:\Windows\System32\spoolsv.exe[1588] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076d31c80 6 bytes [48, B8, 79, EC, 1F, 75] .text C:\Windows\System32\spoolsv.exe[1588] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant + 8 0000000076d31c88 4 bytes [00, 00, 50, C3] .text C:\Windows\System32\spoolsv.exe[1588] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcess 0000000076d31cd0 6 bytes [48, B8, 79, 28, 1F, 75] .text C:\Windows\System32\spoolsv.exe[1588] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcess + 8 0000000076d31cd8 4 bytes [00, 00, 50, C3] .text C:\Windows\System32\spoolsv.exe[1588] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076d31d30 6 bytes [48, B8, F9, 24, 1F, 75] .text C:\Windows\System32\spoolsv.exe[1588] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx + 8 0000000076d31d38 4 bytes [00, 00, 50, C3] .text C:\Windows\System32\spoolsv.exe[1588] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076d320a0 6 bytes [48, B8, 79, D7, 1F, 75] .text C:\Windows\System32\spoolsv.exe[1588] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver + 8 0000000076d320a8 4 bytes [00, 00, 50, C3] .text C:\Windows\System32\spoolsv.exe[1588] C:\Windows\SYSTEM32\ntdll.dll!NtRaiseHardError 0000000076d325e0 6 bytes [48, B8, 79, 83, 1F, 75] .text C:\Windows\System32\spoolsv.exe[1588] C:\Windows\SYSTEM32\ntdll.dll!NtRaiseHardError + 8 0000000076d325e8 4 bytes [00, 00, 50, C3] .text C:\Windows\System32\spoolsv.exe[1588] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076d327e0 6 bytes [48, B8, 39, 31, 1F, 75] .text C:\Windows\System32\spoolsv.exe[1588] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread + 8 0000000076d327e8 4 bytes [00, 00, 50, C3] .text C:\Windows\System32\spoolsv.exe[1588] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000076d329a0 6 bytes [48, B8, 39, D9, 1F, 75] .text C:\Windows\System32\spoolsv.exe[1588] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation + 8 0000000076d329a8 4 bytes [00, 00, 50, C3] .text C:\Windows\System32\spoolsv.exe[1588] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000076d32a80 6 bytes [48, B8, 79, 3D, 1F, 75] .text C:\Windows\System32\spoolsv.exe[1588] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess + 8 0000000076d32a88 4 bytes [00, 00, 50, C3] .text C:\Windows\System32\spoolsv.exe[1588] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000076d32a90 6 bytes [48, B8, B9, 3B, 1F, 75] .text C:\Windows\System32\spoolsv.exe[1588] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread + 8 0000000076d32a98 4 bytes [00, 00, 50, C3] .text C:\Windows\System32\spoolsv.exe[1588] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076d32aa0 6 bytes [48, B8, 39, F5, 1F, 75] .text C:\Windows\System32\spoolsv.exe[1588] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl + 8 0000000076d32aa8 4 bytes [00, 00, 50, C3] .text C:\Windows\System32\spoolsv.exe[1588] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000076d32b80 6 bytes [48, B8, 39, E7, 1F, 75] .text C:\Windows\System32\spoolsv.exe[1588] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl + 8 0000000076d32b88 4 bytes [00, 00, 50, C3] .text C:\Windows\System32\spoolsv.exe[1588] C:\Windows\SYSTEM32\ntdll.dll!RtlReportException + 1 0000000076da3201 11 bytes [B8, 39, 85, 1F, 75, 00, 00, ...] .text C:\Windows\System32\spoolsv.exe[1588] C:\Windows\SYSTEM32\sechost.dll!ControlService + 1 000007fefd7f642d 11 bytes [B8, 39, 5B, 1F, 75, 00, 00, ...] .text C:\Windows\System32\spoolsv.exe[1588] C:\Windows\SYSTEM32\sechost.dll!OpenServiceW 000007fefd7f6484 12 bytes [48, B8, F9, 55, 1F, 75, 00, ...] .text C:\Windows\System32\spoolsv.exe[1588] C:\Windows\SYSTEM32\sechost.dll!CloseServiceHandle + 1 000007fefd7f6519 11 bytes [B8, 39, 62, 1F, 75, 00, 00, ...] .text C:\Windows\System32\spoolsv.exe[1588] C:\Windows\SYSTEM32\sechost.dll!OpenServiceA 000007fefd7f6c34 12 bytes [48, B8, 39, 54, 1F, 75, 00, ...] .text C:\Windows\System32\spoolsv.exe[1588] C:\Windows\SYSTEM32\sechost.dll!DeleteService + 1 000007fefd7f7ab5 11 bytes [B8, F9, 5C, 1F, 75, 00, 00, ...] .text C:\Windows\System32\spoolsv.exe[1588] C:\Windows\SYSTEM32\sechost.dll!ControlServiceExA + 1 000007fefd7f8b01 11 bytes [B8, B9, 57, 1F, 75, 00, 00, ...] .text C:\Windows\System32\spoolsv.exe[1588] C:\Windows\SYSTEM32\sechost.dll!ControlServiceExW + 1 000007fefd7f8c39 11 bytes [B8, 79, 59, 1F, 75, 00, 00, ...] .text C:\Windows\system32\svchost.exe[1624] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateProcessParametersEx + 1 0000000076d192d1 5 bytes [B8, 39, 69, 1F, 75] .text C:\Windows\system32\svchost.exe[1624] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateProcessParametersEx + 7 0000000076d192d7 5 bytes [00, 00, 00, 50, C3] .text C:\Windows\system32\svchost.exe[1624] C:\Windows\SYSTEM32\ntdll.dll!NtWriteFile 0000000076d31330 6 bytes [48, B8, 79, EC, 1F, 75] .text C:\Windows\system32\svchost.exe[1624] C:\Windows\SYSTEM32\ntdll.dll!NtWriteFile + 8 0000000076d31338 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\svchost.exe[1624] C:\Windows\SYSTEM32\ntdll.dll!NtClose 0000000076d313a0 6 bytes [48, B8, B9, D5, 1F, 75] .text C:\Windows\system32\svchost.exe[1624] C:\Windows\SYSTEM32\ntdll.dll!NtClose + 8 0000000076d313a8 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\svchost.exe[1624] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess 0000000076d31470 6 bytes [48, B8, 79, C2, 1F, 75] .text C:\Windows\system32\svchost.exe[1624] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess + 8 0000000076d31478 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\svchost.exe[1624] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000076d31510 6 bytes [48, B8, F9, 32, 1F, 75] .text C:\Windows\system32\svchost.exe[1624] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess + 8 0000000076d31518 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\svchost.exe[1624] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 0000000076d31530 6 bytes [48, B8, 39, 1C, 1F, 75] .text C:\Windows\system32\svchost.exe[1624] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection + 8 0000000076d31538 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\svchost.exe[1624] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection 0000000076d31550 6 bytes [48, B8, F9, 1D, 1F, 75] .text C:\Windows\system32\svchost.exe[1624] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection + 8 0000000076d31558 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\svchost.exe[1624] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076d31570 6 bytes [48, B8, B9, C0, 1F, 75] .text C:\Windows\system32\svchost.exe[1624] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess + 8 0000000076d31578 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\svchost.exe[1624] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076d31620 6 bytes [48, B8, F9, E8, 1F, 75] .text C:\Windows\system32\svchost.exe[1624] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection + 8 0000000076d31628 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\svchost.exe[1624] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076d31650 6 bytes [48, B8, 79, 2F, 1F, 75] .text C:\Windows\system32\svchost.exe[1624] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory + 8 0000000076d31658 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\svchost.exe[1624] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000076d31670 6 bytes [48, B8, 79, 36, 1F, 75] .text C:\Windows\system32\svchost.exe[1624] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject + 8 0000000076d31678 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\svchost.exe[1624] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 0000000076d31700 6 bytes [48, B8, B9, 34, 1F, 75] .text C:\Windows\system32\svchost.exe[1624] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread + 8 0000000076d31708 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\svchost.exe[1624] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076d31750 6 bytes [48, B8, 39, EE, 1F, 75] .text C:\Windows\system32\svchost.exe[1624] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection + 8 0000000076d31758 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\svchost.exe[1624] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcessEx 0000000076d31780 6 bytes [48, B8, 39, 2A, 1F, 75] .text C:\Windows\system32\svchost.exe[1624] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcessEx + 8 0000000076d31788 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\svchost.exe[1624] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076d31790 6 bytes [48, B8, B9, 26, 1F, 75] .text C:\Windows\system32\svchost.exe[1624] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread + 8 0000000076d31798 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\svchost.exe[1624] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 0000000076d31800 6 bytes [48, B8, B9, EA, 1F, 75] .text C:\Windows\system32\svchost.exe[1624] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile + 8 0000000076d31808 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\svchost.exe[1624] C:\Windows\SYSTEM32\ntdll.dll!NtSetValueKey 0000000076d318b0 6 bytes [48, B8, B9, F1, 1F, 75] .text C:\Windows\system32\svchost.exe[1624] C:\Windows\SYSTEM32\ntdll.dll!NtSetValueKey + 8 0000000076d318b8 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\svchost.exe[1624] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076d31c80 6 bytes [48, B8, 39, E7, 1F, 75] .text C:\Windows\system32\svchost.exe[1624] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant + 8 0000000076d31c88 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\svchost.exe[1624] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcess 0000000076d31cd0 6 bytes [48, B8, 79, 28, 1F, 75] .text C:\Windows\system32\svchost.exe[1624] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcess + 8 0000000076d31cd8 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\svchost.exe[1624] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076d31d30 6 bytes [48, B8, F9, 24, 1F, 75] .text C:\Windows\system32\svchost.exe[1624] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx + 8 0000000076d31d38 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\svchost.exe[1624] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076d320a0 6 bytes [48, B8, 79, D7, 1F, 75] .text C:\Windows\system32\svchost.exe[1624] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver + 8 0000000076d320a8 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\svchost.exe[1624] C:\Windows\SYSTEM32\ntdll.dll!NtRaiseHardError 0000000076d325e0 6 bytes [48, B8, 79, 83, 1F, 75] .text C:\Windows\system32\svchost.exe[1624] C:\Windows\SYSTEM32\ntdll.dll!NtRaiseHardError + 8 0000000076d325e8 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\svchost.exe[1624] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076d327e0 6 bytes [48, B8, 39, 31, 1F, 75] .text C:\Windows\system32\svchost.exe[1624] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread + 8 0000000076d327e8 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\svchost.exe[1624] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000076d329a0 6 bytes [48, B8, 39, D9, 1F, 75] .text C:\Windows\system32\svchost.exe[1624] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation + 8 0000000076d329a8 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\svchost.exe[1624] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000076d32a80 6 bytes [48, B8, 79, 3D, 1F, 75] .text C:\Windows\system32\svchost.exe[1624] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess + 8 0000000076d32a88 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\svchost.exe[1624] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000076d32a90 6 bytes [48, B8, B9, 3B, 1F, 75] .text C:\Windows\system32\svchost.exe[1624] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread + 8 0000000076d32a98 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\svchost.exe[1624] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076d32aa0 6 bytes [48, B8, F9, EF, 1F, 75] .text C:\Windows\system32\svchost.exe[1624] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl + 8 0000000076d32aa8 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\svchost.exe[1624] C:\Windows\SYSTEM32\ntdll.dll!RtlReportException + 1 0000000076da3201 11 bytes [B8, 39, 85, 1F, 75, 00, 00, ...] .text C:\Windows\system32\svchost.exe[1624] C:\Windows\system32\kernel32.dll!Process32NextW + 1 00000000769b20f1 11 bytes [B8, F9, D3, 1F, 75, 00, 00, ...] .text C:\Windows\system32\svchost.exe[1624] C:\Windows\system32\kernel32.dll!CreateToolhelp32Snapshot 00000000769b21e0 12 bytes [48, B8, F9, 39, 1F, 75, 00, ...] .text C:\Windows\system32\svchost.exe[1624] C:\Windows\system32\kernel32.dll!CreateProcessInternalW 00000000769ce750 12 bytes [48, B8, B9, 2D, 1F, 75, 00, ...] .text C:\Windows\system32\svchost.exe[1624] C:\Windows\system32\kernel32.dll!GetStartupInfoA + 1 00000000769d1e31 11 bytes [B8, 79, E5, 1F, 75, 00, 00, ...] .text C:\Windows\system32\svchost.exe[1624] C:\Windows\system32\kernel32.dll!ReadConsoleInputW + 1 0000000076a05011 11 bytes [B8, B9, 7A, 1F, 75, 00, 00, ...] .text C:\Windows\system32\svchost.exe[1624] C:\Windows\system32\kernel32.dll!ReadConsoleInputA + 1 0000000076a05031 11 bytes [B8, 39, 77, 1F, 75, 00, 00, ...] .text C:\Windows\system32\svchost.exe[1624] C:\Windows\system32\kernel32.dll!ReadConsoleW 0000000076a1a560 12 bytes [48, B8, B9, 81, 1F, 75, 00, ...] .text C:\Windows\system32\svchost.exe[1624] C:\Windows\system32\kernel32.dll!ReadConsoleA 0000000076a1a670 12 bytes [48, B8, 39, 7E, 1F, 75, 00, ...] .text C:\Windows\system32\svchost.exe[1624] C:\Windows\system32\KERNELBASE.dll!CloseHandle + 1 000007fefd251861 11 bytes [B8, 79, 52, 1F, 75, 00, 00, ...] .text C:\Windows\system32\svchost.exe[1624] C:\Windows\system32\KERNELBASE.dll!GetProcAddress + 1 000007fefd2530f1 11 bytes [B8, 79, C9, 1F, 75, 00, 00, ...] .text C:\Windows\system32\svchost.exe[1624] C:\Windows\system32\KERNELBASE.dll!CreateMutexW 000007fefd258b80 12 bytes [48, B8, B9, 50, 1F, 75, 00, ...] .text C:\Windows\system32\svchost.exe[1624] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd259940 12 bytes [48, B8, F9, C5, 1F, 75, 00, ...] .text C:\Windows\system32\svchost.exe[1624] C:\Windows\system32\KERNELBASE.dll!FreeLibrary + 1 000007fefd259fb1 11 bytes [B8, B9, C7, 1F, 75, 00, 00, ...] .text C:\Windows\system32\svchost.exe[1624] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExA + 1 000007fefd25bbb1 11 bytes [B8, 39, C4, 1F, 75, 00, 00, ...] .text C:\Windows\system32\svchost.exe[1624] C:\Windows\system32\KERNELBASE.dll!OpenMutexW + 1 000007fefd2629c1 11 bytes [B8, F9, 4E, 1F, 75, 00, 00, ...] .text C:\Windows\system32\svchost.exe[1624] C:\Windows\system32\KERNELBASE.dll!WriteProcessMemory 000007fefd284320 12 bytes [48, B8, B9, 42, 1F, 75, 00, ...] .text C:\Windows\system32\svchost.exe[1624] C:\Windows\system32\KERNELBASE.dll!CreateRemoteThread + 1 000007fefd292841 8 bytes [B8, 39, 23, 1F, 75, 00, 00, ...] .text C:\Windows\system32\svchost.exe[1624] C:\Windows\system32\KERNELBASE.dll!CreateRemoteThread + 10 000007fefd29284a 2 bytes [50, C3] .text C:\Windows\system32\svchost.exe[1624] C:\Windows\system32\KERNELBASE.dll!CreateThread + 1 000007fefd292881 11 bytes [B8, F9, 40, 1F, 75, 00, 00, ...] .text C:\Windows\system32\svchost.exe[1624] C:\Windows\SYSTEM32\sechost.dll!ControlService + 1 000007fefd7f642d 11 bytes [B8, 39, 5B, 1F, 75, 00, 00, ...] .text C:\Windows\system32\svchost.exe[1624] C:\Windows\SYSTEM32\sechost.dll!OpenServiceW 000007fefd7f6484 12 bytes [48, B8, F9, 55, 1F, 75, 00, ...] .text C:\Windows\system32\svchost.exe[1624] C:\Windows\SYSTEM32\sechost.dll!CloseServiceHandle + 1 000007fefd7f6519 11 bytes [B8, 39, 62, 1F, 75, 00, 00, ...] .text C:\Windows\system32\svchost.exe[1624] C:\Windows\SYSTEM32\sechost.dll!OpenServiceA 000007fefd7f6c34 12 bytes [48, B8, 39, 54, 1F, 75, 00, ...] .text C:\Windows\system32\svchost.exe[1624] C:\Windows\SYSTEM32\sechost.dll!DeleteService + 1 000007fefd7f7ab5 11 bytes [B8, F9, 5C, 1F, 75, 00, 00, ...] .text C:\Windows\system32\svchost.exe[1624] C:\Windows\SYSTEM32\sechost.dll!ControlServiceExA + 1 000007fefd7f8b01 11 bytes [B8, B9, 57, 1F, 75, 00, 00, ...] .text C:\Windows\system32\svchost.exe[1624] C:\Windows\SYSTEM32\sechost.dll!ControlServiceExW + 1 000007fefd7f8c39 11 bytes [B8, 79, 59, 1F, 75, 00, 00, ...] .text C:\Windows\system32\svchost.exe[2252] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateProcessParametersEx + 1 0000000076d192d1 5 bytes [B8, 39, 69, 1F, 75] .text C:\Windows\system32\svchost.exe[2252] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateProcessParametersEx + 7 0000000076d192d7 5 bytes [00, 00, 00, 50, C3] .text C:\Windows\system32\svchost.exe[2252] C:\Windows\SYSTEM32\ntdll.dll!NtWriteFile 0000000076d31330 6 bytes [48, B8, 79, EC, 1F, 75] .text C:\Windows\system32\svchost.exe[2252] C:\Windows\SYSTEM32\ntdll.dll!NtWriteFile + 8 0000000076d31338 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\svchost.exe[2252] C:\Windows\SYSTEM32\ntdll.dll!NtClose 0000000076d313a0 6 bytes [48, B8, B9, D5, 1F, 75] .text C:\Windows\system32\svchost.exe[2252] C:\Windows\SYSTEM32\ntdll.dll!NtClose + 8 0000000076d313a8 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\svchost.exe[2252] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess 0000000076d31470 6 bytes [48, B8, 79, C2, 1F, 75] .text C:\Windows\system32\svchost.exe[2252] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess + 8 0000000076d31478 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\svchost.exe[2252] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000076d31510 6 bytes [48, B8, F9, 32, 1F, 75] .text C:\Windows\system32\svchost.exe[2252] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess + 8 0000000076d31518 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\svchost.exe[2252] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 0000000076d31530 6 bytes [48, B8, 39, 1C, 1F, 75] .text C:\Windows\system32\svchost.exe[2252] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection + 8 0000000076d31538 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\svchost.exe[2252] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection 0000000076d31550 6 bytes [48, B8, F9, 1D, 1F, 75] .text C:\Windows\system32\svchost.exe[2252] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection + 8 0000000076d31558 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\svchost.exe[2252] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076d31570 6 bytes [48, B8, B9, C0, 1F, 75] .text C:\Windows\system32\svchost.exe[2252] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess + 8 0000000076d31578 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\svchost.exe[2252] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076d31620 6 bytes [48, B8, F9, E8, 1F, 75] .text C:\Windows\system32\svchost.exe[2252] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection + 8 0000000076d31628 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\svchost.exe[2252] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076d31650 6 bytes [48, B8, 79, 2F, 1F, 75] .text C:\Windows\system32\svchost.exe[2252] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory + 8 0000000076d31658 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\svchost.exe[2252] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000076d31670 6 bytes [48, B8, 79, 36, 1F, 75] .text C:\Windows\system32\svchost.exe[2252] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject + 8 0000000076d31678 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\svchost.exe[2252] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 0000000076d31700 6 bytes [48, B8, B9, 34, 1F, 75] .text C:\Windows\system32\svchost.exe[2252] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread + 8 0000000076d31708 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\svchost.exe[2252] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076d31750 6 bytes [48, B8, 39, EE, 1F, 75] .text C:\Windows\system32\svchost.exe[2252] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection + 8 0000000076d31758 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\svchost.exe[2252] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcessEx 0000000076d31780 6 bytes [48, B8, 39, 2A, 1F, 75] .text C:\Windows\system32\svchost.exe[2252] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcessEx + 8 0000000076d31788 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\svchost.exe[2252] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076d31790 6 bytes [48, B8, B9, 26, 1F, 75] .text C:\Windows\system32\svchost.exe[2252] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread + 8 0000000076d31798 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\svchost.exe[2252] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 0000000076d31800 6 bytes [48, B8, B9, EA, 1F, 75] .text C:\Windows\system32\svchost.exe[2252] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile + 8 0000000076d31808 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\svchost.exe[2252] C:\Windows\SYSTEM32\ntdll.dll!NtSetValueKey 0000000076d318b0 6 bytes [48, B8, B9, F1, 1F, 75] .text C:\Windows\system32\svchost.exe[2252] C:\Windows\SYSTEM32\ntdll.dll!NtSetValueKey + 8 0000000076d318b8 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\svchost.exe[2252] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076d31c80 6 bytes [48, B8, 39, E7, 1F, 75] .text C:\Windows\system32\svchost.exe[2252] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant + 8 0000000076d31c88 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\svchost.exe[2252] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcess 0000000076d31cd0 6 bytes [48, B8, 79, 28, 1F, 75] .text C:\Windows\system32\svchost.exe[2252] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcess + 8 0000000076d31cd8 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\svchost.exe[2252] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076d31d30 6 bytes [48, B8, F9, 24, 1F, 75] .text C:\Windows\system32\svchost.exe[2252] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx + 8 0000000076d31d38 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\svchost.exe[2252] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076d320a0 6 bytes [48, B8, 79, D7, 1F, 75] .text C:\Windows\system32\svchost.exe[2252] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver + 8 0000000076d320a8 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\svchost.exe[2252] C:\Windows\SYSTEM32\ntdll.dll!NtRaiseHardError 0000000076d325e0 6 bytes [48, B8, 79, 83, 1F, 75] .text C:\Windows\system32\svchost.exe[2252] C:\Windows\SYSTEM32\ntdll.dll!NtRaiseHardError + 8 0000000076d325e8 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\svchost.exe[2252] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076d327e0 6 bytes [48, B8, 39, 31, 1F, 75] .text C:\Windows\system32\svchost.exe[2252] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread + 8 0000000076d327e8 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\svchost.exe[2252] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000076d329a0 6 bytes [48, B8, 39, D9, 1F, 75] .text C:\Windows\system32\svchost.exe[2252] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation + 8 0000000076d329a8 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\svchost.exe[2252] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000076d32a80 6 bytes [48, B8, 79, 3D, 1F, 75] .text C:\Windows\system32\svchost.exe[2252] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess + 8 0000000076d32a88 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\svchost.exe[2252] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000076d32a90 6 bytes [48, B8, B9, 3B, 1F, 75] .text C:\Windows\system32\svchost.exe[2252] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread + 8 0000000076d32a98 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\svchost.exe[2252] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076d32aa0 6 bytes [48, B8, F9, EF, 1F, 75] .text C:\Windows\system32\svchost.exe[2252] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl + 8 0000000076d32aa8 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\svchost.exe[2252] C:\Windows\SYSTEM32\ntdll.dll!RtlReportException + 1 0000000076da3201 11 bytes [B8, 39, 85, 1F, 75, 00, 00, ...] .text C:\Windows\system32\svchost.exe[2252] C:\Windows\system32\WS2_32.dll!WSASend + 1 000007fefe0013b1 11 bytes [B8, F9, BE, 1F, 75, 00, 00, ...] .text C:\Windows\system32\svchost.exe[2252] C:\Windows\system32\WS2_32.dll!closesocket 000007fefe0018e0 12 bytes [48, B8, 39, BD, 1F, 75, 00, ...] .text C:\Windows\system32\svchost.exe[2252] C:\Windows\system32\WS2_32.dll!WSASocketW + 1 000007fefe001bd1 11 bytes [B8, 79, BB, 1F, 75, 00, 00, ...] .text C:\Windows\system32\svchost.exe[2252] C:\Windows\system32\WS2_32.dll!WSARecv + 1 000007fefe002201 11 bytes [B8, F9, E1, 1F, 75, 00, 00, ...] .text C:\Windows\system32\svchost.exe[2252] C:\Windows\system32\WS2_32.dll!GetAddrInfoW 000007fefe0023c0 12 bytes [48, B8, 79, A6, 1F, 75, 00, ...] .text C:\Windows\system32\svchost.exe[2252] C:\Windows\system32\WS2_32.dll!connect 000007fefe0045c0 12 bytes [48, B8, 79, 67, 1F, 75, 00, ...] .text C:\Windows\system32\svchost.exe[2252] C:\Windows\system32\WS2_32.dll!send + 1 000007fefe008001 11 bytes [B8, B9, B9, 1F, 75, 00, 00, ...] .text C:\Windows\system32\svchost.exe[2252] C:\Windows\system32\WS2_32.dll!gethostbyname 000007fefe008df0 7 bytes [48, B8, 39, A8, 1F, 75, 00] .text C:\Windows\system32\svchost.exe[2252] C:\Windows\system32\WS2_32.dll!gethostbyname + 9 000007fefe008df9 3 bytes [00, 50, C3] .text C:\Windows\system32\svchost.exe[2252] C:\Windows\system32\WS2_32.dll!socket + 1 000007fefe00de91 11 bytes [B8, F9, DA, 1F, 75, 00, 00, ...] .text C:\Windows\system32\svchost.exe[2252] C:\Windows\system32\WS2_32.dll!recv + 1 000007fefe00df41 11 bytes [B8, 39, E0, 1F, 75, 00, 00, ...] .text C:\Windows\system32\svchost.exe[2252] C:\Windows\system32\WS2_32.dll!WSAConnect + 1 000007fefe02e0f1 11 bytes [B8, 79, DE, 1F, 75, 00, 00, ...] .text K:\Programy\Malwarebytes Anti-Malware\mbam.exe[2664] C:\Windows\syswow64\kernel32.dll!GetStartupInfoA 00000000755f0e00 5 bytes JMP 0000000172a51da9 .text K:\Programy\Malwarebytes Anti-Malware\mbam.exe[2664] C:\Windows\syswow64\kernel32.dll!CreateProcessA 00000000755f1072 5 bytes JMP 0000000172a52a21 .text K:\Programy\Malwarebytes Anti-Malware\mbam.exe[2664] C:\Windows\syswow64\kernel32.dll!LoadLibraryA 00000000755f49bf 5 bytes JMP 0000000172a525f9 .text K:\Programy\Malwarebytes Anti-Malware\mbam.exe[2664] C:\Windows\syswow64\kernel32.dll!CreateProcessInternalW 0000000075603bdb 5 bytes JMP 0000000172a53011 .text K:\Programy\Malwarebytes Anti-Malware\mbam.exe[2664] C:\Windows\syswow64\kernel32.dll!CreateToolhelp32Snapshot 0000000075617347 5 bytes JMP 0000000172a52729 .text K:\Programy\Malwarebytes Anti-Malware\mbam.exe[2664] C:\Windows\syswow64\kernel32.dll!Process32NextW 0000000075618954 5 bytes JMP 0000000172a56451 .text K:\Programy\Malwarebytes Anti-Malware\mbam.exe[2664] C:\Windows\syswow64\kernel32.dll!WinExec 0000000075672c91 5 bytes JMP 0000000172a528f1 .text K:\Programy\Malwarebytes Anti-Malware\mbam.exe[2664] C:\Windows\syswow64\kernel32.dll!ReadConsoleInputA 0000000075696f6b 5 bytes JMP 0000000172a546a1 .text K:\Programy\Malwarebytes Anti-Malware\mbam.exe[2664] C:\Windows\syswow64\kernel32.dll!ReadConsoleInputW 0000000075696f8e 5 bytes JMP 0000000172a547d1 .text K:\Programy\Malwarebytes Anti-Malware\mbam.exe[2664] C:\Windows\syswow64\kernel32.dll!ReadConsoleA 0000000075697339 5 bytes JMP 0000000172a54901 .text K:\Programy\Malwarebytes Anti-Malware\mbam.exe[2664] C:\Windows\syswow64\kernel32.dll!ReadConsoleW 00000000756973b2 5 bytes JMP 0000000172a54a31 .text K:\Programy\Malwarebytes Anti-Malware\mbam.exe[2664] C:\Windows\syswow64\USER32.dll!GetMessageW 00000000746b78e2 5 bytes JMP 0000000172a54441 .text K:\Programy\Malwarebytes Anti-Malware\mbam.exe[2664] C:\Windows\syswow64\USER32.dll!GetMessageA 00000000746b7bd3 5 bytes JMP 0000000172a543a9 .text K:\Programy\Malwarebytes Anti-Malware\mbam.exe[2664] C:\Windows\syswow64\USER32.dll!CreateWindowExW 00000000746b8a29 5 bytes JMP 0000000172a557d9 .text K:\Programy\Malwarebytes Anti-Malware\mbam.exe[2664] C:\Windows\syswow64\USER32.dll!FindWindowW 00000000746b98fd 5 bytes JMP 0000000172a56289 .text K:\Programy\Malwarebytes Anti-Malware\mbam.exe[2664] C:\Windows\syswow64\USER32.dll!UserClientDllInitialize 00000000746bb6ed 5 bytes JMP 0000000172a56e69 .text K:\Programy\Malwarebytes Anti-Malware\mbam.exe[2664] C:\Windows\syswow64\USER32.dll!CreateWindowExA 00000000746bd22e 5 bytes JMP 0000000172a55871 .text K:\Programy\Malwarebytes Anti-Malware\mbam.exe[2664] C:\Windows\syswow64\USER32.dll!SetWinEventHook 00000000746bee09 5 bytes JMP 0000000172a534d1 .text K:\Programy\Malwarebytes Anti-Malware\mbam.exe[2664] C:\Windows\syswow64\USER32.dll!FindWindowA 00000000746bffe6 5 bytes JMP 0000000172a56159 .text K:\Programy\Malwarebytes Anti-Malware\mbam.exe[2664] C:\Windows\syswow64\USER32.dll!FindWindowExA 00000000746c00d9 5 bytes JMP 0000000172a561f1 .text K:\Programy\Malwarebytes Anti-Malware\mbam.exe[2664] C:\Windows\syswow64\USER32.dll!PeekMessageW 00000000746c05ba 5 bytes JMP 0000000172a54571 .text K:\Programy\Malwarebytes Anti-Malware\mbam.exe[2664] C:\Windows\syswow64\USER32.dll!ShowWindow 00000000746c0dfb 5 bytes JMP 0000000172a55909 .text K:\Programy\Malwarebytes Anti-Malware\mbam.exe[2664] C:\Windows\syswow64\USER32.dll!PostMessageW 00000000746c12a5 5 bytes JMP 0000000172a56ad9 .text K:\Programy\Malwarebytes Anti-Malware\mbam.exe[2664] C:\Windows\syswow64\USER32.dll!SetWindowTextW 00000000746c20ec 5 bytes JMP 0000000172a55c99 .text K:\Programy\Malwarebytes Anti-Malware\mbam.exe[2664] C:\Windows\syswow64\USER32.dll!PostMessageA 00000000746c3baa 5 bytes JMP 0000000172a56a41 .text K:\Programy\Malwarebytes Anti-Malware\mbam.exe[2664] C:\Windows\syswow64\USER32.dll!PeekMessageA 00000000746c5f74 5 bytes JMP 0000000172a544d9 .text K:\Programy\Malwarebytes Anti-Malware\mbam.exe[2664] C:\Windows\syswow64\USER32.dll!CallNextHookEx 00000000746c6285 5 bytes JMP 0000000172a54bf9 .text K:\Programy\Malwarebytes Anti-Malware\mbam.exe[2664] C:\Windows\syswow64\USER32.dll!SetWindowsHookExW 00000000746c7603 5 bytes JMP 0000000172a52be9 .text K:\Programy\Malwarebytes Anti-Malware\mbam.exe[2664] C:\Windows\syswow64\USER32.dll!SetWindowTextA 00000000746c7aee 5 bytes JMP 0000000172a55c01 .text K:\Programy\Malwarebytes Anti-Malware\mbam.exe[2664] C:\Windows\syswow64\USER32.dll!SetWindowsHookExA 00000000746c835c 5 bytes JMP 0000000172a52b51 .text K:\Programy\Malwarebytes Anti-Malware\mbam.exe[2664] C:\Windows\syswow64\USER32.dll!DialogBoxIndirectParamAorW 00000000746dce54 5 bytes JMP 0000000172a55a39 .text K:\Programy\Malwarebytes Anti-Malware\mbam.exe[2664] C:\Windows\syswow64\USER32.dll!UnhookWindowsHookEx 00000000746df52b 5 bytes JMP 0000000172a54c91 .text K:\Programy\Malwarebytes Anti-Malware\mbam.exe[2664] C:\Windows\syswow64\USER32.dll!FindWindowExW 00000000746df588 5 bytes JMP 0000000172a56321 .text K:\Programy\Malwarebytes Anti-Malware\mbam.exe[2664] C:\Windows\syswow64\USER32.dll!CreateDialogIndirectParamAorW 00000000746e10a0 5 bytes JMP 0000000172a559a1 .text K:\Programy\Malwarebytes Anti-Malware\mbam.exe[2664] C:\Windows\syswow64\USER32.dll!MessageBoxExA 000000007470fcd6 5 bytes JMP 0000000172a55ad1 .text K:\Programy\Malwarebytes Anti-Malware\mbam.exe[2664] C:\Windows\syswow64\USER32.dll!MessageBoxExW 000000007470fcfa 5 bytes JMP 0000000172a55b69 .text K:\Programy\Malwarebytes Anti-Malware\mbam.exe[2664] C:\Windows\syswow64\SHELL32.dll!Shell_NotifyIconW 00000000748c0171 5 bytes JMP 0000000172a54d29 .text K:\Programy\Malwarebytes Anti-Malware\mbam.exe[2664] C:\Windows\syswow64\WS2_32.dll!closesocket 0000000074863918 5 bytes JMP 0000000172a55dc9 .text K:\Programy\Malwarebytes Anti-Malware\mbam.exe[2664] C:\Windows\syswow64\WS2_32.dll!WSASocketW 0000000074863cd3 5 bytes JMP 0000000172a55d31 .text K:\Programy\Malwarebytes Anti-Malware\mbam.exe[2664] C:\Windows\syswow64\WS2_32.dll!socket 0000000074863eb8 5 bytes JMP 0000000172a566b1 .text K:\Programy\Malwarebytes Anti-Malware\mbam.exe[2664] C:\Windows\syswow64\WS2_32.dll!WSASend 0000000074864406 5 bytes JMP 0000000172a52139 .text K:\Programy\Malwarebytes Anti-Malware\mbam.exe[2664] C:\Windows\syswow64\WS2_32.dll!GetAddrInfoW 0000000074864889 5 bytes JMP 0000000172a556a9 .text K:\Programy\Malwarebytes Anti-Malware\mbam.exe[2664] C:\Windows\syswow64\WS2_32.dll!recv 0000000074866b0e 5 bytes JMP 0000000172a56879 .text K:\Programy\Malwarebytes Anti-Malware\mbam.exe[2664] C:\Windows\syswow64\WS2_32.dll!connect 0000000074866bdd 1 byte JMP 0000000172a541e1 .text K:\Programy\Malwarebytes Anti-Malware\mbam.exe[2664] C:\Windows\syswow64\WS2_32.dll!connect + 2 0000000074866bdf 3 bytes {CALL RBP} .text K:\Programy\Malwarebytes Anti-Malware\mbam.exe[2664] C:\Windows\syswow64\WS2_32.dll!send 0000000074866f01 5 bytes JMP 0000000172a520a1 .text K:\Programy\Malwarebytes Anti-Malware\mbam.exe[2664] C:\Windows\syswow64\WS2_32.dll!WSARecv 0000000074867089 5 bytes JMP 0000000172a56911 .text K:\Programy\Malwarebytes Anti-Malware\mbam.exe[2664] C:\Windows\syswow64\WS2_32.dll!WSAConnect 000000007486cc3f 5 bytes JMP 0000000172a567e1 .text K:\Programy\Malwarebytes Anti-Malware\mbam.exe[2664] C:\Windows\syswow64\WS2_32.dll!gethostbyname 0000000074877673 5 bytes JMP 0000000172a55741 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[2680] C:\Windows\SysWOW64\ntdll.dll!NtWriteFile 0000000076edf928 5 bytes JMP 0000000172a56ca1 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[2680] C:\Windows\SysWOW64\ntdll.dll!NtClose 0000000076edf9e0 5 bytes JMP 0000000172a564e9 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[2680] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationProcess 0000000076edfb28 5 bytes JMP 0000000172a55ef9 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[2680] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess 0000000076edfc20 5 bytes JMP 0000000172a531d9 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[2680] C:\Windows\SysWOW64\ntdll.dll!NtMapViewOfSection 0000000076edfc50 5 bytes JMP 0000000172a515f1 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[2680] C:\Windows\SysWOW64\ntdll.dll!NtUnmapViewOfSection 0000000076edfc80 5 bytes JMP 0000000172a51689 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[2680] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 0000000076edfcb0 5 bytes JMP 0000000172a55e61 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[2680] C:\Windows\SysWOW64\ntdll.dll!NtOpenSection 0000000076edfdc8 5 bytes JMP 0000000172a56c09 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[2680] C:\Windows\SysWOW64\ntdll.dll!NtWriteVirtualMemory 0000000076edfe14 5 bytes JMP 0000000172a530a9 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[2680] C:\Windows\SysWOW64\ntdll.dll!NtDuplicateObject 0000000076edfe44 5 bytes JMP 0000000172a53309 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[2680] C:\Windows\SysWOW64\ntdll.dll!NtQueueApcThread 0000000076edff24 5 bytes JMP 0000000172a53271 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[2680] C:\Windows\SysWOW64\ntdll.dll!NtCreateSection 0000000076edffa4 5 bytes JMP 0000000172a56d39 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[2680] C:\Windows\SysWOW64\ntdll.dll!NtCreateProcessEx 0000000076edffec 5 bytes JMP 0000000172a52ee1 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[2680] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread 0000000076ee0004 5 bytes JMP 0000000172a52db1 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[2680] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile 0000000076ee00b4 5 bytes JMP 0000000172a51ed9 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[2680] C:\Windows\SysWOW64\ntdll.dll!NtSetValueKey 0000000076ee01c4 5 bytes JMP 0000000172a52301 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[2680] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant 0000000076ee079c 5 bytes JMP 0000000172a56b71 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[2680] C:\Windows\SysWOW64\ntdll.dll!NtCreateProcess 0000000076ee0814 5 bytes JMP 0000000172a52e49 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[2680] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx 0000000076ee08a4 5 bytes JMP 0000000172a52d19 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[2680] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver 0000000076ee0df4 5 bytes JMP 0000000172a56581 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[2680] C:\Windows\SysWOW64\ntdll.dll!NtRaiseHardError 0000000076ee1604 5 bytes JMP 0000000172a54ac9 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[2680] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread 0000000076ee1920 5 bytes JMP 0000000172a53141 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[2680] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation 0000000076ee1be4 5 bytes JMP 0000000172a56619 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[2680] C:\Windows\SysWOW64\ntdll.dll!NtSuspendProcess 0000000076ee1d54 5 bytes JMP 0000000172a53439 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[2680] C:\Windows\SysWOW64\ntdll.dll!NtSuspendThread 0000000076ee1d70 5 bytes JMP 0000000172a533a1 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[2680] C:\Windows\SysWOW64\ntdll.dll!NtSystemDebugControl 0000000076ee1d8c 5 bytes JMP 0000000172a56dd1 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[2680] C:\Windows\SysWOW64\ntdll.dll!NtVdmControl 0000000076ee1ee8 5 bytes JMP 0000000172a569a9 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[2680] C:\Windows\SysWOW64\ntdll.dll!RtlQueryPerformanceCounter 0000000076ef88c4 5 bytes JMP 0000000172a51ab1 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[2680] C:\Windows\SysWOW64\ntdll.dll!RtlCreateProcessParametersEx 0000000076f20d3b 5 bytes JMP 0000000172a52009 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[2680] C:\Windows\SysWOW64\ntdll.dll!RtlReportException 0000000076f6860f 5 bytes JMP 0000000172a54b61 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[2680] C:\Windows\SysWOW64\ntdll.dll!RtlCreateProcessParameters 0000000076f6e8ab 5 bytes JMP 0000000172a51f71 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[2680] C:\Windows\syswow64\kernel32.dll!GetStartupInfoA 00000000755f0e00 5 bytes JMP 0000000172a51da9 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[2680] C:\Windows\syswow64\kernel32.dll!CreateProcessA 00000000755f1072 5 bytes JMP 0000000172a52a21 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[2680] C:\Windows\syswow64\kernel32.dll!LoadLibraryA 00000000755f49bf 5 bytes JMP 0000000172a525f9 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[2680] C:\Windows\syswow64\kernel32.dll!CreateProcessInternalW 0000000075603bdb 5 bytes JMP 0000000172a53011 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[2680] C:\Windows\syswow64\kernel32.dll!CreateToolhelp32Snapshot 0000000075617347 5 bytes JMP 0000000172a52729 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[2680] C:\Windows\syswow64\kernel32.dll!Process32NextW 0000000075618954 5 bytes JMP 0000000172a56451 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[2680] C:\Windows\syswow64\kernel32.dll!WinExec 0000000075672c91 5 bytes JMP 0000000172a528f1 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[2680] C:\Windows\syswow64\kernel32.dll!ReadConsoleInputA 0000000075696f6b 5 bytes JMP 0000000172a546a1 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[2680] C:\Windows\syswow64\kernel32.dll!ReadConsoleInputW 0000000075696f8e 5 bytes JMP 0000000172a547d1 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[2680] C:\Windows\syswow64\kernel32.dll!ReadConsoleA 0000000075697339 5 bytes JMP 0000000172a54901 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[2680] C:\Windows\syswow64\kernel32.dll!ReadConsoleW 00000000756973b2 5 bytes JMP 0000000172a54a31 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[2680] C:\Windows\syswow64\KERNELBASE.dll!GetSystemTimeAsFileTime 0000000076308f7d 5 bytes JMP 0000000172a51a19 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[2680] C:\Windows\syswow64\KERNELBASE.dll!CloseHandle 000000007630c428 5 bytes JMP 0000000172a53b59 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[2680] C:\Windows\syswow64\KERNELBASE.dll!WriteProcessMemory 000000007630ec98 5 bytes JMP 0000000172a53601 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[2680] C:\Windows\syswow64\KERNELBASE.dll!ExitProcess 000000007630f1f8 5 bytes JMP 0000000172a52399 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[2680] C:\Windows\syswow64\KERNELBASE.dll!GetStartupInfoW 000000007630fa7b 5 bytes JMP 0000000172a51e41 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[2680] C:\Windows\syswow64\KERNELBASE.dll!CreateMutexW 000000007631134a 5 bytes JMP 0000000172a53ac1 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[2680] C:\Windows\syswow64\KERNELBASE.dll!OpenMutexW 0000000076311371 5 bytes JMP 0000000172a53a29 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[2680] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000076311d1b 5 bytes JMP 0000000172a51981 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[2680] C:\Windows\syswow64\KERNELBASE.dll!GetProcAddress 0000000076311e07 5 bytes JMP 0000000172a524c9 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[2680] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000076312aa4 5 bytes JMP 0000000172a56029 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[2680] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExA 0000000076312ccc 5 bytes JMP 0000000172a55f91 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[2680] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000076312d0a 5 bytes JMP 0000000172a560c1 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[2680] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleA 0000000076312e6d 5 bytes JMP 0000000172a518e9 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[2680] C:\Windows\syswow64\KERNELBASE.dll!SleepEx 0000000076313b63 5 bytes JMP 0000000172a52269 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[2680] C:\Windows\syswow64\KERNELBASE.dll!Sleep 0000000076314489 5 bytes JMP 0000000172a52431 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[2680] C:\Windows\syswow64\KERNELBASE.dll!CreateThread 00000000763145fb 5 bytes JMP 0000000172a53569 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[2680] C:\Windows\syswow64\KERNELBASE.dll!CreateRemoteThread 0000000076314624 5 bytes JMP 0000000172a52c81 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[2680] C:\Windows\syswow64\KERNELBASE.dll!CreateFileA 000000007631c72c 5 bytes JMP 0000000172a527c1 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[2680] C:\Windows\syswow64\msvcrt.dll!_lock + 41 0000000075ada472 5 bytes JMP 0000000172a56e69 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[2680] C:\Windows\syswow64\msvcrt.dll!__p__fmode 0000000075ae27ce 5 bytes JMP 0000000172a51be1 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[2680] C:\Windows\syswow64\msvcrt.dll!__p__environ 0000000075aee6cf 5 bytes JMP 0000000172a51b49 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[2680] C:\Windows\syswow64\WS2_32.dll!closesocket 0000000074863918 5 bytes JMP 0000000172a55dc9 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[2680] C:\Windows\syswow64\WS2_32.dll!WSASocketW 0000000074863cd3 5 bytes JMP 0000000172a55d31 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[2680] C:\Windows\syswow64\WS2_32.dll!socket 0000000074863eb8 5 bytes JMP 0000000172a566b1 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[2680] C:\Windows\syswow64\WS2_32.dll!WSASend 0000000074864406 5 bytes JMP 0000000172a52139 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[2680] C:\Windows\syswow64\WS2_32.dll!GetAddrInfoW 0000000074864889 5 bytes JMP 0000000172a556a9 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[2680] C:\Windows\syswow64\WS2_32.dll!recv 0000000074866b0e 5 bytes JMP 0000000172a56879 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[2680] C:\Windows\syswow64\WS2_32.dll!connect 0000000074866bdd 1 byte JMP 0000000172a541e1 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[2680] C:\Windows\syswow64\WS2_32.dll!connect + 2 0000000074866bdf 3 bytes {CALL RBP} .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[2680] C:\Windows\syswow64\WS2_32.dll!send 0000000074866f01 5 bytes JMP 0000000172a520a1 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[2680] C:\Windows\syswow64\WS2_32.dll!WSARecv 0000000074867089 5 bytes JMP 0000000172a56911 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[2680] C:\Windows\syswow64\WS2_32.dll!WSAConnect 000000007486cc3f 5 bytes JMP 0000000172a567e1 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[2680] C:\Windows\syswow64\WS2_32.dll!gethostbyname 0000000074877673 5 bytes JMP 0000000172a55741 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[2680] C:\Windows\syswow64\USER32.dll!GetMessageW 00000000746b78e2 5 bytes JMP 0000000172a54441 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[2680] C:\Windows\syswow64\USER32.dll!GetMessageA 00000000746b7bd3 5 bytes JMP 0000000172a543a9 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[2680] C:\Windows\syswow64\USER32.dll!CreateWindowExW 00000000746b8a29 5 bytes JMP 0000000172a557d9 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[2680] C:\Windows\syswow64\USER32.dll!FindWindowW 00000000746b98fd 5 bytes JMP 0000000172a56289 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[2680] C:\Windows\syswow64\USER32.dll!UserClientDllInitialize 00000000746bb6ed 5 bytes JMP 0000000172a56f99 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[2680] C:\Windows\syswow64\USER32.dll!CreateWindowExA 00000000746bd22e 5 bytes JMP 0000000172a55871 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[2680] C:\Windows\syswow64\USER32.dll!SetWinEventHook 00000000746bee09 5 bytes JMP 0000000172a534d1 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[2680] C:\Windows\syswow64\USER32.dll!FindWindowA 00000000746bffe6 5 bytes JMP 0000000172a56159 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[2680] C:\Windows\syswow64\USER32.dll!FindWindowExA 00000000746c00d9 5 bytes JMP 0000000172a561f1 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[2680] C:\Windows\syswow64\USER32.dll!PeekMessageW 00000000746c05ba 5 bytes JMP 0000000172a54571 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[2680] C:\Windows\syswow64\USER32.dll!ShowWindow 00000000746c0dfb 5 bytes JMP 0000000172a55909 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[2680] C:\Windows\syswow64\USER32.dll!PostMessageW 00000000746c12a5 5 bytes JMP 0000000172a56ad9 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[2680] C:\Windows\syswow64\USER32.dll!SetWindowTextW 00000000746c20ec 5 bytes JMP 0000000172a55c99 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[2680] C:\Windows\syswow64\USER32.dll!PostMessageA 00000000746c3baa 5 bytes JMP 0000000172a56a41 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[2680] C:\Windows\syswow64\USER32.dll!PeekMessageA 00000000746c5f74 5 bytes JMP 0000000172a544d9 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[2680] C:\Windows\syswow64\USER32.dll!CallNextHookEx 00000000746c6285 5 bytes JMP 0000000172a54bf9 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[2680] C:\Windows\syswow64\USER32.dll!SetWindowsHookExW 00000000746c7603 5 bytes JMP 0000000172a52be9 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[2680] C:\Windows\syswow64\USER32.dll!SetWindowTextA 00000000746c7aee 5 bytes JMP 0000000172a55c01 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[2680] C:\Windows\syswow64\USER32.dll!SetWindowsHookExA 00000000746c835c 5 bytes JMP 0000000172a52b51 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[2680] C:\Windows\syswow64\USER32.dll!DialogBoxIndirectParamAorW 00000000746dce54 5 bytes JMP 0000000172a55a39 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[2680] C:\Windows\syswow64\USER32.dll!UnhookWindowsHookEx 00000000746df52b 5 bytes JMP 0000000172a54c91 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[2680] C:\Windows\syswow64\USER32.dll!FindWindowExW 00000000746df588 5 bytes JMP 0000000172a56321 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[2680] C:\Windows\syswow64\USER32.dll!CreateDialogIndirectParamAorW 00000000746e10a0 5 bytes JMP 0000000172a559a1 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[2680] C:\Windows\syswow64\USER32.dll!MessageBoxExA 000000007470fcd6 5 bytes JMP 0000000172a55ad1 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[2680] C:\Windows\syswow64\USER32.dll!MessageBoxExW 000000007470fcfa 5 bytes JMP 0000000172a55b69 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[2680] C:\Windows\syswow64\ADVAPI32.dll!OpenServiceW 0000000075d2ca4c 5 bytes JMP 0000000172a53c89 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[2680] C:\Windows\syswow64\ADVAPI32.dll!OpenServiceA 0000000075d32bf0 5 bytes JMP 0000000172a53bf1 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[2680] C:\Windows\syswow64\ADVAPI32.dll!CloseServiceHandle 0000000075d3369c 5 bytes JMP 0000000172a540b1 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[2680] C:\Windows\syswow64\ADVAPI32.dll!RegOpenKeyExA + 222 0000000075d349e5 5 bytes JMP 0000000172a57031 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[2680] C:\Windows\syswow64\ADVAPI32.dll!CreateServiceW 0000000075d4712c 5 bytes JMP 0000000172a54311 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[2680] C:\Windows\syswow64\ADVAPI32.dll!ControlService 0000000075d47144 5 bytes JMP 0000000172a53e51 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[2680] C:\Windows\syswow64\ADVAPI32.dll!DeleteService 0000000075d4715c 5 bytes JMP 0000000172a53ee9 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[2680] C:\Windows\syswow64\ADVAPI32.dll!ChangeServiceConfigA 0000000075d630e8 5 bytes JMP 0000000172a53f81 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[2680] C:\Windows\syswow64\ADVAPI32.dll!ChangeServiceConfigW 0000000075d630f8 5 bytes JMP 0000000172a54019 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[2680] C:\Windows\syswow64\ADVAPI32.dll!ControlServiceExA 0000000075d63108 5 bytes JMP 0000000172a53d21 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[2680] C:\Windows\syswow64\ADVAPI32.dll!ControlServiceExW 0000000075d63118 5 bytes JMP 0000000172a53db9 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[2680] C:\Windows\syswow64\ADVAPI32.dll!CreateServiceA 0000000075d63158 5 bytes JMP 0000000172a54279 .text C:\Windows\system32\SearchIndexer.exe[3820] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateProcessParametersEx + 1 0000000076d192d1 5 bytes [B8, 39, 69, 1F, 75] .text C:\Windows\system32\SearchIndexer.exe[3820] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateProcessParametersEx + 7 0000000076d192d7 5 bytes [00, 00, 00, 50, C3] .text C:\Windows\system32\SearchIndexer.exe[3820] C:\Windows\SYSTEM32\ntdll.dll!NtWriteFile 0000000076d31330 6 bytes [48, B8, B9, F1, 1F, 75] .text C:\Windows\system32\SearchIndexer.exe[3820] C:\Windows\SYSTEM32\ntdll.dll!NtWriteFile + 8 0000000076d31338 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\SearchIndexer.exe[3820] C:\Windows\SYSTEM32\ntdll.dll!NtClose 0000000076d313a0 6 bytes [48, B8, B9, D5, 1F, 75] .text C:\Windows\system32\SearchIndexer.exe[3820] C:\Windows\SYSTEM32\ntdll.dll!NtClose + 8 0000000076d313a8 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\SearchIndexer.exe[3820] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess 0000000076d31470 6 bytes [48, B8, 79, C2, 1F, 75] .text C:\Windows\system32\SearchIndexer.exe[3820] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess + 8 0000000076d31478 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\SearchIndexer.exe[3820] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000076d31510 6 bytes [48, B8, F9, 32, 1F, 75] .text C:\Windows\system32\SearchIndexer.exe[3820] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess + 8 0000000076d31518 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\SearchIndexer.exe[3820] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 0000000076d31530 6 bytes [48, B8, 39, 1C, 1F, 75] .text C:\Windows\system32\SearchIndexer.exe[3820] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection + 8 0000000076d31538 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\SearchIndexer.exe[3820] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection 0000000076d31550 6 bytes [48, B8, F9, 1D, 1F, 75] .text C:\Windows\system32\SearchIndexer.exe[3820] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection + 8 0000000076d31558 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\SearchIndexer.exe[3820] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076d31570 6 bytes [48, B8, B9, C0, 1F, 75] .text C:\Windows\system32\SearchIndexer.exe[3820] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess + 8 0000000076d31578 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\SearchIndexer.exe[3820] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076d31620 6 bytes [48, B8, 39, EE, 1F, 75] .text C:\Windows\system32\SearchIndexer.exe[3820] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection + 8 0000000076d31628 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\SearchIndexer.exe[3820] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076d31650 6 bytes [48, B8, 79, 2F, 1F, 75] .text C:\Windows\system32\SearchIndexer.exe[3820] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory + 8 0000000076d31658 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\SearchIndexer.exe[3820] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000076d31670 6 bytes [48, B8, 79, 36, 1F, 75] .text C:\Windows\system32\SearchIndexer.exe[3820] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject + 8 0000000076d31678 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\SearchIndexer.exe[3820] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 0000000076d31700 6 bytes [48, B8, B9, 34, 1F, 75] .text C:\Windows\system32\SearchIndexer.exe[3820] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread + 8 0000000076d31708 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\SearchIndexer.exe[3820] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076d31750 6 bytes [48, B8, 79, F3, 1F, 75] .text C:\Windows\system32\SearchIndexer.exe[3820] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection + 8 0000000076d31758 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\SearchIndexer.exe[3820] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcessEx 0000000076d31780 6 bytes [48, B8, 39, 2A, 1F, 75] .text C:\Windows\system32\SearchIndexer.exe[3820] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcessEx + 8 0000000076d31788 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\SearchIndexer.exe[3820] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076d31790 6 bytes [48, B8, B9, 26, 1F, 75] .text C:\Windows\system32\SearchIndexer.exe[3820] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread + 8 0000000076d31798 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\SearchIndexer.exe[3820] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 0000000076d31800 6 bytes [48, B8, F9, EF, 1F, 75] .text C:\Windows\system32\SearchIndexer.exe[3820] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile + 8 0000000076d31808 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\SearchIndexer.exe[3820] C:\Windows\SYSTEM32\ntdll.dll!NtSetValueKey 0000000076d318b0 6 bytes [48, B8, F9, F6, 1F, 75] .text C:\Windows\system32\SearchIndexer.exe[3820] C:\Windows\SYSTEM32\ntdll.dll!NtSetValueKey + 8 0000000076d318b8 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\SearchIndexer.exe[3820] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076d31c80 6 bytes [48, B8, 79, EC, 1F, 75] .text C:\Windows\system32\SearchIndexer.exe[3820] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant + 8 0000000076d31c88 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\SearchIndexer.exe[3820] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcess 0000000076d31cd0 6 bytes [48, B8, 79, 28, 1F, 75] .text C:\Windows\system32\SearchIndexer.exe[3820] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcess + 8 0000000076d31cd8 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\SearchIndexer.exe[3820] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076d31d30 6 bytes [48, B8, F9, 24, 1F, 75] .text C:\Windows\system32\SearchIndexer.exe[3820] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx + 8 0000000076d31d38 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\SearchIndexer.exe[3820] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076d320a0 6 bytes [48, B8, 79, D7, 1F, 75] .text C:\Windows\system32\SearchIndexer.exe[3820] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver + 8 0000000076d320a8 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\SearchIndexer.exe[3820] C:\Windows\SYSTEM32\ntdll.dll!NtRaiseHardError 0000000076d325e0 6 bytes [48, B8, 79, 83, 1F, 75] .text C:\Windows\system32\SearchIndexer.exe[3820] C:\Windows\SYSTEM32\ntdll.dll!NtRaiseHardError + 8 0000000076d325e8 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\SearchIndexer.exe[3820] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076d327e0 6 bytes [48, B8, 39, 31, 1F, 75] .text C:\Windows\system32\SearchIndexer.exe[3820] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread + 8 0000000076d327e8 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\SearchIndexer.exe[3820] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000076d329a0 6 bytes [48, B8, 39, D9, 1F, 75] .text C:\Windows\system32\SearchIndexer.exe[3820] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation + 8 0000000076d329a8 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\SearchIndexer.exe[3820] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000076d32a80 6 bytes [48, B8, 79, 3D, 1F, 75] .text C:\Windows\system32\SearchIndexer.exe[3820] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess + 8 0000000076d32a88 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\SearchIndexer.exe[3820] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000076d32a90 6 bytes [48, B8, B9, 3B, 1F, 75] .text C:\Windows\system32\SearchIndexer.exe[3820] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread + 8 0000000076d32a98 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\SearchIndexer.exe[3820] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076d32aa0 6 bytes [48, B8, 39, F5, 1F, 75] .text C:\Windows\system32\SearchIndexer.exe[3820] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl + 8 0000000076d32aa8 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\SearchIndexer.exe[3820] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000076d32b80 6 bytes [48, B8, 39, E7, 1F, 75] .text C:\Windows\system32\SearchIndexer.exe[3820] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl + 8 0000000076d32b88 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\SearchIndexer.exe[3820] C:\Windows\SYSTEM32\ntdll.dll!RtlReportException + 1 0000000076da3201 11 bytes [B8, 39, 85, 1F, 75, 00, 00, ...] .text C:\Windows\system32\SearchIndexer.exe[3820] C:\Windows\system32\kernel32.dll!Process32NextW + 1 00000000769b20f1 11 bytes [B8, F9, D3, 1F, 75, 00, 00, ...] .text C:\Windows\system32\SearchIndexer.exe[3820] C:\Windows\system32\kernel32.dll!CreateToolhelp32Snapshot 00000000769b21e0 12 bytes [48, B8, F9, 39, 1F, 75, 00, ...] .text C:\Windows\system32\SearchIndexer.exe[3820] C:\Windows\system32\kernel32.dll!CreateProcessInternalW 00000000769ce750 12 bytes [48, B8, B9, 2D, 1F, 75, 00, ...] .text C:\Windows\system32\SearchIndexer.exe[3820] C:\Windows\system32\kernel32.dll!GetStartupInfoA + 1 00000000769d1e31 11 bytes [B8, 79, E5, 1F, 75, 00, 00, ...] .text C:\Windows\system32\SearchIndexer.exe[3820] C:\Windows\system32\kernel32.dll!ReadConsoleInputW + 1 0000000076a05011 11 bytes [B8, B9, 7A, 1F, 75, 00, 00, ...] .text C:\Windows\system32\SearchIndexer.exe[3820] C:\Windows\system32\kernel32.dll!ReadConsoleInputA + 1 0000000076a05031 11 bytes [B8, 39, 77, 1F, 75, 00, 00, ...] .text C:\Windows\system32\SearchIndexer.exe[3820] C:\Windows\system32\kernel32.dll!ReadConsoleW 0000000076a1a560 12 bytes [48, B8, B9, 81, 1F, 75, 00, ...] .text C:\Windows\system32\SearchIndexer.exe[3820] C:\Windows\system32\kernel32.dll!ReadConsoleA 0000000076a1a670 12 bytes [48, B8, 39, 7E, 1F, 75, 00, ...] .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[1124] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateProcessParametersEx + 1 0000000076d192d1 5 bytes [B8, 39, 69, 1F, 75] .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[1124] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateProcessParametersEx + 7 0000000076d192d7 5 bytes [00, 00, 00, 50, C3] .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[1124] C:\Windows\SYSTEM32\ntdll.dll!NtWriteFile 0000000076d31330 6 bytes [48, B8, B9, F1, 1F, 75] .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[1124] C:\Windows\SYSTEM32\ntdll.dll!NtWriteFile + 8 0000000076d31338 4 bytes [00, 00, 50, C3] .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[1124] C:\Windows\SYSTEM32\ntdll.dll!NtClose 0000000076d313a0 6 bytes [48, B8, B9, D5, 1F, 75] .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[1124] C:\Windows\SYSTEM32\ntdll.dll!NtClose + 8 0000000076d313a8 4 bytes [00, 00, 50, C3] .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[1124] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess 0000000076d31470 6 bytes [48, B8, 79, C2, 1F, 75] .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[1124] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess + 8 0000000076d31478 4 bytes [00, 00, 50, C3] .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[1124] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000076d31510 6 bytes [48, B8, F9, 32, 1F, 75] .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[1124] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess + 8 0000000076d31518 4 bytes [00, 00, 50, C3] .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[1124] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 0000000076d31530 6 bytes [48, B8, 39, 1C, 1F, 75] .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[1124] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection + 8 0000000076d31538 4 bytes [00, 00, 50, C3] .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[1124] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection 0000000076d31550 6 bytes [48, B8, F9, 1D, 1F, 75] .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[1124] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection + 8 0000000076d31558 4 bytes [00, 00, 50, C3] .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[1124] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076d31570 6 bytes [48, B8, B9, C0, 1F, 75] .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[1124] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess + 8 0000000076d31578 4 bytes [00, 00, 50, C3] .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[1124] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076d31620 6 bytes [48, B8, 39, EE, 1F, 75] .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[1124] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection + 8 0000000076d31628 4 bytes [00, 00, 50, C3] .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[1124] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076d31650 6 bytes [48, B8, 79, 2F, 1F, 75] .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[1124] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory + 8 0000000076d31658 4 bytes [00, 00, 50, C3] .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[1124] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000076d31670 6 bytes [48, B8, 79, 36, 1F, 75] .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[1124] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject + 8 0000000076d31678 4 bytes [00, 00, 50, C3] .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[1124] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 0000000076d31700 6 bytes [48, B8, B9, 34, 1F, 75] .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[1124] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread + 8 0000000076d31708 4 bytes [00, 00, 50, C3] .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[1124] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076d31750 6 bytes [48, B8, 79, F3, 1F, 75] .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[1124] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection + 8 0000000076d31758 4 bytes [00, 00, 50, C3] .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[1124] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcessEx 0000000076d31780 6 bytes [48, B8, 39, 2A, 1F, 75] .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[1124] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcessEx + 8 0000000076d31788 4 bytes [00, 00, 50, C3] .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[1124] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076d31790 6 bytes [48, B8, B9, 26, 1F, 75] .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[1124] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread + 8 0000000076d31798 4 bytes [00, 00, 50, C3] .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[1124] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 0000000076d31800 6 bytes [48, B8, F9, EF, 1F, 75] .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[1124] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile + 8 0000000076d31808 4 bytes [00, 00, 50, C3] .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[1124] C:\Windows\SYSTEM32\ntdll.dll!NtSetValueKey 0000000076d318b0 6 bytes [48, B8, F9, F6, 1F, 75] .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[1124] C:\Windows\SYSTEM32\ntdll.dll!NtSetValueKey + 8 0000000076d318b8 4 bytes [00, 00, 50, C3] .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[1124] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076d31c80 6 bytes [48, B8, 79, EC, 1F, 75] .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[1124] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant + 8 0000000076d31c88 4 bytes [00, 00, 50, C3] .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[1124] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcess 0000000076d31cd0 6 bytes [48, B8, 79, 28, 1F, 75] .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[1124] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcess + 8 0000000076d31cd8 4 bytes [00, 00, 50, C3] .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[1124] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076d31d30 6 bytes [48, B8, F9, 24, 1F, 75] .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[1124] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx + 8 0000000076d31d38 4 bytes [00, 00, 50, C3] .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[1124] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076d320a0 6 bytes [48, B8, 79, D7, 1F, 75] .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[1124] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver + 8 0000000076d320a8 4 bytes [00, 00, 50, C3] .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[1124] C:\Windows\SYSTEM32\ntdll.dll!NtRaiseHardError 0000000076d325e0 6 bytes [48, B8, 79, 83, 1F, 75] .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[1124] C:\Windows\SYSTEM32\ntdll.dll!NtRaiseHardError + 8 0000000076d325e8 4 bytes [00, 00, 50, C3] .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[1124] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076d327e0 6 bytes [48, B8, 39, 31, 1F, 75] .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[1124] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread + 8 0000000076d327e8 4 bytes [00, 00, 50, C3] .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[1124] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000076d329a0 6 bytes [48, B8, 39, D9, 1F, 75] .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[1124] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation + 8 0000000076d329a8 4 bytes [00, 00, 50, C3] .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[1124] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000076d32a80 6 bytes [48, B8, 79, 3D, 1F, 75] .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[1124] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess + 8 0000000076d32a88 4 bytes [00, 00, 50, C3] .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[1124] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000076d32a90 6 bytes [48, B8, B9, 3B, 1F, 75] .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[1124] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread + 8 0000000076d32a98 4 bytes [00, 00, 50, C3] .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[1124] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076d32aa0 6 bytes [48, B8, 39, F5, 1F, 75] .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[1124] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl + 8 0000000076d32aa8 4 bytes [00, 00, 50, C3] .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[1124] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000076d32b80 6 bytes [48, B8, 39, E7, 1F, 75] .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[1124] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl + 8 0000000076d32b88 4 bytes [00, 00, 50, C3] .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[1124] C:\Windows\SYSTEM32\ntdll.dll!RtlReportException + 1 0000000076da3201 11 bytes [B8, 39, 85, 1F, 75, 00, 00, ...] .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[1124] C:\Windows\system32\kernel32.dll!Process32NextW + 1 00000000769b20f1 11 bytes [B8, F9, D3, 1F, 75, 00, 00, ...] .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[1124] C:\Windows\system32\kernel32.dll!CreateToolhelp32Snapshot 00000000769b21e0 12 bytes [48, B8, F9, 39, 1F, 75, 00, ...] .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[1124] C:\Windows\system32\kernel32.dll!CreateProcessInternalW 00000000769ce750 12 bytes [48, B8, B9, 2D, 1F, 75, 00, ...] .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[1124] C:\Windows\system32\kernel32.dll!GetStartupInfoA + 1 00000000769d1e31 11 bytes [B8, 79, E5, 1F, 75, 00, 00, ...] .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[1124] C:\Windows\system32\kernel32.dll!ReadConsoleInputW + 1 0000000076a05011 11 bytes [B8, B9, 7A, 1F, 75, 00, 00, ...] .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[1124] C:\Windows\system32\kernel32.dll!ReadConsoleInputA + 1 0000000076a05031 11 bytes [B8, 39, 77, 1F, 75, 00, 00, ...] .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[1124] C:\Windows\system32\kernel32.dll!ReadConsoleW 0000000076a1a560 12 bytes [48, B8, B9, 81, 1F, 75, 00, ...] .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[1124] C:\Windows\system32\kernel32.dll!ReadConsoleA 0000000076a1a670 12 bytes [48, B8, 39, 7E, 1F, 75, 00, ...] .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[1124] C:\Windows\system32\KERNELBASE.dll!CloseHandle + 1 000007fefd251861 11 bytes [B8, 79, 52, 1F, 75, 00, 00, ...] .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[1124] C:\Windows\system32\KERNELBASE.dll!GetProcAddress + 1 000007fefd2530f1 11 bytes [B8, 79, C9, 1F, 75, 00, 00, ...] .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[1124] C:\Windows\system32\KERNELBASE.dll!CreateMutexW 000007fefd258b80 12 bytes [48, B8, B9, 50, 1F, 75, 00, ...] .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[1124] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd259940 12 bytes [48, B8, F9, C5, 1F, 75, 00, ...] .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[1124] C:\Windows\system32\KERNELBASE.dll!FreeLibrary + 1 000007fefd259fb1 11 bytes [B8, B9, C7, 1F, 75, 00, 00, ...] .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[1124] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExA + 1 000007fefd25bbb1 11 bytes [B8, 39, C4, 1F, 75, 00, 00, ...] .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[1124] C:\Windows\system32\KERNELBASE.dll!OpenMutexW + 1 000007fefd2629c1 11 bytes [B8, F9, 4E, 1F, 75, 00, 00, ...] .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[1124] C:\Windows\system32\KERNELBASE.dll!WriteProcessMemory 000007fefd284320 12 bytes [48, B8, B9, 42, 1F, 75, 00, ...] .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[1124] C:\Windows\system32\KERNELBASE.dll!CreateRemoteThread + 1 000007fefd292841 8 bytes [B8, 39, 23, 1F, 75, 00, 00, ...] .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[1124] C:\Windows\system32\KERNELBASE.dll!CreateRemoteThread + 10 000007fefd29284a 2 bytes [50, C3] .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[1124] C:\Windows\system32\KERNELBASE.dll!CreateThread + 1 000007fefd292881 11 bytes [B8, F9, 40, 1F, 75, 00, 00, ...] .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[1124] C:\Windows\SYSTEM32\sechost.dll!ControlService + 1 000007fefd7f642d 11 bytes [B8, 39, 5B, 1F, 75, 00, 00, ...] .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[1124] C:\Windows\SYSTEM32\sechost.dll!OpenServiceW 000007fefd7f6484 12 bytes [48, B8, F9, 55, 1F, 75, 00, ...] .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[1124] C:\Windows\SYSTEM32\sechost.dll!CloseServiceHandle + 1 000007fefd7f6519 11 bytes [B8, 39, 62, 1F, 75, 00, 00, ...] .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[1124] C:\Windows\SYSTEM32\sechost.dll!OpenServiceA 000007fefd7f6c34 12 bytes [48, B8, 39, 54, 1F, 75, 00, ...] .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[1124] C:\Windows\SYSTEM32\sechost.dll!DeleteService + 1 000007fefd7f7ab5 11 bytes [B8, F9, 5C, 1F, 75, 00, 00, ...] .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[1124] C:\Windows\SYSTEM32\sechost.dll!ControlServiceExA + 1 000007fefd7f8b01 11 bytes [B8, B9, 57, 1F, 75, 00, 00, ...] .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[1124] C:\Windows\SYSTEM32\sechost.dll!ControlServiceExW + 1 000007fefd7f8c39 11 bytes [B8, 79, 59, 1F, 75, 00, 00, ...] .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[1124] C:\Windows\system32\WS2_32.dll!WSASend + 1 000007fefe0013b1 11 bytes [B8, F9, BE, 1F, 75, 00, 00, ...] .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[1124] C:\Windows\system32\WS2_32.dll!closesocket 000007fefe0018e0 12 bytes [48, B8, 39, BD, 1F, 75, 00, ...] .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[1124] C:\Windows\system32\WS2_32.dll!WSASocketW + 1 000007fefe001bd1 11 bytes [B8, 79, BB, 1F, 75, 00, 00, ...] .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[1124] C:\Windows\system32\WS2_32.dll!WSARecv + 1 000007fefe002201 11 bytes [B8, F9, E1, 1F, 75, 00, 00, ...] .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[1124] C:\Windows\system32\WS2_32.dll!GetAddrInfoW 000007fefe0023c0 12 bytes [48, B8, 79, A6, 1F, 75, 00, ...] .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[1124] C:\Windows\system32\WS2_32.dll!connect 000007fefe0045c0 12 bytes [48, B8, 79, 67, 1F, 75, 00, ...] .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[1124] C:\Windows\system32\WS2_32.dll!send + 1 000007fefe008001 11 bytes [B8, B9, B9, 1F, 75, 00, 00, ...] .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[1124] C:\Windows\system32\WS2_32.dll!gethostbyname 000007fefe008df0 7 bytes [48, B8, 39, A8, 1F, 75, 00] .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[1124] C:\Windows\system32\WS2_32.dll!gethostbyname + 9 000007fefe008df9 3 bytes [00, 50, C3] .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[1124] C:\Windows\system32\WS2_32.dll!socket + 1 000007fefe00de91 11 bytes [B8, F9, DA, 1F, 75, 00, 00, ...] .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[1124] C:\Windows\system32\WS2_32.dll!recv + 1 000007fefe00df41 11 bytes [B8, 39, E0, 1F, 75, 00, 00, ...] .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[1124] C:\Windows\system32\WS2_32.dll!WSAConnect + 1 000007fefe02e0f1 11 bytes [B8, 79, DE, 1F, 75, 00, 00, ...] .text C:\Program Files\Windows Media Player\wmpnetwk.exe[4948] C:\Windows\system32\kernel32.dll!Process32NextW + 1 00000000769b20f1 11 bytes [B8, F9, D3, 1F, 75, 00, 00, ...] .text C:\Program Files\Windows Media Player\wmpnetwk.exe[4948] C:\Windows\system32\kernel32.dll!CreateToolhelp32Snapshot 00000000769b21e0 12 bytes [48, B8, F9, 39, 1F, 75, 00, ...] .text C:\Program Files\Windows Media Player\wmpnetwk.exe[4948] C:\Windows\system32\kernel32.dll!CreateProcessInternalW 00000000769ce750 12 bytes [48, B8, B9, 2D, 1F, 75, 00, ...] .text C:\Program Files\Windows Media Player\wmpnetwk.exe[4948] C:\Windows\system32\kernel32.dll!GetStartupInfoA + 1 00000000769d1e31 11 bytes [B8, 79, E5, 1F, 75, 00, 00, ...] .text C:\Program Files\Windows Media Player\wmpnetwk.exe[4948] C:\Windows\system32\kernel32.dll!ReadConsoleInputW + 1 0000000076a05011 11 bytes [B8, B9, 7A, 1F, 75, 00, 00, ...] .text C:\Program Files\Windows Media Player\wmpnetwk.exe[4948] C:\Windows\system32\kernel32.dll!ReadConsoleInputA + 1 0000000076a05031 11 bytes [B8, 39, 77, 1F, 75, 00, 00, ...] .text C:\Program Files\Windows Media Player\wmpnetwk.exe[4948] C:\Windows\system32\kernel32.dll!ReadConsoleW 0000000076a1a560 12 bytes [48, B8, B9, 81, 1F, 75, 00, ...] .text C:\Program Files\Windows Media Player\wmpnetwk.exe[4948] C:\Windows\system32\kernel32.dll!ReadConsoleA 0000000076a1a670 12 bytes [48, B8, 39, 7E, 1F, 75, 00, ...] .text C:\Program Files\Windows Media Player\wmpnetwk.exe[4948] C:\Windows\system32\KERNELBASE.dll!CloseHandle + 1 000007fefd251861 11 bytes [B8, 79, 52, 1F, 75, 00, 00, ...] .text C:\Program Files\Windows Media Player\wmpnetwk.exe[4948] C:\Windows\system32\KERNELBASE.dll!GetProcAddress + 1 000007fefd2530f1 11 bytes [B8, 79, C9, 1F, 75, 00, 00, ...] .text C:\Program Files\Windows Media Player\wmpnetwk.exe[4948] C:\Windows\system32\KERNELBASE.dll!CreateMutexW 000007fefd258b80 12 bytes [48, B8, B9, 50, 1F, 75, 00, ...] .text C:\Program Files\Windows Media Player\wmpnetwk.exe[4948] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd259940 12 bytes [48, B8, F9, C5, 1F, 75, 00, ...] .text C:\Program Files\Windows Media Player\wmpnetwk.exe[4948] C:\Windows\system32\KERNELBASE.dll!FreeLibrary + 1 000007fefd259fb1 11 bytes [B8, B9, C7, 1F, 75, 00, 00, ...] .text C:\Program Files\Windows Media Player\wmpnetwk.exe[4948] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExA + 1 000007fefd25bbb1 11 bytes [B8, 39, C4, 1F, 75, 00, 00, ...] .text C:\Program Files\Windows Media Player\wmpnetwk.exe[4948] C:\Windows\system32\KERNELBASE.dll!OpenMutexW + 1 000007fefd2629c1 11 bytes [B8, F9, 4E, 1F, 75, 00, 00, ...] .text C:\Program Files\Windows Media Player\wmpnetwk.exe[4948] C:\Windows\system32\KERNELBASE.dll!WriteProcessMemory 000007fefd284320 12 bytes [48, B8, B9, 42, 1F, 75, 00, ...] .text C:\Program Files\Windows Media Player\wmpnetwk.exe[4948] C:\Windows\system32\KERNELBASE.dll!CreateRemoteThread + 1 000007fefd292841 8 bytes [B8, 39, 23, 1F, 75, 00, 00, ...] .text C:\Program Files\Windows Media Player\wmpnetwk.exe[4948] C:\Windows\system32\KERNELBASE.dll!CreateRemoteThread + 10 000007fefd29284a 2 bytes [50, C3] .text C:\Program Files\Windows Media Player\wmpnetwk.exe[4948] C:\Windows\system32\KERNELBASE.dll!CreateThread + 1 000007fefd292881 11 bytes [B8, F9, 40, 1F, 75, 00, 00, ...] .text C:\Program Files\Windows Media Player\wmpnetwk.exe[4948] C:\Windows\system32\WS2_32.dll!WSASend + 1 000007fefe0013b1 11 bytes [B8, F9, BE, 1F, 75, 00, 00, ...] .text C:\Program Files\Windows Media Player\wmpnetwk.exe[4948] C:\Windows\system32\WS2_32.dll!closesocket 000007fefe0018e0 12 bytes [48, B8, 39, BD, 1F, 75, 00, ...] .text C:\Program Files\Windows Media Player\wmpnetwk.exe[4948] C:\Windows\system32\WS2_32.dll!WSASocketW + 1 000007fefe001bd1 11 bytes [B8, 79, BB, 1F, 75, 00, 00, ...] .text C:\Program Files\Windows Media Player\wmpnetwk.exe[4948] C:\Windows\system32\WS2_32.dll!WSARecv + 1 000007fefe002201 11 bytes [B8, F9, E1, 1F, 75, 00, 00, ...] .text C:\Program Files\Windows Media Player\wmpnetwk.exe[4948] C:\Windows\system32\WS2_32.dll!GetAddrInfoW 000007fefe0023c0 12 bytes [48, B8, 79, A6, 1F, 75, 00, ...] .text C:\Program Files\Windows Media Player\wmpnetwk.exe[4948] C:\Windows\system32\WS2_32.dll!connect 000007fefe0045c0 12 bytes [48, B8, 79, 67, 1F, 75, 00, ...] .text C:\Program Files\Windows Media Player\wmpnetwk.exe[4948] C:\Windows\system32\WS2_32.dll!send + 1 000007fefe008001 11 bytes [B8, B9, B9, 1F, 75, 00, 00, ...] .text C:\Program Files\Windows Media Player\wmpnetwk.exe[4948] C:\Windows\system32\WS2_32.dll!gethostbyname 000007fefe008df0 7 bytes [48, B8, 39, A8, 1F, 75, 00] .text C:\Program Files\Windows Media Player\wmpnetwk.exe[4948] C:\Windows\system32\WS2_32.dll!gethostbyname + 9 000007fefe008df9 3 bytes [00, 50, C3] .text C:\Program Files\Windows Media Player\wmpnetwk.exe[4948] C:\Windows\system32\WS2_32.dll!socket + 1 000007fefe00de91 11 bytes [B8, F9, DA, 1F, 75, 00, 00, ...] .text C:\Program Files\Windows Media Player\wmpnetwk.exe[4948] C:\Windows\system32\WS2_32.dll!recv + 1 000007fefe00df41 11 bytes [B8, 39, E0, 1F, 75, 00, 00, ...] .text C:\Program Files\Windows Media Player\wmpnetwk.exe[4948] C:\Windows\system32\WS2_32.dll!WSAConnect + 1 000007fefe02e0f1 11 bytes [B8, 79, DE, 1F, 75, 00, 00, ...] .text C:\Windows\System32\svchost.exe[4100] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateProcessParametersEx + 1 0000000076d192d1 5 bytes [B8, 39, 69, 1F, 75] .text C:\Windows\System32\svchost.exe[4100] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateProcessParametersEx + 7 0000000076d192d7 5 bytes [00, 00, 00, 50, C3] .text C:\Windows\System32\svchost.exe[4100] C:\Windows\SYSTEM32\ntdll.dll!NtWriteFile 0000000076d31330 6 bytes [48, B8, 79, EC, 1F, 75] .text C:\Windows\System32\svchost.exe[4100] C:\Windows\SYSTEM32\ntdll.dll!NtWriteFile + 8 0000000076d31338 4 bytes [00, 00, 50, C3] .text C:\Windows\System32\svchost.exe[4100] C:\Windows\SYSTEM32\ntdll.dll!NtClose 0000000076d313a0 6 bytes [48, B8, B9, D5, 1F, 75] .text C:\Windows\System32\svchost.exe[4100] C:\Windows\SYSTEM32\ntdll.dll!NtClose + 8 0000000076d313a8 4 bytes [00, 00, 50, C3] .text C:\Windows\System32\svchost.exe[4100] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess 0000000076d31470 6 bytes [48, B8, 79, C2, 1F, 75] .text C:\Windows\System32\svchost.exe[4100] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess + 8 0000000076d31478 4 bytes [00, 00, 50, C3] .text C:\Windows\System32\svchost.exe[4100] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000076d31510 6 bytes [48, B8, F9, 32, 1F, 75] .text C:\Windows\System32\svchost.exe[4100] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess + 8 0000000076d31518 4 bytes [00, 00, 50, C3] .text C:\Windows\System32\svchost.exe[4100] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 0000000076d31530 6 bytes [48, B8, 39, 1C, 1F, 75] .text C:\Windows\System32\svchost.exe[4100] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection + 8 0000000076d31538 4 bytes [00, 00, 50, C3] .text C:\Windows\System32\svchost.exe[4100] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection 0000000076d31550 6 bytes [48, B8, F9, 1D, 1F, 75] .text C:\Windows\System32\svchost.exe[4100] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection + 8 0000000076d31558 4 bytes [00, 00, 50, C3] .text C:\Windows\System32\svchost.exe[4100] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076d31570 6 bytes [48, B8, B9, C0, 1F, 75] .text C:\Windows\System32\svchost.exe[4100] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess + 8 0000000076d31578 4 bytes [00, 00, 50, C3] .text C:\Windows\System32\svchost.exe[4100] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076d31620 6 bytes [48, B8, F9, E8, 1F, 75] .text C:\Windows\System32\svchost.exe[4100] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection + 8 0000000076d31628 4 bytes [00, 00, 50, C3] .text C:\Windows\System32\svchost.exe[4100] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076d31650 6 bytes [48, B8, 79, 2F, 1F, 75] .text C:\Windows\System32\svchost.exe[4100] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory + 8 0000000076d31658 4 bytes [00, 00, 50, C3] .text C:\Windows\System32\svchost.exe[4100] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000076d31670 6 bytes [48, B8, 79, 36, 1F, 75] .text C:\Windows\System32\svchost.exe[4100] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject + 8 0000000076d31678 4 bytes [00, 00, 50, C3] .text C:\Windows\System32\svchost.exe[4100] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 0000000076d31700 6 bytes [48, B8, B9, 34, 1F, 75] .text C:\Windows\System32\svchost.exe[4100] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread + 8 0000000076d31708 4 bytes [00, 00, 50, C3] .text C:\Windows\System32\svchost.exe[4100] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076d31750 6 bytes [48, B8, 39, EE, 1F, 75] .text C:\Windows\System32\svchost.exe[4100] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection + 8 0000000076d31758 4 bytes [00, 00, 50, C3] .text C:\Windows\System32\svchost.exe[4100] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcessEx 0000000076d31780 6 bytes [48, B8, 39, 2A, 1F, 75] .text C:\Windows\System32\svchost.exe[4100] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcessEx + 8 0000000076d31788 4 bytes [00, 00, 50, C3] .text C:\Windows\System32\svchost.exe[4100] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076d31790 6 bytes [48, B8, B9, 26, 1F, 75] .text C:\Windows\System32\svchost.exe[4100] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread + 8 0000000076d31798 4 bytes [00, 00, 50, C3] .text C:\Windows\System32\svchost.exe[4100] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 0000000076d31800 6 bytes [48, B8, B9, EA, 1F, 75] .text C:\Windows\System32\svchost.exe[4100] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile + 8 0000000076d31808 4 bytes [00, 00, 50, C3] .text C:\Windows\System32\svchost.exe[4100] C:\Windows\SYSTEM32\ntdll.dll!NtSetValueKey 0000000076d318b0 6 bytes [48, B8, B9, F1, 1F, 75] .text C:\Windows\System32\svchost.exe[4100] C:\Windows\SYSTEM32\ntdll.dll!NtSetValueKey + 8 0000000076d318b8 4 bytes [00, 00, 50, C3] .text C:\Windows\System32\svchost.exe[4100] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076d31c80 6 bytes [48, B8, 39, E7, 1F, 75] .text C:\Windows\System32\svchost.exe[4100] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant + 8 0000000076d31c88 4 bytes [00, 00, 50, C3] .text C:\Windows\System32\svchost.exe[4100] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcess 0000000076d31cd0 6 bytes [48, B8, 79, 28, 1F, 75] .text C:\Windows\System32\svchost.exe[4100] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcess + 8 0000000076d31cd8 4 bytes [00, 00, 50, C3] .text C:\Windows\System32\svchost.exe[4100] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076d31d30 6 bytes [48, B8, F9, 24, 1F, 75] .text C:\Windows\System32\svchost.exe[4100] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx + 8 0000000076d31d38 4 bytes [00, 00, 50, C3] .text C:\Windows\System32\svchost.exe[4100] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076d320a0 6 bytes [48, B8, 79, D7, 1F, 75] .text C:\Windows\System32\svchost.exe[4100] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver + 8 0000000076d320a8 4 bytes [00, 00, 50, C3] .text C:\Windows\System32\svchost.exe[4100] C:\Windows\SYSTEM32\ntdll.dll!NtRaiseHardError 0000000076d325e0 6 bytes [48, B8, 79, 83, 1F, 75] .text C:\Windows\System32\svchost.exe[4100] C:\Windows\SYSTEM32\ntdll.dll!NtRaiseHardError + 8 0000000076d325e8 4 bytes [00, 00, 50, C3] .text C:\Windows\System32\svchost.exe[4100] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076d327e0 6 bytes [48, B8, 39, 31, 1F, 75] .text C:\Windows\System32\svchost.exe[4100] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread + 8 0000000076d327e8 4 bytes [00, 00, 50, C3] .text C:\Windows\System32\svchost.exe[4100] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000076d329a0 6 bytes [48, B8, 39, D9, 1F, 75] .text C:\Windows\System32\svchost.exe[4100] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation + 8 0000000076d329a8 4 bytes [00, 00, 50, C3] .text C:\Windows\System32\svchost.exe[4100] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000076d32a80 6 bytes [48, B8, 79, 3D, 1F, 75] .text C:\Windows\System32\svchost.exe[4100] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess + 8 0000000076d32a88 4 bytes [00, 00, 50, C3] .text C:\Windows\System32\svchost.exe[4100] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000076d32a90 6 bytes [48, B8, B9, 3B, 1F, 75] .text C:\Windows\System32\svchost.exe[4100] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread + 8 0000000076d32a98 4 bytes [00, 00, 50, C3] .text C:\Windows\System32\svchost.exe[4100] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076d32aa0 6 bytes [48, B8, F9, EF, 1F, 75] .text C:\Windows\System32\svchost.exe[4100] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl + 8 0000000076d32aa8 4 bytes [00, 00, 50, C3] .text C:\Windows\System32\svchost.exe[4100] C:\Windows\SYSTEM32\ntdll.dll!RtlReportException + 1 0000000076da3201 11 bytes [B8, 39, 85, 1F, 75, 00, 00, ...] .text C:\Windows\System32\svchost.exe[4100] C:\Windows\system32\KERNELBASE.dll!CloseHandle + 1 000007fefd251861 11 bytes [B8, 79, 52, 1F, 75, 00, 00, ...] .text C:\Windows\System32\svchost.exe[4100] C:\Windows\system32\KERNELBASE.dll!GetProcAddress + 1 000007fefd2530f1 11 bytes [B8, 79, C9, 1F, 75, 00, 00, ...] .text C:\Windows\System32\svchost.exe[4100] C:\Windows\system32\KERNELBASE.dll!CreateMutexW 000007fefd258b80 12 bytes [48, B8, B9, 50, 1F, 75, 00, ...] .text C:\Windows\System32\svchost.exe[4100] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd259940 12 bytes [48, B8, F9, C5, 1F, 75, 00, ...] .text C:\Windows\System32\svchost.exe[4100] C:\Windows\system32\KERNELBASE.dll!FreeLibrary + 1 000007fefd259fb1 11 bytes [B8, B9, C7, 1F, 75, 00, 00, ...] .text C:\Windows\System32\svchost.exe[4100] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExA + 1 000007fefd25bbb1 11 bytes [B8, 39, C4, 1F, 75, 00, 00, ...] .text C:\Windows\System32\svchost.exe[4100] C:\Windows\system32\KERNELBASE.dll!OpenMutexW + 1 000007fefd2629c1 11 bytes [B8, F9, 4E, 1F, 75, 00, 00, ...] .text C:\Windows\System32\svchost.exe[4100] C:\Windows\system32\KERNELBASE.dll!WriteProcessMemory 000007fefd284320 12 bytes [48, B8, B9, 42, 1F, 75, 00, ...] .text C:\Windows\System32\svchost.exe[4100] C:\Windows\system32\KERNELBASE.dll!CreateRemoteThread + 1 000007fefd292841 8 bytes [B8, 39, 23, 1F, 75, 00, 00, ...] .text C:\Windows\System32\svchost.exe[4100] C:\Windows\system32\KERNELBASE.dll!CreateRemoteThread + 10 000007fefd29284a 2 bytes [50, C3] .text C:\Windows\System32\svchost.exe[4100] C:\Windows\system32\KERNELBASE.dll!CreateThread + 1 000007fefd292881 11 bytes [B8, F9, 40, 1F, 75, 00, 00, ...] .text C:\Windows\explorer.exe[676] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateProcessParametersEx + 1 0000000076d192d1 5 bytes [B8, F9, 55, 1F, 75] .text C:\Windows\explorer.exe[676] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateProcessParametersEx + 7 0000000076d192d7 5 bytes [00, 00, 00, 50, C3] .text C:\Windows\explorer.exe[676] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess 0000000076d31470 6 bytes [48, B8, F9, 5C, 1F, 75] .text C:\Windows\explorer.exe[676] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess + 8 0000000076d31478 4 bytes [00, 00, 50, C3] .text C:\Windows\explorer.exe[676] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000076d31510 6 bytes [48, B8, F9, 32, 1F, 75] .text C:\Windows\explorer.exe[676] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess + 8 0000000076d31518 4 bytes [00, 00, 50, C3] .text C:\Windows\explorer.exe[676] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 0000000076d31530 6 bytes [48, B8, 39, 1C, 1F, 75] .text C:\Windows\explorer.exe[676] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection + 8 0000000076d31538 4 bytes [00, 00, 50, C3] .text C:\Windows\explorer.exe[676] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection 0000000076d31550 6 bytes [48, B8, F9, 1D, 1F, 75] .text C:\Windows\explorer.exe[676] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection + 8 0000000076d31558 4 bytes [00, 00, 50, C3] .text C:\Windows\explorer.exe[676] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076d31570 6 bytes [48, B8, 39, 5B, 1F, 75] .text C:\Windows\explorer.exe[676] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess + 8 0000000076d31578 4 bytes [00, 00, 50, C3] .text C:\Windows\explorer.exe[676] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076d31620 6 bytes [48, B8, 39, 70, 1F, 75] .text C:\Windows\explorer.exe[676] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection + 8 0000000076d31628 4 bytes [00, 00, 50, C3] .text C:\Windows\explorer.exe[676] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076d31650 6 bytes [48, B8, 79, 2F, 1F, 75] .text C:\Windows\explorer.exe[676] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory + 8 0000000076d31658 4 bytes [00, 00, 50, C3] .text C:\Windows\explorer.exe[676] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000076d31670 6 bytes [48, B8, 79, 36, 1F, 75] .text C:\Windows\explorer.exe[676] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject + 8 0000000076d31678 4 bytes [00, 00, 50, C3] .text C:\Windows\explorer.exe[676] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 0000000076d31700 6 bytes [48, B8, B9, 34, 1F, 75] .text C:\Windows\explorer.exe[676] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread + 8 0000000076d31708 4 bytes [00, 00, 50, C3] .text C:\Windows\explorer.exe[676] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076d31750 6 bytes [48, B8, F9, 71, 1F, 75] .text C:\Windows\explorer.exe[676] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection + 8 0000000076d31758 4 bytes [00, 00, 50, C3] .text C:\Windows\explorer.exe[676] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcessEx 0000000076d31780 6 bytes [48, B8, 39, 2A, 1F, 75] .text C:\Windows\explorer.exe[676] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcessEx + 8 0000000076d31788 4 bytes [00, 00, 50, C3] .text C:\Windows\explorer.exe[676] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076d31790 6 bytes [48, B8, B9, 26, 1F, 75] .text C:\Windows\explorer.exe[676] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread + 8 0000000076d31798 4 bytes [00, 00, 50, C3] .text C:\Windows\explorer.exe[676] C:\Windows\SYSTEM32\ntdll.dll!NtSetValueKey 0000000076d318b0 6 bytes [48, B8, 79, 75, 1F, 75] .text C:\Windows\explorer.exe[676] C:\Windows\SYSTEM32\ntdll.dll!NtSetValueKey + 8 0000000076d318b8 4 bytes [00, 00, 50, C3] .text C:\Windows\explorer.exe[676] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076d31c80 6 bytes [48, B8, 79, 6E, 1F, 75] .text C:\Windows\explorer.exe[676] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant + 8 0000000076d31c88 4 bytes [00, 00, 50, C3] .text C:\Windows\explorer.exe[676] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcess 0000000076d31cd0 6 bytes [48, B8, 79, 28, 1F, 75] .text C:\Windows\explorer.exe[676] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcess + 8 0000000076d31cd8 4 bytes [00, 00, 50, C3] .text C:\Windows\explorer.exe[676] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076d31d30 6 bytes [48, B8, F9, 24, 1F, 75] .text C:\Windows\explorer.exe[676] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx + 8 0000000076d31d38 4 bytes [00, 00, 50, C3] .text C:\Windows\explorer.exe[676] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076d320a0 6 bytes [48, B8, B9, 5E, 1F, 75] .text C:\Windows\explorer.exe[676] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver + 8 0000000076d320a8 4 bytes [00, 00, 50, C3] .text C:\Windows\explorer.exe[676] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076d327e0 6 bytes [48, B8, 39, 31, 1F, 75] .text C:\Windows\explorer.exe[676] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread + 8 0000000076d327e8 4 bytes [00, 00, 50, C3] .text C:\Windows\explorer.exe[676] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000076d329a0 6 bytes [48, B8, 79, 60, 1F, 75] .text C:\Windows\explorer.exe[676] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation + 8 0000000076d329a8 4 bytes [00, 00, 50, C3] .text C:\Windows\explorer.exe[676] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000076d32a80 6 bytes [48, B8, 79, 3D, 1F, 75] .text C:\Windows\explorer.exe[676] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess + 8 0000000076d32a88 4 bytes [00, 00, 50, C3] .text C:\Windows\explorer.exe[676] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000076d32a90 6 bytes [48, B8, B9, 3B, 1F, 75] .text C:\Windows\explorer.exe[676] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread + 8 0000000076d32a98 4 bytes [00, 00, 50, C3] .text C:\Windows\explorer.exe[676] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076d32aa0 6 bytes [48, B8, B9, 73, 1F, 75] .text C:\Windows\explorer.exe[676] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl + 8 0000000076d32aa8 4 bytes [00, 00, 50, C3] .text C:\Windows\explorer.exe[676] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000076d32b80 6 bytes [48, B8, B9, 65, 1F, 75] .text C:\Windows\explorer.exe[676] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl + 8 0000000076d32b88 4 bytes [00, 00, 50, C3] .text C:\Windows\explorer.exe[676] C:\Windows\system32\kernel32.dll!CreateToolhelp32Snapshot 00000000769b21e0 12 bytes [48, B8, F9, 39, 1F, 75, 00, ...] .text C:\Windows\explorer.exe[676] C:\Windows\system32\kernel32.dll!CreateProcessInternalW 00000000769ce750 12 bytes [48, B8, B9, 2D, 1F, 75, 00, ...] .text C:\Windows\explorer.exe[676] C:\Windows\system32\kernel32.dll!GetStartupInfoA + 1 00000000769d1e31 11 bytes [B8, F9, 63, 1F, 75, 00, 00, ...] .text C:\Windows\explorer.exe[676] C:\Windows\system32\KERNELBASE.dll!WriteProcessMemory 000007fefd284320 12 bytes [48, B8, B9, 42, 1F, 75, 00, ...] .text C:\Windows\explorer.exe[676] C:\Windows\system32\KERNELBASE.dll!CreateRemoteThread + 1 000007fefd292841 8 bytes [B8, 39, 23, 1F, 75, 00, 00, ...] .text C:\Windows\explorer.exe[676] C:\Windows\system32\KERNELBASE.dll!CreateRemoteThread + 10 000007fefd29284a 2 bytes [50, C3] .text C:\Windows\explorer.exe[676] C:\Windows\system32\KERNELBASE.dll!CreateThread + 1 000007fefd292881 11 bytes [B8, F9, 40, 1F, 75, 00, 00, ...] .text C:\Windows\explorer.exe[676] C:\Windows\SYSTEM32\sechost.dll!ControlService + 1 000007fefd7f642d 11 bytes [B8, 79, 4B, 1F, 75, 00, 00, ...] .text C:\Windows\explorer.exe[676] C:\Windows\SYSTEM32\sechost.dll!OpenServiceW 000007fefd7f6484 12 bytes [48, B8, 39, 46, 1F, 75, 00, ...] .text C:\Windows\explorer.exe[676] C:\Windows\SYSTEM32\sechost.dll!CloseServiceHandle + 1 000007fefd7f6519 11 bytes [B8, 79, 52, 1F, 75, 00, 00, ...] .text C:\Windows\explorer.exe[676] C:\Windows\SYSTEM32\sechost.dll!OpenServiceA 000007fefd7f6c34 12 bytes [48, B8, 79, 44, 1F, 75, 00, ...] .text C:\Windows\explorer.exe[676] C:\Windows\SYSTEM32\sechost.dll!DeleteService + 1 000007fefd7f7ab5 11 bytes [B8, 39, 4D, 1F, 75, 00, 00, ...] .text C:\Windows\explorer.exe[676] C:\Windows\SYSTEM32\sechost.dll!ControlServiceExA + 1 000007fefd7f8b01 11 bytes [B8, F9, 47, 1F, 75, 00, 00, ...] .text C:\Windows\explorer.exe[676] C:\Windows\SYSTEM32\sechost.dll!ControlServiceExW + 1 000007fefd7f8c39 11 bytes [B8, B9, 49, 1F, 75, 00, 00, ...] .text C:\Windows\explorer.exe[676] C:\Windows\system32\WS2_32.dll!connect 000007fefe0045c0 12 bytes [48, B8, 39, 54, 1F, 75, 00, ...] .text C:\Windows\System32\rundll32.exe[3848] C:\Windows\system32\KERNELBASE.dll!CloseHandle + 1 000007fefd251861 11 bytes [B8, 39, 54, 1F, 75, 00, 00, ...] .text C:\Windows\System32\rundll32.exe[3848] C:\Windows\system32\KERNELBASE.dll!GetProcAddress + 1 000007fefd2530f1 11 bytes [B8, 79, C9, 1F, 75, 00, 00, ...] .text C:\Windows\System32\rundll32.exe[3848] C:\Windows\system32\KERNELBASE.dll!CreateMutexW 000007fefd258b80 12 bytes [48, B8, 79, 52, 1F, 75, 00, ...] .text C:\Windows\System32\rundll32.exe[3848] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd259940 12 bytes [48, B8, B9, 1F, 1F, 75, 00, ...] .text C:\Windows\System32\rundll32.exe[3848] C:\Windows\system32\KERNELBASE.dll!FreeLibrary + 1 000007fefd259fb1 11 bytes [B8, B9, C7, 1F, 75, 00, 00, ...] .text C:\Windows\System32\rundll32.exe[3848] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExA + 1 000007fefd25bbb1 11 bytes [B8, F9, C5, 1F, 75, 00, 00, ...] .text C:\Windows\System32\rundll32.exe[3848] C:\Windows\system32\KERNELBASE.dll!OpenMutexW + 1 000007fefd2629c1 11 bytes [B8, B9, 50, 1F, 75, 00, 00, ...] .text C:\Windows\System32\rundll32.exe[3848] C:\Windows\system32\KERNELBASE.dll!WriteProcessMemory 000007fefd284320 12 bytes [48, B8, 79, 44, 1F, 75, 00, ...] .text C:\Windows\System32\rundll32.exe[3848] C:\Windows\system32\KERNELBASE.dll!CreateRemoteThread + 1 000007fefd292841 8 bytes [B8, F9, 24, 1F, 75, 00, 00, ...] .text C:\Windows\System32\rundll32.exe[3848] C:\Windows\system32\KERNELBASE.dll!CreateRemoteThread + 10 000007fefd29284a 2 bytes [50, C3] .text C:\Windows\System32\rundll32.exe[3848] C:\Windows\system32\KERNELBASE.dll!CreateThread + 1 000007fefd292881 11 bytes [B8, B9, 42, 1F, 75, 00, 00, ...] .text C:\Windows\system32\taskhost.exe[3568] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateProcessParametersEx + 1 0000000076d192d1 5 bytes [B8, 39, 69, 1F, 75] .text C:\Windows\system32\taskhost.exe[3568] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateProcessParametersEx + 7 0000000076d192d7 5 bytes [00, 00, 00, 50, C3] .text C:\Windows\system32\taskhost.exe[3568] C:\Windows\SYSTEM32\ntdll.dll!NtWriteFile 0000000076d31330 6 bytes [48, B8, B9, F1, 1F, 75] .text C:\Windows\system32\taskhost.exe[3568] C:\Windows\SYSTEM32\ntdll.dll!NtWriteFile + 8 0000000076d31338 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\taskhost.exe[3568] C:\Windows\SYSTEM32\ntdll.dll!NtClose 0000000076d313a0 6 bytes [48, B8, B9, D5, 1F, 75] .text C:\Windows\system32\taskhost.exe[3568] C:\Windows\SYSTEM32\ntdll.dll!NtClose + 8 0000000076d313a8 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\taskhost.exe[3568] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess 0000000076d31470 6 bytes [48, B8, 79, C2, 1F, 75] .text C:\Windows\system32\taskhost.exe[3568] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess + 8 0000000076d31478 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\taskhost.exe[3568] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000076d31510 6 bytes [48, B8, F9, 32, 1F, 75] .text C:\Windows\system32\taskhost.exe[3568] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess + 8 0000000076d31518 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\taskhost.exe[3568] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 0000000076d31530 6 bytes [48, B8, 39, 1C, 1F, 75] .text C:\Windows\system32\taskhost.exe[3568] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection + 8 0000000076d31538 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\taskhost.exe[3568] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection 0000000076d31550 6 bytes [48, B8, F9, 1D, 1F, 75] .text C:\Windows\system32\taskhost.exe[3568] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection + 8 0000000076d31558 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\taskhost.exe[3568] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076d31570 6 bytes [48, B8, B9, C0, 1F, 75] .text C:\Windows\system32\taskhost.exe[3568] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess + 8 0000000076d31578 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\taskhost.exe[3568] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076d31620 6 bytes [48, B8, 39, EE, 1F, 75] .text C:\Windows\system32\taskhost.exe[3568] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection + 8 0000000076d31628 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\taskhost.exe[3568] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076d31650 6 bytes [48, B8, 79, 2F, 1F, 75] .text C:\Windows\system32\taskhost.exe[3568] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory + 8 0000000076d31658 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\taskhost.exe[3568] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000076d31670 6 bytes [48, B8, 79, 36, 1F, 75] .text C:\Windows\system32\taskhost.exe[3568] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject + 8 0000000076d31678 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\taskhost.exe[3568] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 0000000076d31700 6 bytes [48, B8, B9, 34, 1F, 75] .text C:\Windows\system32\taskhost.exe[3568] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread + 8 0000000076d31708 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\taskhost.exe[3568] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076d31750 6 bytes [48, B8, 79, F3, 1F, 75] .text C:\Windows\system32\taskhost.exe[3568] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection + 8 0000000076d31758 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\taskhost.exe[3568] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcessEx 0000000076d31780 6 bytes [48, B8, 39, 2A, 1F, 75] .text C:\Windows\system32\taskhost.exe[3568] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcessEx + 8 0000000076d31788 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\taskhost.exe[3568] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076d31790 6 bytes [48, B8, B9, 26, 1F, 75] .text C:\Windows\system32\taskhost.exe[3568] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread + 8 0000000076d31798 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\taskhost.exe[3568] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 0000000076d31800 6 bytes [48, B8, F9, EF, 1F, 75] .text C:\Windows\system32\taskhost.exe[3568] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile + 8 0000000076d31808 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\taskhost.exe[3568] C:\Windows\SYSTEM32\ntdll.dll!NtSetValueKey 0000000076d318b0 6 bytes [48, B8, F9, F6, 1F, 75] .text C:\Windows\system32\taskhost.exe[3568] C:\Windows\SYSTEM32\ntdll.dll!NtSetValueKey + 8 0000000076d318b8 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\taskhost.exe[3568] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076d31c80 6 bytes [48, B8, 79, EC, 1F, 75] .text C:\Windows\system32\taskhost.exe[3568] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant + 8 0000000076d31c88 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\taskhost.exe[3568] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcess 0000000076d31cd0 6 bytes [48, B8, 79, 28, 1F, 75] .text C:\Windows\system32\taskhost.exe[3568] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcess + 8 0000000076d31cd8 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\taskhost.exe[3568] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076d31d30 6 bytes [48, B8, F9, 24, 1F, 75] .text C:\Windows\system32\taskhost.exe[3568] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx + 8 0000000076d31d38 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\taskhost.exe[3568] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076d320a0 6 bytes [48, B8, 79, D7, 1F, 75] .text C:\Windows\system32\taskhost.exe[3568] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver + 8 0000000076d320a8 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\taskhost.exe[3568] C:\Windows\SYSTEM32\ntdll.dll!NtRaiseHardError 0000000076d325e0 6 bytes [48, B8, 79, 83, 1F, 75] .text C:\Windows\system32\taskhost.exe[3568] C:\Windows\SYSTEM32\ntdll.dll!NtRaiseHardError + 8 0000000076d325e8 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\taskhost.exe[3568] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076d327e0 6 bytes [48, B8, 39, 31, 1F, 75] .text C:\Windows\system32\taskhost.exe[3568] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread + 8 0000000076d327e8 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\taskhost.exe[3568] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000076d329a0 6 bytes [48, B8, 39, D9, 1F, 75] .text C:\Windows\system32\taskhost.exe[3568] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation + 8 0000000076d329a8 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\taskhost.exe[3568] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000076d32a80 6 bytes [48, B8, 79, 3D, 1F, 75] .text C:\Windows\system32\taskhost.exe[3568] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess + 8 0000000076d32a88 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\taskhost.exe[3568] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000076d32a90 6 bytes [48, B8, B9, 3B, 1F, 75] .text C:\Windows\system32\taskhost.exe[3568] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread + 8 0000000076d32a98 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\taskhost.exe[3568] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076d32aa0 6 bytes [48, B8, 39, F5, 1F, 75] .text C:\Windows\system32\taskhost.exe[3568] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl + 8 0000000076d32aa8 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\taskhost.exe[3568] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000076d32b80 6 bytes [48, B8, 39, E7, 1F, 75] .text C:\Windows\system32\taskhost.exe[3568] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl + 8 0000000076d32b88 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\taskhost.exe[3568] C:\Windows\SYSTEM32\ntdll.dll!RtlReportException + 1 0000000076da3201 11 bytes [B8, 39, 85, 1F, 75, 00, 00, ...] .text C:\Windows\system32\taskhost.exe[3568] C:\Windows\system32\kernel32.dll!Process32NextW + 1 00000000769b20f1 11 bytes [B8, F9, D3, 1F, 75, 00, 00, ...] .text C:\Windows\system32\taskhost.exe[3568] C:\Windows\system32\kernel32.dll!CreateToolhelp32Snapshot 00000000769b21e0 12 bytes [48, B8, F9, 39, 1F, 75, 00, ...] .text C:\Windows\system32\taskhost.exe[3568] C:\Windows\system32\kernel32.dll!CreateProcessInternalW 00000000769ce750 12 bytes [48, B8, B9, 2D, 1F, 75, 00, ...] .text C:\Windows\system32\taskhost.exe[3568] C:\Windows\system32\kernel32.dll!GetStartupInfoA + 1 00000000769d1e31 11 bytes [B8, 79, E5, 1F, 75, 00, 00, ...] .text C:\Windows\system32\taskhost.exe[3568] C:\Windows\system32\kernel32.dll!ReadConsoleInputW + 1 0000000076a05011 11 bytes [B8, B9, 7A, 1F, 75, 00, 00, ...] .text C:\Windows\system32\taskhost.exe[3568] C:\Windows\system32\kernel32.dll!ReadConsoleInputA + 1 0000000076a05031 11 bytes [B8, 39, 77, 1F, 75, 00, 00, ...] .text C:\Windows\system32\taskhost.exe[3568] C:\Windows\system32\kernel32.dll!ReadConsoleW 0000000076a1a560 12 bytes [48, B8, B9, 81, 1F, 75, 00, ...] .text C:\Windows\system32\taskhost.exe[3568] C:\Windows\system32\kernel32.dll!ReadConsoleA 0000000076a1a670 12 bytes [48, B8, 39, 7E, 1F, 75, 00, ...] .text C:\Windows\system32\taskhost.exe[3568] C:\Windows\system32\KERNELBASE.dll!CloseHandle + 1 000007fefd251861 11 bytes [B8, 79, 52, 1F, 75, 00, 00, ...] .text C:\Windows\system32\taskhost.exe[3568] C:\Windows\system32\KERNELBASE.dll!GetProcAddress + 1 000007fefd2530f1 11 bytes [B8, 79, C9, 1F, 75, 00, 00, ...] .text C:\Windows\system32\taskhost.exe[3568] C:\Windows\system32\KERNELBASE.dll!CreateMutexW 000007fefd258b80 12 bytes [48, B8, B9, 50, 1F, 75, 00, ...] .text C:\Windows\system32\taskhost.exe[3568] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd259940 12 bytes [48, B8, F9, C5, 1F, 75, 00, ...] .text C:\Windows\system32\taskhost.exe[3568] C:\Windows\system32\KERNELBASE.dll!FreeLibrary + 1 000007fefd259fb1 11 bytes [B8, B9, C7, 1F, 75, 00, 00, ...] .text C:\Windows\system32\taskhost.exe[3568] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExA + 1 000007fefd25bbb1 11 bytes [B8, 39, C4, 1F, 75, 00, 00, ...] .text C:\Windows\system32\taskhost.exe[3568] C:\Windows\system32\KERNELBASE.dll!OpenMutexW + 1 000007fefd2629c1 11 bytes [B8, F9, 4E, 1F, 75, 00, 00, ...] .text C:\Windows\system32\taskhost.exe[3568] C:\Windows\system32\KERNELBASE.dll!WriteProcessMemory 000007fefd284320 12 bytes [48, B8, B9, 42, 1F, 75, 00, ...] .text C:\Windows\system32\taskhost.exe[3568] C:\Windows\system32\KERNELBASE.dll!CreateRemoteThread + 1 000007fefd292841 8 bytes [B8, 39, 23, 1F, 75, 00, 00, ...] .text C:\Windows\system32\taskhost.exe[3568] C:\Windows\system32\KERNELBASE.dll!CreateRemoteThread + 10 000007fefd29284a 2 bytes [50, C3] .text C:\Windows\system32\taskhost.exe[3568] C:\Windows\system32\KERNELBASE.dll!CreateThread + 1 000007fefd292881 11 bytes [B8, F9, 40, 1F, 75, 00, 00, ...] .text C:\Windows\system32\taskhost.exe[3568] C:\Windows\SYSTEM32\sechost.dll!ControlService + 1 000007fefd7f642d 11 bytes [B8, 39, 5B, 1F, 75, 00, 00, ...] .text C:\Windows\system32\taskhost.exe[3568] C:\Windows\SYSTEM32\sechost.dll!OpenServiceW 000007fefd7f6484 12 bytes [48, B8, F9, 55, 1F, 75, 00, ...] .text C:\Windows\system32\taskhost.exe[3568] C:\Windows\SYSTEM32\sechost.dll!CloseServiceHandle + 1 000007fefd7f6519 11 bytes [B8, 39, 62, 1F, 75, 00, 00, ...] .text C:\Windows\system32\taskhost.exe[3568] C:\Windows\SYSTEM32\sechost.dll!OpenServiceA 000007fefd7f6c34 12 bytes [48, B8, 39, 54, 1F, 75, 00, ...] .text C:\Windows\system32\taskhost.exe[3568] C:\Windows\SYSTEM32\sechost.dll!DeleteService + 1 000007fefd7f7ab5 11 bytes [B8, F9, 5C, 1F, 75, 00, 00, ...] .text C:\Windows\system32\taskhost.exe[3568] C:\Windows\SYSTEM32\sechost.dll!ControlServiceExA + 1 000007fefd7f8b01 11 bytes [B8, B9, 57, 1F, 75, 00, 00, ...] .text C:\Windows\system32\taskhost.exe[3568] C:\Windows\SYSTEM32\sechost.dll!ControlServiceExW + 1 000007fefd7f8c39 11 bytes [B8, 79, 59, 1F, 75, 00, 00, ...] .text C:\Windows\system32\taskeng.exe[4592] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateProcessParametersEx + 1 0000000076d192d1 5 bytes [B8, 39, 69, 1F, 75] .text C:\Windows\system32\taskeng.exe[4592] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateProcessParametersEx + 7 0000000076d192d7 5 bytes [00, 00, 00, 50, C3] .text C:\Windows\system32\taskeng.exe[4592] C:\Windows\SYSTEM32\ntdll.dll!NtWriteFile 0000000076d31330 6 bytes [48, B8, B9, F1, 1F, 75] .text C:\Windows\system32\taskeng.exe[4592] C:\Windows\SYSTEM32\ntdll.dll!NtWriteFile + 8 0000000076d31338 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\taskeng.exe[4592] C:\Windows\SYSTEM32\ntdll.dll!NtClose 0000000076d313a0 6 bytes [48, B8, B9, D5, 1F, 75] .text C:\Windows\system32\taskeng.exe[4592] C:\Windows\SYSTEM32\ntdll.dll!NtClose + 8 0000000076d313a8 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\taskeng.exe[4592] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess 0000000076d31470 6 bytes [48, B8, 79, C2, 1F, 75] .text C:\Windows\system32\taskeng.exe[4592] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess + 8 0000000076d31478 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\taskeng.exe[4592] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000076d31510 6 bytes [48, B8, F9, 32, 1F, 75] .text C:\Windows\system32\taskeng.exe[4592] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess + 8 0000000076d31518 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\taskeng.exe[4592] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 0000000076d31530 6 bytes [48, B8, 39, 1C, 1F, 75] .text C:\Windows\system32\taskeng.exe[4592] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection + 8 0000000076d31538 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\taskeng.exe[4592] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection 0000000076d31550 6 bytes [48, B8, F9, 1D, 1F, 75] .text C:\Windows\system32\taskeng.exe[4592] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection + 8 0000000076d31558 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\taskeng.exe[4592] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076d31570 6 bytes [48, B8, B9, C0, 1F, 75] .text C:\Windows\system32\taskeng.exe[4592] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess + 8 0000000076d31578 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\taskeng.exe[4592] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076d31620 6 bytes [48, B8, 39, EE, 1F, 75] .text C:\Windows\system32\taskeng.exe[4592] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection + 8 0000000076d31628 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\taskeng.exe[4592] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076d31650 6 bytes [48, B8, 79, 2F, 1F, 75] .text C:\Windows\system32\taskeng.exe[4592] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory + 8 0000000076d31658 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\taskeng.exe[4592] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000076d31670 6 bytes [48, B8, 79, 36, 1F, 75] .text C:\Windows\system32\taskeng.exe[4592] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject + 8 0000000076d31678 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\taskeng.exe[4592] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 0000000076d31700 6 bytes [48, B8, B9, 34, 1F, 75] .text C:\Windows\system32\taskeng.exe[4592] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread + 8 0000000076d31708 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\taskeng.exe[4592] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076d31750 6 bytes [48, B8, 79, F3, 1F, 75] .text C:\Windows\system32\taskeng.exe[4592] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection + 8 0000000076d31758 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\taskeng.exe[4592] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcessEx 0000000076d31780 6 bytes [48, B8, 39, 2A, 1F, 75] .text C:\Windows\system32\taskeng.exe[4592] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcessEx + 8 0000000076d31788 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\taskeng.exe[4592] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076d31790 6 bytes [48, B8, B9, 26, 1F, 75] .text C:\Windows\system32\taskeng.exe[4592] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread + 8 0000000076d31798 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\taskeng.exe[4592] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 0000000076d31800 6 bytes [48, B8, F9, EF, 1F, 75] .text C:\Windows\system32\taskeng.exe[4592] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile + 8 0000000076d31808 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\taskeng.exe[4592] C:\Windows\SYSTEM32\ntdll.dll!NtSetValueKey 0000000076d318b0 6 bytes [48, B8, F9, F6, 1F, 75] .text C:\Windows\system32\taskeng.exe[4592] C:\Windows\SYSTEM32\ntdll.dll!NtSetValueKey + 8 0000000076d318b8 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\taskeng.exe[4592] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076d31c80 6 bytes [48, B8, 79, EC, 1F, 75] .text C:\Windows\system32\taskeng.exe[4592] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant + 8 0000000076d31c88 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\taskeng.exe[4592] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcess 0000000076d31cd0 6 bytes [48, B8, 79, 28, 1F, 75] .text C:\Windows\system32\taskeng.exe[4592] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcess + 8 0000000076d31cd8 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\taskeng.exe[4592] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076d31d30 6 bytes [48, B8, F9, 24, 1F, 75] .text C:\Windows\system32\taskeng.exe[4592] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx + 8 0000000076d31d38 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\taskeng.exe[4592] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076d320a0 6 bytes [48, B8, 79, D7, 1F, 75] .text C:\Windows\system32\taskeng.exe[4592] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver + 8 0000000076d320a8 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\taskeng.exe[4592] C:\Windows\SYSTEM32\ntdll.dll!NtRaiseHardError 0000000076d325e0 6 bytes [48, B8, 79, 83, 1F, 75] .text C:\Windows\system32\taskeng.exe[4592] C:\Windows\SYSTEM32\ntdll.dll!NtRaiseHardError + 8 0000000076d325e8 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\taskeng.exe[4592] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076d327e0 6 bytes [48, B8, 39, 31, 1F, 75] .text C:\Windows\system32\taskeng.exe[4592] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread + 8 0000000076d327e8 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\taskeng.exe[4592] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000076d329a0 6 bytes [48, B8, 39, D9, 1F, 75] .text C:\Windows\system32\taskeng.exe[4592] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation + 8 0000000076d329a8 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\taskeng.exe[4592] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000076d32a80 6 bytes [48, B8, 79, 3D, 1F, 75] .text C:\Windows\system32\taskeng.exe[4592] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess + 8 0000000076d32a88 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\taskeng.exe[4592] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000076d32a90 6 bytes [48, B8, B9, 3B, 1F, 75] .text C:\Windows\system32\taskeng.exe[4592] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread + 8 0000000076d32a98 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\taskeng.exe[4592] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076d32aa0 6 bytes [48, B8, 39, F5, 1F, 75] .text C:\Windows\system32\taskeng.exe[4592] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl + 8 0000000076d32aa8 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\taskeng.exe[4592] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000076d32b80 6 bytes [48, B8, 39, E7, 1F, 75] .text C:\Windows\system32\taskeng.exe[4592] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl + 8 0000000076d32b88 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\taskeng.exe[4592] C:\Windows\SYSTEM32\ntdll.dll!RtlReportException + 1 0000000076da3201 11 bytes [B8, 39, 85, 1F, 75, 00, 00, ...] .text C:\Windows\system32\taskeng.exe[4592] C:\Windows\system32\kernel32.dll!Process32NextW + 1 00000000769b20f1 11 bytes [B8, F9, D3, 1F, 75, 00, 00, ...] .text C:\Windows\system32\taskeng.exe[4592] C:\Windows\system32\kernel32.dll!CreateToolhelp32Snapshot 00000000769b21e0 12 bytes [48, B8, F9, 39, 1F, 75, 00, ...] .text C:\Windows\system32\taskeng.exe[4592] C:\Windows\system32\kernel32.dll!CreateProcessInternalW 00000000769ce750 12 bytes [48, B8, B9, 2D, 1F, 75, 00, ...] .text C:\Windows\system32\taskeng.exe[4592] C:\Windows\system32\kernel32.dll!GetStartupInfoA + 1 00000000769d1e31 11 bytes [B8, 79, E5, 1F, 75, 00, 00, ...] .text C:\Windows\system32\taskeng.exe[4592] C:\Windows\system32\kernel32.dll!ReadConsoleInputW + 1 0000000076a05011 11 bytes [B8, B9, 7A, 1F, 75, 00, 00, ...] .text C:\Windows\system32\taskeng.exe[4592] C:\Windows\system32\kernel32.dll!ReadConsoleInputA + 1 0000000076a05031 11 bytes [B8, 39, 77, 1F, 75, 00, 00, ...] .text C:\Windows\system32\taskeng.exe[4592] C:\Windows\system32\kernel32.dll!ReadConsoleW 0000000076a1a560 12 bytes [48, B8, B9, 81, 1F, 75, 00, ...] .text C:\Windows\system32\taskeng.exe[4592] C:\Windows\system32\kernel32.dll!ReadConsoleA 0000000076a1a670 12 bytes [48, B8, 39, 7E, 1F, 75, 00, ...] .text C:\Windows\system32\taskeng.exe[4592] C:\Windows\system32\KERNELBASE.dll!CloseHandle + 1 000007fefd251861 11 bytes [B8, 79, 52, 1F, 75, 00, 00, ...] .text C:\Windows\system32\taskeng.exe[4592] C:\Windows\system32\KERNELBASE.dll!GetProcAddress + 1 000007fefd2530f1 11 bytes [B8, 79, C9, 1F, 75, 00, 00, ...] .text C:\Windows\system32\taskeng.exe[4592] C:\Windows\system32\KERNELBASE.dll!CreateMutexW 000007fefd258b80 12 bytes [48, B8, B9, 50, 1F, 75, 00, ...] .text C:\Windows\system32\taskeng.exe[4592] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd259940 12 bytes [48, B8, F9, C5, 1F, 75, 00, ...] .text C:\Windows\system32\taskeng.exe[4592] C:\Windows\system32\KERNELBASE.dll!FreeLibrary + 1 000007fefd259fb1 11 bytes [B8, B9, C7, 1F, 75, 00, 00, ...] .text C:\Windows\system32\taskeng.exe[4592] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExA + 1 000007fefd25bbb1 11 bytes [B8, 39, C4, 1F, 75, 00, 00, ...] .text C:\Windows\system32\taskeng.exe[4592] C:\Windows\system32\KERNELBASE.dll!OpenMutexW + 1 000007fefd2629c1 11 bytes [B8, F9, 4E, 1F, 75, 00, 00, ...] .text C:\Windows\system32\taskeng.exe[4592] C:\Windows\system32\KERNELBASE.dll!WriteProcessMemory 000007fefd284320 12 bytes [48, B8, B9, 42, 1F, 75, 00, ...] .text C:\Windows\system32\taskeng.exe[4592] C:\Windows\system32\KERNELBASE.dll!CreateRemoteThread + 1 000007fefd292841 8 bytes [B8, 39, 23, 1F, 75, 00, 00, ...] .text C:\Windows\system32\taskeng.exe[4592] C:\Windows\system32\KERNELBASE.dll!CreateRemoteThread + 10 000007fefd29284a 2 bytes [50, C3] .text C:\Windows\system32\taskeng.exe[4592] C:\Windows\system32\KERNELBASE.dll!CreateThread + 1 000007fefd292881 11 bytes [B8, F9, 40, 1F, 75, 00, 00, ...] .text C:\Windows\system32\taskeng.exe[4592] C:\Windows\SYSTEM32\sechost.dll!ControlService + 1 000007fefd7f642d 11 bytes [B8, 39, 5B, 1F, 75, 00, 00, ...] .text C:\Windows\system32\taskeng.exe[4592] C:\Windows\SYSTEM32\sechost.dll!OpenServiceW 000007fefd7f6484 12 bytes [48, B8, F9, 55, 1F, 75, 00, ...] .text C:\Windows\system32\taskeng.exe[4592] C:\Windows\SYSTEM32\sechost.dll!CloseServiceHandle + 1 000007fefd7f6519 11 bytes [B8, 39, 62, 1F, 75, 00, 00, ...] .text C:\Windows\system32\taskeng.exe[4592] C:\Windows\SYSTEM32\sechost.dll!OpenServiceA 000007fefd7f6c34 12 bytes [48, B8, 39, 54, 1F, 75, 00, ...] .text C:\Windows\system32\taskeng.exe[4592] C:\Windows\SYSTEM32\sechost.dll!DeleteService + 1 000007fefd7f7ab5 11 bytes [B8, F9, 5C, 1F, 75, 00, 00, ...] .text C:\Windows\system32\taskeng.exe[4592] C:\Windows\SYSTEM32\sechost.dll!ControlServiceExA + 1 000007fefd7f8b01 11 bytes [B8, B9, 57, 1F, 75, 00, 00, ...] .text C:\Windows\system32\taskeng.exe[4592] C:\Windows\SYSTEM32\sechost.dll!ControlServiceExW + 1 000007fefd7f8c39 11 bytes [B8, 79, 59, 1F, 75, 00, 00, ...] .text C:\Windows\notepad.exe[6072] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateProcessParametersEx + 1 0000000076d192d1 5 bytes [B8, 39, 69, 1F, 75] .text C:\Windows\notepad.exe[6072] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateProcessParametersEx + 7 0000000076d192d7 5 bytes [00, 00, 00, 50, C3] .text C:\Windows\notepad.exe[6072] C:\Windows\SYSTEM32\ntdll.dll!NtWriteFile 0000000076d31330 6 bytes [48, B8, B9, F1, 1F, 75] .text C:\Windows\notepad.exe[6072] C:\Windows\SYSTEM32\ntdll.dll!NtWriteFile + 8 0000000076d31338 4 bytes [00, 00, 50, C3] .text C:\Windows\notepad.exe[6072] C:\Windows\SYSTEM32\ntdll.dll!NtClose 0000000076d313a0 6 bytes [48, B8, B9, D5, 1F, 75] .text C:\Windows\notepad.exe[6072] C:\Windows\SYSTEM32\ntdll.dll!NtClose + 8 0000000076d313a8 4 bytes [00, 00, 50, C3] .text C:\Windows\notepad.exe[6072] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess 0000000076d31470 6 bytes [48, B8, 79, C2, 1F, 75] .text C:\Windows\notepad.exe[6072] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess + 8 0000000076d31478 4 bytes [00, 00, 50, C3] .text C:\Windows\notepad.exe[6072] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000076d31510 6 bytes [48, B8, F9, 32, 1F, 75] .text C:\Windows\notepad.exe[6072] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess + 8 0000000076d31518 4 bytes [00, 00, 50, C3] .text C:\Windows\notepad.exe[6072] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 0000000076d31530 6 bytes [48, B8, 39, 1C, 1F, 75] .text C:\Windows\notepad.exe[6072] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection + 8 0000000076d31538 4 bytes [00, 00, 50, C3] .text C:\Windows\notepad.exe[6072] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection 0000000076d31550 6 bytes [48, B8, F9, 1D, 1F, 75] .text C:\Windows\notepad.exe[6072] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection + 8 0000000076d31558 4 bytes [00, 00, 50, C3] .text C:\Windows\notepad.exe[6072] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076d31570 6 bytes [48, B8, B9, C0, 1F, 75] .text C:\Windows\notepad.exe[6072] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess + 8 0000000076d31578 4 bytes [00, 00, 50, C3] .text C:\Windows\notepad.exe[6072] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076d31620 6 bytes [48, B8, 39, EE, 1F, 75] .text C:\Windows\notepad.exe[6072] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection + 8 0000000076d31628 4 bytes [00, 00, 50, C3] .text C:\Windows\notepad.exe[6072] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076d31650 6 bytes [48, B8, 79, 2F, 1F, 75] .text C:\Windows\notepad.exe[6072] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory + 8 0000000076d31658 4 bytes [00, 00, 50, C3] .text C:\Windows\notepad.exe[6072] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000076d31670 6 bytes [48, B8, 79, 36, 1F, 75] .text C:\Windows\notepad.exe[6072] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject + 8 0000000076d31678 4 bytes [00, 00, 50, C3] .text C:\Windows\notepad.exe[6072] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 0000000076d31700 6 bytes [48, B8, B9, 34, 1F, 75] .text C:\Windows\notepad.exe[6072] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread + 8 0000000076d31708 4 bytes [00, 00, 50, C3] .text C:\Windows\notepad.exe[6072] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076d31750 6 bytes [48, B8, 79, F3, 1F, 75] .text C:\Windows\notepad.exe[6072] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection + 8 0000000076d31758 4 bytes [00, 00, 50, C3] .text C:\Windows\notepad.exe[6072] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcessEx 0000000076d31780 6 bytes [48, B8, 39, 2A, 1F, 75] .text C:\Windows\notepad.exe[6072] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcessEx + 8 0000000076d31788 4 bytes [00, 00, 50, C3] .text C:\Windows\notepad.exe[6072] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076d31790 6 bytes [48, B8, B9, 26, 1F, 75] .text C:\Windows\notepad.exe[6072] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread + 8 0000000076d31798 4 bytes [00, 00, 50, C3] .text C:\Windows\notepad.exe[6072] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 0000000076d31800 6 bytes [48, B8, F9, EF, 1F, 75] .text C:\Windows\notepad.exe[6072] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile + 8 0000000076d31808 4 bytes [00, 00, 50, C3] .text C:\Windows\notepad.exe[6072] C:\Windows\SYSTEM32\ntdll.dll!NtSetValueKey 0000000076d318b0 6 bytes [48, B8, F9, F6, 1F, 75] .text C:\Windows\notepad.exe[6072] C:\Windows\SYSTEM32\ntdll.dll!NtSetValueKey + 8 0000000076d318b8 4 bytes [00, 00, 50, C3] .text C:\Windows\notepad.exe[6072] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076d31c80 6 bytes [48, B8, 79, EC, 1F, 75] .text C:\Windows\notepad.exe[6072] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant + 8 0000000076d31c88 4 bytes [00, 00, 50, C3] .text C:\Windows\notepad.exe[6072] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcess 0000000076d31cd0 6 bytes [48, B8, 79, 28, 1F, 75] .text C:\Windows\notepad.exe[6072] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcess + 8 0000000076d31cd8 4 bytes [00, 00, 50, C3] .text C:\Windows\notepad.exe[6072] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076d31d30 6 bytes [48, B8, F9, 24, 1F, 75] .text C:\Windows\notepad.exe[6072] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx + 8 0000000076d31d38 4 bytes [00, 00, 50, C3] .text C:\Windows\notepad.exe[6072] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076d320a0 6 bytes [48, B8, 79, D7, 1F, 75] .text C:\Windows\notepad.exe[6072] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver + 8 0000000076d320a8 4 bytes [00, 00, 50, C3] .text C:\Windows\notepad.exe[6072] C:\Windows\SYSTEM32\ntdll.dll!NtRaiseHardError 0000000076d325e0 6 bytes [48, B8, 79, 83, 1F, 75] .text C:\Windows\notepad.exe[6072] C:\Windows\SYSTEM32\ntdll.dll!NtRaiseHardError + 8 0000000076d325e8 4 bytes [00, 00, 50, C3] .text C:\Windows\notepad.exe[6072] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076d327e0 6 bytes [48, B8, 39, 31, 1F, 75] .text C:\Windows\notepad.exe[6072] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread + 8 0000000076d327e8 4 bytes [00, 00, 50, C3] .text C:\Windows\notepad.exe[6072] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000076d329a0 6 bytes [48, B8, 39, D9, 1F, 75] .text C:\Windows\notepad.exe[6072] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation + 8 0000000076d329a8 4 bytes [00, 00, 50, C3] .text C:\Windows\notepad.exe[6072] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000076d32a80 6 bytes [48, B8, 79, 3D, 1F, 75] .text C:\Windows\notepad.exe[6072] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess + 8 0000000076d32a88 4 bytes [00, 00, 50, C3] .text C:\Windows\notepad.exe[6072] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000076d32a90 6 bytes [48, B8, B9, 3B, 1F, 75] .text C:\Windows\notepad.exe[6072] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread + 8 0000000076d32a98 4 bytes [00, 00, 50, C3] .text C:\Windows\notepad.exe[6072] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076d32aa0 6 bytes [48, B8, 39, F5, 1F, 75] .text C:\Windows\notepad.exe[6072] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl + 8 0000000076d32aa8 4 bytes [00, 00, 50, C3] .text C:\Windows\notepad.exe[6072] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000076d32b80 6 bytes [48, B8, 39, E7, 1F, 75] .text C:\Windows\notepad.exe[6072] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl + 8 0000000076d32b88 4 bytes [00, 00, 50, C3] .text C:\Windows\notepad.exe[6072] C:\Windows\SYSTEM32\ntdll.dll!RtlReportException + 1 0000000076da3201 11 bytes [B8, 39, 85, 1F, 75, 00, 00, ...] .text C:\Windows\notepad.exe[6072] C:\Windows\system32\kernel32.dll!Process32NextW + 1 00000000769b20f1 11 bytes [B8, F9, D3, 1F, 75, 00, 00, ...] .text C:\Windows\notepad.exe[6072] C:\Windows\system32\kernel32.dll!CreateToolhelp32Snapshot 00000000769b21e0 12 bytes [48, B8, F9, 39, 1F, 75, 00, ...] .text C:\Windows\notepad.exe[6072] C:\Windows\system32\kernel32.dll!CreateProcessInternalW 00000000769ce750 12 bytes [48, B8, B9, 2D, 1F, 75, 00, ...] .text C:\Windows\notepad.exe[6072] C:\Windows\system32\kernel32.dll!GetStartupInfoA + 1 00000000769d1e31 11 bytes [B8, 79, E5, 1F, 75, 00, 00, ...] .text C:\Windows\notepad.exe[6072] C:\Windows\system32\kernel32.dll!ReadConsoleInputW + 1 0000000076a05011 11 bytes [B8, B9, 7A, 1F, 75, 00, 00, ...] .text C:\Windows\notepad.exe[6072] C:\Windows\system32\kernel32.dll!ReadConsoleInputA + 1 0000000076a05031 11 bytes [B8, 39, 77, 1F, 75, 00, 00, ...] .text C:\Windows\notepad.exe[6072] C:\Windows\system32\kernel32.dll!ReadConsoleW 0000000076a1a560 12 bytes [48, B8, B9, 81, 1F, 75, 00, ...] .text C:\Windows\notepad.exe[6072] C:\Windows\system32\kernel32.dll!ReadConsoleA 0000000076a1a670 12 bytes [48, B8, 39, 7E, 1F, 75, 00, ...] .text C:\Windows\notepad.exe[6072] C:\Windows\system32\KERNELBASE.dll!CloseHandle + 1 000007fefd251861 11 bytes [B8, 79, 52, 1F, 75, 00, 00, ...] .text C:\Windows\notepad.exe[6072] C:\Windows\system32\KERNELBASE.dll!GetProcAddress + 1 000007fefd2530f1 11 bytes [B8, 79, C9, 1F, 75, 00, 00, ...] .text C:\Windows\notepad.exe[6072] C:\Windows\system32\KERNELBASE.dll!CreateMutexW 000007fefd258b80 12 bytes [48, B8, B9, 50, 1F, 75, 00, ...] .text C:\Windows\notepad.exe[6072] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd259940 12 bytes [48, B8, F9, C5, 1F, 75, 00, ...] .text C:\Windows\notepad.exe[6072] C:\Windows\system32\KERNELBASE.dll!FreeLibrary + 1 000007fefd259fb1 11 bytes [B8, B9, C7, 1F, 75, 00, 00, ...] .text C:\Windows\notepad.exe[6072] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExA + 1 000007fefd25bbb1 11 bytes [B8, 39, C4, 1F, 75, 00, 00, ...] .text C:\Windows\notepad.exe[6072] C:\Windows\system32\KERNELBASE.dll!OpenMutexW + 1 000007fefd2629c1 11 bytes [B8, F9, 4E, 1F, 75, 00, 00, ...] .text C:\Windows\notepad.exe[6072] C:\Windows\system32\KERNELBASE.dll!WriteProcessMemory 000007fefd284320 12 bytes [48, B8, B9, 42, 1F, 75, 00, ...] .text C:\Windows\notepad.exe[6072] C:\Windows\system32\KERNELBASE.dll!CreateRemoteThread + 1 000007fefd292841 8 bytes [B8, 39, 23, 1F, 75, 00, 00, ...] .text C:\Windows\notepad.exe[6072] C:\Windows\system32\KERNELBASE.dll!CreateRemoteThread + 10 000007fefd29284a 2 bytes [50, C3] .text C:\Windows\notepad.exe[6072] C:\Windows\system32\KERNELBASE.dll!CreateThread + 1 000007fefd292881 11 bytes [B8, F9, 40, 1F, 75, 00, 00, ...] .text C:\Windows\notepad.exe[6072] C:\Windows\SYSTEM32\sechost.dll!ControlService + 1 000007fefd7f642d 11 bytes [B8, 39, 5B, 1F, 75, 00, 00, ...] .text C:\Windows\notepad.exe[6072] C:\Windows\SYSTEM32\sechost.dll!OpenServiceW 000007fefd7f6484 12 bytes [48, B8, F9, 55, 1F, 75, 00, ...] .text C:\Windows\notepad.exe[6072] C:\Windows\SYSTEM32\sechost.dll!CloseServiceHandle + 1 000007fefd7f6519 11 bytes [B8, 39, 62, 1F, 75, 00, 00, ...] .text C:\Windows\notepad.exe[6072] C:\Windows\SYSTEM32\sechost.dll!OpenServiceA 000007fefd7f6c34 12 bytes [48, B8, 39, 54, 1F, 75, 00, ...] .text C:\Windows\notepad.exe[6072] C:\Windows\SYSTEM32\sechost.dll!DeleteService + 1 000007fefd7f7ab5 11 bytes [B8, F9, 5C, 1F, 75, 00, 00, ...] .text C:\Windows\notepad.exe[6072] C:\Windows\SYSTEM32\sechost.dll!ControlServiceExA + 1 000007fefd7f8b01 11 bytes [B8, B9, 57, 1F, 75, 00, 00, ...] .text C:\Windows\notepad.exe[6072] C:\Windows\SYSTEM32\sechost.dll!ControlServiceExW + 1 000007fefd7f8c39 11 bytes [B8, 79, 59, 1F, 75, 00, 00, ...] .text C:\Users\OEM\Desktop\Skany\Programy do skanowania\GMER\sdgwxpdu.exe[4476] C:\Windows\SysWOW64\ntdll.dll!NtReadFile 0000000076edf8f0 5 bytes JMP 0000000172a566b1 .text C:\Users\OEM\Desktop\Skany\Programy do skanowania\GMER\sdgwxpdu.exe[4476] C:\Windows\SysWOW64\ntdll.dll!NtWriteFile 0000000076edf928 5 bytes JMP 0000000172a56d39 .text C:\Users\OEM\Desktop\Skany\Programy do skanowania\GMER\sdgwxpdu.exe[4476] C:\Windows\SysWOW64\ntdll.dll!NtClose 0000000076edf9e0 5 bytes JMP 0000000172a564e9 .text C:\Users\OEM\Desktop\Skany\Programy do skanowania\GMER\sdgwxpdu.exe[4476] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationProcess 0000000076edfb28 5 bytes JMP 0000000172a55ef9 .text C:\Users\OEM\Desktop\Skany\Programy do skanowania\GMER\sdgwxpdu.exe[4476] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess 0000000076edfc20 5 bytes JMP 0000000172a531d9 .text C:\Users\OEM\Desktop\Skany\Programy do skanowania\GMER\sdgwxpdu.exe[4476] C:\Windows\SysWOW64\ntdll.dll!NtMapViewOfSection 0000000076edfc50 5 bytes JMP 0000000172a515f1 .text C:\Users\OEM\Desktop\Skany\Programy do skanowania\GMER\sdgwxpdu.exe[4476] C:\Windows\SysWOW64\ntdll.dll!NtUnmapViewOfSection 0000000076edfc80 5 bytes JMP 0000000172a51689 .text C:\Users\OEM\Desktop\Skany\Programy do skanowania\GMER\sdgwxpdu.exe[4476] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 0000000076edfcb0 5 bytes JMP 0000000172a55e61 .text C:\Users\OEM\Desktop\Skany\Programy do skanowania\GMER\sdgwxpdu.exe[4476] C:\Windows\SysWOW64\ntdll.dll!NtOpenSection 0000000076edfdc8 5 bytes JMP 0000000172a56ca1 .text C:\Users\OEM\Desktop\Skany\Programy do skanowania\GMER\sdgwxpdu.exe[4476] C:\Windows\SysWOW64\ntdll.dll!NtWriteVirtualMemory 0000000076edfe14 5 bytes JMP 0000000172a530a9 .text C:\Users\OEM\Desktop\Skany\Programy do skanowania\GMER\sdgwxpdu.exe[4476] C:\Windows\SysWOW64\ntdll.dll!NtDuplicateObject 0000000076edfe44 5 bytes JMP 0000000172a53309 .text C:\Users\OEM\Desktop\Skany\Programy do skanowania\GMER\sdgwxpdu.exe[4476] C:\Windows\SysWOW64\ntdll.dll!NtQueueApcThread 0000000076edff24 5 bytes JMP 0000000172a53271 .text C:\Users\OEM\Desktop\Skany\Programy do skanowania\GMER\sdgwxpdu.exe[4476] C:\Windows\SysWOW64\ntdll.dll!NtCreateSection 0000000076edffa4 5 bytes JMP 0000000172a56dd1 .text C:\Users\OEM\Desktop\Skany\Programy do skanowania\GMER\sdgwxpdu.exe[4476] C:\Windows\SysWOW64\ntdll.dll!NtCreateProcessEx 0000000076edffec 5 bytes JMP 0000000172a52ee1 .text C:\Users\OEM\Desktop\Skany\Programy do skanowania\GMER\sdgwxpdu.exe[4476] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread 0000000076ee0004 5 bytes JMP 0000000172a52db1 .text C:\Users\OEM\Desktop\Skany\Programy do skanowania\GMER\sdgwxpdu.exe[4476] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile 0000000076ee00b4 5 bytes JMP 0000000172a51ed9 .text C:\Users\OEM\Desktop\Skany\Programy do skanowania\GMER\sdgwxpdu.exe[4476] C:\Windows\SysWOW64\ntdll.dll!NtSetValueKey 0000000076ee01c4 5 bytes JMP 0000000172a52301 .text C:\Users\OEM\Desktop\Skany\Programy do skanowania\GMER\sdgwxpdu.exe[4476] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant 0000000076ee079c 5 bytes JMP 0000000172a56c09 .text C:\Users\OEM\Desktop\Skany\Programy do skanowania\GMER\sdgwxpdu.exe[4476] C:\Windows\SysWOW64\ntdll.dll!NtCreateProcess 0000000076ee0814 5 bytes JMP 0000000172a52e49 .text C:\Users\OEM\Desktop\Skany\Programy do skanowania\GMER\sdgwxpdu.exe[4476] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx 0000000076ee08a4 5 bytes JMP 0000000172a52d19 .text C:\Users\OEM\Desktop\Skany\Programy do skanowania\GMER\sdgwxpdu.exe[4476] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver 0000000076ee0df4 5 bytes JMP 0000000172a56581 .text C:\Users\OEM\Desktop\Skany\Programy do skanowania\GMER\sdgwxpdu.exe[4476] C:\Windows\SysWOW64\ntdll.dll!NtRaiseHardError 0000000076ee1604 5 bytes JMP 0000000172a54ac9 .text C:\Users\OEM\Desktop\Skany\Programy do skanowania\GMER\sdgwxpdu.exe[4476] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread 0000000076ee1920 5 bytes JMP 0000000172a53141 .text C:\Users\OEM\Desktop\Skany\Programy do skanowania\GMER\sdgwxpdu.exe[4476] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation 0000000076ee1be4 5 bytes JMP 0000000172a56619 .text C:\Users\OEM\Desktop\Skany\Programy do skanowania\GMER\sdgwxpdu.exe[4476] C:\Windows\SysWOW64\ntdll.dll!NtSuspendProcess 0000000076ee1d54 5 bytes JMP 0000000172a53439 .text C:\Users\OEM\Desktop\Skany\Programy do skanowania\GMER\sdgwxpdu.exe[4476] C:\Windows\SysWOW64\ntdll.dll!NtSuspendThread 0000000076ee1d70 5 bytes JMP 0000000172a533a1 .text C:\Users\OEM\Desktop\Skany\Programy do skanowania\GMER\sdgwxpdu.exe[4476] C:\Windows\SysWOW64\ntdll.dll!NtSystemDebugControl 0000000076ee1d8c 5 bytes JMP 0000000172a56e69 .text C:\Users\OEM\Desktop\Skany\Programy do skanowania\GMER\sdgwxpdu.exe[4476] C:\Windows\SysWOW64\ntdll.dll!NtVdmControl 0000000076ee1ee8 5 bytes JMP 0000000172a56a41 .text C:\Users\OEM\Desktop\Skany\Programy do skanowania\GMER\sdgwxpdu.exe[4476] C:\Windows\SysWOW64\ntdll.dll!RtlQueryPerformanceCounter 0000000076ef88c4 5 bytes JMP 0000000172a51ab1 .text C:\Users\OEM\Desktop\Skany\Programy do skanowania\GMER\sdgwxpdu.exe[4476] C:\Windows\SysWOW64\ntdll.dll!RtlCreateProcessParametersEx 0000000076f20d3b 5 bytes JMP 0000000172a52009 .text C:\Users\OEM\Desktop\Skany\Programy do skanowania\GMER\sdgwxpdu.exe[4476] C:\Windows\SysWOW64\ntdll.dll!RtlReportException 0000000076f6860f 5 bytes JMP 0000000172a54b61 .text C:\Users\OEM\Desktop\Skany\Programy do skanowania\GMER\sdgwxpdu.exe[4476] C:\Windows\SysWOW64\ntdll.dll!RtlCreateProcessParameters 0000000076f6e8ab 5 bytes JMP 0000000172a51f71 .text C:\Users\OEM\Desktop\Skany\Programy do skanowania\GMER\sdgwxpdu.exe[4476] C:\Windows\syswow64\kernel32.dll!GetStartupInfoA 00000000755f0e00 5 bytes JMP 0000000172a51da9 .text C:\Users\OEM\Desktop\Skany\Programy do skanowania\GMER\sdgwxpdu.exe[4476] C:\Windows\syswow64\kernel32.dll!CreateProcessA 00000000755f1072 5 bytes JMP 0000000172a52a21 .text C:\Users\OEM\Desktop\Skany\Programy do skanowania\GMER\sdgwxpdu.exe[4476] C:\Windows\syswow64\kernel32.dll!LoadLibraryA 00000000755f49bf 5 bytes JMP 0000000172a525f9 .text C:\Users\OEM\Desktop\Skany\Programy do skanowania\GMER\sdgwxpdu.exe[4476] C:\Windows\syswow64\kernel32.dll!CreateProcessInternalW 0000000075603bdb 5 bytes JMP 0000000172a53011 .text C:\Users\OEM\Desktop\Skany\Programy do skanowania\GMER\sdgwxpdu.exe[4476] C:\Windows\syswow64\kernel32.dll!CreateToolhelp32Snapshot 0000000075617347 5 bytes JMP 0000000172a52729 .text C:\Users\OEM\Desktop\Skany\Programy do skanowania\GMER\sdgwxpdu.exe[4476] C:\Windows\syswow64\kernel32.dll!Process32NextW 0000000075618954 5 bytes JMP 0000000172a56451 .text C:\Users\OEM\Desktop\Skany\Programy do skanowania\GMER\sdgwxpdu.exe[4476] C:\Windows\syswow64\kernel32.dll!WinExec 0000000075672c91 5 bytes JMP 0000000172a528f1 .text C:\Users\OEM\Desktop\Skany\Programy do skanowania\GMER\sdgwxpdu.exe[4476] C:\Windows\syswow64\kernel32.dll!ReadConsoleInputA 0000000075696f6b 5 bytes JMP 0000000172a546a1 .text C:\Users\OEM\Desktop\Skany\Programy do skanowania\GMER\sdgwxpdu.exe[4476] C:\Windows\syswow64\kernel32.dll!ReadConsoleInputW 0000000075696f8e 5 bytes JMP 0000000172a547d1 .text C:\Users\OEM\Desktop\Skany\Programy do skanowania\GMER\sdgwxpdu.exe[4476] C:\Windows\syswow64\kernel32.dll!ReadConsoleA 0000000075697339 5 bytes JMP 0000000172a54901 .text C:\Users\OEM\Desktop\Skany\Programy do skanowania\GMER\sdgwxpdu.exe[4476] C:\Windows\syswow64\kernel32.dll!ReadConsoleW 00000000756973b2 5 bytes JMP 0000000172a54a31 .text C:\Users\OEM\Desktop\Skany\Programy do skanowania\GMER\sdgwxpdu.exe[4476] C:\Windows\syswow64\KERNELBASE.dll!GetSystemTimeAsFileTime 0000000076308f7d 5 bytes JMP 0000000172a51a19 .text C:\Users\OEM\Desktop\Skany\Programy do skanowania\GMER\sdgwxpdu.exe[4476] C:\Windows\syswow64\KERNELBASE.dll!CloseHandle 000000007630c428 5 bytes JMP 0000000172a53b59 .text C:\Users\OEM\Desktop\Skany\Programy do skanowania\GMER\sdgwxpdu.exe[4476] C:\Windows\syswow64\KERNELBASE.dll!WriteProcessMemory 000000007630ec98 5 bytes JMP 0000000172a53601 .text C:\Users\OEM\Desktop\Skany\Programy do skanowania\GMER\sdgwxpdu.exe[4476] C:\Windows\syswow64\KERNELBASE.dll!ExitProcess 000000007630f1f8 5 bytes JMP 0000000172a52399 .text C:\Users\OEM\Desktop\Skany\Programy do skanowania\GMER\sdgwxpdu.exe[4476] C:\Windows\syswow64\KERNELBASE.dll!GetStartupInfoW 000000007630fa7b 5 bytes JMP 0000000172a51e41 .text C:\Users\OEM\Desktop\Skany\Programy do skanowania\GMER\sdgwxpdu.exe[4476] C:\Windows\syswow64\KERNELBASE.dll!CreateMutexW 000000007631134a 5 bytes JMP 0000000172a53ac1 .text C:\Users\OEM\Desktop\Skany\Programy do skanowania\GMER\sdgwxpdu.exe[4476] C:\Windows\syswow64\KERNELBASE.dll!OpenMutexW 0000000076311371 5 bytes JMP 0000000172a53a29 .text C:\Users\OEM\Desktop\Skany\Programy do skanowania\GMER\sdgwxpdu.exe[4476] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000076311d1b 5 bytes JMP 0000000172a51981 .text C:\Users\OEM\Desktop\Skany\Programy do skanowania\GMER\sdgwxpdu.exe[4476] C:\Windows\syswow64\KERNELBASE.dll!GetProcAddress 0000000076311e07 5 bytes JMP 0000000172a524c9 .text C:\Users\OEM\Desktop\Skany\Programy do skanowania\GMER\sdgwxpdu.exe[4476] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000076312aa4 5 bytes JMP 0000000172a56029 .text C:\Users\OEM\Desktop\Skany\Programy do skanowania\GMER\sdgwxpdu.exe[4476] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExA 0000000076312ccc 5 bytes JMP 0000000172a55f91 .text C:\Users\OEM\Desktop\Skany\Programy do skanowania\GMER\sdgwxpdu.exe[4476] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000076312d0a 5 bytes JMP 0000000172a560c1 .text C:\Users\OEM\Desktop\Skany\Programy do skanowania\GMER\sdgwxpdu.exe[4476] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleA 0000000076312e6d 5 bytes JMP 0000000172a518e9 .text C:\Users\OEM\Desktop\Skany\Programy do skanowania\GMER\sdgwxpdu.exe[4476] C:\Windows\syswow64\KERNELBASE.dll!SleepEx 0000000076313b63 5 bytes JMP 0000000172a52269 .text C:\Users\OEM\Desktop\Skany\Programy do skanowania\GMER\sdgwxpdu.exe[4476] C:\Windows\syswow64\KERNELBASE.dll!Sleep 0000000076314489 5 bytes JMP 0000000172a52431 .text C:\Users\OEM\Desktop\Skany\Programy do skanowania\GMER\sdgwxpdu.exe[4476] C:\Windows\syswow64\KERNELBASE.dll!CreateThread 00000000763145fb 5 bytes JMP 0000000172a53569 .text C:\Users\OEM\Desktop\Skany\Programy do skanowania\GMER\sdgwxpdu.exe[4476] C:\Windows\syswow64\KERNELBASE.dll!CreateRemoteThread 0000000076314624 5 bytes JMP 0000000172a52c81 .text C:\Users\OEM\Desktop\Skany\Programy do skanowania\GMER\sdgwxpdu.exe[4476] C:\Windows\syswow64\KERNELBASE.dll!CreateFileA 000000007631c72c 5 bytes JMP 0000000172a527c1 .text C:\Users\OEM\Desktop\Skany\Programy do skanowania\GMER\sdgwxpdu.exe[4476] C:\Windows\syswow64\ADVAPI32.dll!OpenServiceW 0000000075d2ca4c 5 bytes JMP 0000000172a53c89 .text C:\Users\OEM\Desktop\Skany\Programy do skanowania\GMER\sdgwxpdu.exe[4476] C:\Windows\syswow64\ADVAPI32.dll!OpenServiceA 0000000075d32bf0 5 bytes JMP 0000000172a53bf1 .text C:\Users\OEM\Desktop\Skany\Programy do skanowania\GMER\sdgwxpdu.exe[4476] C:\Windows\syswow64\ADVAPI32.dll!CloseServiceHandle 0000000075d3369c 5 bytes JMP 0000000172a540b1 .text C:\Users\OEM\Desktop\Skany\Programy do skanowania\GMER\sdgwxpdu.exe[4476] C:\Windows\syswow64\ADVAPI32.dll!RegOpenKeyExA + 222 0000000075d349e5 5 bytes JMP 0000000172a56f01 .text C:\Users\OEM\Desktop\Skany\Programy do skanowania\GMER\sdgwxpdu.exe[4476] C:\Windows\syswow64\ADVAPI32.dll!CreateServiceW 0000000075d4712c 5 bytes JMP 0000000172a54311 .text C:\Users\OEM\Desktop\Skany\Programy do skanowania\GMER\sdgwxpdu.exe[4476] C:\Windows\syswow64\ADVAPI32.dll!ControlService 0000000075d47144 5 bytes JMP 0000000172a53e51 .text C:\Users\OEM\Desktop\Skany\Programy do skanowania\GMER\sdgwxpdu.exe[4476] C:\Windows\syswow64\ADVAPI32.dll!DeleteService 0000000075d4715c 5 bytes JMP 0000000172a53ee9 .text C:\Users\OEM\Desktop\Skany\Programy do skanowania\GMER\sdgwxpdu.exe[4476] C:\Windows\syswow64\ADVAPI32.dll!ChangeServiceConfigA 0000000075d630e8 5 bytes JMP 0000000172a53f81 .text C:\Users\OEM\Desktop\Skany\Programy do skanowania\GMER\sdgwxpdu.exe[4476] C:\Windows\syswow64\ADVAPI32.dll!ChangeServiceConfigW 0000000075d630f8 5 bytes JMP 0000000172a54019 .text C:\Users\OEM\Desktop\Skany\Programy do skanowania\GMER\sdgwxpdu.exe[4476] C:\Windows\syswow64\ADVAPI32.dll!ControlServiceExA 0000000075d63108 5 bytes JMP 0000000172a53d21 .text C:\Users\OEM\Desktop\Skany\Programy do skanowania\GMER\sdgwxpdu.exe[4476] C:\Windows\syswow64\ADVAPI32.dll!ControlServiceExW 0000000075d63118 5 bytes JMP 0000000172a53db9 .text C:\Users\OEM\Desktop\Skany\Programy do skanowania\GMER\sdgwxpdu.exe[4476] C:\Windows\syswow64\ADVAPI32.dll!CreateServiceA 0000000075d63158 5 bytes JMP 0000000172a54279 .text C:\Users\OEM\Desktop\Skany\Programy do skanowania\GMER\sdgwxpdu.exe[4476] C:\Windows\syswow64\msvcrt.dll!_lock + 41 0000000075ada472 5 bytes JMP 0000000172a56f99 .text C:\Users\OEM\Desktop\Skany\Programy do skanowania\GMER\sdgwxpdu.exe[4476] C:\Windows\syswow64\msvcrt.dll!__p__fmode 0000000075ae27ce 5 bytes JMP 0000000172a51be1 .text C:\Users\OEM\Desktop\Skany\Programy do skanowania\GMER\sdgwxpdu.exe[4476] C:\Windows\syswow64\msvcrt.dll!__p__environ 0000000075aee6cf 5 bytes JMP 0000000172a51b49 .text C:\Users\OEM\Desktop\Skany\Programy do skanowania\GMER\sdgwxpdu.exe[4476] C:\Windows\syswow64\USER32.dll!GetMessageW 00000000746b78e2 5 bytes JMP 0000000172a54441 .text C:\Users\OEM\Desktop\Skany\Programy do skanowania\GMER\sdgwxpdu.exe[4476] C:\Windows\syswow64\USER32.dll!GetMessageA 00000000746b7bd3 5 bytes JMP 0000000172a543a9 .text C:\Users\OEM\Desktop\Skany\Programy do skanowania\GMER\sdgwxpdu.exe[4476] C:\Windows\syswow64\USER32.dll!CreateWindowExW 00000000746b8a29 5 bytes JMP 0000000172a557d9 .text C:\Users\OEM\Desktop\Skany\Programy do skanowania\GMER\sdgwxpdu.exe[4476] C:\Windows\syswow64\USER32.dll!FindWindowW 00000000746b98fd 5 bytes JMP 0000000172a56289 .text C:\Users\OEM\Desktop\Skany\Programy do skanowania\GMER\sdgwxpdu.exe[4476] C:\Windows\syswow64\USER32.dll!UserClientDllInitialize 00000000746bb6ed 5 bytes JMP 0000000172a57031 .text C:\Users\OEM\Desktop\Skany\Programy do skanowania\GMER\sdgwxpdu.exe[4476] C:\Windows\syswow64\USER32.dll!CreateWindowExA 00000000746bd22e 5 bytes JMP 0000000172a55871 .text C:\Users\OEM\Desktop\Skany\Programy do skanowania\GMER\sdgwxpdu.exe[4476] C:\Windows\syswow64\USER32.dll!SetWinEventHook 00000000746bee09 5 bytes JMP 0000000172a534d1 .text C:\Users\OEM\Desktop\Skany\Programy do skanowania\GMER\sdgwxpdu.exe[4476] C:\Windows\syswow64\USER32.dll!FindWindowA 00000000746bffe6 5 bytes JMP 0000000172a56159 .text C:\Users\OEM\Desktop\Skany\Programy do skanowania\GMER\sdgwxpdu.exe[4476] C:\Windows\syswow64\USER32.dll!FindWindowExA 00000000746c00d9 5 bytes JMP 0000000172a561f1 .text C:\Users\OEM\Desktop\Skany\Programy do skanowania\GMER\sdgwxpdu.exe[4476] C:\Windows\syswow64\USER32.dll!PeekMessageW 00000000746c05ba 5 bytes JMP 0000000172a54571 .text C:\Users\OEM\Desktop\Skany\Programy do skanowania\GMER\sdgwxpdu.exe[4476] C:\Windows\syswow64\USER32.dll!ShowWindow 00000000746c0dfb 5 bytes JMP 0000000172a55909 .text C:\Users\OEM\Desktop\Skany\Programy do skanowania\GMER\sdgwxpdu.exe[4476] C:\Windows\syswow64\USER32.dll!PostMessageW 00000000746c12a5 5 bytes JMP 0000000172a56b71 .text C:\Users\OEM\Desktop\Skany\Programy do skanowania\GMER\sdgwxpdu.exe[4476] C:\Windows\syswow64\USER32.dll!SetWindowTextW 00000000746c20ec 5 bytes JMP 0000000172a55c99 .text C:\Users\OEM\Desktop\Skany\Programy do skanowania\GMER\sdgwxpdu.exe[4476] C:\Windows\syswow64\USER32.dll!PostMessageA 00000000746c3baa 5 bytes JMP 0000000172a56ad9 .text C:\Users\OEM\Desktop\Skany\Programy do skanowania\GMER\sdgwxpdu.exe[4476] C:\Windows\syswow64\USER32.dll!PeekMessageA 00000000746c5f74 5 bytes JMP 0000000172a544d9 .text C:\Users\OEM\Desktop\Skany\Programy do skanowania\GMER\sdgwxpdu.exe[4476] C:\Windows\syswow64\USER32.dll!CallNextHookEx 00000000746c6285 5 bytes JMP 0000000172a54bf9 .text C:\Users\OEM\Desktop\Skany\Programy do skanowania\GMER\sdgwxpdu.exe[4476] C:\Windows\syswow64\USER32.dll!SetWindowsHookExW 00000000746c7603 5 bytes JMP 0000000172a52be9 .text C:\Users\OEM\Desktop\Skany\Programy do skanowania\GMER\sdgwxpdu.exe[4476] C:\Windows\syswow64\USER32.dll!SetWindowTextA 00000000746c7aee 5 bytes JMP 0000000172a55c01 .text C:\Users\OEM\Desktop\Skany\Programy do skanowania\GMER\sdgwxpdu.exe[4476] C:\Windows\syswow64\USER32.dll!SetWindowsHookExA 00000000746c835c 5 bytes JMP 0000000172a52b51 .text C:\Users\OEM\Desktop\Skany\Programy do skanowania\GMER\sdgwxpdu.exe[4476] C:\Windows\syswow64\USER32.dll!DialogBoxIndirectParamAorW 00000000746dce54 5 bytes JMP 0000000172a55a39 .text C:\Users\OEM\Desktop\Skany\Programy do skanowania\GMER\sdgwxpdu.exe[4476] C:\Windows\syswow64\USER32.dll!UnhookWindowsHookEx 00000000746df52b 5 bytes JMP 0000000172a54c91 .text C:\Users\OEM\Desktop\Skany\Programy do skanowania\GMER\sdgwxpdu.exe[4476] C:\Windows\syswow64\USER32.dll!FindWindowExW 00000000746df588 5 bytes JMP 0000000172a56321 .text C:\Users\OEM\Desktop\Skany\Programy do skanowania\GMER\sdgwxpdu.exe[4476] C:\Windows\syswow64\USER32.dll!CreateDialogIndirectParamAorW 00000000746e10a0 5 bytes JMP 0000000172a559a1 .text C:\Users\OEM\Desktop\Skany\Programy do skanowania\GMER\sdgwxpdu.exe[4476] C:\Windows\syswow64\USER32.dll!MessageBoxExA 000000007470fcd6 5 bytes JMP 0000000172a55ad1 .text C:\Users\OEM\Desktop\Skany\Programy do skanowania\GMER\sdgwxpdu.exe[4476] C:\Windows\syswow64\USER32.dll!MessageBoxExW 000000007470fcfa 5 bytes JMP 0000000172a55b69 .text C:\Users\OEM\Desktop\Skany\Programy do skanowania\GMER\sdgwxpdu.exe[4476] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 00000000756f1465 2 bytes [6F, 75] .text C:\Users\OEM\Desktop\Skany\Programy do skanowania\GMER\sdgwxpdu.exe[4476] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000756f14bb 2 bytes [6F, 75] .text ... * 2 ---- Processes - GMER 2.1 ---- Process C:\ProgramData\EPSON\EPW!3 SSRP\E_S40STB.EXE (*** suspicious ***) @ C:\ProgramData\EPSON\EPW!3 SSRP\E_S40STB.EXE [1216] (EPSON Status Monitor 3/SEIKO EPSON CORPORATION)(2012-12-22 12:19:58) 0000000100000000 Process C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RPB.EXE (*** suspicious ***) @ C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RPB.EXE [2224] (EPSON Status Monitor 3/SEIKO EPSON CORPORATION)(2012-12-22 12:19:58) 0000000100000000 Library C:\ProgramData\GG\ggdrive\ggdrive-overlay.dll (*** suspicious ***) @ C:\Windows\explorer.exe [676] (GG drive overlay/GG Network S.A.)(2013-01-23 13:08:43) 000000005c080000 Library C:\Users\OEM\AppData\Roaming\GG\ggdrive\ggdrive-menu.dll (*** suspicious ***) @ C:\Windows\explorer.exe [676] (GG drive menu/GG Network S.A.)(2013-01-2 000000005ff80000 ---- Files - GMER 2.1 ---- File C:\Windows\Temp\~bd32F2.tmp 0 bytes ---- EOF - GMER 2.1 ----