GMER 2.1.19357 - http://www.gmer.net Rootkit scan 2015-05-27 20:11:42 Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 Hitachi_ rev.JEDO 596,17GB Running: us424p16.exe; Driver: C:\Users\Olik\AppData\Local\Temp\kgqyakog.sys ---- User code sections - GMER 2.1 ---- .text C:\Program Files\Bitdefender\Bitdefender 2015\vsserv.exe[432] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077b8de90 6 bytes [48, B8, F0, 12, 12, 01] .text C:\Program Files\Bitdefender\Bitdefender 2015\vsserv.exe[432] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess + 8 0000000077b8de98 4 bytes [00, 00, 50, C3] .text C:\Program Files\Bitdefender\Bitdefender 2015\vsserv.exe[432] C:\Windows\system32\kernel32.dll!UnhandledExceptionFilter + 1 0000000077abb861 11 bytes [B8, F0, 12, 78, 01, 00, 00, ...] .text C:\Windows\System32\svchost.exe[1448] C:\Windows\SYSTEM32\ntdll.dll!RtlEqualSid + 1 0000000077b68611 11 bytes [B8, 39, 03, 3E, 76, 00, 00, ...] .text C:\Windows\System32\svchost.exe[1448] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateProcessParametersEx + 1 0000000077b76741 7 bytes [B8, 39, 69, 3D, 76, 00, 00] .text C:\Windows\System32\svchost.exe[1448] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateProcessParametersEx + 10 0000000077b7674a 2 bytes [50, C3] .text C:\Windows\System32\svchost.exe[1448] C:\Windows\SYSTEM32\ntdll.dll!NtWriteFile 0000000077b8dc50 6 bytes [48, B8, F9, 0B, 3E, 76] .text C:\Windows\System32\svchost.exe[1448] C:\Windows\SYSTEM32\ntdll.dll!NtWriteFile + 8 0000000077b8dc58 4 bytes [00, 00, 50, C3] .text C:\Windows\System32\svchost.exe[1448] C:\Windows\SYSTEM32\ntdll.dll!NtClose 0000000077b8dcc0 6 bytes [48, B8, 79, C2, 3D, 76] .text C:\Windows\System32\svchost.exe[1448] C:\Windows\SYSTEM32\ntdll.dll!NtClose + 8 0000000077b8dcc8 4 bytes [00, 00, 50, C3] .text C:\Windows\System32\svchost.exe[1448] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess 0000000077b8dd90 6 bytes [48, B8, 39, AF, 3D, 76] .text C:\Windows\System32\svchost.exe[1448] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess + 8 0000000077b8dd98 4 bytes [00, 00, 50, C3] .text C:\Windows\System32\svchost.exe[1448] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationToken 0000000077b8dde0 6 bytes [48, B8, 79, 01, 3E, 76] .text C:\Windows\System32\svchost.exe[1448] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationToken + 8 0000000077b8dde8 4 bytes [00, 00, 50, C3] .text C:\Windows\System32\svchost.exe[1448] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077b8de30 6 bytes [48, B8, F9, 32, 3D, 76] .text C:\Windows\System32\svchost.exe[1448] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess + 8 0000000077b8de38 4 bytes [00, 00, 50, C3] .text C:\Windows\System32\svchost.exe[1448] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 0000000077b8de50 6 bytes [48, B8, 39, 1C, 3D, 76] .text C:\Windows\System32\svchost.exe[1448] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection + 8 0000000077b8de58 4 bytes [00, 00, 50, C3] .text C:\Windows\System32\svchost.exe[1448] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection 0000000077b8de70 6 bytes [48, B8, F9, 1D, 3D, 76] .text C:\Windows\System32\svchost.exe[1448] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection + 8 0000000077b8de78 4 bytes [00, 00, 50, C3] .text C:\Windows\System32\svchost.exe[1448] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077b8de90 6 bytes [48, B8, 79, AD, 3D, 76] .text C:\Windows\System32\svchost.exe[1448] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess + 8 0000000077b8de98 4 bytes [00, 00, 50, C3] .text C:\Windows\System32\svchost.exe[1448] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077b8df40 6 bytes [48, B8, 39, 0A, 3E, 76] .text C:\Windows\System32\svchost.exe[1448] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection + 8 0000000077b8df48 4 bytes [00, 00, 50, C3] .text C:\Windows\System32\svchost.exe[1448] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077b8df70 6 bytes [48, B8, 79, 2F, 3D, 76] .text C:\Windows\System32\svchost.exe[1448] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory + 8 0000000077b8df78 4 bytes [00, 00, 50, C3] .text C:\Windows\System32\svchost.exe[1448] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077b8df90 6 bytes [48, B8, 79, 36, 3D, 76] .text C:\Windows\System32\svchost.exe[1448] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject + 8 0000000077b8df98 4 bytes [00, 00, 50, C3] .text C:\Windows\System32\svchost.exe[1448] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 0000000077b8e020 6 bytes [48, B8, B9, 34, 3D, 76] .text C:\Windows\System32\svchost.exe[1448] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread + 8 0000000077b8e028 4 bytes [00, 00, 50, C3] .text C:\Windows\System32\svchost.exe[1448] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077b8e070 6 bytes [48, B8, B9, 0D, 3E, 76] .text C:\Windows\System32\svchost.exe[1448] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection + 8 0000000077b8e078 4 bytes [00, 00, 50, C3] .text C:\Windows\System32\svchost.exe[1448] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcessEx 0000000077b8e0a0 6 bytes [48, B8, 39, 2A, 3D, 76] .text C:\Windows\System32\svchost.exe[1448] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcessEx + 8 0000000077b8e0a8 4 bytes [00, 00, 50, C3] .text C:\Windows\System32\svchost.exe[1448] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077b8e0b0 6 bytes [48, B8, B9, 26, 3D, 76] .text C:\Windows\System32\svchost.exe[1448] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread + 8 0000000077b8e0b8 4 bytes [00, 00, 50, C3] .text C:\Windows\System32\svchost.exe[1448] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 0000000077b8e120 6 bytes [48, B8, 79, DE, 3D, 76] .text C:\Windows\System32\svchost.exe[1448] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile + 8 0000000077b8e128 4 bytes [00, 00, 50, C3] .text C:\Windows\System32\svchost.exe[1448] C:\Windows\SYSTEM32\ntdll.dll!NtSetValueKey 0000000077b8e1d0 6 bytes [48, B8, 39, 11, 3E, 76] .text C:\Windows\System32\svchost.exe[1448] C:\Windows\SYSTEM32\ntdll.dll!NtSetValueKey + 8 0000000077b8e1d8 4 bytes [00, 00, 50, C3] .text C:\Windows\System32\svchost.exe[1448] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077b8e5a0 6 bytes [48, B8, 79, 08, 3E, 76] .text C:\Windows\System32\svchost.exe[1448] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant + 8 0000000077b8e5a8 4 bytes [00, 00, 50, C3] .text C:\Windows\System32\svchost.exe[1448] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcess 0000000077b8e5f0 6 bytes [48, B8, 79, 28, 3D, 76] .text C:\Windows\System32\svchost.exe[1448] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcess + 8 0000000077b8e5f8 4 bytes [00, 00, 50, C3] .text C:\Windows\System32\svchost.exe[1448] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077b8e650 6 bytes [48, B8, F9, 24, 3D, 76] .text C:\Windows\System32\svchost.exe[1448] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx + 8 0000000077b8e658 4 bytes [00, 00, 50, C3] .text C:\Windows\System32\svchost.exe[1448] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077b8e9c0 6 bytes [48, B8, 39, C4, 3D, 76] .text C:\Windows\System32\svchost.exe[1448] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver + 8 0000000077b8e9c8 4 bytes [00, 00, 50, C3] .text C:\Windows\System32\svchost.exe[1448] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcessToken 0000000077b8eb90 6 bytes [48, B8, B9, FF, 3D, 76] .text C:\Windows\System32\svchost.exe[1448] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcessToken + 8 0000000077b8eb98 4 bytes [00, 00, 50, C3] .text C:\Windows\System32\svchost.exe[1448] C:\Windows\SYSTEM32\ntdll.dll!NtRaiseHardError 0000000077b8ef00 6 bytes [48, B8, 79, 83, 3D, 76] .text C:\Windows\System32\svchost.exe[1448] C:\Windows\SYSTEM32\ntdll.dll!NtRaiseHardError + 8 0000000077b8ef08 4 bytes [00, 00, 50, C3] .text C:\Windows\System32\svchost.exe[1448] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077b8f100 6 bytes [48, B8, 39, 31, 3D, 76] .text C:\Windows\System32\svchost.exe[1448] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread + 8 0000000077b8f108 4 bytes [00, 00, 50, C3] .text C:\Windows\System32\svchost.exe[1448] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077b8f2c0 6 bytes [48, B8, F9, C5, 3D, 76] .text C:\Windows\System32\svchost.exe[1448] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation + 8 0000000077b8f2c8 4 bytes [00, 00, 50, C3] .text C:\Windows\System32\svchost.exe[1448] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077b8f3a0 6 bytes [48, B8, 79, 3D, 3D, 76] .text C:\Windows\System32\svchost.exe[1448] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess + 8 0000000077b8f3a8 4 bytes [00, 00, 50, C3] .text C:\Windows\System32\svchost.exe[1448] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077b8f3b0 6 bytes [48, B8, B9, 3B, 3D, 76] .text C:\Windows\System32\svchost.exe[1448] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread + 8 0000000077b8f3b8 4 bytes [00, 00, 50, C3] .text C:\Windows\System32\svchost.exe[1448] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077b8f3c0 6 bytes [48, B8, 79, 0F, 3E, 76] .text C:\Windows\System32\svchost.exe[1448] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl + 8 0000000077b8f3c8 4 bytes [00, 00, 50, C3] .text C:\Windows\System32\svchost.exe[1448] C:\Windows\SYSTEM32\ntdll.dll!RtlReportException + 1 0000000077bfea21 11 bytes [B8, 39, 85, 3D, 76, 00, 00, ...] .text C:\Windows\System32\svchost.exe[1448] C:\Windows\system32\kernel32.dll!Process32NextW + 1 0000000077a21b21 11 bytes [B8, B9, C0, 3D, 76, 00, 00, ...] .text C:\Windows\System32\svchost.exe[1448] C:\Windows\system32\kernel32.dll!CreateToolhelp32Snapshot 0000000077a21c10 12 bytes [48, B8, F9, 39, 3D, 76, 00, ...] .text C:\Windows\System32\svchost.exe[1448] C:\Windows\system32\kernel32.dll!MoveFileExW + 1 0000000077a22b61 8 bytes [B8, B9, D5, 3D, 76, 00, 00, ...] .text C:\Windows\System32\svchost.exe[1448] C:\Windows\system32\kernel32.dll!MoveFileExW + 10 0000000077a22b6a 2 bytes [50, C3] .text C:\Windows\System32\svchost.exe[1448] C:\Windows\system32\kernel32.dll!CreateProcessInternalW 0000000077a3dbc0 12 bytes [48, B8, B9, 2D, 3D, 76, 00, ...] .text C:\Windows\System32\svchost.exe[1448] C:\Windows\system32\kernel32.dll!GetStartupInfoA + 1 0000000077a40941 11 bytes [B8, B9, 06, 3E, 76, 00, 00, ...] .text C:\Windows\System32\svchost.exe[1448] C:\Windows\system32\kernel32.dll!ReadConsoleInputW + 1 0000000077a75331 11 bytes [B8, B9, 7A, 3D, 76, 00, 00, ...] .text C:\Windows\System32\svchost.exe[1448] C:\Windows\system32\kernel32.dll!ReadConsoleInputA + 1 0000000077a75351 11 bytes [B8, 39, 77, 3D, 76, 00, 00, ...] .text C:\Windows\System32\svchost.exe[1448] C:\Windows\system32\kernel32.dll!ReadConsoleW 0000000077a8a660 12 bytes [48, B8, B9, 81, 3D, 76, 00, ...] .text C:\Windows\System32\svchost.exe[1448] C:\Windows\system32\kernel32.dll!ReadConsoleA 0000000077a8a770 12 bytes [48, B8, 39, 7E, 3D, 76, 00, ...] .text C:\Windows\System32\svchost.exe[1448] C:\Windows\system32\kernel32.dll!MoveFileWithProgressW + 1 0000000077aaf511 11 bytes [B8, B9, DC, 3D, 76, 00, 00, ...] .text C:\Windows\System32\svchost.exe[1448] C:\Windows\system32\kernel32.dll!MoveFileWithProgressA + 1 0000000077aaf711 11 bytes [B8, 39, D9, 3D, 76, 00, 00, ...] .text C:\Windows\System32\svchost.exe[1448] C:\Windows\system32\kernel32.dll!MoveFileExA + 1 0000000077aaf741 8 bytes [B8, 39, D2, 3D, 76, 00, 00, ...] .text C:\Windows\System32\svchost.exe[1448] C:\Windows\system32\kernel32.dll!MoveFileExA + 10 0000000077aaf74a 2 bytes [50, C3] .text C:\Windows\System32\svchost.exe[1448] C:\Windows\system32\KERNELBASE.dll!CloseHandle + 1 000007fefdc51861 11 bytes [B8, 79, 52, 3D, 76, 00, 00, ...] .text C:\Windows\System32\svchost.exe[1448] C:\Windows\system32\KERNELBASE.dll!GetProcAddress + 1 000007fefdc530f1 11 bytes [B8, 39, B6, 3D, 76, 00, 00, ...] .text C:\Windows\System32\svchost.exe[1448] C:\Windows\system32\KERNELBASE.dll!FindFirstFileExW 000007fefdc55200 12 bytes [48, B8, F9, E1, 3D, 76, 00, ...] .text C:\Windows\System32\svchost.exe[1448] C:\Windows\system32\KERNELBASE.dll!FindNextFileW + 1 000007fefdc55b91 11 bytes [B8, B9, E3, 3D, 76, 00, 00, ...] .text C:\Windows\System32\svchost.exe[1448] C:\Windows\system32\KERNELBASE.dll!CreateMutexW 000007fefdc58c00 12 bytes [48, B8, B9, 50, 3D, 76, 00, ...] .text C:\Windows\System32\svchost.exe[1448] C:\Windows\system32\KERNELBASE.dll!CreateWellKnownSid + 1 000007fefdc59531 11 bytes [B8, F9, FD, 3D, 76, 00, 00, ...] .text C:\Windows\System32\svchost.exe[1448] C:\Windows\system32\KERNELBASE.dll!DeviceIoControl + 1 000007fefdc59e71 11 bytes [B8, 39, E0, 3D, 76, 00, 00, ...] .text C:\Windows\System32\svchost.exe[1448] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExA + 1 000007fefdc5b591 11 bytes [B8, F9, B0, 3D, 76, 00, 00, ...] .text C:\Windows\System32\svchost.exe[1448] C:\Windows\system32\KERNELBASE.dll!OpenMutexW + 1 000007fefdc62361 11 bytes [B8, F9, 4E, 3D, 76, 00, 00, ...] .text C:\Windows\System32\svchost.exe[1448] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefdc6a590 12 bytes [48, B8, B9, B2, 3D, 76, 00, ...] .text C:\Windows\System32\svchost.exe[1448] C:\Windows\system32\KERNELBASE.dll!FreeLibrary + 1 000007fefdc6ac01 11 bytes [B8, 79, B4, 3D, 76, 00, 00, ...] .text C:\Windows\System32\svchost.exe[1448] C:\Windows\system32\KERNELBASE.dll!WriteProcessMemory 000007fefdc842e0 12 bytes [48, B8, B9, 42, 3D, 76, 00, ...] .text C:\Windows\System32\svchost.exe[1448] C:\Windows\system32\KERNELBASE.dll!DefineDosDeviceW + 1 000007fefdc90ba1 11 bytes [B8, B9, CE, 3D, 76, 00, 00, ...] .text C:\Windows\System32\svchost.exe[1448] C:\Windows\system32\KERNELBASE.dll!CreateRemoteThread + 1 000007fefdc92801 8 bytes [B8, 39, 23, 3D, 76, 00, 00, ...] .text C:\Windows\System32\svchost.exe[1448] C:\Windows\system32\KERNELBASE.dll!CreateRemoteThread + 10 000007fefdc9280a 2 bytes [50, C3] .text C:\Windows\System32\svchost.exe[1448] C:\Windows\system32\KERNELBASE.dll!CreateThread + 1 000007fefdc92841 11 bytes [B8, F9, 40, 3D, 76, 00, 00, ...] .text C:\Windows\System32\svchost.exe[1448] C:\Windows\SYSTEM32\sechost.dll!ControlService + 1 000007feff6f642d 11 bytes [B8, 39, 5B, 3D, 76, 00, 00, ...] .text C:\Windows\System32\svchost.exe[1448] C:\Windows\SYSTEM32\sechost.dll!OpenServiceW 000007feff6f6484 12 bytes [48, B8, F9, 55, 3D, 76, 00, ...] .text C:\Windows\System32\svchost.exe[1448] C:\Windows\SYSTEM32\sechost.dll!CloseServiceHandle + 1 000007feff6f6519 11 bytes [B8, 39, 62, 3D, 76, 00, 00, ...] .text C:\Windows\System32\svchost.exe[1448] C:\Windows\SYSTEM32\sechost.dll!OpenServiceA 000007feff6f6c34 12 bytes [48, B8, 39, 54, 3D, 76, 00, ...] .text C:\Windows\System32\svchost.exe[1448] C:\Windows\SYSTEM32\sechost.dll!DeleteService + 1 000007feff6f7ab5 11 bytes [B8, F9, 5C, 3D, 76, 00, 00, ...] .text C:\Windows\System32\svchost.exe[1448] C:\Windows\SYSTEM32\sechost.dll!ControlServiceExA + 1 000007feff6f8b01 11 bytes [B8, B9, 57, 3D, 76, 00, 00, ...] .text C:\Windows\System32\svchost.exe[1448] C:\Windows\SYSTEM32\sechost.dll!ControlServiceExW + 1 000007feff6f8c39 11 bytes [B8, 79, 59, 3D, 76, 00, 00, ...] .text C:\Windows\System32\svchost.exe[1448] C:\Windows\system32\ADVAPI32.dll!CryptExportKey + 1 000007fefdcfaeb1 11 bytes [B8, F9, F6, 3D, 76, 00, 00, ...] .text C:\Windows\System32\svchost.exe[1448] C:\Windows\system32\ADVAPI32.dll!CryptAcquireContextA + 1 000007fefdcfaf11 11 bytes [B8, 79, E5, 3D, 76, 00, 00, ...] .text C:\Windows\System32\svchost.exe[1448] C:\Windows\system32\ADVAPI32.dll!CryptImportKey + 1 000007fefdcfe719 11 bytes [B8, 39, FC, 3D, 76, 00, 00, ...] .text C:\Windows\System32\svchost.exe[1448] C:\Windows\system32\ADVAPI32.dll!CryptAcquireContextW + 1 000007fefdd0051d 11 bytes [B8, 39, E7, 3D, 76, 00, 00, ...] .text C:\Windows\System32\svchost.exe[1448] C:\Windows\system32\ADVAPI32.dll!CryptCreateHash + 1 000007fefdd00609 11 bytes [B8, 39, F5, 3D, 76, 00, 00, ...] .text C:\Windows\System32\svchost.exe[1448] C:\Windows\system32\ADVAPI32.dll!CryptGetHashParam + 1 000007fefdd00641 11 bytes [B8, B9, F8, 3D, 76, 00, 00, ...] .text C:\Windows\System32\svchost.exe[1448] C:\Windows\system32\ADVAPI32.dll!CryptGetHashParam + 73 000007fefdd00689 5 bytes [B8, 79, FA, 3D, 76] .text ... * 2 .text C:\Windows\System32\svchost.exe[1448] C:\Windows\system32\ADVAPI32.dll!IsTextUnicode + 49 000007fefdd14ea1 11 bytes [B8, B9, 14, 3E, 76, 00, 00, ...] .text C:\Windows\System32\svchost.exe[1448] C:\Windows\system32\ADVAPI32.dll!CreateServiceW 000007fefdd155c8 12 bytes [48, B8, B9, 6C, 3D, 76, 00, ...] .text C:\Windows\System32\svchost.exe[1448] C:\Windows\system32\ADVAPI32.dll!CryptEncrypt + 1 000007fefdd2b7d1 7 bytes [B8, B9, EA, 3D, 76, 00, 00] .text C:\Windows\System32\svchost.exe[1448] C:\Windows\system32\ADVAPI32.dll!CryptEncrypt + 10 000007fefdd2b7da 2 bytes [50, C3] .text C:\Windows\System32\svchost.exe[1448] C:\Windows\system32\ADVAPI32.dll!CreateServiceA 000007fefdd2b85c 12 bytes [48, B8, F9, 6A, 3D, 76, 00, ...] .text C:\Windows\System32\svchost.exe[1448] C:\Windows\system32\ADVAPI32.dll!ChangeServiceConfigW 000007fefdd2b9d0 12 bytes [48, B8, 79, 60, 3D, 76, 00, ...] .text C:\Windows\System32\svchost.exe[1448] C:\Windows\system32\ADVAPI32.dll!ChangeServiceConfigA 000007fefdd2ba3c 12 bytes [48, B8, B9, 5E, 3D, 76, 00, ...] .text C:\Windows\System32\svchost.exe[1448] C:\Windows\system32\WS2_32.dll!WSASend + 1 000007feff1b13b1 11 bytes [B8, B9, AB, 3D, 76, 00, 00, ...] .text C:\Windows\System32\svchost.exe[1448] C:\Windows\system32\WS2_32.dll!closesocket 000007feff1b18e0 12 bytes [48, B8, F9, A9, 3D, 76, 00, ...] .text C:\Windows\System32\svchost.exe[1448] C:\Windows\system32\WS2_32.dll!WSASocketW + 1 000007feff1b1bd1 11 bytes [B8, 39, A8, 3D, 76, 00, 00, ...] .text C:\Windows\System32\svchost.exe[1448] C:\Windows\system32\WS2_32.dll!WSARecv + 1 000007feff1b2201 11 bytes [B8, 79, F3, 3D, 76, 00, 00, ...] .text C:\Windows\System32\svchost.exe[1448] C:\Windows\system32\WS2_32.dll!GetAddrInfoW 000007feff1b23c0 12 bytes [48, B8, 39, 8C, 3D, 76, 00, ...] .text C:\Windows\System32\svchost.exe[1448] C:\Windows\system32\WS2_32.dll!connect 000007feff1b45c0 12 bytes [48, B8, 79, 67, 3D, 76, 00, ...] .text C:\Windows\System32\svchost.exe[1448] C:\Windows\system32\WS2_32.dll!send + 1 000007feff1b8001 11 bytes [B8, 79, A6, 3D, 76, 00, 00, ...] .text C:\Windows\System32\svchost.exe[1448] C:\Windows\system32\WS2_32.dll!gethostbyname 000007feff1b8df0 7 bytes [48, B8, B9, 8F, 3D, 76, 00] .text C:\Windows\System32\svchost.exe[1448] C:\Windows\system32\WS2_32.dll!gethostbyname + 9 000007feff1b8df9 3 bytes [00, 50, C3] .text C:\Windows\System32\svchost.exe[1448] C:\Windows\system32\WS2_32.dll!GetAddrInfoExW 000007feff1bc090 12 bytes [48, B8, F9, 8D, 3D, 76, 00, ...] .text C:\Windows\System32\svchost.exe[1448] C:\Windows\system32\WS2_32.dll!socket + 1 000007feff1bde91 11 bytes [B8, 79, EC, 3D, 76, 00, 00, ...] .text C:\Windows\System32\svchost.exe[1448] C:\Windows\system32\WS2_32.dll!recv + 1 000007feff1bdf41 11 bytes [B8, B9, F1, 3D, 76, 00, 00, ...] .text C:\Windows\System32\svchost.exe[1448] C:\Windows\system32\WS2_32.dll!WSAConnect + 1 000007feff1de0f1 11 bytes [B8, F9, EF, 3D, 76, 00, 00, ...] .text C:\Windows\system32\svchost.exe[1484] C:\Windows\SYSTEM32\ntdll.dll!RtlEqualSid + 1 0000000077b68611 11 bytes [B8, 39, 03, 3E, 76, 00, 00, ...] .text C:\Windows\system32\svchost.exe[1484] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateProcessParametersEx + 1 0000000077b76741 7 bytes [B8, 39, 69, 3D, 76, 00, 00] .text C:\Windows\system32\svchost.exe[1484] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateProcessParametersEx + 10 0000000077b7674a 2 bytes [50, C3] .text C:\Windows\system32\svchost.exe[1484] C:\Windows\SYSTEM32\ntdll.dll!NtWriteFile 0000000077b8dc50 6 bytes [48, B8, F9, 0B, 3E, 76] .text C:\Windows\system32\svchost.exe[1484] C:\Windows\SYSTEM32\ntdll.dll!NtWriteFile + 8 0000000077b8dc58 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\svchost.exe[1484] C:\Windows\SYSTEM32\ntdll.dll!NtClose 0000000077b8dcc0 6 bytes [48, B8, 79, C2, 3D, 76] .text C:\Windows\system32\svchost.exe[1484] C:\Windows\SYSTEM32\ntdll.dll!NtClose + 8 0000000077b8dcc8 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\svchost.exe[1484] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess 0000000077b8dd90 6 bytes [48, B8, 39, AF, 3D, 76] .text C:\Windows\system32\svchost.exe[1484] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess + 8 0000000077b8dd98 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\svchost.exe[1484] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationToken 0000000077b8dde0 6 bytes [48, B8, 79, 01, 3E, 76] .text C:\Windows\system32\svchost.exe[1484] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationToken + 8 0000000077b8dde8 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\svchost.exe[1484] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077b8de30 6 bytes [48, B8, F9, 32, 3D, 76] .text C:\Windows\system32\svchost.exe[1484] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess + 8 0000000077b8de38 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\svchost.exe[1484] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 0000000077b8de50 6 bytes [48, B8, 39, 1C, 3D, 76] .text C:\Windows\system32\svchost.exe[1484] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection + 8 0000000077b8de58 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\svchost.exe[1484] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection 0000000077b8de70 6 bytes [48, B8, F9, 1D, 3D, 76] .text C:\Windows\system32\svchost.exe[1484] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection + 8 0000000077b8de78 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\svchost.exe[1484] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077b8de90 6 bytes [48, B8, 79, AD, 3D, 76] .text C:\Windows\system32\svchost.exe[1484] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess + 8 0000000077b8de98 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\svchost.exe[1484] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077b8df40 6 bytes [48, B8, 39, 0A, 3E, 76] .text C:\Windows\system32\svchost.exe[1484] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection + 8 0000000077b8df48 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\svchost.exe[1484] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077b8df70 6 bytes [48, B8, 79, 2F, 3D, 76] .text C:\Windows\system32\svchost.exe[1484] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory + 8 0000000077b8df78 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\svchost.exe[1484] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077b8df90 6 bytes [48, B8, 79, 36, 3D, 76] .text C:\Windows\system32\svchost.exe[1484] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject + 8 0000000077b8df98 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\svchost.exe[1484] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 0000000077b8e020 6 bytes [48, B8, B9, 34, 3D, 76] .text C:\Windows\system32\svchost.exe[1484] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread + 8 0000000077b8e028 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\svchost.exe[1484] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077b8e070 6 bytes [48, B8, B9, 0D, 3E, 76] .text C:\Windows\system32\svchost.exe[1484] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection + 8 0000000077b8e078 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\svchost.exe[1484] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcessEx 0000000077b8e0a0 6 bytes [48, B8, 39, 2A, 3D, 76] .text C:\Windows\system32\svchost.exe[1484] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcessEx + 8 0000000077b8e0a8 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\svchost.exe[1484] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077b8e0b0 6 bytes [48, B8, B9, 26, 3D, 76] .text C:\Windows\system32\svchost.exe[1484] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread + 8 0000000077b8e0b8 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\svchost.exe[1484] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 0000000077b8e120 6 bytes [48, B8, 79, DE, 3D, 76] .text C:\Windows\system32\svchost.exe[1484] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile + 8 0000000077b8e128 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\svchost.exe[1484] C:\Windows\SYSTEM32\ntdll.dll!NtSetValueKey 0000000077b8e1d0 6 bytes [48, B8, 39, 11, 3E, 76] .text C:\Windows\system32\svchost.exe[1484] C:\Windows\SYSTEM32\ntdll.dll!NtSetValueKey + 8 0000000077b8e1d8 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\svchost.exe[1484] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077b8e5a0 6 bytes [48, B8, 79, 08, 3E, 76] .text C:\Windows\system32\svchost.exe[1484] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant + 8 0000000077b8e5a8 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\svchost.exe[1484] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcess 0000000077b8e5f0 6 bytes [48, B8, 79, 28, 3D, 76] .text C:\Windows\system32\svchost.exe[1484] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcess + 8 0000000077b8e5f8 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\svchost.exe[1484] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077b8e650 6 bytes [48, B8, F9, 24, 3D, 76] .text C:\Windows\system32\svchost.exe[1484] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx + 8 0000000077b8e658 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\svchost.exe[1484] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077b8e9c0 6 bytes [48, B8, 39, C4, 3D, 76] .text C:\Windows\system32\svchost.exe[1484] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver + 8 0000000077b8e9c8 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\svchost.exe[1484] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcessToken 0000000077b8eb90 6 bytes [48, B8, B9, FF, 3D, 76] .text C:\Windows\system32\svchost.exe[1484] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcessToken + 8 0000000077b8eb98 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\svchost.exe[1484] C:\Windows\SYSTEM32\ntdll.dll!NtRaiseHardError 0000000077b8ef00 6 bytes [48, B8, 79, 83, 3D, 76] .text C:\Windows\system32\svchost.exe[1484] C:\Windows\SYSTEM32\ntdll.dll!NtRaiseHardError + 8 0000000077b8ef08 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\svchost.exe[1484] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077b8f100 6 bytes [48, B8, 39, 31, 3D, 76] .text C:\Windows\system32\svchost.exe[1484] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread + 8 0000000077b8f108 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\svchost.exe[1484] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077b8f2c0 6 bytes [48, B8, F9, C5, 3D, 76] .text C:\Windows\system32\svchost.exe[1484] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation + 8 0000000077b8f2c8 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\svchost.exe[1484] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077b8f3a0 6 bytes [48, B8, 79, 3D, 3D, 76] .text C:\Windows\system32\svchost.exe[1484] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess + 8 0000000077b8f3a8 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\svchost.exe[1484] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077b8f3b0 6 bytes [48, B8, B9, 3B, 3D, 76] .text C:\Windows\system32\svchost.exe[1484] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread + 8 0000000077b8f3b8 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\svchost.exe[1484] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077b8f3c0 6 bytes [48, B8, 79, 0F, 3E, 76] .text C:\Windows\system32\svchost.exe[1484] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl + 8 0000000077b8f3c8 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\svchost.exe[1484] C:\Windows\SYSTEM32\ntdll.dll!RtlReportException + 1 0000000077bfea21 11 bytes [B8, 39, 85, 3D, 76, 00, 00, ...] .text C:\Windows\system32\svchost.exe[1484] C:\Windows\system32\KERNELBASE.dll!CloseHandle + 1 000007fefdc51861 11 bytes [B8, 79, 52, 3D, 76, 00, 00, ...] .text C:\Windows\system32\svchost.exe[1484] C:\Windows\system32\KERNELBASE.dll!GetProcAddress + 1 000007fefdc530f1 11 bytes [B8, 39, B6, 3D, 76, 00, 00, ...] .text C:\Windows\system32\svchost.exe[1484] C:\Windows\system32\KERNELBASE.dll!FindFirstFileExW 000007fefdc55200 12 bytes [48, B8, F9, E1, 3D, 76, 00, ...] .text C:\Windows\system32\svchost.exe[1484] C:\Windows\system32\KERNELBASE.dll!FindNextFileW + 1 000007fefdc55b91 11 bytes [B8, B9, E3, 3D, 76, 00, 00, ...] .text C:\Windows\system32\svchost.exe[1484] C:\Windows\system32\KERNELBASE.dll!CreateMutexW 000007fefdc58c00 12 bytes [48, B8, B9, 50, 3D, 76, 00, ...] .text C:\Windows\system32\svchost.exe[1484] C:\Windows\system32\KERNELBASE.dll!CreateWellKnownSid + 1 000007fefdc59531 11 bytes [B8, F9, FD, 3D, 76, 00, 00, ...] .text C:\Windows\system32\svchost.exe[1484] C:\Windows\system32\KERNELBASE.dll!DeviceIoControl + 1 000007fefdc59e71 11 bytes [B8, 39, E0, 3D, 76, 00, 00, ...] .text C:\Windows\system32\svchost.exe[1484] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExA + 1 000007fefdc5b591 11 bytes [B8, F9, B0, 3D, 76, 00, 00, ...] .text C:\Windows\system32\svchost.exe[1484] C:\Windows\system32\KERNELBASE.dll!OpenMutexW + 1 000007fefdc62361 11 bytes [B8, F9, 4E, 3D, 76, 00, 00, ...] .text C:\Windows\system32\svchost.exe[1484] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefdc6a590 12 bytes [48, B8, B9, B2, 3D, 76, 00, ...] .text C:\Windows\system32\svchost.exe[1484] C:\Windows\system32\KERNELBASE.dll!FreeLibrary + 1 000007fefdc6ac01 11 bytes [B8, 79, B4, 3D, 76, 00, 00, ...] .text C:\Windows\system32\svchost.exe[1484] C:\Windows\system32\KERNELBASE.dll!WriteProcessMemory 000007fefdc842e0 12 bytes [48, B8, B9, 42, 3D, 76, 00, ...] .text C:\Windows\system32\svchost.exe[1484] C:\Windows\system32\KERNELBASE.dll!DefineDosDeviceW + 1 000007fefdc90ba1 11 bytes [B8, B9, CE, 3D, 76, 00, 00, ...] .text C:\Windows\system32\svchost.exe[1484] C:\Windows\system32\KERNELBASE.dll!CreateRemoteThread + 1 000007fefdc92801 8 bytes [B8, 39, 23, 3D, 76, 00, 00, ...] .text C:\Windows\system32\svchost.exe[1484] C:\Windows\system32\KERNELBASE.dll!CreateRemoteThread + 10 000007fefdc9280a 2 bytes [50, C3] .text C:\Windows\system32\svchost.exe[1484] C:\Windows\system32\KERNELBASE.dll!CreateThread + 1 000007fefdc92841 11 bytes [B8, F9, 40, 3D, 76, 00, 00, ...] .text C:\Windows\system32\svchost.exe[1484] C:\Windows\SYSTEM32\sechost.dll!ControlService + 1 000007feff6f642d 11 bytes [B8, 39, 5B, 3D, 76, 00, 00, ...] .text C:\Windows\system32\svchost.exe[1484] C:\Windows\SYSTEM32\sechost.dll!OpenServiceW 000007feff6f6484 12 bytes [48, B8, F9, 55, 3D, 76, 00, ...] .text C:\Windows\system32\svchost.exe[1484] C:\Windows\SYSTEM32\sechost.dll!CloseServiceHandle + 1 000007feff6f6519 11 bytes [B8, 39, 62, 3D, 76, 00, 00, ...] .text C:\Windows\system32\svchost.exe[1484] C:\Windows\SYSTEM32\sechost.dll!OpenServiceA 000007feff6f6c34 12 bytes [48, B8, 39, 54, 3D, 76, 00, ...] .text C:\Windows\system32\svchost.exe[1484] C:\Windows\SYSTEM32\sechost.dll!DeleteService + 1 000007feff6f7ab5 11 bytes [B8, F9, 5C, 3D, 76, 00, 00, ...] .text C:\Windows\system32\svchost.exe[1484] C:\Windows\SYSTEM32\sechost.dll!ControlServiceExA + 1 000007feff6f8b01 11 bytes [B8, B9, 57, 3D, 76, 00, 00, ...] .text C:\Windows\system32\svchost.exe[1484] C:\Windows\SYSTEM32\sechost.dll!ControlServiceExW + 1 000007feff6f8c39 11 bytes [B8, 79, 59, 3D, 76, 00, 00, ...] .text C:\Windows\system32\svchost.exe[1484] C:\Windows\system32\winhttp.dll!WinHttpCloseHandle 000007fefb2f22e0 12 bytes [48, B8, F9, A2, 3D, 76, 00, ...] .text C:\Windows\system32\svchost.exe[1484] C:\Windows\system32\winhttp.dll!WinHttpOpenRequest 000007fefb2f45f8 12 bytes [48, B8, 39, A1, 3D, 76, 00, ...] .text C:\Windows\system32\svchost.exe[1484] C:\Windows\system32\winhttp.dll!WinHttpConnect 000007fefb303e3c 12 bytes [48, B8, B9, A4, 3D, 76, 00, ...] .text C:\Windows\system32\svchost.exe[1484] C:\Windows\system32\WS2_32.dll!WSASend + 1 000007feff1b13b1 11 bytes [B8, B9, AB, 3D, 76, 00, 00, ...] .text C:\Windows\system32\svchost.exe[1484] C:\Windows\system32\WS2_32.dll!closesocket 000007feff1b18e0 12 bytes [48, B8, F9, A9, 3D, 76, 00, ...] .text C:\Windows\system32\svchost.exe[1484] C:\Windows\system32\WS2_32.dll!WSASocketW + 1 000007feff1b1bd1 11 bytes [B8, 39, A8, 3D, 76, 00, 00, ...] .text C:\Windows\system32\svchost.exe[1484] C:\Windows\system32\WS2_32.dll!WSARecv + 1 000007feff1b2201 11 bytes [B8, 79, F3, 3D, 76, 00, 00, ...] .text C:\Windows\system32\svchost.exe[1484] C:\Windows\system32\WS2_32.dll!GetAddrInfoW 000007feff1b23c0 12 bytes [48, B8, 39, 8C, 3D, 76, 00, ...] .text C:\Windows\system32\svchost.exe[1484] C:\Windows\system32\WS2_32.dll!connect 000007feff1b45c0 12 bytes [48, B8, 79, 67, 3D, 76, 00, ...] .text C:\Windows\system32\svchost.exe[1484] C:\Windows\system32\WS2_32.dll!send + 1 000007feff1b8001 11 bytes [B8, 79, A6, 3D, 76, 00, 00, ...] .text C:\Windows\system32\svchost.exe[1484] C:\Windows\system32\WS2_32.dll!gethostbyname 000007feff1b8df0 7 bytes [48, B8, B9, 8F, 3D, 76, 00] .text C:\Windows\system32\svchost.exe[1484] C:\Windows\system32\WS2_32.dll!gethostbyname + 9 000007feff1b8df9 3 bytes [00, 50, C3] .text C:\Windows\system32\svchost.exe[1484] C:\Windows\system32\WS2_32.dll!GetAddrInfoExW 000007feff1bc090 12 bytes [48, B8, F9, 8D, 3D, 76, 00, ...] .text C:\Windows\system32\svchost.exe[1484] C:\Windows\system32\WS2_32.dll!socket + 1 000007feff1bde91 11 bytes [B8, 79, EC, 3D, 76, 00, 00, ...] .text C:\Windows\system32\svchost.exe[1484] C:\Windows\system32\WS2_32.dll!recv + 1 000007feff1bdf41 11 bytes [B8, B9, F1, 3D, 76, 00, 00, ...] .text C:\Windows\system32\svchost.exe[1484] C:\Windows\system32\WS2_32.dll!WSAConnect + 1 000007feff1de0f1 11 bytes [B8, F9, EF, 3D, 76, 00, 00, ...] .text C:\Windows\system32\svchost.exe[1484] C:\Windows\system32\DNSAPI.dll!DnsQuery_UTF8 000007fefcc256e0 12 bytes [48, B8, 39, CB, 3D, 76, 00, ...] .text C:\Windows\system32\svchost.exe[1484] C:\Windows\system32\DNSAPI.dll!DnsQuery_W 000007fefcc3010c 12 bytes [48, B8, 79, C9, 3D, 76, 00, ...] .text C:\Windows\system32\svchost.exe[1484] C:\Windows\system32\DNSAPI.dll!DnsQuery_A 000007fefcc4daa0 12 bytes [48, B8, B9, C7, 3D, 76, 00, ...] .text C:\Windows\system32\svchost.exe[1508] C:\Windows\SYSTEM32\ntdll.dll!RtlEqualSid + 1 0000000077b68611 11 bytes [B8, 39, 03, 3E, 76, 00, 00, ...] .text C:\Windows\system32\svchost.exe[1508] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateProcessParametersEx + 1 0000000077b76741 7 bytes [B8, 39, 69, 3D, 76, 00, 00] .text C:\Windows\system32\svchost.exe[1508] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateProcessParametersEx + 10 0000000077b7674a 2 bytes [50, C3] .text C:\Windows\system32\svchost.exe[1508] C:\Windows\SYSTEM32\ntdll.dll!NtWriteFile 0000000077b8dc50 6 bytes [48, B8, F9, 0B, 3E, 76] .text C:\Windows\system32\svchost.exe[1508] C:\Windows\SYSTEM32\ntdll.dll!NtWriteFile + 8 0000000077b8dc58 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\svchost.exe[1508] C:\Windows\SYSTEM32\ntdll.dll!NtClose 0000000077b8dcc0 6 bytes [48, B8, 79, C2, 3D, 76] .text C:\Windows\system32\svchost.exe[1508] C:\Windows\SYSTEM32\ntdll.dll!NtClose + 8 0000000077b8dcc8 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\svchost.exe[1508] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess 0000000077b8dd90 6 bytes [48, B8, 39, AF, 3D, 76] .text C:\Windows\system32\svchost.exe[1508] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess + 8 0000000077b8dd98 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\svchost.exe[1508] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationToken 0000000077b8dde0 6 bytes [48, B8, 79, 01, 3E, 76] .text C:\Windows\system32\svchost.exe[1508] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationToken + 8 0000000077b8dde8 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\svchost.exe[1508] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077b8de30 6 bytes [48, B8, F9, 32, 3D, 76] .text C:\Windows\system32\svchost.exe[1508] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess + 8 0000000077b8de38 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\svchost.exe[1508] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 0000000077b8de50 6 bytes [48, B8, 39, 1C, 3D, 76] .text C:\Windows\system32\svchost.exe[1508] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection + 8 0000000077b8de58 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\svchost.exe[1508] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection 0000000077b8de70 6 bytes [48, B8, F9, 1D, 3D, 76] .text C:\Windows\system32\svchost.exe[1508] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection + 8 0000000077b8de78 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\svchost.exe[1508] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077b8de90 6 bytes [48, B8, 79, AD, 3D, 76] .text C:\Windows\system32\svchost.exe[1508] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess + 8 0000000077b8de98 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\svchost.exe[1508] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077b8df40 6 bytes [48, B8, 39, 0A, 3E, 76] .text C:\Windows\system32\svchost.exe[1508] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection + 8 0000000077b8df48 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\svchost.exe[1508] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077b8df70 6 bytes [48, B8, 79, 2F, 3D, 76] .text C:\Windows\system32\svchost.exe[1508] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory + 8 0000000077b8df78 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\svchost.exe[1508] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077b8df90 6 bytes [48, B8, 79, 36, 3D, 76] .text C:\Windows\system32\svchost.exe[1508] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject + 8 0000000077b8df98 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\svchost.exe[1508] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 0000000077b8e020 6 bytes [48, B8, B9, 34, 3D, 76] .text C:\Windows\system32\svchost.exe[1508] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread + 8 0000000077b8e028 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\svchost.exe[1508] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077b8e070 6 bytes [48, B8, B9, 0D, 3E, 76] .text C:\Windows\system32\svchost.exe[1508] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection + 8 0000000077b8e078 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\svchost.exe[1508] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcessEx 0000000077b8e0a0 6 bytes [48, B8, 39, 2A, 3D, 76] .text C:\Windows\system32\svchost.exe[1508] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcessEx + 8 0000000077b8e0a8 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\svchost.exe[1508] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077b8e0b0 6 bytes [48, B8, B9, 26, 3D, 76] .text C:\Windows\system32\svchost.exe[1508] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread + 8 0000000077b8e0b8 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\svchost.exe[1508] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 0000000077b8e120 6 bytes [48, B8, 79, DE, 3D, 76] .text C:\Windows\system32\svchost.exe[1508] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile + 8 0000000077b8e128 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\svchost.exe[1508] C:\Windows\SYSTEM32\ntdll.dll!NtSetValueKey 0000000077b8e1d0 6 bytes [48, B8, 39, 11, 3E, 76] .text C:\Windows\system32\svchost.exe[1508] C:\Windows\SYSTEM32\ntdll.dll!NtSetValueKey + 8 0000000077b8e1d8 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\svchost.exe[1508] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077b8e5a0 6 bytes [48, B8, 79, 08, 3E, 76] .text C:\Windows\system32\svchost.exe[1508] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant + 8 0000000077b8e5a8 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\svchost.exe[1508] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcess 0000000077b8e5f0 6 bytes [48, B8, 79, 28, 3D, 76] .text C:\Windows\system32\svchost.exe[1508] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcess + 8 0000000077b8e5f8 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\svchost.exe[1508] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077b8e650 6 bytes [48, B8, F9, 24, 3D, 76] .text C:\Windows\system32\svchost.exe[1508] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx + 8 0000000077b8e658 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\svchost.exe[1508] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077b8e9c0 6 bytes [48, B8, 39, C4, 3D, 76] .text C:\Windows\system32\svchost.exe[1508] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver + 8 0000000077b8e9c8 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\svchost.exe[1508] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcessToken 0000000077b8eb90 6 bytes [48, B8, B9, FF, 3D, 76] .text C:\Windows\system32\svchost.exe[1508] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcessToken + 8 0000000077b8eb98 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\svchost.exe[1508] C:\Windows\SYSTEM32\ntdll.dll!NtRaiseHardError 0000000077b8ef00 6 bytes [48, B8, 79, 83, 3D, 76] .text C:\Windows\system32\svchost.exe[1508] C:\Windows\SYSTEM32\ntdll.dll!NtRaiseHardError + 8 0000000077b8ef08 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\svchost.exe[1508] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077b8f100 6 bytes [48, B8, 39, 31, 3D, 76] .text C:\Windows\system32\svchost.exe[1508] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread + 8 0000000077b8f108 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\svchost.exe[1508] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077b8f2c0 6 bytes [48, B8, F9, C5, 3D, 76] .text C:\Windows\system32\svchost.exe[1508] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation + 8 0000000077b8f2c8 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\svchost.exe[1508] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077b8f3a0 6 bytes [48, B8, 79, 3D, 3D, 76] .text C:\Windows\system32\svchost.exe[1508] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess + 8 0000000077b8f3a8 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\svchost.exe[1508] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077b8f3b0 6 bytes [48, B8, B9, 3B, 3D, 76] .text C:\Windows\system32\svchost.exe[1508] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread + 8 0000000077b8f3b8 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\svchost.exe[1508] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077b8f3c0 6 bytes [48, B8, 79, 0F, 3E, 76] .text C:\Windows\system32\svchost.exe[1508] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl + 8 0000000077b8f3c8 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\svchost.exe[1508] C:\Windows\SYSTEM32\ntdll.dll!RtlReportException + 1 0000000077bfea21 11 bytes [B8, 39, 85, 3D, 76, 00, 00, ...] .text C:\Windows\system32\svchost.exe[1508] C:\Windows\system32\kernel32.dll!Process32NextW + 1 0000000077a21b21 11 bytes [B8, B9, C0, 3D, 76, 00, 00, ...] .text C:\Windows\system32\svchost.exe[1508] C:\Windows\system32\kernel32.dll!CreateToolhelp32Snapshot 0000000077a21c10 12 bytes [48, B8, F9, 39, 3D, 76, 00, ...] .text C:\Windows\system32\svchost.exe[1508] C:\Windows\system32\kernel32.dll!MoveFileExW + 1 0000000077a22b61 8 bytes [B8, B9, D5, 3D, 76, 00, 00, ...] .text C:\Windows\system32\svchost.exe[1508] C:\Windows\system32\kernel32.dll!MoveFileExW + 10 0000000077a22b6a 2 bytes [50, C3] .text C:\Windows\system32\svchost.exe[1508] C:\Windows\system32\kernel32.dll!CreateProcessInternalW 0000000077a3dbc0 12 bytes [48, B8, B9, 2D, 3D, 76, 00, ...] .text C:\Windows\system32\svchost.exe[1508] C:\Windows\system32\kernel32.dll!GetStartupInfoA + 1 0000000077a40941 11 bytes [B8, B9, 06, 3E, 76, 00, 00, ...] .text C:\Windows\system32\svchost.exe[1508] C:\Windows\system32\kernel32.dll!ReadConsoleInputW + 1 0000000077a75331 11 bytes [B8, B9, 7A, 3D, 76, 00, 00, ...] .text C:\Windows\system32\svchost.exe[1508] C:\Windows\system32\kernel32.dll!ReadConsoleInputA + 1 0000000077a75351 11 bytes [B8, 39, 77, 3D, 76, 00, 00, ...] .text C:\Windows\system32\svchost.exe[1508] C:\Windows\system32\kernel32.dll!ReadConsoleW 0000000077a8a660 12 bytes [48, B8, B9, 81, 3D, 76, 00, ...] .text C:\Windows\system32\svchost.exe[1508] C:\Windows\system32\kernel32.dll!ReadConsoleA 0000000077a8a770 12 bytes [48, B8, 39, 7E, 3D, 76, 00, ...] .text C:\Windows\system32\svchost.exe[1508] C:\Windows\system32\kernel32.dll!MoveFileWithProgressW + 1 0000000077aaf511 11 bytes [B8, B9, DC, 3D, 76, 00, 00, ...] .text C:\Windows\system32\svchost.exe[1508] C:\Windows\system32\kernel32.dll!MoveFileWithProgressA + 1 0000000077aaf711 11 bytes [B8, 39, D9, 3D, 76, 00, 00, ...] .text C:\Windows\system32\svchost.exe[1508] C:\Windows\system32\kernel32.dll!MoveFileExA + 1 0000000077aaf741 8 bytes [B8, 39, D2, 3D, 76, 00, 00, ...] .text C:\Windows\system32\svchost.exe[1508] C:\Windows\system32\kernel32.dll!MoveFileExA + 10 0000000077aaf74a 2 bytes [50, C3] .text C:\Windows\system32\svchost.exe[1508] C:\Windows\system32\KERNELBASE.dll!CloseHandle + 1 000007fefdc51861 11 bytes [B8, 79, 52, 3D, 76, 00, 00, ...] .text C:\Windows\system32\svchost.exe[1508] C:\Windows\system32\KERNELBASE.dll!GetProcAddress + 1 000007fefdc530f1 11 bytes [B8, 39, B6, 3D, 76, 00, 00, ...] .text C:\Windows\system32\svchost.exe[1508] C:\Windows\system32\KERNELBASE.dll!FindFirstFileExW 000007fefdc55200 12 bytes [48, B8, F9, E1, 3D, 76, 00, ...] .text C:\Windows\system32\svchost.exe[1508] C:\Windows\system32\KERNELBASE.dll!FindNextFileW + 1 000007fefdc55b91 11 bytes [B8, B9, E3, 3D, 76, 00, 00, ...] .text C:\Windows\system32\svchost.exe[1508] C:\Windows\system32\KERNELBASE.dll!CreateMutexW 000007fefdc58c00 12 bytes [48, B8, B9, 50, 3D, 76, 00, ...] .text C:\Windows\system32\svchost.exe[1508] C:\Windows\system32\KERNELBASE.dll!CreateWellKnownSid + 1 000007fefdc59531 11 bytes [B8, F9, FD, 3D, 76, 00, 00, ...] .text C:\Windows\system32\svchost.exe[1508] C:\Windows\system32\KERNELBASE.dll!DeviceIoControl + 1 000007fefdc59e71 11 bytes [B8, 39, E0, 3D, 76, 00, 00, ...] .text C:\Windows\system32\svchost.exe[1508] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExA + 1 000007fefdc5b591 11 bytes [B8, F9, B0, 3D, 76, 00, 00, ...] .text C:\Windows\system32\svchost.exe[1508] C:\Windows\system32\KERNELBASE.dll!OpenMutexW + 1 000007fefdc62361 11 bytes [B8, F9, 4E, 3D, 76, 00, 00, ...] .text C:\Windows\system32\svchost.exe[1508] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefdc6a590 12 bytes [48, B8, B9, B2, 3D, 76, 00, ...] .text C:\Windows\system32\svchost.exe[1508] C:\Windows\system32\KERNELBASE.dll!FreeLibrary + 1 000007fefdc6ac01 11 bytes [B8, 79, B4, 3D, 76, 00, 00, ...] .text C:\Windows\system32\svchost.exe[1508] C:\Windows\system32\KERNELBASE.dll!WriteProcessMemory 000007fefdc842e0 12 bytes [48, B8, B9, 42, 3D, 76, 00, ...] .text C:\Windows\system32\svchost.exe[1508] C:\Windows\system32\KERNELBASE.dll!DefineDosDeviceW + 1 000007fefdc90ba1 11 bytes [B8, B9, CE, 3D, 76, 00, 00, ...] .text C:\Windows\system32\svchost.exe[1508] C:\Windows\system32\KERNELBASE.dll!CreateRemoteThread + 1 000007fefdc92801 8 bytes [B8, 39, 23, 3D, 76, 00, 00, ...] .text C:\Windows\system32\svchost.exe[1508] C:\Windows\system32\KERNELBASE.dll!CreateRemoteThread + 10 000007fefdc9280a 2 bytes [50, C3] .text C:\Windows\system32\svchost.exe[1508] C:\Windows\system32\KERNELBASE.dll!CreateThread + 1 000007fefdc92841 11 bytes [B8, F9, 40, 3D, 76, 00, 00, ...] .text C:\Windows\system32\svchost.exe[1508] C:\Windows\SYSTEM32\sechost.dll!ControlService + 1 000007feff6f642d 11 bytes [B8, 39, 5B, 3D, 76, 00, 00, ...] .text C:\Windows\system32\svchost.exe[1508] C:\Windows\SYSTEM32\sechost.dll!OpenServiceW 000007feff6f6484 12 bytes [48, B8, F9, 55, 3D, 76, 00, ...] .text C:\Windows\system32\svchost.exe[1508] C:\Windows\SYSTEM32\sechost.dll!CloseServiceHandle + 1 000007feff6f6519 11 bytes [B8, 39, 62, 3D, 76, 00, 00, ...] .text C:\Windows\system32\svchost.exe[1508] C:\Windows\SYSTEM32\sechost.dll!OpenServiceA 000007feff6f6c34 12 bytes [48, B8, 39, 54, 3D, 76, 00, ...] .text C:\Windows\system32\svchost.exe[1508] C:\Windows\SYSTEM32\sechost.dll!DeleteService + 1 000007feff6f7ab5 11 bytes [B8, F9, 5C, 3D, 76, 00, 00, ...] .text C:\Windows\system32\svchost.exe[1508] C:\Windows\SYSTEM32\sechost.dll!ControlServiceExA + 1 000007feff6f8b01 11 bytes [B8, B9, 57, 3D, 76, 00, 00, ...] .text C:\Windows\system32\svchost.exe[1508] C:\Windows\SYSTEM32\sechost.dll!ControlServiceExW + 1 000007feff6f8c39 11 bytes [B8, 79, 59, 3D, 76, 00, 00, ...] .text C:\Windows\system32\svchost.exe[1508] C:\Windows\system32\ADVAPI32.dll!CryptExportKey + 1 000007fefdcfaeb1 11 bytes [B8, F9, F6, 3D, 76, 00, 00, ...] .text C:\Windows\system32\svchost.exe[1508] C:\Windows\system32\ADVAPI32.dll!CryptAcquireContextA + 1 000007fefdcfaf11 11 bytes [B8, 79, E5, 3D, 76, 00, 00, ...] .text C:\Windows\system32\svchost.exe[1508] C:\Windows\system32\ADVAPI32.dll!CryptImportKey + 1 000007fefdcfe719 11 bytes [B8, 39, FC, 3D, 76, 00, 00, ...] .text C:\Windows\system32\svchost.exe[1508] C:\Windows\system32\ADVAPI32.dll!CryptAcquireContextW + 1 000007fefdd0051d 11 bytes [B8, 39, E7, 3D, 76, 00, 00, ...] .text C:\Windows\system32\svchost.exe[1508] C:\Windows\system32\ADVAPI32.dll!CryptCreateHash + 1 000007fefdd00609 11 bytes [B8, 39, F5, 3D, 76, 00, 00, ...] .text C:\Windows\system32\svchost.exe[1508] C:\Windows\system32\ADVAPI32.dll!CryptGetHashParam + 1 000007fefdd00641 11 bytes [B8, B9, F8, 3D, 76, 00, 00, ...] .text C:\Windows\system32\svchost.exe[1508] C:\Windows\system32\ADVAPI32.dll!CryptGetHashParam + 73 000007fefdd00689 5 bytes [B8, 79, FA, 3D, 76] .text ... * 2 .text C:\Windows\system32\svchost.exe[1508] C:\Windows\system32\ADVAPI32.dll!IsTextUnicode + 49 000007fefdd14ea1 11 bytes [B8, B9, 14, 3E, 76, 00, 00, ...] .text C:\Windows\system32\svchost.exe[1508] C:\Windows\system32\ADVAPI32.dll!CreateServiceW 000007fefdd155c8 12 bytes [48, B8, B9, 6C, 3D, 76, 00, ...] .text C:\Windows\system32\svchost.exe[1508] C:\Windows\system32\ADVAPI32.dll!CryptEncrypt + 1 000007fefdd2b7d1 7 bytes [B8, B9, EA, 3D, 76, 00, 00] .text C:\Windows\system32\svchost.exe[1508] C:\Windows\system32\ADVAPI32.dll!CryptEncrypt + 10 000007fefdd2b7da 2 bytes [50, C3] .text C:\Windows\system32\svchost.exe[1508] C:\Windows\system32\ADVAPI32.dll!CreateServiceA 000007fefdd2b85c 12 bytes [48, B8, F9, 6A, 3D, 76, 00, ...] .text C:\Windows\system32\svchost.exe[1508] C:\Windows\system32\ADVAPI32.dll!ChangeServiceConfigW 000007fefdd2b9d0 12 bytes [48, B8, 79, 60, 3D, 76, 00, ...] .text C:\Windows\system32\svchost.exe[1508] C:\Windows\system32\ADVAPI32.dll!ChangeServiceConfigA 000007fefdd2ba3c 12 bytes [48, B8, B9, 5E, 3D, 76, 00, ...] .text C:\Windows\system32\svchost.exe[1508] C:\Windows\system32\WS2_32.dll!WSASend + 1 000007feff1b13b1 11 bytes [B8, B9, AB, 3D, 76, 00, 00, ...] .text C:\Windows\system32\svchost.exe[1508] C:\Windows\system32\WS2_32.dll!closesocket 000007feff1b18e0 12 bytes [48, B8, F9, A9, 3D, 76, 00, ...] .text C:\Windows\system32\svchost.exe[1508] C:\Windows\system32\WS2_32.dll!WSASocketW + 1 000007feff1b1bd1 11 bytes [B8, 39, A8, 3D, 76, 00, 00, ...] .text C:\Windows\system32\svchost.exe[1508] C:\Windows\system32\WS2_32.dll!WSARecv + 1 000007feff1b2201 11 bytes [B8, 79, F3, 3D, 76, 00, 00, ...] .text C:\Windows\system32\svchost.exe[1508] C:\Windows\system32\WS2_32.dll!GetAddrInfoW 000007feff1b23c0 12 bytes [48, B8, 39, 8C, 3D, 76, 00, ...] .text C:\Windows\system32\svchost.exe[1508] C:\Windows\system32\WS2_32.dll!connect 000007feff1b45c0 12 bytes [48, B8, 79, 67, 3D, 76, 00, ...] .text C:\Windows\system32\svchost.exe[1508] C:\Windows\system32\WS2_32.dll!send + 1 000007feff1b8001 11 bytes [B8, 79, A6, 3D, 76, 00, 00, ...] .text C:\Windows\system32\svchost.exe[1508] C:\Windows\system32\WS2_32.dll!gethostbyname 000007feff1b8df0 7 bytes [48, B8, B9, 8F, 3D, 76, 00] .text C:\Windows\system32\svchost.exe[1508] C:\Windows\system32\WS2_32.dll!gethostbyname + 9 000007feff1b8df9 3 bytes [00, 50, C3] .text C:\Windows\system32\svchost.exe[1508] C:\Windows\system32\WS2_32.dll!GetAddrInfoExW 000007feff1bc090 12 bytes [48, B8, F9, 8D, 3D, 76, 00, ...] .text C:\Windows\system32\svchost.exe[1508] C:\Windows\system32\WS2_32.dll!socket + 1 000007feff1bde91 11 bytes [B8, 79, EC, 3D, 76, 00, 00, ...] .text C:\Windows\system32\svchost.exe[1508] C:\Windows\system32\WS2_32.dll!recv + 1 000007feff1bdf41 11 bytes [B8, B9, F1, 3D, 76, 00, 00, ...] .text C:\Windows\system32\svchost.exe[1508] C:\Windows\system32\WS2_32.dll!WSAConnect + 1 000007feff1de0f1 11 bytes [B8, F9, EF, 3D, 76, 00, 00, ...] .text C:\Windows\system32\svchost.exe[1508] C:\Windows\system32\SHELL32.dll!Shell_NotifyIconW + 1 000007fefe03dd61 11 bytes [B8, 79, 8A, 3D, 76, 00, 00, ...] .text C:\Windows\system32\svchost.exe[1508] C:\Windows\system32\DNSAPI.dll!DnsQuery_UTF8 000007fefcc256e0 12 bytes [48, B8, 39, CB, 3D, 76, 00, ...] .text C:\Windows\system32\svchost.exe[1508] C:\Windows\system32\DNSAPI.dll!DnsQuery_W 000007fefcc3010c 12 bytes [48, B8, 79, C9, 3D, 76, 00, ...] .text C:\Windows\system32\svchost.exe[1508] C:\Windows\system32\DNSAPI.dll!DnsQuery_A 000007fefcc4daa0 12 bytes [48, B8, B9, C7, 3D, 76, 00, ...] .text C:\Windows\system32\svchost.exe[1508] C:\Windows\system32\WINHTTP.dll!WinHttpCloseHandle 000007fefb2f22e0 12 bytes [48, B8, F9, A2, 3D, 76, 00, ...] .text C:\Windows\system32\svchost.exe[1508] C:\Windows\system32\WINHTTP.dll!WinHttpOpenRequest 000007fefb2f45f8 12 bytes [48, B8, 39, A1, 3D, 76, 00, ...] .text C:\Windows\system32\svchost.exe[1508] C:\Windows\system32\WINHTTP.dll!WinHttpConnect 000007fefb303e3c 12 bytes [48, B8, B9, A4, 3D, 76, 00, ...] .text C:\Windows\system32\svchost.exe[1656] C:\Windows\system32\KERNELBASE.dll!CloseHandle + 1 000007fefdc51861 11 bytes [B8, 79, 52, 3D, 76, 00, 00, ...] .text C:\Windows\system32\svchost.exe[1656] C:\Windows\system32\KERNELBASE.dll!GetProcAddress + 1 000007fefdc530f1 11 bytes [B8, 39, B6, 3D, 76, 00, 00, ...] .text C:\Windows\system32\svchost.exe[1656] C:\Windows\system32\KERNELBASE.dll!FindFirstFileExW 000007fefdc55200 12 bytes [48, B8, F9, E1, 3D, 76, 00, ...] .text C:\Windows\system32\svchost.exe[1656] C:\Windows\system32\KERNELBASE.dll!FindNextFileW + 1 000007fefdc55b91 11 bytes [B8, B9, E3, 3D, 76, 00, 00, ...] .text C:\Windows\system32\svchost.exe[1656] C:\Windows\system32\KERNELBASE.dll!CreateMutexW 000007fefdc58c00 12 bytes [48, B8, B9, 50, 3D, 76, 00, ...] .text C:\Windows\system32\svchost.exe[1656] C:\Windows\system32\KERNELBASE.dll!CreateWellKnownSid + 1 000007fefdc59531 11 bytes [B8, F9, FD, 3D, 76, 00, 00, ...] .text C:\Windows\system32\svchost.exe[1656] C:\Windows\system32\KERNELBASE.dll!DeviceIoControl + 1 000007fefdc59e71 11 bytes [B8, 39, E0, 3D, 76, 00, 00, ...] .text C:\Windows\system32\svchost.exe[1656] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExA + 1 000007fefdc5b591 11 bytes [B8, F9, B0, 3D, 76, 00, 00, ...] .text C:\Windows\system32\svchost.exe[1656] C:\Windows\system32\KERNELBASE.dll!OpenMutexW + 1 000007fefdc62361 11 bytes [B8, F9, 4E, 3D, 76, 00, 00, ...] .text C:\Windows\system32\svchost.exe[1656] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefdc6a590 12 bytes [48, B8, B9, B2, 3D, 76, 00, ...] .text C:\Windows\system32\svchost.exe[1656] C:\Windows\system32\KERNELBASE.dll!FreeLibrary + 1 000007fefdc6ac01 11 bytes [B8, 79, B4, 3D, 76, 00, 00, ...] .text C:\Windows\system32\svchost.exe[1656] C:\Windows\system32\KERNELBASE.dll!WriteProcessMemory 000007fefdc842e0 12 bytes [48, B8, B9, 42, 3D, 76, 00, ...] .text C:\Windows\system32\svchost.exe[1656] C:\Windows\system32\KERNELBASE.dll!DefineDosDeviceW + 1 000007fefdc90ba1 11 bytes [B8, B9, CE, 3D, 76, 00, 00, ...] .text C:\Windows\system32\svchost.exe[1656] C:\Windows\system32\KERNELBASE.dll!CreateRemoteThread + 1 000007fefdc92801 8 bytes [B8, 39, 23, 3D, 76, 00, 00, ...] .text C:\Windows\system32\svchost.exe[1656] C:\Windows\system32\KERNELBASE.dll!CreateRemoteThread + 10 000007fefdc9280a 2 bytes [50, C3] .text C:\Windows\system32\svchost.exe[1656] C:\Windows\system32\KERNELBASE.dll!CreateThread + 1 000007fefdc92841 11 bytes [B8, F9, 40, 3D, 76, 00, 00, ...] .text C:\Windows\system32\svchost.exe[1656] C:\Windows\SYSTEM32\sechost.dll!ControlService + 1 000007feff6f642d 11 bytes [B8, 39, 5B, 3D, 76, 00, 00, ...] .text C:\Windows\system32\svchost.exe[1656] C:\Windows\SYSTEM32\sechost.dll!OpenServiceW 000007feff6f6484 12 bytes [48, B8, F9, 55, 3D, 76, 00, ...] .text C:\Windows\system32\svchost.exe[1656] C:\Windows\SYSTEM32\sechost.dll!CloseServiceHandle + 1 000007feff6f6519 11 bytes [B8, 39, 62, 3D, 76, 00, 00, ...] .text C:\Windows\system32\svchost.exe[1656] C:\Windows\SYSTEM32\sechost.dll!OpenServiceA 000007feff6f6c34 12 bytes [48, B8, 39, 54, 3D, 76, 00, ...] .text C:\Windows\system32\svchost.exe[1656] C:\Windows\SYSTEM32\sechost.dll!DeleteService + 1 000007feff6f7ab5 11 bytes [B8, F9, 5C, 3D, 76, 00, 00, ...] .text C:\Windows\system32\svchost.exe[1656] C:\Windows\SYSTEM32\sechost.dll!ControlServiceExA + 1 000007feff6f8b01 11 bytes [B8, B9, 57, 3D, 76, 00, 00, ...] .text C:\Windows\system32\svchost.exe[1656] C:\Windows\SYSTEM32\sechost.dll!ControlServiceExW + 1 000007feff6f8c39 11 bytes [B8, 79, 59, 3D, 76, 00, 00, ...] .text C:\Windows\system32\atieclxx.exe[1780] C:\Windows\SYSTEM32\ntdll.dll!RtlEqualSid + 1 0000000077b68611 11 bytes [B8, F9, 04, 3E, 76, 00, 00, ...] .text C:\Windows\system32\atieclxx.exe[1780] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateProcessParametersEx + 1 0000000077b76741 7 bytes [B8, 39, 69, 3D, 76, 00, 00] .text C:\Windows\system32\atieclxx.exe[1780] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateProcessParametersEx + 10 0000000077b7674a 2 bytes [50, C3] .text C:\Windows\system32\atieclxx.exe[1780] C:\Windows\SYSTEM32\ntdll.dll!NtWriteFile 0000000077b8dc50 6 bytes [48, B8, F9, 12, 3E, 76] .text C:\Windows\system32\atieclxx.exe[1780] C:\Windows\SYSTEM32\ntdll.dll!NtWriteFile + 8 0000000077b8dc58 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\atieclxx.exe[1780] C:\Windows\SYSTEM32\ntdll.dll!NtClose 0000000077b8dcc0 6 bytes [48, B8, 79, C2, 3D, 76] .text C:\Windows\system32\atieclxx.exe[1780] C:\Windows\SYSTEM32\ntdll.dll!NtClose + 8 0000000077b8dcc8 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\atieclxx.exe[1780] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess 0000000077b8dd90 6 bytes [48, B8, 39, AF, 3D, 76] .text C:\Windows\system32\atieclxx.exe[1780] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess + 8 0000000077b8dd98 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\atieclxx.exe[1780] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationToken 0000000077b8dde0 6 bytes [48, B8, 39, 03, 3E, 76] .text C:\Windows\system32\atieclxx.exe[1780] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationToken + 8 0000000077b8dde8 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\atieclxx.exe[1780] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077b8de30 6 bytes [48, B8, F9, 32, 3D, 76] .text C:\Windows\system32\atieclxx.exe[1780] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess + 8 0000000077b8de38 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\atieclxx.exe[1780] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 0000000077b8de50 6 bytes [48, B8, 39, 1C, 3D, 76] .text C:\Windows\system32\atieclxx.exe[1780] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection + 8 0000000077b8de58 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\atieclxx.exe[1780] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection 0000000077b8de70 6 bytes [48, B8, F9, 1D, 3D, 76] .text C:\Windows\system32\atieclxx.exe[1780] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection + 8 0000000077b8de78 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\atieclxx.exe[1780] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077b8de90 6 bytes [48, B8, 79, AD, 3D, 76] .text C:\Windows\system32\atieclxx.exe[1780] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess + 8 0000000077b8de98 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\atieclxx.exe[1780] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077b8df40 6 bytes [48, B8, 39, 11, 3E, 76] .text C:\Windows\system32\atieclxx.exe[1780] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection + 8 0000000077b8df48 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\atieclxx.exe[1780] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077b8df70 6 bytes [48, B8, 79, 2F, 3D, 76] .text C:\Windows\system32\atieclxx.exe[1780] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory + 8 0000000077b8df78 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\atieclxx.exe[1780] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077b8df90 6 bytes [48, B8, 79, 36, 3D, 76] .text C:\Windows\system32\atieclxx.exe[1780] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject + 8 0000000077b8df98 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\atieclxx.exe[1780] C:\Windows\SYSTEM32\ntdll.dll!NtAdjustPrivilegesToken 0000000077b8dfe0 6 bytes [48, B8, 79, DE, 3D, 76] .text C:\Windows\system32\atieclxx.exe[1780] C:\Windows\SYSTEM32\ntdll.dll!NtAdjustPrivilegesToken + 8 0000000077b8dfe8 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\atieclxx.exe[1780] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 0000000077b8e020 6 bytes [48, B8, B9, 34, 3D, 76] .text C:\Windows\system32\atieclxx.exe[1780] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread + 8 0000000077b8e028 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\atieclxx.exe[1780] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077b8e070 6 bytes [48, B8, B9, 14, 3E, 76] .text C:\Windows\system32\atieclxx.exe[1780] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection + 8 0000000077b8e078 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\atieclxx.exe[1780] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcessEx 0000000077b8e0a0 6 bytes [48, B8, 39, 2A, 3D, 76] .text C:\Windows\system32\atieclxx.exe[1780] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcessEx + 8 0000000077b8e0a8 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\atieclxx.exe[1780] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077b8e0b0 6 bytes [48, B8, B9, 26, 3D, 76] .text C:\Windows\system32\atieclxx.exe[1780] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread + 8 0000000077b8e0b8 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\atieclxx.exe[1780] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 0000000077b8e120 6 bytes [48, B8, 39, E0, 3D, 76] .text C:\Windows\system32\atieclxx.exe[1780] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile + 8 0000000077b8e128 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\atieclxx.exe[1780] C:\Windows\SYSTEM32\ntdll.dll!NtSetValueKey 0000000077b8e1d0 6 bytes [48, B8, 39, 18, 3E, 76] .text C:\Windows\system32\atieclxx.exe[1780] C:\Windows\SYSTEM32\ntdll.dll!NtSetValueKey + 8 0000000077b8e1d8 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\atieclxx.exe[1780] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077b8e5a0 6 bytes [48, B8, 79, 0F, 3E, 76] .text C:\Windows\system32\atieclxx.exe[1780] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant + 8 0000000077b8e5a8 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\atieclxx.exe[1780] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcess 0000000077b8e5f0 6 bytes [48, B8, 79, 28, 3D, 76] .text C:\Windows\system32\atieclxx.exe[1780] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcess + 8 0000000077b8e5f8 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\atieclxx.exe[1780] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077b8e650 6 bytes [48, B8, F9, 24, 3D, 76] .text C:\Windows\system32\atieclxx.exe[1780] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx + 8 0000000077b8e658 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\atieclxx.exe[1780] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077b8e9c0 6 bytes [48, B8, 39, C4, 3D, 76] .text C:\Windows\system32\atieclxx.exe[1780] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver + 8 0000000077b8e9c8 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\atieclxx.exe[1780] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcessToken 0000000077b8eb90 6 bytes [48, B8, 79, 01, 3E, 76] .text C:\Windows\system32\atieclxx.exe[1780] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcessToken + 8 0000000077b8eb98 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\atieclxx.exe[1780] C:\Windows\SYSTEM32\ntdll.dll!NtRaiseHardError 0000000077b8ef00 6 bytes [48, B8, 79, 83, 3D, 76] .text C:\Windows\system32\atieclxx.exe[1780] C:\Windows\SYSTEM32\ntdll.dll!NtRaiseHardError + 8 0000000077b8ef08 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\atieclxx.exe[1780] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077b8f100 6 bytes [48, B8, 39, 31, 3D, 76] .text C:\Windows\system32\atieclxx.exe[1780] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread + 8 0000000077b8f108 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\atieclxx.exe[1780] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077b8f2c0 6 bytes [48, B8, F9, C5, 3D, 76] .text C:\Windows\system32\atieclxx.exe[1780] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation + 8 0000000077b8f2c8 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\atieclxx.exe[1780] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077b8f3a0 6 bytes [48, B8, 79, 3D, 3D, 76] .text C:\Windows\system32\atieclxx.exe[1780] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess + 8 0000000077b8f3a8 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\atieclxx.exe[1780] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077b8f3b0 6 bytes [48, B8, B9, 3B, 3D, 76] .text C:\Windows\system32\atieclxx.exe[1780] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread + 8 0000000077b8f3b8 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\atieclxx.exe[1780] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077b8f3c0 6 bytes [48, B8, 79, 16, 3E, 76] .text C:\Windows\system32\atieclxx.exe[1780] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl + 8 0000000077b8f3c8 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\atieclxx.exe[1780] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077b8f4a0 6 bytes [48, B8, 39, 0A, 3E, 76] .text C:\Windows\system32\atieclxx.exe[1780] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl + 8 0000000077b8f4a8 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\atieclxx.exe[1780] C:\Windows\SYSTEM32\ntdll.dll!RtlReportException + 1 0000000077bfea21 11 bytes [B8, 39, 85, 3D, 76, 00, 00, ...] .text C:\Windows\system32\atieclxx.exe[1780] C:\Windows\system32\KERNELBASE.dll!CloseHandle + 1 000007fefdc51861 11 bytes [B8, 79, 52, 3D, 76, 00, 00, ...] .text C:\Windows\system32\atieclxx.exe[1780] C:\Windows\system32\KERNELBASE.dll!GetProcAddress + 1 000007fefdc530f1 11 bytes [B8, 39, B6, 3D, 76, 00, 00, ...] .text C:\Windows\system32\atieclxx.exe[1780] C:\Windows\system32\KERNELBASE.dll!FindFirstFileExW 000007fefdc55200 12 bytes [48, B8, B9, E3, 3D, 76, 00, ...] .text C:\Windows\system32\atieclxx.exe[1780] C:\Windows\system32\KERNELBASE.dll!FindNextFileW + 1 000007fefdc55b91 11 bytes [B8, 79, E5, 3D, 76, 00, 00, ...] .text C:\Windows\system32\atieclxx.exe[1780] C:\Windows\system32\KERNELBASE.dll!CreateMutexW 000007fefdc58c00 12 bytes [48, B8, B9, 50, 3D, 76, 00, ...] .text C:\Windows\system32\atieclxx.exe[1780] C:\Windows\system32\KERNELBASE.dll!CreateWellKnownSid + 1 000007fefdc59531 11 bytes [B8, B9, FF, 3D, 76, 00, 00, ...] .text C:\Windows\system32\atieclxx.exe[1780] C:\Windows\system32\KERNELBASE.dll!DeviceIoControl + 1 000007fefdc59e71 11 bytes [B8, F9, E1, 3D, 76, 00, 00, ...] .text C:\Windows\system32\atieclxx.exe[1780] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExA + 1 000007fefdc5b591 11 bytes [B8, F9, B0, 3D, 76, 00, 00, ...] .text C:\Windows\system32\atieclxx.exe[1780] C:\Windows\system32\KERNELBASE.dll!OpenMutexW + 1 000007fefdc62361 11 bytes [B8, F9, 4E, 3D, 76, 00, 00, ...] .text C:\Windows\system32\atieclxx.exe[1780] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefdc6a590 12 bytes [48, B8, B9, B2, 3D, 76, 00, ...] .text C:\Windows\system32\atieclxx.exe[1780] C:\Windows\system32\KERNELBASE.dll!FreeLibrary + 1 000007fefdc6ac01 11 bytes [B8, 79, B4, 3D, 76, 00, 00, ...] .text C:\Windows\system32\atieclxx.exe[1780] C:\Windows\system32\KERNELBASE.dll!WriteProcessMemory 000007fefdc842e0 12 bytes [48, B8, B9, 42, 3D, 76, 00, ...] .text C:\Windows\system32\atieclxx.exe[1780] C:\Windows\system32\KERNELBASE.dll!DefineDosDeviceW + 1 000007fefdc90ba1 11 bytes [B8, B9, CE, 3D, 76, 00, 00, ...] .text C:\Windows\system32\atieclxx.exe[1780] C:\Windows\system32\KERNELBASE.dll!CreateRemoteThread + 1 000007fefdc92801 8 bytes [B8, 39, 23, 3D, 76, 00, 00, ...] .text C:\Windows\system32\atieclxx.exe[1780] C:\Windows\system32\KERNELBASE.dll!CreateRemoteThread + 10 000007fefdc9280a 2 bytes [50, C3] .text C:\Windows\system32\atieclxx.exe[1780] C:\Windows\system32\KERNELBASE.dll!CreateThread + 1 000007fefdc92841 11 bytes [B8, F9, 40, 3D, 76, 00, 00, ...] .text C:\Windows\system32\atieclxx.exe[1780] C:\Windows\system32\WS2_32.dll!WSASend + 1 000007feff1b13b1 11 bytes [B8, B9, AB, 3D, 76, 00, 00, ...] .text C:\Windows\system32\atieclxx.exe[1780] C:\Windows\system32\WS2_32.dll!closesocket 000007feff1b18e0 12 bytes [48, B8, F9, A9, 3D, 76, 00, ...] .text C:\Windows\system32\atieclxx.exe[1780] C:\Windows\system32\WS2_32.dll!WSASocketW + 1 000007feff1b1bd1 11 bytes [B8, 39, A8, 3D, 76, 00, 00, ...] .text C:\Windows\system32\atieclxx.exe[1780] C:\Windows\system32\WS2_32.dll!WSARecv + 1 000007feff1b2201 11 bytes [B8, 39, F5, 3D, 76, 00, 00, ...] .text C:\Windows\system32\atieclxx.exe[1780] C:\Windows\system32\WS2_32.dll!GetAddrInfoW 000007feff1b23c0 12 bytes [48, B8, 39, 8C, 3D, 76, 00, ...] .text C:\Windows\system32\atieclxx.exe[1780] C:\Windows\system32\WS2_32.dll!connect 000007feff1b45c0 12 bytes [48, B8, 79, 67, 3D, 76, 00, ...] .text C:\Windows\system32\atieclxx.exe[1780] C:\Windows\system32\WS2_32.dll!send + 1 000007feff1b8001 11 bytes [B8, 79, A6, 3D, 76, 00, 00, ...] .text C:\Windows\system32\atieclxx.exe[1780] C:\Windows\system32\WS2_32.dll!gethostbyname 000007feff1b8df0 7 bytes [48, B8, B9, 8F, 3D, 76, 00] .text C:\Windows\system32\atieclxx.exe[1780] C:\Windows\system32\WS2_32.dll!gethostbyname + 9 000007feff1b8df9 3 bytes [00, 50, C3] .text C:\Windows\system32\atieclxx.exe[1780] C:\Windows\system32\WS2_32.dll!GetAddrInfoExW 000007feff1bc090 12 bytes [48, B8, F9, 8D, 3D, 76, 00, ...] .text C:\Windows\system32\atieclxx.exe[1780] C:\Windows\system32\WS2_32.dll!socket + 1 000007feff1bde91 11 bytes [B8, 39, EE, 3D, 76, 00, 00, ...] .text C:\Windows\system32\atieclxx.exe[1780] C:\Windows\system32\WS2_32.dll!recv + 1 000007feff1bdf41 11 bytes [B8, 79, F3, 3D, 76, 00, 00, ...] .text C:\Windows\system32\atieclxx.exe[1780] C:\Windows\system32\WS2_32.dll!WSAConnect + 1 000007feff1de0f1 11 bytes [B8, B9, F1, 3D, 76, 00, 00, ...] .text C:\Windows\system32\svchost.exe[1868] C:\Windows\SYSTEM32\ntdll.dll!RtlEqualSid + 1 0000000077b68611 11 bytes [B8, 39, 03, 3E, 76, 00, 00, ...] .text C:\Windows\system32\svchost.exe[1868] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateProcessParametersEx + 1 0000000077b76741 7 bytes [B8, 39, 69, 3D, 76, 00, 00] .text C:\Windows\system32\svchost.exe[1868] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateProcessParametersEx + 10 0000000077b7674a 2 bytes [50, C3] .text C:\Windows\system32\svchost.exe[1868] C:\Windows\SYSTEM32\ntdll.dll!NtWriteFile 0000000077b8dc50 6 bytes [48, B8, F9, 0B, 3E, 76] .text C:\Windows\system32\svchost.exe[1868] C:\Windows\SYSTEM32\ntdll.dll!NtWriteFile + 8 0000000077b8dc58 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\svchost.exe[1868] C:\Windows\SYSTEM32\ntdll.dll!NtClose 0000000077b8dcc0 6 bytes [48, B8, 79, C2, 3D, 76] .text C:\Windows\system32\svchost.exe[1868] C:\Windows\SYSTEM32\ntdll.dll!NtClose + 8 0000000077b8dcc8 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\svchost.exe[1868] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess 0000000077b8dd90 6 bytes [48, B8, 39, AF, 3D, 76] .text C:\Windows\system32\svchost.exe[1868] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess + 8 0000000077b8dd98 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\svchost.exe[1868] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationToken 0000000077b8dde0 6 bytes [48, B8, 79, 01, 3E, 76] .text C:\Windows\system32\svchost.exe[1868] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationToken + 8 0000000077b8dde8 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\svchost.exe[1868] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077b8de30 6 bytes [48, B8, F9, 32, 3D, 76] .text C:\Windows\system32\svchost.exe[1868] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess + 8 0000000077b8de38 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\svchost.exe[1868] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 0000000077b8de50 6 bytes [48, B8, 39, 1C, 3D, 76] .text C:\Windows\system32\svchost.exe[1868] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection + 8 0000000077b8de58 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\svchost.exe[1868] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection 0000000077b8de70 6 bytes [48, B8, F9, 1D, 3D, 76] .text C:\Windows\system32\svchost.exe[1868] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection + 8 0000000077b8de78 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\svchost.exe[1868] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077b8de90 6 bytes [48, B8, 79, AD, 3D, 76] .text C:\Windows\system32\svchost.exe[1868] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess + 8 0000000077b8de98 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\svchost.exe[1868] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077b8df40 6 bytes [48, B8, 39, 0A, 3E, 76] .text C:\Windows\system32\svchost.exe[1868] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection + 8 0000000077b8df48 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\svchost.exe[1868] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077b8df70 6 bytes [48, B8, 79, 2F, 3D, 76] .text C:\Windows\system32\svchost.exe[1868] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory + 8 0000000077b8df78 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\svchost.exe[1868] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077b8df90 6 bytes [48, B8, 79, 36, 3D, 76] .text C:\Windows\system32\svchost.exe[1868] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject + 8 0000000077b8df98 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\svchost.exe[1868] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 0000000077b8e020 6 bytes [48, B8, B9, 34, 3D, 76] .text C:\Windows\system32\svchost.exe[1868] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread + 8 0000000077b8e028 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\svchost.exe[1868] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077b8e070 6 bytes [48, B8, B9, 0D, 3E, 76] .text C:\Windows\system32\svchost.exe[1868] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection + 8 0000000077b8e078 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\svchost.exe[1868] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcessEx 0000000077b8e0a0 6 bytes [48, B8, 39, 2A, 3D, 76] .text C:\Windows\system32\svchost.exe[1868] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcessEx + 8 0000000077b8e0a8 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\svchost.exe[1868] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077b8e0b0 6 bytes [48, B8, B9, 26, 3D, 76] .text C:\Windows\system32\svchost.exe[1868] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread + 8 0000000077b8e0b8 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\svchost.exe[1868] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 0000000077b8e120 6 bytes [48, B8, 79, DE, 3D, 76] .text C:\Windows\system32\svchost.exe[1868] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile + 8 0000000077b8e128 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\svchost.exe[1868] C:\Windows\SYSTEM32\ntdll.dll!NtSetValueKey 0000000077b8e1d0 6 bytes [48, B8, 39, 11, 3E, 76] .text C:\Windows\system32\svchost.exe[1868] C:\Windows\SYSTEM32\ntdll.dll!NtSetValueKey + 8 0000000077b8e1d8 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\svchost.exe[1868] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077b8e5a0 6 bytes [48, B8, 79, 08, 3E, 76] .text C:\Windows\system32\svchost.exe[1868] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant + 8 0000000077b8e5a8 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\svchost.exe[1868] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcess 0000000077b8e5f0 6 bytes [48, B8, 79, 28, 3D, 76] .text C:\Windows\system32\svchost.exe[1868] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcess + 8 0000000077b8e5f8 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\svchost.exe[1868] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077b8e650 6 bytes [48, B8, F9, 24, 3D, 76] .text C:\Windows\system32\svchost.exe[1868] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx + 8 0000000077b8e658 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\svchost.exe[1868] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077b8e9c0 6 bytes [48, B8, 39, C4, 3D, 76] .text C:\Windows\system32\svchost.exe[1868] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver + 8 0000000077b8e9c8 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\svchost.exe[1868] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcessToken 0000000077b8eb90 6 bytes [48, B8, B9, FF, 3D, 76] .text C:\Windows\system32\svchost.exe[1868] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcessToken + 8 0000000077b8eb98 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\svchost.exe[1868] C:\Windows\SYSTEM32\ntdll.dll!NtRaiseHardError 0000000077b8ef00 6 bytes [48, B8, 79, 83, 3D, 76] .text C:\Windows\system32\svchost.exe[1868] C:\Windows\SYSTEM32\ntdll.dll!NtRaiseHardError + 8 0000000077b8ef08 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\svchost.exe[1868] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077b8f100 6 bytes [48, B8, 39, 31, 3D, 76] .text C:\Windows\system32\svchost.exe[1868] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread + 8 0000000077b8f108 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\svchost.exe[1868] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077b8f2c0 6 bytes [48, B8, F9, C5, 3D, 76] .text C:\Windows\system32\svchost.exe[1868] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation + 8 0000000077b8f2c8 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\svchost.exe[1868] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077b8f3a0 6 bytes [48, B8, 79, 3D, 3D, 76] .text C:\Windows\system32\svchost.exe[1868] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess + 8 0000000077b8f3a8 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\svchost.exe[1868] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077b8f3b0 6 bytes [48, B8, B9, 3B, 3D, 76] .text C:\Windows\system32\svchost.exe[1868] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread + 8 0000000077b8f3b8 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\svchost.exe[1868] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077b8f3c0 6 bytes [48, B8, 79, 0F, 3E, 76] .text C:\Windows\system32\svchost.exe[1868] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl + 8 0000000077b8f3c8 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\svchost.exe[1868] C:\Windows\SYSTEM32\ntdll.dll!RtlReportException + 1 0000000077bfea21 11 bytes [B8, 39, 85, 3D, 76, 00, 00, ...] .text C:\Windows\system32\svchost.exe[1868] C:\Windows\system32\KERNELBASE.dll!CloseHandle + 1 000007fefdc51861 11 bytes [B8, 79, 52, 3D, 76, 00, 00, ...] .text C:\Windows\system32\svchost.exe[1868] C:\Windows\system32\KERNELBASE.dll!GetProcAddress + 1 000007fefdc530f1 11 bytes [B8, 39, B6, 3D, 76, 00, 00, ...] .text C:\Windows\system32\svchost.exe[1868] C:\Windows\system32\KERNELBASE.dll!FindFirstFileExW 000007fefdc55200 12 bytes [48, B8, F9, E1, 3D, 76, 00, ...] .text C:\Windows\system32\svchost.exe[1868] C:\Windows\system32\KERNELBASE.dll!FindNextFileW + 1 000007fefdc55b91 11 bytes [B8, B9, E3, 3D, 76, 00, 00, ...] .text C:\Windows\system32\svchost.exe[1868] C:\Windows\system32\KERNELBASE.dll!CreateMutexW 000007fefdc58c00 12 bytes [48, B8, B9, 50, 3D, 76, 00, ...] .text C:\Windows\system32\svchost.exe[1868] C:\Windows\system32\KERNELBASE.dll!CreateWellKnownSid + 1 000007fefdc59531 11 bytes [B8, F9, FD, 3D, 76, 00, 00, ...] .text C:\Windows\system32\svchost.exe[1868] C:\Windows\system32\KERNELBASE.dll!DeviceIoControl + 1 000007fefdc59e71 11 bytes [B8, 39, E0, 3D, 76, 00, 00, ...] .text C:\Windows\system32\svchost.exe[1868] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExA + 1 000007fefdc5b591 11 bytes [B8, F9, B0, 3D, 76, 00, 00, ...] .text C:\Windows\system32\svchost.exe[1868] C:\Windows\system32\KERNELBASE.dll!OpenMutexW + 1 000007fefdc62361 11 bytes [B8, F9, 4E, 3D, 76, 00, 00, ...] .text C:\Windows\system32\svchost.exe[1868] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefdc6a590 12 bytes [48, B8, B9, B2, 3D, 76, 00, ...] .text C:\Windows\system32\svchost.exe[1868] C:\Windows\system32\KERNELBASE.dll!FreeLibrary + 1 000007fefdc6ac01 11 bytes [B8, 79, B4, 3D, 76, 00, 00, ...] .text C:\Windows\system32\svchost.exe[1868] C:\Windows\system32\KERNELBASE.dll!WriteProcessMemory 000007fefdc842e0 12 bytes [48, B8, B9, 42, 3D, 76, 00, ...] .text C:\Windows\system32\svchost.exe[1868] C:\Windows\system32\KERNELBASE.dll!DefineDosDeviceW + 1 000007fefdc90ba1 11 bytes [B8, B9, CE, 3D, 76, 00, 00, ...] .text C:\Windows\system32\svchost.exe[1868] C:\Windows\system32\KERNELBASE.dll!CreateRemoteThread + 1 000007fefdc92801 8 bytes [B8, 39, 23, 3D, 76, 00, 00, ...] .text C:\Windows\system32\svchost.exe[1868] C:\Windows\system32\KERNELBASE.dll!CreateRemoteThread + 10 000007fefdc9280a 2 bytes [50, C3] .text C:\Windows\system32\svchost.exe[1868] C:\Windows\system32\KERNELBASE.dll!CreateThread + 1 000007fefdc92841 11 bytes [B8, F9, 40, 3D, 76, 00, 00, ...] .text C:\Windows\system32\svchost.exe[1868] C:\Windows\SYSTEM32\sechost.dll!ControlService + 1 000007feff6f642d 11 bytes [B8, 39, 5B, 3D, 76, 00, 00, ...] .text C:\Windows\system32\svchost.exe[1868] C:\Windows\SYSTEM32\sechost.dll!OpenServiceW 000007feff6f6484 12 bytes [48, B8, F9, 55, 3D, 76, 00, ...] .text C:\Windows\system32\svchost.exe[1868] C:\Windows\SYSTEM32\sechost.dll!CloseServiceHandle + 1 000007feff6f6519 11 bytes [B8, 39, 62, 3D, 76, 00, 00, ...] .text C:\Windows\system32\svchost.exe[1868] C:\Windows\SYSTEM32\sechost.dll!OpenServiceA 000007feff6f6c34 12 bytes [48, B8, 39, 54, 3D, 76, 00, ...] .text C:\Windows\system32\svchost.exe[1868] C:\Windows\SYSTEM32\sechost.dll!DeleteService + 1 000007feff6f7ab5 11 bytes [B8, F9, 5C, 3D, 76, 00, 00, ...] .text C:\Windows\system32\svchost.exe[1868] C:\Windows\SYSTEM32\sechost.dll!ControlServiceExA + 1 000007feff6f8b01 11 bytes [B8, B9, 57, 3D, 76, 00, 00, ...] .text C:\Windows\system32\svchost.exe[1868] C:\Windows\SYSTEM32\sechost.dll!ControlServiceExW + 1 000007feff6f8c39 11 bytes [B8, 79, 59, 3D, 76, 00, 00, ...] .text C:\Windows\system32\svchost.exe[1868] C:\Windows\system32\WS2_32.dll!WSASend + 1 000007feff1b13b1 11 bytes [B8, B9, AB, 3D, 76, 00, 00, ...] .text C:\Windows\system32\svchost.exe[1868] C:\Windows\system32\WS2_32.dll!closesocket 000007feff1b18e0 12 bytes [48, B8, F9, A9, 3D, 76, 00, ...] .text C:\Windows\system32\svchost.exe[1868] C:\Windows\system32\WS2_32.dll!WSASocketW + 1 000007feff1b1bd1 11 bytes [B8, 39, A8, 3D, 76, 00, 00, ...] .text C:\Windows\system32\svchost.exe[1868] C:\Windows\system32\WS2_32.dll!WSARecv + 1 000007feff1b2201 11 bytes [B8, 79, F3, 3D, 76, 00, 00, ...] .text C:\Windows\system32\svchost.exe[1868] C:\Windows\system32\WS2_32.dll!GetAddrInfoW 000007feff1b23c0 12 bytes [48, B8, 39, 8C, 3D, 76, 00, ...] .text C:\Windows\system32\svchost.exe[1868] C:\Windows\system32\WS2_32.dll!connect 000007feff1b45c0 12 bytes [48, B8, 79, 67, 3D, 76, 00, ...] .text C:\Windows\system32\svchost.exe[1868] C:\Windows\system32\WS2_32.dll!send + 1 000007feff1b8001 11 bytes [B8, 79, A6, 3D, 76, 00, 00, ...] .text C:\Windows\system32\svchost.exe[1868] C:\Windows\system32\WS2_32.dll!gethostbyname 000007feff1b8df0 7 bytes [48, B8, B9, 8F, 3D, 76, 00] .text C:\Windows\system32\svchost.exe[1868] C:\Windows\system32\WS2_32.dll!gethostbyname + 9 000007feff1b8df9 3 bytes [00, 50, C3] .text C:\Windows\system32\svchost.exe[1868] C:\Windows\system32\WS2_32.dll!GetAddrInfoExW 000007feff1bc090 12 bytes [48, B8, F9, 8D, 3D, 76, 00, ...] .text C:\Windows\system32\svchost.exe[1868] C:\Windows\system32\WS2_32.dll!socket + 1 000007feff1bde91 11 bytes [B8, 79, EC, 3D, 76, 00, 00, ...] .text C:\Windows\system32\svchost.exe[1868] C:\Windows\system32\WS2_32.dll!recv + 1 000007feff1bdf41 11 bytes [B8, B9, F1, 3D, 76, 00, 00, ...] .text C:\Windows\system32\svchost.exe[1868] C:\Windows\system32\WS2_32.dll!WSAConnect + 1 000007feff1de0f1 11 bytes [B8, F9, EF, 3D, 76, 00, 00, ...] .text C:\Windows\system32\svchost.exe[1868] c:\windows\system32\DNSAPI.dll!DnsQuery_UTF8 000007fefcc256e0 12 bytes [48, B8, 39, CB, 3D, 76, 00, ...] .text C:\Windows\system32\svchost.exe[1868] c:\windows\system32\DNSAPI.dll!DnsQuery_W 000007fefcc3010c 12 bytes [48, B8, 79, C9, 3D, 76, 00, ...] .text C:\Windows\system32\svchost.exe[1868] c:\windows\system32\DNSAPI.dll!DnsQuery_A 000007fefcc4daa0 12 bytes [48, B8, B9, C7, 3D, 76, 00, ...] .text C:\Windows\system32\svchost.exe[1868] c:\windows\system32\WINHTTP.dll!WinHttpCloseHandle 000007fefb2f22e0 12 bytes [48, B8, F9, A2, 3D, 76, 00, ...] .text C:\Windows\system32\svchost.exe[1868] c:\windows\system32\WINHTTP.dll!WinHttpOpenRequest 000007fefb2f45f8 12 bytes [48, B8, 39, A1, 3D, 76, 00, ...] .text C:\Windows\system32\svchost.exe[1868] c:\windows\system32\WINHTTP.dll!WinHttpConnect 000007fefb303e3c 12 bytes [48, B8, B9, A4, 3D, 76, 00, ...] .text C:\Windows\system32\WLANExt.exe[1976] C:\Windows\SYSTEM32\ntdll.dll!RtlEqualSid + 1 0000000077b68611 11 bytes [B8, F9, 04, 3E, 76, 00, 00, ...] .text C:\Windows\system32\WLANExt.exe[1976] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateProcessParametersEx + 1 0000000077b76741 7 bytes [B8, 39, 69, 3D, 76, 00, 00] .text C:\Windows\system32\WLANExt.exe[1976] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateProcessParametersEx + 10 0000000077b7674a 2 bytes [50, C3] .text C:\Windows\system32\WLANExt.exe[1976] C:\Windows\SYSTEM32\ntdll.dll!NtWriteFile 0000000077b8dc50 6 bytes [48, B8, F9, 12, 3E, 76] .text C:\Windows\system32\WLANExt.exe[1976] C:\Windows\SYSTEM32\ntdll.dll!NtWriteFile + 8 0000000077b8dc58 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\WLANExt.exe[1976] C:\Windows\SYSTEM32\ntdll.dll!NtClose 0000000077b8dcc0 6 bytes [48, B8, 79, C2, 3D, 76] .text C:\Windows\system32\WLANExt.exe[1976] C:\Windows\SYSTEM32\ntdll.dll!NtClose + 8 0000000077b8dcc8 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\WLANExt.exe[1976] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess 0000000077b8dd90 6 bytes [48, B8, 39, AF, 3D, 76] .text C:\Windows\system32\WLANExt.exe[1976] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess + 8 0000000077b8dd98 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\WLANExt.exe[1976] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationToken 0000000077b8dde0 6 bytes [48, B8, 39, 03, 3E, 76] .text C:\Windows\system32\WLANExt.exe[1976] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationToken + 8 0000000077b8dde8 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\WLANExt.exe[1976] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077b8de30 6 bytes [48, B8, F9, 32, 3D, 76] .text C:\Windows\system32\WLANExt.exe[1976] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess + 8 0000000077b8de38 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\WLANExt.exe[1976] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 0000000077b8de50 6 bytes [48, B8, 39, 1C, 3D, 76] .text C:\Windows\system32\WLANExt.exe[1976] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection + 8 0000000077b8de58 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\WLANExt.exe[1976] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection 0000000077b8de70 6 bytes [48, B8, F9, 1D, 3D, 76] .text C:\Windows\system32\WLANExt.exe[1976] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection + 8 0000000077b8de78 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\WLANExt.exe[1976] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077b8de90 6 bytes [48, B8, 79, AD, 3D, 76] .text C:\Windows\system32\WLANExt.exe[1976] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess + 8 0000000077b8de98 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\WLANExt.exe[1976] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077b8df40 6 bytes [48, B8, 39, 11, 3E, 76] .text C:\Windows\system32\WLANExt.exe[1976] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection + 8 0000000077b8df48 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\WLANExt.exe[1976] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077b8df70 6 bytes [48, B8, 79, 2F, 3D, 76] .text C:\Windows\system32\WLANExt.exe[1976] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory + 8 0000000077b8df78 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\WLANExt.exe[1976] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077b8df90 6 bytes [48, B8, 79, 36, 3D, 76] .text C:\Windows\system32\WLANExt.exe[1976] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject + 8 0000000077b8df98 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\WLANExt.exe[1976] C:\Windows\SYSTEM32\ntdll.dll!NtAdjustPrivilegesToken 0000000077b8dfe0 6 bytes [48, B8, 79, DE, 3D, 76] .text C:\Windows\system32\WLANExt.exe[1976] C:\Windows\SYSTEM32\ntdll.dll!NtAdjustPrivilegesToken + 8 0000000077b8dfe8 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\WLANExt.exe[1976] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 0000000077b8e020 6 bytes [48, B8, B9, 34, 3D, 76] .text C:\Windows\system32\WLANExt.exe[1976] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread + 8 0000000077b8e028 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\WLANExt.exe[1976] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077b8e070 6 bytes [48, B8, B9, 14, 3E, 76] .text C:\Windows\system32\WLANExt.exe[1976] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection + 8 0000000077b8e078 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\WLANExt.exe[1976] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcessEx 0000000077b8e0a0 6 bytes [48, B8, 39, 2A, 3D, 76] .text C:\Windows\system32\WLANExt.exe[1976] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcessEx + 8 0000000077b8e0a8 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\WLANExt.exe[1976] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077b8e0b0 6 bytes [48, B8, B9, 26, 3D, 76] .text C:\Windows\system32\WLANExt.exe[1976] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread + 8 0000000077b8e0b8 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\WLANExt.exe[1976] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 0000000077b8e120 6 bytes [48, B8, 39, E0, 3D, 76] .text C:\Windows\system32\WLANExt.exe[1976] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile + 8 0000000077b8e128 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\WLANExt.exe[1976] C:\Windows\SYSTEM32\ntdll.dll!NtSetValueKey 0000000077b8e1d0 6 bytes [48, B8, 39, 18, 3E, 76] .text C:\Windows\system32\WLANExt.exe[1976] C:\Windows\SYSTEM32\ntdll.dll!NtSetValueKey + 8 0000000077b8e1d8 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\WLANExt.exe[1976] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077b8e5a0 6 bytes [48, B8, 79, 0F, 3E, 76] .text C:\Windows\system32\WLANExt.exe[1976] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant + 8 0000000077b8e5a8 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\WLANExt.exe[1976] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcess 0000000077b8e5f0 6 bytes [48, B8, 79, 28, 3D, 76] .text C:\Windows\system32\WLANExt.exe[1976] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcess + 8 0000000077b8e5f8 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\WLANExt.exe[1976] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077b8e650 6 bytes [48, B8, F9, 24, 3D, 76] .text C:\Windows\system32\WLANExt.exe[1976] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx + 8 0000000077b8e658 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\WLANExt.exe[1976] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077b8e9c0 6 bytes [48, B8, 39, C4, 3D, 76] .text C:\Windows\system32\WLANExt.exe[1976] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver + 8 0000000077b8e9c8 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\WLANExt.exe[1976] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcessToken 0000000077b8eb90 6 bytes [48, B8, 79, 01, 3E, 76] .text C:\Windows\system32\WLANExt.exe[1976] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcessToken + 8 0000000077b8eb98 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\WLANExt.exe[1976] C:\Windows\SYSTEM32\ntdll.dll!NtRaiseHardError 0000000077b8ef00 6 bytes [48, B8, 79, 83, 3D, 76] .text C:\Windows\system32\WLANExt.exe[1976] C:\Windows\SYSTEM32\ntdll.dll!NtRaiseHardError + 8 0000000077b8ef08 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\WLANExt.exe[1976] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077b8f100 6 bytes [48, B8, 39, 31, 3D, 76] .text C:\Windows\system32\WLANExt.exe[1976] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread + 8 0000000077b8f108 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\WLANExt.exe[1976] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077b8f2c0 6 bytes [48, B8, F9, C5, 3D, 76] .text C:\Windows\system32\WLANExt.exe[1976] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation + 8 0000000077b8f2c8 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\WLANExt.exe[1976] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077b8f3a0 6 bytes [48, B8, 79, 3D, 3D, 76] .text C:\Windows\system32\WLANExt.exe[1976] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess + 8 0000000077b8f3a8 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\WLANExt.exe[1976] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077b8f3b0 6 bytes [48, B8, B9, 3B, 3D, 76] .text C:\Windows\system32\WLANExt.exe[1976] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread + 8 0000000077b8f3b8 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\WLANExt.exe[1976] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077b8f3c0 6 bytes [48, B8, 79, 16, 3E, 76] .text C:\Windows\system32\WLANExt.exe[1976] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl + 8 0000000077b8f3c8 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\WLANExt.exe[1976] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077b8f4a0 6 bytes [48, B8, 39, 0A, 3E, 76] .text C:\Windows\system32\WLANExt.exe[1976] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl + 8 0000000077b8f4a8 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\WLANExt.exe[1976] C:\Windows\SYSTEM32\ntdll.dll!RtlReportException + 1 0000000077bfea21 11 bytes [B8, 39, 85, 3D, 76, 00, 00, ...] .text C:\Windows\system32\WLANExt.exe[1976] C:\Windows\system32\KERNELBASE.dll!CloseHandle + 1 000007fefdc51861 11 bytes [B8, 79, 52, 3D, 76, 00, 00, ...] .text C:\Windows\system32\WLANExt.exe[1976] C:\Windows\system32\KERNELBASE.dll!GetProcAddress + 1 000007fefdc530f1 11 bytes [B8, 39, B6, 3D, 76, 00, 00, ...] .text C:\Windows\system32\WLANExt.exe[1976] C:\Windows\system32\KERNELBASE.dll!FindFirstFileExW 000007fefdc55200 12 bytes [48, B8, B9, E3, 3D, 76, 00, ...] .text C:\Windows\system32\WLANExt.exe[1976] C:\Windows\system32\KERNELBASE.dll!FindNextFileW + 1 000007fefdc55b91 11 bytes [B8, 79, E5, 3D, 76, 00, 00, ...] .text C:\Windows\system32\WLANExt.exe[1976] C:\Windows\system32\KERNELBASE.dll!CreateMutexW 000007fefdc58c00 12 bytes [48, B8, B9, 50, 3D, 76, 00, ...] .text C:\Windows\system32\WLANExt.exe[1976] C:\Windows\system32\KERNELBASE.dll!CreateWellKnownSid + 1 000007fefdc59531 11 bytes [B8, B9, FF, 3D, 76, 00, 00, ...] .text C:\Windows\system32\WLANExt.exe[1976] C:\Windows\system32\KERNELBASE.dll!DeviceIoControl + 1 000007fefdc59e71 11 bytes [B8, F9, E1, 3D, 76, 00, 00, ...] .text C:\Windows\system32\WLANExt.exe[1976] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExA + 1 000007fefdc5b591 11 bytes [B8, F9, B0, 3D, 76, 00, 00, ...] .text C:\Windows\system32\WLANExt.exe[1976] C:\Windows\system32\KERNELBASE.dll!OpenMutexW + 1 000007fefdc62361 11 bytes [B8, F9, 4E, 3D, 76, 00, 00, ...] .text C:\Windows\system32\WLANExt.exe[1976] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefdc6a590 12 bytes [48, B8, B9, B2, 3D, 76, 00, ...] .text C:\Windows\system32\WLANExt.exe[1976] C:\Windows\system32\KERNELBASE.dll!FreeLibrary + 1 000007fefdc6ac01 11 bytes [B8, 79, B4, 3D, 76, 00, 00, ...] .text C:\Windows\system32\WLANExt.exe[1976] C:\Windows\system32\KERNELBASE.dll!WriteProcessMemory 000007fefdc842e0 12 bytes [48, B8, B9, 42, 3D, 76, 00, ...] .text C:\Windows\system32\WLANExt.exe[1976] C:\Windows\system32\KERNELBASE.dll!DefineDosDeviceW + 1 000007fefdc90ba1 11 bytes [B8, B9, CE, 3D, 76, 00, 00, ...] .text C:\Windows\system32\WLANExt.exe[1976] C:\Windows\system32\KERNELBASE.dll!CreateRemoteThread + 1 000007fefdc92801 8 bytes [B8, 39, 23, 3D, 76, 00, 00, ...] .text C:\Windows\system32\WLANExt.exe[1976] C:\Windows\system32\KERNELBASE.dll!CreateRemoteThread + 10 000007fefdc9280a 2 bytes [50, C3] .text C:\Windows\system32\WLANExt.exe[1976] C:\Windows\system32\KERNELBASE.dll!CreateThread + 1 000007fefdc92841 11 bytes [B8, F9, 40, 3D, 76, 00, 00, ...] .text C:\Windows\system32\WLANExt.exe[1976] C:\Windows\system32\WS2_32.dll!WSASend + 1 000007feff1b13b1 11 bytes [B8, B9, AB, 3D, 76, 00, 00, ...] .text C:\Windows\system32\WLANExt.exe[1976] C:\Windows\system32\WS2_32.dll!closesocket 000007feff1b18e0 12 bytes [48, B8, F9, A9, 3D, 76, 00, ...] .text C:\Windows\system32\WLANExt.exe[1976] C:\Windows\system32\WS2_32.dll!WSASocketW + 1 000007feff1b1bd1 11 bytes [B8, 39, A8, 3D, 76, 00, 00, ...] .text C:\Windows\system32\WLANExt.exe[1976] C:\Windows\system32\WS2_32.dll!WSARecv + 1 000007feff1b2201 11 bytes [B8, 39, F5, 3D, 76, 00, 00, ...] .text C:\Windows\system32\WLANExt.exe[1976] C:\Windows\system32\WS2_32.dll!GetAddrInfoW 000007feff1b23c0 12 bytes [48, B8, 39, 8C, 3D, 76, 00, ...] .text C:\Windows\system32\WLANExt.exe[1976] C:\Windows\system32\WS2_32.dll!connect 000007feff1b45c0 12 bytes [48, B8, 79, 67, 3D, 76, 00, ...] .text C:\Windows\system32\WLANExt.exe[1976] C:\Windows\system32\WS2_32.dll!send + 1 000007feff1b8001 11 bytes [B8, 79, A6, 3D, 76, 00, 00, ...] .text C:\Windows\system32\WLANExt.exe[1976] C:\Windows\system32\WS2_32.dll!gethostbyname 000007feff1b8df0 7 bytes [48, B8, B9, 8F, 3D, 76, 00] .text C:\Windows\system32\WLANExt.exe[1976] C:\Windows\system32\WS2_32.dll!gethostbyname + 9 000007feff1b8df9 3 bytes [00, 50, C3] .text C:\Windows\system32\WLANExt.exe[1976] C:\Windows\system32\WS2_32.dll!GetAddrInfoExW 000007feff1bc090 12 bytes [48, B8, F9, 8D, 3D, 76, 00, ...] .text C:\Windows\system32\WLANExt.exe[1976] C:\Windows\system32\WS2_32.dll!socket + 1 000007feff1bde91 11 bytes [B8, 39, EE, 3D, 76, 00, 00, ...] .text C:\Windows\system32\WLANExt.exe[1976] C:\Windows\system32\WS2_32.dll!recv + 1 000007feff1bdf41 11 bytes [B8, 79, F3, 3D, 76, 00, 00, ...] .text C:\Windows\system32\WLANExt.exe[1976] C:\Windows\system32\WS2_32.dll!WSAConnect + 1 000007feff1de0f1 11 bytes [B8, B9, F1, 3D, 76, 00, 00, ...] .text C:\Windows\system32\WLANExt.exe[1976] C:\Windows\system32\DNSAPI.dll!DnsQuery_UTF8 000007fefcc256e0 12 bytes [48, B8, 39, CB, 3D, 76, 00, ...] .text C:\Windows\system32\WLANExt.exe[1976] C:\Windows\system32\DNSAPI.dll!DnsQuery_W 000007fefcc3010c 12 bytes [48, B8, 79, C9, 3D, 76, 00, ...] .text C:\Windows\system32\WLANExt.exe[1976] C:\Windows\system32\DNSAPI.dll!DnsQuery_A 000007fefcc4daa0 12 bytes [48, B8, B9, C7, 3D, 76, 00, ...] .text C:\Windows\System32\spoolsv.exe[1724] C:\Windows\SYSTEM32\ntdll.dll!RtlEqualSid + 1 0000000077b68611 11 bytes [B8, F9, 04, 3E, 76, 00, 00, ...] .text C:\Windows\System32\spoolsv.exe[1724] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateProcessParametersEx + 1 0000000077b76741 7 bytes [B8, 39, 69, 3D, 76, 00, 00] .text C:\Windows\System32\spoolsv.exe[1724] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateProcessParametersEx + 10 0000000077b7674a 2 bytes [50, C3] .text C:\Windows\System32\spoolsv.exe[1724] C:\Windows\SYSTEM32\ntdll.dll!NtWriteFile 0000000077b8dc50 6 bytes [48, B8, F9, 12, 3E, 76] .text C:\Windows\System32\spoolsv.exe[1724] C:\Windows\SYSTEM32\ntdll.dll!NtWriteFile + 8 0000000077b8dc58 4 bytes [00, 00, 50, C3] .text C:\Windows\System32\spoolsv.exe[1724] C:\Windows\SYSTEM32\ntdll.dll!NtClose 0000000077b8dcc0 6 bytes [48, B8, 79, C2, 3D, 76] .text C:\Windows\System32\spoolsv.exe[1724] C:\Windows\SYSTEM32\ntdll.dll!NtClose + 8 0000000077b8dcc8 4 bytes [00, 00, 50, C3] .text C:\Windows\System32\spoolsv.exe[1724] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess 0000000077b8dd90 6 bytes [48, B8, 39, AF, 3D, 76] .text C:\Windows\System32\spoolsv.exe[1724] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess + 8 0000000077b8dd98 4 bytes [00, 00, 50, C3] .text C:\Windows\System32\spoolsv.exe[1724] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationToken 0000000077b8dde0 6 bytes [48, B8, 39, 03, 3E, 76] .text C:\Windows\System32\spoolsv.exe[1724] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationToken + 8 0000000077b8dde8 4 bytes [00, 00, 50, C3] .text C:\Windows\System32\spoolsv.exe[1724] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077b8de30 6 bytes [48, B8, F9, 32, 3D, 76] .text C:\Windows\System32\spoolsv.exe[1724] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess + 8 0000000077b8de38 4 bytes [00, 00, 50, C3] .text C:\Windows\System32\spoolsv.exe[1724] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 0000000077b8de50 6 bytes [48, B8, 39, 1C, 3D, 76] .text C:\Windows\System32\spoolsv.exe[1724] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection + 8 0000000077b8de58 4 bytes [00, 00, 50, C3] .text C:\Windows\System32\spoolsv.exe[1724] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection 0000000077b8de70 6 bytes [48, B8, F9, 1D, 3D, 76] .text C:\Windows\System32\spoolsv.exe[1724] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection + 8 0000000077b8de78 4 bytes [00, 00, 50, C3] .text C:\Windows\System32\spoolsv.exe[1724] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077b8de90 6 bytes [48, B8, 79, AD, 3D, 76] .text C:\Windows\System32\spoolsv.exe[1724] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess + 8 0000000077b8de98 4 bytes [00, 00, 50, C3] .text C:\Windows\System32\spoolsv.exe[1724] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077b8df40 6 bytes [48, B8, 39, 11, 3E, 76] .text C:\Windows\System32\spoolsv.exe[1724] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection + 8 0000000077b8df48 4 bytes [00, 00, 50, C3] .text C:\Windows\System32\spoolsv.exe[1724] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077b8df70 6 bytes [48, B8, 79, 2F, 3D, 76] .text C:\Windows\System32\spoolsv.exe[1724] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory + 8 0000000077b8df78 4 bytes [00, 00, 50, C3] .text C:\Windows\System32\spoolsv.exe[1724] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077b8df90 6 bytes [48, B8, 79, 36, 3D, 76] .text C:\Windows\System32\spoolsv.exe[1724] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject + 8 0000000077b8df98 4 bytes [00, 00, 50, C3] .text C:\Windows\System32\spoolsv.exe[1724] C:\Windows\SYSTEM32\ntdll.dll!NtAdjustPrivilegesToken 0000000077b8dfe0 6 bytes [48, B8, 79, DE, 3D, 76] .text C:\Windows\System32\spoolsv.exe[1724] C:\Windows\SYSTEM32\ntdll.dll!NtAdjustPrivilegesToken + 8 0000000077b8dfe8 4 bytes [00, 00, 50, C3] .text C:\Windows\System32\spoolsv.exe[1724] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 0000000077b8e020 6 bytes [48, B8, B9, 34, 3D, 76] .text C:\Windows\System32\spoolsv.exe[1724] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread + 8 0000000077b8e028 4 bytes [00, 00, 50, C3] .text C:\Windows\System32\spoolsv.exe[1724] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077b8e070 6 bytes [48, B8, B9, 14, 3E, 76] .text C:\Windows\System32\spoolsv.exe[1724] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection + 8 0000000077b8e078 4 bytes [00, 00, 50, C3] .text C:\Windows\System32\spoolsv.exe[1724] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcessEx 0000000077b8e0a0 6 bytes [48, B8, 39, 2A, 3D, 76] .text C:\Windows\System32\spoolsv.exe[1724] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcessEx + 8 0000000077b8e0a8 4 bytes [00, 00, 50, C3] .text C:\Windows\System32\spoolsv.exe[1724] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077b8e0b0 6 bytes [48, B8, B9, 26, 3D, 76] .text C:\Windows\System32\spoolsv.exe[1724] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread + 8 0000000077b8e0b8 4 bytes [00, 00, 50, C3] .text C:\Windows\System32\spoolsv.exe[1724] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 0000000077b8e120 6 bytes [48, B8, 39, E0, 3D, 76] .text C:\Windows\System32\spoolsv.exe[1724] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile + 8 0000000077b8e128 4 bytes [00, 00, 50, C3] .text C:\Windows\System32\spoolsv.exe[1724] C:\Windows\SYSTEM32\ntdll.dll!NtSetValueKey 0000000077b8e1d0 6 bytes [48, B8, 39, 18, 3E, 76] .text C:\Windows\System32\spoolsv.exe[1724] C:\Windows\SYSTEM32\ntdll.dll!NtSetValueKey + 8 0000000077b8e1d8 4 bytes [00, 00, 50, C3] .text C:\Windows\System32\spoolsv.exe[1724] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077b8e5a0 6 bytes [48, B8, 79, 0F, 3E, 76] .text C:\Windows\System32\spoolsv.exe[1724] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant + 8 0000000077b8e5a8 4 bytes [00, 00, 50, C3] .text C:\Windows\System32\spoolsv.exe[1724] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcess 0000000077b8e5f0 6 bytes [48, B8, 79, 28, 3D, 76] .text C:\Windows\System32\spoolsv.exe[1724] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcess + 8 0000000077b8e5f8 4 bytes [00, 00, 50, C3] .text C:\Windows\System32\spoolsv.exe[1724] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077b8e650 6 bytes [48, B8, F9, 24, 3D, 76] .text C:\Windows\System32\spoolsv.exe[1724] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx + 8 0000000077b8e658 4 bytes [00, 00, 50, C3] .text C:\Windows\System32\spoolsv.exe[1724] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077b8e9c0 6 bytes [48, B8, 39, C4, 3D, 76] .text C:\Windows\System32\spoolsv.exe[1724] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver + 8 0000000077b8e9c8 4 bytes [00, 00, 50, C3] .text C:\Windows\System32\spoolsv.exe[1724] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcessToken 0000000077b8eb90 6 bytes [48, B8, 79, 01, 3E, 76] .text C:\Windows\System32\spoolsv.exe[1724] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcessToken + 8 0000000077b8eb98 4 bytes [00, 00, 50, C3] .text C:\Windows\System32\spoolsv.exe[1724] C:\Windows\SYSTEM32\ntdll.dll!NtRaiseHardError 0000000077b8ef00 6 bytes [48, B8, 79, 83, 3D, 76] .text C:\Windows\System32\spoolsv.exe[1724] C:\Windows\SYSTEM32\ntdll.dll!NtRaiseHardError + 8 0000000077b8ef08 4 bytes [00, 00, 50, C3] .text C:\Windows\System32\spoolsv.exe[1724] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077b8f100 6 bytes [48, B8, 39, 31, 3D, 76] .text C:\Windows\System32\spoolsv.exe[1724] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread + 8 0000000077b8f108 4 bytes [00, 00, 50, C3] .text C:\Windows\System32\spoolsv.exe[1724] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077b8f2c0 6 bytes [48, B8, F9, C5, 3D, 76] .text C:\Windows\System32\spoolsv.exe[1724] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation + 8 0000000077b8f2c8 4 bytes [00, 00, 50, C3] .text C:\Windows\System32\spoolsv.exe[1724] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077b8f3a0 6 bytes [48, B8, 79, 3D, 3D, 76] .text C:\Windows\System32\spoolsv.exe[1724] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess + 8 0000000077b8f3a8 4 bytes [00, 00, 50, C3] .text C:\Windows\System32\spoolsv.exe[1724] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077b8f3b0 6 bytes [48, B8, B9, 3B, 3D, 76] .text C:\Windows\System32\spoolsv.exe[1724] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread + 8 0000000077b8f3b8 4 bytes [00, 00, 50, C3] .text C:\Windows\System32\spoolsv.exe[1724] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077b8f3c0 6 bytes [48, B8, 79, 16, 3E, 76] .text C:\Windows\System32\spoolsv.exe[1724] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl + 8 0000000077b8f3c8 4 bytes [00, 00, 50, C3] .text C:\Windows\System32\spoolsv.exe[1724] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077b8f4a0 6 bytes [48, B8, 39, 0A, 3E, 76] .text C:\Windows\System32\spoolsv.exe[1724] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl + 8 0000000077b8f4a8 4 bytes [00, 00, 50, C3] .text C:\Windows\System32\spoolsv.exe[1724] C:\Windows\SYSTEM32\ntdll.dll!RtlReportException + 1 0000000077bfea21 11 bytes [B8, 39, 85, 3D, 76, 00, 00, ...] .text C:\Windows\System32\spoolsv.exe[1724] C:\Windows\system32\KERNELBASE.dll!CloseHandle + 1 000007fefdc51861 11 bytes [B8, 79, 52, 3D, 76, 00, 00, ...] .text C:\Windows\System32\spoolsv.exe[1724] C:\Windows\system32\KERNELBASE.dll!GetProcAddress + 1 000007fefdc530f1 11 bytes [B8, 39, B6, 3D, 76, 00, 00, ...] .text C:\Windows\System32\spoolsv.exe[1724] C:\Windows\system32\KERNELBASE.dll!FindFirstFileExW 000007fefdc55200 12 bytes [48, B8, B9, E3, 3D, 76, 00, ...] .text C:\Windows\System32\spoolsv.exe[1724] C:\Windows\system32\KERNELBASE.dll!FindNextFileW + 1 000007fefdc55b91 11 bytes [B8, 79, E5, 3D, 76, 00, 00, ...] .text C:\Windows\System32\spoolsv.exe[1724] C:\Windows\system32\KERNELBASE.dll!CreateMutexW 000007fefdc58c00 12 bytes [48, B8, B9, 50, 3D, 76, 00, ...] .text C:\Windows\System32\spoolsv.exe[1724] C:\Windows\system32\KERNELBASE.dll!CreateWellKnownSid + 1 000007fefdc59531 11 bytes [B8, B9, FF, 3D, 76, 00, 00, ...] .text C:\Windows\System32\spoolsv.exe[1724] C:\Windows\system32\KERNELBASE.dll!DeviceIoControl + 1 000007fefdc59e71 11 bytes [B8, F9, E1, 3D, 76, 00, 00, ...] .text C:\Windows\System32\spoolsv.exe[1724] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExA + 1 000007fefdc5b591 11 bytes [B8, F9, B0, 3D, 76, 00, 00, ...] .text C:\Windows\System32\spoolsv.exe[1724] C:\Windows\system32\KERNELBASE.dll!OpenMutexW + 1 000007fefdc62361 11 bytes [B8, F9, 4E, 3D, 76, 00, 00, ...] .text C:\Windows\System32\spoolsv.exe[1724] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefdc6a590 12 bytes [48, B8, B9, B2, 3D, 76, 00, ...] .text C:\Windows\System32\spoolsv.exe[1724] C:\Windows\system32\KERNELBASE.dll!FreeLibrary + 1 000007fefdc6ac01 11 bytes [B8, 79, B4, 3D, 76, 00, 00, ...] .text C:\Windows\System32\spoolsv.exe[1724] C:\Windows\system32\KERNELBASE.dll!WriteProcessMemory 000007fefdc842e0 12 bytes [48, B8, B9, 42, 3D, 76, 00, ...] .text C:\Windows\System32\spoolsv.exe[1724] C:\Windows\system32\KERNELBASE.dll!DefineDosDeviceW + 1 000007fefdc90ba1 11 bytes [B8, B9, CE, 3D, 76, 00, 00, ...] .text C:\Windows\System32\spoolsv.exe[1724] C:\Windows\system32\KERNELBASE.dll!CreateRemoteThread + 1 000007fefdc92801 8 bytes [B8, 39, 23, 3D, 76, 00, 00, ...] .text C:\Windows\System32\spoolsv.exe[1724] C:\Windows\system32\KERNELBASE.dll!CreateRemoteThread + 10 000007fefdc9280a 2 bytes [50, C3] .text C:\Windows\System32\spoolsv.exe[1724] C:\Windows\system32\KERNELBASE.dll!CreateThread + 1 000007fefdc92841 11 bytes [B8, F9, 40, 3D, 76, 00, 00, ...] .text C:\Windows\System32\spoolsv.exe[1724] C:\Windows\System32\DNSAPI.dll!DnsQuery_UTF8 000007fefcc256e0 12 bytes [48, B8, 39, CB, 3D, 76, 00, ...] .text C:\Windows\System32\spoolsv.exe[1724] C:\Windows\System32\DNSAPI.dll!DnsQuery_W 000007fefcc3010c 12 bytes [48, B8, 79, C9, 3D, 76, 00, ...] .text C:\Windows\System32\spoolsv.exe[1724] C:\Windows\System32\DNSAPI.dll!DnsQuery_A 000007fefcc4daa0 12 bytes [48, B8, B9, C7, 3D, 76, 00, ...] .text C:\Windows\System32\spoolsv.exe[1724] C:\Windows\system32\WS2_32.dll!WSASend + 1 000007feff1b13b1 11 bytes [B8, B9, AB, 3D, 76, 00, 00, ...] .text C:\Windows\System32\spoolsv.exe[1724] C:\Windows\system32\WS2_32.dll!closesocket 000007feff1b18e0 12 bytes [48, B8, F9, A9, 3D, 76, 00, ...] .text C:\Windows\System32\spoolsv.exe[1724] C:\Windows\system32\WS2_32.dll!WSASocketW + 1 000007feff1b1bd1 11 bytes [B8, 39, A8, 3D, 76, 00, 00, ...] .text C:\Windows\System32\spoolsv.exe[1724] C:\Windows\system32\WS2_32.dll!WSARecv + 1 000007feff1b2201 11 bytes [B8, 39, F5, 3D, 76, 00, 00, ...] .text C:\Windows\System32\spoolsv.exe[1724] C:\Windows\system32\WS2_32.dll!GetAddrInfoW 000007feff1b23c0 12 bytes [48, B8, 39, 8C, 3D, 76, 00, ...] .text C:\Windows\System32\spoolsv.exe[1724] C:\Windows\system32\WS2_32.dll!connect 000007feff1b45c0 12 bytes [48, B8, 79, 67, 3D, 76, 00, ...] .text C:\Windows\System32\spoolsv.exe[1724] C:\Windows\system32\WS2_32.dll!send + 1 000007feff1b8001 11 bytes [B8, 79, A6, 3D, 76, 00, 00, ...] .text C:\Windows\System32\spoolsv.exe[1724] C:\Windows\system32\WS2_32.dll!gethostbyname 000007feff1b8df0 7 bytes [48, B8, B9, 8F, 3D, 76, 00] .text C:\Windows\System32\spoolsv.exe[1724] C:\Windows\system32\WS2_32.dll!gethostbyname + 9 000007feff1b8df9 3 bytes [00, 50, C3] .text C:\Windows\System32\spoolsv.exe[1724] C:\Windows\system32\WS2_32.dll!GetAddrInfoExW 000007feff1bc090 12 bytes [48, B8, F9, 8D, 3D, 76, 00, ...] .text C:\Windows\System32\spoolsv.exe[1724] C:\Windows\system32\WS2_32.dll!socket + 1 000007feff1bde91 11 bytes [B8, 39, EE, 3D, 76, 00, 00, ...] .text C:\Windows\System32\spoolsv.exe[1724] C:\Windows\system32\WS2_32.dll!recv + 1 000007feff1bdf41 11 bytes [B8, 79, F3, 3D, 76, 00, 00, ...] .text C:\Windows\System32\spoolsv.exe[1724] C:\Windows\system32\WS2_32.dll!WSAConnect + 1 000007feff1de0f1 11 bytes [B8, B9, F1, 3D, 76, 00, 00, ...] .text C:\Windows\System32\spoolsv.exe[1724] C:\Windows\System32\WINHTTP.dll!WinHttpCloseHandle 000007fefb2f22e0 12 bytes [48, B8, F9, A2, 3D, 76, 00, ...] .text C:\Windows\System32\spoolsv.exe[1724] C:\Windows\System32\WINHTTP.dll!WinHttpOpenRequest 000007fefb2f45f8 12 bytes [48, B8, 39, A1, 3D, 76, 00, ...] .text C:\Windows\System32\spoolsv.exe[1724] C:\Windows\System32\WINHTTP.dll!WinHttpConnect 000007fefb303e3c 12 bytes [48, B8, B9, A4, 3D, 76, 00, ...] .text C:\Windows\system32\svchost.exe[880] C:\Windows\SYSTEM32\ntdll.dll!RtlEqualSid + 1 0000000077b68611 11 bytes [B8, 39, 03, 3E, 76, 00, 00, ...] .text C:\Windows\system32\svchost.exe[880] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateProcessParametersEx + 1 0000000077b76741 7 bytes [B8, 39, 69, 3D, 76, 00, 00] .text C:\Windows\system32\svchost.exe[880] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateProcessParametersEx + 10 0000000077b7674a 2 bytes [50, C3] .text C:\Windows\system32\svchost.exe[880] C:\Windows\SYSTEM32\ntdll.dll!NtWriteFile 0000000077b8dc50 6 bytes [48, B8, F9, 0B, 3E, 76] .text C:\Windows\system32\svchost.exe[880] C:\Windows\SYSTEM32\ntdll.dll!NtWriteFile + 8 0000000077b8dc58 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\svchost.exe[880] C:\Windows\SYSTEM32\ntdll.dll!NtClose 0000000077b8dcc0 6 bytes [48, B8, 79, C2, 3D, 76] .text C:\Windows\system32\svchost.exe[880] C:\Windows\SYSTEM32\ntdll.dll!NtClose + 8 0000000077b8dcc8 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\svchost.exe[880] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess 0000000077b8dd90 6 bytes [48, B8, 39, AF, 3D, 76] .text C:\Windows\system32\svchost.exe[880] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess + 8 0000000077b8dd98 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\svchost.exe[880] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationToken 0000000077b8dde0 6 bytes [48, B8, 79, 01, 3E, 76] .text C:\Windows\system32\svchost.exe[880] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationToken + 8 0000000077b8dde8 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\svchost.exe[880] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077b8de30 6 bytes [48, B8, F9, 32, 3D, 76] .text C:\Windows\system32\svchost.exe[880] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess + 8 0000000077b8de38 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\svchost.exe[880] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 0000000077b8de50 6 bytes [48, B8, 39, 1C, 3D, 76] .text C:\Windows\system32\svchost.exe[880] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection + 8 0000000077b8de58 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\svchost.exe[880] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection 0000000077b8de70 6 bytes [48, B8, F9, 1D, 3D, 76] .text C:\Windows\system32\svchost.exe[880] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection + 8 0000000077b8de78 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\svchost.exe[880] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077b8de90 6 bytes [48, B8, 79, AD, 3D, 76] .text C:\Windows\system32\svchost.exe[880] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess + 8 0000000077b8de98 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\svchost.exe[880] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077b8df40 6 bytes [48, B8, 39, 0A, 3E, 76] .text C:\Windows\system32\svchost.exe[880] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection + 8 0000000077b8df48 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\svchost.exe[880] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077b8df70 6 bytes [48, B8, 79, 2F, 3D, 76] .text C:\Windows\system32\svchost.exe[880] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory + 8 0000000077b8df78 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\svchost.exe[880] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077b8df90 6 bytes [48, B8, 79, 36, 3D, 76] .text C:\Windows\system32\svchost.exe[880] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject + 8 0000000077b8df98 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\svchost.exe[880] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 0000000077b8e020 6 bytes [48, B8, B9, 34, 3D, 76] .text C:\Windows\system32\svchost.exe[880] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread + 8 0000000077b8e028 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\svchost.exe[880] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077b8e070 6 bytes [48, B8, B9, 0D, 3E, 76] .text C:\Windows\system32\svchost.exe[880] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection + 8 0000000077b8e078 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\svchost.exe[880] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcessEx 0000000077b8e0a0 6 bytes [48, B8, 39, 2A, 3D, 76] .text C:\Windows\system32\svchost.exe[880] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcessEx + 8 0000000077b8e0a8 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\svchost.exe[880] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077b8e0b0 6 bytes [48, B8, B9, 26, 3D, 76] .text C:\Windows\system32\svchost.exe[880] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread + 8 0000000077b8e0b8 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\svchost.exe[880] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 0000000077b8e120 6 bytes [48, B8, 79, DE, 3D, 76] .text C:\Windows\system32\svchost.exe[880] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile + 8 0000000077b8e128 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\svchost.exe[880] C:\Windows\SYSTEM32\ntdll.dll!NtSetValueKey 0000000077b8e1d0 6 bytes [48, B8, 39, 11, 3E, 76] .text C:\Windows\system32\svchost.exe[880] C:\Windows\SYSTEM32\ntdll.dll!NtSetValueKey + 8 0000000077b8e1d8 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\svchost.exe[880] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077b8e5a0 6 bytes [48, B8, 79, 08, 3E, 76] .text C:\Windows\system32\svchost.exe[880] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant + 8 0000000077b8e5a8 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\svchost.exe[880] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcess 0000000077b8e5f0 6 bytes [48, B8, 79, 28, 3D, 76] .text C:\Windows\system32\svchost.exe[880] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcess + 8 0000000077b8e5f8 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\svchost.exe[880] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077b8e650 6 bytes [48, B8, F9, 24, 3D, 76] .text C:\Windows\system32\svchost.exe[880] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx + 8 0000000077b8e658 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\svchost.exe[880] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077b8e9c0 6 bytes [48, B8, 39, C4, 3D, 76] .text C:\Windows\system32\svchost.exe[880] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver + 8 0000000077b8e9c8 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\svchost.exe[880] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcessToken 0000000077b8eb90 6 bytes [48, B8, B9, FF, 3D, 76] .text C:\Windows\system32\svchost.exe[880] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcessToken + 8 0000000077b8eb98 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\svchost.exe[880] C:\Windows\SYSTEM32\ntdll.dll!NtRaiseHardError 0000000077b8ef00 6 bytes [48, B8, 79, 83, 3D, 76] .text C:\Windows\system32\svchost.exe[880] C:\Windows\SYSTEM32\ntdll.dll!NtRaiseHardError + 8 0000000077b8ef08 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\svchost.exe[880] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077b8f100 6 bytes [48, B8, 39, 31, 3D, 76] .text C:\Windows\system32\svchost.exe[880] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread + 8 0000000077b8f108 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\svchost.exe[880] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077b8f2c0 6 bytes [48, B8, F9, C5, 3D, 76] .text C:\Windows\system32\svchost.exe[880] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation + 8 0000000077b8f2c8 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\svchost.exe[880] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077b8f3a0 6 bytes [48, B8, 79, 3D, 3D, 76] .text C:\Windows\system32\svchost.exe[880] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess + 8 0000000077b8f3a8 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\svchost.exe[880] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077b8f3b0 6 bytes [48, B8, B9, 3B, 3D, 76] .text C:\Windows\system32\svchost.exe[880] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread + 8 0000000077b8f3b8 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\svchost.exe[880] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077b8f3c0 6 bytes [48, B8, 79, 0F, 3E, 76] .text C:\Windows\system32\svchost.exe[880] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl + 8 0000000077b8f3c8 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\svchost.exe[880] C:\Windows\SYSTEM32\ntdll.dll!RtlReportException + 1 0000000077bfea21 11 bytes [B8, 39, 85, 3D, 76, 00, 00, ...] .text C:\Windows\system32\svchost.exe[880] C:\Windows\system32\KERNELBASE.dll!CloseHandle + 1 000007fefdc51861 11 bytes [B8, 79, 52, 3D, 76, 00, 00, ...] .text C:\Windows\system32\svchost.exe[880] C:\Windows\system32\KERNELBASE.dll!GetProcAddress + 1 000007fefdc530f1 11 bytes [B8, 39, B6, 3D, 76, 00, 00, ...] .text C:\Windows\system32\svchost.exe[880] C:\Windows\system32\KERNELBASE.dll!FindFirstFileExW 000007fefdc55200 12 bytes [48, B8, F9, E1, 3D, 76, 00, ...] .text C:\Windows\system32\svchost.exe[880] C:\Windows\system32\KERNELBASE.dll!FindNextFileW + 1 000007fefdc55b91 11 bytes [B8, B9, E3, 3D, 76, 00, 00, ...] .text C:\Windows\system32\svchost.exe[880] C:\Windows\system32\KERNELBASE.dll!CreateMutexW 000007fefdc58c00 12 bytes [48, B8, B9, 50, 3D, 76, 00, ...] .text C:\Windows\system32\svchost.exe[880] C:\Windows\system32\KERNELBASE.dll!CreateWellKnownSid + 1 000007fefdc59531 11 bytes [B8, F9, FD, 3D, 76, 00, 00, ...] .text C:\Windows\system32\svchost.exe[880] C:\Windows\system32\KERNELBASE.dll!DeviceIoControl + 1 000007fefdc59e71 11 bytes [B8, 39, E0, 3D, 76, 00, 00, ...] .text C:\Windows\system32\svchost.exe[880] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExA + 1 000007fefdc5b591 11 bytes [B8, F9, B0, 3D, 76, 00, 00, ...] .text C:\Windows\system32\svchost.exe[880] C:\Windows\system32\KERNELBASE.dll!OpenMutexW + 1 000007fefdc62361 11 bytes [B8, F9, 4E, 3D, 76, 00, 00, ...] .text C:\Windows\system32\svchost.exe[880] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefdc6a590 12 bytes [48, B8, B9, B2, 3D, 76, 00, ...] .text C:\Windows\system32\svchost.exe[880] C:\Windows\system32\KERNELBASE.dll!FreeLibrary + 1 000007fefdc6ac01 11 bytes [B8, 79, B4, 3D, 76, 00, 00, ...] .text C:\Windows\system32\svchost.exe[880] C:\Windows\system32\KERNELBASE.dll!WriteProcessMemory 000007fefdc842e0 12 bytes [48, B8, B9, 42, 3D, 76, 00, ...] .text C:\Windows\system32\svchost.exe[880] C:\Windows\system32\KERNELBASE.dll!DefineDosDeviceW + 1 000007fefdc90ba1 11 bytes [B8, B9, CE, 3D, 76, 00, 00, ...] .text C:\Windows\system32\svchost.exe[880] C:\Windows\system32\KERNELBASE.dll!CreateRemoteThread + 1 000007fefdc92801 8 bytes [B8, 39, 23, 3D, 76, 00, 00, ...] .text C:\Windows\system32\svchost.exe[880] C:\Windows\system32\KERNELBASE.dll!CreateRemoteThread + 10 000007fefdc9280a 2 bytes [50, C3] .text C:\Windows\system32\svchost.exe[880] C:\Windows\system32\KERNELBASE.dll!CreateThread + 1 000007fefdc92841 11 bytes [B8, F9, 40, 3D, 76, 00, 00, ...] .text C:\Windows\system32\svchost.exe[880] C:\Windows\SYSTEM32\sechost.dll!ControlService + 1 000007feff6f642d 11 bytes [B8, 39, 5B, 3D, 76, 00, 00, ...] .text C:\Windows\system32\svchost.exe[880] C:\Windows\SYSTEM32\sechost.dll!OpenServiceW 000007feff6f6484 12 bytes [48, B8, F9, 55, 3D, 76, 00, ...] .text C:\Windows\system32\svchost.exe[880] C:\Windows\SYSTEM32\sechost.dll!CloseServiceHandle + 1 000007feff6f6519 11 bytes [B8, 39, 62, 3D, 76, 00, 00, ...] .text C:\Windows\system32\svchost.exe[880] C:\Windows\SYSTEM32\sechost.dll!OpenServiceA 000007feff6f6c34 12 bytes [48, B8, 39, 54, 3D, 76, 00, ...] .text C:\Windows\system32\svchost.exe[880] C:\Windows\SYSTEM32\sechost.dll!DeleteService + 1 000007feff6f7ab5 11 bytes [B8, F9, 5C, 3D, 76, 00, 00, ...] .text C:\Windows\system32\svchost.exe[880] C:\Windows\SYSTEM32\sechost.dll!ControlServiceExA + 1 000007feff6f8b01 11 bytes [B8, B9, 57, 3D, 76, 00, 00, ...] .text C:\Windows\system32\svchost.exe[880] C:\Windows\SYSTEM32\sechost.dll!ControlServiceExW + 1 000007feff6f8c39 11 bytes [B8, 79, 59, 3D, 76, 00, 00, ...] .text C:\Windows\system32\svchost.exe[880] C:\Windows\system32\ADVAPI32.dll!CryptExportKey + 1 000007fefdcfaeb1 11 bytes [B8, F9, F6, 3D, 76, 00, 00, ...] .text C:\Windows\system32\svchost.exe[880] C:\Windows\system32\ADVAPI32.dll!CryptAcquireContextA + 1 000007fefdcfaf11 11 bytes [B8, 79, E5, 3D, 76, 00, 00, ...] .text C:\Windows\system32\svchost.exe[880] C:\Windows\system32\ADVAPI32.dll!CryptImportKey + 1 000007fefdcfe719 11 bytes [B8, 39, FC, 3D, 76, 00, 00, ...] .text C:\Windows\system32\svchost.exe[880] C:\Windows\system32\ADVAPI32.dll!CryptAcquireContextW + 1 000007fefdd0051d 11 bytes [B8, 39, E7, 3D, 76, 00, 00, ...] .text C:\Windows\system32\svchost.exe[880] C:\Windows\system32\ADVAPI32.dll!CryptCreateHash + 1 000007fefdd00609 11 bytes [B8, 39, F5, 3D, 76, 00, 00, ...] .text C:\Windows\system32\svchost.exe[880] C:\Windows\system32\ADVAPI32.dll!CryptGetHashParam + 1 000007fefdd00641 11 bytes [B8, B9, F8, 3D, 76, 00, 00, ...] .text C:\Windows\system32\svchost.exe[880] C:\Windows\system32\ADVAPI32.dll!CryptGetHashParam + 73 000007fefdd00689 5 bytes [B8, 79, FA, 3D, 76] .text ... * 2 .text C:\Windows\system32\svchost.exe[880] C:\Windows\system32\ADVAPI32.dll!IsTextUnicode + 49 000007fefdd14ea1 11 bytes [B8, B9, 14, 3E, 76, 00, 00, ...] .text C:\Windows\system32\svchost.exe[880] C:\Windows\system32\ADVAPI32.dll!CreateServiceW 000007fefdd155c8 12 bytes [48, B8, B9, 6C, 3D, 76, 00, ...] .text C:\Windows\system32\svchost.exe[880] C:\Windows\system32\ADVAPI32.dll!CryptEncrypt + 1 000007fefdd2b7d1 7 bytes [B8, B9, EA, 3D, 76, 00, 00] .text C:\Windows\system32\svchost.exe[880] C:\Windows\system32\ADVAPI32.dll!CryptEncrypt + 10 000007fefdd2b7da 2 bytes [50, C3] .text C:\Windows\system32\svchost.exe[880] C:\Windows\system32\ADVAPI32.dll!CreateServiceA 000007fefdd2b85c 12 bytes [48, B8, F9, 6A, 3D, 76, 00, ...] .text C:\Windows\system32\svchost.exe[880] C:\Windows\system32\ADVAPI32.dll!ChangeServiceConfigW 000007fefdd2b9d0 12 bytes [48, B8, 79, 60, 3D, 76, 00, ...] .text C:\Windows\system32\svchost.exe[880] C:\Windows\system32\ADVAPI32.dll!ChangeServiceConfigA 000007fefdd2ba3c 12 bytes [48, B8, B9, 5E, 3D, 76, 00, ...] .text C:\Windows\system32\svchost.exe[880] C:\Windows\system32\WS2_32.dll!WSASend + 1 000007feff1b13b1 11 bytes [B8, B9, AB, 3D, 76, 00, 00, ...] .text C:\Windows\system32\svchost.exe[880] C:\Windows\system32\WS2_32.dll!closesocket 000007feff1b18e0 12 bytes [48, B8, F9, A9, 3D, 76, 00, ...] .text C:\Windows\system32\svchost.exe[880] C:\Windows\system32\WS2_32.dll!WSASocketW + 1 000007feff1b1bd1 11 bytes [B8, 39, A8, 3D, 76, 00, 00, ...] .text C:\Windows\system32\svchost.exe[880] C:\Windows\system32\WS2_32.dll!WSARecv + 1 000007feff1b2201 11 bytes [B8, 79, F3, 3D, 76, 00, 00, ...] .text C:\Windows\system32\svchost.exe[880] C:\Windows\system32\WS2_32.dll!GetAddrInfoW 000007feff1b23c0 12 bytes [48, B8, 39, 8C, 3D, 76, 00, ...] .text C:\Windows\system32\svchost.exe[880] C:\Windows\system32\WS2_32.dll!connect 000007feff1b45c0 12 bytes [48, B8, 79, 67, 3D, 76, 00, ...] .text C:\Windows\system32\svchost.exe[880] C:\Windows\system32\WS2_32.dll!send + 1 000007feff1b8001 11 bytes [B8, 79, A6, 3D, 76, 00, 00, ...] .text C:\Windows\system32\svchost.exe[880] C:\Windows\system32\WS2_32.dll!gethostbyname 000007feff1b8df0 7 bytes [48, B8, B9, 8F, 3D, 76, 00] .text C:\Windows\system32\svchost.exe[880] C:\Windows\system32\WS2_32.dll!gethostbyname + 9 000007feff1b8df9 3 bytes [00, 50, C3] .text C:\Windows\system32\svchost.exe[880] C:\Windows\system32\WS2_32.dll!GetAddrInfoExW 000007feff1bc090 12 bytes [48, B8, F9, 8D, 3D, 76, 00, ...] .text C:\Windows\system32\svchost.exe[880] C:\Windows\system32\WS2_32.dll!socket + 1 000007feff1bde91 11 bytes [B8, 79, EC, 3D, 76, 00, 00, ...] .text C:\Windows\system32\svchost.exe[880] C:\Windows\system32\WS2_32.dll!recv + 1 000007feff1bdf41 11 bytes [B8, B9, F1, 3D, 76, 00, 00, ...] .text C:\Windows\system32\svchost.exe[880] C:\Windows\system32\WS2_32.dll!WSAConnect + 1 000007feff1de0f1 11 bytes [B8, F9, EF, 3D, 76, 00, 00, ...] .text C:\ProgramData\DatacardService\HWDeviceService64.exe[2192] C:\Windows\SYSTEM32\ntdll.dll!RtlEqualSid + 1 0000000077b68611 11 bytes [B8, B9, 22, 3E, 76, 00, 00, ...] .text C:\ProgramData\DatacardService\HWDeviceService64.exe[2192] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateProcessParametersEx + 1 0000000077b76741 7 bytes [B8, 39, 69, 3D, 76, 00, 00] .text C:\ProgramData\DatacardService\HWDeviceService64.exe[2192] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateProcessParametersEx + 10 0000000077b7674a 2 bytes [50, C3] .text C:\ProgramData\DatacardService\HWDeviceService64.exe[2192] C:\Windows\SYSTEM32\ntdll.dll!NtReadFile 0000000077b8dc30 6 bytes [48, B8, B9, FF, 3D, 76] .text C:\ProgramData\DatacardService\HWDeviceService64.exe[2192] C:\Windows\SYSTEM32\ntdll.dll!NtReadFile + 8 0000000077b8dc38 4 bytes [00, 00, 50, C3] .text C:\ProgramData\DatacardService\HWDeviceService64.exe[2192] C:\Windows\SYSTEM32\ntdll.dll!NtWriteFile 0000000077b8dc50 6 bytes [48, B8, B9, 30, 3E, 76] .text C:\ProgramData\DatacardService\HWDeviceService64.exe[2192] C:\Windows\SYSTEM32\ntdll.dll!NtWriteFile + 8 0000000077b8dc58 4 bytes [00, 00, 50, C3] .text C:\ProgramData\DatacardService\HWDeviceService64.exe[2192] C:\Windows\SYSTEM32\ntdll.dll!NtClose 0000000077b8dcc0 6 bytes [48, B8, 79, DE, 3D, 76] .text C:\ProgramData\DatacardService\HWDeviceService64.exe[2192] C:\Windows\SYSTEM32\ntdll.dll!NtClose + 8 0000000077b8dcc8 4 bytes [00, 00, 50, C3] .text C:\ProgramData\DatacardService\HWDeviceService64.exe[2192] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess 0000000077b8dd90 6 bytes [48, B8, 39, CB, 3D, 76] .text C:\ProgramData\DatacardService\HWDeviceService64.exe[2192] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess + 8 0000000077b8dd98 4 bytes [00, 00, 50, C3] .text C:\ProgramData\DatacardService\HWDeviceService64.exe[2192] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationToken 0000000077b8dde0 6 bytes [48, B8, F9, 20, 3E, 76] .text C:\ProgramData\DatacardService\HWDeviceService64.exe[2192] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationToken + 8 0000000077b8dde8 4 bytes [00, 00, 50, C3] .text C:\ProgramData\DatacardService\HWDeviceService64.exe[2192] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077b8de30 6 bytes [48, B8, F9, 32, 3D, 76] .text C:\ProgramData\DatacardService\HWDeviceService64.exe[2192] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess + 8 0000000077b8de38 4 bytes [00, 00, 50, C3] .text C:\ProgramData\DatacardService\HWDeviceService64.exe[2192] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 0000000077b8de50 6 bytes [48, B8, 39, 1C, 3D, 76] .text C:\ProgramData\DatacardService\HWDeviceService64.exe[2192] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection + 8 0000000077b8de58 4 bytes [00, 00, 50, C3] .text C:\ProgramData\DatacardService\HWDeviceService64.exe[2192] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection 0000000077b8de70 6 bytes [48, B8, F9, 1D, 3D, 76] .text C:\ProgramData\DatacardService\HWDeviceService64.exe[2192] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection + 8 0000000077b8de78 4 bytes [00, 00, 50, C3] .text C:\ProgramData\DatacardService\HWDeviceService64.exe[2192] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077b8de90 6 bytes [48, B8, 79, C9, 3D, 76] .text C:\ProgramData\DatacardService\HWDeviceService64.exe[2192] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess + 8 0000000077b8de98 4 bytes [00, 00, 50, C3] .text C:\ProgramData\DatacardService\HWDeviceService64.exe[2192] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077b8df40 6 bytes [48, B8, F9, 2E, 3E, 76] .text C:\ProgramData\DatacardService\HWDeviceService64.exe[2192] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection + 8 0000000077b8df48 4 bytes [00, 00, 50, C3] .text C:\ProgramData\DatacardService\HWDeviceService64.exe[2192] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077b8df70 6 bytes [48, B8, 79, 2F, 3D, 76] .text C:\ProgramData\DatacardService\HWDeviceService64.exe[2192] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory + 8 0000000077b8df78 4 bytes [00, 00, 50, C3] .text C:\ProgramData\DatacardService\HWDeviceService64.exe[2192] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077b8df90 6 bytes [48, B8, 79, 36, 3D, 76] .text C:\ProgramData\DatacardService\HWDeviceService64.exe[2192] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject + 8 0000000077b8df98 4 bytes [00, 00, 50, C3] .text C:\ProgramData\DatacardService\HWDeviceService64.exe[2192] C:\Windows\SYSTEM32\ntdll.dll!NtAdjustPrivilegesToken 0000000077b8dfe0 6 bytes [48, B8, 79, FA, 3D, 76] .text C:\ProgramData\DatacardService\HWDeviceService64.exe[2192] C:\Windows\SYSTEM32\ntdll.dll!NtAdjustPrivilegesToken + 8 0000000077b8dfe8 4 bytes [00, 00, 50, C3] .text C:\ProgramData\DatacardService\HWDeviceService64.exe[2192] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 0000000077b8e020 6 bytes [48, B8, B9, 34, 3D, 76] .text C:\ProgramData\DatacardService\HWDeviceService64.exe[2192] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread + 8 0000000077b8e028 4 bytes [00, 00, 50, C3] .text C:\ProgramData\DatacardService\HWDeviceService64.exe[2192] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077b8e070 6 bytes [48, B8, 79, 32, 3E, 76] .text C:\ProgramData\DatacardService\HWDeviceService64.exe[2192] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection + 8 0000000077b8e078 4 bytes [00, 00, 50, C3] .text C:\ProgramData\DatacardService\HWDeviceService64.exe[2192] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcessEx 0000000077b8e0a0 6 bytes [48, B8, 39, 2A, 3D, 76] .text C:\ProgramData\DatacardService\HWDeviceService64.exe[2192] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcessEx + 8 0000000077b8e0a8 4 bytes [00, 00, 50, C3] .text C:\ProgramData\DatacardService\HWDeviceService64.exe[2192] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077b8e0b0 6 bytes [48, B8, B9, 26, 3D, 76] .text C:\ProgramData\DatacardService\HWDeviceService64.exe[2192] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread + 8 0000000077b8e0b8 4 bytes [00, 00, 50, C3] .text C:\ProgramData\DatacardService\HWDeviceService64.exe[2192] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 0000000077b8e120 6 bytes [48, B8, 39, FC, 3D, 76] .text C:\ProgramData\DatacardService\HWDeviceService64.exe[2192] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile + 8 0000000077b8e128 4 bytes [00, 00, 50, C3] .text C:\ProgramData\DatacardService\HWDeviceService64.exe[2192] C:\Windows\SYSTEM32\ntdll.dll!NtSetValueKey 0000000077b8e1d0 6 bytes [48, B8, F9, 35, 3E, 76] .text C:\ProgramData\DatacardService\HWDeviceService64.exe[2192] C:\Windows\SYSTEM32\ntdll.dll!NtSetValueKey + 8 0000000077b8e1d8 4 bytes [00, 00, 50, C3] .text C:\ProgramData\DatacardService\HWDeviceService64.exe[2192] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077b8e5a0 6 bytes [48, B8, 39, 2D, 3E, 76] .text C:\ProgramData\DatacardService\HWDeviceService64.exe[2192] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant + 8 0000000077b8e5a8 4 bytes [00, 00, 50, C3] .text C:\ProgramData\DatacardService\HWDeviceService64.exe[2192] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcess 0000000077b8e5f0 6 bytes [48, B8, 79, 28, 3D, 76] .text C:\ProgramData\DatacardService\HWDeviceService64.exe[2192] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcess + 8 0000000077b8e5f8 4 bytes [00, 00, 50, C3] .text C:\ProgramData\DatacardService\HWDeviceService64.exe[2192] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077b8e650 6 bytes [48, B8, F9, 24, 3D, 76] .text C:\ProgramData\DatacardService\HWDeviceService64.exe[2192] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx + 8 0000000077b8e658 4 bytes [00, 00, 50, C3] .text C:\ProgramData\DatacardService\HWDeviceService64.exe[2192] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077b8e9c0 6 bytes [48, B8, 39, E0, 3D, 76] .text C:\ProgramData\DatacardService\HWDeviceService64.exe[2192] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver + 8 0000000077b8e9c8 4 bytes [00, 00, 50, C3] .text C:\ProgramData\DatacardService\HWDeviceService64.exe[2192] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcessToken 0000000077b8eb90 6 bytes [48, B8, 39, 1F, 3E, 76] .text C:\ProgramData\DatacardService\HWDeviceService64.exe[2192] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcessToken + 8 0000000077b8eb98 4 bytes [00, 00, 50, C3] .text C:\ProgramData\DatacardService\HWDeviceService64.exe[2192] C:\Windows\SYSTEM32\ntdll.dll!NtRaiseHardError 0000000077b8ef00 6 bytes [48, B8, 79, 83, 3D, 76] .text C:\ProgramData\DatacardService\HWDeviceService64.exe[2192] C:\Windows\SYSTEM32\ntdll.dll!NtRaiseHardError + 8 0000000077b8ef08 4 bytes [00, 00, 50, C3] .text C:\ProgramData\DatacardService\HWDeviceService64.exe[2192] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077b8f100 6 bytes [48, B8, 39, 31, 3D, 76] .text C:\ProgramData\DatacardService\HWDeviceService64.exe[2192] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread + 8 0000000077b8f108 4 bytes [00, 00, 50, C3] .text C:\ProgramData\DatacardService\HWDeviceService64.exe[2192] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077b8f2c0 6 bytes [48, B8, F9, E1, 3D, 76] .text C:\ProgramData\DatacardService\HWDeviceService64.exe[2192] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation + 8 0000000077b8f2c8 4 bytes [00, 00, 50, C3] .text C:\ProgramData\DatacardService\HWDeviceService64.exe[2192] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077b8f3a0 6 bytes [48, B8, 79, 3D, 3D, 76] .text C:\ProgramData\DatacardService\HWDeviceService64.exe[2192] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess + 8 0000000077b8f3a8 4 bytes [00, 00, 50, C3] .text C:\ProgramData\DatacardService\HWDeviceService64.exe[2192] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077b8f3b0 6 bytes [48, B8, B9, 3B, 3D, 76] .text C:\ProgramData\DatacardService\HWDeviceService64.exe[2192] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread + 8 0000000077b8f3b8 4 bytes [00, 00, 50, C3] .text C:\ProgramData\DatacardService\HWDeviceService64.exe[2192] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077b8f3c0 6 bytes [48, B8, 39, 34, 3E, 76] .text C:\ProgramData\DatacardService\HWDeviceService64.exe[2192] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl + 8 0000000077b8f3c8 4 bytes [00, 00, 50, C3] .text C:\ProgramData\DatacardService\HWDeviceService64.exe[2192] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077b8f4a0 6 bytes [48, B8, F9, 27, 3E, 76] .text C:\ProgramData\DatacardService\HWDeviceService64.exe[2192] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl + 8 0000000077b8f4a8 4 bytes [00, 00, 50, C3] .text C:\ProgramData\DatacardService\HWDeviceService64.exe[2192] C:\Windows\SYSTEM32\ntdll.dll!RtlReportException + 1 0000000077bfea21 11 bytes [B8, 39, 85, 3D, 76, 00, 00, ...] .text C:\ProgramData\DatacardService\HWDeviceService64.exe[2192] C:\Windows\system32\KERNELBASE.dll!CloseHandle + 1 000007fefdc51861 11 bytes [B8, 79, 52, 3D, 76, 00, 00, ...] .text C:\ProgramData\DatacardService\HWDeviceService64.exe[2192] C:\Windows\system32\KERNELBASE.dll!GetProcAddress + 1 000007fefdc530f1 11 bytes [B8, 39, D2, 3D, 76, 00, 00, ...] .text C:\ProgramData\DatacardService\HWDeviceService64.exe[2192] C:\Windows\system32\KERNELBASE.dll!FindFirstFileExW 000007fefdc55200 12 bytes [48, B8, 79, 01, 3E, 76, 00, ...] .text C:\ProgramData\DatacardService\HWDeviceService64.exe[2192] C:\Windows\system32\KERNELBASE.dll!FindNextFileW + 1 000007fefdc55b91 11 bytes [B8, 39, 03, 3E, 76, 00, 00, ...] .text C:\ProgramData\DatacardService\HWDeviceService64.exe[2192] C:\Windows\system32\KERNELBASE.dll!CreateMutexW 000007fefdc58c00 12 bytes [48, B8, B9, 50, 3D, 76, 00, ...] .text C:\ProgramData\DatacardService\HWDeviceService64.exe[2192] C:\Windows\system32\KERNELBASE.dll!CreateWellKnownSid + 1 000007fefdc59531 11 bytes [B8, 79, 1D, 3E, 76, 00, 00, ...] .text C:\ProgramData\DatacardService\HWDeviceService64.exe[2192] C:\Windows\system32\KERNELBASE.dll!DeviceIoControl + 1 000007fefdc59e71 11 bytes [B8, F9, FD, 3D, 76, 00, 00, ...] .text C:\ProgramData\DatacardService\HWDeviceService64.exe[2192] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExA + 1 000007fefdc5b591 11 bytes [B8, F9, CC, 3D, 76, 00, 00, ...] .text C:\ProgramData\DatacardService\HWDeviceService64.exe[2192] C:\Windows\system32\KERNELBASE.dll!OpenMutexW + 1 000007fefdc62361 11 bytes [B8, F9, 4E, 3D, 76, 00, 00, ...] .text C:\ProgramData\DatacardService\HWDeviceService64.exe[2192] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefdc6a590 12 bytes [48, B8, B9, CE, 3D, 76, 00, ...] .text C:\ProgramData\DatacardService\HWDeviceService64.exe[2192] C:\Windows\system32\KERNELBASE.dll!FreeLibrary + 1 000007fefdc6ac01 11 bytes [B8, 79, D0, 3D, 76, 00, 00, ...] .text C:\ProgramData\DatacardService\HWDeviceService64.exe[2192] C:\Windows\system32\KERNELBASE.dll!WriteProcessMemory 000007fefdc842e0 12 bytes [48, B8, B9, 42, 3D, 76, 00, ...] .text C:\ProgramData\DatacardService\HWDeviceService64.exe[2192] C:\Windows\system32\KERNELBASE.dll!DefineDosDeviceW + 1 000007fefdc90ba1 11 bytes [B8, B9, EA, 3D, 76, 00, 00, ...] .text C:\ProgramData\DatacardService\HWDeviceService64.exe[2192] C:\Windows\system32\KERNELBASE.dll!CreateRemoteThread + 1 000007fefdc92801 8 bytes [B8, 39, 23, 3D, 76, 00, 00, ...] .text C:\ProgramData\DatacardService\HWDeviceService64.exe[2192] C:\Windows\system32\KERNELBASE.dll!CreateRemoteThread + 10 000007fefdc9280a 2 bytes [50, C3] .text C:\ProgramData\DatacardService\HWDeviceService64.exe[2192] C:\Windows\system32\KERNELBASE.dll!CreateThread + 1 000007fefdc92841 11 bytes [B8, F9, 40, 3D, 76, 00, 00, ...] .text C:\ProgramData\DatacardService\HWDeviceService64.exe[2192] C:\Windows\system32\WS2_32.dll!WSASend + 1 000007feff1b13b1 11 bytes [B8, B9, C7, 3D, 76, 00, 00, ...] .text C:\ProgramData\DatacardService\HWDeviceService64.exe[2192] C:\Windows\system32\WS2_32.dll!closesocket 000007feff1b18e0 12 bytes [48, B8, F9, C5, 3D, 76, 00, ...] .text C:\ProgramData\DatacardService\HWDeviceService64.exe[2192] C:\Windows\system32\WS2_32.dll!WSASocketW + 1 000007feff1b1bd1 11 bytes [B8, 39, C4, 3D, 76, 00, 00, ...] .text C:\ProgramData\DatacardService\HWDeviceService64.exe[2192] C:\Windows\system32\WS2_32.dll!WSARecv + 1 000007feff1b2201 11 bytes [B8, F9, 12, 3E, 76, 00, 00, ...] .text C:\ProgramData\DatacardService\HWDeviceService64.exe[2192] C:\Windows\system32\WS2_32.dll!GetAddrInfoW 000007feff1b23c0 12 bytes [48, B8, 39, A8, 3D, 76, 00, ...] .text C:\ProgramData\DatacardService\HWDeviceService64.exe[2192] C:\Windows\system32\WS2_32.dll!connect 000007feff1b45c0 12 bytes [48, B8, 79, 67, 3D, 76, 00, ...] .text C:\ProgramData\DatacardService\HWDeviceService64.exe[2192] C:\Windows\system32\WS2_32.dll!send + 1 000007feff1b8001 11 bytes [B8, 79, C2, 3D, 76, 00, 00, ...] .text C:\ProgramData\DatacardService\HWDeviceService64.exe[2192] C:\Windows\system32\WS2_32.dll!gethostbyname 000007feff1b8df0 7 bytes [48, B8, B9, AB, 3D, 76, 00] .text C:\ProgramData\DatacardService\HWDeviceService64.exe[2192] C:\Windows\system32\WS2_32.dll!gethostbyname + 9 000007feff1b8df9 3 bytes [00, 50, C3] .text C:\ProgramData\DatacardService\HWDeviceService64.exe[2192] C:\Windows\system32\WS2_32.dll!GetAddrInfoExW 000007feff1bc090 12 bytes [48, B8, F9, A9, 3D, 76, 00, ...] .text C:\ProgramData\DatacardService\HWDeviceService64.exe[2192] C:\Windows\system32\WS2_32.dll!socket + 1 000007feff1bde91 11 bytes [B8, F9, 0B, 3E, 76, 00, 00, ...] .text C:\ProgramData\DatacardService\HWDeviceService64.exe[2192] C:\Windows\system32\WS2_32.dll!recv + 1 000007feff1bdf41 11 bytes [B8, 39, 11, 3E, 76, 00, 00, ...] .text C:\ProgramData\DatacardService\HWDeviceService64.exe[2192] C:\Windows\system32\WS2_32.dll!WSAConnect + 1 000007feff1de0f1 11 bytes [B8, 79, 0F, 3E, 76, 00, 00, ...] .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2252] C:\Windows\SYSTEM32\ntdll.dll!RtlEqualSid + 1 0000000077b68611 11 bytes [B8, F9, 20, 3E, 76, 00, 00, ...] .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2252] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateProcessParametersEx + 1 0000000077b76741 7 bytes [B8, 39, 69, 3D, 76, 00, 00] .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2252] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateProcessParametersEx + 10 0000000077b7674a 2 bytes [50, C3] .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2252] C:\Windows\SYSTEM32\ntdll.dll!NtWriteFile 0000000077b8dc50 6 bytes [48, B8, F9, 2E, 3E, 76] .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2252] C:\Windows\SYSTEM32\ntdll.dll!NtWriteFile + 8 0000000077b8dc58 4 bytes [00, 00, 50, C3] .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2252] C:\Windows\SYSTEM32\ntdll.dll!NtClose 0000000077b8dcc0 6 bytes [48, B8, 79, DE, 3D, 76] .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2252] C:\Windows\SYSTEM32\ntdll.dll!NtClose + 8 0000000077b8dcc8 4 bytes [00, 00, 50, C3] .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2252] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess 0000000077b8dd90 6 bytes [48, B8, 39, CB, 3D, 76] .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2252] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess + 8 0000000077b8dd98 4 bytes [00, 00, 50, C3] .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2252] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationToken 0000000077b8dde0 6 bytes [48, B8, 39, 1F, 3E, 76] .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2252] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationToken + 8 0000000077b8dde8 4 bytes [00, 00, 50, C3] .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2252] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077b8de30 6 bytes [48, B8, F9, 32, 3D, 76] .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2252] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess + 8 0000000077b8de38 4 bytes [00, 00, 50, C3] .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2252] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 0000000077b8de50 6 bytes [48, B8, 39, 1C, 3D, 76] .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2252] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection + 8 0000000077b8de58 4 bytes [00, 00, 50, C3] .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2252] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection 0000000077b8de70 6 bytes [48, B8, F9, 1D, 3D, 76] .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2252] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection + 8 0000000077b8de78 4 bytes [00, 00, 50, C3] .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2252] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077b8de90 6 bytes [48, B8, 79, C9, 3D, 76] .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2252] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess + 8 0000000077b8de98 4 bytes [00, 00, 50, C3] .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2252] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077b8df40 6 bytes [48, B8, 39, 2D, 3E, 76] .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2252] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection + 8 0000000077b8df48 4 bytes [00, 00, 50, C3] .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2252] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077b8df70 6 bytes [48, B8, 79, 2F, 3D, 76] .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2252] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory + 8 0000000077b8df78 4 bytes [00, 00, 50, C3] .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2252] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077b8df90 6 bytes [48, B8, 79, 36, 3D, 76] .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2252] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject + 8 0000000077b8df98 4 bytes [00, 00, 50, C3] .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2252] C:\Windows\SYSTEM32\ntdll.dll!NtAdjustPrivilegesToken 0000000077b8dfe0 6 bytes [48, B8, 79, FA, 3D, 76] .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2252] C:\Windows\SYSTEM32\ntdll.dll!NtAdjustPrivilegesToken + 8 0000000077b8dfe8 4 bytes [00, 00, 50, C3] .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2252] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 0000000077b8e020 6 bytes [48, B8, B9, 34, 3D, 76] .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2252] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread + 8 0000000077b8e028 4 bytes [00, 00, 50, C3] .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2252] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077b8e070 6 bytes [48, B8, B9, 30, 3E, 76] .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2252] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection + 8 0000000077b8e078 4 bytes [00, 00, 50, C3] .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2252] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcessEx 0000000077b8e0a0 6 bytes [48, B8, 39, 2A, 3D, 76] .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2252] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcessEx + 8 0000000077b8e0a8 4 bytes [00, 00, 50, C3] .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2252] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077b8e0b0 6 bytes [48, B8, B9, 26, 3D, 76] .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2252] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread + 8 0000000077b8e0b8 4 bytes [00, 00, 50, C3] .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2252] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 0000000077b8e120 6 bytes [48, B8, 39, FC, 3D, 76] .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2252] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile + 8 0000000077b8e128 4 bytes [00, 00, 50, C3] .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2252] C:\Windows\SYSTEM32\ntdll.dll!NtSetValueKey 0000000077b8e1d0 6 bytes [48, B8, 39, 34, 3E, 76] .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2252] C:\Windows\SYSTEM32\ntdll.dll!NtSetValueKey + 8 0000000077b8e1d8 4 bytes [00, 00, 50, C3] .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2252] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077b8e5a0 6 bytes [48, B8, 79, 2B, 3E, 76] .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2252] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant + 8 0000000077b8e5a8 4 bytes [00, 00, 50, C3] .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2252] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcess 0000000077b8e5f0 6 bytes [48, B8, 79, 28, 3D, 76] .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2252] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcess + 8 0000000077b8e5f8 4 bytes [00, 00, 50, C3] .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2252] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077b8e650 6 bytes [48, B8, F9, 24, 3D, 76] .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2252] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx + 8 0000000077b8e658 4 bytes [00, 00, 50, C3] .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2252] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077b8e9c0 6 bytes [48, B8, 39, E0, 3D, 76] .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2252] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver + 8 0000000077b8e9c8 4 bytes [00, 00, 50, C3] .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2252] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcessToken 0000000077b8eb90 6 bytes [48, B8, 79, 1D, 3E, 76] .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2252] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcessToken + 8 0000000077b8eb98 4 bytes [00, 00, 50, C3] .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2252] C:\Windows\SYSTEM32\ntdll.dll!NtRaiseHardError 0000000077b8ef00 6 bytes [48, B8, 79, 83, 3D, 76] .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2252] C:\Windows\SYSTEM32\ntdll.dll!NtRaiseHardError + 8 0000000077b8ef08 4 bytes [00, 00, 50, C3] .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2252] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077b8f100 6 bytes [48, B8, 39, 31, 3D, 76] .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2252] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread + 8 0000000077b8f108 4 bytes [00, 00, 50, C3] .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2252] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077b8f2c0 6 bytes [48, B8, F9, E1, 3D, 76] .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2252] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation + 8 0000000077b8f2c8 4 bytes [00, 00, 50, C3] .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2252] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077b8f3a0 6 bytes [48, B8, 79, 3D, 3D, 76] .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2252] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess + 8 0000000077b8f3a8 4 bytes [00, 00, 50, C3] .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2252] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077b8f3b0 6 bytes [48, B8, B9, 3B, 3D, 76] .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2252] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread + 8 0000000077b8f3b8 4 bytes [00, 00, 50, C3] .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2252] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077b8f3c0 6 bytes [48, B8, 79, 32, 3E, 76] .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2252] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl + 8 0000000077b8f3c8 4 bytes [00, 00, 50, C3] .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2252] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077b8f4a0 6 bytes [48, B8, 39, 26, 3E, 76] .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2252] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl + 8 0000000077b8f4a8 4 bytes [00, 00, 50, C3] .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2252] C:\Windows\SYSTEM32\ntdll.dll!RtlReportException + 1 0000000077bfea21 11 bytes [B8, 39, 85, 3D, 76, 00, 00, ...] .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2252] C:\Windows\system32\KERNELBASE.dll!CloseHandle + 1 000007fefdc51861 11 bytes [B8, 79, 52, 3D, 76, 00, 00, ...] .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2252] C:\Windows\system32\KERNELBASE.dll!GetProcAddress + 1 000007fefdc530f1 11 bytes [B8, 39, D2, 3D, 76, 00, 00, ...] .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2252] C:\Windows\system32\KERNELBASE.dll!FindFirstFileExW 000007fefdc55200 12 bytes [48, B8, B9, FF, 3D, 76, 00, ...] .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2252] C:\Windows\system32\KERNELBASE.dll!FindNextFileW + 1 000007fefdc55b91 11 bytes [B8, 79, 01, 3E, 76, 00, 00, ...] .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2252] C:\Windows\system32\KERNELBASE.dll!CreateMutexW 000007fefdc58c00 12 bytes [48, B8, B9, 50, 3D, 76, 00, ...] .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2252] C:\Windows\system32\KERNELBASE.dll!CreateWellKnownSid + 1 000007fefdc59531 11 bytes [B8, B9, 1B, 3E, 76, 00, 00, ...] .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2252] C:\Windows\system32\KERNELBASE.dll!DeviceIoControl + 1 000007fefdc59e71 11 bytes [B8, F9, FD, 3D, 76, 00, 00, ...] .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2252] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExA + 1 000007fefdc5b591 11 bytes [B8, F9, CC, 3D, 76, 00, 00, ...] .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2252] C:\Windows\system32\KERNELBASE.dll!OpenMutexW + 1 000007fefdc62361 11 bytes [B8, F9, 4E, 3D, 76, 00, 00, ...] .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2252] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefdc6a590 12 bytes [48, B8, B9, CE, 3D, 76, 00, ...] .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2252] C:\Windows\system32\KERNELBASE.dll!FreeLibrary + 1 000007fefdc6ac01 11 bytes [B8, 79, D0, 3D, 76, 00, 00, ...] .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2252] C:\Windows\system32\KERNELBASE.dll!WriteProcessMemory 000007fefdc842e0 12 bytes [48, B8, B9, 42, 3D, 76, 00, ...] .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2252] C:\Windows\system32\KERNELBASE.dll!DefineDosDeviceW + 1 000007fefdc90ba1 11 bytes [B8, B9, EA, 3D, 76, 00, 00, ...] .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2252] C:\Windows\system32\KERNELBASE.dll!CreateRemoteThread + 1 000007fefdc92801 8 bytes [B8, 39, 23, 3D, 76, 00, 00, ...] .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2252] C:\Windows\system32\KERNELBASE.dll!CreateRemoteThread + 10 000007fefdc9280a 2 bytes [50, C3] .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2252] C:\Windows\system32\KERNELBASE.dll!CreateThread + 1 000007fefdc92841 11 bytes [B8, F9, 40, 3D, 76, 00, 00, ...] .text C:\Windows\SysWOW64\PnkBstrA.exe[2376] C:\Windows\SysWOW64\WSOCK32.dll!recv + 82 00000000754817fa 2 bytes CALL 778211a9 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\PnkBstrA.exe[2376] C:\Windows\SysWOW64\WSOCK32.dll!recvfrom + 88 0000000075481860 2 bytes CALL 778211a9 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\PnkBstrA.exe[2376] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 98 0000000075481942 2 bytes JMP 76c97089 C:\Windows\syswow64\WS2_32.dll .text C:\Windows\SysWOW64\PnkBstrA.exe[2376] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 109 000000007548194d 2 bytes JMP 76c9cba6 C:\Windows\syswow64\WS2_32.dll .text C:\Windows\system32\taskhost.exe[2464] C:\Windows\SYSTEM32\ntdll.dll!RtlEqualSid + 1 0000000077b68611 11 bytes [B8, F9, 04, 3E, 76, 00, 00, ...] .text C:\Windows\system32\taskhost.exe[2464] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateProcessParametersEx + 1 0000000077b76741 7 bytes [B8, 39, 69, 3D, 76, 00, 00] .text C:\Windows\system32\taskhost.exe[2464] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateProcessParametersEx + 10 0000000077b7674a 2 bytes [50, C3] .text C:\Windows\system32\taskhost.exe[2464] C:\Windows\SYSTEM32\ntdll.dll!NtWriteFile 0000000077b8dc50 6 bytes [48, B8, F9, 12, 3E, 76] .text C:\Windows\system32\taskhost.exe[2464] C:\Windows\SYSTEM32\ntdll.dll!NtWriteFile + 8 0000000077b8dc58 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\taskhost.exe[2464] C:\Windows\SYSTEM32\ntdll.dll!NtClose 0000000077b8dcc0 6 bytes [48, B8, 79, C2, 3D, 76] .text C:\Windows\system32\taskhost.exe[2464] C:\Windows\SYSTEM32\ntdll.dll!NtClose + 8 0000000077b8dcc8 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\taskhost.exe[2464] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess 0000000077b8dd90 6 bytes [48, B8, 39, AF, 3D, 76] .text C:\Windows\system32\taskhost.exe[2464] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess + 8 0000000077b8dd98 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\taskhost.exe[2464] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationToken 0000000077b8dde0 6 bytes [48, B8, 39, 03, 3E, 76] .text C:\Windows\system32\taskhost.exe[2464] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationToken + 8 0000000077b8dde8 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\taskhost.exe[2464] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077b8de30 6 bytes [48, B8, F9, 32, 3D, 76] .text C:\Windows\system32\taskhost.exe[2464] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess + 8 0000000077b8de38 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\taskhost.exe[2464] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 0000000077b8de50 6 bytes [48, B8, 39, 1C, 3D, 76] .text C:\Windows\system32\taskhost.exe[2464] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection + 8 0000000077b8de58 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\taskhost.exe[2464] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection 0000000077b8de70 6 bytes [48, B8, F9, 1D, 3D, 76] .text C:\Windows\system32\taskhost.exe[2464] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection + 8 0000000077b8de78 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\taskhost.exe[2464] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077b8de90 6 bytes [48, B8, 79, AD, 3D, 76] .text C:\Windows\system32\taskhost.exe[2464] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess + 8 0000000077b8de98 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\taskhost.exe[2464] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077b8df40 6 bytes [48, B8, 39, 11, 3E, 76] .text C:\Windows\system32\taskhost.exe[2464] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection + 8 0000000077b8df48 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\taskhost.exe[2464] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077b8df70 6 bytes [48, B8, 79, 2F, 3D, 76] .text C:\Windows\system32\taskhost.exe[2464] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory + 8 0000000077b8df78 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\taskhost.exe[2464] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077b8df90 6 bytes [48, B8, 79, 36, 3D, 76] .text C:\Windows\system32\taskhost.exe[2464] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject + 8 0000000077b8df98 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\taskhost.exe[2464] C:\Windows\SYSTEM32\ntdll.dll!NtAdjustPrivilegesToken 0000000077b8dfe0 6 bytes [48, B8, 79, DE, 3D, 76] .text C:\Windows\system32\taskhost.exe[2464] C:\Windows\SYSTEM32\ntdll.dll!NtAdjustPrivilegesToken + 8 0000000077b8dfe8 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\taskhost.exe[2464] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 0000000077b8e020 6 bytes [48, B8, B9, 34, 3D, 76] .text C:\Windows\system32\taskhost.exe[2464] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread + 8 0000000077b8e028 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\taskhost.exe[2464] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077b8e070 6 bytes [48, B8, B9, 14, 3E, 76] .text C:\Windows\system32\taskhost.exe[2464] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection + 8 0000000077b8e078 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\taskhost.exe[2464] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcessEx 0000000077b8e0a0 6 bytes [48, B8, 39, 2A, 3D, 76] .text C:\Windows\system32\taskhost.exe[2464] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcessEx + 8 0000000077b8e0a8 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\taskhost.exe[2464] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077b8e0b0 6 bytes [48, B8, B9, 26, 3D, 76] .text C:\Windows\system32\taskhost.exe[2464] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread + 8 0000000077b8e0b8 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\taskhost.exe[2464] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 0000000077b8e120 6 bytes [48, B8, 39, E0, 3D, 76] .text C:\Windows\system32\taskhost.exe[2464] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile + 8 0000000077b8e128 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\taskhost.exe[2464] C:\Windows\SYSTEM32\ntdll.dll!NtSetValueKey 0000000077b8e1d0 6 bytes [48, B8, 39, 18, 3E, 76] .text C:\Windows\system32\taskhost.exe[2464] C:\Windows\SYSTEM32\ntdll.dll!NtSetValueKey + 8 0000000077b8e1d8 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\taskhost.exe[2464] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077b8e5a0 6 bytes [48, B8, 79, 0F, 3E, 76] .text C:\Windows\system32\taskhost.exe[2464] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant + 8 0000000077b8e5a8 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\taskhost.exe[2464] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcess 0000000077b8e5f0 6 bytes [48, B8, 79, 28, 3D, 76] .text C:\Windows\system32\taskhost.exe[2464] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcess + 8 0000000077b8e5f8 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\taskhost.exe[2464] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077b8e650 6 bytes [48, B8, F9, 24, 3D, 76] .text C:\Windows\system32\taskhost.exe[2464] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx + 8 0000000077b8e658 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\taskhost.exe[2464] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077b8e9c0 6 bytes [48, B8, 39, C4, 3D, 76] .text C:\Windows\system32\taskhost.exe[2464] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver + 8 0000000077b8e9c8 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\taskhost.exe[2464] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcessToken 0000000077b8eb90 6 bytes [48, B8, 79, 01, 3E, 76] .text C:\Windows\system32\taskhost.exe[2464] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcessToken + 8 0000000077b8eb98 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\taskhost.exe[2464] C:\Windows\SYSTEM32\ntdll.dll!NtRaiseHardError 0000000077b8ef00 6 bytes [48, B8, 79, 83, 3D, 76] .text C:\Windows\system32\taskhost.exe[2464] C:\Windows\SYSTEM32\ntdll.dll!NtRaiseHardError + 8 0000000077b8ef08 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\taskhost.exe[2464] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077b8f100 6 bytes [48, B8, 39, 31, 3D, 76] .text C:\Windows\system32\taskhost.exe[2464] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread + 8 0000000077b8f108 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\taskhost.exe[2464] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077b8f2c0 6 bytes [48, B8, F9, C5, 3D, 76] .text C:\Windows\system32\taskhost.exe[2464] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation + 8 0000000077b8f2c8 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\taskhost.exe[2464] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077b8f3a0 6 bytes [48, B8, 79, 3D, 3D, 76] .text C:\Windows\system32\taskhost.exe[2464] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess + 8 0000000077b8f3a8 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\taskhost.exe[2464] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077b8f3b0 6 bytes [48, B8, B9, 3B, 3D, 76] .text C:\Windows\system32\taskhost.exe[2464] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread + 8 0000000077b8f3b8 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\taskhost.exe[2464] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077b8f3c0 6 bytes [48, B8, 79, 16, 3E, 76] .text C:\Windows\system32\taskhost.exe[2464] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl + 8 0000000077b8f3c8 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\taskhost.exe[2464] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077b8f4a0 6 bytes [48, B8, 39, 0A, 3E, 76] .text C:\Windows\system32\taskhost.exe[2464] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl + 8 0000000077b8f4a8 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\taskhost.exe[2464] C:\Windows\SYSTEM32\ntdll.dll!RtlReportException + 1 0000000077bfea21 11 bytes [B8, 39, 85, 3D, 76, 00, 00, ...] .text C:\Windows\system32\taskhost.exe[2464] C:\Windows\system32\KERNELBASE.dll!CloseHandle + 1 000007fefdc51861 11 bytes [B8, 79, 52, 3D, 76, 00, 00, ...] .text C:\Windows\system32\taskhost.exe[2464] C:\Windows\system32\KERNELBASE.dll!GetProcAddress + 1 000007fefdc530f1 11 bytes [B8, 39, B6, 3D, 76, 00, 00, ...] .text C:\Windows\system32\taskhost.exe[2464] C:\Windows\system32\KERNELBASE.dll!FindFirstFileExW 000007fefdc55200 12 bytes [48, B8, B9, E3, 3D, 76, 00, ...] .text C:\Windows\system32\taskhost.exe[2464] C:\Windows\system32\KERNELBASE.dll!FindNextFileW + 1 000007fefdc55b91 11 bytes [B8, 79, E5, 3D, 76, 00, 00, ...] .text C:\Windows\system32\taskhost.exe[2464] C:\Windows\system32\KERNELBASE.dll!CreateMutexW 000007fefdc58c00 12 bytes [48, B8, B9, 50, 3D, 76, 00, ...] .text C:\Windows\system32\taskhost.exe[2464] C:\Windows\system32\KERNELBASE.dll!CreateWellKnownSid + 1 000007fefdc59531 11 bytes [B8, B9, FF, 3D, 76, 00, 00, ...] .text C:\Windows\system32\taskhost.exe[2464] C:\Windows\system32\KERNELBASE.dll!DeviceIoControl + 1 000007fefdc59e71 11 bytes [B8, F9, E1, 3D, 76, 00, 00, ...] .text C:\Windows\system32\taskhost.exe[2464] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExA + 1 000007fefdc5b591 11 bytes [B8, F9, B0, 3D, 76, 00, 00, ...] .text C:\Windows\system32\taskhost.exe[2464] C:\Windows\system32\KERNELBASE.dll!OpenMutexW + 1 000007fefdc62361 11 bytes [B8, F9, 4E, 3D, 76, 00, 00, ...] .text C:\Windows\system32\taskhost.exe[2464] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefdc6a590 12 bytes [48, B8, B9, B2, 3D, 76, 00, ...] .text C:\Windows\system32\taskhost.exe[2464] C:\Windows\system32\KERNELBASE.dll!FreeLibrary + 1 000007fefdc6ac01 11 bytes [B8, 79, B4, 3D, 76, 00, 00, ...] .text C:\Windows\system32\taskhost.exe[2464] C:\Windows\system32\KERNELBASE.dll!WriteProcessMemory 000007fefdc842e0 12 bytes [48, B8, B9, 42, 3D, 76, 00, ...] .text C:\Windows\system32\taskhost.exe[2464] C:\Windows\system32\KERNELBASE.dll!DefineDosDeviceW + 1 000007fefdc90ba1 11 bytes [B8, B9, CE, 3D, 76, 00, 00, ...] .text C:\Windows\system32\taskhost.exe[2464] C:\Windows\system32\KERNELBASE.dll!CreateRemoteThread + 1 000007fefdc92801 8 bytes [B8, 39, 23, 3D, 76, 00, 00, ...] .text C:\Windows\system32\taskhost.exe[2464] C:\Windows\system32\KERNELBASE.dll!CreateRemoteThread + 10 000007fefdc9280a 2 bytes [50, C3] .text C:\Windows\system32\taskhost.exe[2464] C:\Windows\system32\KERNELBASE.dll!CreateThread + 1 000007fefdc92841 11 bytes [B8, F9, 40, 3D, 76, 00, 00, ...] .text C:\Windows\system32\taskhost.exe[2464] C:\Windows\SYSTEM32\sechost.dll!ControlService + 1 000007feff6f642d 11 bytes [B8, 39, 5B, 3D, 76, 00, 00, ...] .text C:\Windows\system32\taskhost.exe[2464] C:\Windows\SYSTEM32\sechost.dll!OpenServiceW 000007feff6f6484 12 bytes [48, B8, F9, 55, 3D, 76, 00, ...] .text C:\Windows\system32\taskhost.exe[2464] C:\Windows\SYSTEM32\sechost.dll!CloseServiceHandle + 1 000007feff6f6519 11 bytes [B8, 39, 62, 3D, 76, 00, 00, ...] .text C:\Windows\system32\taskhost.exe[2464] C:\Windows\SYSTEM32\sechost.dll!OpenServiceA 000007feff6f6c34 12 bytes [48, B8, 39, 54, 3D, 76, 00, ...] .text C:\Windows\system32\taskhost.exe[2464] C:\Windows\SYSTEM32\sechost.dll!DeleteService + 1 000007feff6f7ab5 11 bytes [B8, F9, 5C, 3D, 76, 00, 00, ...] .text C:\Windows\system32\taskhost.exe[2464] C:\Windows\SYSTEM32\sechost.dll!ControlServiceExA + 1 000007feff6f8b01 11 bytes [B8, B9, 57, 3D, 76, 00, 00, ...] .text C:\Windows\system32\taskhost.exe[2464] C:\Windows\SYSTEM32\sechost.dll!ControlServiceExW + 1 000007feff6f8c39 11 bytes [B8, 79, 59, 3D, 76, 00, 00, ...] .text C:\Windows\Explorer.EXE[2612] C:\Windows\SYSTEM32\ntdll.dll!RtlEqualSid + 1 0000000077b68611 11 bytes [B8, B9, 8F, 3D, 76, 00, 00, ...] .text C:\Windows\Explorer.EXE[2612] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateProcessParametersEx + 1 0000000077b76741 7 bytes [B8, F9, 55, 3D, 76, 00, 00] .text C:\Windows\Explorer.EXE[2612] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateProcessParametersEx + 10 0000000077b7674a 2 bytes [50, C3] .text C:\Windows\Explorer.EXE[2612] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess 0000000077b8dd90 6 bytes [48, B8, F9, 5C, 3D, 76] .text C:\Windows\Explorer.EXE[2612] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess + 8 0000000077b8dd98 4 bytes [00, 00, 50, C3] .text C:\Windows\Explorer.EXE[2612] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationToken 0000000077b8dde0 6 bytes [48, B8, F9, 8D, 3D, 76] .text C:\Windows\Explorer.EXE[2612] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationToken + 8 0000000077b8dde8 4 bytes [00, 00, 50, C3] .text C:\Windows\Explorer.EXE[2612] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077b8de30 6 bytes [48, B8, F9, 32, 3D, 76] .text C:\Windows\Explorer.EXE[2612] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess + 8 0000000077b8de38 4 bytes [00, 00, 50, C3] .text C:\Windows\Explorer.EXE[2612] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 0000000077b8de50 6 bytes [48, B8, 39, 1C, 3D, 76] .text C:\Windows\Explorer.EXE[2612] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection + 8 0000000077b8de58 4 bytes [00, 00, 50, C3] .text C:\Windows\Explorer.EXE[2612] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection 0000000077b8de70 6 bytes [48, B8, F9, 1D, 3D, 76] .text C:\Windows\Explorer.EXE[2612] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection + 8 0000000077b8de78 4 bytes [00, 00, 50, C3] .text C:\Windows\Explorer.EXE[2612] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077b8de90 6 bytes [48, B8, 39, 5B, 3D, 76] .text C:\Windows\Explorer.EXE[2612] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess + 8 0000000077b8de98 4 bytes [00, 00, 50, C3] .text C:\Windows\Explorer.EXE[2612] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077b8df40 6 bytes [48, B8, 79, 9F, 3D, 76] .text C:\Windows\Explorer.EXE[2612] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection + 8 0000000077b8df48 4 bytes [00, 00, 50, C3] .text C:\Windows\Explorer.EXE[2612] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077b8df70 6 bytes [48, B8, 79, 2F, 3D, 76] .text C:\Windows\Explorer.EXE[2612] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory + 8 0000000077b8df78 4 bytes [00, 00, 50, C3] .text C:\Windows\Explorer.EXE[2612] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077b8df90 6 bytes [48, B8, 79, 36, 3D, 76] .text C:\Windows\Explorer.EXE[2612] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject + 8 0000000077b8df98 4 bytes [00, 00, 50, C3] .text C:\Windows\Explorer.EXE[2612] C:\Windows\SYSTEM32\ntdll.dll!NtAdjustPrivilegesToken 0000000077b8dfe0 6 bytes [48, B8, F9, 71, 3D, 76] .text C:\Windows\Explorer.EXE[2612] C:\Windows\SYSTEM32\ntdll.dll!NtAdjustPrivilegesToken + 8 0000000077b8dfe8 4 bytes [00, 00, 50, C3] .text C:\Windows\Explorer.EXE[2612] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 0000000077b8e020 6 bytes [48, B8, B9, 34, 3D, 76] .text C:\Windows\Explorer.EXE[2612] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread + 8 0000000077b8e028 4 bytes [00, 00, 50, C3] .text C:\Windows\Explorer.EXE[2612] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077b8e070 6 bytes [48, B8, 39, A1, 3D, 76] .text C:\Windows\Explorer.EXE[2612] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection + 8 0000000077b8e078 4 bytes [00, 00, 50, C3] .text C:\Windows\Explorer.EXE[2612] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcessEx 0000000077b8e0a0 6 bytes [48, B8, 39, 2A, 3D, 76] .text C:\Windows\Explorer.EXE[2612] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcessEx + 8 0000000077b8e0a8 4 bytes [00, 00, 50, C3] .text C:\Windows\Explorer.EXE[2612] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077b8e0b0 6 bytes [48, B8, B9, 26, 3D, 76] .text C:\Windows\Explorer.EXE[2612] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread + 8 0000000077b8e0b8 4 bytes [00, 00, 50, C3] .text C:\Windows\Explorer.EXE[2612] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 0000000077b8e120 6 bytes [48, B8, B9, 73, 3D, 76] .text C:\Windows\Explorer.EXE[2612] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile + 8 0000000077b8e128 4 bytes [00, 00, 50, C3] .text C:\Windows\Explorer.EXE[2612] C:\Windows\SYSTEM32\ntdll.dll!NtSetValueKey 0000000077b8e1d0 6 bytes [48, B8, B9, A4, 3D, 76] .text C:\Windows\Explorer.EXE[2612] C:\Windows\SYSTEM32\ntdll.dll!NtSetValueKey + 8 0000000077b8e1d8 4 bytes [00, 00, 50, C3] .text C:\Windows\Explorer.EXE[2612] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077b8e5a0 6 bytes [48, B8, B9, 9D, 3D, 76] .text C:\Windows\Explorer.EXE[2612] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant + 8 0000000077b8e5a8 4 bytes [00, 00, 50, C3] .text C:\Windows\Explorer.EXE[2612] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcess 0000000077b8e5f0 6 bytes [48, B8, 79, 28, 3D, 76] .text C:\Windows\Explorer.EXE[2612] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcess + 8 0000000077b8e5f8 4 bytes [00, 00, 50, C3] .text C:\Windows\Explorer.EXE[2612] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077b8e650 6 bytes [48, B8, F9, 24, 3D, 76] .text C:\Windows\Explorer.EXE[2612] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx + 8 0000000077b8e658 4 bytes [00, 00, 50, C3] .text C:\Windows\Explorer.EXE[2612] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077b8e9c0 6 bytes [48, B8, B9, 5E, 3D, 76] .text C:\Windows\Explorer.EXE[2612] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver + 8 0000000077b8e9c8 4 bytes [00, 00, 50, C3] .text C:\Windows\Explorer.EXE[2612] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcessToken 0000000077b8eb90 6 bytes [48, B8, 39, 8C, 3D, 76] .text C:\Windows\Explorer.EXE[2612] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcessToken + 8 0000000077b8eb98 4 bytes [00, 00, 50, C3] .text C:\Windows\Explorer.EXE[2612] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077b8f100 6 bytes [48, B8, 39, 31, 3D, 76] .text C:\Windows\Explorer.EXE[2612] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread + 8 0000000077b8f108 4 bytes [00, 00, 50, C3] .text C:\Windows\Explorer.EXE[2612] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077b8f2c0 6 bytes [48, B8, 79, 60, 3D, 76] .text C:\Windows\Explorer.EXE[2612] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation + 8 0000000077b8f2c8 4 bytes [00, 00, 50, C3] .text C:\Windows\Explorer.EXE[2612] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077b8f3a0 6 bytes [48, B8, 79, 3D, 3D, 76] .text C:\Windows\Explorer.EXE[2612] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess + 8 0000000077b8f3a8 4 bytes [00, 00, 50, C3] .text C:\Windows\Explorer.EXE[2612] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077b8f3b0 6 bytes [48, B8, B9, 3B, 3D, 76] .text C:\Windows\Explorer.EXE[2612] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread + 8 0000000077b8f3b8 4 bytes [00, 00, 50, C3] .text C:\Windows\Explorer.EXE[2612] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077b8f3c0 6 bytes [48, B8, F9, A2, 3D, 76] .text C:\Windows\Explorer.EXE[2612] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl + 8 0000000077b8f3c8 4 bytes [00, 00, 50, C3] .text C:\Windows\Explorer.EXE[2612] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077b8f4a0 6 bytes [48, B8, F9, 94, 3D, 76] .text C:\Windows\Explorer.EXE[2612] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl + 8 0000000077b8f4a8 4 bytes [00, 00, 50, C3] .text C:\Windows\Explorer.EXE[2612] C:\Windows\system32\kernel32.dll!CreateToolhelp32Snapshot 0000000077a21c10 12 bytes [48, B8, F9, 39, 3D, 76, 00, ...] .text C:\Windows\Explorer.EXE[2612] C:\Windows\system32\kernel32.dll!MoveFileExW + 1 0000000077a22b61 8 bytes [B8, 39, 69, 3D, 76, 00, 00, ...] .text C:\Windows\Explorer.EXE[2612] C:\Windows\system32\kernel32.dll!MoveFileExW + 10 0000000077a22b6a 2 bytes [50, C3] .text C:\Windows\Explorer.EXE[2612] C:\Windows\system32\kernel32.dll!CreateProcessInternalW 0000000077a3dbc0 12 bytes [48, B8, B9, 2D, 3D, 76, 00, ...] .text C:\Windows\Explorer.EXE[2612] C:\Windows\system32\kernel32.dll!GetStartupInfoA + 1 0000000077a40941 11 bytes [B8, 39, 93, 3D, 76, 00, 00, ...] .text C:\Windows\Explorer.EXE[2612] C:\Windows\system32\kernel32.dll!MoveFileWithProgressW + 1 0000000077aaf511 11 bytes [B8, 39, 70, 3D, 76, 00, 00, ...] .text C:\Windows\Explorer.EXE[2612] C:\Windows\system32\kernel32.dll!MoveFileWithProgressA + 1 0000000077aaf711 11 bytes [B8, B9, 6C, 3D, 76, 00, 00, ...] .text C:\Windows\Explorer.EXE[2612] C:\Windows\system32\kernel32.dll!MoveFileExA + 1 0000000077aaf741 8 bytes [B8, B9, 65, 3D, 76, 00, 00, ...] .text C:\Windows\Explorer.EXE[2612] C:\Windows\system32\kernel32.dll!MoveFileExA + 10 0000000077aaf74a 2 bytes [50, C3] .text C:\Windows\Explorer.EXE[2612] C:\Windows\system32\KERNELBASE.dll!FindFirstFileExW 000007fefdc55200 12 bytes [48, B8, 39, 77, 3D, 76, 00, ...] .text C:\Windows\Explorer.EXE[2612] C:\Windows\system32\KERNELBASE.dll!FindNextFileW + 1 000007fefdc55b91 11 bytes [B8, F9, 78, 3D, 76, 00, 00, ...] .text C:\Windows\Explorer.EXE[2612] C:\Windows\system32\KERNELBASE.dll!CreateWellKnownSid + 1 000007fefdc59531 11 bytes [B8, 79, 8A, 3D, 76, 00, 00, ...] .text C:\Windows\Explorer.EXE[2612] C:\Windows\system32\KERNELBASE.dll!DeviceIoControl + 1 000007fefdc59e71 11 bytes [B8, 79, 75, 3D, 76, 00, 00, ...] .text C:\Windows\Explorer.EXE[2612] C:\Windows\system32\KERNELBASE.dll!WriteProcessMemory 000007fefdc842e0 12 bytes [48, B8, B9, 42, 3D, 76, 00, ...] .text C:\Windows\Explorer.EXE[2612] C:\Windows\system32\KERNELBASE.dll!DefineDosDeviceW + 1 000007fefdc90ba1 11 bytes [B8, 39, 62, 3D, 76, 00, 00, ...] .text C:\Windows\Explorer.EXE[2612] C:\Windows\system32\KERNELBASE.dll!CreateRemoteThread + 1 000007fefdc92801 8 bytes [B8, 39, 23, 3D, 76, 00, 00, ...] .text C:\Windows\Explorer.EXE[2612] C:\Windows\system32\KERNELBASE.dll!CreateRemoteThread + 10 000007fefdc9280a 2 bytes [50, C3] .text C:\Windows\Explorer.EXE[2612] C:\Windows\system32\KERNELBASE.dll!CreateThread + 1 000007fefdc92841 11 bytes [B8, F9, 40, 3D, 76, 00, 00, ...] .text C:\Windows\Explorer.EXE[2612] C:\Windows\system32\ADVAPI32.dll!CryptExportKey + 1 000007fefdcfaeb1 11 bytes [B8, 79, 83, 3D, 76, 00, 00, ...] .text C:\Windows\Explorer.EXE[2612] C:\Windows\system32\ADVAPI32.dll!CryptAcquireContextA + 1 000007fefdcfaf11 11 bytes [B8, B9, 7A, 3D, 76, 00, 00, ...] .text C:\Windows\Explorer.EXE[2612] C:\Windows\system32\ADVAPI32.dll!CryptImportKey + 1 000007fefdcfe719 11 bytes [B8, B9, 88, 3D, 76, 00, 00, ...] .text C:\Windows\Explorer.EXE[2612] C:\Windows\system32\ADVAPI32.dll!CryptAcquireContextW + 1 000007fefdd0051d 11 bytes [B8, 79, 7C, 3D, 76, 00, 00, ...] .text C:\Windows\Explorer.EXE[2612] C:\Windows\system32\ADVAPI32.dll!CryptCreateHash + 1 000007fefdd00609 11 bytes [B8, B9, 81, 3D, 76, 00, 00, ...] .text C:\Windows\Explorer.EXE[2612] C:\Windows\system32\ADVAPI32.dll!CryptGetHashParam + 1 000007fefdd00641 11 bytes [B8, 39, 85, 3D, 76, 00, 00, ...] .text C:\Windows\Explorer.EXE[2612] C:\Windows\system32\ADVAPI32.dll!CryptGetHashParam + 73 000007fefdd00689 5 bytes [B8, F9, 86, 3D, 76] .text ... * 2 .text C:\Windows\Explorer.EXE[2612] C:\Windows\system32\ADVAPI32.dll!IsTextUnicode + 49 000007fefdd14ea1 11 bytes [B8, 79, A6, 3D, 76, 00, 00, ...] .text C:\Windows\Explorer.EXE[2612] C:\Windows\system32\ADVAPI32.dll!CreateServiceW 000007fefdd155c8 12 bytes [48, B8, 79, 59, 3D, 76, 00, ...] .text C:\Windows\Explorer.EXE[2612] C:\Windows\system32\ADVAPI32.dll!CryptEncrypt + 1 000007fefdd2b7d1 7 bytes [B8, F9, 7F, 3D, 76, 00, 00] .text C:\Windows\Explorer.EXE[2612] C:\Windows\system32\ADVAPI32.dll!CryptEncrypt + 10 000007fefdd2b7da 2 bytes [50, C3] .text C:\Windows\Explorer.EXE[2612] C:\Windows\system32\ADVAPI32.dll!CreateServiceA 000007fefdd2b85c 12 bytes [48, B8, B9, 57, 3D, 76, 00, ...] .text C:\Windows\Explorer.EXE[2612] C:\Windows\system32\ADVAPI32.dll!ChangeServiceConfigW 000007fefdd2b9d0 12 bytes [48, B8, B9, 50, 3D, 76, 00, ...] .text C:\Windows\Explorer.EXE[2612] C:\Windows\system32\ADVAPI32.dll!ChangeServiceConfigA 000007fefdd2ba3c 12 bytes [48, B8, F9, 4E, 3D, 76, 00, ...] .text C:\Windows\Explorer.EXE[2612] C:\Windows\SYSTEM32\sechost.dll!ControlService + 1 000007feff6f642d 11 bytes [B8, 79, 4B, 3D, 76, 00, 00, ...] .text C:\Windows\Explorer.EXE[2612] C:\Windows\SYSTEM32\sechost.dll!OpenServiceW 000007feff6f6484 12 bytes [48, B8, 39, 46, 3D, 76, 00, ...] .text C:\Windows\Explorer.EXE[2612] C:\Windows\SYSTEM32\sechost.dll!CloseServiceHandle + 1 000007feff6f6519 11 bytes [B8, 79, 52, 3D, 76, 00, 00, ...] .text C:\Windows\Explorer.EXE[2612] C:\Windows\SYSTEM32\sechost.dll!OpenServiceA 000007feff6f6c34 12 bytes [48, B8, 79, 44, 3D, 76, 00, ...] .text C:\Windows\Explorer.EXE[2612] C:\Windows\SYSTEM32\sechost.dll!DeleteService + 1 000007feff6f7ab5 11 bytes [B8, 39, 4D, 3D, 76, 00, 00, ...] .text C:\Windows\Explorer.EXE[2612] C:\Windows\SYSTEM32\sechost.dll!ControlServiceExA + 1 000007feff6f8b01 11 bytes [B8, F9, 47, 3D, 76, 00, 00, ...] .text C:\Windows\Explorer.EXE[2612] C:\Windows\SYSTEM32\sechost.dll!ControlServiceExW + 1 000007feff6f8c39 11 bytes [B8, B9, 49, 3D, 76, 00, 00, ...] .text C:\Windows\Explorer.EXE[2612] C:\Windows\system32\WS2_32.dll!connect 000007feff1b45c0 12 bytes [48, B8, 39, 54, 3D, 76, 00, ...] .text C:\Windows\system32\svchost.exe[2924] C:\Windows\system32\KERNELBASE.dll!CloseHandle + 1 000007fefdc51861 11 bytes [B8, 79, 52, 3D, 76, 00, 00, ...] .text C:\Windows\system32\svchost.exe[2924] C:\Windows\system32\KERNELBASE.dll!GetProcAddress + 1 000007fefdc530f1 11 bytes [B8, 39, B6, 3D, 76, 00, 00, ...] .text C:\Windows\system32\svchost.exe[2924] C:\Windows\system32\KERNELBASE.dll!FindFirstFileExW 000007fefdc55200 12 bytes [48, B8, F9, E1, 3D, 76, 00, ...] .text C:\Windows\system32\svchost.exe[2924] C:\Windows\system32\KERNELBASE.dll!FindNextFileW + 1 000007fefdc55b91 11 bytes [B8, B9, E3, 3D, 76, 00, 00, ...] .text C:\Windows\system32\svchost.exe[2924] C:\Windows\system32\KERNELBASE.dll!CreateMutexW 000007fefdc58c00 12 bytes [48, B8, B9, 50, 3D, 76, 00, ...] .text C:\Windows\system32\svchost.exe[2924] C:\Windows\system32\KERNELBASE.dll!CreateWellKnownSid + 1 000007fefdc59531 11 bytes [B8, F9, FD, 3D, 76, 00, 00, ...] .text C:\Windows\system32\svchost.exe[2924] C:\Windows\system32\KERNELBASE.dll!DeviceIoControl + 1 000007fefdc59e71 11 bytes [B8, 39, E0, 3D, 76, 00, 00, ...] .text C:\Windows\system32\svchost.exe[2924] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExA + 1 000007fefdc5b591 11 bytes [B8, F9, B0, 3D, 76, 00, 00, ...] .text C:\Windows\system32\svchost.exe[2924] C:\Windows\system32\KERNELBASE.dll!OpenMutexW + 1 000007fefdc62361 11 bytes [B8, F9, 4E, 3D, 76, 00, 00, ...] .text C:\Windows\system32\svchost.exe[2924] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefdc6a590 12 bytes [48, B8, B9, B2, 3D, 76, 00, ...] .text C:\Windows\system32\svchost.exe[2924] C:\Windows\system32\KERNELBASE.dll!FreeLibrary + 1 000007fefdc6ac01 11 bytes [B8, 79, B4, 3D, 76, 00, 00, ...] .text C:\Windows\system32\svchost.exe[2924] C:\Windows\system32\KERNELBASE.dll!WriteProcessMemory 000007fefdc842e0 12 bytes [48, B8, B9, 42, 3D, 76, 00, ...] .text C:\Windows\system32\svchost.exe[2924] C:\Windows\system32\KERNELBASE.dll!DefineDosDeviceW + 1 000007fefdc90ba1 11 bytes [B8, B9, CE, 3D, 76, 00, 00, ...] .text C:\Windows\system32\svchost.exe[2924] C:\Windows\system32\KERNELBASE.dll!CreateRemoteThread + 1 000007fefdc92801 8 bytes [B8, 39, 23, 3D, 76, 00, 00, ...] .text C:\Windows\system32\svchost.exe[2924] C:\Windows\system32\KERNELBASE.dll!CreateRemoteThread + 10 000007fefdc9280a 2 bytes [50, C3] .text C:\Windows\system32\svchost.exe[2924] C:\Windows\system32\KERNELBASE.dll!CreateThread + 1 000007fefdc92841 11 bytes [B8, F9, 40, 3D, 76, 00, 00, ...] .text C:\Program Files\Bitdefender\Bitdefender 2015\updatesrv.exe[2964] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077b8de90 6 bytes [48, B8, F0, 12, 90, 01] .text C:\Program Files\Bitdefender\Bitdefender 2015\updatesrv.exe[2964] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess + 8 0000000077b8de98 4 bytes [00, 00, 50, C3] .text C:\Program Files\Bitdefender\Bitdefender 2015\updatesrv.exe[2964] C:\Windows\system32\kernel32.dll!UnhandledExceptionFilter + 1 0000000077abb861 11 bytes [B8, F0, 12, B6, 01, 00, 00, ...] .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2188] C:\Windows\SYSTEM32\ntdll.dll!RtlEqualSid + 1 0000000077b68611 11 bytes [B8, F9, 20, 3E, 76, 00, 00, ...] .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2188] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateProcessParametersEx + 1 0000000077b76741 7 bytes [B8, 39, 69, 3D, 76, 00, 00] .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2188] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateProcessParametersEx + 10 0000000077b7674a 2 bytes [50, C3] .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2188] C:\Windows\SYSTEM32\ntdll.dll!NtWriteFile 0000000077b8dc50 6 bytes [48, B8, F9, 2E, 3E, 76] .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2188] C:\Windows\SYSTEM32\ntdll.dll!NtWriteFile + 8 0000000077b8dc58 4 bytes [00, 00, 50, C3] .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2188] C:\Windows\SYSTEM32\ntdll.dll!NtClose 0000000077b8dcc0 6 bytes [48, B8, 79, DE, 3D, 76] .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2188] C:\Windows\SYSTEM32\ntdll.dll!NtClose + 8 0000000077b8dcc8 4 bytes [00, 00, 50, C3] .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2188] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess 0000000077b8dd90 6 bytes [48, B8, 39, CB, 3D, 76] .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2188] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess + 8 0000000077b8dd98 4 bytes [00, 00, 50, C3] .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2188] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationToken 0000000077b8dde0 6 bytes [48, B8, 39, 1F, 3E, 76] .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2188] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationToken + 8 0000000077b8dde8 4 bytes [00, 00, 50, C3] .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2188] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077b8de30 6 bytes [48, B8, F9, 32, 3D, 76] .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2188] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess + 8 0000000077b8de38 4 bytes [00, 00, 50, C3] .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2188] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 0000000077b8de50 6 bytes [48, B8, 39, 1C, 3D, 76] .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2188] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection + 8 0000000077b8de58 4 bytes [00, 00, 50, C3] .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2188] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection 0000000077b8de70 6 bytes [48, B8, F9, 1D, 3D, 76] .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2188] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection + 8 0000000077b8de78 4 bytes [00, 00, 50, C3] .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2188] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077b8de90 6 bytes [48, B8, 79, C9, 3D, 76] .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2188] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess + 8 0000000077b8de98 4 bytes [00, 00, 50, C3] .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2188] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077b8df40 6 bytes [48, B8, 39, 2D, 3E, 76] .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2188] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection + 8 0000000077b8df48 4 bytes [00, 00, 50, C3] .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2188] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077b8df70 6 bytes [48, B8, 79, 2F, 3D, 76] .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2188] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory + 8 0000000077b8df78 4 bytes [00, 00, 50, C3] .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2188] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077b8df90 6 bytes [48, B8, 79, 36, 3D, 76] .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2188] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject + 8 0000000077b8df98 4 bytes [00, 00, 50, C3] .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2188] C:\Windows\SYSTEM32\ntdll.dll!NtAdjustPrivilegesToken 0000000077b8dfe0 6 bytes [48, B8, 79, FA, 3D, 76] .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2188] C:\Windows\SYSTEM32\ntdll.dll!NtAdjustPrivilegesToken + 8 0000000077b8dfe8 4 bytes [00, 00, 50, C3] .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2188] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 0000000077b8e020 6 bytes [48, B8, B9, 34, 3D, 76] .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2188] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread + 8 0000000077b8e028 4 bytes [00, 00, 50, C3] .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2188] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077b8e070 6 bytes [48, B8, B9, 30, 3E, 76] .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2188] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection + 8 0000000077b8e078 4 bytes [00, 00, 50, C3] .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2188] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcessEx 0000000077b8e0a0 6 bytes [48, B8, 39, 2A, 3D, 76] .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2188] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcessEx + 8 0000000077b8e0a8 4 bytes [00, 00, 50, C3] .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2188] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077b8e0b0 6 bytes [48, B8, B9, 26, 3D, 76] .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2188] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread + 8 0000000077b8e0b8 4 bytes [00, 00, 50, C3] .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2188] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 0000000077b8e120 6 bytes [48, B8, 39, FC, 3D, 76] .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2188] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile + 8 0000000077b8e128 4 bytes [00, 00, 50, C3] .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2188] C:\Windows\SYSTEM32\ntdll.dll!NtSetValueKey 0000000077b8e1d0 6 bytes [48, B8, 39, 34, 3E, 76] .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2188] C:\Windows\SYSTEM32\ntdll.dll!NtSetValueKey + 8 0000000077b8e1d8 4 bytes [00, 00, 50, C3] .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2188] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077b8e5a0 6 bytes [48, B8, 79, 2B, 3E, 76] .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2188] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant + 8 0000000077b8e5a8 4 bytes [00, 00, 50, C3] .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2188] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcess 0000000077b8e5f0 6 bytes [48, B8, 79, 28, 3D, 76] .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2188] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcess + 8 0000000077b8e5f8 4 bytes [00, 00, 50, C3] .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2188] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077b8e650 6 bytes [48, B8, F9, 24, 3D, 76] .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2188] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx + 8 0000000077b8e658 4 bytes [00, 00, 50, C3] .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2188] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077b8e9c0 6 bytes [48, B8, 39, E0, 3D, 76] .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2188] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver + 8 0000000077b8e9c8 4 bytes [00, 00, 50, C3] .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2188] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcessToken 0000000077b8eb90 6 bytes [48, B8, 79, 1D, 3E, 76] .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2188] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcessToken + 8 0000000077b8eb98 4 bytes [00, 00, 50, C3] .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2188] C:\Windows\SYSTEM32\ntdll.dll!NtRaiseHardError 0000000077b8ef00 6 bytes [48, B8, 79, 83, 3D, 76] .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2188] C:\Windows\SYSTEM32\ntdll.dll!NtRaiseHardError + 8 0000000077b8ef08 4 bytes [00, 00, 50, C3] .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2188] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077b8f100 6 bytes [48, B8, 39, 31, 3D, 76] .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2188] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread + 8 0000000077b8f108 4 bytes [00, 00, 50, C3] .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2188] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077b8f2c0 6 bytes [48, B8, F9, E1, 3D, 76] .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2188] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation + 8 0000000077b8f2c8 4 bytes [00, 00, 50, C3] .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2188] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077b8f3a0 6 bytes [48, B8, 79, 3D, 3D, 76] .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2188] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess + 8 0000000077b8f3a8 4 bytes [00, 00, 50, C3] .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2188] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077b8f3b0 6 bytes [48, B8, B9, 3B, 3D, 76] .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2188] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread + 8 0000000077b8f3b8 4 bytes [00, 00, 50, C3] .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2188] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077b8f3c0 6 bytes [48, B8, 79, 32, 3E, 76] .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2188] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl + 8 0000000077b8f3c8 4 bytes [00, 00, 50, C3] .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2188] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077b8f4a0 6 bytes [48, B8, 39, 26, 3E, 76] .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2188] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl + 8 0000000077b8f4a8 4 bytes [00, 00, 50, C3] .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2188] C:\Windows\SYSTEM32\ntdll.dll!RtlReportException + 1 0000000077bfea21 11 bytes [B8, 39, 85, 3D, 76, 00, 00, ...] .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2188] C:\Windows\system32\KERNELBASE.dll!CloseHandle + 1 000007fefdc51861 11 bytes [B8, 79, 52, 3D, 76, 00, 00, ...] .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2188] C:\Windows\system32\KERNELBASE.dll!GetProcAddress + 1 000007fefdc530f1 11 bytes [B8, 39, D2, 3D, 76, 00, 00, ...] .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2188] C:\Windows\system32\KERNELBASE.dll!FindFirstFileExW 000007fefdc55200 12 bytes [48, B8, B9, FF, 3D, 76, 00, ...] .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2188] C:\Windows\system32\KERNELBASE.dll!FindNextFileW + 1 000007fefdc55b91 11 bytes [B8, 79, 01, 3E, 76, 00, 00, ...] .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2188] C:\Windows\system32\KERNELBASE.dll!CreateMutexW 000007fefdc58c00 12 bytes [48, B8, B9, 50, 3D, 76, 00, ...] .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2188] C:\Windows\system32\KERNELBASE.dll!CreateWellKnownSid + 1 000007fefdc59531 11 bytes [B8, B9, 1B, 3E, 76, 00, 00, ...] .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2188] C:\Windows\system32\KERNELBASE.dll!DeviceIoControl + 1 000007fefdc59e71 11 bytes [B8, F9, FD, 3D, 76, 00, 00, ...] .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2188] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExA + 1 000007fefdc5b591 11 bytes [B8, F9, CC, 3D, 76, 00, 00, ...] .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2188] C:\Windows\system32\KERNELBASE.dll!OpenMutexW + 1 000007fefdc62361 11 bytes [B8, F9, 4E, 3D, 76, 00, 00, ...] .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2188] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefdc6a590 12 bytes [48, B8, B9, CE, 3D, 76, 00, ...] .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2188] C:\Windows\system32\KERNELBASE.dll!FreeLibrary + 1 000007fefdc6ac01 11 bytes [B8, 79, D0, 3D, 76, 00, 00, ...] .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2188] C:\Windows\system32\KERNELBASE.dll!WriteProcessMemory 000007fefdc842e0 12 bytes [48, B8, B9, 42, 3D, 76, 00, ...] .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2188] C:\Windows\system32\KERNELBASE.dll!DefineDosDeviceW + 1 000007fefdc90ba1 11 bytes [B8, B9, EA, 3D, 76, 00, 00, ...] .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2188] C:\Windows\system32\KERNELBASE.dll!CreateRemoteThread + 1 000007fefdc92801 8 bytes [B8, 39, 23, 3D, 76, 00, 00, ...] .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2188] C:\Windows\system32\KERNELBASE.dll!CreateRemoteThread + 10 000007fefdc9280a 2 bytes [50, C3] .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2188] C:\Windows\system32\KERNELBASE.dll!CreateThread + 1 000007fefdc92841 11 bytes [B8, F9, 40, 3D, 76, 00, 00, ...] .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2188] C:\Windows\SYSTEM32\sechost.dll!ControlService + 1 000007feff6f642d 11 bytes [B8, 39, 5B, 3D, 76, 00, 00, ...] .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2188] C:\Windows\SYSTEM32\sechost.dll!OpenServiceW 000007feff6f6484 12 bytes [48, B8, F9, 55, 3D, 76, 00, ...] .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2188] C:\Windows\SYSTEM32\sechost.dll!CloseServiceHandle + 1 000007feff6f6519 11 bytes [B8, 39, 62, 3D, 76, 00, 00, ...] .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2188] C:\Windows\SYSTEM32\sechost.dll!OpenServiceA 000007feff6f6c34 12 bytes [48, B8, 39, 54, 3D, 76, 00, ...] .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2188] C:\Windows\SYSTEM32\sechost.dll!DeleteService + 1 000007feff6f7ab5 11 bytes [B8, F9, 5C, 3D, 76, 00, 00, ...] .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2188] C:\Windows\SYSTEM32\sechost.dll!ControlServiceExA + 1 000007feff6f8b01 11 bytes [B8, B9, 57, 3D, 76, 00, 00, ...] .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2188] C:\Windows\SYSTEM32\sechost.dll!ControlServiceExW + 1 000007feff6f8c39 11 bytes [B8, 79, 59, 3D, 76, 00, 00, ...] .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2188] C:\Windows\system32\WINHTTP.dll!WinHttpCloseHandle 000007fefb2f22e0 12 bytes [48, B8, F9, BE, 3D, 76, 00, ...] .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2188] C:\Windows\system32\WINHTTP.dll!WinHttpOpenRequest 000007fefb2f45f8 12 bytes [48, B8, 39, BD, 3D, 76, 00, ...] .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2188] C:\Windows\system32\WINHTTP.dll!WinHttpConnect 000007fefb303e3c 12 bytes [48, B8, B9, C0, 3D, 76, 00, ...] .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2188] C:\Windows\system32\WS2_32.dll!WSASend + 1 000007feff1b13b1 11 bytes [B8, B9, C7, 3D, 76, 00, 00, ...] .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2188] C:\Windows\system32\WS2_32.dll!closesocket 000007feff1b18e0 12 bytes [48, B8, F9, C5, 3D, 76, 00, ...] .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2188] C:\Windows\system32\WS2_32.dll!WSASocketW + 1 000007feff1b1bd1 11 bytes [B8, 39, C4, 3D, 76, 00, 00, ...] .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2188] C:\Windows\system32\WS2_32.dll!WSARecv + 1 000007feff1b2201 11 bytes [B8, 39, 11, 3E, 76, 00, 00, ...] .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2188] C:\Windows\system32\WS2_32.dll!GetAddrInfoW 000007feff1b23c0 12 bytes [48, B8, 39, A8, 3D, 76, 00, ...] .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2188] C:\Windows\system32\WS2_32.dll!connect 000007feff1b45c0 12 bytes [48, B8, 79, 67, 3D, 76, 00, ...] .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2188] C:\Windows\system32\WS2_32.dll!send + 1 000007feff1b8001 11 bytes [B8, 79, C2, 3D, 76, 00, 00, ...] .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2188] C:\Windows\system32\WS2_32.dll!gethostbyname 000007feff1b8df0 7 bytes [48, B8, B9, AB, 3D, 76, 00] .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2188] C:\Windows\system32\WS2_32.dll!gethostbyname + 9 000007feff1b8df9 3 bytes [00, 50, C3] .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2188] C:\Windows\system32\WS2_32.dll!GetAddrInfoExW 000007feff1bc090 12 bytes [48, B8, F9, A9, 3D, 76, 00, ...] .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2188] C:\Windows\system32\WS2_32.dll!socket + 1 000007feff1bde91 11 bytes [B8, 39, 0A, 3E, 76, 00, 00, ...] .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2188] C:\Windows\system32\WS2_32.dll!recv + 1 000007feff1bdf41 11 bytes [B8, 79, 0F, 3E, 76, 00, 00, ...] .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2188] C:\Windows\system32\WS2_32.dll!WSAConnect + 1 000007feff1de0f1 11 bytes [B8, B9, 0D, 3E, 76, 00, 00, ...] .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2188] C:\Windows\system32\DNSAPI.dll!DnsQuery_UTF8 000007fefcc256e0 12 bytes [48, B8, 39, E7, 3D, 76, 00, ...] .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2188] C:\Windows\system32\DNSAPI.dll!DnsQuery_W 000007fefcc3010c 12 bytes [48, B8, 79, E5, 3D, 76, 00, ...] .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2188] C:\Windows\system32\DNSAPI.dll!DnsQuery_A 000007fefcc4daa0 12 bytes [48, B8, B9, E3, 3D, 76, 00, ...] .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2500] C:\Windows\system32\KERNELBASE.dll!CloseHandle + 1 000007fefdc51861 11 bytes [B8, 79, 52, 3D, 76, 00, 00, ...] .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2500] C:\Windows\system32\KERNELBASE.dll!GetProcAddress + 1 000007fefdc530f1 11 bytes [B8, 39, D2, 3D, 76, 00, 00, ...] .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2500] C:\Windows\system32\KERNELBASE.dll!FindFirstFileExW 000007fefdc55200 12 bytes [48, B8, B9, FF, 3D, 76, 00, ...] .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2500] C:\Windows\system32\KERNELBASE.dll!FindNextFileW + 1 000007fefdc55b91 11 bytes [B8, 79, 01, 3E, 76, 00, 00, ...] .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2500] C:\Windows\system32\KERNELBASE.dll!CreateMutexW 000007fefdc58c00 12 bytes [48, B8, B9, 50, 3D, 76, 00, ...] .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2500] C:\Windows\system32\KERNELBASE.dll!CreateWellKnownSid + 1 000007fefdc59531 11 bytes [B8, B9, 1B, 3E, 76, 00, 00, ...] .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2500] C:\Windows\system32\KERNELBASE.dll!DeviceIoControl + 1 000007fefdc59e71 11 bytes [B8, F9, FD, 3D, 76, 00, 00, ...] .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2500] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExA + 1 000007fefdc5b591 11 bytes [B8, F9, CC, 3D, 76, 00, 00, ...] .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2500] C:\Windows\system32\KERNELBASE.dll!OpenMutexW + 1 000007fefdc62361 11 bytes [B8, F9, 4E, 3D, 76, 00, 00, ...] .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2500] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefdc6a590 12 bytes [48, B8, B9, CE, 3D, 76, 00, ...] .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2500] C:\Windows\system32\KERNELBASE.dll!FreeLibrary + 1 000007fefdc6ac01 11 bytes [B8, 79, D0, 3D, 76, 00, 00, ...] .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2500] C:\Windows\system32\KERNELBASE.dll!WriteProcessMemory 000007fefdc842e0 12 bytes [48, B8, B9, 42, 3D, 76, 00, ...] .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2500] C:\Windows\system32\KERNELBASE.dll!DefineDosDeviceW + 1 000007fefdc90ba1 11 bytes [B8, B9, EA, 3D, 76, 00, 00, ...] .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2500] C:\Windows\system32\KERNELBASE.dll!CreateRemoteThread + 1 000007fefdc92801 8 bytes [B8, 39, 23, 3D, 76, 00, 00, ...] .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2500] C:\Windows\system32\KERNELBASE.dll!CreateRemoteThread + 10 000007fefdc9280a 2 bytes [50, C3] .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2500] C:\Windows\system32\KERNELBASE.dll!CreateThread + 1 000007fefdc92841 11 bytes [B8, F9, 40, 3D, 76, 00, 00, ...] .text C:\Windows\system32\svchost.exe[2544] C:\Windows\system32\KERNELBASE.dll!CloseHandle + 1 000007fefdc51861 11 bytes [B8, 79, 52, 3D, 76, 00, 00, ...] .text C:\Windows\system32\svchost.exe[2544] C:\Windows\system32\KERNELBASE.dll!GetProcAddress + 1 000007fefdc530f1 11 bytes [B8, 39, B6, 3D, 76, 00, 00, ...] .text C:\Windows\system32\svchost.exe[2544] C:\Windows\system32\KERNELBASE.dll!FindFirstFileExW 000007fefdc55200 12 bytes [48, B8, F9, E1, 3D, 76, 00, ...] .text C:\Windows\system32\svchost.exe[2544] C:\Windows\system32\KERNELBASE.dll!FindNextFileW + 1 000007fefdc55b91 11 bytes [B8, B9, E3, 3D, 76, 00, 00, ...] .text C:\Windows\system32\svchost.exe[2544] C:\Windows\system32\KERNELBASE.dll!CreateMutexW 000007fefdc58c00 12 bytes [48, B8, B9, 50, 3D, 76, 00, ...] .text C:\Windows\system32\svchost.exe[2544] C:\Windows\system32\KERNELBASE.dll!CreateWellKnownSid + 1 000007fefdc59531 11 bytes [B8, F9, FD, 3D, 76, 00, 00, ...] .text C:\Windows\system32\svchost.exe[2544] C:\Windows\system32\KERNELBASE.dll!DeviceIoControl + 1 000007fefdc59e71 11 bytes [B8, 39, E0, 3D, 76, 00, 00, ...] .text C:\Windows\system32\svchost.exe[2544] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExA + 1 000007fefdc5b591 11 bytes [B8, F9, B0, 3D, 76, 00, 00, ...] .text C:\Windows\system32\svchost.exe[2544] C:\Windows\system32\KERNELBASE.dll!OpenMutexW + 1 000007fefdc62361 11 bytes [B8, F9, 4E, 3D, 76, 00, 00, ...] .text C:\Windows\system32\svchost.exe[2544] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefdc6a590 12 bytes [48, B8, B9, B2, 3D, 76, 00, ...] .text C:\Windows\system32\svchost.exe[2544] C:\Windows\system32\KERNELBASE.dll!FreeLibrary + 1 000007fefdc6ac01 11 bytes [B8, 79, B4, 3D, 76, 00, 00, ...] .text C:\Windows\system32\svchost.exe[2544] C:\Windows\system32\KERNELBASE.dll!WriteProcessMemory 000007fefdc842e0 12 bytes [48, B8, B9, 42, 3D, 76, 00, ...] .text C:\Windows\system32\svchost.exe[2544] C:\Windows\system32\KERNELBASE.dll!DefineDosDeviceW + 1 000007fefdc90ba1 11 bytes [B8, B9, CE, 3D, 76, 00, 00, ...] .text C:\Windows\system32\svchost.exe[2544] C:\Windows\system32\KERNELBASE.dll!CreateRemoteThread + 1 000007fefdc92801 8 bytes [B8, 39, 23, 3D, 76, 00, 00, ...] .text C:\Windows\system32\svchost.exe[2544] C:\Windows\system32\KERNELBASE.dll!CreateRemoteThread + 10 000007fefdc9280a 2 bytes [50, C3] .text C:\Windows\system32\svchost.exe[2544] C:\Windows\system32\KERNELBASE.dll!CreateThread + 1 000007fefdc92841 11 bytes [B8, F9, 40, 3D, 76, 00, 00, ...] .text C:\Windows\system32\svchost.exe[2544] C:\Windows\SYSTEM32\sechost.dll!ControlService + 1 000007feff6f642d 11 bytes [B8, 39, 5B, 3D, 76, 00, 00, ...] .text C:\Windows\system32\svchost.exe[2544] C:\Windows\SYSTEM32\sechost.dll!OpenServiceW 000007feff6f6484 12 bytes [48, B8, F9, 55, 3D, 76, 00, ...] .text C:\Windows\system32\svchost.exe[2544] C:\Windows\SYSTEM32\sechost.dll!CloseServiceHandle + 1 000007feff6f6519 11 bytes [B8, 39, 62, 3D, 76, 00, 00, ...] .text C:\Windows\system32\svchost.exe[2544] C:\Windows\SYSTEM32\sechost.dll!OpenServiceA 000007feff6f6c34 12 bytes [48, B8, 39, 54, 3D, 76, 00, ...] .text C:\Windows\system32\svchost.exe[2544] C:\Windows\SYSTEM32\sechost.dll!DeleteService + 1 000007feff6f7ab5 11 bytes [B8, F9, 5C, 3D, 76, 00, 00, ...] .text C:\Windows\system32\svchost.exe[2544] C:\Windows\SYSTEM32\sechost.dll!ControlServiceExA + 1 000007feff6f8b01 11 bytes [B8, B9, 57, 3D, 76, 00, 00, ...] .text C:\Windows\system32\svchost.exe[2544] C:\Windows\SYSTEM32\sechost.dll!ControlServiceExW + 1 000007feff6f8c39 11 bytes [B8, 79, 59, 3D, 76, 00, 00, ...] .text C:\Windows\system32\svchost.exe[2544] C:\Windows\system32\WS2_32.dll!WSASend + 1 000007feff1b13b1 11 bytes [B8, B9, AB, 3D, 76, 00, 00, ...] .text C:\Windows\system32\svchost.exe[2544] C:\Windows\system32\WS2_32.dll!closesocket 000007feff1b18e0 12 bytes [48, B8, F9, A9, 3D, 76, 00, ...] .text C:\Windows\system32\svchost.exe[2544] C:\Windows\system32\WS2_32.dll!WSASocketW + 1 000007feff1b1bd1 11 bytes [B8, 39, A8, 3D, 76, 00, 00, ...] .text C:\Windows\system32\svchost.exe[2544] C:\Windows\system32\WS2_32.dll!WSARecv + 1 000007feff1b2201 11 bytes [B8, 79, F3, 3D, 76, 00, 00, ...] .text C:\Windows\system32\svchost.exe[2544] C:\Windows\system32\WS2_32.dll!GetAddrInfoW 000007feff1b23c0 12 bytes [48, B8, 39, 8C, 3D, 76, 00, ...] .text C:\Windows\system32\svchost.exe[2544] C:\Windows\system32\WS2_32.dll!connect 000007feff1b45c0 12 bytes [48, B8, 79, 67, 3D, 76, 00, ...] .text C:\Windows\system32\svchost.exe[2544] C:\Windows\system32\WS2_32.dll!send + 1 000007feff1b8001 11 bytes [B8, 79, A6, 3D, 76, 00, 00, ...] .text C:\Windows\system32\svchost.exe[2544] C:\Windows\system32\WS2_32.dll!gethostbyname 000007feff1b8df0 7 bytes [48, B8, B9, 8F, 3D, 76, 00] .text C:\Windows\system32\svchost.exe[2544] C:\Windows\system32\WS2_32.dll!gethostbyname + 9 000007feff1b8df9 3 bytes [00, 50, C3] .text C:\Windows\system32\svchost.exe[2544] C:\Windows\system32\WS2_32.dll!GetAddrInfoExW 000007feff1bc090 12 bytes [48, B8, F9, 8D, 3D, 76, 00, ...] .text C:\Windows\system32\svchost.exe[2544] C:\Windows\system32\WS2_32.dll!socket + 1 000007feff1bde91 11 bytes [B8, 79, EC, 3D, 76, 00, 00, ...] .text C:\Windows\system32\svchost.exe[2544] C:\Windows\system32\WS2_32.dll!recv + 1 000007feff1bdf41 11 bytes [B8, B9, F1, 3D, 76, 00, 00, ...] .text C:\Windows\system32\svchost.exe[2544] C:\Windows\system32\WS2_32.dll!WSAConnect + 1 000007feff1de0f1 11 bytes [B8, F9, EF, 3D, 76, 00, 00, ...] .text C:\Windows\System32\WUDFHost.exe[3256] C:\Windows\system32\kernel32.dll!Process32NextW + 1 0000000077a21b21 11 bytes [B8, B9, C0, 3D, 76, 00, 00, ...] .text C:\Windows\System32\WUDFHost.exe[3256] C:\Windows\system32\kernel32.dll!CreateToolhelp32Snapshot 0000000077a21c10 12 bytes [48, B8, F9, 39, 3D, 76, 00, ...] .text C:\Windows\System32\WUDFHost.exe[3256] C:\Windows\system32\kernel32.dll!MoveFileExW + 1 0000000077a22b61 8 bytes [B8, B9, D5, 3D, 76, 00, 00, ...] .text C:\Windows\System32\WUDFHost.exe[3256] C:\Windows\system32\kernel32.dll!MoveFileExW + 10 0000000077a22b6a 2 bytes [50, C3] .text C:\Windows\System32\WUDFHost.exe[3256] C:\Windows\system32\kernel32.dll!CreateProcessInternalW 0000000077a3dbc0 12 bytes [48, B8, B9, 2D, 3D, 76, 00, ...] .text C:\Windows\System32\WUDFHost.exe[3256] C:\Windows\system32\kernel32.dll!GetStartupInfoA + 1 0000000077a40941 11 bytes [B8, 79, 08, 3E, 76, 00, 00, ...] .text C:\Windows\System32\WUDFHost.exe[3256] C:\Windows\system32\kernel32.dll!ReadConsoleInputW + 1 0000000077a75331 11 bytes [B8, B9, 7A, 3D, 76, 00, 00, ...] .text C:\Windows\System32\WUDFHost.exe[3256] C:\Windows\system32\kernel32.dll!ReadConsoleInputA + 1 0000000077a75351 11 bytes [B8, 39, 77, 3D, 76, 00, 00, ...] .text C:\Windows\System32\WUDFHost.exe[3256] C:\Windows\system32\kernel32.dll!ReadConsoleW 0000000077a8a660 12 bytes [48, B8, B9, 81, 3D, 76, 00, ...] .text C:\Windows\System32\WUDFHost.exe[3256] C:\Windows\system32\kernel32.dll!ReadConsoleA 0000000077a8a770 12 bytes [48, B8, 39, 7E, 3D, 76, 00, ...] .text C:\Windows\System32\WUDFHost.exe[3256] C:\Windows\system32\kernel32.dll!MoveFileWithProgressW + 1 0000000077aaf511 11 bytes [B8, B9, DC, 3D, 76, 00, 00, ...] .text C:\Windows\System32\WUDFHost.exe[3256] C:\Windows\system32\kernel32.dll!MoveFileWithProgressA + 1 0000000077aaf711 11 bytes [B8, 39, D9, 3D, 76, 00, 00, ...] .text C:\Windows\System32\WUDFHost.exe[3256] C:\Windows\system32\kernel32.dll!MoveFileExA + 1 0000000077aaf741 8 bytes [B8, 39, D2, 3D, 76, 00, 00, ...] .text C:\Windows\System32\WUDFHost.exe[3256] C:\Windows\system32\kernel32.dll!MoveFileExA + 10 0000000077aaf74a 2 bytes [50, C3] .text C:\Windows\System32\WUDFHost.exe[3256] C:\Windows\system32\KERNELBASE.dll!CloseHandle + 1 000007fefdc51861 11 bytes [B8, 79, 52, 3D, 76, 00, 00, ...] .text C:\Windows\System32\WUDFHost.exe[3256] C:\Windows\system32\KERNELBASE.dll!GetProcAddress + 1 000007fefdc530f1 11 bytes [B8, 39, B6, 3D, 76, 00, 00, ...] .text C:\Windows\System32\WUDFHost.exe[3256] C:\Windows\system32\KERNELBASE.dll!FindFirstFileExW 000007fefdc55200 12 bytes [48, B8, B9, E3, 3D, 76, 00, ...] .text C:\Windows\System32\WUDFHost.exe[3256] C:\Windows\system32\KERNELBASE.dll!FindNextFileW + 1 000007fefdc55b91 11 bytes [B8, 79, E5, 3D, 76, 00, 00, ...] .text C:\Windows\System32\WUDFHost.exe[3256] C:\Windows\system32\KERNELBASE.dll!CreateMutexW 000007fefdc58c00 12 bytes [48, B8, B9, 50, 3D, 76, 00, ...] .text C:\Windows\System32\WUDFHost.exe[3256] C:\Windows\system32\KERNELBASE.dll!CreateWellKnownSid + 1 000007fefdc59531 11 bytes [B8, B9, FF, 3D, 76, 00, 00, ...] .text C:\Windows\System32\WUDFHost.exe[3256] C:\Windows\system32\KERNELBASE.dll!DeviceIoControl + 1 000007fefdc59e71 11 bytes [B8, F9, E1, 3D, 76, 00, 00, ...] .text C:\Windows\System32\WUDFHost.exe[3256] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExA + 1 000007fefdc5b591 11 bytes [B8, F9, B0, 3D, 76, 00, 00, ...] .text C:\Windows\System32\WUDFHost.exe[3256] C:\Windows\system32\KERNELBASE.dll!OpenMutexW + 1 000007fefdc62361 11 bytes [B8, F9, 4E, 3D, 76, 00, 00, ...] .text C:\Windows\System32\WUDFHost.exe[3256] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefdc6a590 12 bytes [48, B8, B9, B2, 3D, 76, 00, ...] .text C:\Windows\System32\WUDFHost.exe[3256] C:\Windows\system32\KERNELBASE.dll!FreeLibrary + 1 000007fefdc6ac01 11 bytes [B8, 79, B4, 3D, 76, 00, 00, ...] .text C:\Windows\System32\WUDFHost.exe[3256] C:\Windows\system32\KERNELBASE.dll!WriteProcessMemory 000007fefdc842e0 12 bytes [48, B8, B9, 42, 3D, 76, 00, ...] .text C:\Windows\System32\WUDFHost.exe[3256] C:\Windows\system32\KERNELBASE.dll!DefineDosDeviceW + 1 000007fefdc90ba1 11 bytes [B8, B9, CE, 3D, 76, 00, 00, ...] .text C:\Windows\System32\WUDFHost.exe[3256] C:\Windows\system32\KERNELBASE.dll!CreateRemoteThread + 1 000007fefdc92801 8 bytes [B8, 39, 23, 3D, 76, 00, 00, ...] .text C:\Windows\System32\WUDFHost.exe[3256] C:\Windows\system32\KERNELBASE.dll!CreateRemoteThread + 10 000007fefdc9280a 2 bytes [50, C3] .text C:\Windows\System32\WUDFHost.exe[3256] C:\Windows\system32\KERNELBASE.dll!CreateThread + 1 000007fefdc92841 11 bytes [B8, F9, 40, 3D, 76, 00, 00, ...] .text C:\Windows\System32\WUDFHost.exe[3256] C:\Windows\system32\ADVAPI32.dll!CryptExportKey + 1 000007fefdcfaeb1 11 bytes [B8, B9, F8, 3D, 76, 00, 00, ...] .text C:\Windows\System32\WUDFHost.exe[3256] C:\Windows\system32\ADVAPI32.dll!CryptAcquireContextA + 1 000007fefdcfaf11 11 bytes [B8, 39, E7, 3D, 76, 00, 00, ...] .text C:\Windows\System32\WUDFHost.exe[3256] C:\Windows\system32\ADVAPI32.dll!CryptImportKey + 1 000007fefdcfe719 11 bytes [B8, F9, FD, 3D, 76, 00, 00, ...] .text C:\Windows\System32\WUDFHost.exe[3256] C:\Windows\system32\ADVAPI32.dll!CryptAcquireContextW + 1 000007fefdd0051d 11 bytes [B8, F9, E8, 3D, 76, 00, 00, ...] .text C:\Windows\System32\WUDFHost.exe[3256] C:\Windows\system32\ADVAPI32.dll!CryptCreateHash + 1 000007fefdd00609 11 bytes [B8, F9, F6, 3D, 76, 00, 00, ...] .text C:\Windows\System32\WUDFHost.exe[3256] C:\Windows\system32\ADVAPI32.dll!CryptGetHashParam + 1 000007fefdd00641 11 bytes [B8, 79, FA, 3D, 76, 00, 00, ...] .text C:\Windows\System32\WUDFHost.exe[3256] C:\Windows\system32\ADVAPI32.dll!CryptGetHashParam + 73 000007fefdd00689 5 bytes [B8, 39, FC, 3D, 76] .text ... * 2 .text C:\Windows\System32\WUDFHost.exe[3256] C:\Windows\system32\ADVAPI32.dll!IsTextUnicode + 49 000007fefdd14ea1 11 bytes [B8, F9, 19, 3E, 76, 00, 00, ...] .text C:\Windows\System32\WUDFHost.exe[3256] C:\Windows\system32\ADVAPI32.dll!CreateServiceW 000007fefdd155c8 12 bytes [48, B8, B9, 6C, 3D, 76, 00, ...] .text C:\Windows\System32\WUDFHost.exe[3256] C:\Windows\system32\ADVAPI32.dll!CryptEncrypt + 1 000007fefdd2b7d1 7 bytes [B8, 79, EC, 3D, 76, 00, 00] .text C:\Windows\System32\WUDFHost.exe[3256] C:\Windows\system32\ADVAPI32.dll!CryptEncrypt + 10 000007fefdd2b7da 2 bytes [50, C3] .text C:\Windows\System32\WUDFHost.exe[3256] C:\Windows\system32\ADVAPI32.dll!CreateServiceA 000007fefdd2b85c 12 bytes [48, B8, F9, 6A, 3D, 76, 00, ...] .text C:\Windows\System32\WUDFHost.exe[3256] C:\Windows\system32\ADVAPI32.dll!ChangeServiceConfigW 000007fefdd2b9d0 12 bytes [48, B8, 79, 60, 3D, 76, 00, ...] .text C:\Windows\System32\WUDFHost.exe[3256] C:\Windows\system32\ADVAPI32.dll!ChangeServiceConfigA 000007fefdd2ba3c 12 bytes [48, B8, B9, 5E, 3D, 76, 00, ...] .text C:\Windows\System32\WUDFHost.exe[3256] C:\Windows\SYSTEM32\sechost.dll!ControlService + 1 000007feff6f642d 11 bytes [B8, 39, 5B, 3D, 76, 00, 00, ...] .text C:\Windows\System32\WUDFHost.exe[3256] C:\Windows\SYSTEM32\sechost.dll!OpenServiceW 000007feff6f6484 12 bytes [48, B8, F9, 55, 3D, 76, 00, ...] .text C:\Windows\System32\WUDFHost.exe[3256] C:\Windows\SYSTEM32\sechost.dll!CloseServiceHandle + 1 000007feff6f6519 11 bytes [B8, 39, 62, 3D, 76, 00, 00, ...] .text C:\Windows\System32\WUDFHost.exe[3256] C:\Windows\SYSTEM32\sechost.dll!OpenServiceA 000007feff6f6c34 12 bytes [48, B8, 39, 54, 3D, 76, 00, ...] .text C:\Windows\System32\WUDFHost.exe[3256] C:\Windows\SYSTEM32\sechost.dll!DeleteService + 1 000007feff6f7ab5 11 bytes [B8, F9, 5C, 3D, 76, 00, 00, ...] .text C:\Windows\System32\WUDFHost.exe[3256] C:\Windows\SYSTEM32\sechost.dll!ControlServiceExA + 1 000007feff6f8b01 11 bytes [B8, B9, 57, 3D, 76, 00, 00, ...] .text C:\Windows\System32\WUDFHost.exe[3256] C:\Windows\SYSTEM32\sechost.dll!ControlServiceExW + 1 000007feff6f8c39 11 bytes [B8, 79, 59, 3D, 76, 00, 00, ...] .text C:\Windows\System32\rundll32.exe[3544] C:\Windows\SYSTEM32\ntdll.dll!RtlEqualSid + 1 0000000077b68611 11 bytes [B8, F9, 04, 3E, 76, 00, 00, ...] .text C:\Windows\System32\rundll32.exe[3544] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateProcessParametersEx + 1 0000000077b76741 7 bytes [B8, F9, 6A, 3D, 76, 00, 00] .text C:\Windows\System32\rundll32.exe[3544] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateProcessParametersEx + 10 0000000077b7674a 2 bytes [50, C3] .text C:\Windows\System32\rundll32.exe[3544] C:\Windows\SYSTEM32\ntdll.dll!NtWriteFile 0000000077b8dc50 6 bytes [48, B8, F9, 12, 3E, 76] .text C:\Windows\System32\rundll32.exe[3544] C:\Windows\SYSTEM32\ntdll.dll!NtWriteFile + 8 0000000077b8dc58 4 bytes [00, 00, 50, C3] .text C:\Windows\System32\rundll32.exe[3544] C:\Windows\SYSTEM32\ntdll.dll!NtClose 0000000077b8dcc0 6 bytes [48, B8, 79, C2, 3D, 76] .text C:\Windows\System32\rundll32.exe[3544] C:\Windows\SYSTEM32\ntdll.dll!NtClose + 8 0000000077b8dcc8 4 bytes [00, 00, 50, C3] .text C:\Windows\System32\rundll32.exe[3544] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess 0000000077b8dd90 6 bytes [48, B8, F9, B0, 3D, 76] .text C:\Windows\System32\rundll32.exe[3544] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess + 8 0000000077b8dd98 4 bytes [00, 00, 50, C3] .text C:\Windows\System32\rundll32.exe[3544] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationToken 0000000077b8dde0 6 bytes [48, B8, 39, 03, 3E, 76] .text C:\Windows\System32\rundll32.exe[3544] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationToken + 8 0000000077b8dde8 4 bytes [00, 00, 50, C3] .text C:\Windows\System32\rundll32.exe[3544] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077b8de30 6 bytes [48, B8, B9, 34, 3D, 76] .text C:\Windows\System32\rundll32.exe[3544] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess + 8 0000000077b8de38 4 bytes [00, 00, 50, C3] .text C:\Windows\System32\rundll32.exe[3544] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 0000000077b8de50 6 bytes [48, B8, 39, 1C, 3D, 76] .text C:\Windows\System32\rundll32.exe[3544] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection + 8 0000000077b8de58 4 bytes [00, 00, 50, C3] .text C:\Windows\System32\rundll32.exe[3544] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection 0000000077b8de70 6 bytes [48, B8, F9, 1D, 3D, 76] .text C:\Windows\System32\rundll32.exe[3544] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection + 8 0000000077b8de78 4 bytes [00, 00, 50, C3] .text C:\Windows\System32\rundll32.exe[3544] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077b8de90 6 bytes [48, B8, 39, AF, 3D, 76] .text C:\Windows\System32\rundll32.exe[3544] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess + 8 0000000077b8de98 4 bytes [00, 00, 50, C3] .text C:\Windows\System32\rundll32.exe[3544] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077b8df40 6 bytes [48, B8, 39, 11, 3E, 76] .text C:\Windows\System32\rundll32.exe[3544] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection + 8 0000000077b8df48 4 bytes [00, 00, 50, C3] .text C:\Windows\System32\rundll32.exe[3544] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077b8df70 6 bytes [48, B8, 39, 31, 3D, 76] .text C:\Windows\System32\rundll32.exe[3544] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory + 8 0000000077b8df78 4 bytes [00, 00, 50, C3] .text C:\Windows\System32\rundll32.exe[3544] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077b8df90 6 bytes [48, B8, 39, 38, 3D, 76] .text C:\Windows\System32\rundll32.exe[3544] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject + 8 0000000077b8df98 4 bytes [00, 00, 50, C3] .text C:\Windows\System32\rundll32.exe[3544] C:\Windows\SYSTEM32\ntdll.dll!NtAdjustPrivilegesToken 0000000077b8dfe0 6 bytes [48, B8, 79, DE, 3D, 76] .text C:\Windows\System32\rundll32.exe[3544] C:\Windows\SYSTEM32\ntdll.dll!NtAdjustPrivilegesToken + 8 0000000077b8dfe8 4 bytes [00, 00, 50, C3] .text C:\Windows\System32\rundll32.exe[3544] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 0000000077b8e020 6 bytes [48, B8, 79, 36, 3D, 76] .text C:\Windows\System32\rundll32.exe[3544] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread + 8 0000000077b8e028 4 bytes [00, 00, 50, C3] .text C:\Windows\System32\rundll32.exe[3544] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077b8e070 6 bytes [48, B8, B9, 14, 3E, 76] .text C:\Windows\System32\rundll32.exe[3544] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection + 8 0000000077b8e078 4 bytes [00, 00, 50, C3] .text C:\Windows\System32\rundll32.exe[3544] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcessEx 0000000077b8e0a0 6 bytes [48, B8, F9, 2B, 3D, 76] .text C:\Windows\System32\rundll32.exe[3544] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcessEx + 8 0000000077b8e0a8 4 bytes [00, 00, 50, C3] .text C:\Windows\System32\rundll32.exe[3544] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077b8e0b0 6 bytes [48, B8, 79, 28, 3D, 76] .text C:\Windows\System32\rundll32.exe[3544] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread + 8 0000000077b8e0b8 4 bytes [00, 00, 50, C3] .text C:\Windows\System32\rundll32.exe[3544] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 0000000077b8e120 6 bytes [48, B8, 39, E0, 3D, 76] .text C:\Windows\System32\rundll32.exe[3544] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile + 8 0000000077b8e128 4 bytes [00, 00, 50, C3] .text C:\Windows\System32\rundll32.exe[3544] C:\Windows\SYSTEM32\ntdll.dll!NtSetValueKey 0000000077b8e1d0 6 bytes [48, B8, 39, 18, 3E, 76] .text C:\Windows\System32\rundll32.exe[3544] C:\Windows\SYSTEM32\ntdll.dll!NtSetValueKey + 8 0000000077b8e1d8 4 bytes [00, 00, 50, C3] .text C:\Windows\System32\rundll32.exe[3544] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077b8e5a0 6 bytes [48, B8, 79, 0F, 3E, 76] .text C:\Windows\System32\rundll32.exe[3544] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant + 8 0000000077b8e5a8 4 bytes [00, 00, 50, C3] .text C:\Windows\System32\rundll32.exe[3544] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcess 0000000077b8e5f0 6 bytes [48, B8, 39, 2A, 3D, 76] .text C:\Windows\System32\rundll32.exe[3544] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcess + 8 0000000077b8e5f8 4 bytes [00, 00, 50, C3] .text C:\Windows\System32\rundll32.exe[3544] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077b8e650 6 bytes [48, B8, B9, 26, 3D, 76] .text C:\Windows\System32\rundll32.exe[3544] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx + 8 0000000077b8e658 4 bytes [00, 00, 50, C3] .text C:\Windows\System32\rundll32.exe[3544] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077b8e9c0 6 bytes [48, B8, 39, C4, 3D, 76] .text C:\Windows\System32\rundll32.exe[3544] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver + 8 0000000077b8e9c8 4 bytes [00, 00, 50, C3] .text C:\Windows\System32\rundll32.exe[3544] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcessToken 0000000077b8eb90 6 bytes [48, B8, 79, 01, 3E, 76] .text C:\Windows\System32\rundll32.exe[3544] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcessToken + 8 0000000077b8eb98 4 bytes [00, 00, 50, C3] .text C:\Windows\System32\rundll32.exe[3544] C:\Windows\SYSTEM32\ntdll.dll!NtRaiseHardError 0000000077b8ef00 6 bytes [48, B8, 39, 85, 3D, 76] .text C:\Windows\System32\rundll32.exe[3544] C:\Windows\SYSTEM32\ntdll.dll!NtRaiseHardError + 8 0000000077b8ef08 4 bytes [00, 00, 50, C3] .text C:\Windows\System32\rundll32.exe[3544] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077b8f100 6 bytes [48, B8, F9, 32, 3D, 76] .text C:\Windows\System32\rundll32.exe[3544] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread + 8 0000000077b8f108 4 bytes [00, 00, 50, C3] .text C:\Windows\System32\rundll32.exe[3544] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077b8f2c0 6 bytes [48, B8, F9, C5, 3D, 76] .text C:\Windows\System32\rundll32.exe[3544] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation + 8 0000000077b8f2c8 4 bytes [00, 00, 50, C3] .text C:\Windows\System32\rundll32.exe[3544] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077b8f3a0 6 bytes [48, B8, 39, 3F, 3D, 76] .text C:\Windows\System32\rundll32.exe[3544] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess + 8 0000000077b8f3a8 4 bytes [00, 00, 50, C3] .text C:\Windows\System32\rundll32.exe[3544] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077b8f3b0 6 bytes [48, B8, 79, 3D, 3D, 76] .text C:\Windows\System32\rundll32.exe[3544] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread + 8 0000000077b8f3b8 4 bytes [00, 00, 50, C3] .text C:\Windows\System32\rundll32.exe[3544] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077b8f3c0 6 bytes [48, B8, 79, 16, 3E, 76] .text C:\Windows\System32\rundll32.exe[3544] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl + 8 0000000077b8f3c8 4 bytes [00, 00, 50, C3] .text C:\Windows\System32\rundll32.exe[3544] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077b8f4a0 6 bytes [48, B8, 39, 0A, 3E, 76] .text C:\Windows\System32\rundll32.exe[3544] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl + 8 0000000077b8f4a8 4 bytes [00, 00, 50, C3] .text C:\Windows\System32\rundll32.exe[3544] C:\Windows\SYSTEM32\ntdll.dll!RtlReportException + 1 0000000077bfea21 11 bytes [B8, F9, 86, 3D, 76, 00, 00, ...] .text C:\Windows\System32\rundll32.exe[3544] C:\Windows\system32\KERNELBASE.dll!CloseHandle + 1 000007fefdc51861 11 bytes [B8, 39, 54, 3D, 76, 00, 00, ...] .text C:\Windows\System32\rundll32.exe[3544] C:\Windows\system32\KERNELBASE.dll!GetProcAddress + 1 000007fefdc530f1 11 bytes [B8, 39, B6, 3D, 76, 00, 00, ...] .text C:\Windows\System32\rundll32.exe[3544] C:\Windows\system32\KERNELBASE.dll!FindFirstFileExW 000007fefdc55200 12 bytes [48, B8, B9, E3, 3D, 76, 00, ...] .text C:\Windows\System32\rundll32.exe[3544] C:\Windows\system32\KERNELBASE.dll!FindNextFileW + 1 000007fefdc55b91 11 bytes [B8, 79, E5, 3D, 76, 00, 00, ...] .text C:\Windows\System32\rundll32.exe[3544] C:\Windows\system32\KERNELBASE.dll!CreateMutexW 000007fefdc58c00 12 bytes [48, B8, 79, 52, 3D, 76, 00, ...] .text C:\Windows\System32\rundll32.exe[3544] C:\Windows\system32\KERNELBASE.dll!CreateWellKnownSid + 1 000007fefdc59531 11 bytes [B8, B9, FF, 3D, 76, 00, 00, ...] .text C:\Windows\System32\rundll32.exe[3544] C:\Windows\system32\KERNELBASE.dll!DeviceIoControl + 1 000007fefdc59e71 11 bytes [B8, F9, E1, 3D, 76, 00, 00, ...] .text C:\Windows\System32\rundll32.exe[3544] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExA + 1 000007fefdc5b591 11 bytes [B8, B9, B2, 3D, 76, 00, 00, ...] .text C:\Windows\System32\rundll32.exe[3544] C:\Windows\system32\KERNELBASE.dll!OpenMutexW + 1 000007fefdc62361 11 bytes [B8, B9, 50, 3D, 76, 00, 00, ...] .text C:\Windows\System32\rundll32.exe[3544] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefdc6a590 12 bytes [48, B8, B9, 1F, 3D, 76, 00, ...] .text C:\Windows\System32\rundll32.exe[3544] C:\Windows\system32\KERNELBASE.dll!FreeLibrary + 1 000007fefdc6ac01 11 bytes [B8, 79, B4, 3D, 76, 00, 00, ...] .text C:\Windows\System32\rundll32.exe[3544] C:\Windows\system32\KERNELBASE.dll!WriteProcessMemory 000007fefdc842e0 12 bytes [48, B8, 79, 44, 3D, 76, 00, ...] .text C:\Windows\System32\rundll32.exe[3544] C:\Windows\system32\KERNELBASE.dll!DefineDosDeviceW + 1 000007fefdc90ba1 11 bytes [B8, B9, CE, 3D, 76, 00, 00, ...] .text C:\Windows\System32\rundll32.exe[3544] C:\Windows\system32\KERNELBASE.dll!CreateRemoteThread + 1 000007fefdc92801 8 bytes [B8, F9, 24, 3D, 76, 00, 00, ...] .text C:\Windows\System32\rundll32.exe[3544] C:\Windows\system32\KERNELBASE.dll!CreateRemoteThread + 10 000007fefdc9280a 2 bytes [50, C3] .text C:\Windows\System32\rundll32.exe[3544] C:\Windows\system32\KERNELBASE.dll!CreateThread + 1 000007fefdc92841 11 bytes [B8, B9, 42, 3D, 76, 00, 00, ...] .text C:\Windows\System32\rundll32.exe[3544] C:\Windows\system32\ADVAPI32.dll!CryptExportKey + 1 000007fefdcfaeb1 11 bytes [B8, B9, F8, 3D, 76, 00, 00, ...] .text C:\Windows\System32\rundll32.exe[3544] C:\Windows\system32\ADVAPI32.dll!CryptAcquireContextA + 1 000007fefdcfaf11 11 bytes [B8, 39, E7, 3D, 76, 00, 00, ...] .text C:\Windows\System32\rundll32.exe[3544] C:\Windows\system32\ADVAPI32.dll!CryptImportKey + 1 000007fefdcfe719 11 bytes [B8, F9, FD, 3D, 76, 00, 00, ...] .text C:\Windows\System32\rundll32.exe[3544] C:\Windows\system32\ADVAPI32.dll!CryptAcquireContextW + 1 000007fefdd0051d 11 bytes [B8, F9, E8, 3D, 76, 00, 00, ...] .text C:\Windows\System32\rundll32.exe[3544] C:\Windows\system32\ADVAPI32.dll!CryptCreateHash + 1 000007fefdd00609 11 bytes [B8, F9, F6, 3D, 76, 00, 00, ...] .text C:\Windows\System32\rundll32.exe[3544] C:\Windows\system32\ADVAPI32.dll!CryptGetHashParam + 1 000007fefdd00641 11 bytes [B8, 79, FA, 3D, 76, 00, 00, ...] .text C:\Windows\System32\rundll32.exe[3544] C:\Windows\system32\ADVAPI32.dll!CryptGetHashParam + 73 000007fefdd00689 5 bytes [B8, 39, FC, 3D, 76] .text ... * 2 .text C:\Windows\System32\rundll32.exe[3544] C:\Windows\system32\ADVAPI32.dll!IsTextUnicode + 49 000007fefdd14ea1 11 bytes [B8, B9, 1B, 3E, 76, 00, 00, ...] .text C:\Windows\System32\rundll32.exe[3544] C:\Windows\system32\ADVAPI32.dll!CreateServiceW 000007fefdd155c8 12 bytes [48, B8, 79, 6E, 3D, 76, 00, ...] .text C:\Windows\System32\rundll32.exe[3544] C:\Windows\system32\ADVAPI32.dll!CryptEncrypt + 1 000007fefdd2b7d1 7 bytes [B8, 79, EC, 3D, 76, 00, 00] .text C:\Windows\System32\rundll32.exe[3544] C:\Windows\system32\ADVAPI32.dll!CryptEncrypt + 10 000007fefdd2b7da 2 bytes [50, C3] .text C:\Windows\System32\rundll32.exe[3544] C:\Windows\system32\ADVAPI32.dll!CreateServiceA 000007fefdd2b85c 12 bytes [48, B8, B9, 6C, 3D, 76, 00, ...] .text C:\Windows\System32\rundll32.exe[3544] C:\Windows\system32\ADVAPI32.dll!ChangeServiceConfigW 000007fefdd2b9d0 12 bytes [48, B8, 39, 62, 3D, 76, 00, ...] .text C:\Windows\System32\rundll32.exe[3544] C:\Windows\system32\ADVAPI32.dll!ChangeServiceConfigA 000007fefdd2ba3c 12 bytes [48, B8, 79, 60, 3D, 76, 00, ...] .text C:\Windows\System32\rundll32.exe[3544] C:\Windows\SYSTEM32\sechost.dll!ControlService + 1 000007feff6f642d 11 bytes [B8, F9, 5C, 3D, 76, 00, 00, ...] .text C:\Windows\System32\rundll32.exe[3544] C:\Windows\SYSTEM32\sechost.dll!OpenServiceW 000007feff6f6484 12 bytes [48, B8, B9, 57, 3D, 76, 00, ...] .text C:\Windows\System32\rundll32.exe[3544] C:\Windows\SYSTEM32\sechost.dll!CloseServiceHandle + 1 000007feff6f6519 11 bytes [B8, F9, 63, 3D, 76, 00, 00, ...] .text C:\Windows\System32\rundll32.exe[3544] C:\Windows\SYSTEM32\sechost.dll!OpenServiceA 000007feff6f6c34 12 bytes [48, B8, F9, 55, 3D, 76, 00, ...] .text C:\Windows\System32\rundll32.exe[3544] C:\Windows\SYSTEM32\sechost.dll!DeleteService + 1 000007feff6f7ab5 11 bytes [B8, B9, 5E, 3D, 76, 00, 00, ...] .text C:\Windows\System32\rundll32.exe[3544] C:\Windows\SYSTEM32\sechost.dll!ControlServiceExA + 1 000007feff6f8b01 11 bytes [B8, 79, 59, 3D, 76, 00, 00, ...] .text C:\Windows\System32\rundll32.exe[3544] C:\Windows\SYSTEM32\sechost.dll!ControlServiceExW + 1 000007feff6f8c39 11 bytes [B8, 39, 5B, 3D, 76, 00, 00, ...] .text C:\Windows\System32\rundll32.exe[3544] C:\Windows\system32\WS2_32.dll!WSASend + 1 000007feff1b13b1 11 bytes [B8, 79, AD, 3D, 76, 00, 00, ...] .text C:\Windows\System32\rundll32.exe[3544] C:\Windows\system32\WS2_32.dll!closesocket 000007feff1b18e0 12 bytes [48, B8, B9, AB, 3D, 76, 00, ...] .text C:\Windows\System32\rundll32.exe[3544] C:\Windows\system32\WS2_32.dll!WSASocketW + 1 000007feff1b1bd1 11 bytes [B8, F9, A9, 3D, 76, 00, 00, ...] .text C:\Windows\System32\rundll32.exe[3544] C:\Windows\system32\WS2_32.dll!WSARecv + 1 000007feff1b2201 11 bytes [B8, 39, F5, 3D, 76, 00, 00, ...] .text C:\Windows\System32\rundll32.exe[3544] C:\Windows\system32\WS2_32.dll!GetAddrInfoW 000007feff1b23c0 12 bytes [48, B8, F9, 8D, 3D, 76, 00, ...] .text C:\Windows\System32\rundll32.exe[3544] C:\Windows\system32\WS2_32.dll!connect 000007feff1b45c0 12 bytes [48, B8, 39, 69, 3D, 76, 00, ...] .text C:\Windows\System32\rundll32.exe[3544] C:\Windows\system32\WS2_32.dll!send + 1 000007feff1b8001 11 bytes [B8, 39, A8, 3D, 76, 00, 00, ...] .text C:\Windows\System32\rundll32.exe[3544] C:\Windows\system32\WS2_32.dll!gethostbyname 000007feff1b8df0 7 bytes [48, B8, 79, 91, 3D, 76, 00] .text C:\Windows\System32\rundll32.exe[3544] C:\Windows\system32\WS2_32.dll!gethostbyname + 9 000007feff1b8df9 3 bytes [00, 50, C3] .text C:\Windows\System32\rundll32.exe[3544] C:\Windows\system32\WS2_32.dll!GetAddrInfoExW 000007feff1bc090 12 bytes [48, B8, B9, 8F, 3D, 76, 00, ...] .text C:\Windows\System32\rundll32.exe[3544] C:\Windows\system32\WS2_32.dll!socket + 1 000007feff1bde91 11 bytes [B8, 39, EE, 3D, 76, 00, 00, ...] .text C:\Windows\System32\rundll32.exe[3544] C:\Windows\system32\WS2_32.dll!recv + 1 000007feff1bdf41 11 bytes [B8, 79, F3, 3D, 76, 00, 00, ...] .text C:\Windows\System32\rundll32.exe[3544] C:\Windows\system32\WS2_32.dll!WSAConnect + 1 000007feff1de0f1 11 bytes [B8, B9, F1, 3D, 76, 00, 00, ...] .text C:\Windows\System32\hkcmd.exe[3568] C:\Windows\SYSTEM32\ntdll.dll!RtlEqualSid + 1 0000000077b68611 11 bytes [B8, F9, 04, 3E, 76, 00, 00, ...] .text C:\Windows\System32\hkcmd.exe[3568] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateProcessParametersEx + 1 0000000077b76741 7 bytes [B8, 39, 69, 3D, 76, 00, 00] .text C:\Windows\System32\hkcmd.exe[3568] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateProcessParametersEx + 10 0000000077b7674a 2 bytes [50, C3] .text C:\Windows\System32\hkcmd.exe[3568] C:\Windows\SYSTEM32\ntdll.dll!NtWriteFile 0000000077b8dc50 6 bytes [48, B8, F9, 12, 3E, 76] .text C:\Windows\System32\hkcmd.exe[3568] C:\Windows\SYSTEM32\ntdll.dll!NtWriteFile + 8 0000000077b8dc58 4 bytes [00, 00, 50, C3] .text C:\Windows\System32\hkcmd.exe[3568] C:\Windows\SYSTEM32\ntdll.dll!NtClose 0000000077b8dcc0 6 bytes [48, B8, 79, C2, 3D, 76] .text C:\Windows\System32\hkcmd.exe[3568] C:\Windows\SYSTEM32\ntdll.dll!NtClose + 8 0000000077b8dcc8 4 bytes [00, 00, 50, C3] .text C:\Windows\System32\hkcmd.exe[3568] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess 0000000077b8dd90 6 bytes [48, B8, 39, AF, 3D, 76] .text C:\Windows\System32\hkcmd.exe[3568] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess + 8 0000000077b8dd98 4 bytes [00, 00, 50, C3] .text C:\Windows\System32\hkcmd.exe[3568] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationToken 0000000077b8dde0 6 bytes [48, B8, 39, 03, 3E, 76] .text C:\Windows\System32\hkcmd.exe[3568] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationToken + 8 0000000077b8dde8 4 bytes [00, 00, 50, C3] .text C:\Windows\System32\hkcmd.exe[3568] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077b8de30 6 bytes [48, B8, F9, 32, 3D, 76] .text C:\Windows\System32\hkcmd.exe[3568] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess + 8 0000000077b8de38 4 bytes [00, 00, 50, C3] .text C:\Windows\System32\hkcmd.exe[3568] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 0000000077b8de50 6 bytes [48, B8, 39, 1C, 3D, 76] .text C:\Windows\System32\hkcmd.exe[3568] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection + 8 0000000077b8de58 4 bytes [00, 00, 50, C3] .text C:\Windows\System32\hkcmd.exe[3568] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection 0000000077b8de70 6 bytes [48, B8, F9, 1D, 3D, 76] .text C:\Windows\System32\hkcmd.exe[3568] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection + 8 0000000077b8de78 4 bytes [00, 00, 50, C3] .text C:\Windows\System32\hkcmd.exe[3568] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077b8de90 6 bytes [48, B8, 79, AD, 3D, 76] .text C:\Windows\System32\hkcmd.exe[3568] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess + 8 0000000077b8de98 4 bytes [00, 00, 50, C3] .text C:\Windows\System32\hkcmd.exe[3568] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077b8df40 6 bytes [48, B8, 39, 11, 3E, 76] .text C:\Windows\System32\hkcmd.exe[3568] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection + 8 0000000077b8df48 4 bytes [00, 00, 50, C3] .text C:\Windows\System32\hkcmd.exe[3568] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077b8df70 6 bytes [48, B8, 79, 2F, 3D, 76] .text C:\Windows\System32\hkcmd.exe[3568] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory + 8 0000000077b8df78 4 bytes [00, 00, 50, C3] .text C:\Windows\System32\hkcmd.exe[3568] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077b8df90 6 bytes [48, B8, 79, 36, 3D, 76] .text C:\Windows\System32\hkcmd.exe[3568] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject + 8 0000000077b8df98 4 bytes [00, 00, 50, C3] .text C:\Windows\System32\hkcmd.exe[3568] C:\Windows\SYSTEM32\ntdll.dll!NtAdjustPrivilegesToken 0000000077b8dfe0 6 bytes [48, B8, 79, DE, 3D, 76] .text C:\Windows\System32\hkcmd.exe[3568] C:\Windows\SYSTEM32\ntdll.dll!NtAdjustPrivilegesToken + 8 0000000077b8dfe8 4 bytes [00, 00, 50, C3] .text C:\Windows\System32\hkcmd.exe[3568] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 0000000077b8e020 6 bytes [48, B8, B9, 34, 3D, 76] .text C:\Windows\System32\hkcmd.exe[3568] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread + 8 0000000077b8e028 4 bytes [00, 00, 50, C3] .text C:\Windows\System32\hkcmd.exe[3568] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077b8e070 6 bytes [48, B8, B9, 14, 3E, 76] .text C:\Windows\System32\hkcmd.exe[3568] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection + 8 0000000077b8e078 4 bytes [00, 00, 50, C3] .text C:\Windows\System32\hkcmd.exe[3568] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcessEx 0000000077b8e0a0 6 bytes [48, B8, 39, 2A, 3D, 76] .text C:\Windows\System32\hkcmd.exe[3568] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcessEx + 8 0000000077b8e0a8 4 bytes [00, 00, 50, C3] .text C:\Windows\System32\hkcmd.exe[3568] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077b8e0b0 6 bytes [48, B8, B9, 26, 3D, 76] .text C:\Windows\System32\hkcmd.exe[3568] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread + 8 0000000077b8e0b8 4 bytes [00, 00, 50, C3] .text C:\Windows\System32\hkcmd.exe[3568] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 0000000077b8e120 6 bytes [48, B8, 39, E0, 3D, 76] .text C:\Windows\System32\hkcmd.exe[3568] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile + 8 0000000077b8e128 4 bytes [00, 00, 50, C3] .text C:\Windows\System32\hkcmd.exe[3568] C:\Windows\SYSTEM32\ntdll.dll!NtSetValueKey 0000000077b8e1d0 6 bytes [48, B8, 39, 18, 3E, 76] .text C:\Windows\System32\hkcmd.exe[3568] C:\Windows\SYSTEM32\ntdll.dll!NtSetValueKey + 8 0000000077b8e1d8 4 bytes [00, 00, 50, C3] .text C:\Windows\System32\hkcmd.exe[3568] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077b8e5a0 6 bytes [48, B8, 79, 0F, 3E, 76] .text C:\Windows\System32\hkcmd.exe[3568] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant + 8 0000000077b8e5a8 4 bytes [00, 00, 50, C3] .text C:\Windows\System32\hkcmd.exe[3568] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcess 0000000077b8e5f0 6 bytes [48, B8, 79, 28, 3D, 76] .text C:\Windows\System32\hkcmd.exe[3568] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcess + 8 0000000077b8e5f8 4 bytes [00, 00, 50, C3] .text C:\Windows\System32\hkcmd.exe[3568] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077b8e650 6 bytes [48, B8, F9, 24, 3D, 76] .text C:\Windows\System32\hkcmd.exe[3568] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx + 8 0000000077b8e658 4 bytes [00, 00, 50, C3] .text C:\Windows\System32\hkcmd.exe[3568] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077b8e9c0 6 bytes [48, B8, 39, C4, 3D, 76] .text C:\Windows\System32\hkcmd.exe[3568] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver + 8 0000000077b8e9c8 4 bytes [00, 00, 50, C3] .text C:\Windows\System32\hkcmd.exe[3568] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcessToken 0000000077b8eb90 6 bytes [48, B8, 79, 01, 3E, 76] .text C:\Windows\System32\hkcmd.exe[3568] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcessToken + 8 0000000077b8eb98 4 bytes [00, 00, 50, C3] .text C:\Windows\System32\hkcmd.exe[3568] C:\Windows\SYSTEM32\ntdll.dll!NtRaiseHardError 0000000077b8ef00 6 bytes [48, B8, 79, 83, 3D, 76] .text C:\Windows\System32\hkcmd.exe[3568] C:\Windows\SYSTEM32\ntdll.dll!NtRaiseHardError + 8 0000000077b8ef08 4 bytes [00, 00, 50, C3] .text C:\Windows\System32\hkcmd.exe[3568] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077b8f100 6 bytes [48, B8, 39, 31, 3D, 76] .text C:\Windows\System32\hkcmd.exe[3568] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread + 8 0000000077b8f108 4 bytes [00, 00, 50, C3] .text C:\Windows\System32\hkcmd.exe[3568] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077b8f2c0 6 bytes [48, B8, F9, C5, 3D, 76] .text C:\Windows\System32\hkcmd.exe[3568] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation + 8 0000000077b8f2c8 4 bytes [00, 00, 50, C3] .text C:\Windows\System32\hkcmd.exe[3568] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077b8f3a0 6 bytes [48, B8, 79, 3D, 3D, 76] .text C:\Windows\System32\hkcmd.exe[3568] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess + 8 0000000077b8f3a8 4 bytes [00, 00, 50, C3] .text C:\Windows\System32\hkcmd.exe[3568] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077b8f3b0 6 bytes [48, B8, B9, 3B, 3D, 76] .text C:\Windows\System32\hkcmd.exe[3568] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread + 8 0000000077b8f3b8 4 bytes [00, 00, 50, C3] .text C:\Windows\System32\hkcmd.exe[3568] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077b8f3c0 6 bytes [48, B8, 79, 16, 3E, 76] .text C:\Windows\System32\hkcmd.exe[3568] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl + 8 0000000077b8f3c8 4 bytes [00, 00, 50, C3] .text C:\Windows\System32\hkcmd.exe[3568] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077b8f4a0 6 bytes [48, B8, 39, 0A, 3E, 76] .text C:\Windows\System32\hkcmd.exe[3568] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl + 8 0000000077b8f4a8 4 bytes [00, 00, 50, C3] .text C:\Windows\System32\hkcmd.exe[3568] C:\Windows\SYSTEM32\ntdll.dll!RtlReportException + 1 0000000077bfea21 11 bytes [B8, 39, 85, 3D, 76, 00, 00, ...] .text C:\Windows\System32\hkcmd.exe[3568] C:\Windows\system32\kernel32.dll!Process32NextW + 1 0000000077a21b21 11 bytes [B8, B9, C0, 3D, 76, 00, 00, ...] .text C:\Windows\System32\hkcmd.exe[3568] C:\Windows\system32\kernel32.dll!CreateToolhelp32Snapshot 0000000077a21c10 12 bytes [48, B8, F9, 39, 3D, 76, 00, ...] .text C:\Windows\System32\hkcmd.exe[3568] C:\Windows\system32\kernel32.dll!MoveFileExW + 1 0000000077a22b61 8 bytes [B8, B9, D5, 3D, 76, 00, 00, ...] .text C:\Windows\System32\hkcmd.exe[3568] C:\Windows\system32\kernel32.dll!MoveFileExW + 10 0000000077a22b6a 2 bytes [50, C3] .text C:\Windows\System32\hkcmd.exe[3568] C:\Windows\system32\kernel32.dll!CreateProcessInternalW 0000000077a3dbc0 12 bytes [48, B8, B9, 2D, 3D, 76, 00, ...] .text C:\Windows\System32\hkcmd.exe[3568] C:\Windows\system32\kernel32.dll!GetStartupInfoA + 1 0000000077a40941 11 bytes [B8, 79, 08, 3E, 76, 00, 00, ...] .text C:\Windows\System32\hkcmd.exe[3568] C:\Windows\system32\kernel32.dll!ReadConsoleInputW + 1 0000000077a75331 11 bytes [B8, B9, 7A, 3D, 76, 00, 00, ...] .text C:\Windows\System32\hkcmd.exe[3568] C:\Windows\system32\kernel32.dll!ReadConsoleInputA + 1 0000000077a75351 11 bytes [B8, 39, 77, 3D, 76, 00, 00, ...] .text C:\Windows\System32\hkcmd.exe[3568] C:\Windows\system32\kernel32.dll!ReadConsoleW 0000000077a8a660 12 bytes [48, B8, B9, 81, 3D, 76, 00, ...] .text C:\Windows\System32\hkcmd.exe[3568] C:\Windows\system32\kernel32.dll!ReadConsoleA 0000000077a8a770 12 bytes [48, B8, 39, 7E, 3D, 76, 00, ...] .text C:\Windows\System32\hkcmd.exe[3568] C:\Windows\system32\kernel32.dll!MoveFileWithProgressW + 1 0000000077aaf511 11 bytes [B8, B9, DC, 3D, 76, 00, 00, ...] .text C:\Windows\System32\hkcmd.exe[3568] C:\Windows\system32\kernel32.dll!MoveFileWithProgressA + 1 0000000077aaf711 11 bytes [B8, 39, D9, 3D, 76, 00, 00, ...] .text C:\Windows\System32\hkcmd.exe[3568] C:\Windows\system32\kernel32.dll!MoveFileExA + 1 0000000077aaf741 8 bytes [B8, 39, D2, 3D, 76, 00, 00, ...] .text C:\Windows\System32\hkcmd.exe[3568] C:\Windows\system32\kernel32.dll!MoveFileExA + 10 0000000077aaf74a 2 bytes [50, C3] .text C:\Windows\System32\hkcmd.exe[3568] C:\Windows\system32\KERNELBASE.dll!CloseHandle + 1 000007fefdc51861 11 bytes [B8, 79, 52, 3D, 76, 00, 00, ...] .text C:\Windows\System32\hkcmd.exe[3568] C:\Windows\system32\KERNELBASE.dll!GetProcAddress + 1 000007fefdc530f1 11 bytes [B8, 39, B6, 3D, 76, 00, 00, ...] .text C:\Windows\System32\hkcmd.exe[3568] C:\Windows\system32\KERNELBASE.dll!FindFirstFileExW 000007fefdc55200 12 bytes [48, B8, B9, E3, 3D, 76, 00, ...] .text C:\Windows\System32\hkcmd.exe[3568] C:\Windows\system32\KERNELBASE.dll!FindNextFileW + 1 000007fefdc55b91 11 bytes [B8, 79, E5, 3D, 76, 00, 00, ...] .text C:\Windows\System32\hkcmd.exe[3568] C:\Windows\system32\KERNELBASE.dll!CreateMutexW 000007fefdc58c00 12 bytes [48, B8, B9, 50, 3D, 76, 00, ...] .text C:\Windows\System32\hkcmd.exe[3568] C:\Windows\system32\KERNELBASE.dll!CreateWellKnownSid + 1 000007fefdc59531 11 bytes [B8, B9, FF, 3D, 76, 00, 00, ...] .text C:\Windows\System32\hkcmd.exe[3568] C:\Windows\system32\KERNELBASE.dll!DeviceIoControl + 1 000007fefdc59e71 11 bytes [B8, F9, E1, 3D, 76, 00, 00, ...] .text C:\Windows\System32\hkcmd.exe[3568] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExA + 1 000007fefdc5b591 11 bytes [B8, F9, B0, 3D, 76, 00, 00, ...] .text C:\Windows\System32\hkcmd.exe[3568] C:\Windows\system32\KERNELBASE.dll!OpenMutexW + 1 000007fefdc62361 11 bytes [B8, F9, 4E, 3D, 76, 00, 00, ...] .text C:\Windows\System32\hkcmd.exe[3568] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefdc6a590 12 bytes [48, B8, B9, B2, 3D, 76, 00, ...] .text C:\Windows\System32\hkcmd.exe[3568] C:\Windows\system32\KERNELBASE.dll!FreeLibrary + 1 000007fefdc6ac01 11 bytes [B8, 79, B4, 3D, 76, 00, 00, ...] .text C:\Windows\System32\hkcmd.exe[3568] C:\Windows\system32\KERNELBASE.dll!WriteProcessMemory 000007fefdc842e0 12 bytes [48, B8, B9, 42, 3D, 76, 00, ...] .text C:\Windows\System32\hkcmd.exe[3568] C:\Windows\system32\KERNELBASE.dll!DefineDosDeviceW + 1 000007fefdc90ba1 11 bytes [B8, B9, CE, 3D, 76, 00, 00, ...] .text C:\Windows\System32\hkcmd.exe[3568] C:\Windows\system32\KERNELBASE.dll!CreateRemoteThread + 1 000007fefdc92801 8 bytes [B8, 39, 23, 3D, 76, 00, 00, ...] .text C:\Windows\System32\hkcmd.exe[3568] C:\Windows\system32\KERNELBASE.dll!CreateRemoteThread + 10 000007fefdc9280a 2 bytes [50, C3] .text C:\Windows\System32\hkcmd.exe[3568] C:\Windows\system32\KERNELBASE.dll!CreateThread + 1 000007fefdc92841 11 bytes [B8, F9, 40, 3D, 76, 00, 00, ...] .text C:\Windows\System32\hkcmd.exe[3568] C:\Windows\SYSTEM32\sechost.dll!ControlService + 1 000007feff6f642d 11 bytes [B8, 39, 5B, 3D, 76, 00, 00, ...] .text C:\Windows\System32\hkcmd.exe[3568] C:\Windows\SYSTEM32\sechost.dll!OpenServiceW 000007feff6f6484 12 bytes [48, B8, F9, 55, 3D, 76, 00, ...] .text C:\Windows\System32\hkcmd.exe[3568] C:\Windows\SYSTEM32\sechost.dll!CloseServiceHandle + 1 000007feff6f6519 11 bytes [B8, 39, 62, 3D, 76, 00, 00, ...] .text C:\Windows\System32\hkcmd.exe[3568] C:\Windows\SYSTEM32\sechost.dll!OpenServiceA 000007feff6f6c34 12 bytes [48, B8, 39, 54, 3D, 76, 00, ...] .text C:\Windows\System32\hkcmd.exe[3568] C:\Windows\SYSTEM32\sechost.dll!DeleteService + 1 000007feff6f7ab5 11 bytes [B8, F9, 5C, 3D, 76, 00, 00, ...] .text C:\Windows\System32\hkcmd.exe[3568] C:\Windows\SYSTEM32\sechost.dll!ControlServiceExA + 1 000007feff6f8b01 11 bytes [B8, B9, 57, 3D, 76, 00, 00, ...] .text C:\Windows\System32\hkcmd.exe[3568] C:\Windows\SYSTEM32\sechost.dll!ControlServiceExW + 1 000007feff6f8c39 11 bytes [B8, 79, 59, 3D, 76, 00, 00, ...] .text C:\Windows\System32\igfxpers.exe[3576] C:\Windows\SYSTEM32\ntdll.dll!RtlEqualSid + 1 0000000077b68611 11 bytes [B8, F9, 04, 3E, 76, 00, 00, ...] .text C:\Windows\System32\igfxpers.exe[3576] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateProcessParametersEx + 1 0000000077b76741 7 bytes [B8, 39, 69, 3D, 76, 00, 00] .text C:\Windows\System32\igfxpers.exe[3576] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateProcessParametersEx + 10 0000000077b7674a 2 bytes [50, C3] .text C:\Windows\System32\igfxpers.exe[3576] C:\Windows\SYSTEM32\ntdll.dll!NtWriteFile 0000000077b8dc50 6 bytes [48, B8, F9, 12, 3E, 76] .text C:\Windows\System32\igfxpers.exe[3576] C:\Windows\SYSTEM32\ntdll.dll!NtWriteFile + 8 0000000077b8dc58 4 bytes [00, 00, 50, C3] .text C:\Windows\System32\igfxpers.exe[3576] C:\Windows\SYSTEM32\ntdll.dll!NtClose 0000000077b8dcc0 6 bytes [48, B8, 79, C2, 3D, 76] .text C:\Windows\System32\igfxpers.exe[3576] C:\Windows\SYSTEM32\ntdll.dll!NtClose + 8 0000000077b8dcc8 4 bytes [00, 00, 50, C3] .text C:\Windows\System32\igfxpers.exe[3576] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess 0000000077b8dd90 6 bytes [48, B8, 39, AF, 3D, 76] .text C:\Windows\System32\igfxpers.exe[3576] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess + 8 0000000077b8dd98 4 bytes [00, 00, 50, C3] .text C:\Windows\System32\igfxpers.exe[3576] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationToken 0000000077b8dde0 6 bytes [48, B8, 39, 03, 3E, 76] .text C:\Windows\System32\igfxpers.exe[3576] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationToken + 8 0000000077b8dde8 4 bytes [00, 00, 50, C3] .text C:\Windows\System32\igfxpers.exe[3576] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077b8de30 6 bytes [48, B8, F9, 32, 3D, 76] .text C:\Windows\System32\igfxpers.exe[3576] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess + 8 0000000077b8de38 4 bytes [00, 00, 50, C3] .text C:\Windows\System32\igfxpers.exe[3576] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 0000000077b8de50 6 bytes [48, B8, 39, 1C, 3D, 76] .text C:\Windows\System32\igfxpers.exe[3576] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection + 8 0000000077b8de58 4 bytes [00, 00, 50, C3] .text C:\Windows\System32\igfxpers.exe[3576] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection 0000000077b8de70 6 bytes [48, B8, F9, 1D, 3D, 76] .text C:\Windows\System32\igfxpers.exe[3576] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection + 8 0000000077b8de78 4 bytes [00, 00, 50, C3] .text C:\Windows\System32\igfxpers.exe[3576] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077b8de90 6 bytes [48, B8, 79, AD, 3D, 76] .text C:\Windows\System32\igfxpers.exe[3576] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess + 8 0000000077b8de98 4 bytes [00, 00, 50, C3] .text C:\Windows\System32\igfxpers.exe[3576] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077b8df40 6 bytes [48, B8, 39, 11, 3E, 76] .text C:\Windows\System32\igfxpers.exe[3576] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection + 8 0000000077b8df48 4 bytes [00, 00, 50, C3] .text C:\Windows\System32\igfxpers.exe[3576] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077b8df70 6 bytes [48, B8, 79, 2F, 3D, 76] .text C:\Windows\System32\igfxpers.exe[3576] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory + 8 0000000077b8df78 4 bytes [00, 00, 50, C3] .text C:\Windows\System32\igfxpers.exe[3576] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077b8df90 6 bytes [48, B8, 79, 36, 3D, 76] .text C:\Windows\System32\igfxpers.exe[3576] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject + 8 0000000077b8df98 4 bytes [00, 00, 50, C3] .text C:\Windows\System32\igfxpers.exe[3576] C:\Windows\SYSTEM32\ntdll.dll!NtAdjustPrivilegesToken 0000000077b8dfe0 6 bytes [48, B8, 79, DE, 3D, 76] .text C:\Windows\System32\igfxpers.exe[3576] C:\Windows\SYSTEM32\ntdll.dll!NtAdjustPrivilegesToken + 8 0000000077b8dfe8 4 bytes [00, 00, 50, C3] .text C:\Windows\System32\igfxpers.exe[3576] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 0000000077b8e020 6 bytes [48, B8, B9, 34, 3D, 76] .text C:\Windows\System32\igfxpers.exe[3576] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread + 8 0000000077b8e028 4 bytes [00, 00, 50, C3] .text C:\Windows\System32\igfxpers.exe[3576] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077b8e070 6 bytes [48, B8, B9, 14, 3E, 76] .text C:\Windows\System32\igfxpers.exe[3576] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection + 8 0000000077b8e078 4 bytes [00, 00, 50, C3] .text C:\Windows\System32\igfxpers.exe[3576] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcessEx 0000000077b8e0a0 6 bytes [48, B8, 39, 2A, 3D, 76] .text C:\Windows\System32\igfxpers.exe[3576] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcessEx + 8 0000000077b8e0a8 4 bytes [00, 00, 50, C3] .text C:\Windows\System32\igfxpers.exe[3576] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077b8e0b0 6 bytes [48, B8, B9, 26, 3D, 76] .text C:\Windows\System32\igfxpers.exe[3576] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread + 8 0000000077b8e0b8 4 bytes [00, 00, 50, C3] .text C:\Windows\System32\igfxpers.exe[3576] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 0000000077b8e120 6 bytes [48, B8, 39, E0, 3D, 76] .text C:\Windows\System32\igfxpers.exe[3576] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile + 8 0000000077b8e128 4 bytes [00, 00, 50, C3] .text C:\Windows\System32\igfxpers.exe[3576] C:\Windows\SYSTEM32\ntdll.dll!NtSetValueKey 0000000077b8e1d0 6 bytes [48, B8, 39, 18, 3E, 76] .text C:\Windows\System32\igfxpers.exe[3576] C:\Windows\SYSTEM32\ntdll.dll!NtSetValueKey + 8 0000000077b8e1d8 4 bytes [00, 00, 50, C3] .text C:\Windows\System32\igfxpers.exe[3576] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077b8e5a0 6 bytes [48, B8, 79, 0F, 3E, 76] .text C:\Windows\System32\igfxpers.exe[3576] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant + 8 0000000077b8e5a8 4 bytes [00, 00, 50, C3] .text C:\Windows\System32\igfxpers.exe[3576] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcess 0000000077b8e5f0 6 bytes [48, B8, 79, 28, 3D, 76] .text C:\Windows\System32\igfxpers.exe[3576] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcess + 8 0000000077b8e5f8 4 bytes [00, 00, 50, C3] .text C:\Windows\System32\igfxpers.exe[3576] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077b8e650 6 bytes [48, B8, F9, 24, 3D, 76] .text C:\Windows\System32\igfxpers.exe[3576] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx + 8 0000000077b8e658 4 bytes [00, 00, 50, C3] .text C:\Windows\System32\igfxpers.exe[3576] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077b8e9c0 6 bytes [48, B8, 39, C4, 3D, 76] .text C:\Windows\System32\igfxpers.exe[3576] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver + 8 0000000077b8e9c8 4 bytes [00, 00, 50, C3] .text C:\Windows\System32\igfxpers.exe[3576] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcessToken 0000000077b8eb90 6 bytes [48, B8, 79, 01, 3E, 76] .text C:\Windows\System32\igfxpers.exe[3576] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcessToken + 8 0000000077b8eb98 4 bytes [00, 00, 50, C3] .text C:\Windows\System32\igfxpers.exe[3576] C:\Windows\SYSTEM32\ntdll.dll!NtRaiseHardError 0000000077b8ef00 6 bytes [48, B8, 79, 83, 3D, 76] .text C:\Windows\System32\igfxpers.exe[3576] C:\Windows\SYSTEM32\ntdll.dll!NtRaiseHardError + 8 0000000077b8ef08 4 bytes [00, 00, 50, C3] .text C:\Windows\System32\igfxpers.exe[3576] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077b8f100 6 bytes [48, B8, 39, 31, 3D, 76] .text C:\Windows\System32\igfxpers.exe[3576] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread + 8 0000000077b8f108 4 bytes [00, 00, 50, C3] .text C:\Windows\System32\igfxpers.exe[3576] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077b8f2c0 6 bytes [48, B8, F9, C5, 3D, 76] .text C:\Windows\System32\igfxpers.exe[3576] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation + 8 0000000077b8f2c8 4 bytes [00, 00, 50, C3] .text C:\Windows\System32\igfxpers.exe[3576] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077b8f3a0 6 bytes [48, B8, 79, 3D, 3D, 76] .text C:\Windows\System32\igfxpers.exe[3576] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess + 8 0000000077b8f3a8 4 bytes [00, 00, 50, C3] .text C:\Windows\System32\igfxpers.exe[3576] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077b8f3b0 6 bytes [48, B8, B9, 3B, 3D, 76] .text C:\Windows\System32\igfxpers.exe[3576] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread + 8 0000000077b8f3b8 4 bytes [00, 00, 50, C3] .text C:\Windows\System32\igfxpers.exe[3576] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077b8f3c0 6 bytes [48, B8, 79, 16, 3E, 76] .text C:\Windows\System32\igfxpers.exe[3576] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl + 8 0000000077b8f3c8 4 bytes [00, 00, 50, C3] .text C:\Windows\System32\igfxpers.exe[3576] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077b8f4a0 6 bytes [48, B8, 39, 0A, 3E, 76] .text C:\Windows\System32\igfxpers.exe[3576] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl + 8 0000000077b8f4a8 4 bytes [00, 00, 50, C3] .text C:\Windows\System32\igfxpers.exe[3576] C:\Windows\SYSTEM32\ntdll.dll!RtlReportException + 1 0000000077bfea21 11 bytes [B8, 39, 85, 3D, 76, 00, 00, ...] .text C:\Windows\System32\igfxpers.exe[3576] C:\Windows\system32\kernel32.dll!Process32NextW + 1 0000000077a21b21 11 bytes [B8, B9, C0, 3D, 76, 00, 00, ...] .text C:\Windows\System32\igfxpers.exe[3576] C:\Windows\system32\kernel32.dll!CreateToolhelp32Snapshot 0000000077a21c10 12 bytes [48, B8, F9, 39, 3D, 76, 00, ...] .text C:\Windows\System32\igfxpers.exe[3576] C:\Windows\system32\kernel32.dll!MoveFileExW + 1 0000000077a22b61 8 bytes [B8, B9, D5, 3D, 76, 00, 00, ...] .text C:\Windows\System32\igfxpers.exe[3576] C:\Windows\system32\kernel32.dll!MoveFileExW + 10 0000000077a22b6a 2 bytes [50, C3] .text C:\Windows\System32\igfxpers.exe[3576] C:\Windows\system32\kernel32.dll!CreateProcessInternalW 0000000077a3dbc0 12 bytes [48, B8, B9, 2D, 3D, 76, 00, ...] .text C:\Windows\System32\igfxpers.exe[3576] C:\Windows\system32\kernel32.dll!GetStartupInfoA + 1 0000000077a40941 11 bytes [B8, 79, 08, 3E, 76, 00, 00, ...] .text C:\Windows\System32\igfxpers.exe[3576] C:\Windows\system32\kernel32.dll!ReadConsoleInputW + 1 0000000077a75331 11 bytes [B8, B9, 7A, 3D, 76, 00, 00, ...] .text C:\Windows\System32\igfxpers.exe[3576] C:\Windows\system32\kernel32.dll!ReadConsoleInputA + 1 0000000077a75351 11 bytes [B8, 39, 77, 3D, 76, 00, 00, ...] .text C:\Windows\System32\igfxpers.exe[3576] C:\Windows\system32\kernel32.dll!ReadConsoleW 0000000077a8a660 12 bytes [48, B8, B9, 81, 3D, 76, 00, ...] .text C:\Windows\System32\igfxpers.exe[3576] C:\Windows\system32\kernel32.dll!ReadConsoleA 0000000077a8a770 12 bytes [48, B8, 39, 7E, 3D, 76, 00, ...] .text C:\Windows\System32\igfxpers.exe[3576] C:\Windows\system32\kernel32.dll!MoveFileWithProgressW + 1 0000000077aaf511 11 bytes [B8, B9, DC, 3D, 76, 00, 00, ...] .text C:\Windows\System32\igfxpers.exe[3576] C:\Windows\system32\kernel32.dll!MoveFileWithProgressA + 1 0000000077aaf711 11 bytes [B8, 39, D9, 3D, 76, 00, 00, ...] .text C:\Windows\System32\igfxpers.exe[3576] C:\Windows\system32\kernel32.dll!MoveFileExA + 1 0000000077aaf741 8 bytes [B8, 39, D2, 3D, 76, 00, 00, ...] .text C:\Windows\System32\igfxpers.exe[3576] C:\Windows\system32\kernel32.dll!MoveFileExA + 10 0000000077aaf74a 2 bytes [50, C3] .text C:\Windows\System32\igfxpers.exe[3576] C:\Windows\system32\KERNELBASE.dll!CloseHandle + 1 000007fefdc51861 11 bytes [B8, 79, 52, 3D, 76, 00, 00, ...] .text C:\Windows\System32\igfxpers.exe[3576] C:\Windows\system32\KERNELBASE.dll!GetProcAddress + 1 000007fefdc530f1 11 bytes [B8, 39, B6, 3D, 76, 00, 00, ...] .text C:\Windows\System32\igfxpers.exe[3576] C:\Windows\system32\KERNELBASE.dll!FindFirstFileExW 000007fefdc55200 12 bytes [48, B8, B9, E3, 3D, 76, 00, ...] .text C:\Windows\System32\igfxpers.exe[3576] C:\Windows\system32\KERNELBASE.dll!FindNextFileW + 1 000007fefdc55b91 11 bytes [B8, 79, E5, 3D, 76, 00, 00, ...] .text C:\Windows\System32\igfxpers.exe[3576] C:\Windows\system32\KERNELBASE.dll!CreateMutexW 000007fefdc58c00 12 bytes [48, B8, B9, 50, 3D, 76, 00, ...] .text C:\Windows\System32\igfxpers.exe[3576] C:\Windows\system32\KERNELBASE.dll!CreateWellKnownSid + 1 000007fefdc59531 11 bytes [B8, B9, FF, 3D, 76, 00, 00, ...] .text C:\Windows\System32\igfxpers.exe[3576] C:\Windows\system32\KERNELBASE.dll!DeviceIoControl + 1 000007fefdc59e71 11 bytes [B8, F9, E1, 3D, 76, 00, 00, ...] .text C:\Windows\System32\igfxpers.exe[3576] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExA + 1 000007fefdc5b591 11 bytes [B8, F9, B0, 3D, 76, 00, 00, ...] .text C:\Windows\System32\igfxpers.exe[3576] C:\Windows\system32\KERNELBASE.dll!OpenMutexW + 1 000007fefdc62361 11 bytes [B8, F9, 4E, 3D, 76, 00, 00, ...] .text C:\Windows\System32\igfxpers.exe[3576] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefdc6a590 12 bytes [48, B8, B9, B2, 3D, 76, 00, ...] .text C:\Windows\System32\igfxpers.exe[3576] C:\Windows\system32\KERNELBASE.dll!FreeLibrary + 1 000007fefdc6ac01 11 bytes [B8, 79, B4, 3D, 76, 00, 00, ...] .text C:\Windows\System32\igfxpers.exe[3576] C:\Windows\system32\KERNELBASE.dll!WriteProcessMemory 000007fefdc842e0 12 bytes [48, B8, B9, 42, 3D, 76, 00, ...] .text C:\Windows\System32\igfxpers.exe[3576] C:\Windows\system32\KERNELBASE.dll!DefineDosDeviceW + 1 000007fefdc90ba1 11 bytes [B8, B9, CE, 3D, 76, 00, 00, ...] .text C:\Windows\System32\igfxpers.exe[3576] C:\Windows\system32\KERNELBASE.dll!CreateRemoteThread + 1 000007fefdc92801 8 bytes [B8, 39, 23, 3D, 76, 00, 00, ...] .text C:\Windows\System32\igfxpers.exe[3576] C:\Windows\system32\KERNELBASE.dll!CreateRemoteThread + 10 000007fefdc9280a 2 bytes [50, C3] .text C:\Windows\System32\igfxpers.exe[3576] C:\Windows\system32\KERNELBASE.dll!CreateThread + 1 000007fefdc92841 11 bytes [B8, F9, 40, 3D, 76, 00, 00, ...] .text C:\Windows\System32\igfxpers.exe[3576] C:\Windows\system32\ADVAPI32.dll!CryptExportKey + 1 000007fefdcfaeb1 11 bytes [B8, B9, F8, 3D, 76, 00, 00, ...] .text C:\Windows\System32\igfxpers.exe[3576] C:\Windows\system32\ADVAPI32.dll!CryptAcquireContextA + 1 000007fefdcfaf11 11 bytes [B8, 39, E7, 3D, 76, 00, 00, ...] .text C:\Windows\System32\igfxpers.exe[3576] C:\Windows\system32\ADVAPI32.dll!CryptImportKey + 1 000007fefdcfe719 11 bytes [B8, F9, FD, 3D, 76, 00, 00, ...] .text C:\Windows\System32\igfxpers.exe[3576] C:\Windows\system32\ADVAPI32.dll!CryptAcquireContextW + 1 000007fefdd0051d 11 bytes [B8, F9, E8, 3D, 76, 00, 00, ...] .text C:\Windows\System32\igfxpers.exe[3576] C:\Windows\system32\ADVAPI32.dll!CryptCreateHash + 1 000007fefdd00609 11 bytes [B8, F9, F6, 3D, 76, 00, 00, ...] .text C:\Windows\System32\igfxpers.exe[3576] C:\Windows\system32\ADVAPI32.dll!CryptGetHashParam + 1 000007fefdd00641 11 bytes [B8, 79, FA, 3D, 76, 00, 00, ...] .text C:\Windows\System32\igfxpers.exe[3576] C:\Windows\system32\ADVAPI32.dll!CryptGetHashParam + 73 000007fefdd00689 5 bytes [B8, 39, FC, 3D, 76] .text ... * 2 .text C:\Windows\System32\igfxpers.exe[3576] C:\Windows\system32\ADVAPI32.dll!IsTextUnicode + 49 000007fefdd14ea1 11 bytes [B8, F9, 19, 3E, 76, 00, 00, ...] .text C:\Windows\System32\igfxpers.exe[3576] C:\Windows\system32\ADVAPI32.dll!CreateServiceW 000007fefdd155c8 12 bytes [48, B8, B9, 6C, 3D, 76, 00, ...] .text C:\Windows\System32\igfxpers.exe[3576] C:\Windows\system32\ADVAPI32.dll!CryptEncrypt + 1 000007fefdd2b7d1 7 bytes [B8, 79, EC, 3D, 76, 00, 00] .text C:\Windows\System32\igfxpers.exe[3576] C:\Windows\system32\ADVAPI32.dll!CryptEncrypt + 10 000007fefdd2b7da 2 bytes [50, C3] .text C:\Windows\System32\igfxpers.exe[3576] C:\Windows\system32\ADVAPI32.dll!CreateServiceA 000007fefdd2b85c 12 bytes [48, B8, F9, 6A, 3D, 76, 00, ...] .text C:\Windows\System32\igfxpers.exe[3576] C:\Windows\system32\ADVAPI32.dll!ChangeServiceConfigW 000007fefdd2b9d0 12 bytes [48, B8, 79, 60, 3D, 76, 00, ...] .text C:\Windows\System32\igfxpers.exe[3576] C:\Windows\system32\ADVAPI32.dll!ChangeServiceConfigA 000007fefdd2ba3c 12 bytes [48, B8, B9, 5E, 3D, 76, 00, ...] .text C:\Windows\System32\igfxpers.exe[3576] C:\Windows\SYSTEM32\sechost.dll!ControlService + 1 000007feff6f642d 11 bytes [B8, 39, 5B, 3D, 76, 00, 00, ...] .text C:\Windows\System32\igfxpers.exe[3576] C:\Windows\SYSTEM32\sechost.dll!OpenServiceW 000007feff6f6484 12 bytes [48, B8, F9, 55, 3D, 76, 00, ...] .text C:\Windows\System32\igfxpers.exe[3576] C:\Windows\SYSTEM32\sechost.dll!CloseServiceHandle + 1 000007feff6f6519 11 bytes [B8, 39, 62, 3D, 76, 00, 00, ...] .text C:\Windows\System32\igfxpers.exe[3576] C:\Windows\SYSTEM32\sechost.dll!OpenServiceA 000007feff6f6c34 12 bytes [48, B8, 39, 54, 3D, 76, 00, ...] .text C:\Windows\System32\igfxpers.exe[3576] C:\Windows\SYSTEM32\sechost.dll!DeleteService + 1 000007feff6f7ab5 11 bytes [B8, F9, 5C, 3D, 76, 00, 00, ...] .text C:\Windows\System32\igfxpers.exe[3576] C:\Windows\SYSTEM32\sechost.dll!ControlServiceExA + 1 000007feff6f8b01 11 bytes [B8, B9, 57, 3D, 76, 00, 00, ...] .text C:\Windows\System32\igfxpers.exe[3576] C:\Windows\SYSTEM32\sechost.dll!ControlServiceExW + 1 000007feff6f8c39 11 bytes [B8, 79, 59, 3D, 76, 00, 00, ...] .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[3584] C:\Windows\SYSTEM32\ntdll.dll!RtlEqualSid + 1 0000000077b68611 11 bytes [B8, F9, 20, 3E, 76, 00, 00, ...] .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[3584] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateProcessParametersEx + 1 0000000077b76741 7 bytes [B8, 39, 69, 3D, 76, 00, 00] .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[3584] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateProcessParametersEx + 10 0000000077b7674a 2 bytes [50, C3] .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[3584] C:\Windows\SYSTEM32\ntdll.dll!NtWriteFile 0000000077b8dc50 6 bytes [48, B8, F9, 2E, 3E, 76] .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[3584] C:\Windows\SYSTEM32\ntdll.dll!NtWriteFile + 8 0000000077b8dc58 4 bytes [00, 00, 50, C3] .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[3584] C:\Windows\SYSTEM32\ntdll.dll!NtClose 0000000077b8dcc0 6 bytes [48, B8, 79, DE, 3D, 76] .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[3584] C:\Windows\SYSTEM32\ntdll.dll!NtClose + 8 0000000077b8dcc8 4 bytes [00, 00, 50, C3] .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[3584] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess 0000000077b8dd90 6 bytes [48, B8, 39, CB, 3D, 76] .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[3584] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess + 8 0000000077b8dd98 4 bytes [00, 00, 50, C3] .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[3584] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationToken 0000000077b8dde0 6 bytes [48, B8, 39, 1F, 3E, 76] .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[3584] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationToken + 8 0000000077b8dde8 4 bytes [00, 00, 50, C3] .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[3584] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077b8de30 6 bytes [48, B8, F9, 32, 3D, 76] .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[3584] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess + 8 0000000077b8de38 4 bytes [00, 00, 50, C3] .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[3584] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 0000000077b8de50 6 bytes [48, B8, 39, 1C, 3D, 76] .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[3584] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection + 8 0000000077b8de58 4 bytes [00, 00, 50, C3] .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[3584] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection 0000000077b8de70 6 bytes [48, B8, F9, 1D, 3D, 76] .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[3584] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection + 8 0000000077b8de78 4 bytes [00, 00, 50, C3] .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[3584] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077b8de90 6 bytes [48, B8, 79, C9, 3D, 76] .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[3584] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess + 8 0000000077b8de98 4 bytes [00, 00, 50, C3] .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[3584] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077b8df40 6 bytes [48, B8, 39, 2D, 3E, 76] .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[3584] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection + 8 0000000077b8df48 4 bytes [00, 00, 50, C3] .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[3584] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077b8df70 6 bytes [48, B8, 79, 2F, 3D, 76] .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[3584] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory + 8 0000000077b8df78 4 bytes [00, 00, 50, C3] .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[3584] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077b8df90 6 bytes [48, B8, 79, 36, 3D, 76] .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[3584] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject + 8 0000000077b8df98 4 bytes [00, 00, 50, C3] .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[3584] C:\Windows\SYSTEM32\ntdll.dll!NtAdjustPrivilegesToken 0000000077b8dfe0 6 bytes [48, B8, 79, FA, 3D, 76] .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[3584] C:\Windows\SYSTEM32\ntdll.dll!NtAdjustPrivilegesToken + 8 0000000077b8dfe8 4 bytes [00, 00, 50, C3] .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[3584] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 0000000077b8e020 6 bytes [48, B8, B9, 34, 3D, 76] .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[3584] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread + 8 0000000077b8e028 4 bytes [00, 00, 50, C3] .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[3584] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077b8e070 6 bytes [48, B8, B9, 30, 3E, 76] .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[3584] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection + 8 0000000077b8e078 4 bytes [00, 00, 50, C3] .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[3584] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcessEx 0000000077b8e0a0 6 bytes [48, B8, 39, 2A, 3D, 76] .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[3584] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcessEx + 8 0000000077b8e0a8 4 bytes [00, 00, 50, C3] .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[3584] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077b8e0b0 6 bytes [48, B8, B9, 26, 3D, 76] .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[3584] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread + 8 0000000077b8e0b8 4 bytes [00, 00, 50, C3] .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[3584] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 0000000077b8e120 6 bytes [48, B8, 39, FC, 3D, 76] .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[3584] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile + 8 0000000077b8e128 4 bytes [00, 00, 50, C3] .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[3584] C:\Windows\SYSTEM32\ntdll.dll!NtSetValueKey 0000000077b8e1d0 6 bytes [48, B8, 39, 34, 3E, 76] .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[3584] C:\Windows\SYSTEM32\ntdll.dll!NtSetValueKey + 8 0000000077b8e1d8 4 bytes [00, 00, 50, C3] .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[3584] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077b8e5a0 6 bytes [48, B8, 79, 2B, 3E, 76] .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[3584] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant + 8 0000000077b8e5a8 4 bytes [00, 00, 50, C3] .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[3584] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcess 0000000077b8e5f0 6 bytes [48, B8, 79, 28, 3D, 76] .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[3584] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcess + 8 0000000077b8e5f8 4 bytes [00, 00, 50, C3] .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[3584] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077b8e650 6 bytes [48, B8, F9, 24, 3D, 76] .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[3584] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx + 8 0000000077b8e658 4 bytes [00, 00, 50, C3] .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[3584] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077b8e9c0 6 bytes [48, B8, 39, E0, 3D, 76] .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[3584] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver + 8 0000000077b8e9c8 4 bytes [00, 00, 50, C3] .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[3584] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcessToken 0000000077b8eb90 6 bytes [48, B8, 79, 1D, 3E, 76] .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[3584] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcessToken + 8 0000000077b8eb98 4 bytes [00, 00, 50, C3] .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[3584] C:\Windows\SYSTEM32\ntdll.dll!NtRaiseHardError 0000000077b8ef00 6 bytes [48, B8, 79, 83, 3D, 76] .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[3584] C:\Windows\SYSTEM32\ntdll.dll!NtRaiseHardError + 8 0000000077b8ef08 4 bytes [00, 00, 50, C3] .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[3584] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077b8f100 6 bytes [48, B8, 39, 31, 3D, 76] .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[3584] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread + 8 0000000077b8f108 4 bytes [00, 00, 50, C3] .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[3584] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077b8f2c0 6 bytes [48, B8, F9, E1, 3D, 76] .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[3584] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation + 8 0000000077b8f2c8 4 bytes [00, 00, 50, C3] .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[3584] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077b8f3a0 6 bytes [48, B8, 79, 3D, 3D, 76] .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[3584] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess + 8 0000000077b8f3a8 4 bytes [00, 00, 50, C3] .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[3584] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077b8f3b0 6 bytes [48, B8, B9, 3B, 3D, 76] .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[3584] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread + 8 0000000077b8f3b8 4 bytes [00, 00, 50, C3] .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[3584] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077b8f3c0 6 bytes [48, B8, 79, 32, 3E, 76] .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[3584] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl + 8 0000000077b8f3c8 4 bytes [00, 00, 50, C3] .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[3584] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077b8f4a0 6 bytes [48, B8, 39, 26, 3E, 76] .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[3584] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl + 8 0000000077b8f4a8 4 bytes [00, 00, 50, C3] .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[3584] C:\Windows\SYSTEM32\ntdll.dll!RtlReportException + 1 0000000077bfea21 11 bytes [B8, 39, 85, 3D, 76, 00, 00, ...] .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[3584] C:\Windows\system32\kernel32.dll!Process32NextW + 1 0000000077a21b21 11 bytes [B8, B9, DC, 3D, 76, 00, 00, ...] .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[3584] C:\Windows\system32\kernel32.dll!CreateToolhelp32Snapshot 0000000077a21c10 12 bytes [48, B8, F9, 39, 3D, 76, 00, ...] .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[3584] C:\Windows\system32\kernel32.dll!MoveFileExW + 1 0000000077a22b61 8 bytes [B8, B9, F1, 3D, 76, 00, 00, ...] .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[3584] C:\Windows\system32\kernel32.dll!MoveFileExW + 10 0000000077a22b6a 2 bytes [50, C3] .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[3584] C:\Windows\system32\kernel32.dll!CreateProcessInternalW 0000000077a3dbc0 12 bytes [48, B8, B9, 2D, 3D, 76, 00, ...] .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[3584] C:\Windows\system32\kernel32.dll!GetStartupInfoA + 1 0000000077a40941 2 bytes [B8, 79] .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[3584] C:\Windows\system32\kernel32.dll!GetStartupInfoA + 4 0000000077a40944 8 bytes [3E, 76, 00, 00, 00, 00, 50, ...] .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[3584] C:\Windows\system32\kernel32.dll!ReadConsoleInputW + 1 0000000077a75331 11 bytes [B8, B9, 7A, 3D, 76, 00, 00, ...] .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[3584] C:\Windows\system32\kernel32.dll!ReadConsoleInputA + 1 0000000077a75351 11 bytes [B8, 39, 77, 3D, 76, 00, 00, ...] .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[3584] C:\Windows\system32\kernel32.dll!ReadConsoleW 0000000077a8a660 12 bytes [48, B8, B9, 81, 3D, 76, 00, ...] .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[3584] C:\Windows\system32\kernel32.dll!ReadConsoleA 0000000077a8a770 12 bytes [48, B8, 39, 7E, 3D, 76, 00, ...] .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[3584] C:\Windows\system32\kernel32.dll!MoveFileWithProgressW + 1 0000000077aaf511 11 bytes [B8, B9, F8, 3D, 76, 00, 00, ...] .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[3584] C:\Windows\system32\kernel32.dll!MoveFileWithProgressA + 1 0000000077aaf711 11 bytes [B8, 39, F5, 3D, 76, 00, 00, ...] .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[3584] C:\Windows\system32\kernel32.dll!MoveFileExA + 1 0000000077aaf741 8 bytes [B8, 39, EE, 3D, 76, 00, 00, ...] .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[3584] C:\Windows\system32\kernel32.dll!MoveFileExA + 10 0000000077aaf74a 2 bytes [50, C3] .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[3584] C:\Windows\system32\KERNELBASE.dll!CloseHandle + 1 000007fefdc51861 11 bytes [B8, 79, 52, 3D, 76, 00, 00, ...] .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[3584] C:\Windows\system32\KERNELBASE.dll!GetProcAddress + 1 000007fefdc530f1 11 bytes [B8, 39, D2, 3D, 76, 00, 00, ...] .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[3584] C:\Windows\system32\KERNELBASE.dll!FindFirstFileExW 000007fefdc55200 12 bytes [48, B8, B9, FF, 3D, 76, 00, ...] .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[3584] C:\Windows\system32\KERNELBASE.dll!FindNextFileW + 1 000007fefdc55b91 11 bytes [B8, 79, 01, 3E, 76, 00, 00, ...] .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[3584] C:\Windows\system32\KERNELBASE.dll!CreateMutexW 000007fefdc58c00 12 bytes [48, B8, B9, 50, 3D, 76, 00, ...] .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[3584] C:\Windows\system32\KERNELBASE.dll!CreateWellKnownSid + 1 000007fefdc59531 11 bytes [B8, B9, 1B, 3E, 76, 00, 00, ...] .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[3584] C:\Windows\system32\KERNELBASE.dll!DeviceIoControl + 1 000007fefdc59e71 11 bytes [B8, F9, FD, 3D, 76, 00, 00, ...] .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[3584] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExA + 1 000007fefdc5b591 11 bytes [B8, F9, CC, 3D, 76, 00, 00, ...] .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[3584] C:\Windows\system32\KERNELBASE.dll!OpenMutexW + 1 000007fefdc62361 11 bytes [B8, F9, 4E, 3D, 76, 00, 00, ...] .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[3584] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefdc6a590 12 bytes [48, B8, B9, CE, 3D, 76, 00, ...] .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[3584] C:\Windows\system32\KERNELBASE.dll!FreeLibrary + 1 000007fefdc6ac01 11 bytes [B8, 79, D0, 3D, 76, 00, 00, ...] .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[3584] C:\Windows\system32\KERNELBASE.dll!WriteProcessMemory 000007fefdc842e0 12 bytes [48, B8, B9, 42, 3D, 76, 00, ...] .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[3584] C:\Windows\system32\KERNELBASE.dll!DefineDosDeviceW + 1 000007fefdc90ba1 11 bytes [B8, B9, EA, 3D, 76, 00, 00, ...] .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[3584] C:\Windows\system32\KERNELBASE.dll!CreateRemoteThread + 1 000007fefdc92801 8 bytes [B8, 39, 23, 3D, 76, 00, 00, ...] .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[3584] C:\Windows\system32\KERNELBASE.dll!CreateRemoteThread + 10 000007fefdc9280a 2 bytes [50, C3] .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[3584] C:\Windows\system32\KERNELBASE.dll!CreateThread + 1 000007fefdc92841 11 bytes [B8, F9, 40, 3D, 76, 00, 00, ...] .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[3584] C:\Windows\system32\ADVAPI32.dll!CryptExportKey + 1 000007fefdcfaeb1 11 bytes [B8, B9, 14, 3E, 76, 00, 00, ...] .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[3584] C:\Windows\system32\ADVAPI32.dll!CryptAcquireContextA + 1 000007fefdcfaf11 11 bytes [B8, 39, 03, 3E, 76, 00, 00, ...] .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[3584] C:\Windows\system32\ADVAPI32.dll!CryptImportKey + 1 000007fefdcfe719 11 bytes [B8, F9, 19, 3E, 76, 00, 00, ...] .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[3584] C:\Windows\system32\ADVAPI32.dll!CryptAcquireContextW + 1 000007fefdd0051d 11 bytes [B8, F9, 04, 3E, 76, 00, 00, ...] .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[3584] C:\Windows\system32\ADVAPI32.dll!CryptCreateHash + 1 000007fefdd00609 11 bytes [B8, F9, 12, 3E, 76, 00, 00, ...] .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[3584] C:\Windows\system32\ADVAPI32.dll!CryptGetHashParam + 1 000007fefdd00641 11 bytes [B8, 79, 16, 3E, 76, 00, 00, ...] .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[3584] C:\Windows\system32\ADVAPI32.dll!CryptGetHashParam + 73 000007fefdd00689 5 bytes [B8, 39, 18, 3E, 76] .text ... * 2 .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[3584] C:\Windows\system32\ADVAPI32.dll!IsTextUnicode + 49 000007fefdd14ea1 11 bytes [B8, B9, 37, 3E, 76, 00, 00, ...] .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[3584] C:\Windows\system32\ADVAPI32.dll!CreateServiceW 000007fefdd155c8 12 bytes [48, B8, B9, 6C, 3D, 76, 00, ...] .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[3584] C:\Windows\system32\ADVAPI32.dll!CryptEncrypt + 1 000007fefdd2b7d1 7 bytes [B8, 79, 08, 3E, 76, 00, 00] .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[3584] C:\Windows\system32\ADVAPI32.dll!CryptEncrypt + 10 000007fefdd2b7da 2 bytes [50, C3] .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[3584] C:\Windows\system32\ADVAPI32.dll!CreateServiceA 000007fefdd2b85c 12 bytes [48, B8, F9, 6A, 3D, 76, 00, ...] .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[3584] C:\Windows\system32\ADVAPI32.dll!ChangeServiceConfigW 000007fefdd2b9d0 12 bytes [48, B8, 79, 60, 3D, 76, 00, ...] .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[3584] C:\Windows\system32\ADVAPI32.dll!ChangeServiceConfigA 000007fefdd2ba3c 12 bytes [48, B8, B9, 5E, 3D, 76, 00, ...] .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[3584] C:\Windows\SYSTEM32\sechost.dll!ControlService + 1 000007feff6f642d 11 bytes [B8, 39, 5B, 3D, 76, 00, 00, ...] .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[3584] C:\Windows\SYSTEM32\sechost.dll!OpenServiceW 000007feff6f6484 12 bytes [48, B8, F9, 55, 3D, 76, 00, ...] .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[3584] C:\Windows\SYSTEM32\sechost.dll!CloseServiceHandle + 1 000007feff6f6519 11 bytes [B8, 39, 62, 3D, 76, 00, 00, ...] .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[3584] C:\Windows\SYSTEM32\sechost.dll!OpenServiceA 000007feff6f6c34 12 bytes [48, B8, 39, 54, 3D, 76, 00, ...] .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[3584] C:\Windows\SYSTEM32\sechost.dll!DeleteService + 1 000007feff6f7ab5 11 bytes [B8, F9, 5C, 3D, 76, 00, 00, ...] .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[3584] C:\Windows\SYSTEM32\sechost.dll!ControlServiceExA + 1 000007feff6f8b01 11 bytes [B8, B9, 57, 3D, 76, 00, 00, ...] .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[3584] C:\Windows\SYSTEM32\sechost.dll!ControlServiceExW + 1 000007feff6f8c39 11 bytes [B8, 79, 59, 3D, 76, 00, 00, ...] .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[3608] C:\Windows\SYSTEM32\ntdll.dll!RtlEqualSid + 1 0000000077b68611 11 bytes [B8, F9, 20, 3E, 76, 00, 00, ...] .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[3608] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateProcessParametersEx + 1 0000000077b76741 7 bytes [B8, 39, 69, 3D, 76, 00, 00] .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[3608] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateProcessParametersEx + 10 0000000077b7674a 2 bytes [50, C3] .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[3608] C:\Windows\SYSTEM32\ntdll.dll!NtWriteFile 0000000077b8dc50 6 bytes [48, B8, F9, 2E, 3E, 76] .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[3608] C:\Windows\SYSTEM32\ntdll.dll!NtWriteFile + 8 0000000077b8dc58 4 bytes [00, 00, 50, C3] .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[3608] C:\Windows\SYSTEM32\ntdll.dll!NtClose 0000000077b8dcc0 6 bytes [48, B8, 79, DE, 3D, 76] .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[3608] C:\Windows\SYSTEM32\ntdll.dll!NtClose + 8 0000000077b8dcc8 4 bytes [00, 00, 50, C3] .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[3608] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess 0000000077b8dd90 6 bytes [48, B8, 39, CB, 3D, 76] .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[3608] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess + 8 0000000077b8dd98 4 bytes [00, 00, 50, C3] .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[3608] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationToken 0000000077b8dde0 6 bytes [48, B8, 39, 1F, 3E, 76] .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[3608] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationToken + 8 0000000077b8dde8 4 bytes [00, 00, 50, C3] .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[3608] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077b8de30 6 bytes [48, B8, F9, 32, 3D, 76] .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[3608] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess + 8 0000000077b8de38 4 bytes [00, 00, 50, C3] .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[3608] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 0000000077b8de50 6 bytes [48, B8, 39, 1C, 3D, 76] .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[3608] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection + 8 0000000077b8de58 4 bytes [00, 00, 50, C3] .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[3608] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection 0000000077b8de70 6 bytes [48, B8, F9, 1D, 3D, 76] .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[3608] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection + 8 0000000077b8de78 4 bytes [00, 00, 50, C3] .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[3608] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077b8de90 6 bytes [48, B8, 79, C9, 3D, 76] .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[3608] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess + 8 0000000077b8de98 4 bytes [00, 00, 50, C3] .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[3608] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077b8df40 6 bytes [48, B8, 39, 2D, 3E, 76] .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[3608] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection + 8 0000000077b8df48 4 bytes [00, 00, 50, C3] .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[3608] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077b8df70 6 bytes [48, B8, 79, 2F, 3D, 76] .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[3608] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory + 8 0000000077b8df78 4 bytes [00, 00, 50, C3] .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[3608] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077b8df90 6 bytes [48, B8, 79, 36, 3D, 76] .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[3608] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject + 8 0000000077b8df98 4 bytes [00, 00, 50, C3] .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[3608] C:\Windows\SYSTEM32\ntdll.dll!NtAdjustPrivilegesToken 0000000077b8dfe0 6 bytes [48, B8, 79, FA, 3D, 76] .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[3608] C:\Windows\SYSTEM32\ntdll.dll!NtAdjustPrivilegesToken + 8 0000000077b8dfe8 4 bytes [00, 00, 50, C3] .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[3608] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 0000000077b8e020 6 bytes [48, B8, B9, 34, 3D, 76] .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[3608] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread + 8 0000000077b8e028 4 bytes [00, 00, 50, C3] .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[3608] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077b8e070 6 bytes [48, B8, B9, 30, 3E, 76] .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[3608] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection + 8 0000000077b8e078 4 bytes [00, 00, 50, C3] .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[3608] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcessEx 0000000077b8e0a0 6 bytes [48, B8, 39, 2A, 3D, 76] .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[3608] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcessEx + 8 0000000077b8e0a8 4 bytes [00, 00, 50, C3] .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[3608] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077b8e0b0 6 bytes [48, B8, B9, 26, 3D, 76] .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[3608] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread + 8 0000000077b8e0b8 4 bytes [00, 00, 50, C3] .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[3608] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 0000000077b8e120 6 bytes [48, B8, 39, FC, 3D, 76] .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[3608] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile + 8 0000000077b8e128 4 bytes [00, 00, 50, C3] .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[3608] C:\Windows\SYSTEM32\ntdll.dll!NtSetValueKey 0000000077b8e1d0 6 bytes [48, B8, 39, 34, 3E, 76] .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[3608] C:\Windows\SYSTEM32\ntdll.dll!NtSetValueKey + 8 0000000077b8e1d8 4 bytes [00, 00, 50, C3] .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[3608] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077b8e5a0 6 bytes [48, B8, 79, 2B, 3E, 76] .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[3608] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant + 8 0000000077b8e5a8 4 bytes [00, 00, 50, C3] .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[3608] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcess 0000000077b8e5f0 6 bytes [48, B8, 79, 28, 3D, 76] .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[3608] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcess + 8 0000000077b8e5f8 4 bytes [00, 00, 50, C3] .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[3608] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077b8e650 6 bytes [48, B8, F9, 24, 3D, 76] .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[3608] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx + 8 0000000077b8e658 4 bytes [00, 00, 50, C3] .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[3608] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077b8e9c0 6 bytes [48, B8, 39, E0, 3D, 76] .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[3608] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver + 8 0000000077b8e9c8 4 bytes [00, 00, 50, C3] .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[3608] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcessToken 0000000077b8eb90 6 bytes [48, B8, 79, 1D, 3E, 76] .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[3608] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcessToken + 8 0000000077b8eb98 4 bytes [00, 00, 50, C3] .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[3608] C:\Windows\SYSTEM32\ntdll.dll!NtRaiseHardError 0000000077b8ef00 6 bytes [48, B8, 79, 83, 3D, 76] .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[3608] C:\Windows\SYSTEM32\ntdll.dll!NtRaiseHardError + 8 0000000077b8ef08 4 bytes [00, 00, 50, C3] .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[3608] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077b8f100 6 bytes [48, B8, 39, 31, 3D, 76] .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[3608] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread + 8 0000000077b8f108 4 bytes [00, 00, 50, C3] .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[3608] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077b8f2c0 6 bytes [48, B8, F9, E1, 3D, 76] .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[3608] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation + 8 0000000077b8f2c8 4 bytes [00, 00, 50, C3] .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[3608] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077b8f3a0 6 bytes [48, B8, 79, 3D, 3D, 76] .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[3608] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess + 8 0000000077b8f3a8 4 bytes [00, 00, 50, C3] .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[3608] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077b8f3b0 6 bytes [48, B8, B9, 3B, 3D, 76] .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[3608] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread + 8 0000000077b8f3b8 4 bytes [00, 00, 50, C3] .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[3608] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077b8f3c0 6 bytes [48, B8, 79, 32, 3E, 76] .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[3608] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl + 8 0000000077b8f3c8 4 bytes [00, 00, 50, C3] .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[3608] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077b8f4a0 6 bytes [48, B8, 39, 26, 3E, 76] .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[3608] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl + 8 0000000077b8f4a8 4 bytes [00, 00, 50, C3] .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[3608] C:\Windows\SYSTEM32\ntdll.dll!RtlReportException + 1 0000000077bfea21 11 bytes [B8, 39, 85, 3D, 76, 00, 00, ...] .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[3608] C:\Windows\system32\kernel32.dll!Process32NextW + 1 0000000077a21b21 11 bytes [B8, B9, DC, 3D, 76, 00, 00, ...] .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[3608] C:\Windows\system32\kernel32.dll!CreateToolhelp32Snapshot 0000000077a21c10 12 bytes [48, B8, F9, 39, 3D, 76, 00, ...] .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[3608] C:\Windows\system32\kernel32.dll!MoveFileExW + 1 0000000077a22b61 8 bytes [B8, B9, F1, 3D, 76, 00, 00, ...] .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[3608] C:\Windows\system32\kernel32.dll!MoveFileExW + 10 0000000077a22b6a 2 bytes [50, C3] .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[3608] C:\Windows\system32\kernel32.dll!CreateProcessInternalW 0000000077a3dbc0 12 bytes [48, B8, B9, 2D, 3D, 76, 00, ...] .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[3608] C:\Windows\system32\kernel32.dll!GetStartupInfoA + 1 0000000077a40941 2 bytes [B8, 79] .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[3608] C:\Windows\system32\kernel32.dll!GetStartupInfoA + 4 0000000077a40944 8 bytes [3E, 76, 00, 00, 00, 00, 50, ...] .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[3608] C:\Windows\system32\kernel32.dll!ReadConsoleInputW + 1 0000000077a75331 11 bytes [B8, B9, 7A, 3D, 76, 00, 00, ...] .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[3608] C:\Windows\system32\kernel32.dll!ReadConsoleInputA + 1 0000000077a75351 11 bytes [B8, 39, 77, 3D, 76, 00, 00, ...] .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[3608] C:\Windows\system32\kernel32.dll!ReadConsoleW 0000000077a8a660 12 bytes [48, B8, B9, 81, 3D, 76, 00, ...] .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[3608] C:\Windows\system32\kernel32.dll!ReadConsoleA 0000000077a8a770 12 bytes [48, B8, 39, 7E, 3D, 76, 00, ...] .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[3608] C:\Windows\system32\kernel32.dll!MoveFileWithProgressW + 1 0000000077aaf511 11 bytes [B8, B9, F8, 3D, 76, 00, 00, ...] .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[3608] C:\Windows\system32\kernel32.dll!MoveFileWithProgressA + 1 0000000077aaf711 11 bytes [B8, 39, F5, 3D, 76, 00, 00, ...] .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[3608] C:\Windows\system32\kernel32.dll!MoveFileExA + 1 0000000077aaf741 8 bytes [B8, 39, EE, 3D, 76, 00, 00, ...] .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[3608] C:\Windows\system32\kernel32.dll!MoveFileExA + 10 0000000077aaf74a 2 bytes [50, C3] .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[3608] C:\Windows\system32\KERNELBASE.dll!CloseHandle + 1 000007fefdc51861 11 bytes [B8, 79, 52, 3D, 76, 00, 00, ...] .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[3608] C:\Windows\system32\KERNELBASE.dll!GetProcAddress + 1 000007fefdc530f1 11 bytes [B8, 39, D2, 3D, 76, 00, 00, ...] .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[3608] C:\Windows\system32\KERNELBASE.dll!FindFirstFileExW 000007fefdc55200 12 bytes [48, B8, B9, FF, 3D, 76, 00, ...] .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[3608] C:\Windows\system32\KERNELBASE.dll!FindNextFileW + 1 000007fefdc55b91 11 bytes [B8, 79, 01, 3E, 76, 00, 00, ...] .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[3608] C:\Windows\system32\KERNELBASE.dll!CreateMutexW 000007fefdc58c00 12 bytes [48, B8, B9, 50, 3D, 76, 00, ...] .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[3608] C:\Windows\system32\KERNELBASE.dll!CreateWellKnownSid + 1 000007fefdc59531 11 bytes [B8, B9, 1B, 3E, 76, 00, 00, ...] .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[3608] C:\Windows\system32\KERNELBASE.dll!DeviceIoControl + 1 000007fefdc59e71 11 bytes [B8, F9, FD, 3D, 76, 00, 00, ...] .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[3608] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExA + 1 000007fefdc5b591 11 bytes [B8, F9, CC, 3D, 76, 00, 00, ...] .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[3608] C:\Windows\system32\KERNELBASE.dll!OpenMutexW + 1 000007fefdc62361 11 bytes [B8, F9, 4E, 3D, 76, 00, 00, ...] .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[3608] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefdc6a590 12 bytes [48, B8, B9, CE, 3D, 76, 00, ...] .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[3608] C:\Windows\system32\KERNELBASE.dll!FreeLibrary + 1 000007fefdc6ac01 11 bytes [B8, 79, D0, 3D, 76, 00, 00, ...] .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[3608] C:\Windows\system32\KERNELBASE.dll!WriteProcessMemory 000007fefdc842e0 12 bytes [48, B8, B9, 42, 3D, 76, 00, ...] .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[3608] C:\Windows\system32\KERNELBASE.dll!DefineDosDeviceW + 1 000007fefdc90ba1 11 bytes [B8, B9, EA, 3D, 76, 00, 00, ...] .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[3608] C:\Windows\system32\KERNELBASE.dll!CreateRemoteThread + 1 000007fefdc92801 8 bytes [B8, 39, 23, 3D, 76, 00, 00, ...] .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[3608] C:\Windows\system32\KERNELBASE.dll!CreateRemoteThread + 10 000007fefdc9280a 2 bytes [50, C3] .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[3608] C:\Windows\system32\KERNELBASE.dll!CreateThread + 1 000007fefdc92841 11 bytes [B8, F9, 40, 3D, 76, 00, 00, ...] .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[3608] C:\Windows\system32\ADVAPI32.dll!CryptExportKey + 1 000007fefdcfaeb1 11 bytes [B8, B9, 14, 3E, 76, 00, 00, ...] .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[3608] C:\Windows\system32\ADVAPI32.dll!CryptAcquireContextA + 1 000007fefdcfaf11 11 bytes [B8, 39, 03, 3E, 76, 00, 00, ...] .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[3608] C:\Windows\system32\ADVAPI32.dll!CryptImportKey + 1 000007fefdcfe719 11 bytes [B8, F9, 19, 3E, 76, 00, 00, ...] .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[3608] C:\Windows\system32\ADVAPI32.dll!CryptAcquireContextW + 1 000007fefdd0051d 11 bytes [B8, F9, 04, 3E, 76, 00, 00, ...] .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[3608] C:\Windows\system32\ADVAPI32.dll!CryptCreateHash + 1 000007fefdd00609 11 bytes [B8, F9, 12, 3E, 76, 00, 00, ...] .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[3608] C:\Windows\system32\ADVAPI32.dll!CryptGetHashParam + 1 000007fefdd00641 11 bytes [B8, 79, 16, 3E, 76, 00, 00, ...] .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[3608] C:\Windows\system32\ADVAPI32.dll!CryptGetHashParam + 73 000007fefdd00689 5 bytes [B8, 39, 18, 3E, 76] .text ... * 2 .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[3608] C:\Windows\system32\ADVAPI32.dll!IsTextUnicode + 49 000007fefdd14ea1 11 bytes [B8, B9, 37, 3E, 76, 00, 00, ...] .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[3608] C:\Windows\system32\ADVAPI32.dll!CreateServiceW 000007fefdd155c8 12 bytes [48, B8, B9, 6C, 3D, 76, 00, ...] .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[3608] C:\Windows\system32\ADVAPI32.dll!CryptEncrypt + 1 000007fefdd2b7d1 7 bytes [B8, 79, 08, 3E, 76, 00, 00] .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[3608] C:\Windows\system32\ADVAPI32.dll!CryptEncrypt + 10 000007fefdd2b7da 2 bytes [50, C3] .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[3608] C:\Windows\system32\ADVAPI32.dll!CreateServiceA 000007fefdd2b85c 12 bytes [48, B8, F9, 6A, 3D, 76, 00, ...] .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[3608] C:\Windows\system32\ADVAPI32.dll!ChangeServiceConfigW 000007fefdd2b9d0 12 bytes [48, B8, 79, 60, 3D, 76, 00, ...] .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[3608] C:\Windows\system32\ADVAPI32.dll!ChangeServiceConfigA 000007fefdd2ba3c 12 bytes [48, B8, B9, 5E, 3D, 76, 00, ...] .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[3608] C:\Windows\SYSTEM32\sechost.dll!ControlService + 1 000007feff6f642d 11 bytes [B8, 39, 5B, 3D, 76, 00, 00, ...] .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[3608] C:\Windows\SYSTEM32\sechost.dll!OpenServiceW 000007feff6f6484 12 bytes [48, B8, F9, 55, 3D, 76, 00, ...] .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[3608] C:\Windows\SYSTEM32\sechost.dll!CloseServiceHandle + 1 000007feff6f6519 11 bytes [B8, 39, 62, 3D, 76, 00, 00, ...] .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[3608] C:\Windows\SYSTEM32\sechost.dll!OpenServiceA 000007feff6f6c34 12 bytes [48, B8, 39, 54, 3D, 76, 00, ...] .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[3608] C:\Windows\SYSTEM32\sechost.dll!DeleteService + 1 000007feff6f7ab5 11 bytes [B8, F9, 5C, 3D, 76, 00, 00, ...] .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[3608] C:\Windows\SYSTEM32\sechost.dll!ControlServiceExA + 1 000007feff6f8b01 11 bytes [B8, B9, 57, 3D, 76, 00, 00, ...] .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[3608] C:\Windows\SYSTEM32\sechost.dll!ControlServiceExW + 1 000007feff6f8c39 11 bytes [B8, 79, 59, 3D, 76, 00, 00, ...] .text C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe[3968] C:\Windows\SysWOW64\ntdll.dll!NtWriteFile 0000000077d3f924 5 bytes JMP 00000001761f8169 .text C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe[3968] C:\Windows\SysWOW64\ntdll.dll!NtClose 0000000077d3f9dc 5 bytes JMP 00000001761f67e1 .text C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe[3968] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationProcess 0000000077d3fb24 5 bytes JMP 00000001761f61f1 .text C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe[3968] C:\Windows\SysWOW64\ntdll.dll!NtQueryInformationToken 0000000077d3fba4 5 bytes JMP 00000001761f7d41 .text C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe[3968] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess 0000000077d3fc1c 5 bytes JMP 00000001761f31d9 .text C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe[3968] C:\Windows\SysWOW64\ntdll.dll!NtMapViewOfSection 0000000077d3fc4c 5 bytes JMP 00000001761f15f1 .text C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe[3968] C:\Windows\SysWOW64\ntdll.dll!NtUnmapViewOfSection 0000000077d3fc7c 5 bytes JMP 00000001761f1689 .text C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe[3968] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 0000000077d3fcac 5 bytes JMP 00000001761f6159 .text C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe[3968] C:\Windows\SysWOW64\ntdll.dll!NtOpenSection 0000000077d3fdc4 5 bytes JMP 00000001761f80d1 .text C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe[3968] C:\Windows\SysWOW64\ntdll.dll!NtWriteVirtualMemory 0000000077d3fe10 5 bytes JMP 00000001761f30a9 .text C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe[3968] C:\Windows\SysWOW64\ntdll.dll!NtDuplicateObject 0000000077d3fe40 5 bytes JMP 00000001761f3309 .text C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe[3968] C:\Windows\SysWOW64\ntdll.dll!NtAdjustPrivilegesToken 0000000077d3febc 5 bytes JMP 00000001761f7161 .text C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe[3968] C:\Windows\SysWOW64\ntdll.dll!NtQueueApcThread 0000000077d3ff20 5 bytes JMP 00000001761f3271 .text C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe[3968] C:\Windows\SysWOW64\ntdll.dll!NtCreateSection 0000000077d3ffa0 5 bytes JMP 00000001761f8201 .text C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe[3968] C:\Windows\SysWOW64\ntdll.dll!NtCreateProcessEx 0000000077d3ffe8 5 bytes JMP 00000001761f2ee1 .text C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe[3968] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread 0000000077d40000 5 bytes JMP 00000001761f2db1 .text C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe[3968] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile 0000000077d400b0 5 bytes JMP 00000001761f1ed9 .text C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe[3968] C:\Windows\SysWOW64\ntdll.dll!NtSetValueKey 0000000077d401c0 5 bytes JMP 00000001761f2301 .text C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe[3968] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant 0000000077d40798 5 bytes JMP 00000001761f8039 .text C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe[3968] C:\Windows\SysWOW64\ntdll.dll!NtCreateProcess 0000000077d40810 5 bytes JMP 00000001761f2e49 .text C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe[3968] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx 0000000077d408a0 5 bytes JMP 00000001761f2d19 .text C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe[3968] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver 0000000077d40df0 5 bytes JMP 00000001761f6879 .text C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe[3968] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessToken 0000000077d410bc 5 bytes JMP 00000001761f7ca9 .text C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe[3968] C:\Windows\SysWOW64\ntdll.dll!NtRaiseHardError 0000000077d41600 5 bytes JMP 00000001761f4ac9 .text C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe[3968] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread 0000000077d4191c 5 bytes JMP 00000001761f3141 .text C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe[3968] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation 0000000077d41be0 5 bytes JMP 00000001761f6911 .text C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe[3968] C:\Windows\SysWOW64\ntdll.dll!NtSuspendProcess 0000000077d41d50 5 bytes JMP 00000001761f3439 .text C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe[3968] C:\Windows\SysWOW64\ntdll.dll!NtSuspendThread 0000000077d41d6c 5 bytes JMP 00000001761f33a1 .text C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe[3968] C:\Windows\SysWOW64\ntdll.dll!NtSystemDebugControl 0000000077d41d88 5 bytes JMP 00000001761f8299 .text C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe[3968] C:\Windows\SysWOW64\ntdll.dll!NtVdmControl 0000000077d41ee4 5 bytes JMP 00000001761f7e71 .text C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe[3968] C:\Windows\SysWOW64\ntdll.dll!RtlQueryPerformanceCounter 0000000077d54924 5 bytes JMP 00000001761f1ab1 .text C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe[3968] C:\Windows\SysWOW64\ntdll.dll!RtlEqualSid 0000000077d60f81 5 bytes JMP 00000001761f7dd9 .text C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe[3968] C:\Windows\SysWOW64\ntdll.dll!RtlCreateProcessParametersEx 0000000077d80edb 5 bytes JMP 00000001761f2009 .text C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe[3968] C:\Windows\SysWOW64\ntdll.dll!RtlReportException 0000000077dc886f 5 bytes JMP 00000001761f4b61 .text C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe[3968] C:\Windows\SysWOW64\ntdll.dll!RtlCreateProcessParameters 0000000077dceb0b 5 bytes JMP 00000001761f1f71 .text C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe[3968] C:\Windows\syswow64\kernel32.dll!GetStartupInfoA 0000000077820e00 5 bytes JMP 00000001761f1da9 .text C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe[3968] C:\Windows\syswow64\kernel32.dll!CreateProcessA 0000000077821072 5 bytes JMP 00000001761f2a21 .text C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe[3968] C:\Windows\syswow64\kernel32.dll!LoadLibraryA 0000000077824977 5 bytes JMP 00000001761f25f9 .text C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe[3968] C:\Windows\syswow64\kernel32.dll!CreateProcessInternalW 0000000077833b93 5 bytes JMP 00000001761f3011 .text C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe[3968] C:\Windows\syswow64\kernel32.dll!MoveFileWithProgressW 0000000077839a74 5 bytes JMP 00000001761f70c9 .text C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe[3968] C:\Windows\syswow64\kernel32.dll!MoveFileExW 0000000077839ad5 5 bytes JMP 00000001761f6e69 .text C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe[3968] C:\Windows\syswow64\kernel32.dll!CreateToolhelp32Snapshot 00000000778472f7 5 bytes JMP 00000001761f2729 .text C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe[3968] C:\Windows\syswow64\kernel32.dll!Process32NextW 00000000778488aa 5 bytes JMP 00000001761f6749 .text C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe[3968] C:\Windows\syswow64\kernel32.dll!MoveFileExA 000000007784ccb1 5 bytes JMP 00000001761f6d39 .text C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe[3968] C:\Windows\syswow64\kernel32.dll!MoveFileWithProgressA 000000007784ccd1 5 bytes JMP 00000001761f6f99 .text C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe[3968] C:\Windows\syswow64\kernel32.dll!WinExec 00000000778a3041 5 bytes JMP 00000001761f28f1 .text C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe[3968] C:\Windows\syswow64\kernel32.dll!ReadConsoleInputA 00000000778c74fb 5 bytes JMP 00000001761f46a1 .text C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe[3968] C:\Windows\syswow64\kernel32.dll!ReadConsoleInputW 00000000778c751e 5 bytes JMP 00000001761f47d1 .text C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe[3968] C:\Windows\syswow64\kernel32.dll!ReadConsoleA 00000000778c78c9 5 bytes JMP 00000001761f4901 .text C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe[3968] C:\Windows\syswow64\kernel32.dll!ReadConsoleW 00000000778c7942 5 bytes JMP 00000001761f4a31 .text C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe[3968] C:\Windows\syswow64\KERNELBASE.dll!GetSystemTimeAsFileTime 0000000075c08f8d 5 bytes JMP 00000000761f1a19 .text C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe[3968] C:\Windows\syswow64\KERNELBASE.dll!CloseHandle 0000000075c0c436 5 bytes JMP 00000000761f3b59 .text C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe[3968] C:\Windows\syswow64\KERNELBASE.dll!DeviceIoControl 0000000075c0d0af 5 bytes JMP 00000000761f71f9 .text C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe[3968] C:\Windows\syswow64\KERNELBASE.dll!WriteProcessMemory 0000000075c0eca6 5 bytes JMP 00000000761f3601 .text C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe[3968] C:\Windows\syswow64\KERNELBASE.dll!ExitProcess 0000000075c0f206 5 bytes JMP 00000000761f2399 .text C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe[3968] C:\Windows\syswow64\KERNELBASE.dll!GetStartupInfoW 0000000075c0fa89 5 bytes JMP 00000000761f1e41 .text C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe[3968] C:\Windows\syswow64\KERNELBASE.dll!DefineDosDeviceW 0000000075c0fbb7 5 bytes JMP 00000000761f6c09 .text C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe[3968] C:\Windows\syswow64\KERNELBASE.dll!CreateMutexW 0000000075c11358 5 bytes JMP 00000000761f3ac1 .text C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe[3968] C:\Windows\syswow64\KERNELBASE.dll!OpenMutexW 0000000075c1137f 5 bytes JMP 00000000761f3a29 .text C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe[3968] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000075c11d29 5 bytes JMP 00000000761f1981 .text C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe[3968] C:\Windows\syswow64\KERNELBASE.dll!GetProcAddress 0000000075c11e15 5 bytes JMP 00000000761f24c9 .text C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe[3968] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000075c12ab1 5 bytes JMP 00000000761f6321 .text C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe[3968] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExA 0000000075c12cd9 5 bytes JMP 00000000761f6289 .text C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe[3968] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000075c12d17 5 bytes JMP 00000000761f63b9 .text C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe[3968] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleA 0000000075c12e7a 5 bytes JMP 00000000761f18e9 .text C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe[3968] C:\Windows\syswow64\KERNELBASE.dll!SleepEx 0000000075c13b70 5 bytes JMP 00000000761f2269 .text C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe[3968] C:\Windows\syswow64\KERNELBASE.dll!Sleep 0000000075c14496 5 bytes JMP 00000000761f2431 .text C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe[3968] C:\Windows\syswow64\KERNELBASE.dll!CreateThread 0000000075c14608 5 bytes JMP 00000000761f3569 .text C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe[3968] C:\Windows\syswow64\KERNELBASE.dll!CreateRemoteThread 0000000075c14631 5 bytes JMP 00000000761f2c81 .text C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe[3968] C:\Windows\syswow64\KERNELBASE.dll!FindNextFileW 0000000075c1a211 5 bytes JMP 00000000761f7329 .text C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe[3968] C:\Windows\syswow64\KERNELBASE.dll!FindFirstFileExW 0000000075c1a4fa 5 bytes JMP 00000000761f7291 .text C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe[3968] C:\Windows\syswow64\KERNELBASE.dll!CreateFileA 0000000075c1c734 5 bytes JMP 00000000761f27c1 .text C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe[3968] C:\Windows\syswow64\KERNELBASE.dll!CreateWellKnownSid 0000000075c1e29d 5 bytes JMP 00000000761f7c11 .text C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe[3968] C:\Windows\syswow64\msvcrt.dll!_lock + 41 000000007571a472 5 bytes JMP 00000000761f8331 .text C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe[3968] C:\Windows\syswow64\msvcrt.dll!__p__fmode 00000000757227ce 5 bytes JMP 00000000761f1be1 .text C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe[3968] C:\Windows\syswow64\msvcrt.dll!__p__environ 000000007572e6cf 5 bytes JMP 00000000761f1b49 .text C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe[3968] C:\Windows\syswow64\ADVAPI32.dll!CryptGenKey 0000000075908e89 5 bytes JMP 00000000761f74f1 .text C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe[3968] C:\Windows\syswow64\ADVAPI32.dll!CryptAcquireContextA 0000000075909179 5 bytes JMP 00000000761f73c1 .text C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe[3968] C:\Windows\syswow64\ADVAPI32.dll!CryptExportKey 0000000075909186 5 bytes JMP 00000000761f79b1 .text C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe[3968] C:\Windows\syswow64\ADVAPI32.dll!CryptImportKey 000000007590c4d2 5 bytes JMP 00000000761f7b79 .text C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe[3968] C:\Windows\syswow64\ADVAPI32.dll!OpenServiceW 000000007590c9ec 5 bytes JMP 00000000761f3c89 .text C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe[3968] C:\Windows\syswow64\ADVAPI32.dll!CryptAcquireContextW 000000007590deb4 5 bytes JMP 00000000761f7459 .text C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe[3968] C:\Windows\syswow64\ADVAPI32.dll!CryptHashData 000000007590ded6 5 bytes JMP 00000000761f7ae1 .text C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe[3968] C:\Windows\syswow64\ADVAPI32.dll!CryptCreateHash 000000007590deee 5 bytes JMP 00000000761f7919 .text C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe[3968] C:\Windows\syswow64\ADVAPI32.dll!CryptGetHashParam 000000007590df1e 5 bytes JMP 00000000761f7a49 .text C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe[3968] C:\Windows\syswow64\ADVAPI32.dll!OpenServiceA 0000000075912b70 5 bytes JMP 00000000761f3bf1 .text C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe[3968] C:\Windows\syswow64\ADVAPI32.dll!CloseServiceHandle 000000007591361c 5 bytes JMP 00000000761f40b1 .text C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe[3968] C:\Windows\syswow64\ADVAPI32.dll!RegOpenKeyExA + 222 0000000075914965 5 bytes JMP 00000000761f83c9 .text C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe[3968] C:\Windows\syswow64\ADVAPI32.dll!CreateServiceW 00000000759270c4 5 bytes JMP 00000000761f4311 .text C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe[3968] C:\Windows\syswow64\ADVAPI32.dll!ControlService 00000000759270dc 5 bytes JMP 00000000761f3e51 .text C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe[3968] C:\Windows\syswow64\ADVAPI32.dll!DeleteService 00000000759270f4 5 bytes JMP 00000000761f3ee9 .text C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe[3968] C:\Windows\syswow64\ADVAPI32.dll!CryptEncrypt 0000000075927733 5 bytes JMP 00000000761f7589 .text C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe[3968] C:\Windows\syswow64\ADVAPI32.dll!ChangeServiceConfigA 00000000759431f4 3 bytes JMP 00000000761f3f81 .text C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe[3968] C:\Windows\syswow64\ADVAPI32.dll!ChangeServiceConfigA + 4 00000000759431f8 1 byte [00] .text C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe[3968] C:\Windows\syswow64\ADVAPI32.dll!ChangeServiceConfigW 0000000075943204 3 bytes JMP 00000000761f4019 .text C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe[3968] C:\Windows\syswow64\ADVAPI32.dll!ChangeServiceConfigW + 4 0000000075943208 1 byte [00] .text C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe[3968] C:\Windows\syswow64\ADVAPI32.dll!ControlServiceExA 0000000075943214 3 bytes JMP 00000000761f3d21 .text C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe[3968] C:\Windows\syswow64\ADVAPI32.dll!ControlServiceExA + 4 0000000075943218 1 byte [00] .text C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe[3968] C:\Windows\syswow64\ADVAPI32.dll!ControlServiceExW 0000000075943224 3 bytes JMP 00000000761f3db9 .text C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe[3968] C:\Windows\syswow64\ADVAPI32.dll!ControlServiceExW + 4 0000000075943228 1 byte [00] .text C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe[3968] C:\Windows\syswow64\ADVAPI32.dll!CreateServiceA 0000000075943264 3 bytes JMP 00000000761f4279 .text C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe[3968] C:\Windows\syswow64\ADVAPI32.dll!CreateServiceA + 4 0000000075943268 1 byte [00] .text C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe[3968] C:\Windows\syswow64\USER32.dll!GetMessageW 0000000076af78e2 5 bytes JMP 00000001761f4441 .text C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe[3968] C:\Windows\syswow64\USER32.dll!GetMessageA 0000000076af7bd3 5 bytes JMP 00000001761f43a9 .text C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe[3968] C:\Windows\syswow64\USER32.dll!CreateWindowExW 0000000076af8a29 5 bytes JMP 00000001761f5909 .text C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe[3968] C:\Windows\syswow64\USER32.dll!FindWindowW 0000000076af98fd 5 bytes JMP 00000001761f6581 .text C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe[3968] C:\Windows\syswow64\USER32.dll!UserClientDllInitialize 0000000076afb6ed 5 bytes JMP 00000001761f8461 .text C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe[3968] C:\Windows\syswow64\USER32.dll!CreateWindowExA 0000000076afd22e 5 bytes JMP 00000001761f59a1 .text C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe[3968] C:\Windows\syswow64\USER32.dll!SetWinEventHook 0000000076afee09 5 bytes JMP 00000001761f34d1 .text C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe[3968] C:\Windows\syswow64\USER32.dll!FindWindowA 0000000076afffe6 5 bytes JMP 00000001761f6451 .text C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe[3968] C:\Windows\syswow64\USER32.dll!FindWindowExA 0000000076b000d9 5 bytes JMP 00000001761f64e9 .text C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe[3968] C:\Windows\syswow64\USER32.dll!PeekMessageW 0000000076b005ba 5 bytes JMP 00000001761f4571 .text C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe[3968] C:\Windows\syswow64\USER32.dll!ShowWindow 0000000076b00dfb 5 bytes JMP 00000001761f5a39 .text C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe[3968] C:\Windows\syswow64\USER32.dll!PostMessageW 0000000076b012a5 5 bytes JMP 00000001761f7fa1 .text C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe[3968] C:\Windows\syswow64\USER32.dll!SetWindowTextW 0000000076b020ec 5 bytes JMP 00000001761f5dc9 .text C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe[3968] C:\Windows\syswow64\USER32.dll!PostMessageA 0000000076b03baa 5 bytes JMP 00000001761f7f09 .text C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe[3968] C:\Windows\syswow64\USER32.dll!PeekMessageA 0000000076b05f74 5 bytes JMP 00000001761f44d9 .text C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe[3968] C:\Windows\syswow64\USER32.dll!CallNextHookEx 0000000076b06285 5 bytes JMP 00000001761f4bf9 .text C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe[3968] C:\Windows\syswow64\USER32.dll!SetWindowsHookExW 0000000076b07603 5 bytes JMP 00000001761f2be9 .text C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe[3968] C:\Windows\syswow64\USER32.dll!SetWindowTextA 0000000076b07aee 5 bytes JMP 00000001761f5d31 .text C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe[3968] C:\Windows\syswow64\USER32.dll!SetWindowsHookExA 0000000076b0835c 5 bytes JMP 00000001761f2b51 .text C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe[3968] C:\Windows\syswow64\USER32.dll!DialogBoxIndirectParamAorW 0000000076b1ce54 5 bytes JMP 00000001761f5b69 .text C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe[3968] C:\Windows\syswow64\USER32.dll!UnhookWindowsHookEx 0000000076b1f52b 5 bytes JMP 00000001761f4c91 .text C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe[3968] C:\Windows\syswow64\USER32.dll!FindWindowExW 0000000076b1f588 5 bytes JMP 00000001761f6619 .text C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe[3968] C:\Windows\syswow64\USER32.dll!CreateDialogIndirectParamAorW 0000000076b210a0 5 bytes JMP 00000001761f5ad1 .text C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe[3968] C:\Windows\syswow64\USER32.dll!MessageBoxExA 0000000076b4fcd6 5 bytes JMP 00000001761f5c01 .text C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe[3968] C:\Windows\syswow64\USER32.dll!MessageBoxExW 0000000076b4fcfa 5 bytes JMP 00000001761f5c99 .text C:\Program Files\Bitdefender\Bitdefender 2015\bdwtxag.exe[3192] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077b8de90 5 bytes [48, B8, F0, 12, 38] .text C:\Program Files\Bitdefender\Bitdefender 2015\bdwtxag.exe[3192] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess + 8 0000000077b8de98 4 bytes [00, 00, 50, C3] .text C:\Program Files\Bitdefender\Bitdefender 2015\bdwtxag.exe[3192] C:\Windows\system32\kernel32.dll!UnhandledExceptionFilter + 1 0000000077abb861 11 bytes [B8, F0, 12, 4A, 02, 00, 00, ...] .text C:\Windows\system32\SearchIndexer.exe[1828] C:\Windows\SYSTEM32\ntdll.dll!RtlEqualSid + 1 0000000077b68611 11 bytes [B8, F9, 04, 3E, 76, 00, 00, ...] .text C:\Windows\system32\SearchIndexer.exe[1828] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateProcessParametersEx + 1 0000000077b76741 7 bytes [B8, 39, 69, 3D, 76, 00, 00] .text C:\Windows\system32\SearchIndexer.exe[1828] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateProcessParametersEx + 10 0000000077b7674a 2 bytes [50, C3] .text C:\Windows\system32\SearchIndexer.exe[1828] C:\Windows\SYSTEM32\ntdll.dll!NtWriteFile 0000000077b8dc50 6 bytes [48, B8, F9, 12, 3E, 76] .text C:\Windows\system32\SearchIndexer.exe[1828] C:\Windows\SYSTEM32\ntdll.dll!NtWriteFile + 8 0000000077b8dc58 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\SearchIndexer.exe[1828] C:\Windows\SYSTEM32\ntdll.dll!NtClose 0000000077b8dcc0 6 bytes [48, B8, 79, C2, 3D, 76] .text C:\Windows\system32\SearchIndexer.exe[1828] C:\Windows\SYSTEM32\ntdll.dll!NtClose + 8 0000000077b8dcc8 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\SearchIndexer.exe[1828] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess 0000000077b8dd90 6 bytes [48, B8, 39, AF, 3D, 76] .text C:\Windows\system32\SearchIndexer.exe[1828] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess + 8 0000000077b8dd98 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\SearchIndexer.exe[1828] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationToken 0000000077b8dde0 6 bytes [48, B8, 39, 03, 3E, 76] .text C:\Windows\system32\SearchIndexer.exe[1828] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationToken + 8 0000000077b8dde8 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\SearchIndexer.exe[1828] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077b8de30 6 bytes [48, B8, F9, 32, 3D, 76] .text C:\Windows\system32\SearchIndexer.exe[1828] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess + 8 0000000077b8de38 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\SearchIndexer.exe[1828] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 0000000077b8de50 6 bytes [48, B8, 39, 1C, 3D, 76] .text C:\Windows\system32\SearchIndexer.exe[1828] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection + 8 0000000077b8de58 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\SearchIndexer.exe[1828] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection 0000000077b8de70 6 bytes [48, B8, F9, 1D, 3D, 76] .text C:\Windows\system32\SearchIndexer.exe[1828] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection + 8 0000000077b8de78 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\SearchIndexer.exe[1828] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077b8de90 6 bytes [48, B8, 79, AD, 3D, 76] .text C:\Windows\system32\SearchIndexer.exe[1828] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess + 8 0000000077b8de98 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\SearchIndexer.exe[1828] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077b8df40 6 bytes [48, B8, 39, 11, 3E, 76] .text C:\Windows\system32\SearchIndexer.exe[1828] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection + 8 0000000077b8df48 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\SearchIndexer.exe[1828] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077b8df70 6 bytes [48, B8, 79, 2F, 3D, 76] .text C:\Windows\system32\SearchIndexer.exe[1828] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory + 8 0000000077b8df78 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\SearchIndexer.exe[1828] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077b8df90 6 bytes [48, B8, 79, 36, 3D, 76] .text C:\Windows\system32\SearchIndexer.exe[1828] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject + 8 0000000077b8df98 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\SearchIndexer.exe[1828] C:\Windows\SYSTEM32\ntdll.dll!NtAdjustPrivilegesToken 0000000077b8dfe0 6 bytes [48, B8, 79, DE, 3D, 76] .text C:\Windows\system32\SearchIndexer.exe[1828] C:\Windows\SYSTEM32\ntdll.dll!NtAdjustPrivilegesToken + 8 0000000077b8dfe8 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\SearchIndexer.exe[1828] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 0000000077b8e020 6 bytes [48, B8, B9, 34, 3D, 76] .text C:\Windows\system32\SearchIndexer.exe[1828] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread + 8 0000000077b8e028 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\SearchIndexer.exe[1828] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077b8e070 6 bytes [48, B8, B9, 14, 3E, 76] .text C:\Windows\system32\SearchIndexer.exe[1828] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection + 8 0000000077b8e078 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\SearchIndexer.exe[1828] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcessEx 0000000077b8e0a0 6 bytes [48, B8, 39, 2A, 3D, 76] .text C:\Windows\system32\SearchIndexer.exe[1828] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcessEx + 8 0000000077b8e0a8 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\SearchIndexer.exe[1828] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077b8e0b0 6 bytes [48, B8, B9, 26, 3D, 76] .text C:\Windows\system32\SearchIndexer.exe[1828] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread + 8 0000000077b8e0b8 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\SearchIndexer.exe[1828] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 0000000077b8e120 6 bytes [48, B8, 39, E0, 3D, 76] .text C:\Windows\system32\SearchIndexer.exe[1828] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile + 8 0000000077b8e128 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\SearchIndexer.exe[1828] C:\Windows\SYSTEM32\ntdll.dll!NtSetValueKey 0000000077b8e1d0 6 bytes [48, B8, 39, 18, 3E, 76] .text C:\Windows\system32\SearchIndexer.exe[1828] C:\Windows\SYSTEM32\ntdll.dll!NtSetValueKey + 8 0000000077b8e1d8 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\SearchIndexer.exe[1828] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077b8e5a0 6 bytes [48, B8, 79, 0F, 3E, 76] .text C:\Windows\system32\SearchIndexer.exe[1828] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant + 8 0000000077b8e5a8 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\SearchIndexer.exe[1828] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcess 0000000077b8e5f0 6 bytes [48, B8, 79, 28, 3D, 76] .text C:\Windows\system32\SearchIndexer.exe[1828] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcess + 8 0000000077b8e5f8 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\SearchIndexer.exe[1828] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077b8e650 6 bytes [48, B8, F9, 24, 3D, 76] .text C:\Windows\system32\SearchIndexer.exe[1828] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx + 8 0000000077b8e658 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\SearchIndexer.exe[1828] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077b8e9c0 6 bytes [48, B8, 39, C4, 3D, 76] .text C:\Windows\system32\SearchIndexer.exe[1828] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver + 8 0000000077b8e9c8 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\SearchIndexer.exe[1828] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcessToken 0000000077b8eb90 6 bytes [48, B8, 79, 01, 3E, 76] .text C:\Windows\system32\SearchIndexer.exe[1828] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcessToken + 8 0000000077b8eb98 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\SearchIndexer.exe[1828] C:\Windows\SYSTEM32\ntdll.dll!NtRaiseHardError 0000000077b8ef00 6 bytes [48, B8, 79, 83, 3D, 76] .text C:\Windows\system32\SearchIndexer.exe[1828] C:\Windows\SYSTEM32\ntdll.dll!NtRaiseHardError + 8 0000000077b8ef08 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\SearchIndexer.exe[1828] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077b8f100 6 bytes [48, B8, 39, 31, 3D, 76] .text C:\Windows\system32\SearchIndexer.exe[1828] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread + 8 0000000077b8f108 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\SearchIndexer.exe[1828] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077b8f2c0 6 bytes [48, B8, F9, C5, 3D, 76] .text C:\Windows\system32\SearchIndexer.exe[1828] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation + 8 0000000077b8f2c8 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\SearchIndexer.exe[1828] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077b8f3a0 6 bytes [48, B8, 79, 3D, 3D, 76] .text C:\Windows\system32\SearchIndexer.exe[1828] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess + 8 0000000077b8f3a8 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\SearchIndexer.exe[1828] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077b8f3b0 6 bytes [48, B8, B9, 3B, 3D, 76] .text C:\Windows\system32\SearchIndexer.exe[1828] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread + 8 0000000077b8f3b8 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\SearchIndexer.exe[1828] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077b8f3c0 6 bytes [48, B8, 79, 16, 3E, 76] .text C:\Windows\system32\SearchIndexer.exe[1828] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl + 8 0000000077b8f3c8 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\SearchIndexer.exe[1828] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077b8f4a0 6 bytes [48, B8, 39, 0A, 3E, 76] .text C:\Windows\system32\SearchIndexer.exe[1828] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl + 8 0000000077b8f4a8 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\SearchIndexer.exe[1828] C:\Windows\SYSTEM32\ntdll.dll!RtlReportException + 1 0000000077bfea21 11 bytes [B8, 39, 85, 3D, 76, 00, 00, ...] .text C:\Windows\system32\SearchIndexer.exe[1828] C:\Windows\system32\KERNELBASE.dll!CloseHandle + 1 000007fefdc51861 11 bytes [B8, 79, 52, 3D, 76, 00, 00, ...] .text C:\Windows\system32\SearchIndexer.exe[1828] C:\Windows\system32\KERNELBASE.dll!GetProcAddress + 1 000007fefdc530f1 11 bytes [B8, 39, B6, 3D, 76, 00, 00, ...] .text C:\Windows\system32\SearchIndexer.exe[1828] C:\Windows\system32\KERNELBASE.dll!FindFirstFileExW 000007fefdc55200 12 bytes [48, B8, B9, E3, 3D, 76, 00, ...] .text C:\Windows\system32\SearchIndexer.exe[1828] C:\Windows\system32\KERNELBASE.dll!FindNextFileW + 1 000007fefdc55b91 11 bytes [B8, 79, E5, 3D, 76, 00, 00, ...] .text C:\Windows\system32\SearchIndexer.exe[1828] C:\Windows\system32\KERNELBASE.dll!CreateMutexW 000007fefdc58c00 12 bytes [48, B8, B9, 50, 3D, 76, 00, ...] .text C:\Windows\system32\SearchIndexer.exe[1828] C:\Windows\system32\KERNELBASE.dll!CreateWellKnownSid + 1 000007fefdc59531 11 bytes [B8, B9, FF, 3D, 76, 00, 00, ...] .text C:\Windows\system32\SearchIndexer.exe[1828] C:\Windows\system32\KERNELBASE.dll!DeviceIoControl + 1 000007fefdc59e71 11 bytes [B8, F9, E1, 3D, 76, 00, 00, ...] .text C:\Windows\system32\SearchIndexer.exe[1828] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExA + 1 000007fefdc5b591 11 bytes [B8, F9, B0, 3D, 76, 00, 00, ...] .text C:\Windows\system32\SearchIndexer.exe[1828] C:\Windows\system32\KERNELBASE.dll!OpenMutexW + 1 000007fefdc62361 11 bytes [B8, F9, 4E, 3D, 76, 00, 00, ...] .text C:\Windows\system32\SearchIndexer.exe[1828] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefdc6a590 12 bytes [48, B8, B9, B2, 3D, 76, 00, ...] .text C:\Windows\system32\SearchIndexer.exe[1828] C:\Windows\system32\KERNELBASE.dll!FreeLibrary + 1 000007fefdc6ac01 11 bytes [B8, 79, B4, 3D, 76, 00, 00, ...] .text C:\Windows\system32\SearchIndexer.exe[1828] C:\Windows\system32\KERNELBASE.dll!WriteProcessMemory 000007fefdc842e0 12 bytes [48, B8, B9, 42, 3D, 76, 00, ...] .text C:\Windows\system32\SearchIndexer.exe[1828] C:\Windows\system32\KERNELBASE.dll!DefineDosDeviceW + 1 000007fefdc90ba1 11 bytes [B8, B9, CE, 3D, 76, 00, 00, ...] .text C:\Windows\system32\SearchIndexer.exe[1828] C:\Windows\system32\KERNELBASE.dll!CreateRemoteThread + 1 000007fefdc92801 8 bytes [B8, 39, 23, 3D, 76, 00, 00, ...] .text C:\Windows\system32\SearchIndexer.exe[1828] C:\Windows\system32\KERNELBASE.dll!CreateRemoteThread + 10 000007fefdc9280a 2 bytes [50, C3] .text C:\Windows\system32\SearchIndexer.exe[1828] C:\Windows\system32\KERNELBASE.dll!CreateThread + 1 000007fefdc92841 11 bytes [B8, F9, 40, 3D, 76, 00, 00, ...] .text C:\Windows\system32\SearchIndexer.exe[1828] C:\Windows\SYSTEM32\sechost.dll!ControlService + 1 000007feff6f642d 11 bytes [B8, 39, 5B, 3D, 76, 00, 00, ...] .text C:\Windows\system32\SearchIndexer.exe[1828] C:\Windows\SYSTEM32\sechost.dll!OpenServiceW 000007feff6f6484 12 bytes [48, B8, F9, 55, 3D, 76, 00, ...] .text C:\Windows\system32\SearchIndexer.exe[1828] C:\Windows\SYSTEM32\sechost.dll!CloseServiceHandle + 1 000007feff6f6519 11 bytes [B8, 39, 62, 3D, 76, 00, 00, ...] .text C:\Windows\system32\SearchIndexer.exe[1828] C:\Windows\SYSTEM32\sechost.dll!OpenServiceA 000007feff6f6c34 12 bytes [48, B8, 39, 54, 3D, 76, 00, ...] .text C:\Windows\system32\SearchIndexer.exe[1828] C:\Windows\SYSTEM32\sechost.dll!DeleteService + 1 000007feff6f7ab5 11 bytes [B8, F9, 5C, 3D, 76, 00, 00, ...] .text C:\Windows\system32\SearchIndexer.exe[1828] C:\Windows\SYSTEM32\sechost.dll!ControlServiceExA + 1 000007feff6f8b01 11 bytes [B8, B9, 57, 3D, 76, 00, 00, ...] .text C:\Windows\system32\SearchIndexer.exe[1828] C:\Windows\SYSTEM32\sechost.dll!ControlServiceExW + 1 000007feff6f8c39 11 bytes [B8, 79, 59, 3D, 76, 00, 00, ...] .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[3412] C:\Windows\SysWOW64\ntdll.dll!NtWriteFile 0000000077d3f924 5 bytes JMP 00000001761f8169 .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[3412] C:\Windows\SysWOW64\ntdll.dll!NtClose 0000000077d3f9dc 5 bytes JMP 00000001761f67e1 .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[3412] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationProcess 0000000077d3fb24 5 bytes JMP 00000001761f61f1 .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[3412] C:\Windows\SysWOW64\ntdll.dll!NtQueryInformationToken 0000000077d3fba4 5 bytes JMP 00000001761f7d41 .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[3412] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess 0000000077d3fc1c 5 bytes JMP 00000001761f31d9 .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[3412] C:\Windows\SysWOW64\ntdll.dll!NtMapViewOfSection 0000000077d3fc4c 5 bytes JMP 00000001761f15f1 .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[3412] C:\Windows\SysWOW64\ntdll.dll!NtUnmapViewOfSection 0000000077d3fc7c 5 bytes JMP 00000001761f1689 .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[3412] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 0000000077d3fcac 5 bytes JMP 00000001761f6159 .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[3412] C:\Windows\SysWOW64\ntdll.dll!NtOpenSection 0000000077d3fdc4 5 bytes JMP 00000001761f80d1 .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[3412] C:\Windows\SysWOW64\ntdll.dll!NtWriteVirtualMemory 0000000077d3fe10 5 bytes JMP 00000001761f30a9 .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[3412] C:\Windows\SysWOW64\ntdll.dll!NtDuplicateObject 0000000077d3fe40 5 bytes JMP 00000001761f3309 .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[3412] C:\Windows\SysWOW64\ntdll.dll!NtAdjustPrivilegesToken 0000000077d3febc 5 bytes JMP 00000001761f7161 .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[3412] C:\Windows\SysWOW64\ntdll.dll!NtQueueApcThread 0000000077d3ff20 5 bytes JMP 00000001761f3271 .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[3412] C:\Windows\SysWOW64\ntdll.dll!NtCreateSection 0000000077d3ffa0 5 bytes JMP 00000001761f8201 .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[3412] C:\Windows\SysWOW64\ntdll.dll!NtCreateProcessEx 0000000077d3ffe8 5 bytes JMP 00000001761f2ee1 .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[3412] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread 0000000077d40000 5 bytes JMP 00000001761f2db1 .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[3412] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile 0000000077d400b0 5 bytes JMP 00000001761f1ed9 .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[3412] C:\Windows\SysWOW64\ntdll.dll!NtSetValueKey 0000000077d401c0 5 bytes JMP 00000001761f2301 .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[3412] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant 0000000077d40798 5 bytes JMP 00000001761f8039 .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[3412] C:\Windows\SysWOW64\ntdll.dll!NtCreateProcess 0000000077d40810 5 bytes JMP 00000001761f2e49 .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[3412] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx 0000000077d408a0 5 bytes JMP 00000001761f2d19 .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[3412] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver 0000000077d40df0 5 bytes JMP 00000001761f6879 .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[3412] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessToken 0000000077d410bc 5 bytes JMP 00000001761f7ca9 .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[3412] C:\Windows\SysWOW64\ntdll.dll!NtRaiseHardError 0000000077d41600 5 bytes JMP 00000001761f4ac9 .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[3412] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread 0000000077d4191c 5 bytes JMP 00000001761f3141 .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[3412] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation 0000000077d41be0 5 bytes JMP 00000001761f6911 .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[3412] C:\Windows\SysWOW64\ntdll.dll!NtSuspendProcess 0000000077d41d50 5 bytes JMP 00000001761f3439 .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[3412] C:\Windows\SysWOW64\ntdll.dll!NtSuspendThread 0000000077d41d6c 5 bytes JMP 00000001761f33a1 .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[3412] C:\Windows\SysWOW64\ntdll.dll!NtSystemDebugControl 0000000077d41d88 5 bytes JMP 00000001761f8299 .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[3412] C:\Windows\SysWOW64\ntdll.dll!NtVdmControl 0000000077d41ee4 5 bytes JMP 00000001761f7e71 .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[3412] C:\Windows\SysWOW64\ntdll.dll!RtlQueryPerformanceCounter 0000000077d54924 5 bytes JMP 00000001761f1ab1 .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[3412] C:\Windows\SysWOW64\ntdll.dll!RtlEqualSid 0000000077d60f81 5 bytes JMP 00000001761f7dd9 .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[3412] C:\Windows\SysWOW64\ntdll.dll!RtlCreateProcessParametersEx 0000000077d80edb 5 bytes JMP 00000001761f2009 .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[3412] C:\Windows\SysWOW64\ntdll.dll!RtlReportException 0000000077dc886f 5 bytes JMP 00000001761f4b61 .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[3412] C:\Windows\SysWOW64\ntdll.dll!RtlCreateProcessParameters 0000000077dceb0b 5 bytes JMP 00000001761f1f71 .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[3412] C:\Windows\syswow64\KERNEL32.dll!GetStartupInfoA 0000000077820e00 5 bytes JMP 00000001761f1da9 .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[3412] C:\Windows\syswow64\KERNEL32.dll!CreateProcessA 0000000077821072 5 bytes JMP 00000001761f2a21 .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[3412] C:\Windows\syswow64\KERNEL32.dll!LoadLibraryA 0000000077824977 5 bytes JMP 00000001761f25f9 .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[3412] C:\Windows\syswow64\KERNEL32.dll!CreateProcessInternalW 0000000077833b93 5 bytes JMP 00000001761f3011 .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[3412] C:\Windows\syswow64\KERNEL32.dll!MoveFileWithProgressW 0000000077839a74 5 bytes JMP 00000001761f70c9 .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[3412] C:\Windows\syswow64\KERNEL32.dll!MoveFileExW 0000000077839ad5 5 bytes JMP 00000001761f6e69 .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[3412] C:\Windows\syswow64\KERNEL32.dll!CreateToolhelp32Snapshot 00000000778472f7 5 bytes JMP 00000001761f2729 .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[3412] C:\Windows\syswow64\KERNEL32.dll!Process32NextW 00000000778488aa 5 bytes JMP 00000001761f6749 .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[3412] C:\Windows\syswow64\KERNEL32.dll!MoveFileExA 000000007784ccb1 5 bytes JMP 00000001761f6d39 .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[3412] C:\Windows\syswow64\KERNEL32.dll!MoveFileWithProgressA 000000007784ccd1 5 bytes JMP 00000001761f6f99 .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[3412] C:\Windows\syswow64\KERNEL32.dll!WinExec 00000000778a3041 5 bytes JMP 00000001761f28f1 .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[3412] C:\Windows\syswow64\KERNEL32.dll!ReadConsoleInputA 00000000778c74fb 5 bytes JMP 00000001761f46a1 .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[3412] C:\Windows\syswow64\KERNEL32.dll!ReadConsoleInputW 00000000778c751e 5 bytes JMP 00000001761f47d1 .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[3412] C:\Windows\syswow64\KERNEL32.dll!ReadConsoleA 00000000778c78c9 5 bytes JMP 00000001761f4901 .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[3412] C:\Windows\syswow64\KERNEL32.dll!ReadConsoleW 00000000778c7942 5 bytes JMP 00000001761f4a31 .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[3412] C:\Windows\syswow64\KERNELBASE.dll!GetSystemTimeAsFileTime 0000000075c08f8d 5 bytes JMP 00000000761f1a19 .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[3412] C:\Windows\syswow64\KERNELBASE.dll!CloseHandle 0000000075c0c436 5 bytes JMP 00000000761f3b59 .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[3412] C:\Windows\syswow64\KERNELBASE.dll!DeviceIoControl 0000000075c0d0af 5 bytes JMP 00000000761f71f9 .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[3412] C:\Windows\syswow64\KERNELBASE.dll!WriteProcessMemory 0000000075c0eca6 5 bytes JMP 00000000761f3601 .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[3412] C:\Windows\syswow64\KERNELBASE.dll!ExitProcess 0000000075c0f206 5 bytes JMP 00000000761f2399 .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[3412] C:\Windows\syswow64\KERNELBASE.dll!GetStartupInfoW 0000000075c0fa89 5 bytes JMP 00000000761f1e41 .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[3412] C:\Windows\syswow64\KERNELBASE.dll!DefineDosDeviceW 0000000075c0fbb7 5 bytes JMP 00000000761f6c09 .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[3412] C:\Windows\syswow64\KERNELBASE.dll!CreateMutexW 0000000075c11358 5 bytes JMP 00000000761f3ac1 .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[3412] C:\Windows\syswow64\KERNELBASE.dll!OpenMutexW 0000000075c1137f 5 bytes JMP 00000000761f3a29 .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[3412] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000075c11d29 5 bytes JMP 00000000761f1981 .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[3412] C:\Windows\syswow64\KERNELBASE.dll!GetProcAddress 0000000075c11e15 5 bytes JMP 00000000761f24c9 .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[3412] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000075c12ab1 5 bytes JMP 00000000761f6321 .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[3412] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExA 0000000075c12cd9 5 bytes JMP 00000000761f6289 .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[3412] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000075c12d17 5 bytes JMP 00000000761f63b9 .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[3412] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleA 0000000075c12e7a 5 bytes JMP 00000000761f18e9 .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[3412] C:\Windows\syswow64\KERNELBASE.dll!SleepEx 0000000075c13b70 5 bytes JMP 00000000761f2269 .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[3412] C:\Windows\syswow64\KERNELBASE.dll!Sleep 0000000075c14496 5 bytes JMP 00000000761f2431 .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[3412] C:\Windows\syswow64\KERNELBASE.dll!CreateThread 0000000075c14608 5 bytes JMP 00000000761f3569 .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[3412] C:\Windows\syswow64\KERNELBASE.dll!CreateRemoteThread 0000000075c14631 5 bytes JMP 00000000761f2c81 .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[3412] C:\Windows\syswow64\KERNELBASE.dll!FindNextFileW 0000000075c1a211 5 bytes JMP 00000000761f7329 .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[3412] C:\Windows\syswow64\KERNELBASE.dll!FindFirstFileExW 0000000075c1a4fa 5 bytes JMP 00000000761f7291 .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[3412] C:\Windows\syswow64\KERNELBASE.dll!CreateFileA 0000000075c1c734 5 bytes JMP 00000000761f27c1 .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[3412] C:\Windows\syswow64\KERNELBASE.dll!CreateWellKnownSid 0000000075c1e29d 5 bytes JMP 00000000761f7c11 .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[3412] C:\Windows\syswow64\ADVAPI32.dll!CryptGenKey 0000000075908e89 5 bytes JMP 00000000761f74f1 .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[3412] C:\Windows\syswow64\ADVAPI32.dll!CryptAcquireContextA 0000000075909179 5 bytes JMP 00000000761f73c1 .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[3412] C:\Windows\syswow64\ADVAPI32.dll!CryptExportKey 0000000075909186 5 bytes JMP 00000000761f79b1 .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[3412] C:\Windows\syswow64\ADVAPI32.dll!CryptImportKey 000000007590c4d2 5 bytes JMP 00000000761f7b79 .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[3412] C:\Windows\syswow64\ADVAPI32.dll!OpenServiceW 000000007590c9ec 5 bytes JMP 00000000761f3c89 .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[3412] C:\Windows\syswow64\ADVAPI32.dll!CryptAcquireContextW 000000007590deb4 5 bytes JMP 00000000761f7459 .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[3412] C:\Windows\syswow64\ADVAPI32.dll!CryptHashData 000000007590ded6 5 bytes JMP 00000000761f7ae1 .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[3412] C:\Windows\syswow64\ADVAPI32.dll!CryptCreateHash 000000007590deee 5 bytes JMP 00000000761f7919 .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[3412] C:\Windows\syswow64\ADVAPI32.dll!CryptGetHashParam 000000007590df1e 5 bytes JMP 00000000761f7a49 .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[3412] C:\Windows\syswow64\ADVAPI32.dll!OpenServiceA 0000000075912b70 5 bytes JMP 00000000761f3bf1 .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[3412] C:\Windows\syswow64\ADVAPI32.dll!CloseServiceHandle 000000007591361c 5 bytes JMP 00000000761f40b1 .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[3412] C:\Windows\syswow64\ADVAPI32.dll!RegOpenKeyExA + 222 0000000075914965 5 bytes JMP 00000000761f8331 .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[3412] C:\Windows\syswow64\ADVAPI32.dll!CreateServiceW 00000000759270c4 5 bytes JMP 00000000761f4311 .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[3412] C:\Windows\syswow64\ADVAPI32.dll!ControlService 00000000759270dc 5 bytes JMP 00000000761f3e51 .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[3412] C:\Windows\syswow64\ADVAPI32.dll!DeleteService 00000000759270f4 5 bytes JMP 00000000761f3ee9 .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[3412] C:\Windows\syswow64\ADVAPI32.dll!CryptEncrypt 0000000075927733 5 bytes JMP 00000000761f7589 .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[3412] C:\Windows\syswow64\ADVAPI32.dll!ChangeServiceConfigA 00000000759431f4 3 bytes JMP 00000000761f3f81 .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[3412] C:\Windows\syswow64\ADVAPI32.dll!ChangeServiceConfigA + 4 00000000759431f8 1 byte [00] .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[3412] C:\Windows\syswow64\ADVAPI32.dll!ChangeServiceConfigW 0000000075943204 3 bytes JMP 00000000761f4019 .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[3412] C:\Windows\syswow64\ADVAPI32.dll!ChangeServiceConfigW + 4 0000000075943208 1 byte [00] .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[3412] C:\Windows\syswow64\ADVAPI32.dll!ControlServiceExA 0000000075943214 3 bytes JMP 00000000761f3d21 .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[3412] C:\Windows\syswow64\ADVAPI32.dll!ControlServiceExA + 4 0000000075943218 1 byte [00] .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[3412] C:\Windows\syswow64\ADVAPI32.dll!ControlServiceExW 0000000075943224 3 bytes JMP 00000000761f3db9 .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[3412] C:\Windows\syswow64\ADVAPI32.dll!ControlServiceExW + 4 0000000075943228 1 byte [00] .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[3412] C:\Windows\syswow64\ADVAPI32.dll!CreateServiceA 0000000075943264 3 bytes JMP 00000000761f4279 .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[3412] C:\Windows\syswow64\ADVAPI32.dll!CreateServiceA + 4 0000000075943268 1 byte [00] .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[3412] C:\Windows\syswow64\msvcrt.dll!_lock + 41 000000007571a472 5 bytes JMP 00000000761f83c9 .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[3412] C:\Windows\syswow64\msvcrt.dll!__p__fmode 00000000757227ce 5 bytes JMP 00000000761f1be1 .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[3412] C:\Windows\syswow64\msvcrt.dll!__p__environ 000000007572e6cf 5 bytes JMP 00000000761f1b49 .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[3412] C:\Windows\syswow64\USER32.dll!GetMessageW 0000000076af78e2 5 bytes JMP 00000001761f4441 .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[3412] C:\Windows\syswow64\USER32.dll!GetMessageA 0000000076af7bd3 5 bytes JMP 00000001761f43a9 .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[3412] C:\Windows\syswow64\USER32.dll!CreateWindowExW 0000000076af8a29 5 bytes JMP 00000001761f5909 .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[3412] C:\Windows\syswow64\USER32.dll!FindWindowW 0000000076af98fd 5 bytes JMP 00000001761f6581 .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[3412] C:\Windows\syswow64\USER32.dll!UserClientDllInitialize 0000000076afb6ed 5 bytes JMP 00000001761f8461 .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[3412] C:\Windows\syswow64\USER32.dll!CreateWindowExA 0000000076afd22e 5 bytes JMP 00000001761f59a1 .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[3412] C:\Windows\syswow64\USER32.dll!SetWinEventHook 0000000076afee09 5 bytes JMP 00000001761f34d1 .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[3412] C:\Windows\syswow64\USER32.dll!FindWindowA 0000000076afffe6 5 bytes JMP 00000001761f6451 .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[3412] C:\Windows\syswow64\USER32.dll!FindWindowExA 0000000076b000d9 5 bytes JMP 00000001761f64e9 .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[3412] C:\Windows\syswow64\USER32.dll!PeekMessageW 0000000076b005ba 5 bytes JMP 00000001761f4571 .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[3412] C:\Windows\syswow64\USER32.dll!ShowWindow 0000000076b00dfb 5 bytes JMP 00000001761f5a39 .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[3412] C:\Windows\syswow64\USER32.dll!PostMessageW 0000000076b012a5 5 bytes JMP 00000001761f7fa1 .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[3412] C:\Windows\syswow64\USER32.dll!SetWindowTextW 0000000076b020ec 5 bytes JMP 00000001761f5dc9 .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[3412] C:\Windows\syswow64\USER32.dll!PostMessageA 0000000076b03baa 5 bytes JMP 00000001761f7f09 .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[3412] C:\Windows\syswow64\USER32.dll!PeekMessageA 0000000076b05f74 5 bytes JMP 00000001761f44d9 .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[3412] C:\Windows\syswow64\USER32.dll!CallNextHookEx 0000000076b06285 5 bytes JMP 00000001761f4bf9 .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[3412] C:\Windows\syswow64\USER32.dll!SetWindowsHookExW 0000000076b07603 5 bytes JMP 00000001761f2be9 .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[3412] C:\Windows\syswow64\USER32.dll!SetWindowTextA 0000000076b07aee 5 bytes JMP 00000001761f5d31 .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[3412] C:\Windows\syswow64\USER32.dll!SetWindowsHookExA 0000000076b0835c 5 bytes JMP 00000001761f2b51 .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[3412] C:\Windows\syswow64\USER32.dll!DialogBoxIndirectParamAorW 0000000076b1ce54 5 bytes JMP 00000001761f5b69 .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[3412] C:\Windows\syswow64\USER32.dll!UnhookWindowsHookEx 0000000076b1f52b 5 bytes JMP 00000001761f4c91 .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[3412] C:\Windows\syswow64\USER32.dll!FindWindowExW 0000000076b1f588 5 bytes JMP 00000001761f6619 .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[3412] C:\Windows\syswow64\USER32.dll!CreateDialogIndirectParamAorW 0000000076b210a0 5 bytes JMP 00000001761f5ad1 .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[3412] C:\Windows\syswow64\USER32.dll!MessageBoxExA 0000000076b4fcd6 5 bytes JMP 00000001761f5c01 .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[3412] C:\Windows\syswow64\USER32.dll!MessageBoxExW 0000000076b4fcfa 5 bytes JMP 00000001761f5c99 .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[3412] C:\Windows\syswow64\shell32.dll!Shell_NotifyIconW 0000000002510179 5 bytes JMP 00000000761f4d29 .text C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe[3944] C:\Windows\SysWOW64\ntdll.dll!NtWriteFile 0000000077d3f924 5 bytes JMP 00000001761f77e9 .text C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe[3944] C:\Windows\SysWOW64\ntdll.dll!NtClose 0000000077d3f9dc 5 bytes JMP 00000001761f5e61 .text C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe[3944] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationProcess 0000000077d3fb24 5 bytes JMP 00000001761f5871 .text C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe[3944] C:\Windows\SysWOW64\ntdll.dll!NtQueryInformationToken 0000000077d3fba4 5 bytes JMP 00000001761f73c1 .text C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe[3944] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess 0000000077d3fc1c 5 bytes JMP 00000001761f31d9 .text C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe[3944] C:\Windows\SysWOW64\ntdll.dll!NtMapViewOfSection 0000000077d3fc4c 5 bytes JMP 00000001761f15f1 .text C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe[3944] C:\Windows\SysWOW64\ntdll.dll!NtUnmapViewOfSection 0000000077d3fc7c 5 bytes JMP 00000001761f1689 .text C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe[3944] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 0000000077d3fcac 5 bytes JMP 00000001761f57d9 .text C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe[3944] C:\Windows\SysWOW64\ntdll.dll!NtOpenSection 0000000077d3fdc4 5 bytes JMP 00000001761f7751 .text C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe[3944] C:\Windows\SysWOW64\ntdll.dll!NtWriteVirtualMemory 0000000077d3fe10 5 bytes JMP 00000001761f30a9 .text C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe[3944] C:\Windows\SysWOW64\ntdll.dll!NtDuplicateObject 0000000077d3fe40 5 bytes JMP 00000001761f3309 .text C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe[3944] C:\Windows\SysWOW64\ntdll.dll!NtAdjustPrivilegesToken 0000000077d3febc 5 bytes JMP 00000001761f67e1 .text C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe[3944] C:\Windows\SysWOW64\ntdll.dll!NtQueueApcThread 0000000077d3ff20 5 bytes JMP 00000001761f3271 .text C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe[3944] C:\Windows\SysWOW64\ntdll.dll!NtCreateSection 0000000077d3ffa0 5 bytes JMP 00000001761f7881 .text C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe[3944] C:\Windows\SysWOW64\ntdll.dll!NtCreateProcessEx 0000000077d3ffe8 5 bytes JMP 00000001761f2ee1 .text C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe[3944] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread 0000000077d40000 5 bytes JMP 00000001761f2db1 .text C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe[3944] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile 0000000077d400b0 5 bytes JMP 00000001761f1ed9 .text C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe[3944] C:\Windows\SysWOW64\ntdll.dll!NtSetValueKey 0000000077d401c0 5 bytes JMP 00000001761f2301 .text C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe[3944] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant 0000000077d40798 5 bytes JMP 00000001761f76b9 .text C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe[3944] C:\Windows\SysWOW64\ntdll.dll!NtCreateProcess 0000000077d40810 5 bytes JMP 00000001761f2e49 .text C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe[3944] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx 0000000077d408a0 5 bytes JMP 00000001761f2d19 .text C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe[3944] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver 0000000077d40df0 5 bytes JMP 00000001761f5ef9 .text C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe[3944] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessToken 0000000077d410bc 5 bytes JMP 00000001761f7329 .text C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe[3944] C:\Windows\SysWOW64\ntdll.dll!NtRaiseHardError 0000000077d41600 5 bytes JMP 00000001761f4ac9 .text C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe[3944] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread 0000000077d4191c 5 bytes JMP 00000001761f3141 .text C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe[3944] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation 0000000077d41be0 5 bytes JMP 00000001761f5f91 .text C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe[3944] C:\Windows\SysWOW64\ntdll.dll!NtSuspendProcess 0000000077d41d50 5 bytes JMP 00000001761f3439 .text C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe[3944] C:\Windows\SysWOW64\ntdll.dll!NtSuspendThread 0000000077d41d6c 5 bytes JMP 00000001761f33a1 .text C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe[3944] C:\Windows\SysWOW64\ntdll.dll!NtSystemDebugControl 0000000077d41d88 5 bytes JMP 00000001761f7919 .text C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe[3944] C:\Windows\SysWOW64\ntdll.dll!NtVdmControl 0000000077d41ee4 5 bytes JMP 00000001761f74f1 .text C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe[3944] C:\Windows\SysWOW64\ntdll.dll!RtlQueryPerformanceCounter 0000000077d54924 5 bytes JMP 00000001761f1ab1 .text C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe[3944] C:\Windows\SysWOW64\ntdll.dll!RtlEqualSid 0000000077d60f81 5 bytes JMP 00000001761f7459 .text C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe[3944] C:\Windows\SysWOW64\ntdll.dll!RtlCreateProcessParametersEx 0000000077d80edb 5 bytes JMP 00000001761f2009 .text C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe[3944] C:\Windows\SysWOW64\ntdll.dll!RtlReportException 0000000077dc886f 5 bytes JMP 00000001761f4b61 .text C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe[3944] C:\Windows\SysWOW64\ntdll.dll!RtlCreateProcessParameters 0000000077dceb0b 5 bytes JMP 00000001761f1f71 .text C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe[3944] C:\Windows\syswow64\kernel32.dll!GetStartupInfoA 0000000077820e00 5 bytes JMP 00000001761f1da9 .text C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe[3944] C:\Windows\syswow64\kernel32.dll!CreateProcessA 0000000077821072 5 bytes JMP 00000001761f2a21 .text C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe[3944] C:\Windows\syswow64\kernel32.dll!LoadLibraryA 0000000077824977 5 bytes JMP 00000001761f25f9 .text C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe[3944] C:\Windows\syswow64\kernel32.dll!CreateProcessInternalW 0000000077833b93 5 bytes JMP 00000001761f3011 .text C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe[3944] C:\Windows\syswow64\kernel32.dll!MoveFileWithProgressW 0000000077839a74 5 bytes JMP 00000001761f6749 .text C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe[3944] C:\Windows\syswow64\kernel32.dll!MoveFileExW 0000000077839ad5 5 bytes JMP 00000001761f64e9 .text C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe[3944] C:\Windows\syswow64\kernel32.dll!CreateToolhelp32Snapshot 00000000778472f7 5 bytes JMP 00000001761f2729 .text C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe[3944] C:\Windows\syswow64\kernel32.dll!Process32NextW 00000000778488aa 5 bytes JMP 00000001761f5dc9 .text C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe[3944] C:\Windows\syswow64\kernel32.dll!MoveFileExA 000000007784ccb1 5 bytes JMP 00000001761f63b9 .text C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe[3944] C:\Windows\syswow64\kernel32.dll!MoveFileWithProgressA 000000007784ccd1 5 bytes JMP 00000001761f6619 .text C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe[3944] C:\Windows\syswow64\kernel32.dll!WinExec 00000000778a3041 5 bytes JMP 00000001761f28f1 .text C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe[3944] C:\Windows\syswow64\kernel32.dll!ReadConsoleInputA 00000000778c74fb 5 bytes JMP 00000001761f46a1 .text C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe[3944] C:\Windows\syswow64\kernel32.dll!ReadConsoleInputW 00000000778c751e 5 bytes JMP 00000001761f47d1 .text C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe[3944] C:\Windows\syswow64\kernel32.dll!ReadConsoleA 00000000778c78c9 5 bytes JMP 00000001761f4901 .text C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe[3944] C:\Windows\syswow64\kernel32.dll!ReadConsoleW 00000000778c7942 5 bytes JMP 00000001761f4a31 .text C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe[3944] C:\Windows\syswow64\KERNELBASE.dll!GetSystemTimeAsFileTime 0000000075c08f8d 5 bytes JMP 00000000761f1a19 .text C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe[3944] C:\Windows\syswow64\KERNELBASE.dll!CloseHandle 0000000075c0c436 5 bytes JMP 00000000761f3b59 .text C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe[3944] C:\Windows\syswow64\KERNELBASE.dll!DeviceIoControl 0000000075c0d0af 5 bytes JMP 00000000761f6879 .text C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe[3944] C:\Windows\syswow64\KERNELBASE.dll!WriteProcessMemory 0000000075c0eca6 5 bytes JMP 00000000761f3601 .text C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe[3944] C:\Windows\syswow64\KERNELBASE.dll!ExitProcess 0000000075c0f206 5 bytes JMP 00000000761f2399 .text C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe[3944] C:\Windows\syswow64\KERNELBASE.dll!GetStartupInfoW 0000000075c0fa89 5 bytes JMP 00000000761f1e41 .text C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe[3944] C:\Windows\syswow64\KERNELBASE.dll!DefineDosDeviceW 0000000075c0fbb7 5 bytes JMP 00000000761f6289 .text C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe[3944] C:\Windows\syswow64\KERNELBASE.dll!CreateMutexW 0000000075c11358 5 bytes JMP 00000000761f3ac1 .text C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe[3944] C:\Windows\syswow64\KERNELBASE.dll!OpenMutexW 0000000075c1137f 5 bytes JMP 00000000761f3a29 .text C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe[3944] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000075c11d29 5 bytes JMP 00000000761f1981 .text C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe[3944] C:\Windows\syswow64\KERNELBASE.dll!GetProcAddress 0000000075c11e15 5 bytes JMP 00000000761f24c9 .text C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe[3944] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000075c12ab1 5 bytes JMP 00000000761f59a1 .text C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe[3944] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExA 0000000075c12cd9 5 bytes JMP 00000000761f5909 .text C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe[3944] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000075c12d17 5 bytes JMP 00000000761f5a39 .text C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe[3944] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleA 0000000075c12e7a 5 bytes JMP 00000000761f18e9 .text C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe[3944] C:\Windows\syswow64\KERNELBASE.dll!SleepEx 0000000075c13b70 5 bytes JMP 00000000761f2269 .text C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe[3944] C:\Windows\syswow64\KERNELBASE.dll!Sleep 0000000075c14496 5 bytes JMP 00000000761f2431 .text C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe[3944] C:\Windows\syswow64\KERNELBASE.dll!CreateThread 0000000075c14608 5 bytes JMP 00000000761f3569 .text C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe[3944] C:\Windows\syswow64\KERNELBASE.dll!CreateRemoteThread 0000000075c14631 5 bytes JMP 00000000761f2c81 .text C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe[3944] C:\Windows\syswow64\KERNELBASE.dll!FindNextFileW 0000000075c1a211 5 bytes JMP 00000000761f69a9 .text C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe[3944] C:\Windows\syswow64\KERNELBASE.dll!FindFirstFileExW 0000000075c1a4fa 5 bytes JMP 00000000761f6911 .text C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe[3944] C:\Windows\syswow64\KERNELBASE.dll!CreateFileA 0000000075c1c734 5 bytes JMP 00000000761f27c1 .text C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe[3944] C:\Windows\syswow64\KERNELBASE.dll!CreateWellKnownSid 0000000075c1e29d 5 bytes JMP 00000000761f7291 .text C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe[3944] C:\Windows\syswow64\msvcrt.dll!_lock + 41 000000007571a472 5 bytes JMP 00000000761f79b1 .text C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe[3944] C:\Windows\syswow64\msvcrt.dll!__p__fmode 00000000757227ce 5 bytes JMP 00000000761f1be1 .text C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe[3944] C:\Windows\syswow64\msvcrt.dll!__p__environ 000000007572e6cf 5 bytes JMP 00000000761f1b49 .text C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe[3944] C:\Windows\syswow64\ADVAPI32.dll!CryptGenKey 0000000075908e89 5 bytes JMP 00000000761f6b71 .text C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe[3944] C:\Windows\syswow64\ADVAPI32.dll!CryptAcquireContextA 0000000075909179 5 bytes JMP 00000000761f6a41 .text C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe[3944] C:\Windows\syswow64\ADVAPI32.dll!CryptExportKey 0000000075909186 5 bytes JMP 00000000761f7031 .text C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe[3944] C:\Windows\syswow64\ADVAPI32.dll!CryptImportKey 000000007590c4d2 5 bytes JMP 00000000761f71f9 .text C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe[3944] C:\Windows\syswow64\ADVAPI32.dll!OpenServiceW 000000007590c9ec 5 bytes JMP 00000000761f3c89 .text C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe[3944] C:\Windows\syswow64\ADVAPI32.dll!CryptAcquireContextW 000000007590deb4 5 bytes JMP 00000000761f6ad9 .text C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe[3944] C:\Windows\syswow64\ADVAPI32.dll!CryptHashData 000000007590ded6 5 bytes JMP 00000000761f7161 .text C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe[3944] C:\Windows\syswow64\ADVAPI32.dll!CryptCreateHash 000000007590deee 5 bytes JMP 00000000761f6f99 .text C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe[3944] C:\Windows\syswow64\ADVAPI32.dll!CryptGetHashParam 000000007590df1e 5 bytes JMP 00000000761f70c9 .text C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe[3944] C:\Windows\syswow64\ADVAPI32.dll!OpenServiceA 0000000075912b70 5 bytes JMP 00000000761f3bf1 .text C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe[3944] C:\Windows\syswow64\ADVAPI32.dll!CloseServiceHandle 000000007591361c 5 bytes JMP 00000000761f40b1 .text C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe[3944] C:\Windows\syswow64\ADVAPI32.dll!RegOpenKeyExA + 222 0000000075914965 5 bytes JMP 00000000761f7a49 .text C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe[3944] C:\Windows\syswow64\ADVAPI32.dll!CreateServiceW 00000000759270c4 5 bytes JMP 00000000761f4311 .text C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe[3944] C:\Windows\syswow64\ADVAPI32.dll!ControlService 00000000759270dc 5 bytes JMP 00000000761f3e51 .text C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe[3944] C:\Windows\syswow64\ADVAPI32.dll!DeleteService 00000000759270f4 5 bytes JMP 00000000761f3ee9 .text C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe[3944] C:\Windows\syswow64\ADVAPI32.dll!CryptEncrypt 0000000075927733 5 bytes JMP 00000000761f6c09 .text C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe[3944] C:\Windows\syswow64\ADVAPI32.dll!ChangeServiceConfigA 00000000759431f4 3 bytes JMP 00000000761f3f81 .text C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe[3944] C:\Windows\syswow64\ADVAPI32.dll!ChangeServiceConfigA + 4 00000000759431f8 1 byte [00] .text C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe[3944] C:\Windows\syswow64\ADVAPI32.dll!ChangeServiceConfigW 0000000075943204 3 bytes JMP 00000000761f4019 .text C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe[3944] C:\Windows\syswow64\ADVAPI32.dll!ChangeServiceConfigW + 4 0000000075943208 1 byte [00] .text C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe[3944] C:\Windows\syswow64\ADVAPI32.dll!ControlServiceExA 0000000075943214 3 bytes JMP 00000000761f3d21 .text C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe[3944] C:\Windows\syswow64\ADVAPI32.dll!ControlServiceExA + 4 0000000075943218 1 byte [00] .text C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe[3944] C:\Windows\syswow64\ADVAPI32.dll!ControlServiceExW 0000000075943224 3 bytes JMP 00000000761f3db9 .text C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe[3944] C:\Windows\syswow64\ADVAPI32.dll!ControlServiceExW + 4 0000000075943228 1 byte [00] .text C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe[3944] C:\Windows\syswow64\ADVAPI32.dll!CreateServiceA 0000000075943264 3 bytes JMP 00000000761f4279 .text C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe[3944] C:\Windows\syswow64\ADVAPI32.dll!CreateServiceA + 4 0000000075943268 1 byte [00] .text C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe[3944] C:\Windows\syswow64\USER32.dll!GetMessageW 0000000076af78e2 5 bytes JMP 00000001761f4441 .text C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe[3944] C:\Windows\syswow64\USER32.dll!GetMessageA 0000000076af7bd3 5 bytes JMP 00000001761f43a9 .text C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe[3944] C:\Windows\syswow64\USER32.dll!CreateWindowExW 0000000076af8a29 5 bytes JMP 00000001761f4f89 .text C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe[3944] C:\Windows\syswow64\USER32.dll!FindWindowW 0000000076af98fd 1 byte JMP 00000001761f5c01 .text C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe[3944] C:\Windows\syswow64\USER32.dll!FindWindowW + 2 0000000076af98ff 3 bytes {JMP 0xffffffffff6fc304} .text C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe[3944] C:\Windows\syswow64\USER32.dll!UserClientDllInitialize 0000000076afb6ed 5 bytes JMP 00000001761f7ae1 .text C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe[3944] C:\Windows\syswow64\USER32.dll!CreateWindowExA 0000000076afd22e 5 bytes JMP 00000001761f5021 .text C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe[3944] C:\Windows\syswow64\USER32.dll!SetWinEventHook 0000000076afee09 5 bytes JMP 00000001761f34d1 .text C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe[3944] C:\Windows\syswow64\USER32.dll!FindWindowA 0000000076afffe6 5 bytes JMP 00000001761f5ad1 .text C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe[3944] C:\Windows\syswow64\USER32.dll!FindWindowExA 0000000076b000d9 5 bytes JMP 00000001761f5b69 .text C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe[3944] C:\Windows\syswow64\USER32.dll!PeekMessageW 0000000076b005ba 5 bytes JMP 00000001761f4571 .text C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe[3944] C:\Windows\syswow64\USER32.dll!ShowWindow 0000000076b00dfb 5 bytes JMP 00000001761f50b9 .text C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe[3944] C:\Windows\syswow64\USER32.dll!PostMessageW 0000000076b012a5 5 bytes JMP 00000001761f7621 .text C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe[3944] C:\Windows\syswow64\USER32.dll!SetWindowTextW 0000000076b020ec 5 bytes JMP 00000001761f5449 .text C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe[3944] C:\Windows\syswow64\USER32.dll!PostMessageA 0000000076b03baa 5 bytes JMP 00000001761f7589 .text C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe[3944] C:\Windows\syswow64\USER32.dll!PeekMessageA 0000000076b05f74 5 bytes JMP 00000001761f44d9 .text C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe[3944] C:\Windows\syswow64\USER32.dll!CallNextHookEx 0000000076b06285 5 bytes JMP 00000001761f4bf9 .text C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe[3944] C:\Windows\syswow64\USER32.dll!SetWindowsHookExW 0000000076b07603 5 bytes JMP 00000001761f2be9 .text C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe[3944] C:\Windows\syswow64\USER32.dll!SetWindowTextA 0000000076b07aee 5 bytes JMP 00000001761f53b1 .text C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe[3944] C:\Windows\syswow64\USER32.dll!SetWindowsHookExA 0000000076b0835c 5 bytes JMP 00000001761f2b51 .text C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe[3944] C:\Windows\syswow64\USER32.dll!DialogBoxIndirectParamAorW 0000000076b1ce54 5 bytes JMP 00000001761f51e9 .text C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe[3944] C:\Windows\syswow64\USER32.dll!UnhookWindowsHookEx 0000000076b1f52b 5 bytes JMP 00000001761f4c91 .text C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe[3944] C:\Windows\syswow64\USER32.dll!FindWindowExW 0000000076b1f588 5 bytes JMP 00000001761f5c99 .text C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe[3944] C:\Windows\syswow64\USER32.dll!CreateDialogIndirectParamAorW 0000000076b210a0 5 bytes JMP 00000001761f5151 .text C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe[3944] C:\Windows\syswow64\USER32.dll!MessageBoxExA 0000000076b4fcd6 2 bytes JMP 00000001761f5281 .text C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe[3944] C:\Windows\syswow64\USER32.dll!MessageBoxExA + 3 0000000076b4fcd9 2 bytes [6A, FF] .text C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe[3944] C:\Windows\syswow64\USER32.dll!MessageBoxExW 0000000076b4fcfa 5 bytes JMP 00000001761f5319 .text C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe[3944] C:\Windows\syswow64\SHELL32.dll!Shell_NotifyIconW 0000000000a80179 5 bytes JMP 00000000761f4d29 .text C:\Program Files (x86)\Dolby Home Theater v4\pcee4.exe[3924] C:\Windows\SYSTEM32\ntdll.dll!RtlEqualSid + 1 0000000077b68611 11 bytes [B8, F9, 20, 3E, 76, 00, 00, ...] .text C:\Program Files (x86)\Dolby Home Theater v4\pcee4.exe[3924] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateProcessParametersEx + 1 0000000077b76741 7 bytes [B8, 39, 69, 3D, 76, 00, 00] .text C:\Program Files (x86)\Dolby Home Theater v4\pcee4.exe[3924] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateProcessParametersEx + 10 0000000077b7674a 2 bytes [50, C3] .text C:\Program Files (x86)\Dolby Home Theater v4\pcee4.exe[3924] C:\Windows\SYSTEM32\ntdll.dll!NtWriteFile 0000000077b8dc50 6 bytes [48, B8, F9, 2E, 3E, 76] .text C:\Program Files (x86)\Dolby Home Theater v4\pcee4.exe[3924] C:\Windows\SYSTEM32\ntdll.dll!NtWriteFile + 8 0000000077b8dc58 4 bytes [00, 00, 50, C3] .text C:\Program Files (x86)\Dolby Home Theater v4\pcee4.exe[3924] C:\Windows\SYSTEM32\ntdll.dll!NtClose 0000000077b8dcc0 6 bytes [48, B8, 79, DE, 3D, 76] .text C:\Program Files (x86)\Dolby Home Theater v4\pcee4.exe[3924] C:\Windows\SYSTEM32\ntdll.dll!NtClose + 8 0000000077b8dcc8 4 bytes [00, 00, 50, C3] .text C:\Program Files (x86)\Dolby Home Theater v4\pcee4.exe[3924] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess 0000000077b8dd90 6 bytes [48, B8, 39, CB, 3D, 76] .text C:\Program Files (x86)\Dolby Home Theater v4\pcee4.exe[3924] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess + 8 0000000077b8dd98 4 bytes [00, 00, 50, C3] .text C:\Program Files (x86)\Dolby Home Theater v4\pcee4.exe[3924] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationToken 0000000077b8dde0 6 bytes [48, B8, 39, 1F, 3E, 76] .text C:\Program Files (x86)\Dolby Home Theater v4\pcee4.exe[3924] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationToken + 8 0000000077b8dde8 4 bytes [00, 00, 50, C3] .text C:\Program Files (x86)\Dolby Home Theater v4\pcee4.exe[3924] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077b8de30 6 bytes [48, B8, F9, 32, 3D, 76] .text C:\Program Files (x86)\Dolby Home Theater v4\pcee4.exe[3924] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess + 8 0000000077b8de38 4 bytes [00, 00, 50, C3] .text C:\Program Files (x86)\Dolby Home Theater v4\pcee4.exe[3924] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 0000000077b8de50 6 bytes [48, B8, 39, 1C, 3D, 76] .text C:\Program Files (x86)\Dolby Home Theater v4\pcee4.exe[3924] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection + 8 0000000077b8de58 4 bytes [00, 00, 50, C3] .text C:\Program Files (x86)\Dolby Home Theater v4\pcee4.exe[3924] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection 0000000077b8de70 6 bytes [48, B8, F9, 1D, 3D, 76] .text C:\Program Files (x86)\Dolby Home Theater v4\pcee4.exe[3924] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection + 8 0000000077b8de78 4 bytes [00, 00, 50, C3] .text C:\Program Files (x86)\Dolby Home Theater v4\pcee4.exe[3924] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077b8de90 6 bytes [48, B8, 79, C9, 3D, 76] .text C:\Program Files (x86)\Dolby Home Theater v4\pcee4.exe[3924] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess + 8 0000000077b8de98 4 bytes [00, 00, 50, C3] .text C:\Program Files (x86)\Dolby Home Theater v4\pcee4.exe[3924] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077b8df40 6 bytes [48, B8, 39, 2D, 3E, 76] .text C:\Program Files (x86)\Dolby Home Theater v4\pcee4.exe[3924] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection + 8 0000000077b8df48 4 bytes [00, 00, 50, C3] .text C:\Program Files (x86)\Dolby Home Theater v4\pcee4.exe[3924] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077b8df70 6 bytes [48, B8, 79, 2F, 3D, 76] .text C:\Program Files (x86)\Dolby Home Theater v4\pcee4.exe[3924] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory + 8 0000000077b8df78 4 bytes [00, 00, 50, C3] .text C:\Program Files (x86)\Dolby Home Theater v4\pcee4.exe[3924] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077b8df90 6 bytes [48, B8, 79, 36, 3D, 76] .text C:\Program Files (x86)\Dolby Home Theater v4\pcee4.exe[3924] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject + 8 0000000077b8df98 4 bytes [00, 00, 50, C3] .text C:\Program Files (x86)\Dolby Home Theater v4\pcee4.exe[3924] C:\Windows\SYSTEM32\ntdll.dll!NtAdjustPrivilegesToken 0000000077b8dfe0 6 bytes [48, B8, 79, FA, 3D, 76] .text C:\Program Files (x86)\Dolby Home Theater v4\pcee4.exe[3924] C:\Windows\SYSTEM32\ntdll.dll!NtAdjustPrivilegesToken + 8 0000000077b8dfe8 4 bytes [00, 00, 50, C3] .text C:\Program Files (x86)\Dolby Home Theater v4\pcee4.exe[3924] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 0000000077b8e020 6 bytes [48, B8, B9, 34, 3D, 76] .text C:\Program Files (x86)\Dolby Home Theater v4\pcee4.exe[3924] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread + 8 0000000077b8e028 4 bytes [00, 00, 50, C3] .text C:\Program Files (x86)\Dolby Home Theater v4\pcee4.exe[3924] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077b8e070 6 bytes [48, B8, B9, 30, 3E, 76] .text C:\Program Files (x86)\Dolby Home Theater v4\pcee4.exe[3924] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection + 8 0000000077b8e078 4 bytes [00, 00, 50, C3] .text C:\Program Files (x86)\Dolby Home Theater v4\pcee4.exe[3924] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcessEx 0000000077b8e0a0 6 bytes [48, B8, 39, 2A, 3D, 76] .text C:\Program Files (x86)\Dolby Home Theater v4\pcee4.exe[3924] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcessEx + 8 0000000077b8e0a8 4 bytes [00, 00, 50, C3] .text C:\Program Files (x86)\Dolby Home Theater v4\pcee4.exe[3924] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077b8e0b0 6 bytes [48, B8, B9, 26, 3D, 76] .text C:\Program Files (x86)\Dolby Home Theater v4\pcee4.exe[3924] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread + 8 0000000077b8e0b8 4 bytes [00, 00, 50, C3] .text C:\Program Files (x86)\Dolby Home Theater v4\pcee4.exe[3924] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 0000000077b8e120 6 bytes [48, B8, 39, FC, 3D, 76] .text C:\Program Files (x86)\Dolby Home Theater v4\pcee4.exe[3924] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile + 8 0000000077b8e128 4 bytes [00, 00, 50, C3] .text C:\Program Files (x86)\Dolby Home Theater v4\pcee4.exe[3924] C:\Windows\SYSTEM32\ntdll.dll!NtSetValueKey 0000000077b8e1d0 6 bytes [48, B8, 39, 34, 3E, 76] .text C:\Program Files (x86)\Dolby Home Theater v4\pcee4.exe[3924] C:\Windows\SYSTEM32\ntdll.dll!NtSetValueKey + 8 0000000077b8e1d8 4 bytes [00, 00, 50, C3] .text C:\Program Files (x86)\Dolby Home Theater v4\pcee4.exe[3924] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077b8e5a0 6 bytes [48, B8, 79, 2B, 3E, 76] .text C:\Program Files (x86)\Dolby Home Theater v4\pcee4.exe[3924] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant + 8 0000000077b8e5a8 4 bytes [00, 00, 50, C3] .text C:\Program Files (x86)\Dolby Home Theater v4\pcee4.exe[3924] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcess 0000000077b8e5f0 6 bytes [48, B8, 79, 28, 3D, 76] .text C:\Program Files (x86)\Dolby Home Theater v4\pcee4.exe[3924] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcess + 8 0000000077b8e5f8 4 bytes [00, 00, 50, C3] .text C:\Program Files (x86)\Dolby Home Theater v4\pcee4.exe[3924] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077b8e650 6 bytes [48, B8, F9, 24, 3D, 76] .text C:\Program Files (x86)\Dolby Home Theater v4\pcee4.exe[3924] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx + 8 0000000077b8e658 4 bytes [00, 00, 50, C3] .text C:\Program Files (x86)\Dolby Home Theater v4\pcee4.exe[3924] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077b8e9c0 6 bytes [48, B8, 39, E0, 3D, 76] .text C:\Program Files (x86)\Dolby Home Theater v4\pcee4.exe[3924] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver + 8 0000000077b8e9c8 4 bytes [00, 00, 50, C3] .text C:\Program Files (x86)\Dolby Home Theater v4\pcee4.exe[3924] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcessToken 0000000077b8eb90 6 bytes [48, B8, 79, 1D, 3E, 76] .text C:\Program Files (x86)\Dolby Home Theater v4\pcee4.exe[3924] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcessToken + 8 0000000077b8eb98 4 bytes [00, 00, 50, C3] .text C:\Program Files (x86)\Dolby Home Theater v4\pcee4.exe[3924] C:\Windows\SYSTEM32\ntdll.dll!NtRaiseHardError 0000000077b8ef00 6 bytes [48, B8, 79, 83, 3D, 76] .text C:\Program Files (x86)\Dolby Home Theater v4\pcee4.exe[3924] C:\Windows\SYSTEM32\ntdll.dll!NtRaiseHardError + 8 0000000077b8ef08 4 bytes [00, 00, 50, C3] .text C:\Program Files (x86)\Dolby Home Theater v4\pcee4.exe[3924] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077b8f100 6 bytes [48, B8, 39, 31, 3D, 76] .text C:\Program Files (x86)\Dolby Home Theater v4\pcee4.exe[3924] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread + 8 0000000077b8f108 4 bytes [00, 00, 50, C3] .text C:\Program Files (x86)\Dolby Home Theater v4\pcee4.exe[3924] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077b8f2c0 6 bytes [48, B8, F9, E1, 3D, 76] .text C:\Program Files (x86)\Dolby Home Theater v4\pcee4.exe[3924] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation + 8 0000000077b8f2c8 4 bytes [00, 00, 50, C3] .text C:\Program Files (x86)\Dolby Home Theater v4\pcee4.exe[3924] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077b8f3a0 6 bytes [48, B8, 79, 3D, 3D, 76] .text C:\Program Files (x86)\Dolby Home Theater v4\pcee4.exe[3924] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess + 8 0000000077b8f3a8 4 bytes [00, 00, 50, C3] .text C:\Program Files (x86)\Dolby Home Theater v4\pcee4.exe[3924] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077b8f3b0 6 bytes [48, B8, B9, 3B, 3D, 76] .text C:\Program Files (x86)\Dolby Home Theater v4\pcee4.exe[3924] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread + 8 0000000077b8f3b8 4 bytes [00, 00, 50, C3] .text C:\Program Files (x86)\Dolby Home Theater v4\pcee4.exe[3924] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077b8f3c0 6 bytes [48, B8, 79, 32, 3E, 76] .text C:\Program Files (x86)\Dolby Home Theater v4\pcee4.exe[3924] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl + 8 0000000077b8f3c8 4 bytes [00, 00, 50, C3] .text C:\Program Files (x86)\Dolby Home Theater v4\pcee4.exe[3924] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077b8f4a0 6 bytes [48, B8, 39, 26, 3E, 76] .text C:\Program Files (x86)\Dolby Home Theater v4\pcee4.exe[3924] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl + 8 0000000077b8f4a8 4 bytes [00, 00, 50, C3] .text C:\Program Files (x86)\Dolby Home Theater v4\pcee4.exe[3924] C:\Windows\SYSTEM32\ntdll.dll!RtlReportException + 1 0000000077bfea21 11 bytes [B8, 39, 85, 3D, 76, 00, 00, ...] .text C:\Program Files (x86)\Dolby Home Theater v4\pcee4.exe[3924] C:\Windows\system32\KERNEL32.dll!Process32NextW + 1 0000000077a21b21 11 bytes [B8, B9, DC, 3D, 76, 00, 00, ...] .text C:\Program Files (x86)\Dolby Home Theater v4\pcee4.exe[3924] C:\Windows\system32\KERNEL32.dll!CreateToolhelp32Snapshot 0000000077a21c10 12 bytes [48, B8, F9, 39, 3D, 76, 00, ...] .text C:\Program Files (x86)\Dolby Home Theater v4\pcee4.exe[3924] C:\Windows\system32\KERNEL32.dll!MoveFileExW + 1 0000000077a22b61 8 bytes [B8, B9, F1, 3D, 76, 00, 00, ...] .text C:\Program Files (x86)\Dolby Home Theater v4\pcee4.exe[3924] C:\Windows\system32\KERNEL32.dll!MoveFileExW + 10 0000000077a22b6a 2 bytes [50, C3] .text C:\Program Files (x86)\Dolby Home Theater v4\pcee4.exe[3924] C:\Windows\system32\KERNEL32.dll!CreateProcessInternalW 0000000077a3dbc0 12 bytes [48, B8, B9, 2D, 3D, 76, 00, ...] .text C:\Program Files (x86)\Dolby Home Theater v4\pcee4.exe[3924] C:\Windows\system32\KERNEL32.dll!GetStartupInfoA + 1 0000000077a40941 2 bytes [B8, 79] .text C:\Program Files (x86)\Dolby Home Theater v4\pcee4.exe[3924] C:\Windows\system32\KERNEL32.dll!GetStartupInfoA + 4 0000000077a40944 8 bytes [3E, 76, 00, 00, 00, 00, 50, ...] .text C:\Program Files (x86)\Dolby Home Theater v4\pcee4.exe[3924] C:\Windows\system32\KERNEL32.dll!ReadConsoleInputW + 1 0000000077a75331 11 bytes [B8, B9, 7A, 3D, 76, 00, 00, ...] .text C:\Program Files (x86)\Dolby Home Theater v4\pcee4.exe[3924] C:\Windows\system32\KERNEL32.dll!ReadConsoleInputA + 1 0000000077a75351 11 bytes [B8, 39, 77, 3D, 76, 00, 00, ...] .text C:\Program Files (x86)\Dolby Home Theater v4\pcee4.exe[3924] C:\Windows\system32\KERNEL32.dll!ReadConsoleW 0000000077a8a660 12 bytes [48, B8, B9, 81, 3D, 76, 00, ...] .text C:\Program Files (x86)\Dolby Home Theater v4\pcee4.exe[3924] C:\Windows\system32\KERNEL32.dll!ReadConsoleA 0000000077a8a770 12 bytes [48, B8, 39, 7E, 3D, 76, 00, ...] .text C:\Program Files (x86)\Dolby Home Theater v4\pcee4.exe[3924] C:\Windows\system32\KERNEL32.dll!MoveFileWithProgressW + 1 0000000077aaf511 11 bytes [B8, B9, F8, 3D, 76, 00, 00, ...] .text C:\Program Files (x86)\Dolby Home Theater v4\pcee4.exe[3924] C:\Windows\system32\KERNEL32.dll!MoveFileWithProgressA + 1 0000000077aaf711 11 bytes [B8, 39, F5, 3D, 76, 00, 00, ...] .text C:\Program Files (x86)\Dolby Home Theater v4\pcee4.exe[3924] C:\Windows\system32\KERNEL32.dll!MoveFileExA + 1 0000000077aaf741 8 bytes [B8, 39, EE, 3D, 76, 00, 00, ...] .text C:\Program Files (x86)\Dolby Home Theater v4\pcee4.exe[3924] C:\Windows\system32\KERNEL32.dll!MoveFileExA + 10 0000000077aaf74a 2 bytes [50, C3] .text C:\Program Files (x86)\Dolby Home Theater v4\pcee4.exe[3924] C:\Windows\system32\KERNELBASE.dll!CloseHandle + 1 000007fefdc51861 11 bytes [B8, 79, 52, 3D, 76, 00, 00, ...] .text C:\Program Files (x86)\Dolby Home Theater v4\pcee4.exe[3924] C:\Windows\system32\KERNELBASE.dll!GetProcAddress + 1 000007fefdc530f1 11 bytes [B8, 39, D2, 3D, 76, 00, 00, ...] .text C:\Program Files (x86)\Dolby Home Theater v4\pcee4.exe[3924] C:\Windows\system32\KERNELBASE.dll!FindFirstFileExW 000007fefdc55200 12 bytes [48, B8, B9, FF, 3D, 76, 00, ...] .text C:\Program Files (x86)\Dolby Home Theater v4\pcee4.exe[3924] C:\Windows\system32\KERNELBASE.dll!FindNextFileW + 1 000007fefdc55b91 11 bytes [B8, 79, 01, 3E, 76, 00, 00, ...] .text C:\Program Files (x86)\Dolby Home Theater v4\pcee4.exe[3924] C:\Windows\system32\KERNELBASE.dll!CreateMutexW 000007fefdc58c00 12 bytes [48, B8, B9, 50, 3D, 76, 00, ...] .text C:\Program Files (x86)\Dolby Home Theater v4\pcee4.exe[3924] C:\Windows\system32\KERNELBASE.dll!CreateWellKnownSid + 1 000007fefdc59531 11 bytes [B8, B9, 1B, 3E, 76, 00, 00, ...] .text C:\Program Files (x86)\Dolby Home Theater v4\pcee4.exe[3924] C:\Windows\system32\KERNELBASE.dll!DeviceIoControl + 1 000007fefdc59e71 11 bytes [B8, F9, FD, 3D, 76, 00, 00, ...] .text C:\Program Files (x86)\Dolby Home Theater v4\pcee4.exe[3924] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExA + 1 000007fefdc5b591 11 bytes [B8, F9, CC, 3D, 76, 00, 00, ...] .text C:\Program Files (x86)\Dolby Home Theater v4\pcee4.exe[3924] C:\Windows\system32\KERNELBASE.dll!OpenMutexW + 1 000007fefdc62361 11 bytes [B8, F9, 4E, 3D, 76, 00, 00, ...] .text C:\Program Files (x86)\Dolby Home Theater v4\pcee4.exe[3924] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefdc6a590 12 bytes [48, B8, B9, CE, 3D, 76, 00, ...] .text C:\Program Files (x86)\Dolby Home Theater v4\pcee4.exe[3924] C:\Windows\system32\KERNELBASE.dll!FreeLibrary + 1 000007fefdc6ac01 11 bytes [B8, 79, D0, 3D, 76, 00, 00, ...] .text C:\Program Files (x86)\Dolby Home Theater v4\pcee4.exe[3924] C:\Windows\system32\KERNELBASE.dll!WriteProcessMemory 000007fefdc842e0 12 bytes [48, B8, B9, 42, 3D, 76, 00, ...] .text C:\Program Files (x86)\Dolby Home Theater v4\pcee4.exe[3924] C:\Windows\system32\KERNELBASE.dll!DefineDosDeviceW + 1 000007fefdc90ba1 11 bytes [B8, B9, EA, 3D, 76, 00, 00, ...] .text C:\Program Files (x86)\Dolby Home Theater v4\pcee4.exe[3924] C:\Windows\system32\KERNELBASE.dll!CreateRemoteThread + 1 000007fefdc92801 8 bytes [B8, 39, 23, 3D, 76, 00, 00, ...] .text C:\Program Files (x86)\Dolby Home Theater v4\pcee4.exe[3924] C:\Windows\system32\KERNELBASE.dll!CreateRemoteThread + 10 000007fefdc9280a 2 bytes [50, C3] .text C:\Program Files (x86)\Dolby Home Theater v4\pcee4.exe[3924] C:\Windows\system32\KERNELBASE.dll!CreateThread + 1 000007fefdc92841 11 bytes [B8, F9, 40, 3D, 76, 00, 00, ...] .text C:\Program Files (x86)\Dolby Home Theater v4\pcee4.exe[3924] C:\Windows\system32\ADVAPI32.dll!CryptExportKey + 1 000007fefdcfaeb1 11 bytes [B8, B9, 14, 3E, 76, 00, 00, ...] .text C:\Program Files (x86)\Dolby Home Theater v4\pcee4.exe[3924] C:\Windows\system32\ADVAPI32.dll!CryptAcquireContextA + 1 000007fefdcfaf11 11 bytes [B8, 39, 03, 3E, 76, 00, 00, ...] .text C:\Program Files (x86)\Dolby Home Theater v4\pcee4.exe[3924] C:\Windows\system32\ADVAPI32.dll!CryptImportKey + 1 000007fefdcfe719 11 bytes [B8, F9, 19, 3E, 76, 00, 00, ...] .text C:\Program Files (x86)\Dolby Home Theater v4\pcee4.exe[3924] C:\Windows\system32\ADVAPI32.dll!CryptAcquireContextW + 1 000007fefdd0051d 11 bytes [B8, F9, 04, 3E, 76, 00, 00, ...] .text C:\Program Files (x86)\Dolby Home Theater v4\pcee4.exe[3924] C:\Windows\system32\ADVAPI32.dll!CryptCreateHash + 1 000007fefdd00609 11 bytes [B8, F9, 12, 3E, 76, 00, 00, ...] .text C:\Program Files (x86)\Dolby Home Theater v4\pcee4.exe[3924] C:\Windows\system32\ADVAPI32.dll!CryptGetHashParam + 1 000007fefdd00641 11 bytes [B8, 79, 16, 3E, 76, 00, 00, ...] .text C:\Program Files (x86)\Dolby Home Theater v4\pcee4.exe[3924] C:\Windows\system32\ADVAPI32.dll!CryptGetHashParam + 73 000007fefdd00689 5 bytes [B8, 39, 18, 3E, 76] .text ... * 2 .text C:\Program Files (x86)\Dolby Home Theater v4\pcee4.exe[3924] C:\Windows\system32\ADVAPI32.dll!IsTextUnicode + 49 000007fefdd14ea1 11 bytes [B8, F9, 35, 3E, 76, 00, 00, ...] .text C:\Program Files (x86)\Dolby Home Theater v4\pcee4.exe[3924] C:\Windows\system32\ADVAPI32.dll!CreateServiceW 000007fefdd155c8 12 bytes [48, B8, B9, 6C, 3D, 76, 00, ...] .text C:\Program Files (x86)\Dolby Home Theater v4\pcee4.exe[3924] C:\Windows\system32\ADVAPI32.dll!CryptEncrypt + 1 000007fefdd2b7d1 7 bytes [B8, 79, 08, 3E, 76, 00, 00] .text C:\Program Files (x86)\Dolby Home Theater v4\pcee4.exe[3924] C:\Windows\system32\ADVAPI32.dll!CryptEncrypt + 10 000007fefdd2b7da 2 bytes [50, C3] .text C:\Program Files (x86)\Dolby Home Theater v4\pcee4.exe[3924] C:\Windows\system32\ADVAPI32.dll!CreateServiceA 000007fefdd2b85c 12 bytes [48, B8, F9, 6A, 3D, 76, 00, ...] .text C:\Program Files (x86)\Dolby Home Theater v4\pcee4.exe[3924] C:\Windows\system32\ADVAPI32.dll!ChangeServiceConfigW 000007fefdd2b9d0 12 bytes [48, B8, 79, 60, 3D, 76, 00, ...] .text C:\Program Files (x86)\Dolby Home Theater v4\pcee4.exe[3924] C:\Windows\system32\ADVAPI32.dll!ChangeServiceConfigA 000007fefdd2ba3c 12 bytes [48, B8, B9, 5E, 3D, 76, 00, ...] .text C:\Program Files (x86)\Dolby Home Theater v4\pcee4.exe[3924] C:\Windows\SYSTEM32\sechost.dll!ControlService + 1 000007feff6f642d 11 bytes [B8, 39, 5B, 3D, 76, 00, 00, ...] .text C:\Program Files (x86)\Dolby Home Theater v4\pcee4.exe[3924] C:\Windows\SYSTEM32\sechost.dll!OpenServiceW 000007feff6f6484 12 bytes [48, B8, F9, 55, 3D, 76, 00, ...] .text C:\Program Files (x86)\Dolby Home Theater v4\pcee4.exe[3924] C:\Windows\SYSTEM32\sechost.dll!CloseServiceHandle + 1 000007feff6f6519 11 bytes [B8, 39, 62, 3D, 76, 00, 00, ...] .text C:\Program Files (x86)\Dolby Home Theater v4\pcee4.exe[3924] C:\Windows\SYSTEM32\sechost.dll!OpenServiceA 000007feff6f6c34 12 bytes [48, B8, 39, 54, 3D, 76, 00, ...] .text C:\Program Files (x86)\Dolby Home Theater v4\pcee4.exe[3924] C:\Windows\SYSTEM32\sechost.dll!DeleteService + 1 000007feff6f7ab5 11 bytes [B8, F9, 5C, 3D, 76, 00, 00, ...] .text C:\Program Files (x86)\Dolby Home Theater v4\pcee4.exe[3924] C:\Windows\SYSTEM32\sechost.dll!ControlServiceExA + 1 000007feff6f8b01 11 bytes [B8, B9, 57, 3D, 76, 00, 00, ...] .text C:\Program Files (x86)\Dolby Home Theater v4\pcee4.exe[3924] C:\Windows\SYSTEM32\sechost.dll!ControlServiceExW + 1 000007feff6f8c39 11 bytes [B8, 79, 59, 3D, 76, 00, 00, ...] .text C:\Program Files (x86)\Dolby Home Theater v4\pcee4.exe[3924] C:\Windows\system32\urlmon.dll!URLDownloadToCacheFileW 000007feff752fc0 12 bytes [48, B8, B9, 65, 3D, 76, 00, ...] .text C:\Program Files (x86)\Dolby Home Theater v4\pcee4.exe[3924] C:\Windows\system32\urlmon.dll!URLDownloadToFileW + 1 000007feff775891 11 bytes [B8, F9, 63, 3D, 76, 00, 00, ...] .text C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe[3820] C:\Windows\SysWOW64\ntdll.dll!NtWriteFile 0000000077d3f924 5 bytes JMP 00000001761f77e9 .text C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe[3820] C:\Windows\SysWOW64\ntdll.dll!NtClose 0000000077d3f9dc 5 bytes JMP 00000001761f5e61 .text C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe[3820] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationProcess 0000000077d3fb24 5 bytes JMP 00000001761f5871 .text C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe[3820] C:\Windows\SysWOW64\ntdll.dll!NtQueryInformationToken 0000000077d3fba4 5 bytes JMP 00000001761f73c1 .text C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe[3820] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess 0000000077d3fc1c 5 bytes JMP 00000001761f31d9 .text C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe[3820] C:\Windows\SysWOW64\ntdll.dll!NtMapViewOfSection 0000000077d3fc4c 5 bytes JMP 00000001761f15f1 .text C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe[3820] C:\Windows\SysWOW64\ntdll.dll!NtUnmapViewOfSection 0000000077d3fc7c 5 bytes JMP 00000001761f1689 .text C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe[3820] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 0000000077d3fcac 5 bytes JMP 00000001761f57d9 .text C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe[3820] C:\Windows\SysWOW64\ntdll.dll!NtOpenSection 0000000077d3fdc4 5 bytes JMP 00000001761f7751 .text C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe[3820] C:\Windows\SysWOW64\ntdll.dll!NtWriteVirtualMemory 0000000077d3fe10 5 bytes JMP 00000001761f30a9 .text C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe[3820] C:\Windows\SysWOW64\ntdll.dll!NtDuplicateObject 0000000077d3fe40 5 bytes JMP 00000001761f3309 .text C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe[3820] C:\Windows\SysWOW64\ntdll.dll!NtAdjustPrivilegesToken 0000000077d3febc 5 bytes JMP 00000001761f67e1 .text C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe[3820] C:\Windows\SysWOW64\ntdll.dll!NtQueueApcThread 0000000077d3ff20 5 bytes JMP 00000001761f3271 .text C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe[3820] C:\Windows\SysWOW64\ntdll.dll!NtCreateSection 0000000077d3ffa0 5 bytes JMP 00000001761f7881 .text C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe[3820] C:\Windows\SysWOW64\ntdll.dll!NtCreateProcessEx 0000000077d3ffe8 5 bytes JMP 00000001761f2ee1 .text C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe[3820] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread 0000000077d40000 5 bytes JMP 00000001761f2db1 .text C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe[3820] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile 0000000077d400b0 5 bytes JMP 00000001761f1ed9 .text C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe[3820] C:\Windows\SysWOW64\ntdll.dll!NtSetValueKey 0000000077d401c0 5 bytes JMP 00000001761f2301 .text C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe[3820] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant 0000000077d40798 5 bytes JMP 00000001761f76b9 .text C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe[3820] C:\Windows\SysWOW64\ntdll.dll!NtCreateProcess 0000000077d40810 5 bytes JMP 00000001761f2e49 .text C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe[3820] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx 0000000077d408a0 5 bytes JMP 00000001761f2d19 .text C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe[3820] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver 0000000077d40df0 5 bytes JMP 00000001761f5ef9 .text C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe[3820] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessToken 0000000077d410bc 5 bytes JMP 00000001761f7329 .text C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe[3820] C:\Windows\SysWOW64\ntdll.dll!NtRaiseHardError 0000000077d41600 5 bytes JMP 00000001761f4ac9 .text C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe[3820] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread 0000000077d4191c 5 bytes JMP 00000001761f3141 .text C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe[3820] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation 0000000077d41be0 5 bytes JMP 00000001761f5f91 .text C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe[3820] C:\Windows\SysWOW64\ntdll.dll!NtSuspendProcess 0000000077d41d50 5 bytes JMP 00000001761f3439 .text C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe[3820] C:\Windows\SysWOW64\ntdll.dll!NtSuspendThread 0000000077d41d6c 5 bytes JMP 00000001761f33a1 .text C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe[3820] C:\Windows\SysWOW64\ntdll.dll!NtSystemDebugControl 0000000077d41d88 5 bytes JMP 00000001761f7919 .text C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe[3820] C:\Windows\SysWOW64\ntdll.dll!NtVdmControl 0000000077d41ee4 5 bytes JMP 00000001761f74f1 .text C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe[3820] C:\Windows\SysWOW64\ntdll.dll!RtlQueryPerformanceCounter 0000000077d54924 5 bytes JMP 00000001761f1ab1 .text C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe[3820] C:\Windows\SysWOW64\ntdll.dll!RtlEqualSid 0000000077d60f81 5 bytes JMP 00000001761f7459 .text C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe[3820] C:\Windows\SysWOW64\ntdll.dll!RtlCreateProcessParametersEx 0000000077d80edb 5 bytes JMP 00000001761f2009 .text C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe[3820] C:\Windows\SysWOW64\ntdll.dll!RtlReportException 0000000077dc886f 5 bytes JMP 00000001761f4b61 .text C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe[3820] C:\Windows\SysWOW64\ntdll.dll!RtlCreateProcessParameters 0000000077dceb0b 5 bytes JMP 00000001761f1f71 .text C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe[3820] C:\Windows\syswow64\kernel32.dll!GetStartupInfoA 0000000077820e00 5 bytes JMP 00000001761f1da9 .text C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe[3820] C:\Windows\syswow64\kernel32.dll!CreateProcessA 0000000077821072 5 bytes JMP 00000001761f2a21 .text C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe[3820] C:\Windows\syswow64\kernel32.dll!LoadLibraryA 0000000077824977 5 bytes JMP 00000001761f25f9 .text C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe[3820] C:\Windows\syswow64\kernel32.dll!CreateProcessInternalW 0000000077833b93 5 bytes JMP 00000001761f3011 .text C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe[3820] C:\Windows\syswow64\kernel32.dll!MoveFileWithProgressW 0000000077839a74 5 bytes JMP 00000001761f6749 .text C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe[3820] C:\Windows\syswow64\kernel32.dll!MoveFileExW 0000000077839ad5 5 bytes JMP 00000001761f64e9 .text C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe[3820] C:\Windows\syswow64\kernel32.dll!CreateToolhelp32Snapshot 00000000778472f7 5 bytes JMP 00000001761f2729 .text C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe[3820] C:\Windows\syswow64\kernel32.dll!Process32NextW 00000000778488aa 5 bytes JMP 00000001761f5dc9 .text C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe[3820] C:\Windows\syswow64\kernel32.dll!MoveFileExA 000000007784ccb1 5 bytes JMP 00000001761f63b9 .text C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe[3820] C:\Windows\syswow64\kernel32.dll!MoveFileWithProgressA 000000007784ccd1 5 bytes JMP 00000001761f6619 .text C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe[3820] C:\Windows\syswow64\kernel32.dll!WinExec 00000000778a3041 5 bytes JMP 00000001761f28f1 .text C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe[3820] C:\Windows\syswow64\kernel32.dll!ReadConsoleInputA 00000000778c74fb 5 bytes JMP 00000001761f46a1 .text C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe[3820] C:\Windows\syswow64\kernel32.dll!ReadConsoleInputW 00000000778c751e 5 bytes JMP 00000001761f47d1 .text C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe[3820] C:\Windows\syswow64\kernel32.dll!ReadConsoleA 00000000778c78c9 5 bytes JMP 00000001761f4901 .text C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe[3820] C:\Windows\syswow64\kernel32.dll!ReadConsoleW 00000000778c7942 5 bytes JMP 00000001761f4a31 .text C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe[3820] C:\Windows\syswow64\KERNELBASE.dll!GetSystemTimeAsFileTime 0000000075c08f8d 5 bytes JMP 00000000761f1a19 .text C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe[3820] C:\Windows\syswow64\KERNELBASE.dll!CloseHandle 0000000075c0c436 5 bytes JMP 00000000761f3b59 .text C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe[3820] C:\Windows\syswow64\KERNELBASE.dll!DeviceIoControl 0000000075c0d0af 5 bytes JMP 00000000761f6879 .text C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe[3820] C:\Windows\syswow64\KERNELBASE.dll!WriteProcessMemory 0000000075c0eca6 5 bytes JMP 00000000761f3601 .text C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe[3820] C:\Windows\syswow64\KERNELBASE.dll!ExitProcess 0000000075c0f206 5 bytes JMP 00000000761f2399 .text C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe[3820] C:\Windows\syswow64\KERNELBASE.dll!GetStartupInfoW 0000000075c0fa89 5 bytes JMP 00000000761f1e41 .text C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe[3820] C:\Windows\syswow64\KERNELBASE.dll!DefineDosDeviceW 0000000075c0fbb7 5 bytes JMP 00000000761f6289 .text C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe[3820] C:\Windows\syswow64\KERNELBASE.dll!CreateMutexW 0000000075c11358 5 bytes JMP 00000000761f3ac1 .text C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe[3820] C:\Windows\syswow64\KERNELBASE.dll!OpenMutexW 0000000075c1137f 5 bytes JMP 00000000761f3a29 .text C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe[3820] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000075c11d29 5 bytes JMP 00000000761f1981 .text C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe[3820] C:\Windows\syswow64\KERNELBASE.dll!GetProcAddress 0000000075c11e15 5 bytes JMP 00000000761f24c9 .text C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe[3820] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000075c12ab1 5 bytes JMP 00000000761f59a1 .text C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe[3820] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExA 0000000075c12cd9 5 bytes JMP 00000000761f5909 .text C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe[3820] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000075c12d17 5 bytes JMP 00000000761f5a39 .text C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe[3820] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleA 0000000075c12e7a 5 bytes JMP 00000000761f18e9 .text C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe[3820] C:\Windows\syswow64\KERNELBASE.dll!SleepEx 0000000075c13b70 5 bytes JMP 00000000761f2269 .text C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe[3820] C:\Windows\syswow64\KERNELBASE.dll!Sleep 0000000075c14496 5 bytes JMP 00000000761f2431 .text C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe[3820] C:\Windows\syswow64\KERNELBASE.dll!CreateThread 0000000075c14608 5 bytes JMP 00000000761f3569 .text C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe[3820] C:\Windows\syswow64\KERNELBASE.dll!CreateRemoteThread 0000000075c14631 5 bytes JMP 00000000761f2c81 .text C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe[3820] C:\Windows\syswow64\KERNELBASE.dll!FindNextFileW 0000000075c1a211 5 bytes JMP 00000000761f69a9 .text C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe[3820] C:\Windows\syswow64\KERNELBASE.dll!FindFirstFileExW 0000000075c1a4fa 5 bytes JMP 00000000761f6911 .text C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe[3820] C:\Windows\syswow64\KERNELBASE.dll!CreateFileA 0000000075c1c734 5 bytes JMP 00000000761f27c1 .text C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe[3820] C:\Windows\syswow64\KERNELBASE.dll!CreateWellKnownSid 0000000075c1e29d 5 bytes JMP 00000000761f7291 .text C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe[3820] C:\Windows\syswow64\USER32.dll!GetMessageW 0000000076af78e2 5 bytes JMP 00000001761f4441 .text C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe[3820] C:\Windows\syswow64\USER32.dll!GetMessageA 0000000076af7bd3 5 bytes JMP 00000001761f43a9 .text C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe[3820] C:\Windows\syswow64\USER32.dll!CreateWindowExW 0000000076af8a29 5 bytes JMP 00000001761f4f89 .text C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe[3820] C:\Windows\syswow64\USER32.dll!FindWindowW 0000000076af98fd 1 byte JMP 00000001761f5c01 .text C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe[3820] C:\Windows\syswow64\USER32.dll!FindWindowW + 2 0000000076af98ff 3 bytes {JMP 0xffffffffff6fc304} .text C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe[3820] C:\Windows\syswow64\USER32.dll!UserClientDllInitialize 0000000076afb6ed 5 bytes JMP 00000001761f79b1 .text C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe[3820] C:\Windows\syswow64\USER32.dll!CreateWindowExA 0000000076afd22e 5 bytes JMP 00000001761f5021 .text C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe[3820] C:\Windows\syswow64\USER32.dll!SetWinEventHook 0000000076afee09 5 bytes JMP 00000001761f34d1 .text C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe[3820] C:\Windows\syswow64\USER32.dll!FindWindowA 0000000076afffe6 5 bytes JMP 00000001761f5ad1 .text C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe[3820] C:\Windows\syswow64\USER32.dll!FindWindowExA 0000000076b000d9 5 bytes JMP 00000001761f5b69 .text C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe[3820] C:\Windows\syswow64\USER32.dll!PeekMessageW 0000000076b005ba 5 bytes JMP 00000001761f4571 .text C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe[3820] C:\Windows\syswow64\USER32.dll!ShowWindow 0000000076b00dfb 5 bytes JMP 00000001761f50b9 .text C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe[3820] C:\Windows\syswow64\USER32.dll!PostMessageW 0000000076b012a5 5 bytes JMP 00000001761f7621 .text C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe[3820] C:\Windows\syswow64\USER32.dll!SetWindowTextW 0000000076b020ec 5 bytes JMP 00000001761f5449 .text C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe[3820] C:\Windows\syswow64\USER32.dll!PostMessageA 0000000076b03baa 5 bytes JMP 00000001761f7589 .text C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe[3820] C:\Windows\syswow64\USER32.dll!PeekMessageA 0000000076b05f74 5 bytes JMP 00000001761f44d9 .text C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe[3820] C:\Windows\syswow64\USER32.dll!CallNextHookEx 0000000076b06285 5 bytes JMP 00000001761f4bf9 .text C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe[3820] C:\Windows\syswow64\USER32.dll!SetWindowsHookExW 0000000076b07603 5 bytes JMP 00000001761f2be9 .text C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe[3820] C:\Windows\syswow64\USER32.dll!SetWindowTextA 0000000076b07aee 5 bytes JMP 00000001761f53b1 .text C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe[3820] C:\Windows\syswow64\USER32.dll!SetWindowsHookExA 0000000076b0835c 5 bytes JMP 00000001761f2b51 .text C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe[3820] C:\Windows\syswow64\USER32.dll!DialogBoxIndirectParamAorW 0000000076b1ce54 5 bytes JMP 00000001761f51e9 .text C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe[3820] C:\Windows\syswow64\USER32.dll!UnhookWindowsHookEx 0000000076b1f52b 5 bytes JMP 00000001761f4c91 .text C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe[3820] C:\Windows\syswow64\USER32.dll!FindWindowExW 0000000076b1f588 5 bytes JMP 00000001761f5c99 .text C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe[3820] C:\Windows\syswow64\USER32.dll!CreateDialogIndirectParamAorW 0000000076b210a0 5 bytes JMP 00000001761f5151 .text C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe[3820] C:\Windows\syswow64\USER32.dll!MessageBoxExA 0000000076b4fcd6 2 bytes JMP 00000001761f5281 .text C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe[3820] C:\Windows\syswow64\USER32.dll!MessageBoxExA + 3 0000000076b4fcd9 2 bytes [6A, FF] .text C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe[3820] C:\Windows\syswow64\USER32.dll!MessageBoxExW 0000000076b4fcfa 5 bytes JMP 00000001761f5319 .text C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe[3820] C:\Windows\syswow64\ADVAPI32.dll!CryptGenKey 0000000075908e89 5 bytes JMP 00000000761f6b71 .text C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe[3820] C:\Windows\syswow64\ADVAPI32.dll!CryptAcquireContextA 0000000075909179 5 bytes JMP 00000000761f6a41 .text C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe[3820] C:\Windows\syswow64\ADVAPI32.dll!CryptExportKey 0000000075909186 5 bytes JMP 00000000761f7031 .text C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe[3820] C:\Windows\syswow64\ADVAPI32.dll!CryptImportKey 000000007590c4d2 5 bytes JMP 00000000761f71f9 .text C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe[3820] C:\Windows\syswow64\ADVAPI32.dll!OpenServiceW 000000007590c9ec 5 bytes JMP 00000000761f3c89 .text C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe[3820] C:\Windows\syswow64\ADVAPI32.dll!CryptAcquireContextW 000000007590deb4 5 bytes JMP 00000000761f6ad9 .text C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe[3820] C:\Windows\syswow64\ADVAPI32.dll!CryptHashData 000000007590ded6 5 bytes JMP 00000000761f7161 .text C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe[3820] C:\Windows\syswow64\ADVAPI32.dll!CryptCreateHash 000000007590deee 5 bytes JMP 00000000761f6f99 .text C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe[3820] C:\Windows\syswow64\ADVAPI32.dll!CryptGetHashParam 000000007590df1e 5 bytes JMP 00000000761f70c9 .text C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe[3820] C:\Windows\syswow64\ADVAPI32.dll!OpenServiceA 0000000075912b70 5 bytes JMP 00000000761f3bf1 .text C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe[3820] C:\Windows\syswow64\ADVAPI32.dll!CloseServiceHandle 000000007591361c 5 bytes JMP 00000000761f40b1 .text C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe[3820] C:\Windows\syswow64\ADVAPI32.dll!RegOpenKeyExA + 222 0000000075914965 5 bytes JMP 00000000761f7ae1 .text C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe[3820] C:\Windows\syswow64\ADVAPI32.dll!CreateServiceW 00000000759270c4 5 bytes JMP 00000000761f4311 .text C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe[3820] C:\Windows\syswow64\ADVAPI32.dll!ControlService 00000000759270dc 5 bytes JMP 00000000761f3e51 .text C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe[3820] C:\Windows\syswow64\ADVAPI32.dll!DeleteService 00000000759270f4 5 bytes JMP 00000000761f3ee9 .text C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe[3820] C:\Windows\syswow64\ADVAPI32.dll!CryptEncrypt 0000000075927733 5 bytes JMP 00000000761f6c09 .text C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe[3820] C:\Windows\syswow64\ADVAPI32.dll!ChangeServiceConfigA 00000000759431f4 3 bytes JMP 00000000761f3f81 .text C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe[3820] C:\Windows\syswow64\ADVAPI32.dll!ChangeServiceConfigA + 4 00000000759431f8 1 byte [00] .text C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe[3820] C:\Windows\syswow64\ADVAPI32.dll!ChangeServiceConfigW 0000000075943204 3 bytes JMP 00000000761f4019 .text C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe[3820] C:\Windows\syswow64\ADVAPI32.dll!ChangeServiceConfigW + 4 0000000075943208 1 byte [00] .text C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe[3820] C:\Windows\syswow64\ADVAPI32.dll!ControlServiceExA 0000000075943214 3 bytes JMP 00000000761f3d21 .text C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe[3820] C:\Windows\syswow64\ADVAPI32.dll!ControlServiceExA + 4 0000000075943218 1 byte [00] .text C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe[3820] C:\Windows\syswow64\ADVAPI32.dll!ControlServiceExW 0000000075943224 3 bytes JMP 00000000761f3db9 .text C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe[3820] C:\Windows\syswow64\ADVAPI32.dll!ControlServiceExW + 4 0000000075943228 1 byte [00] .text C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe[3820] C:\Windows\syswow64\ADVAPI32.dll!CreateServiceA 0000000075943264 3 bytes JMP 00000000761f4279 .text C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe[3820] C:\Windows\syswow64\ADVAPI32.dll!CreateServiceA + 4 0000000075943268 1 byte [00] .text C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe[3820] C:\Windows\syswow64\SHELL32.dll!Shell_NotifyIconW 0000000000650179 5 bytes JMP 00000000761f4d29 .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[3216] C:\Windows\SysWOW64\ntdll.dll!NtWriteFile 0000000077d3f924 5 bytes JMP 00000001761f7751 .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[3216] C:\Windows\SysWOW64\ntdll.dll!NtClose 0000000077d3f9dc 5 bytes JMP 00000001761f5e61 .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[3216] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationProcess 0000000077d3fb24 5 bytes JMP 00000001761f5871 .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[3216] C:\Windows\SysWOW64\ntdll.dll!NtQueryInformationToken 0000000077d3fba4 5 bytes JMP 00000001761f7329 .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[3216] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess 0000000077d3fc1c 5 bytes JMP 00000001761f31d9 .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[3216] C:\Windows\SysWOW64\ntdll.dll!NtMapViewOfSection 0000000077d3fc4c 5 bytes JMP 00000001761f15f1 .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[3216] C:\Windows\SysWOW64\ntdll.dll!NtUnmapViewOfSection 0000000077d3fc7c 5 bytes JMP 00000001761f1689 .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[3216] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 0000000077d3fcac 5 bytes JMP 00000001761f57d9 .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[3216] C:\Windows\SysWOW64\ntdll.dll!NtOpenSection 0000000077d3fdc4 5 bytes JMP 00000001761f76b9 .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[3216] C:\Windows\SysWOW64\ntdll.dll!NtWriteVirtualMemory 0000000077d3fe10 5 bytes JMP 00000001761f30a9 .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[3216] C:\Windows\SysWOW64\ntdll.dll!NtDuplicateObject 0000000077d3fe40 5 bytes JMP 00000001761f3309 .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[3216] C:\Windows\SysWOW64\ntdll.dll!NtQueueApcThread 0000000077d3ff20 5 bytes JMP 00000001761f3271 .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[3216] C:\Windows\SysWOW64\ntdll.dll!NtCreateSection 0000000077d3ffa0 5 bytes JMP 00000001761f77e9 .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[3216] C:\Windows\SysWOW64\ntdll.dll!NtCreateProcessEx 0000000077d3ffe8 5 bytes JMP 00000001761f2ee1 .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[3216] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread 0000000077d40000 5 bytes JMP 00000001761f2db1 .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[3216] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile 0000000077d400b0 5 bytes JMP 00000001761f1ed9 .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[3216] C:\Windows\SysWOW64\ntdll.dll!NtSetValueKey 0000000077d401c0 5 bytes JMP 00000001761f2301 .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[3216] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant 0000000077d40798 5 bytes JMP 00000001761f7621 .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[3216] C:\Windows\SysWOW64\ntdll.dll!NtCreateProcess 0000000077d40810 5 bytes JMP 00000001761f2e49 .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[3216] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx 0000000077d408a0 5 bytes JMP 00000001761f2d19 .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[3216] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver 0000000077d40df0 5 bytes JMP 00000001761f5ef9 .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[3216] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessToken 0000000077d410bc 5 bytes JMP 00000001761f7291 .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[3216] C:\Windows\SysWOW64\ntdll.dll!NtRaiseHardError 0000000077d41600 5 bytes JMP 00000001761f4ac9 .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[3216] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread 0000000077d4191c 5 bytes JMP 00000001761f3141 .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[3216] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation 0000000077d41be0 5 bytes JMP 00000001761f5f91 .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[3216] C:\Windows\SysWOW64\ntdll.dll!NtSuspendProcess 0000000077d41d50 5 bytes JMP 00000001761f3439 .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[3216] C:\Windows\SysWOW64\ntdll.dll!NtSuspendThread 0000000077d41d6c 5 bytes JMP 00000001761f33a1 .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[3216] C:\Windows\SysWOW64\ntdll.dll!NtSystemDebugControl 0000000077d41d88 5 bytes JMP 00000001761f7881 .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[3216] C:\Windows\SysWOW64\ntdll.dll!NtVdmControl 0000000077d41ee4 5 bytes JMP 00000001761f7459 .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[3216] C:\Windows\SysWOW64\ntdll.dll!RtlQueryPerformanceCounter 0000000077d54924 5 bytes JMP 00000001761f1ab1 .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[3216] C:\Windows\SysWOW64\ntdll.dll!RtlEqualSid 0000000077d60f81 5 bytes JMP 00000001761f73c1 .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[3216] C:\Windows\SysWOW64\ntdll.dll!RtlCreateProcessParametersEx 0000000077d80edb 5 bytes JMP 00000001761f2009 .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[3216] C:\Windows\SysWOW64\ntdll.dll!RtlReportException 0000000077dc886f 5 bytes JMP 00000001761f4b61 .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[3216] C:\Windows\SysWOW64\ntdll.dll!RtlCreateProcessParameters 0000000077dceb0b 5 bytes JMP 00000001761f1f71 .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[3216] C:\Windows\syswow64\kernel32.dll!GetStartupInfoA 0000000077820e00 5 bytes JMP 00000001761f1da9 .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[3216] C:\Windows\syswow64\kernel32.dll!CreateProcessA 0000000077821072 5 bytes JMP 00000001761f2a21 .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[3216] C:\Windows\syswow64\kernel32.dll!LoadLibraryA 0000000077824977 5 bytes JMP 00000001761f25f9 .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[3216] C:\Windows\syswow64\kernel32.dll!CreateProcessInternalW 0000000077833b93 5 bytes JMP 00000001761f3011 .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[3216] C:\Windows\syswow64\kernel32.dll!MoveFileWithProgressW 0000000077839a74 5 bytes JMP 00000001761f6749 .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[3216] C:\Windows\syswow64\kernel32.dll!MoveFileExW 0000000077839ad5 5 bytes JMP 00000001761f64e9 .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[3216] C:\Windows\syswow64\kernel32.dll!CreateToolhelp32Snapshot 00000000778472f7 5 bytes JMP 00000001761f2729 .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[3216] C:\Windows\syswow64\kernel32.dll!Process32NextW 00000000778488aa 5 bytes JMP 00000001761f5dc9 .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[3216] C:\Windows\syswow64\kernel32.dll!MoveFileExA 000000007784ccb1 5 bytes JMP 00000001761f63b9 .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[3216] C:\Windows\syswow64\kernel32.dll!MoveFileWithProgressA 000000007784ccd1 5 bytes JMP 00000001761f6619 .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[3216] C:\Windows\syswow64\kernel32.dll!WinExec 00000000778a3041 5 bytes JMP 00000001761f28f1 .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[3216] C:\Windows\syswow64\kernel32.dll!ReadConsoleInputA 00000000778c74fb 5 bytes JMP 00000001761f46a1 .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[3216] C:\Windows\syswow64\kernel32.dll!ReadConsoleInputW 00000000778c751e 5 bytes JMP 00000001761f47d1 .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[3216] C:\Windows\syswow64\kernel32.dll!ReadConsoleA 00000000778c78c9 5 bytes JMP 00000001761f4901 .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[3216] C:\Windows\syswow64\kernel32.dll!ReadConsoleW 00000000778c7942 5 bytes JMP 00000001761f4a31 .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[3216] C:\Windows\syswow64\KERNELBASE.dll!GetSystemTimeAsFileTime 0000000075c08f8d 5 bytes JMP 00000000761f1a19 .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[3216] C:\Windows\syswow64\KERNELBASE.dll!CloseHandle 0000000075c0c436 5 bytes JMP 00000000761f3b59 .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[3216] C:\Windows\syswow64\KERNELBASE.dll!DeviceIoControl 0000000075c0d0af 5 bytes JMP 00000000761f67e1 .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[3216] C:\Windows\syswow64\KERNELBASE.dll!WriteProcessMemory 0000000075c0eca6 5 bytes JMP 00000000761f3601 .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[3216] C:\Windows\syswow64\KERNELBASE.dll!ExitProcess 0000000075c0f206 5 bytes JMP 00000000761f2399 .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[3216] C:\Windows\syswow64\KERNELBASE.dll!GetStartupInfoW 0000000075c0fa89 5 bytes JMP 00000000761f1e41 .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[3216] C:\Windows\syswow64\KERNELBASE.dll!DefineDosDeviceW 0000000075c0fbb7 5 bytes JMP 00000000761f6289 .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[3216] C:\Windows\syswow64\KERNELBASE.dll!CreateMutexW 0000000075c11358 5 bytes JMP 00000000761f3ac1 .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[3216] C:\Windows\syswow64\KERNELBASE.dll!OpenMutexW 0000000075c1137f 5 bytes JMP 00000000761f3a29 .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[3216] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000075c11d29 5 bytes JMP 00000000761f1981 .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[3216] C:\Windows\syswow64\KERNELBASE.dll!GetProcAddress 0000000075c11e15 5 bytes JMP 00000000761f24c9 .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[3216] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000075c12ab1 5 bytes JMP 00000000761f59a1 .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[3216] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExA 0000000075c12cd9 5 bytes JMP 00000000761f5909 .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[3216] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000075c12d17 5 bytes JMP 00000000761f5a39 .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[3216] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleA 0000000075c12e7a 5 bytes JMP 00000000761f18e9 .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[3216] C:\Windows\syswow64\KERNELBASE.dll!SleepEx 0000000075c13b70 5 bytes JMP 00000000761f2269 .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[3216] C:\Windows\syswow64\KERNELBASE.dll!Sleep 0000000075c14496 5 bytes JMP 00000000761f2431 .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[3216] C:\Windows\syswow64\KERNELBASE.dll!CreateThread 0000000075c14608 5 bytes JMP 00000000761f3569 .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[3216] C:\Windows\syswow64\KERNELBASE.dll!CreateRemoteThread 0000000075c14631 5 bytes JMP 00000000761f2c81 .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[3216] C:\Windows\syswow64\KERNELBASE.dll!FindNextFileW 0000000075c1a211 5 bytes JMP 00000000761f6911 .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[3216] C:\Windows\syswow64\KERNELBASE.dll!FindFirstFileExW 0000000075c1a4fa 5 bytes JMP 00000000761f6879 .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[3216] C:\Windows\syswow64\KERNELBASE.dll!CreateFileA 0000000075c1c734 5 bytes JMP 00000000761f27c1 .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[3216] C:\Windows\syswow64\KERNELBASE.dll!CreateWellKnownSid 0000000075c1e29d 5 bytes JMP 00000000761f71f9 .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[3216] C:\Windows\syswow64\msvcrt.dll!_lock + 41 000000007571a472 5 bytes JMP 00000000761f79b1 .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[3216] C:\Windows\syswow64\msvcrt.dll!__p__fmode 00000000757227ce 5 bytes JMP 00000000761f1be1 .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[3216] C:\Windows\syswow64\msvcrt.dll!__p__environ 000000007572e6cf 5 bytes JMP 00000000761f1b49 .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[3216] C:\Windows\syswow64\ADVAPI32.dll!CryptGenKey 0000000075908e89 5 bytes JMP 00000000761f6ad9 .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[3216] C:\Windows\syswow64\ADVAPI32.dll!CryptAcquireContextA 0000000075909179 5 bytes JMP 00000000761f69a9 .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[3216] C:\Windows\syswow64\ADVAPI32.dll!CryptExportKey 0000000075909186 5 bytes JMP 00000000761f6f99 .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[3216] C:\Windows\syswow64\ADVAPI32.dll!CryptImportKey 000000007590c4d2 5 bytes JMP 00000000761f7161 .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[3216] C:\Windows\syswow64\ADVAPI32.dll!OpenServiceW 000000007590c9ec 5 bytes JMP 00000000761f3c89 .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[3216] C:\Windows\syswow64\ADVAPI32.dll!CryptAcquireContextW 000000007590deb4 5 bytes JMP 00000000761f6a41 .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[3216] C:\Windows\syswow64\ADVAPI32.dll!CryptHashData 000000007590ded6 5 bytes JMP 00000000761f70c9 .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[3216] C:\Windows\syswow64\ADVAPI32.dll!CryptCreateHash 000000007590deee 5 bytes JMP 00000000761f6f01 .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[3216] C:\Windows\syswow64\ADVAPI32.dll!CryptGetHashParam 000000007590df1e 5 bytes JMP 00000000761f7031 .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[3216] C:\Windows\syswow64\ADVAPI32.dll!OpenServiceA 0000000075912b70 5 bytes JMP 00000000761f3bf1 .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[3216] C:\Windows\syswow64\ADVAPI32.dll!CloseServiceHandle 000000007591361c 5 bytes JMP 00000000761f40b1 .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[3216] C:\Windows\syswow64\ADVAPI32.dll!RegOpenKeyExA + 222 0000000075914965 5 bytes JMP 00000000761f7a49 .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[3216] C:\Windows\syswow64\ADVAPI32.dll!CreateServiceW 00000000759270c4 5 bytes JMP 00000000761f4311 .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[3216] C:\Windows\syswow64\ADVAPI32.dll!ControlService 00000000759270dc 5 bytes JMP 00000000761f3e51 .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[3216] C:\Windows\syswow64\ADVAPI32.dll!DeleteService 00000000759270f4 5 bytes JMP 00000000761f3ee9 .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[3216] C:\Windows\syswow64\ADVAPI32.dll!CryptEncrypt 0000000075927733 5 bytes JMP 00000000761f6b71 .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[3216] C:\Windows\syswow64\ADVAPI32.dll!ChangeServiceConfigA 00000000759431f4 3 bytes JMP 00000000761f3f81 .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[3216] C:\Windows\syswow64\ADVAPI32.dll!ChangeServiceConfigA + 4 00000000759431f8 1 byte [00] .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[3216] C:\Windows\syswow64\ADVAPI32.dll!ChangeServiceConfigW 0000000075943204 3 bytes JMP 00000000761f4019 .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[3216] C:\Windows\syswow64\ADVAPI32.dll!ChangeServiceConfigW + 4 0000000075943208 1 byte [00] .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[3216] C:\Windows\syswow64\ADVAPI32.dll!ControlServiceExA 0000000075943214 3 bytes JMP 00000000761f3d21 .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[3216] C:\Windows\syswow64\ADVAPI32.dll!ControlServiceExA + 4 0000000075943218 1 byte [00] .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[3216] C:\Windows\syswow64\ADVAPI32.dll!ControlServiceExW 0000000075943224 3 bytes JMP 00000000761f3db9 .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[3216] C:\Windows\syswow64\ADVAPI32.dll!ControlServiceExW + 4 0000000075943228 1 byte [00] .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[3216] C:\Windows\syswow64\ADVAPI32.dll!CreateServiceA 0000000075943264 3 bytes JMP 00000000761f4279 .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[3216] C:\Windows\syswow64\ADVAPI32.dll!CreateServiceA + 4 0000000075943268 1 byte [00] .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[3216] C:\Windows\syswow64\USER32.dll!GetMessageW 0000000076af78e2 5 bytes JMP 00000001761f4441 .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[3216] C:\Windows\syswow64\USER32.dll!GetMessageA 0000000076af7bd3 5 bytes JMP 00000001761f43a9 .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[3216] C:\Windows\syswow64\USER32.dll!CreateWindowExW 0000000076af8a29 5 bytes JMP 00000001761f4f89 .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[3216] C:\Windows\syswow64\USER32.dll!FindWindowW 0000000076af98fd 1 byte JMP 00000001761f5c01 .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[3216] C:\Windows\syswow64\USER32.dll!FindWindowW + 2 0000000076af98ff 3 bytes {JMP 0xffffffffff6fc304} .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[3216] C:\Windows\syswow64\USER32.dll!UserClientDllInitialize 0000000076afb6ed 5 bytes JMP 00000001761f7ae1 .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[3216] C:\Windows\syswow64\USER32.dll!CreateWindowExA 0000000076afd22e 5 bytes JMP 00000001761f5021 .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[3216] C:\Windows\syswow64\USER32.dll!SetWinEventHook 0000000076afee09 5 bytes JMP 00000001761f34d1 .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[3216] C:\Windows\syswow64\USER32.dll!FindWindowA 0000000076afffe6 5 bytes JMP 00000001761f5ad1 .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[3216] C:\Windows\syswow64\USER32.dll!FindWindowExA 0000000076b000d9 5 bytes JMP 00000001761f5b69 .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[3216] C:\Windows\syswow64\USER32.dll!PeekMessageW 0000000076b005ba 5 bytes JMP 00000001761f4571 .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[3216] C:\Windows\syswow64\USER32.dll!ShowWindow 0000000076b00dfb 5 bytes JMP 00000001761f50b9 .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[3216] C:\Windows\syswow64\USER32.dll!PostMessageW 0000000076b012a5 5 bytes JMP 00000001761f7589 .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[3216] C:\Windows\syswow64\USER32.dll!SetWindowTextW 0000000076b020ec 5 bytes JMP 00000001761f5449 .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[3216] C:\Windows\syswow64\USER32.dll!PostMessageA 0000000076b03baa 5 bytes JMP 00000001761f74f1 .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[3216] C:\Windows\syswow64\USER32.dll!PeekMessageA 0000000076b05f74 5 bytes JMP 00000001761f44d9 .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[3216] C:\Windows\syswow64\USER32.dll!CallNextHookEx 0000000076b06285 5 bytes JMP 00000001761f4bf9 .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[3216] C:\Windows\syswow64\USER32.dll!SetWindowsHookExW 0000000076b07603 5 bytes JMP 00000001761f2be9 .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[3216] C:\Windows\syswow64\USER32.dll!SetWindowTextA 0000000076b07aee 5 bytes JMP 00000001761f53b1 .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[3216] C:\Windows\syswow64\USER32.dll!SetWindowsHookExA 0000000076b0835c 5 bytes JMP 00000001761f2b51 .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[3216] C:\Windows\syswow64\USER32.dll!DialogBoxIndirectParamAorW 0000000076b1ce54 5 bytes JMP 00000001761f51e9 .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[3216] C:\Windows\syswow64\USER32.dll!UnhookWindowsHookEx 0000000076b1f52b 5 bytes JMP 00000001761f4c91 .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[3216] C:\Windows\syswow64\USER32.dll!FindWindowExW 0000000076b1f588 5 bytes JMP 00000001761f5c99 .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[3216] C:\Windows\syswow64\USER32.dll!CreateDialogIndirectParamAorW 0000000076b210a0 5 bytes JMP 00000001761f5151 .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[3216] C:\Windows\syswow64\USER32.dll!MessageBoxExA 0000000076b4fcd6 2 bytes JMP 00000001761f5281 .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[3216] C:\Windows\syswow64\USER32.dll!MessageBoxExA + 3 0000000076b4fcd9 2 bytes [6A, FF] .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[3216] C:\Windows\syswow64\USER32.dll!MessageBoxExW 0000000076b4fcfa 5 bytes JMP 00000001761f5319 .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[3216] C:\Windows\syswow64\SHELL32.dll!Shell_NotifyIconW 0000000001380179 5 bytes JMP 00000000761f4d29 .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[3216] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000076d61401 2 bytes JMP 7784b1ef C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[3216] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000076d61419 2 bytes JMP 7784b31a C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[3216] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000076d61431 2 bytes JMP 778c8f09 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[3216] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000076d6144a 2 bytes CALL 77824885 C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[3216] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000076d614dd 2 bytes JMP 778c8802 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[3216] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000076d614f5 2 bytes JMP 778c89d8 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[3216] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000076d6150d 2 bytes JMP 778c86f8 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[3216] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000076d61525 2 bytes JMP 778c8ac2 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[3216] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000076d6153d 2 bytes JMP 7783fc78 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[3216] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000076d61555 2 bytes JMP 778468bf C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[3216] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000076d6156d 2 bytes JMP 778c8fc1 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[3216] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000076d61585 2 bytes JMP 778c8b22 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[3216] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000076d6159d 2 bytes JMP 778c86bc C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[3216] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000076d615b5 2 bytes JMP 7783fd11 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[3216] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000076d615cd 2 bytes JMP 7784b2b0 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[3216] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000076d616b2 2 bytes JMP 778c8e84 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[3216] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000076d616bd 2 bytes JMP 778c8651 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[3216] C:\Windows\syswow64\urlmon.dll!CreateUri + 128 0000000077402b30 5 bytes JMP 00000001761f7c11 .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[3216] C:\Windows\syswow64\urlmon.dll!URLDownloadToCacheFileW 000000007743f810 5 bytes JMP 00000001761f4149 .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[3216] C:\Windows\syswow64\urlmon.dll!URLDownloadToFileW 000000007743ffd0 5 bytes JMP 00000001761f21d1 .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[3216] C:\Windows\syswow64\urlmon.dll!URLDownloadToFileA 00000000774bef00 5 bytes JMP 00000001761f2ab9 .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe[3392] C:\Windows\SysWOW64\ntdll.dll!NtWriteFile 0000000077d3f924 5 bytes JMP 00000001761f77e9 .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe[3392] C:\Windows\SysWOW64\ntdll.dll!NtClose 0000000077d3f9dc 5 bytes JMP 00000001761f5e61 .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe[3392] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationProcess 0000000077d3fb24 5 bytes JMP 00000001761f5871 .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe[3392] C:\Windows\SysWOW64\ntdll.dll!NtQueryInformationToken 0000000077d3fba4 5 bytes JMP 00000001761f73c1 .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe[3392] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess 0000000077d3fc1c 5 bytes JMP 00000001761f31d9 .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe[3392] C:\Windows\SysWOW64\ntdll.dll!NtMapViewOfSection 0000000077d3fc4c 5 bytes JMP 00000001761f15f1 .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe[3392] C:\Windows\SysWOW64\ntdll.dll!NtUnmapViewOfSection 0000000077d3fc7c 5 bytes JMP 00000001761f1689 .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe[3392] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 0000000077d3fcac 5 bytes JMP 00000001761f57d9 .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe[3392] C:\Windows\SysWOW64\ntdll.dll!NtOpenSection 0000000077d3fdc4 5 bytes JMP 00000001761f7751 .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe[3392] C:\Windows\SysWOW64\ntdll.dll!NtWriteVirtualMemory 0000000077d3fe10 5 bytes JMP 00000001761f30a9 .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe[3392] C:\Windows\SysWOW64\ntdll.dll!NtDuplicateObject 0000000077d3fe40 5 bytes JMP 00000001761f3309 .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe[3392] C:\Windows\SysWOW64\ntdll.dll!NtAdjustPrivilegesToken 0000000077d3febc 5 bytes JMP 00000001761f67e1 .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe[3392] C:\Windows\SysWOW64\ntdll.dll!NtQueueApcThread 0000000077d3ff20 5 bytes JMP 00000001761f3271 .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe[3392] C:\Windows\SysWOW64\ntdll.dll!NtCreateSection 0000000077d3ffa0 5 bytes JMP 00000001761f7881 .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe[3392] C:\Windows\SysWOW64\ntdll.dll!NtCreateProcessEx 0000000077d3ffe8 5 bytes JMP 00000001761f2ee1 .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe[3392] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread 0000000077d40000 5 bytes JMP 00000001761f2db1 .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe[3392] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile 0000000077d400b0 5 bytes JMP 00000001761f1ed9 .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe[3392] C:\Windows\SysWOW64\ntdll.dll!NtSetValueKey 0000000077d401c0 5 bytes JMP 00000001761f2301 .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe[3392] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant 0000000077d40798 5 bytes JMP 00000001761f76b9 .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe[3392] C:\Windows\SysWOW64\ntdll.dll!NtCreateProcess 0000000077d40810 5 bytes JMP 00000001761f2e49 .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe[3392] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx 0000000077d408a0 5 bytes JMP 00000001761f2d19 .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe[3392] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver 0000000077d40df0 5 bytes JMP 00000001761f5ef9 .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe[3392] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessToken 0000000077d410bc 5 bytes JMP 00000001761f7329 .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe[3392] C:\Windows\SysWOW64\ntdll.dll!NtRaiseHardError 0000000077d41600 5 bytes JMP 00000001761f4ac9 .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe[3392] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread 0000000077d4191c 5 bytes JMP 00000001761f3141 .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe[3392] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation 0000000077d41be0 5 bytes JMP 00000001761f5f91 .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe[3392] C:\Windows\SysWOW64\ntdll.dll!NtSuspendProcess 0000000077d41d50 5 bytes JMP 00000001761f3439 .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe[3392] C:\Windows\SysWOW64\ntdll.dll!NtSuspendThread 0000000077d41d6c 5 bytes JMP 00000001761f33a1 .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe[3392] C:\Windows\SysWOW64\ntdll.dll!NtSystemDebugControl 0000000077d41d88 5 bytes JMP 00000001761f7919 .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe[3392] C:\Windows\SysWOW64\ntdll.dll!NtVdmControl 0000000077d41ee4 5 bytes JMP 00000001761f74f1 .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe[3392] C:\Windows\SysWOW64\ntdll.dll!RtlQueryPerformanceCounter 0000000077d54924 5 bytes JMP 00000001761f1ab1 .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe[3392] C:\Windows\SysWOW64\ntdll.dll!RtlEqualSid 0000000077d60f81 5 bytes JMP 00000001761f7459 .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe[3392] C:\Windows\SysWOW64\ntdll.dll!RtlCreateProcessParametersEx 0000000077d80edb 5 bytes JMP 00000001761f2009 .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe[3392] C:\Windows\SysWOW64\ntdll.dll!RtlReportException 0000000077dc886f 5 bytes JMP 00000001761f4b61 .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe[3392] C:\Windows\SysWOW64\ntdll.dll!RtlCreateProcessParameters 0000000077dceb0b 5 bytes JMP 00000001761f1f71 .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe[3392] C:\Windows\syswow64\kernel32.dll!GetStartupInfoA 0000000077820e00 5 bytes JMP 00000001761f1da9 .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe[3392] C:\Windows\syswow64\kernel32.dll!CreateProcessA 0000000077821072 5 bytes JMP 00000001761f2a21 .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe[3392] C:\Windows\syswow64\kernel32.dll!LoadLibraryA 0000000077824977 5 bytes JMP 00000001761f25f9 .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe[3392] C:\Windows\syswow64\kernel32.dll!CreateProcessInternalW 0000000077833b93 5 bytes JMP 00000001761f3011 .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe[3392] C:\Windows\syswow64\kernel32.dll!MoveFileWithProgressW 0000000077839a74 5 bytes JMP 00000001761f6749 .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe[3392] C:\Windows\syswow64\kernel32.dll!MoveFileExW 0000000077839ad5 5 bytes JMP 00000001761f64e9 .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe[3392] C:\Windows\syswow64\kernel32.dll!CreateToolhelp32Snapshot 00000000778472f7 5 bytes JMP 00000001761f2729 .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe[3392] C:\Windows\syswow64\kernel32.dll!Process32NextW 00000000778488aa 5 bytes JMP 00000001761f5dc9 .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe[3392] C:\Windows\syswow64\kernel32.dll!MoveFileExA 000000007784ccb1 5 bytes JMP 00000001761f63b9 .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe[3392] C:\Windows\syswow64\kernel32.dll!MoveFileWithProgressA 000000007784ccd1 5 bytes JMP 00000001761f6619 .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe[3392] C:\Windows\syswow64\kernel32.dll!WinExec 00000000778a3041 5 bytes JMP 00000001761f28f1 .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe[3392] C:\Windows\syswow64\kernel32.dll!ReadConsoleInputA 00000000778c74fb 5 bytes JMP 00000001761f46a1 .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe[3392] C:\Windows\syswow64\kernel32.dll!ReadConsoleInputW 00000000778c751e 5 bytes JMP 00000001761f47d1 .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe[3392] C:\Windows\syswow64\kernel32.dll!ReadConsoleA 00000000778c78c9 5 bytes JMP 00000001761f4901 .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe[3392] C:\Windows\syswow64\kernel32.dll!ReadConsoleW 00000000778c7942 5 bytes JMP 00000001761f4a31 .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe[3392] C:\Windows\syswow64\KERNELBASE.dll!GetSystemTimeAsFileTime 0000000075c08f8d 5 bytes JMP 00000000761f1a19 .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe[3392] C:\Windows\syswow64\KERNELBASE.dll!CloseHandle 0000000075c0c436 5 bytes JMP 00000000761f3b59 .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe[3392] C:\Windows\syswow64\KERNELBASE.dll!DeviceIoControl 0000000075c0d0af 5 bytes JMP 00000000761f6879 .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe[3392] C:\Windows\syswow64\KERNELBASE.dll!WriteProcessMemory 0000000075c0eca6 5 bytes JMP 00000000761f3601 .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe[3392] C:\Windows\syswow64\KERNELBASE.dll!ExitProcess 0000000075c0f206 5 bytes JMP 00000000761f2399 .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe[3392] C:\Windows\syswow64\KERNELBASE.dll!GetStartupInfoW 0000000075c0fa89 5 bytes JMP 00000000761f1e41 .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe[3392] C:\Windows\syswow64\KERNELBASE.dll!DefineDosDeviceW 0000000075c0fbb7 5 bytes JMP 00000000761f6289 .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe[3392] C:\Windows\syswow64\KERNELBASE.dll!CreateMutexW 0000000075c11358 5 bytes JMP 00000000761f3ac1 .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe[3392] C:\Windows\syswow64\KERNELBASE.dll!OpenMutexW 0000000075c1137f 5 bytes JMP 00000000761f3a29 .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe[3392] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000075c11d29 5 bytes JMP 00000000761f1981 .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe[3392] C:\Windows\syswow64\KERNELBASE.dll!GetProcAddress 0000000075c11e15 5 bytes JMP 00000000761f24c9 .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe[3392] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000075c12ab1 5 bytes JMP 00000000761f59a1 .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe[3392] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExA 0000000075c12cd9 5 bytes JMP 00000000761f5909 .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe[3392] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000075c12d17 5 bytes JMP 00000000761f5a39 .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe[3392] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleA 0000000075c12e7a 5 bytes JMP 00000000761f18e9 .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe[3392] C:\Windows\syswow64\KERNELBASE.dll!SleepEx 0000000075c13b70 5 bytes JMP 00000000761f2269 .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe[3392] C:\Windows\syswow64\KERNELBASE.dll!Sleep 0000000075c14496 5 bytes JMP 00000000761f2431 .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe[3392] C:\Windows\syswow64\KERNELBASE.dll!CreateThread 0000000075c14608 5 bytes JMP 00000000761f3569 .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe[3392] C:\Windows\syswow64\KERNELBASE.dll!CreateRemoteThread 0000000075c14631 5 bytes JMP 00000000761f2c81 .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe[3392] C:\Windows\syswow64\KERNELBASE.dll!FindNextFileW 0000000075c1a211 5 bytes JMP 00000000761f69a9 .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe[3392] C:\Windows\syswow64\KERNELBASE.dll!FindFirstFileExW 0000000075c1a4fa 5 bytes JMP 00000000761f6911 .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe[3392] C:\Windows\syswow64\KERNELBASE.dll!CreateFileA 0000000075c1c734 5 bytes JMP 00000000761f27c1 .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe[3392] C:\Windows\syswow64\KERNELBASE.dll!CreateWellKnownSid 0000000075c1e29d 5 bytes JMP 00000000761f7291 .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe[3392] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000076d61401 2 bytes JMP 7784b1ef C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe[3392] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000076d61419 2 bytes JMP 7784b31a C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe[3392] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000076d61431 2 bytes JMP 778c8f09 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe[3392] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000076d6144a 2 bytes CALL 77824885 C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe[3392] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000076d614dd 2 bytes JMP 778c8802 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe[3392] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000076d614f5 2 bytes JMP 778c89d8 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe[3392] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000076d6150d 2 bytes JMP 778c86f8 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe[3392] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000076d61525 2 bytes JMP 778c8ac2 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe[3392] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000076d6153d 2 bytes JMP 7783fc78 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe[3392] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000076d61555 2 bytes JMP 778468bf C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe[3392] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000076d6156d 2 bytes JMP 778c8fc1 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe[3392] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000076d61585 2 bytes JMP 778c8b22 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe[3392] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000076d6159d 2 bytes JMP 778c86bc C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe[3392] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000076d615b5 2 bytes JMP 7783fd11 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe[3392] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000076d615cd 2 bytes JMP 7784b2b0 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe[3392] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000076d616b2 2 bytes JMP 778c8e84 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe[3392] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000076d616bd 2 bytes JMP 778c8651 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe[3392] C:\Windows\syswow64\USER32.dll!GetMessageW 0000000076af78e2 5 bytes JMP 00000001761f4441 .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe[3392] C:\Windows\syswow64\USER32.dll!GetMessageA 0000000076af7bd3 5 bytes JMP 00000001761f43a9 .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe[3392] C:\Windows\syswow64\USER32.dll!CreateWindowExW 0000000076af8a29 5 bytes JMP 00000001761f4f89 .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe[3392] C:\Windows\syswow64\USER32.dll!FindWindowW 0000000076af98fd 1 byte JMP 00000001761f5c01 .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe[3392] C:\Windows\syswow64\USER32.dll!FindWindowW + 2 0000000076af98ff 3 bytes {JMP 0xffffffffff6fc304} .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe[3392] C:\Windows\syswow64\USER32.dll!UserClientDllInitialize 0000000076afb6ed 5 bytes JMP 00000001761f79b1 .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe[3392] C:\Windows\syswow64\USER32.dll!CreateWindowExA 0000000076afd22e 5 bytes JMP 00000001761f5021 .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe[3392] C:\Windows\syswow64\USER32.dll!SetWinEventHook 0000000076afee09 5 bytes JMP 00000001761f34d1 .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe[3392] C:\Windows\syswow64\USER32.dll!FindWindowA 0000000076afffe6 5 bytes JMP 00000001761f5ad1 .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe[3392] C:\Windows\syswow64\USER32.dll!FindWindowExA 0000000076b000d9 5 bytes JMP 00000001761f5b69 .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe[3392] C:\Windows\syswow64\USER32.dll!PeekMessageW 0000000076b005ba 5 bytes JMP 00000001761f4571 .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe[3392] C:\Windows\syswow64\USER32.dll!ShowWindow 0000000076b00dfb 5 bytes JMP 00000001761f50b9 .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe[3392] C:\Windows\syswow64\USER32.dll!PostMessageW 0000000076b012a5 5 bytes JMP 00000001761f7621 .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe[3392] C:\Windows\syswow64\USER32.dll!SetWindowTextW 0000000076b020ec 5 bytes JMP 00000001761f5449 .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe[3392] C:\Windows\syswow64\USER32.dll!PostMessageA 0000000076b03baa 5 bytes JMP 00000001761f7589 .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe[3392] C:\Windows\syswow64\USER32.dll!PeekMessageA 0000000076b05f74 5 bytes JMP 00000001761f44d9 .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe[3392] C:\Windows\syswow64\USER32.dll!CallNextHookEx 0000000076b06285 5 bytes JMP 00000001761f4bf9 .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe[3392] C:\Windows\syswow64\USER32.dll!SetWindowsHookExW 0000000076b07603 5 bytes JMP 00000001761f2be9 .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe[3392] C:\Windows\syswow64\USER32.dll!SetWindowTextA 0000000076b07aee 5 bytes JMP 00000001761f53b1 .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe[3392] C:\Windows\syswow64\USER32.dll!SetWindowsHookExA 0000000076b0835c 5 bytes JMP 00000001761f2b51 .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe[3392] C:\Windows\syswow64\USER32.dll!DialogBoxIndirectParamAorW 0000000076b1ce54 5 bytes JMP 00000001761f51e9 .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe[3392] C:\Windows\syswow64\USER32.dll!UnhookWindowsHookEx 0000000076b1f52b 5 bytes JMP 00000001761f4c91 .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe[3392] C:\Windows\syswow64\USER32.dll!FindWindowExW 0000000076b1f588 5 bytes JMP 00000001761f5c99 .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe[3392] C:\Windows\syswow64\USER32.dll!CreateDialogIndirectParamAorW 0000000076b210a0 5 bytes JMP 00000001761f5151 .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe[3392] C:\Windows\syswow64\USER32.dll!MessageBoxExA 0000000076b4fcd6 2 bytes JMP 00000001761f5281 .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe[3392] C:\Windows\syswow64\USER32.dll!MessageBoxExA + 3 0000000076b4fcd9 2 bytes [6A, FF] .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe[3392] C:\Windows\syswow64\USER32.dll!MessageBoxExW 0000000076b4fcfa 5 bytes JMP 00000001761f5319 .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe[3392] C:\Windows\syswow64\msvcrt.dll!_lock + 41 000000007571a472 5 bytes JMP 00000000761f7a49 .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe[3392] C:\Windows\syswow64\msvcrt.dll!__p__fmode 00000000757227ce 5 bytes JMP 00000000761f1be1 .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe[3392] C:\Windows\syswow64\msvcrt.dll!__p__environ 000000007572e6cf 5 bytes JMP 00000000761f1b49 .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe[3392] C:\Windows\syswow64\ADVAPI32.dll!CryptGenKey 0000000075908e89 5 bytes JMP 00000000761f6b71 .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe[3392] C:\Windows\syswow64\ADVAPI32.dll!CryptAcquireContextA 0000000075909179 5 bytes JMP 00000000761f6a41 .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe[3392] C:\Windows\syswow64\ADVAPI32.dll!CryptExportKey 0000000075909186 5 bytes JMP 00000000761f7031 .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe[3392] C:\Windows\syswow64\ADVAPI32.dll!CryptImportKey 000000007590c4d2 5 bytes JMP 00000000761f71f9 .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe[3392] C:\Windows\syswow64\ADVAPI32.dll!OpenServiceW 000000007590c9ec 5 bytes JMP 00000000761f3c89 .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe[3392] C:\Windows\syswow64\ADVAPI32.dll!CryptAcquireContextW 000000007590deb4 5 bytes JMP 00000000761f6ad9 .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe[3392] C:\Windows\syswow64\ADVAPI32.dll!CryptHashData 000000007590ded6 5 bytes JMP 00000000761f7161 .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe[3392] C:\Windows\syswow64\ADVAPI32.dll!CryptCreateHash 000000007590deee 5 bytes JMP 00000000761f6f99 .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe[3392] C:\Windows\syswow64\ADVAPI32.dll!CryptGetHashParam 000000007590df1e 5 bytes JMP 00000000761f70c9 .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe[3392] C:\Windows\syswow64\ADVAPI32.dll!OpenServiceA 0000000075912b70 5 bytes JMP 00000000761f3bf1 .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe[3392] C:\Windows\syswow64\ADVAPI32.dll!CloseServiceHandle 000000007591361c 5 bytes JMP 00000000761f40b1 .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe[3392] C:\Windows\syswow64\ADVAPI32.dll!RegOpenKeyExA + 222 0000000075914965 5 bytes JMP 00000000761f7ae1 .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe[3392] C:\Windows\syswow64\ADVAPI32.dll!CreateServiceW 00000000759270c4 5 bytes JMP 00000000761f4311 .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe[3392] C:\Windows\syswow64\ADVAPI32.dll!ControlService 00000000759270dc 5 bytes JMP 00000000761f3e51 .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe[3392] C:\Windows\syswow64\ADVAPI32.dll!DeleteService 00000000759270f4 5 bytes JMP 00000000761f3ee9 .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe[3392] C:\Windows\syswow64\ADVAPI32.dll!CryptEncrypt 0000000075927733 5 bytes JMP 00000000761f6c09 .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe[3392] C:\Windows\syswow64\ADVAPI32.dll!ChangeServiceConfigA 00000000759431f4 3 bytes JMP 00000000761f3f81 .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe[3392] C:\Windows\syswow64\ADVAPI32.dll!ChangeServiceConfigA + 4 00000000759431f8 1 byte [00] .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe[3392] C:\Windows\syswow64\ADVAPI32.dll!ChangeServiceConfigW 0000000075943204 3 bytes JMP 00000000761f4019 .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe[3392] C:\Windows\syswow64\ADVAPI32.dll!ChangeServiceConfigW + 4 0000000075943208 1 byte [00] .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe[3392] C:\Windows\syswow64\ADVAPI32.dll!ControlServiceExA 0000000075943214 3 bytes JMP 00000000761f3d21 .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe[3392] C:\Windows\syswow64\ADVAPI32.dll!ControlServiceExA + 4 0000000075943218 1 byte [00] .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe[3392] C:\Windows\syswow64\ADVAPI32.dll!ControlServiceExW 0000000075943224 3 bytes JMP 00000000761f3db9 .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe[3392] C:\Windows\syswow64\ADVAPI32.dll!ControlServiceExW + 4 0000000075943228 1 byte [00] .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe[3392] C:\Windows\syswow64\ADVAPI32.dll!CreateServiceA 0000000075943264 3 bytes JMP 00000000761f4279 .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe[3392] C:\Windows\syswow64\ADVAPI32.dll!CreateServiceA + 4 0000000075943268 1 byte [00] .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe[3392] C:\Windows\syswow64\SHELL32.dll!Shell_NotifyIconW 0000000000bf0179 5 bytes JMP 00000000761f4d29 .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe[3392] C:\Windows\syswow64\WS2_32.dll!closesocket 0000000076c93918 5 bytes JMP 00000001761f5741 .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe[3392] C:\Windows\syswow64\WS2_32.dll!WSASocketW 0000000076c93cd3 5 bytes JMP 00000001761f56a9 .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe[3392] C:\Windows\syswow64\WS2_32.dll!socket 0000000076c93eb8 5 bytes JMP 00000001761f6ca1 .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe[3392] C:\Windows\syswow64\WS2_32.dll!WSASend 0000000076c94406 5 bytes JMP 00000001761f2139 .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe[3392] C:\Windows\syswow64\WS2_32.dll!GetAddrInfoW 0000000076c94889 5 bytes JMP 00000001761f4dc1 .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe[3392] C:\Windows\syswow64\WS2_32.dll!recv 0000000076c96b0e 5 bytes JMP 00000001761f6e69 .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe[3392] C:\Windows\syswow64\WS2_32.dll!connect 0000000076c96bdd 1 byte JMP 00000001761f41e1 .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe[3392] C:\Windows\syswow64\WS2_32.dll!connect + 2 0000000076c96bdf 3 bytes {CALL RBP} .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe[3392] C:\Windows\syswow64\WS2_32.dll!send 0000000076c96f01 5 bytes JMP 00000001761f20a1 .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe[3392] C:\Windows\syswow64\WS2_32.dll!WSARecv 0000000076c97089 5 bytes JMP 00000001761f6f01 .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe[3392] C:\Windows\syswow64\WS2_32.dll!WSAConnect 0000000076c9cc3f 5 bytes JMP 00000001761f6dd1 .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe[3392] C:\Windows\syswow64\WS2_32.dll!GetAddrInfoExW 0000000076c9d1ea 5 bytes JMP 00000001761f4e59 .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe[3392] C:\Windows\syswow64\WS2_32.dll!gethostbyname 0000000076ca7673 5 bytes JMP 00000001761f4ef1 .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe[3392] C:\Windows\SysWOW64\urlmon.dll!CreateUri + 128 0000000077402b30 5 bytes JMP 00000001761f7dd9 .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe[3392] C:\Windows\SysWOW64\urlmon.dll!URLDownloadToCacheFileW 000000007743f810 5 bytes JMP 00000001761f4149 .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe[3392] C:\Windows\SysWOW64\urlmon.dll!URLDownloadToFileW 000000007743ffd0 5 bytes JMP 00000001761f21d1 .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe[3392] C:\Windows\SysWOW64\urlmon.dll!URLDownloadToFileA 00000000774bef00 5 bytes JMP 00000001761f2ab9 .text C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe[3768] C:\Windows\SysWOW64\ntdll.dll!NtWriteFile 0000000077d3f924 5 bytes JMP 00000001761f8169 .text C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe[3768] C:\Windows\SysWOW64\ntdll.dll!NtClose 0000000077d3f9dc 5 bytes JMP 00000001761f67e1 .text C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe[3768] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationProcess 0000000077d3fb24 5 bytes JMP 00000001761f61f1 .text C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe[3768] C:\Windows\SysWOW64\ntdll.dll!NtQueryInformationToken 0000000077d3fba4 5 bytes JMP 00000001761f7d41 .text C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe[3768] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess 0000000077d3fc1c 5 bytes JMP 00000001761f31d9 .text C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe[3768] C:\Windows\SysWOW64\ntdll.dll!NtMapViewOfSection 0000000077d3fc4c 5 bytes JMP 00000001761f15f1 .text C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe[3768] C:\Windows\SysWOW64\ntdll.dll!NtUnmapViewOfSection 0000000077d3fc7c 5 bytes JMP 00000001761f1689 .text C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe[3768] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 0000000077d3fcac 5 bytes JMP 00000001761f6159 .text C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe[3768] C:\Windows\SysWOW64\ntdll.dll!NtOpenSection 0000000077d3fdc4 5 bytes JMP 00000001761f80d1 .text C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe[3768] C:\Windows\SysWOW64\ntdll.dll!NtWriteVirtualMemory 0000000077d3fe10 5 bytes JMP 00000001761f30a9 .text C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe[3768] C:\Windows\SysWOW64\ntdll.dll!NtDuplicateObject 0000000077d3fe40 5 bytes JMP 00000001761f3309 .text C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe[3768] C:\Windows\SysWOW64\ntdll.dll!NtAdjustPrivilegesToken 0000000077d3febc 5 bytes JMP 00000001761f7161 .text C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe[3768] C:\Windows\SysWOW64\ntdll.dll!NtQueueApcThread 0000000077d3ff20 5 bytes JMP 00000001761f3271 .text C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe[3768] C:\Windows\SysWOW64\ntdll.dll!NtCreateSection 0000000077d3ffa0 5 bytes JMP 00000001761f8201 .text C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe[3768] C:\Windows\SysWOW64\ntdll.dll!NtCreateProcessEx 0000000077d3ffe8 5 bytes JMP 00000001761f2ee1 .text C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe[3768] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread 0000000077d40000 5 bytes JMP 00000001761f2db1 .text C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe[3768] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile 0000000077d400b0 5 bytes JMP 00000001761f1ed9 .text C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe[3768] C:\Windows\SysWOW64\ntdll.dll!NtSetValueKey 0000000077d401c0 5 bytes JMP 00000001761f2301 .text C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe[3768] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant 0000000077d40798 5 bytes JMP 00000001761f8039 .text C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe[3768] C:\Windows\SysWOW64\ntdll.dll!NtCreateProcess 0000000077d40810 5 bytes JMP 00000001761f2e49 .text C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe[3768] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx 0000000077d408a0 5 bytes JMP 00000001761f2d19 .text C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe[3768] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver 0000000077d40df0 5 bytes JMP 00000001761f6879 .text C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe[3768] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessToken 0000000077d410bc 5 bytes JMP 00000001761f7ca9 .text C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe[3768] C:\Windows\SysWOW64\ntdll.dll!NtRaiseHardError 0000000077d41600 5 bytes JMP 00000001761f4ac9 .text C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe[3768] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread 0000000077d4191c 5 bytes JMP 00000001761f3141 .text C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe[3768] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation 0000000077d41be0 5 bytes JMP 00000001761f6911 .text C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe[3768] C:\Windows\SysWOW64\ntdll.dll!NtSuspendProcess 0000000077d41d50 5 bytes JMP 00000001761f3439 .text C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe[3768] C:\Windows\SysWOW64\ntdll.dll!NtSuspendThread 0000000077d41d6c 5 bytes JMP 00000001761f33a1 .text C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe[3768] C:\Windows\SysWOW64\ntdll.dll!NtSystemDebugControl 0000000077d41d88 5 bytes JMP 00000001761f8299 .text C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe[3768] C:\Windows\SysWOW64\ntdll.dll!NtVdmControl 0000000077d41ee4 5 bytes JMP 00000001761f7e71 .text C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe[3768] C:\Windows\SysWOW64\ntdll.dll!RtlQueryPerformanceCounter 0000000077d54924 5 bytes JMP 00000001761f1ab1 .text C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe[3768] C:\Windows\SysWOW64\ntdll.dll!RtlEqualSid 0000000077d60f81 5 bytes JMP 00000001761f7dd9 .text C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe[3768] C:\Windows\SysWOW64\ntdll.dll!RtlCreateProcessParametersEx 0000000077d80edb 5 bytes JMP 00000001761f2009 .text C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe[3768] C:\Windows\SysWOW64\ntdll.dll!RtlReportException 0000000077dc886f 5 bytes JMP 00000001761f4b61 .text C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe[3768] C:\Windows\SysWOW64\ntdll.dll!RtlCreateProcessParameters 0000000077dceb0b 5 bytes JMP 00000001761f1f71 .text C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe[3768] C:\Windows\syswow64\kernel32.dll!GetStartupInfoA 0000000077820e00 5 bytes JMP 00000001761f1da9 .text C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe[3768] C:\Windows\syswow64\kernel32.dll!CreateProcessA 0000000077821072 5 bytes JMP 00000001761f2a21 .text C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe[3768] C:\Windows\syswow64\kernel32.dll!LoadLibraryA 0000000077824977 5 bytes JMP 00000001761f25f9 .text C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe[3768] C:\Windows\syswow64\kernel32.dll!CreateProcessInternalW 0000000077833b93 5 bytes JMP 00000001761f3011 .text C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe[3768] C:\Windows\syswow64\kernel32.dll!MoveFileWithProgressW 0000000077839a74 5 bytes JMP 00000001761f70c9 .text C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe[3768] C:\Windows\syswow64\kernel32.dll!MoveFileExW 0000000077839ad5 5 bytes JMP 00000001761f6e69 .text C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe[3768] C:\Windows\syswow64\kernel32.dll!CreateToolhelp32Snapshot 00000000778472f7 5 bytes JMP 00000001761f2729 .text C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe[3768] C:\Windows\syswow64\kernel32.dll!Process32NextW 00000000778488aa 5 bytes JMP 00000001761f6749 .text C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe[3768] C:\Windows\syswow64\kernel32.dll!MoveFileExA 000000007784ccb1 5 bytes JMP 00000001761f6d39 .text C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe[3768] C:\Windows\syswow64\kernel32.dll!MoveFileWithProgressA 000000007784ccd1 5 bytes JMP 00000001761f6f99 .text C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe[3768] C:\Windows\syswow64\kernel32.dll!WinExec 00000000778a3041 5 bytes JMP 00000001761f28f1 .text C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe[3768] C:\Windows\syswow64\kernel32.dll!ReadConsoleInputA 00000000778c74fb 5 bytes JMP 00000001761f46a1 .text C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe[3768] C:\Windows\syswow64\kernel32.dll!ReadConsoleInputW 00000000778c751e 5 bytes JMP 00000001761f47d1 .text C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe[3768] C:\Windows\syswow64\kernel32.dll!ReadConsoleA 00000000778c78c9 5 bytes JMP 00000001761f4901 .text C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe[3768] C:\Windows\syswow64\kernel32.dll!ReadConsoleW 00000000778c7942 5 bytes JMP 00000001761f4a31 .text C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe[3768] C:\Windows\syswow64\KERNELBASE.dll!GetSystemTimeAsFileTime 0000000075c08f8d 5 bytes JMP 00000000761f1a19 .text C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe[3768] C:\Windows\syswow64\KERNELBASE.dll!CloseHandle 0000000075c0c436 5 bytes JMP 00000000761f3b59 .text C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe[3768] C:\Windows\syswow64\KERNELBASE.dll!DeviceIoControl 0000000075c0d0af 5 bytes JMP 00000000761f71f9 .text C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe[3768] C:\Windows\syswow64\KERNELBASE.dll!WriteProcessMemory 0000000075c0eca6 5 bytes JMP 00000000761f3601 .text C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe[3768] C:\Windows\syswow64\KERNELBASE.dll!ExitProcess 0000000075c0f206 5 bytes JMP 00000000761f2399 .text C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe[3768] C:\Windows\syswow64\KERNELBASE.dll!GetStartupInfoW 0000000075c0fa89 5 bytes JMP 00000000761f1e41 .text C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe[3768] C:\Windows\syswow64\KERNELBASE.dll!DefineDosDeviceW 0000000075c0fbb7 5 bytes JMP 00000000761f6c09 .text C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe[3768] C:\Windows\syswow64\KERNELBASE.dll!CreateMutexW 0000000075c11358 5 bytes JMP 00000000761f3ac1 .text C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe[3768] C:\Windows\syswow64\KERNELBASE.dll!OpenMutexW 0000000075c1137f 5 bytes JMP 00000000761f3a29 .text C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe[3768] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000075c11d29 5 bytes JMP 00000000761f1981 .text C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe[3768] C:\Windows\syswow64\KERNELBASE.dll!GetProcAddress 0000000075c11e15 5 bytes JMP 00000000761f24c9 .text C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe[3768] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000075c12ab1 5 bytes JMP 00000000761f6321 .text C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe[3768] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExA 0000000075c12cd9 5 bytes JMP 00000000761f6289 .text C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe[3768] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000075c12d17 5 bytes JMP 00000000761f63b9 .text C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe[3768] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleA 0000000075c12e7a 5 bytes JMP 00000000761f18e9 .text C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe[3768] C:\Windows\syswow64\KERNELBASE.dll!SleepEx 0000000075c13b70 5 bytes JMP 00000000761f2269 .text C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe[3768] C:\Windows\syswow64\KERNELBASE.dll!Sleep 0000000075c14496 5 bytes JMP 00000000761f2431 .text C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe[3768] C:\Windows\syswow64\KERNELBASE.dll!CreateThread 0000000075c14608 5 bytes JMP 00000000761f3569 .text C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe[3768] C:\Windows\syswow64\KERNELBASE.dll!CreateRemoteThread 0000000075c14631 5 bytes JMP 00000000761f2c81 .text C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe[3768] C:\Windows\syswow64\KERNELBASE.dll!FindNextFileW 0000000075c1a211 5 bytes JMP 00000000761f7329 .text C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe[3768] C:\Windows\syswow64\KERNELBASE.dll!FindFirstFileExW 0000000075c1a4fa 5 bytes JMP 00000000761f7291 .text C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe[3768] C:\Windows\syswow64\KERNELBASE.dll!CreateFileA 0000000075c1c734 5 bytes JMP 00000000761f27c1 .text C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe[3768] C:\Windows\syswow64\KERNELBASE.dll!CreateWellKnownSid 0000000075c1e29d 5 bytes JMP 00000000761f7c11 .text C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe[3768] C:\Windows\syswow64\USER32.dll!GetMessageW 0000000076af78e2 5 bytes JMP 00000001761f4441 .text C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe[3768] C:\Windows\syswow64\USER32.dll!GetMessageA 0000000076af7bd3 5 bytes JMP 00000001761f43a9 .text C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe[3768] C:\Windows\syswow64\USER32.dll!CreateWindowExW 0000000076af8a29 5 bytes JMP 00000001761f5909 .text C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe[3768] C:\Windows\syswow64\USER32.dll!FindWindowW 0000000076af98fd 5 bytes JMP 00000001761f6581 .text C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe[3768] C:\Windows\syswow64\USER32.dll!UserClientDllInitialize 0000000076afb6ed 5 bytes JMP 00000001761f8331 .text C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe[3768] C:\Windows\syswow64\USER32.dll!CreateWindowExA 0000000076afd22e 5 bytes JMP 00000001761f59a1 .text C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe[3768] C:\Windows\syswow64\USER32.dll!SetWinEventHook 0000000076afee09 5 bytes JMP 00000001761f34d1 .text C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe[3768] C:\Windows\syswow64\USER32.dll!FindWindowA 0000000076afffe6 5 bytes JMP 00000001761f6451 .text C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe[3768] C:\Windows\syswow64\USER32.dll!FindWindowExA 0000000076b000d9 5 bytes JMP 00000001761f64e9 .text C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe[3768] C:\Windows\syswow64\USER32.dll!PeekMessageW 0000000076b005ba 5 bytes JMP 00000001761f4571 .text C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe[3768] C:\Windows\syswow64\USER32.dll!ShowWindow 0000000076b00dfb 5 bytes JMP 00000001761f5a39 .text C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe[3768] C:\Windows\syswow64\USER32.dll!PostMessageW 0000000076b012a5 5 bytes JMP 00000001761f7fa1 .text C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe[3768] C:\Windows\syswow64\USER32.dll!SetWindowTextW 0000000076b020ec 5 bytes JMP 00000001761f5dc9 .text C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe[3768] C:\Windows\syswow64\USER32.dll!PostMessageA 0000000076b03baa 5 bytes JMP 00000001761f7f09 .text C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe[3768] C:\Windows\syswow64\USER32.dll!PeekMessageA 0000000076b05f74 5 bytes JMP 00000001761f44d9 .text C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe[3768] C:\Windows\syswow64\USER32.dll!CallNextHookEx 0000000076b06285 5 bytes JMP 00000001761f4bf9 .text C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe[3768] C:\Windows\syswow64\USER32.dll!SetWindowsHookExW 0000000076b07603 5 bytes JMP 00000001761f2be9 .text C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe[3768] C:\Windows\syswow64\USER32.dll!SetWindowTextA 0000000076b07aee 5 bytes JMP 00000001761f5d31 .text C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe[3768] C:\Windows\syswow64\USER32.dll!SetWindowsHookExA 0000000076b0835c 5 bytes JMP 00000001761f2b51 .text C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe[3768] C:\Windows\syswow64\USER32.dll!DialogBoxIndirectParamAorW 0000000076b1ce54 5 bytes JMP 00000001761f5b69 .text C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe[3768] C:\Windows\syswow64\USER32.dll!UnhookWindowsHookEx 0000000076b1f52b 5 bytes JMP 00000001761f4c91 .text C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe[3768] C:\Windows\syswow64\USER32.dll!FindWindowExW 0000000076b1f588 5 bytes JMP 00000001761f6619 .text C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe[3768] C:\Windows\syswow64\USER32.dll!CreateDialogIndirectParamAorW 0000000076b210a0 5 bytes JMP 00000001761f5ad1 .text C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe[3768] C:\Windows\syswow64\USER32.dll!MessageBoxExA 0000000076b4fcd6 5 bytes JMP 00000001761f5c01 .text C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe[3768] C:\Windows\syswow64\USER32.dll!MessageBoxExW 0000000076b4fcfa 5 bytes JMP 00000001761f5c99 .text C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe[3768] C:\Windows\syswow64\msvcrt.dll!_lock + 41 000000007571a472 5 bytes JMP 00000000761f83c9 .text C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe[3768] C:\Windows\syswow64\msvcrt.dll!__p__fmode 00000000757227ce 5 bytes JMP 00000000761f1be1 .text C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe[3768] C:\Windows\syswow64\msvcrt.dll!__p__environ 000000007572e6cf 5 bytes JMP 00000000761f1b49 .text C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe[3768] C:\Windows\syswow64\ADVAPI32.dll!CryptGenKey 0000000075908e89 5 bytes JMP 00000000761f74f1 .text C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe[3768] C:\Windows\syswow64\ADVAPI32.dll!CryptAcquireContextA 0000000075909179 5 bytes JMP 00000000761f73c1 .text C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe[3768] C:\Windows\syswow64\ADVAPI32.dll!CryptExportKey 0000000075909186 5 bytes JMP 00000000761f79b1 .text C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe[3768] C:\Windows\syswow64\ADVAPI32.dll!CryptImportKey 000000007590c4d2 5 bytes JMP 00000000761f7b79 .text C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe[3768] C:\Windows\syswow64\ADVAPI32.dll!OpenServiceW 000000007590c9ec 5 bytes JMP 00000000761f3c89 .text C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe[3768] C:\Windows\syswow64\ADVAPI32.dll!CryptAcquireContextW 000000007590deb4 5 bytes JMP 00000000761f7459 .text C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe[3768] C:\Windows\syswow64\ADVAPI32.dll!CryptHashData 000000007590ded6 5 bytes JMP 00000000761f7ae1 .text C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe[3768] C:\Windows\syswow64\ADVAPI32.dll!CryptCreateHash 000000007590deee 5 bytes JMP 00000000761f7919 .text C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe[3768] C:\Windows\syswow64\ADVAPI32.dll!CryptGetHashParam 000000007590df1e 5 bytes JMP 00000000761f7a49 .text C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe[3768] C:\Windows\syswow64\ADVAPI32.dll!OpenServiceA 0000000075912b70 5 bytes JMP 00000000761f3bf1 .text C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe[3768] C:\Windows\syswow64\ADVAPI32.dll!CloseServiceHandle 000000007591361c 5 bytes JMP 00000000761f40b1 .text C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe[3768] C:\Windows\syswow64\ADVAPI32.dll!RegOpenKeyExA + 222 0000000075914965 5 bytes JMP 00000000761f8461 .text C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe[3768] C:\Windows\syswow64\ADVAPI32.dll!CreateServiceW 00000000759270c4 5 bytes JMP 00000000761f4311 .text C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe[3768] C:\Windows\syswow64\ADVAPI32.dll!ControlService 00000000759270dc 5 bytes JMP 00000000761f3e51 .text C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe[3768] C:\Windows\syswow64\ADVAPI32.dll!DeleteService 00000000759270f4 5 bytes JMP 00000000761f3ee9 .text C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe[3768] C:\Windows\syswow64\ADVAPI32.dll!CryptEncrypt 0000000075927733 5 bytes JMP 00000000761f7589 .text C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe[3768] C:\Windows\syswow64\ADVAPI32.dll!ChangeServiceConfigA 00000000759431f4 3 bytes JMP 00000000761f3f81 .text C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe[3768] C:\Windows\syswow64\ADVAPI32.dll!ChangeServiceConfigA + 4 00000000759431f8 1 byte [00] .text C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe[3768] C:\Windows\syswow64\ADVAPI32.dll!ChangeServiceConfigW 0000000075943204 3 bytes JMP 00000000761f4019 .text C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe[3768] C:\Windows\syswow64\ADVAPI32.dll!ChangeServiceConfigW + 4 0000000075943208 1 byte [00] .text C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe[3768] C:\Windows\syswow64\ADVAPI32.dll!ControlServiceExA 0000000075943214 3 bytes JMP 00000000761f3d21 .text C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe[3768] C:\Windows\syswow64\ADVAPI32.dll!ControlServiceExA + 4 0000000075943218 1 byte [00] .text C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe[3768] C:\Windows\syswow64\ADVAPI32.dll!ControlServiceExW 0000000075943224 3 bytes JMP 00000000761f3db9 .text C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe[3768] C:\Windows\syswow64\ADVAPI32.dll!ControlServiceExW + 4 0000000075943228 1 byte [00] .text C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe[3768] C:\Windows\syswow64\ADVAPI32.dll!CreateServiceA 0000000075943264 3 bytes JMP 00000000761f4279 .text C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe[3768] C:\Windows\syswow64\ADVAPI32.dll!CreateServiceA + 4 0000000075943268 1 byte [00] .text C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe[3768] C:\Windows\syswow64\SHELL32.dll!Shell_NotifyIconW 0000000000670179 5 bytes JMP 00000000761f4d29 .text C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe[3768] C:\Windows\syswow64\urlmon.dll!CreateUri + 128 0000000077402b30 5 bytes JMP 00000001761f8591 .text C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe[3768] C:\Windows\syswow64\urlmon.dll!URLDownloadToCacheFileW 000000007743f810 5 bytes JMP 00000001761f4149 .text C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe[3768] C:\Windows\syswow64\urlmon.dll!URLDownloadToFileW 000000007743ffd0 5 bytes JMP 00000001761f21d1 .text C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe[3768] C:\Windows\syswow64\urlmon.dll!URLDownloadToFileA 00000000774bef00 5 bytes JMP 00000001761f2ab9 .text C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe[3768] C:\Windows\syswow64\WS2_32.dll!closesocket 0000000076c93918 5 bytes JMP 00000001761f60c1 .text C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe[3768] C:\Windows\syswow64\WS2_32.dll!WSASocketW 0000000076c93cd3 5 bytes JMP 00000001761f6029 .text C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe[3768] C:\Windows\syswow64\WS2_32.dll!socket 0000000076c93eb8 5 bytes JMP 00000001761f7621 .text C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe[3768] C:\Windows\syswow64\WS2_32.dll!WSASend 0000000076c94406 5 bytes JMP 00000001761f2139 .text C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe[3768] C:\Windows\syswow64\WS2_32.dll!GetAddrInfoW 0000000076c94889 5 bytes JMP 00000001761f5741 .text C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe[3768] C:\Windows\syswow64\WS2_32.dll!recv 0000000076c96b0e 5 bytes JMP 00000001761f77e9 .text C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe[3768] C:\Windows\syswow64\WS2_32.dll!connect 0000000076c96bdd 1 byte JMP 00000001761f41e1 .text C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe[3768] C:\Windows\syswow64\WS2_32.dll!connect + 2 0000000076c96bdf 3 bytes {CALL RBP} .text C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe[3768] C:\Windows\syswow64\WS2_32.dll!send 0000000076c96f01 5 bytes JMP 00000001761f20a1 .text C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe[3768] C:\Windows\syswow64\WS2_32.dll!WSARecv 0000000076c97089 5 bytes JMP 00000001761f7881 .text C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe[3768] C:\Windows\syswow64\WS2_32.dll!WSAConnect 0000000076c9cc3f 5 bytes JMP 00000001761f7751 .text C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe[3768] C:\Windows\syswow64\WS2_32.dll!GetAddrInfoExW 0000000076c9d1ea 5 bytes JMP 00000001761f57d9 .text C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe[3768] C:\Windows\syswow64\WS2_32.dll!gethostbyname 0000000076ca7673 5 bytes JMP 00000001761f5871 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3144] C:\Windows\SysWOW64\ntdll.dll!NtWriteFile 0000000077d3f924 5 bytes JMP 00000001761f77e9 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3144] C:\Windows\SysWOW64\ntdll.dll!NtClose 0000000077d3f9dc 5 bytes JMP 00000001761f5e61 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3144] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationProcess 0000000077d3fb24 5 bytes JMP 00000001761f5871 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3144] C:\Windows\SysWOW64\ntdll.dll!NtQueryInformationToken 0000000077d3fba4 5 bytes JMP 00000001761f73c1 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3144] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess 0000000077d3fc1c 5 bytes JMP 00000001761f31d9 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3144] C:\Windows\SysWOW64\ntdll.dll!NtMapViewOfSection 0000000077d3fc4c 5 bytes JMP 00000001761f15f1 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3144] C:\Windows\SysWOW64\ntdll.dll!NtUnmapViewOfSection 0000000077d3fc7c 5 bytes JMP 00000001761f1689 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3144] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 0000000077d3fcac 5 bytes JMP 00000001761f57d9 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3144] C:\Windows\SysWOW64\ntdll.dll!NtOpenSection 0000000077d3fdc4 5 bytes JMP 00000001761f7751 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3144] C:\Windows\SysWOW64\ntdll.dll!NtWriteVirtualMemory 0000000077d3fe10 5 bytes JMP 00000001761f30a9 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3144] C:\Windows\SysWOW64\ntdll.dll!NtDuplicateObject 0000000077d3fe40 5 bytes JMP 00000001761f3309 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3144] C:\Windows\SysWOW64\ntdll.dll!NtAdjustPrivilegesToken 0000000077d3febc 5 bytes JMP 00000001761f67e1 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3144] C:\Windows\SysWOW64\ntdll.dll!NtQueueApcThread 0000000077d3ff20 5 bytes JMP 00000001761f3271 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3144] C:\Windows\SysWOW64\ntdll.dll!NtCreateSection 0000000077d3ffa0 5 bytes JMP 00000001761f7881 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3144] C:\Windows\SysWOW64\ntdll.dll!NtCreateProcessEx 0000000077d3ffe8 5 bytes JMP 00000001761f2ee1 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3144] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread 0000000077d40000 5 bytes JMP 00000001761f2db1 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3144] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile 0000000077d400b0 5 bytes JMP 00000001761f1ed9 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3144] C:\Windows\SysWOW64\ntdll.dll!NtSetValueKey 0000000077d401c0 5 bytes JMP 00000001761f2301 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3144] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant 0000000077d40798 5 bytes JMP 00000001761f76b9 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3144] C:\Windows\SysWOW64\ntdll.dll!NtCreateProcess 0000000077d40810 5 bytes JMP 00000001761f2e49 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3144] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx 0000000077d408a0 5 bytes JMP 00000001761f2d19 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3144] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver 0000000077d40df0 5 bytes JMP 00000001761f5ef9 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3144] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessToken 0000000077d410bc 5 bytes JMP 00000001761f7329 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3144] C:\Windows\SysWOW64\ntdll.dll!NtRaiseHardError 0000000077d41600 5 bytes JMP 00000001761f4ac9 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3144] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread 0000000077d4191c 5 bytes JMP 00000001761f3141 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3144] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation 0000000077d41be0 5 bytes JMP 00000001761f5f91 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3144] C:\Windows\SysWOW64\ntdll.dll!NtSuspendProcess 0000000077d41d50 5 bytes JMP 00000001761f3439 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3144] C:\Windows\SysWOW64\ntdll.dll!NtSuspendThread 0000000077d41d6c 5 bytes JMP 00000001761f33a1 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3144] C:\Windows\SysWOW64\ntdll.dll!NtSystemDebugControl 0000000077d41d88 5 bytes JMP 00000001761f7919 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3144] C:\Windows\SysWOW64\ntdll.dll!NtVdmControl 0000000077d41ee4 5 bytes JMP 00000001761f74f1 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3144] C:\Windows\SysWOW64\ntdll.dll!RtlQueryPerformanceCounter 0000000077d54924 5 bytes JMP 00000001761f1ab1 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3144] C:\Windows\SysWOW64\ntdll.dll!RtlEqualSid 0000000077d60f81 5 bytes JMP 00000001761f7459 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3144] C:\Windows\SysWOW64\ntdll.dll!RtlCreateProcessParametersEx 0000000077d80edb 5 bytes JMP 00000001761f2009 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3144] C:\Windows\SysWOW64\ntdll.dll!RtlReportException 0000000077dc886f 5 bytes JMP 00000001761f4b61 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3144] C:\Windows\SysWOW64\ntdll.dll!RtlCreateProcessParameters 0000000077dceb0b 5 bytes JMP 00000001761f1f71 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3144] C:\Windows\syswow64\kernel32.dll!GetStartupInfoA 0000000077820e00 5 bytes JMP 00000001761f1da9 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3144] C:\Windows\syswow64\kernel32.dll!CreateProcessA 0000000077821072 5 bytes JMP 00000001761f2a21 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3144] C:\Windows\syswow64\kernel32.dll!LoadLibraryA 0000000077824977 5 bytes JMP 00000001761f25f9 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3144] C:\Windows\syswow64\kernel32.dll!CreateProcessInternalW 0000000077833b93 5 bytes JMP 00000001761f3011 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3144] C:\Windows\syswow64\kernel32.dll!MoveFileWithProgressW 0000000077839a74 5 bytes JMP 00000001761f6749 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3144] C:\Windows\syswow64\kernel32.dll!MoveFileExW 0000000077839ad5 5 bytes JMP 00000001761f64e9 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3144] C:\Windows\syswow64\kernel32.dll!CreateToolhelp32Snapshot 00000000778472f7 5 bytes JMP 00000001761f2729 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3144] C:\Windows\syswow64\kernel32.dll!Process32NextW 00000000778488aa 5 bytes JMP 00000001761f5dc9 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3144] C:\Windows\syswow64\kernel32.dll!MoveFileExA 000000007784ccb1 5 bytes JMP 00000001761f63b9 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3144] C:\Windows\syswow64\kernel32.dll!MoveFileWithProgressA 000000007784ccd1 5 bytes JMP 00000001761f6619 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3144] C:\Windows\syswow64\kernel32.dll!WinExec 00000000778a3041 5 bytes JMP 00000001761f28f1 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3144] C:\Windows\syswow64\kernel32.dll!ReadConsoleInputA 00000000778c74fb 5 bytes JMP 00000001761f46a1 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3144] C:\Windows\syswow64\kernel32.dll!ReadConsoleInputW 00000000778c751e 5 bytes JMP 00000001761f47d1 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3144] C:\Windows\syswow64\kernel32.dll!ReadConsoleA 00000000778c78c9 5 bytes JMP 00000001761f4901 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3144] C:\Windows\syswow64\kernel32.dll!ReadConsoleW 00000000778c7942 5 bytes JMP 00000001761f4a31 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3144] C:\Windows\syswow64\KERNELBASE.dll!GetSystemTimeAsFileTime 0000000075c08f8d 5 bytes JMP 00000000761f1a19 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3144] C:\Windows\syswow64\KERNELBASE.dll!CloseHandle 0000000075c0c436 5 bytes JMP 00000000761f3b59 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3144] C:\Windows\syswow64\KERNELBASE.dll!DeviceIoControl 0000000075c0d0af 5 bytes JMP 00000000761f6879 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3144] C:\Windows\syswow64\KERNELBASE.dll!WriteProcessMemory 0000000075c0eca6 5 bytes JMP 00000000761f3601 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3144] C:\Windows\syswow64\KERNELBASE.dll!ExitProcess 0000000075c0f206 5 bytes JMP 00000000761f2399 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3144] C:\Windows\syswow64\KERNELBASE.dll!GetStartupInfoW 0000000075c0fa89 5 bytes JMP 00000000761f1e41 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3144] C:\Windows\syswow64\KERNELBASE.dll!DefineDosDeviceW 0000000075c0fbb7 5 bytes JMP 00000000761f6289 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3144] C:\Windows\syswow64\KERNELBASE.dll!CreateMutexW 0000000075c11358 5 bytes JMP 00000000761f3ac1 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3144] C:\Windows\syswow64\KERNELBASE.dll!OpenMutexW 0000000075c1137f 5 bytes JMP 00000000761f3a29 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3144] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000075c11d29 5 bytes JMP 00000000761f1981 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3144] C:\Windows\syswow64\KERNELBASE.dll!GetProcAddress 0000000075c11e15 5 bytes JMP 00000000761f24c9 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3144] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000075c12ab1 5 bytes JMP 00000000761f59a1 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3144] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExA 0000000075c12cd9 5 bytes JMP 00000000761f5909 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3144] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000075c12d17 5 bytes JMP 00000000761f5a39 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3144] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleA 0000000075c12e7a 5 bytes JMP 00000000761f18e9 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3144] C:\Windows\syswow64\KERNELBASE.dll!SleepEx 0000000075c13b70 5 bytes JMP 00000000761f2269 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3144] C:\Windows\syswow64\KERNELBASE.dll!Sleep 0000000075c14496 5 bytes JMP 00000000761f2431 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3144] C:\Windows\syswow64\KERNELBASE.dll!CreateThread 0000000075c14608 5 bytes JMP 00000000761f3569 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3144] C:\Windows\syswow64\KERNELBASE.dll!CreateRemoteThread 0000000075c14631 5 bytes JMP 00000000761f2c81 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3144] C:\Windows\syswow64\KERNELBASE.dll!FindNextFileW 0000000075c1a211 5 bytes JMP 00000000761f69a9 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3144] C:\Windows\syswow64\KERNELBASE.dll!FindFirstFileExW 0000000075c1a4fa 5 bytes JMP 00000000761f6911 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3144] C:\Windows\syswow64\KERNELBASE.dll!CreateFileA 0000000075c1c734 5 bytes JMP 00000000761f27c1 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3144] C:\Windows\syswow64\KERNELBASE.dll!CreateWellKnownSid 0000000075c1e29d 5 bytes JMP 00000000761f7291 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3144] C:\Windows\syswow64\msvcrt.dll!_lock + 41 000000007571a472 5 bytes JMP 00000000761f79b1 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3144] C:\Windows\syswow64\msvcrt.dll!__p__fmode 00000000757227ce 5 bytes JMP 00000000761f1be1 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3144] C:\Windows\syswow64\msvcrt.dll!__p__environ 000000007572e6cf 5 bytes JMP 00000000761f1b49 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3144] C:\Windows\syswow64\USER32.dll!GetMessageW 0000000076af78e2 5 bytes JMP 00000001761f4441 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3144] C:\Windows\syswow64\USER32.dll!GetMessageA 0000000076af7bd3 5 bytes JMP 00000001761f43a9 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3144] C:\Windows\syswow64\USER32.dll!CreateWindowExW 0000000076af8a29 5 bytes JMP 00000001761f4f89 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3144] C:\Windows\syswow64\USER32.dll!FindWindowW 0000000076af98fd 1 byte JMP 00000001761f5c01 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3144] C:\Windows\syswow64\USER32.dll!FindWindowW + 2 0000000076af98ff 3 bytes {JMP 0xffffffffff6fc304} .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3144] C:\Windows\syswow64\USER32.dll!UserClientDllInitialize 0000000076afb6ed 5 bytes JMP 00000001761f7a49 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3144] C:\Windows\syswow64\USER32.dll!CreateWindowExA 0000000076afd22e 5 bytes JMP 00000001761f5021 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3144] C:\Windows\syswow64\USER32.dll!SetWinEventHook 0000000076afee09 5 bytes JMP 00000001761f34d1 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3144] C:\Windows\syswow64\USER32.dll!FindWindowA 0000000076afffe6 5 bytes JMP 00000001761f5ad1 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3144] C:\Windows\syswow64\USER32.dll!FindWindowExA 0000000076b000d9 5 bytes JMP 00000001761f5b69 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3144] C:\Windows\syswow64\USER32.dll!PeekMessageW 0000000076b005ba 5 bytes JMP 00000001761f4571 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3144] C:\Windows\syswow64\USER32.dll!ShowWindow 0000000076b00dfb 5 bytes JMP 00000001761f50b9 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3144] C:\Windows\syswow64\USER32.dll!PostMessageW 0000000076b012a5 5 bytes JMP 00000001761f7621 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3144] C:\Windows\syswow64\USER32.dll!SetWindowTextW 0000000076b020ec 5 bytes JMP 00000001761f5449 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3144] C:\Windows\syswow64\USER32.dll!PostMessageA 0000000076b03baa 5 bytes JMP 00000001761f7589 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3144] C:\Windows\syswow64\USER32.dll!PeekMessageA 0000000076b05f74 5 bytes JMP 00000001761f44d9 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3144] C:\Windows\syswow64\USER32.dll!CallNextHookEx 0000000076b06285 5 bytes JMP 00000001761f4bf9 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3144] C:\Windows\syswow64\USER32.dll!SetWindowsHookExW 0000000076b07603 5 bytes JMP 00000001761f2be9 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3144] C:\Windows\syswow64\USER32.dll!SetWindowTextA 0000000076b07aee 5 bytes JMP 00000001761f53b1 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3144] C:\Windows\syswow64\USER32.dll!SetWindowsHookExA 0000000076b0835c 5 bytes JMP 00000001761f2b51 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3144] C:\Windows\syswow64\USER32.dll!DialogBoxIndirectParamAorW 0000000076b1ce54 5 bytes JMP 00000001761f51e9 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3144] C:\Windows\syswow64\USER32.dll!UnhookWindowsHookEx 0000000076b1f52b 5 bytes JMP 00000001761f4c91 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3144] C:\Windows\syswow64\USER32.dll!FindWindowExW 0000000076b1f588 5 bytes JMP 00000001761f5c99 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3144] C:\Windows\syswow64\USER32.dll!CreateDialogIndirectParamAorW 0000000076b210a0 5 bytes JMP 00000001761f5151 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3144] C:\Windows\syswow64\USER32.dll!MessageBoxExA 0000000076b4fcd6 2 bytes JMP 00000001761f5281 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3144] C:\Windows\syswow64\USER32.dll!MessageBoxExA + 3 0000000076b4fcd9 2 bytes [6A, FF] .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3144] C:\Windows\syswow64\USER32.dll!MessageBoxExW 0000000076b4fcfa 5 bytes JMP 00000001761f5319 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3144] C:\Windows\syswow64\ADVAPI32.dll!CryptGenKey 0000000075908e89 5 bytes JMP 00000000761f6b71 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3144] C:\Windows\syswow64\ADVAPI32.dll!CryptAcquireContextA 0000000075909179 5 bytes JMP 00000000761f6a41 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3144] C:\Windows\syswow64\ADVAPI32.dll!CryptExportKey 0000000075909186 5 bytes JMP 00000000761f7031 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3144] C:\Windows\syswow64\ADVAPI32.dll!CryptImportKey 000000007590c4d2 5 bytes JMP 00000000761f71f9 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3144] C:\Windows\syswow64\ADVAPI32.dll!OpenServiceW 000000007590c9ec 5 bytes JMP 00000000761f3c89 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3144] C:\Windows\syswow64\ADVAPI32.dll!CryptAcquireContextW 000000007590deb4 5 bytes JMP 00000000761f6ad9 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3144] C:\Windows\syswow64\ADVAPI32.dll!CryptHashData 000000007590ded6 5 bytes JMP 00000000761f7161 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3144] C:\Windows\syswow64\ADVAPI32.dll!CryptCreateHash 000000007590deee 5 bytes JMP 00000000761f6f99 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3144] C:\Windows\syswow64\ADVAPI32.dll!CryptGetHashParam 000000007590df1e 5 bytes JMP 00000000761f70c9 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3144] C:\Windows\syswow64\ADVAPI32.dll!OpenServiceA 0000000075912b70 5 bytes JMP 00000000761f3bf1 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3144] C:\Windows\syswow64\ADVAPI32.dll!CloseServiceHandle 000000007591361c 5 bytes JMP 00000000761f40b1 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3144] C:\Windows\syswow64\ADVAPI32.dll!RegOpenKeyExA + 222 0000000075914965 5 bytes JMP 00000000761f7ae1 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3144] C:\Windows\syswow64\ADVAPI32.dll!CreateServiceW 00000000759270c4 5 bytes JMP 00000000761f4311 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3144] C:\Windows\syswow64\ADVAPI32.dll!ControlService 00000000759270dc 5 bytes JMP 00000000761f3e51 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3144] C:\Windows\syswow64\ADVAPI32.dll!DeleteService 00000000759270f4 5 bytes JMP 00000000761f3ee9 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3144] C:\Windows\syswow64\ADVAPI32.dll!CryptEncrypt 0000000075927733 5 bytes JMP 00000000761f6c09 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3144] C:\Windows\syswow64\ADVAPI32.dll!ChangeServiceConfigA 00000000759431f4 3 bytes JMP 00000000761f3f81 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3144] C:\Windows\syswow64\ADVAPI32.dll!ChangeServiceConfigA + 4 00000000759431f8 1 byte [00] .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3144] C:\Windows\syswow64\ADVAPI32.dll!ChangeServiceConfigW 0000000075943204 3 bytes JMP 00000000761f4019 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3144] C:\Windows\syswow64\ADVAPI32.dll!ChangeServiceConfigW + 4 0000000075943208 1 byte [00] .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3144] C:\Windows\syswow64\ADVAPI32.dll!ControlServiceExA 0000000075943214 3 bytes JMP 00000000761f3d21 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3144] C:\Windows\syswow64\ADVAPI32.dll!ControlServiceExA + 4 0000000075943218 1 byte [00] .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3144] C:\Windows\syswow64\ADVAPI32.dll!ControlServiceExW 0000000075943224 3 bytes JMP 00000000761f3db9 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3144] C:\Windows\syswow64\ADVAPI32.dll!ControlServiceExW + 4 0000000075943228 1 byte [00] .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3144] C:\Windows\syswow64\ADVAPI32.dll!CreateServiceA 0000000075943264 3 bytes JMP 00000000761f4279 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3144] C:\Windows\syswow64\ADVAPI32.dll!CreateServiceA + 4 0000000075943268 1 byte [00] .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3144] C:\Windows\syswow64\SHELL32.dll!Shell_NotifyIconW 0000000000800179 5 bytes JMP 00000000761f4d29 .text C:\Windows\system32\svchost.exe[4100] C:\Windows\SYSTEM32\ntdll.dll!RtlEqualSid + 1 0000000077b68611 11 bytes [B8, 39, 03, 3E, 76, 00, 00, ...] .text C:\Windows\system32\svchost.exe[4100] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateProcessParametersEx + 1 0000000077b76741 7 bytes [B8, 39, 69, 3D, 76, 00, 00] .text C:\Windows\system32\svchost.exe[4100] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateProcessParametersEx + 10 0000000077b7674a 2 bytes [50, C3] .text C:\Windows\system32\svchost.exe[4100] C:\Windows\SYSTEM32\ntdll.dll!NtWriteFile 0000000077b8dc50 6 bytes [48, B8, F9, 0B, 3E, 76] .text C:\Windows\system32\svchost.exe[4100] C:\Windows\SYSTEM32\ntdll.dll!NtWriteFile + 8 0000000077b8dc58 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\svchost.exe[4100] C:\Windows\SYSTEM32\ntdll.dll!NtClose 0000000077b8dcc0 6 bytes [48, B8, 79, C2, 3D, 76] .text C:\Windows\system32\svchost.exe[4100] C:\Windows\SYSTEM32\ntdll.dll!NtClose + 8 0000000077b8dcc8 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\svchost.exe[4100] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess 0000000077b8dd90 6 bytes [48, B8, 39, AF, 3D, 76] .text C:\Windows\system32\svchost.exe[4100] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess + 8 0000000077b8dd98 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\svchost.exe[4100] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationToken 0000000077b8dde0 6 bytes [48, B8, 79, 01, 3E, 76] .text C:\Windows\system32\svchost.exe[4100] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationToken + 8 0000000077b8dde8 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\svchost.exe[4100] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077b8de30 6 bytes [48, B8, F9, 32, 3D, 76] .text C:\Windows\system32\svchost.exe[4100] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess + 8 0000000077b8de38 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\svchost.exe[4100] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 0000000077b8de50 6 bytes [48, B8, 39, 1C, 3D, 76] .text C:\Windows\system32\svchost.exe[4100] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection + 8 0000000077b8de58 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\svchost.exe[4100] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection 0000000077b8de70 6 bytes [48, B8, F9, 1D, 3D, 76] .text C:\Windows\system32\svchost.exe[4100] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection + 8 0000000077b8de78 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\svchost.exe[4100] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077b8de90 6 bytes [48, B8, 79, AD, 3D, 76] .text C:\Windows\system32\svchost.exe[4100] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess + 8 0000000077b8de98 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\svchost.exe[4100] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077b8df40 6 bytes [48, B8, 39, 0A, 3E, 76] .text C:\Windows\system32\svchost.exe[4100] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection + 8 0000000077b8df48 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\svchost.exe[4100] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077b8df70 6 bytes [48, B8, 79, 2F, 3D, 76] .text C:\Windows\system32\svchost.exe[4100] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory + 8 0000000077b8df78 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\svchost.exe[4100] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077b8df90 6 bytes [48, B8, 79, 36, 3D, 76] .text C:\Windows\system32\svchost.exe[4100] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject + 8 0000000077b8df98 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\svchost.exe[4100] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 0000000077b8e020 6 bytes [48, B8, B9, 34, 3D, 76] .text C:\Windows\system32\svchost.exe[4100] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread + 8 0000000077b8e028 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\svchost.exe[4100] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077b8e070 6 bytes [48, B8, B9, 0D, 3E, 76] .text C:\Windows\system32\svchost.exe[4100] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection + 8 0000000077b8e078 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\svchost.exe[4100] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcessEx 0000000077b8e0a0 6 bytes [48, B8, 39, 2A, 3D, 76] .text C:\Windows\system32\svchost.exe[4100] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcessEx + 8 0000000077b8e0a8 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\svchost.exe[4100] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077b8e0b0 6 bytes [48, B8, B9, 26, 3D, 76] .text C:\Windows\system32\svchost.exe[4100] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread + 8 0000000077b8e0b8 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\svchost.exe[4100] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 0000000077b8e120 6 bytes [48, B8, 79, DE, 3D, 76] .text C:\Windows\system32\svchost.exe[4100] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile + 8 0000000077b8e128 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\svchost.exe[4100] C:\Windows\SYSTEM32\ntdll.dll!NtSetValueKey 0000000077b8e1d0 6 bytes [48, B8, 39, 11, 3E, 76] .text C:\Windows\system32\svchost.exe[4100] C:\Windows\SYSTEM32\ntdll.dll!NtSetValueKey + 8 0000000077b8e1d8 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\svchost.exe[4100] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077b8e5a0 6 bytes [48, B8, 79, 08, 3E, 76] .text C:\Windows\system32\svchost.exe[4100] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant + 8 0000000077b8e5a8 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\svchost.exe[4100] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcess 0000000077b8e5f0 6 bytes [48, B8, 79, 28, 3D, 76] .text C:\Windows\system32\svchost.exe[4100] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcess + 8 0000000077b8e5f8 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\svchost.exe[4100] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077b8e650 6 bytes [48, B8, F9, 24, 3D, 76] .text C:\Windows\system32\svchost.exe[4100] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx + 8 0000000077b8e658 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\svchost.exe[4100] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077b8e9c0 6 bytes [48, B8, 39, C4, 3D, 76] .text C:\Windows\system32\svchost.exe[4100] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver + 8 0000000077b8e9c8 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\svchost.exe[4100] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcessToken 0000000077b8eb90 6 bytes [48, B8, B9, FF, 3D, 76] .text C:\Windows\system32\svchost.exe[4100] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcessToken + 8 0000000077b8eb98 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\svchost.exe[4100] C:\Windows\SYSTEM32\ntdll.dll!NtRaiseHardError 0000000077b8ef00 6 bytes [48, B8, 79, 83, 3D, 76] .text C:\Windows\system32\svchost.exe[4100] C:\Windows\SYSTEM32\ntdll.dll!NtRaiseHardError + 8 0000000077b8ef08 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\svchost.exe[4100] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077b8f100 6 bytes [48, B8, 39, 31, 3D, 76] .text C:\Windows\system32\svchost.exe[4100] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread + 8 0000000077b8f108 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\svchost.exe[4100] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077b8f2c0 6 bytes [48, B8, F9, C5, 3D, 76] .text C:\Windows\system32\svchost.exe[4100] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation + 8 0000000077b8f2c8 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\svchost.exe[4100] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077b8f3a0 6 bytes [48, B8, 79, 3D, 3D, 76] .text C:\Windows\system32\svchost.exe[4100] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess + 8 0000000077b8f3a8 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\svchost.exe[4100] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077b8f3b0 6 bytes [48, B8, B9, 3B, 3D, 76] .text C:\Windows\system32\svchost.exe[4100] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread + 8 0000000077b8f3b8 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\svchost.exe[4100] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077b8f3c0 6 bytes [48, B8, 79, 0F, 3E, 76] .text C:\Windows\system32\svchost.exe[4100] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl + 8 0000000077b8f3c8 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\svchost.exe[4100] C:\Windows\SYSTEM32\ntdll.dll!RtlReportException + 1 0000000077bfea21 11 bytes [B8, 39, 85, 3D, 76, 00, 00, ...] .text C:\Windows\system32\svchost.exe[4100] C:\Windows\system32\KERNELBASE.dll!CloseHandle + 1 000007fefdc51861 11 bytes [B8, 79, 52, 3D, 76, 00, 00, ...] .text C:\Windows\system32\svchost.exe[4100] C:\Windows\system32\KERNELBASE.dll!GetProcAddress + 1 000007fefdc530f1 11 bytes [B8, 39, B6, 3D, 76, 00, 00, ...] .text C:\Windows\system32\svchost.exe[4100] C:\Windows\system32\KERNELBASE.dll!FindFirstFileExW 000007fefdc55200 12 bytes [48, B8, F9, E1, 3D, 76, 00, ...] .text C:\Windows\system32\svchost.exe[4100] C:\Windows\system32\KERNELBASE.dll!FindNextFileW + 1 000007fefdc55b91 11 bytes [B8, B9, E3, 3D, 76, 00, 00, ...] .text C:\Windows\system32\svchost.exe[4100] C:\Windows\system32\KERNELBASE.dll!CreateMutexW 000007fefdc58c00 12 bytes [48, B8, B9, 50, 3D, 76, 00, ...] .text C:\Windows\system32\svchost.exe[4100] C:\Windows\system32\KERNELBASE.dll!CreateWellKnownSid + 1 000007fefdc59531 11 bytes [B8, F9, FD, 3D, 76, 00, 00, ...] .text C:\Windows\system32\svchost.exe[4100] C:\Windows\system32\KERNELBASE.dll!DeviceIoControl + 1 000007fefdc59e71 11 bytes [B8, 39, E0, 3D, 76, 00, 00, ...] .text C:\Windows\system32\svchost.exe[4100] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExA + 1 000007fefdc5b591 11 bytes [B8, F9, B0, 3D, 76, 00, 00, ...] .text C:\Windows\system32\svchost.exe[4100] C:\Windows\system32\KERNELBASE.dll!OpenMutexW + 1 000007fefdc62361 11 bytes [B8, F9, 4E, 3D, 76, 00, 00, ...] .text C:\Windows\system32\svchost.exe[4100] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefdc6a590 12 bytes [48, B8, B9, B2, 3D, 76, 00, ...] .text C:\Windows\system32\svchost.exe[4100] C:\Windows\system32\KERNELBASE.dll!FreeLibrary + 1 000007fefdc6ac01 11 bytes [B8, 79, B4, 3D, 76, 00, 00, ...] .text C:\Windows\system32\svchost.exe[4100] C:\Windows\system32\KERNELBASE.dll!WriteProcessMemory 000007fefdc842e0 12 bytes [48, B8, B9, 42, 3D, 76, 00, ...] .text C:\Windows\system32\svchost.exe[4100] C:\Windows\system32\KERNELBASE.dll!DefineDosDeviceW + 1 000007fefdc90ba1 11 bytes [B8, B9, CE, 3D, 76, 00, 00, ...] .text C:\Windows\system32\svchost.exe[4100] C:\Windows\system32\KERNELBASE.dll!CreateRemoteThread + 1 000007fefdc92801 8 bytes [B8, 39, 23, 3D, 76, 00, 00, ...] .text C:\Windows\system32\svchost.exe[4100] C:\Windows\system32\KERNELBASE.dll!CreateRemoteThread + 10 000007fefdc9280a 2 bytes [50, C3] .text C:\Windows\system32\svchost.exe[4100] C:\Windows\system32\KERNELBASE.dll!CreateThread + 1 000007fefdc92841 11 bytes [B8, F9, 40, 3D, 76, 00, 00, ...] .text C:\Windows\system32\svchost.exe[4100] C:\Windows\SYSTEM32\sechost.dll!ControlService + 1 000007feff6f642d 11 bytes [B8, 39, 5B, 3D, 76, 00, 00, ...] .text C:\Windows\system32\svchost.exe[4100] C:\Windows\SYSTEM32\sechost.dll!OpenServiceW 000007feff6f6484 12 bytes [48, B8, F9, 55, 3D, 76, 00, ...] .text C:\Windows\system32\svchost.exe[4100] C:\Windows\SYSTEM32\sechost.dll!CloseServiceHandle + 1 000007feff6f6519 11 bytes [B8, 39, 62, 3D, 76, 00, 00, ...] .text C:\Windows\system32\svchost.exe[4100] C:\Windows\SYSTEM32\sechost.dll!OpenServiceA 000007feff6f6c34 12 bytes [48, B8, 39, 54, 3D, 76, 00, ...] .text C:\Windows\system32\svchost.exe[4100] C:\Windows\SYSTEM32\sechost.dll!DeleteService + 1 000007feff6f7ab5 11 bytes [B8, F9, 5C, 3D, 76, 00, 00, ...] .text C:\Windows\system32\svchost.exe[4100] C:\Windows\SYSTEM32\sechost.dll!ControlServiceExA + 1 000007feff6f8b01 11 bytes [B8, B9, 57, 3D, 76, 00, 00, ...] .text C:\Windows\system32\svchost.exe[4100] C:\Windows\SYSTEM32\sechost.dll!ControlServiceExW + 1 000007feff6f8c39 11 bytes [B8, 79, 59, 3D, 76, 00, 00, ...] .text C:\Windows\system32\svchost.exe[4100] C:\Windows\system32\WS2_32.dll!WSASend + 1 000007feff1b13b1 11 bytes [B8, B9, AB, 3D, 76, 00, 00, ...] .text C:\Windows\system32\svchost.exe[4100] C:\Windows\system32\WS2_32.dll!closesocket 000007feff1b18e0 12 bytes [48, B8, F9, A9, 3D, 76, 00, ...] .text C:\Windows\system32\svchost.exe[4100] C:\Windows\system32\WS2_32.dll!WSASocketW + 1 000007feff1b1bd1 11 bytes [B8, 39, A8, 3D, 76, 00, 00, ...] .text C:\Windows\system32\svchost.exe[4100] C:\Windows\system32\WS2_32.dll!WSARecv + 1 000007feff1b2201 11 bytes [B8, 79, F3, 3D, 76, 00, 00, ...] .text C:\Windows\system32\svchost.exe[4100] C:\Windows\system32\WS2_32.dll!GetAddrInfoW 000007feff1b23c0 12 bytes [48, B8, 39, 8C, 3D, 76, 00, ...] .text C:\Windows\system32\svchost.exe[4100] C:\Windows\system32\WS2_32.dll!connect 000007feff1b45c0 12 bytes [48, B8, 79, 67, 3D, 76, 00, ...] .text C:\Windows\system32\svchost.exe[4100] C:\Windows\system32\WS2_32.dll!send + 1 000007feff1b8001 11 bytes [B8, 79, A6, 3D, 76, 00, 00, ...] .text C:\Windows\system32\svchost.exe[4100] C:\Windows\system32\WS2_32.dll!gethostbyname 000007feff1b8df0 7 bytes [48, B8, B9, 8F, 3D, 76, 00] .text C:\Windows\system32\svchost.exe[4100] C:\Windows\system32\WS2_32.dll!gethostbyname + 9 000007feff1b8df9 3 bytes [00, 50, C3] .text C:\Windows\system32\svchost.exe[4100] C:\Windows\system32\WS2_32.dll!GetAddrInfoExW 000007feff1bc090 12 bytes [48, B8, F9, 8D, 3D, 76, 00, ...] .text C:\Windows\system32\svchost.exe[4100] C:\Windows\system32\WS2_32.dll!socket + 1 000007feff1bde91 11 bytes [B8, 79, EC, 3D, 76, 00, 00, ...] .text C:\Windows\system32\svchost.exe[4100] C:\Windows\system32\WS2_32.dll!recv + 1 000007feff1bdf41 11 bytes [B8, B9, F1, 3D, 76, 00, 00, ...] .text C:\Windows\system32\svchost.exe[4100] C:\Windows\system32\WS2_32.dll!WSAConnect + 1 000007feff1de0f1 11 bytes [B8, F9, EF, 3D, 76, 00, 00, ...] .text C:\Windows\system32\svchost.exe[4100] C:\Windows\system32\WINHTTP.dll!WinHttpCloseHandle 000007fefb2f22e0 12 bytes [48, B8, F9, A2, 3D, 76, 00, ...] .text C:\Windows\system32\svchost.exe[4100] C:\Windows\system32\WINHTTP.dll!WinHttpOpenRequest 000007fefb2f45f8 12 bytes [48, B8, 39, A1, 3D, 76, 00, ...] .text C:\Windows\system32\svchost.exe[4100] C:\Windows\system32\WINHTTP.dll!WinHttpConnect 000007fefb303e3c 12 bytes [48, B8, B9, A4, 3D, 76, 00, ...] .text C:\Windows\system32\svchost.exe[4100] C:\Windows\system32\DNSAPI.dll!DnsQuery_UTF8 000007fefcc256e0 12 bytes [48, B8, 39, CB, 3D, 76, 00, ...] .text C:\Windows\system32\svchost.exe[4100] C:\Windows\system32\DNSAPI.dll!DnsQuery_W 000007fefcc3010c 12 bytes [48, B8, 79, C9, 3D, 76, 00, ...] .text C:\Windows\system32\svchost.exe[4100] C:\Windows\system32\DNSAPI.dll!DnsQuery_A 000007fefcc4daa0 12 bytes [48, B8, B9, C7, 3D, 76, 00, ...] .text C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\IPC\AdobeIPCBroker.exe[4320] C:\Windows\SysWOW64\ntdll.dll!NtWriteFile 0000000077d3f924 5 bytes JMP 00000001761f77e9 .text C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\IPC\AdobeIPCBroker.exe[4320] C:\Windows\SysWOW64\ntdll.dll!NtClose 0000000077d3f9dc 5 bytes JMP 00000001761f5e61 .text C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\IPC\AdobeIPCBroker.exe[4320] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationProcess 0000000077d3fb24 5 bytes JMP 00000001761f5871 .text C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\IPC\AdobeIPCBroker.exe[4320] C:\Windows\SysWOW64\ntdll.dll!NtQueryInformationToken 0000000077d3fba4 5 bytes JMP 00000001761f73c1 .text C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\IPC\AdobeIPCBroker.exe[4320] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess 0000000077d3fc1c 5 bytes JMP 00000001761f31d9 .text C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\IPC\AdobeIPCBroker.exe[4320] C:\Windows\SysWOW64\ntdll.dll!NtMapViewOfSection 0000000077d3fc4c 5 bytes JMP 00000001761f15f1 .text C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\IPC\AdobeIPCBroker.exe[4320] C:\Windows\SysWOW64\ntdll.dll!NtUnmapViewOfSection 0000000077d3fc7c 5 bytes JMP 00000001761f1689 .text C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\IPC\AdobeIPCBroker.exe[4320] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 0000000077d3fcac 5 bytes JMP 00000001761f57d9 .text C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\IPC\AdobeIPCBroker.exe[4320] C:\Windows\SysWOW64\ntdll.dll!NtOpenSection 0000000077d3fdc4 5 bytes JMP 00000001761f7751 .text C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\IPC\AdobeIPCBroker.exe[4320] C:\Windows\SysWOW64\ntdll.dll!NtWriteVirtualMemory 0000000077d3fe10 5 bytes JMP 00000001761f30a9 .text C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\IPC\AdobeIPCBroker.exe[4320] C:\Windows\SysWOW64\ntdll.dll!NtDuplicateObject 0000000077d3fe40 5 bytes JMP 00000001761f3309 .text C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\IPC\AdobeIPCBroker.exe[4320] C:\Windows\SysWOW64\ntdll.dll!NtAdjustPrivilegesToken 0000000077d3febc 5 bytes JMP 00000001761f67e1 .text C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\IPC\AdobeIPCBroker.exe[4320] C:\Windows\SysWOW64\ntdll.dll!NtQueueApcThread 0000000077d3ff20 5 bytes JMP 00000001761f3271 .text C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\IPC\AdobeIPCBroker.exe[4320] C:\Windows\SysWOW64\ntdll.dll!NtCreateSection 0000000077d3ffa0 5 bytes JMP 00000001761f7881 .text C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\IPC\AdobeIPCBroker.exe[4320] C:\Windows\SysWOW64\ntdll.dll!NtCreateProcessEx 0000000077d3ffe8 5 bytes JMP 00000001761f2ee1 .text C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\IPC\AdobeIPCBroker.exe[4320] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread 0000000077d40000 5 bytes JMP 00000001761f2db1 .text C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\IPC\AdobeIPCBroker.exe[4320] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile 0000000077d400b0 5 bytes JMP 00000001761f1ed9 .text C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\IPC\AdobeIPCBroker.exe[4320] C:\Windows\SysWOW64\ntdll.dll!NtSetValueKey 0000000077d401c0 5 bytes JMP 00000001761f2301 .text C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\IPC\AdobeIPCBroker.exe[4320] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant 0000000077d40798 5 bytes JMP 00000001761f76b9 .text C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\IPC\AdobeIPCBroker.exe[4320] C:\Windows\SysWOW64\ntdll.dll!NtCreateProcess 0000000077d40810 5 bytes JMP 00000001761f2e49 .text C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\IPC\AdobeIPCBroker.exe[4320] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx 0000000077d408a0 5 bytes JMP 00000001761f2d19 .text C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\IPC\AdobeIPCBroker.exe[4320] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver 0000000077d40df0 5 bytes JMP 00000001761f5ef9 .text C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\IPC\AdobeIPCBroker.exe[4320] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessToken 0000000077d410bc 5 bytes JMP 00000001761f7329 .text C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\IPC\AdobeIPCBroker.exe[4320] C:\Windows\SysWOW64\ntdll.dll!NtRaiseHardError 0000000077d41600 5 bytes JMP 00000001761f4ac9 .text C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\IPC\AdobeIPCBroker.exe[4320] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread 0000000077d4191c 5 bytes JMP 00000001761f3141 .text C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\IPC\AdobeIPCBroker.exe[4320] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation 0000000077d41be0 5 bytes JMP 00000001761f5f91 .text C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\IPC\AdobeIPCBroker.exe[4320] C:\Windows\SysWOW64\ntdll.dll!NtSuspendProcess 0000000077d41d50 5 bytes JMP 00000001761f3439 .text C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\IPC\AdobeIPCBroker.exe[4320] C:\Windows\SysWOW64\ntdll.dll!NtSuspendThread 0000000077d41d6c 5 bytes JMP 00000001761f33a1 .text C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\IPC\AdobeIPCBroker.exe[4320] C:\Windows\SysWOW64\ntdll.dll!NtSystemDebugControl 0000000077d41d88 5 bytes JMP 00000001761f7919 .text C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\IPC\AdobeIPCBroker.exe[4320] C:\Windows\SysWOW64\ntdll.dll!NtVdmControl 0000000077d41ee4 5 bytes JMP 00000001761f74f1 .text C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\IPC\AdobeIPCBroker.exe[4320] C:\Windows\SysWOW64\ntdll.dll!RtlQueryPerformanceCounter 0000000077d54924 5 bytes JMP 00000001761f1ab1 .text C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\IPC\AdobeIPCBroker.exe[4320] C:\Windows\SysWOW64\ntdll.dll!RtlEqualSid 0000000077d60f81 5 bytes JMP 00000001761f7459 .text C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\IPC\AdobeIPCBroker.exe[4320] C:\Windows\SysWOW64\ntdll.dll!RtlCreateProcessParametersEx 0000000077d80edb 5 bytes JMP 00000001761f2009 .text C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\IPC\AdobeIPCBroker.exe[4320] C:\Windows\SysWOW64\ntdll.dll!RtlReportException 0000000077dc886f 5 bytes JMP 00000001761f4b61 .text C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\IPC\AdobeIPCBroker.exe[4320] C:\Windows\SysWOW64\ntdll.dll!RtlCreateProcessParameters 0000000077dceb0b 5 bytes JMP 00000001761f1f71 .text C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\IPC\AdobeIPCBroker.exe[4320] C:\Windows\syswow64\kernel32.dll!GetStartupInfoA 0000000077820e00 5 bytes JMP 00000001761f1da9 .text C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\IPC\AdobeIPCBroker.exe[4320] C:\Windows\syswow64\kernel32.dll!CreateProcessA 0000000077821072 5 bytes JMP 00000001761f2a21 .text C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\IPC\AdobeIPCBroker.exe[4320] C:\Windows\syswow64\kernel32.dll!LoadLibraryA 0000000077824977 5 bytes JMP 00000001761f25f9 .text C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\IPC\AdobeIPCBroker.exe[4320] C:\Windows\syswow64\kernel32.dll!CreateProcessInternalW 0000000077833b93 5 bytes JMP 00000001761f3011 .text C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\IPC\AdobeIPCBroker.exe[4320] C:\Windows\syswow64\kernel32.dll!MoveFileWithProgressW 0000000077839a74 5 bytes JMP 00000001761f6749 .text C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\IPC\AdobeIPCBroker.exe[4320] C:\Windows\syswow64\kernel32.dll!MoveFileExW 0000000077839ad5 5 bytes JMP 00000001761f64e9 .text C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\IPC\AdobeIPCBroker.exe[4320] C:\Windows\syswow64\kernel32.dll!CreateToolhelp32Snapshot 00000000778472f7 5 bytes JMP 00000001761f2729 .text C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\IPC\AdobeIPCBroker.exe[4320] C:\Windows\syswow64\kernel32.dll!Process32NextW 00000000778488aa 5 bytes JMP 00000001761f5dc9 .text C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\IPC\AdobeIPCBroker.exe[4320] C:\Windows\syswow64\kernel32.dll!MoveFileExA 000000007784ccb1 5 bytes JMP 00000001761f63b9 .text C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\IPC\AdobeIPCBroker.exe[4320] C:\Windows\syswow64\kernel32.dll!MoveFileWithProgressA 000000007784ccd1 5 bytes JMP 00000001761f6619 .text C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\IPC\AdobeIPCBroker.exe[4320] C:\Windows\syswow64\kernel32.dll!WinExec 00000000778a3041 5 bytes JMP 00000001761f28f1 .text C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\IPC\AdobeIPCBroker.exe[4320] C:\Windows\syswow64\kernel32.dll!ReadConsoleInputA 00000000778c74fb 5 bytes JMP 00000001761f46a1 .text C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\IPC\AdobeIPCBroker.exe[4320] C:\Windows\syswow64\kernel32.dll!ReadConsoleInputW 00000000778c751e 5 bytes JMP 00000001761f47d1 .text C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\IPC\AdobeIPCBroker.exe[4320] C:\Windows\syswow64\kernel32.dll!ReadConsoleA 00000000778c78c9 5 bytes JMP 00000001761f4901 .text C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\IPC\AdobeIPCBroker.exe[4320] C:\Windows\syswow64\kernel32.dll!ReadConsoleW 00000000778c7942 5 bytes JMP 00000001761f4a31 .text C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\IPC\AdobeIPCBroker.exe[4320] C:\Windows\syswow64\KERNELBASE.dll!GetSystemTimeAsFileTime 0000000075c08f8d 5 bytes JMP 00000000761f1a19 .text C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\IPC\AdobeIPCBroker.exe[4320] C:\Windows\syswow64\KERNELBASE.dll!CloseHandle 0000000075c0c436 5 bytes JMP 00000000761f3b59 .text C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\IPC\AdobeIPCBroker.exe[4320] C:\Windows\syswow64\KERNELBASE.dll!DeviceIoControl 0000000075c0d0af 5 bytes JMP 00000000761f6879 .text C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\IPC\AdobeIPCBroker.exe[4320] C:\Windows\syswow64\KERNELBASE.dll!WriteProcessMemory 0000000075c0eca6 5 bytes JMP 00000000761f3601 .text C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\IPC\AdobeIPCBroker.exe[4320] C:\Windows\syswow64\KERNELBASE.dll!ExitProcess 0000000075c0f206 5 bytes JMP 00000000761f2399 .text C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\IPC\AdobeIPCBroker.exe[4320] C:\Windows\syswow64\KERNELBASE.dll!GetStartupInfoW 0000000075c0fa89 5 bytes JMP 00000000761f1e41 .text C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\IPC\AdobeIPCBroker.exe[4320] C:\Windows\syswow64\KERNELBASE.dll!DefineDosDeviceW 0000000075c0fbb7 5 bytes JMP 00000000761f6289 .text C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\IPC\AdobeIPCBroker.exe[4320] C:\Windows\syswow64\KERNELBASE.dll!CreateMutexW 0000000075c11358 5 bytes JMP 00000000761f3ac1 .text C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\IPC\AdobeIPCBroker.exe[4320] C:\Windows\syswow64\KERNELBASE.dll!OpenMutexW 0000000075c1137f 5 bytes JMP 00000000761f3a29 .text C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\IPC\AdobeIPCBroker.exe[4320] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000075c11d29 5 bytes JMP 00000000761f1981 .text C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\IPC\AdobeIPCBroker.exe[4320] C:\Windows\syswow64\KERNELBASE.dll!GetProcAddress 0000000075c11e15 5 bytes JMP 00000000761f24c9 .text C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\IPC\AdobeIPCBroker.exe[4320] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000075c12ab1 5 bytes JMP 00000000761f59a1 .text C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\IPC\AdobeIPCBroker.exe[4320] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExA 0000000075c12cd9 5 bytes JMP 00000000761f5909 .text C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\IPC\AdobeIPCBroker.exe[4320] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000075c12d17 5 bytes JMP 00000000761f5a39 .text C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\IPC\AdobeIPCBroker.exe[4320] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleA 0000000075c12e7a 5 bytes JMP 00000000761f18e9 .text C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\IPC\AdobeIPCBroker.exe[4320] C:\Windows\syswow64\KERNELBASE.dll!SleepEx 0000000075c13b70 5 bytes JMP 00000000761f2269 .text C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\IPC\AdobeIPCBroker.exe[4320] C:\Windows\syswow64\KERNELBASE.dll!Sleep 0000000075c14496 5 bytes JMP 00000000761f2431 .text C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\IPC\AdobeIPCBroker.exe[4320] C:\Windows\syswow64\KERNELBASE.dll!CreateThread 0000000075c14608 5 bytes JMP 00000000761f3569 .text C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\IPC\AdobeIPCBroker.exe[4320] C:\Windows\syswow64\KERNELBASE.dll!CreateRemoteThread 0000000075c14631 5 bytes JMP 00000000761f2c81 .text C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\IPC\AdobeIPCBroker.exe[4320] C:\Windows\syswow64\KERNELBASE.dll!FindNextFileW 0000000075c1a211 5 bytes JMP 00000000761f69a9 .text C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\IPC\AdobeIPCBroker.exe[4320] C:\Windows\syswow64\KERNELBASE.dll!FindFirstFileExW 0000000075c1a4fa 5 bytes JMP 00000000761f6911 .text C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\IPC\AdobeIPCBroker.exe[4320] C:\Windows\syswow64\KERNELBASE.dll!CreateFileA 0000000075c1c734 5 bytes JMP 00000000761f27c1 .text C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\IPC\AdobeIPCBroker.exe[4320] C:\Windows\syswow64\KERNELBASE.dll!CreateWellKnownSid 0000000075c1e29d 5 bytes JMP 00000000761f7291 .text C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\IPC\AdobeIPCBroker.exe[4320] C:\Windows\syswow64\USER32.dll!GetMessageW 0000000076af78e2 5 bytes JMP 00000001761f4441 .text C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\IPC\AdobeIPCBroker.exe[4320] C:\Windows\syswow64\USER32.dll!GetMessageA 0000000076af7bd3 5 bytes JMP 00000001761f43a9 .text C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\IPC\AdobeIPCBroker.exe[4320] C:\Windows\syswow64\USER32.dll!CreateWindowExW 0000000076af8a29 5 bytes JMP 00000001761f4f89 .text C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\IPC\AdobeIPCBroker.exe[4320] C:\Windows\syswow64\USER32.dll!FindWindowW 0000000076af98fd 1 byte JMP 00000001761f5c01 .text C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\IPC\AdobeIPCBroker.exe[4320] C:\Windows\syswow64\USER32.dll!FindWindowW + 2 0000000076af98ff 3 bytes {JMP 0xffffffffff6fc304} .text C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\IPC\AdobeIPCBroker.exe[4320] C:\Windows\syswow64\USER32.dll!UserClientDllInitialize 0000000076afb6ed 5 bytes JMP 00000001761f79b1 .text C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\IPC\AdobeIPCBroker.exe[4320] C:\Windows\syswow64\USER32.dll!CreateWindowExA 0000000076afd22e 5 bytes JMP 00000001761f5021 .text C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\IPC\AdobeIPCBroker.exe[4320] C:\Windows\syswow64\USER32.dll!SetWinEventHook 0000000076afee09 5 bytes JMP 00000001761f34d1 .text C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\IPC\AdobeIPCBroker.exe[4320] C:\Windows\syswow64\USER32.dll!FindWindowA 0000000076afffe6 5 bytes JMP 00000001761f5ad1 .text C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\IPC\AdobeIPCBroker.exe[4320] C:\Windows\syswow64\USER32.dll!FindWindowExA 0000000076b000d9 5 bytes JMP 00000001761f5b69 .text C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\IPC\AdobeIPCBroker.exe[4320] C:\Windows\syswow64\USER32.dll!PeekMessageW 0000000076b005ba 5 bytes JMP 00000001761f4571 .text C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\IPC\AdobeIPCBroker.exe[4320] C:\Windows\syswow64\USER32.dll!ShowWindow 0000000076b00dfb 5 bytes JMP 00000001761f50b9 .text C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\IPC\AdobeIPCBroker.exe[4320] C:\Windows\syswow64\USER32.dll!PostMessageW 0000000076b012a5 5 bytes JMP 00000001761f7621 .text C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\IPC\AdobeIPCBroker.exe[4320] C:\Windows\syswow64\USER32.dll!SetWindowTextW 0000000076b020ec 5 bytes JMP 00000001761f5449 .text C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\IPC\AdobeIPCBroker.exe[4320] C:\Windows\syswow64\USER32.dll!PostMessageA 0000000076b03baa 5 bytes JMP 00000001761f7589 .text C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\IPC\AdobeIPCBroker.exe[4320] C:\Windows\syswow64\USER32.dll!PeekMessageA 0000000076b05f74 5 bytes JMP 00000001761f44d9 .text C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\IPC\AdobeIPCBroker.exe[4320] C:\Windows\syswow64\USER32.dll!CallNextHookEx 0000000076b06285 5 bytes JMP 00000001761f4bf9 .text C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\IPC\AdobeIPCBroker.exe[4320] C:\Windows\syswow64\USER32.dll!SetWindowsHookExW 0000000076b07603 5 bytes JMP 00000001761f2be9 .text C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\IPC\AdobeIPCBroker.exe[4320] C:\Windows\syswow64\USER32.dll!SetWindowTextA 0000000076b07aee 5 bytes JMP 00000001761f53b1 .text C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\IPC\AdobeIPCBroker.exe[4320] C:\Windows\syswow64\USER32.dll!SetWindowsHookExA 0000000076b0835c 5 bytes JMP 00000001761f2b51 .text C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\IPC\AdobeIPCBroker.exe[4320] C:\Windows\syswow64\USER32.dll!DialogBoxIndirectParamAorW 0000000076b1ce54 5 bytes JMP 00000001761f51e9 .text C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\IPC\AdobeIPCBroker.exe[4320] C:\Windows\syswow64\USER32.dll!UnhookWindowsHookEx 0000000076b1f52b 5 bytes JMP 00000001761f4c91 .text C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\IPC\AdobeIPCBroker.exe[4320] C:\Windows\syswow64\USER32.dll!FindWindowExW 0000000076b1f588 5 bytes JMP 00000001761f5c99 .text C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\IPC\AdobeIPCBroker.exe[4320] C:\Windows\syswow64\USER32.dll!CreateDialogIndirectParamAorW 0000000076b210a0 5 bytes JMP 00000001761f5151 .text C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\IPC\AdobeIPCBroker.exe[4320] C:\Windows\syswow64\USER32.dll!MessageBoxExA 0000000076b4fcd6 2 bytes JMP 00000001761f5281 .text C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\IPC\AdobeIPCBroker.exe[4320] C:\Windows\syswow64\USER32.dll!MessageBoxExA + 3 0000000076b4fcd9 2 bytes [6A, FF] .text C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\IPC\AdobeIPCBroker.exe[4320] C:\Windows\syswow64\USER32.dll!MessageBoxExW 0000000076b4fcfa 5 bytes JMP 00000001761f5319 .text C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\IPC\AdobeIPCBroker.exe[4320] C:\Windows\syswow64\msvcrt.dll!_lock + 41 000000007571a472 5 bytes JMP 00000000761f7a49 .text C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\IPC\AdobeIPCBroker.exe[4320] C:\Windows\syswow64\msvcrt.dll!__p__fmode 00000000757227ce 5 bytes JMP 00000000761f1be1 .text C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\IPC\AdobeIPCBroker.exe[4320] C:\Windows\syswow64\msvcrt.dll!__p__environ 000000007572e6cf 5 bytes JMP 00000000761f1b49 .text C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\IPC\AdobeIPCBroker.exe[4320] C:\Windows\syswow64\ADVAPI32.dll!CryptGenKey 0000000075908e89 5 bytes JMP 00000000761f6b71 .text C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\IPC\AdobeIPCBroker.exe[4320] C:\Windows\syswow64\ADVAPI32.dll!CryptAcquireContextA 0000000075909179 5 bytes JMP 00000000761f6a41 .text C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\IPC\AdobeIPCBroker.exe[4320] C:\Windows\syswow64\ADVAPI32.dll!CryptExportKey 0000000075909186 5 bytes JMP 00000000761f7031 .text C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\IPC\AdobeIPCBroker.exe[4320] C:\Windows\syswow64\ADVAPI32.dll!CryptImportKey 000000007590c4d2 5 bytes JMP 00000000761f71f9 .text C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\IPC\AdobeIPCBroker.exe[4320] C:\Windows\syswow64\ADVAPI32.dll!OpenServiceW 000000007590c9ec 5 bytes JMP 00000000761f3c89 .text C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\IPC\AdobeIPCBroker.exe[4320] C:\Windows\syswow64\ADVAPI32.dll!CryptAcquireContextW 000000007590deb4 5 bytes JMP 00000000761f6ad9 .text C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\IPC\AdobeIPCBroker.exe[4320] C:\Windows\syswow64\ADVAPI32.dll!CryptHashData 000000007590ded6 5 bytes JMP 00000000761f7161 .text C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\IPC\AdobeIPCBroker.exe[4320] C:\Windows\syswow64\ADVAPI32.dll!CryptCreateHash 000000007590deee 5 bytes JMP 00000000761f6f99 .text C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\IPC\AdobeIPCBroker.exe[4320] C:\Windows\syswow64\ADVAPI32.dll!CryptGetHashParam 000000007590df1e 5 bytes JMP 00000000761f70c9 .text C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\IPC\AdobeIPCBroker.exe[4320] C:\Windows\syswow64\ADVAPI32.dll!OpenServiceA 0000000075912b70 5 bytes JMP 00000000761f3bf1 .text C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\IPC\AdobeIPCBroker.exe[4320] C:\Windows\syswow64\ADVAPI32.dll!CloseServiceHandle 000000007591361c 5 bytes JMP 00000000761f40b1 .text C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\IPC\AdobeIPCBroker.exe[4320] C:\Windows\syswow64\ADVAPI32.dll!RegOpenKeyExA + 222 0000000075914965 5 bytes JMP 00000000761f7ae1 .text C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\IPC\AdobeIPCBroker.exe[4320] C:\Windows\syswow64\ADVAPI32.dll!CreateServiceW 00000000759270c4 5 bytes JMP 00000000761f4311 .text C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\IPC\AdobeIPCBroker.exe[4320] C:\Windows\syswow64\ADVAPI32.dll!ControlService 00000000759270dc 5 bytes JMP 00000000761f3e51 .text C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\IPC\AdobeIPCBroker.exe[4320] C:\Windows\syswow64\ADVAPI32.dll!DeleteService 00000000759270f4 5 bytes JMP 00000000761f3ee9 .text C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\IPC\AdobeIPCBroker.exe[4320] C:\Windows\syswow64\ADVAPI32.dll!CryptEncrypt 0000000075927733 5 bytes JMP 00000000761f6c09 .text C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\IPC\AdobeIPCBroker.exe[4320] C:\Windows\syswow64\ADVAPI32.dll!ChangeServiceConfigA 00000000759431f4 3 bytes JMP 00000000761f3f81 .text C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\IPC\AdobeIPCBroker.exe[4320] C:\Windows\syswow64\ADVAPI32.dll!ChangeServiceConfigA + 4 00000000759431f8 1 byte [00] .text C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\IPC\AdobeIPCBroker.exe[4320] C:\Windows\syswow64\ADVAPI32.dll!ChangeServiceConfigW 0000000075943204 3 bytes JMP 00000000761f4019 .text C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\IPC\AdobeIPCBroker.exe[4320] C:\Windows\syswow64\ADVAPI32.dll!ChangeServiceConfigW + 4 0000000075943208 1 byte [00] .text C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\IPC\AdobeIPCBroker.exe[4320] C:\Windows\syswow64\ADVAPI32.dll!ControlServiceExA 0000000075943214 3 bytes JMP 00000000761f3d21 .text C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\IPC\AdobeIPCBroker.exe[4320] C:\Windows\syswow64\ADVAPI32.dll!ControlServiceExA + 4 0000000075943218 1 byte [00] .text C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\IPC\AdobeIPCBroker.exe[4320] C:\Windows\syswow64\ADVAPI32.dll!ControlServiceExW 0000000075943224 3 bytes JMP 00000000761f3db9 .text C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\IPC\AdobeIPCBroker.exe[4320] C:\Windows\syswow64\ADVAPI32.dll!ControlServiceExW + 4 0000000075943228 1 byte [00] .text C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\IPC\AdobeIPCBroker.exe[4320] C:\Windows\syswow64\ADVAPI32.dll!CreateServiceA 0000000075943264 3 bytes JMP 00000000761f4279 .text C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\IPC\AdobeIPCBroker.exe[4320] C:\Windows\syswow64\ADVAPI32.dll!CreateServiceA + 4 0000000075943268 1 byte [00] .text C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\IPC\AdobeIPCBroker.exe[4320] C:\Windows\syswow64\SHELL32.dll!Shell_NotifyIconW 0000000000f90179 5 bytes JMP 00000000761f4d29 .text C:\Program Files\CCleaner\CCleaner64.exe[4432] C:\Windows\system32\kernel32.dll!Process32NextW + 1 0000000077a21b21 11 bytes [B8, B9, DC, 3D, 76, 00, 00, ...] .text C:\Program Files\CCleaner\CCleaner64.exe[4432] C:\Windows\system32\kernel32.dll!CreateToolhelp32Snapshot 0000000077a21c10 12 bytes [48, B8, F9, 39, 3D, 76, 00, ...] .text C:\Program Files\CCleaner\CCleaner64.exe[4432] C:\Windows\system32\kernel32.dll!MoveFileExW + 1 0000000077a22b61 8 bytes [B8, B9, F1, 3D, 76, 00, 00, ...] .text C:\Program Files\CCleaner\CCleaner64.exe[4432] C:\Windows\system32\kernel32.dll!MoveFileExW + 10 0000000077a22b6a 2 bytes [50, C3] .text C:\Program Files\CCleaner\CCleaner64.exe[4432] C:\Windows\system32\kernel32.dll!CreateProcessInternalW 0000000077a3dbc0 12 bytes [48, B8, B9, 2D, 3D, 76, 00, ...] .text C:\Program Files\CCleaner\CCleaner64.exe[4432] C:\Windows\system32\kernel32.dll!GetStartupInfoA + 1 0000000077a40941 2 bytes [B8, 79] .text C:\Program Files\CCleaner\CCleaner64.exe[4432] C:\Windows\system32\kernel32.dll!GetStartupInfoA + 4 0000000077a40944 8 bytes [3E, 76, 00, 00, 00, 00, 50, ...] .text C:\Program Files\CCleaner\CCleaner64.exe[4432] C:\Windows\system32\kernel32.dll!ReadConsoleInputW + 1 0000000077a75331 11 bytes [B8, B9, 7A, 3D, 76, 00, 00, ...] .text C:\Program Files\CCleaner\CCleaner64.exe[4432] C:\Windows\system32\kernel32.dll!ReadConsoleInputA + 1 0000000077a75351 11 bytes [B8, 39, 77, 3D, 76, 00, 00, ...] .text C:\Program Files\CCleaner\CCleaner64.exe[4432] C:\Windows\system32\kernel32.dll!ReadConsoleW 0000000077a8a660 12 bytes [48, B8, B9, 81, 3D, 76, 00, ...] .text C:\Program Files\CCleaner\CCleaner64.exe[4432] C:\Windows\system32\kernel32.dll!ReadConsoleA 0000000077a8a770 12 bytes [48, B8, 39, 7E, 3D, 76, 00, ...] .text C:\Program Files\CCleaner\CCleaner64.exe[4432] C:\Windows\system32\kernel32.dll!MoveFileWithProgressW + 1 0000000077aaf511 11 bytes [B8, B9, F8, 3D, 76, 00, 00, ...] .text C:\Program Files\CCleaner\CCleaner64.exe[4432] C:\Windows\system32\kernel32.dll!MoveFileWithProgressA + 1 0000000077aaf711 11 bytes [B8, 39, F5, 3D, 76, 00, 00, ...] .text C:\Program Files\CCleaner\CCleaner64.exe[4432] C:\Windows\system32\kernel32.dll!MoveFileExA + 1 0000000077aaf741 8 bytes [B8, 39, EE, 3D, 76, 00, 00, ...] .text C:\Program Files\CCleaner\CCleaner64.exe[4432] C:\Windows\system32\kernel32.dll!MoveFileExA + 10 0000000077aaf74a 2 bytes [50, C3] .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[3800] C:\Windows\SysWOW64\ntdll.dll!NtWriteFile 0000000077d3f924 5 bytes JMP 00000001761f8169 .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[3800] C:\Windows\SysWOW64\ntdll.dll!NtClose 0000000077d3f9dc 5 bytes JMP 00000001761f67e1 .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[3800] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationProcess 0000000077d3fb24 5 bytes JMP 00000001761f61f1 .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[3800] C:\Windows\SysWOW64\ntdll.dll!NtQueryInformationToken 0000000077d3fba4 5 bytes JMP 00000001761f7d41 .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[3800] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess 0000000077d3fc1c 5 bytes JMP 00000001761f31d9 .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[3800] C:\Windows\SysWOW64\ntdll.dll!NtMapViewOfSection 0000000077d3fc4c 5 bytes JMP 00000001761f15f1 .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[3800] C:\Windows\SysWOW64\ntdll.dll!NtUnmapViewOfSection 0000000077d3fc7c 5 bytes JMP 00000001761f1689 .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[3800] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 0000000077d3fcac 5 bytes JMP 00000001761f6159 .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[3800] C:\Windows\SysWOW64\ntdll.dll!NtOpenSection 0000000077d3fdc4 5 bytes JMP 00000001761f80d1 .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[3800] C:\Windows\SysWOW64\ntdll.dll!NtWriteVirtualMemory 0000000077d3fe10 5 bytes JMP 00000001761f30a9 .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[3800] C:\Windows\SysWOW64\ntdll.dll!NtDuplicateObject 0000000077d3fe40 5 bytes JMP 00000001761f3309 .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[3800] C:\Windows\SysWOW64\ntdll.dll!NtAdjustPrivilegesToken 0000000077d3febc 5 bytes JMP 00000001761f7161 .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[3800] C:\Windows\SysWOW64\ntdll.dll!NtQueueApcThread 0000000077d3ff20 5 bytes JMP 00000001761f3271 .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[3800] C:\Windows\SysWOW64\ntdll.dll!NtCreateSection 0000000077d3ffa0 5 bytes JMP 00000001761f8201 .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[3800] C:\Windows\SysWOW64\ntdll.dll!NtCreateProcessEx 0000000077d3ffe8 5 bytes JMP 00000001761f2ee1 .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[3800] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread 0000000077d40000 5 bytes JMP 00000001761f2db1 .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[3800] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile 0000000077d400b0 5 bytes JMP 00000001761f1ed9 .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[3800] C:\Windows\SysWOW64\ntdll.dll!NtSetValueKey 0000000077d401c0 5 bytes JMP 00000001761f2301 .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[3800] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant 0000000077d40798 5 bytes JMP 00000001761f8039 .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[3800] C:\Windows\SysWOW64\ntdll.dll!NtCreateProcess 0000000077d40810 5 bytes JMP 00000001761f2e49 .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[3800] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx 0000000077d408a0 5 bytes JMP 00000001761f2d19 .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[3800] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver 0000000077d40df0 5 bytes JMP 00000001761f6879 .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[3800] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessToken 0000000077d410bc 5 bytes JMP 00000001761f7ca9 .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[3800] C:\Windows\SysWOW64\ntdll.dll!NtRaiseHardError 0000000077d41600 5 bytes JMP 00000001761f4ac9 .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[3800] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread 0000000077d4191c 5 bytes JMP 00000001761f3141 .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[3800] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation 0000000077d41be0 5 bytes JMP 00000001761f6911 .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[3800] C:\Windows\SysWOW64\ntdll.dll!NtSuspendProcess 0000000077d41d50 5 bytes JMP 00000001761f3439 .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[3800] C:\Windows\SysWOW64\ntdll.dll!NtSuspendThread 0000000077d41d6c 5 bytes JMP 00000001761f33a1 .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[3800] C:\Windows\SysWOW64\ntdll.dll!NtSystemDebugControl 0000000077d41d88 5 bytes JMP 00000001761f8299 .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[3800] C:\Windows\SysWOW64\ntdll.dll!NtVdmControl 0000000077d41ee4 5 bytes JMP 00000001761f7e71 .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[3800] C:\Windows\SysWOW64\ntdll.dll!RtlQueryPerformanceCounter 0000000077d54924 5 bytes JMP 00000001761f1ab1 .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[3800] C:\Windows\SysWOW64\ntdll.dll!RtlEqualSid 0000000077d60f81 5 bytes JMP 00000001761f7dd9 .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[3800] C:\Windows\SysWOW64\ntdll.dll!RtlCreateProcessParametersEx 0000000077d80edb 5 bytes JMP 00000001761f2009 .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[3800] C:\Windows\SysWOW64\ntdll.dll!RtlReportException 0000000077dc886f 5 bytes JMP 00000001761f4b61 .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[3800] C:\Windows\SysWOW64\ntdll.dll!RtlCreateProcessParameters 0000000077dceb0b 5 bytes JMP 00000001761f1f71 .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[3800] C:\Windows\syswow64\KERNEL32.dll!GetStartupInfoA 0000000077820e00 5 bytes JMP 00000001761f1da9 .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[3800] C:\Windows\syswow64\KERNEL32.dll!CreateProcessA 0000000077821072 5 bytes JMP 00000001761f2a21 .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[3800] C:\Windows\syswow64\KERNEL32.dll!LoadLibraryA 0000000077824977 5 bytes JMP 00000001761f25f9 .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[3800] C:\Windows\syswow64\KERNEL32.dll!CreateProcessInternalW 0000000077833b93 5 bytes JMP 00000001761f3011 .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[3800] C:\Windows\syswow64\KERNEL32.dll!MoveFileWithProgressW 0000000077839a74 5 bytes JMP 00000001761f70c9 .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[3800] C:\Windows\syswow64\KERNEL32.dll!MoveFileExW 0000000077839ad5 5 bytes JMP 00000001761f6e69 .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[3800] C:\Windows\syswow64\KERNEL32.dll!CreateToolhelp32Snapshot 00000000778472f7 5 bytes JMP 00000001761f2729 .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[3800] C:\Windows\syswow64\KERNEL32.dll!Process32NextW 00000000778488aa 5 bytes JMP 00000001761f6749 .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[3800] C:\Windows\syswow64\KERNEL32.dll!MoveFileExA 000000007784ccb1 5 bytes JMP 00000001761f6d39 .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[3800] C:\Windows\syswow64\KERNEL32.dll!MoveFileWithProgressA 000000007784ccd1 5 bytes JMP 00000001761f6f99 .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[3800] C:\Windows\syswow64\KERNEL32.dll!WinExec 00000000778a3041 5 bytes JMP 00000001761f28f1 .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[3800] C:\Windows\syswow64\KERNEL32.dll!ReadConsoleInputA 00000000778c74fb 5 bytes JMP 00000001761f46a1 .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[3800] C:\Windows\syswow64\KERNEL32.dll!ReadConsoleInputW 00000000778c751e 5 bytes JMP 00000001761f47d1 .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[3800] C:\Windows\syswow64\KERNEL32.dll!ReadConsoleA 00000000778c78c9 5 bytes JMP 00000001761f4901 .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[3800] C:\Windows\syswow64\KERNEL32.dll!ReadConsoleW 00000000778c7942 5 bytes JMP 00000001761f4a31 .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[3800] C:\Windows\syswow64\KERNELBASE.dll!GetSystemTimeAsFileTime 0000000075c08f8d 5 bytes JMP 00000000761f1a19 .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[3800] C:\Windows\syswow64\KERNELBASE.dll!CloseHandle 0000000075c0c436 5 bytes JMP 00000000761f3b59 .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[3800] C:\Windows\syswow64\KERNELBASE.dll!DeviceIoControl 0000000075c0d0af 5 bytes JMP 00000000761f71f9 .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[3800] C:\Windows\syswow64\KERNELBASE.dll!WriteProcessMemory 0000000075c0eca6 5 bytes JMP 00000000761f3601 .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[3800] C:\Windows\syswow64\KERNELBASE.dll!ExitProcess 0000000075c0f206 5 bytes JMP 00000000761f2399 .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[3800] C:\Windows\syswow64\KERNELBASE.dll!GetStartupInfoW 0000000075c0fa89 5 bytes JMP 00000000761f1e41 .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[3800] C:\Windows\syswow64\KERNELBASE.dll!DefineDosDeviceW 0000000075c0fbb7 5 bytes JMP 00000000761f6c09 .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[3800] C:\Windows\syswow64\KERNELBASE.dll!CreateMutexW 0000000075c11358 5 bytes JMP 00000000761f3ac1 .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[3800] C:\Windows\syswow64\KERNELBASE.dll!OpenMutexW 0000000075c1137f 5 bytes JMP 00000000761f3a29 .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[3800] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000075c11d29 5 bytes JMP 00000000761f1981 .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[3800] C:\Windows\syswow64\KERNELBASE.dll!GetProcAddress 0000000075c11e15 5 bytes JMP 00000000761f24c9 .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[3800] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000075c12ab1 5 bytes JMP 00000000761f6321 .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[3800] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExA 0000000075c12cd9 5 bytes JMP 00000000761f6289 .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[3800] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000075c12d17 5 bytes JMP 00000000761f63b9 .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[3800] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleA 0000000075c12e7a 5 bytes JMP 00000000761f18e9 .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[3800] C:\Windows\syswow64\KERNELBASE.dll!SleepEx 0000000075c13b70 5 bytes JMP 00000000761f2269 .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[3800] C:\Windows\syswow64\KERNELBASE.dll!Sleep 0000000075c14496 5 bytes JMP 00000000761f2431 .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[3800] C:\Windows\syswow64\KERNELBASE.dll!CreateThread 0000000075c14608 5 bytes JMP 00000000761f3569 .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[3800] C:\Windows\syswow64\KERNELBASE.dll!CreateRemoteThread 0000000075c14631 5 bytes JMP 00000000761f2c81 .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[3800] C:\Windows\syswow64\KERNELBASE.dll!FindNextFileW 0000000075c1a211 5 bytes JMP 00000000761f7329 .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[3800] C:\Windows\syswow64\KERNELBASE.dll!FindFirstFileExW 0000000075c1a4fa 5 bytes JMP 00000000761f7291 .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[3800] C:\Windows\syswow64\KERNELBASE.dll!CreateFileA 0000000075c1c734 5 bytes JMP 00000000761f27c1 .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[3800] C:\Windows\syswow64\KERNELBASE.dll!CreateWellKnownSid 0000000075c1e29d 5 bytes JMP 00000000761f7c11 .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[3800] C:\Windows\syswow64\ADVAPI32.dll!CryptGenKey 0000000075908e89 5 bytes JMP 00000000761f74f1 .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[3800] C:\Windows\syswow64\ADVAPI32.dll!CryptAcquireContextA 0000000075909179 5 bytes JMP 00000000761f73c1 .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[3800] C:\Windows\syswow64\ADVAPI32.dll!CryptExportKey 0000000075909186 5 bytes JMP 00000000761f79b1 .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[3800] C:\Windows\syswow64\ADVAPI32.dll!CryptImportKey 000000007590c4d2 5 bytes JMP 00000000761f7b79 .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[3800] C:\Windows\syswow64\ADVAPI32.dll!OpenServiceW 000000007590c9ec 5 bytes JMP 00000000761f3c89 .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[3800] C:\Windows\syswow64\ADVAPI32.dll!CryptAcquireContextW 000000007590deb4 5 bytes JMP 00000000761f7459 .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[3800] C:\Windows\syswow64\ADVAPI32.dll!CryptHashData 000000007590ded6 5 bytes JMP 00000000761f7ae1 .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[3800] C:\Windows\syswow64\ADVAPI32.dll!CryptCreateHash 000000007590deee 5 bytes JMP 00000000761f7919 .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[3800] C:\Windows\syswow64\ADVAPI32.dll!CryptGetHashParam 000000007590df1e 5 bytes JMP 00000000761f7a49 .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[3800] C:\Windows\syswow64\ADVAPI32.dll!OpenServiceA 0000000075912b70 5 bytes JMP 00000000761f3bf1 .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[3800] C:\Windows\syswow64\ADVAPI32.dll!CloseServiceHandle 000000007591361c 5 bytes JMP 00000000761f40b1 .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[3800] C:\Windows\syswow64\ADVAPI32.dll!RegOpenKeyExA + 222 0000000075914965 5 bytes JMP 00000000761f8331 .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[3800] C:\Windows\syswow64\ADVAPI32.dll!CreateServiceW 00000000759270c4 5 bytes JMP 00000000761f4311 .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[3800] C:\Windows\syswow64\ADVAPI32.dll!ControlService 00000000759270dc 5 bytes JMP 00000000761f3e51 .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[3800] C:\Windows\syswow64\ADVAPI32.dll!DeleteService 00000000759270f4 5 bytes JMP 00000000761f3ee9 .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[3800] C:\Windows\syswow64\ADVAPI32.dll!CryptEncrypt 0000000075927733 5 bytes JMP 00000000761f7589 .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[3800] C:\Windows\syswow64\ADVAPI32.dll!ChangeServiceConfigA 00000000759431f4 3 bytes JMP 00000000761f3f81 .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[3800] C:\Windows\syswow64\ADVAPI32.dll!ChangeServiceConfigA + 4 00000000759431f8 1 byte [00] .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[3800] C:\Windows\syswow64\ADVAPI32.dll!ChangeServiceConfigW 0000000075943204 3 bytes JMP 00000000761f4019 .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[3800] C:\Windows\syswow64\ADVAPI32.dll!ChangeServiceConfigW + 4 0000000075943208 1 byte [00] .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[3800] C:\Windows\syswow64\ADVAPI32.dll!ControlServiceExA 0000000075943214 3 bytes JMP 00000000761f3d21 .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[3800] C:\Windows\syswow64\ADVAPI32.dll!ControlServiceExA + 4 0000000075943218 1 byte [00] .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[3800] C:\Windows\syswow64\ADVAPI32.dll!ControlServiceExW 0000000075943224 3 bytes JMP 00000000761f3db9 .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[3800] C:\Windows\syswow64\ADVAPI32.dll!ControlServiceExW + 4 0000000075943228 1 byte [00] .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[3800] C:\Windows\syswow64\ADVAPI32.dll!CreateServiceA 0000000075943264 3 bytes JMP 00000000761f4279 .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[3800] C:\Windows\syswow64\ADVAPI32.dll!CreateServiceA + 4 0000000075943268 1 byte [00] .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[3800] C:\Windows\syswow64\msvcrt.dll!_lock + 41 000000007571a472 5 bytes JMP 00000000761f83c9 .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[3800] C:\Windows\syswow64\msvcrt.dll!__p__fmode 00000000757227ce 5 bytes JMP 00000000761f1be1 .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[3800] C:\Windows\syswow64\msvcrt.dll!__p__environ 000000007572e6cf 5 bytes JMP 00000000761f1b49 .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[3800] C:\Windows\syswow64\USER32.dll!GetMessageW 0000000076af78e2 5 bytes JMP 00000001761f4441 .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[3800] C:\Windows\syswow64\USER32.dll!GetMessageA 0000000076af7bd3 5 bytes JMP 00000001761f43a9 .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[3800] C:\Windows\syswow64\USER32.dll!CreateWindowExW 0000000076af8a29 5 bytes JMP 00000001761f5909 .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[3800] C:\Windows\syswow64\USER32.dll!FindWindowW 0000000076af98fd 5 bytes JMP 00000001761f6581 .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[3800] C:\Windows\syswow64\USER32.dll!UserClientDllInitialize 0000000076afb6ed 5 bytes JMP 00000001761f8461 .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[3800] C:\Windows\syswow64\USER32.dll!CreateWindowExA 0000000076afd22e 5 bytes JMP 00000001761f59a1 .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[3800] C:\Windows\syswow64\USER32.dll!SetWinEventHook 0000000076afee09 5 bytes JMP 00000001761f34d1 .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[3800] C:\Windows\syswow64\USER32.dll!FindWindowA 0000000076afffe6 5 bytes JMP 00000001761f6451 .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[3800] C:\Windows\syswow64\USER32.dll!FindWindowExA 0000000076b000d9 5 bytes JMP 00000001761f64e9 .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[3800] C:\Windows\syswow64\USER32.dll!PeekMessageW 0000000076b005ba 5 bytes JMP 00000001761f4571 .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[3800] C:\Windows\syswow64\USER32.dll!ShowWindow 0000000076b00dfb 5 bytes JMP 00000001761f5a39 .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[3800] C:\Windows\syswow64\USER32.dll!PostMessageW 0000000076b012a5 5 bytes JMP 00000001761f7fa1 .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[3800] C:\Windows\syswow64\USER32.dll!SetWindowTextW 0000000076b020ec 5 bytes JMP 00000001761f5dc9 .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[3800] C:\Windows\syswow64\USER32.dll!PostMessageA 0000000076b03baa 5 bytes JMP 00000001761f7f09 .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[3800] C:\Windows\syswow64\USER32.dll!PeekMessageA 0000000076b05f74 5 bytes JMP 00000001761f44d9 .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[3800] C:\Windows\syswow64\USER32.dll!CallNextHookEx 0000000076b06285 5 bytes JMP 00000001761f4bf9 .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[3800] C:\Windows\syswow64\USER32.dll!SetWindowsHookExW 0000000076b07603 5 bytes JMP 00000001761f2be9 .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[3800] C:\Windows\syswow64\USER32.dll!SetWindowTextA 0000000076b07aee 5 bytes JMP 00000001761f5d31 .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[3800] C:\Windows\syswow64\USER32.dll!SetWindowsHookExA 0000000076b0835c 5 bytes JMP 00000001761f2b51 .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[3800] C:\Windows\syswow64\USER32.dll!DialogBoxIndirectParamAorW 0000000076b1ce54 5 bytes JMP 00000001761f5b69 .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[3800] C:\Windows\syswow64\USER32.dll!UnhookWindowsHookEx 0000000076b1f52b 5 bytes JMP 00000001761f4c91 .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[3800] C:\Windows\syswow64\USER32.dll!FindWindowExW 0000000076b1f588 5 bytes JMP 00000001761f6619 .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[3800] C:\Windows\syswow64\USER32.dll!CreateDialogIndirectParamAorW 0000000076b210a0 5 bytes JMP 00000001761f5ad1 .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[3800] C:\Windows\syswow64\USER32.dll!MessageBoxExA 0000000076b4fcd6 5 bytes JMP 00000001761f5c01 .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[3800] C:\Windows\syswow64\USER32.dll!MessageBoxExW 0000000076b4fcfa 5 bytes JMP 00000001761f5c99 .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[3800] C:\Windows\syswow64\shell32.dll!Shell_NotifyIconW 0000000000e00179 5 bytes JMP 00000000761f4d29 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe[5072] C:\Windows\SysWOW64\ntdll.dll!NtWriteFile 0000000077d3f924 5 bytes JMP 00000001761f8169 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe[5072] C:\Windows\SysWOW64\ntdll.dll!NtClose 0000000077d3f9dc 5 bytes JMP 00000001761f67e1 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe[5072] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationProcess 0000000077d3fb24 5 bytes JMP 00000001761f61f1 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe[5072] C:\Windows\SysWOW64\ntdll.dll!NtQueryInformationToken 0000000077d3fba4 5 bytes JMP 00000001761f7d41 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe[5072] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess 0000000077d3fc1c 5 bytes JMP 00000001761f31d9 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe[5072] C:\Windows\SysWOW64\ntdll.dll!NtMapViewOfSection 0000000077d3fc4c 5 bytes JMP 00000001761f15f1 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe[5072] C:\Windows\SysWOW64\ntdll.dll!NtUnmapViewOfSection 0000000077d3fc7c 5 bytes JMP 00000001761f1689 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe[5072] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 0000000077d3fcac 5 bytes JMP 00000001761f6159 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe[5072] C:\Windows\SysWOW64\ntdll.dll!NtOpenSection 0000000077d3fdc4 5 bytes JMP 00000001761f80d1 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe[5072] C:\Windows\SysWOW64\ntdll.dll!NtWriteVirtualMemory 0000000077d3fe10 5 bytes JMP 00000001761f30a9 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe[5072] C:\Windows\SysWOW64\ntdll.dll!NtDuplicateObject 0000000077d3fe40 5 bytes JMP 00000001761f3309 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe[5072] C:\Windows\SysWOW64\ntdll.dll!NtAdjustPrivilegesToken 0000000077d3febc 5 bytes JMP 00000001761f7161 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe[5072] C:\Windows\SysWOW64\ntdll.dll!NtQueueApcThread 0000000077d3ff20 5 bytes JMP 00000001761f3271 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe[5072] C:\Windows\SysWOW64\ntdll.dll!NtCreateSection 0000000077d3ffa0 5 bytes JMP 00000001761f8201 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe[5072] C:\Windows\SysWOW64\ntdll.dll!NtCreateProcessEx 0000000077d3ffe8 5 bytes JMP 00000001761f2ee1 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe[5072] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread 0000000077d40000 5 bytes JMP 00000001761f2db1 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe[5072] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile 0000000077d400b0 5 bytes JMP 00000001761f1ed9 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe[5072] C:\Windows\SysWOW64\ntdll.dll!NtSetValueKey 0000000077d401c0 5 bytes JMP 00000001761f2301 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe[5072] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant 0000000077d40798 5 bytes JMP 00000001761f8039 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe[5072] C:\Windows\SysWOW64\ntdll.dll!NtCreateProcess 0000000077d40810 5 bytes JMP 00000001761f2e49 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe[5072] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx 0000000077d408a0 5 bytes JMP 00000001761f2d19 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe[5072] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver 0000000077d40df0 5 bytes JMP 00000001761f6879 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe[5072] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessToken 0000000077d410bc 5 bytes JMP 00000001761f7ca9 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe[5072] C:\Windows\SysWOW64\ntdll.dll!NtRaiseHardError 0000000077d41600 5 bytes JMP 00000001761f4ac9 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe[5072] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread 0000000077d4191c 5 bytes JMP 00000001761f3141 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe[5072] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation 0000000077d41be0 5 bytes JMP 00000001761f6911 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe[5072] C:\Windows\SysWOW64\ntdll.dll!NtSuspendProcess 0000000077d41d50 5 bytes JMP 00000001761f3439 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe[5072] C:\Windows\SysWOW64\ntdll.dll!NtSuspendThread 0000000077d41d6c 5 bytes JMP 00000001761f33a1 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe[5072] C:\Windows\SysWOW64\ntdll.dll!NtSystemDebugControl 0000000077d41d88 5 bytes JMP 00000001761f8299 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe[5072] C:\Windows\SysWOW64\ntdll.dll!NtVdmControl 0000000077d41ee4 5 bytes JMP 00000001761f7e71 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe[5072] C:\Windows\SysWOW64\ntdll.dll!RtlQueryPerformanceCounter 0000000077d54924 5 bytes JMP 00000001761f1ab1 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe[5072] C:\Windows\SysWOW64\ntdll.dll!RtlEqualSid 0000000077d60f81 5 bytes JMP 00000001761f7dd9 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe[5072] C:\Windows\SysWOW64\ntdll.dll!RtlCreateProcessParametersEx 0000000077d80edb 5 bytes JMP 00000001761f2009 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe[5072] C:\Windows\SysWOW64\ntdll.dll!RtlReportException 0000000077dc886f 5 bytes JMP 00000001761f4b61 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe[5072] C:\Windows\SysWOW64\ntdll.dll!RtlCreateProcessParameters 0000000077dceb0b 5 bytes JMP 00000001761f1f71 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe[5072] C:\Windows\syswow64\kernel32.dll!GetStartupInfoA 0000000077820e00 5 bytes JMP 00000001761f1da9 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe[5072] C:\Windows\syswow64\kernel32.dll!CreateProcessA 0000000077821072 5 bytes JMP 00000001761f2a21 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe[5072] C:\Windows\syswow64\kernel32.dll!LoadLibraryA 0000000077824977 5 bytes JMP 00000001761f25f9 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe[5072] C:\Windows\syswow64\kernel32.dll!CreateProcessInternalW 0000000077833b93 5 bytes JMP 00000001761f3011 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe[5072] C:\Windows\syswow64\kernel32.dll!MoveFileWithProgressW 0000000077839a74 5 bytes JMP 00000001761f70c9 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe[5072] C:\Windows\syswow64\kernel32.dll!MoveFileExW 0000000077839ad5 5 bytes JMP 00000001761f6e69 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe[5072] C:\Windows\syswow64\kernel32.dll!CreateToolhelp32Snapshot 00000000778472f7 5 bytes JMP 00000001761f2729 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe[5072] C:\Windows\syswow64\kernel32.dll!Process32NextW 00000000778488aa 5 bytes JMP 00000001761f6749 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe[5072] C:\Windows\syswow64\kernel32.dll!MoveFileExA 000000007784ccb1 5 bytes JMP 00000001761f6d39 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe[5072] C:\Windows\syswow64\kernel32.dll!MoveFileWithProgressA 000000007784ccd1 5 bytes JMP 00000001761f6f99 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe[5072] C:\Windows\syswow64\kernel32.dll!WinExec 00000000778a3041 5 bytes JMP 00000001761f28f1 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe[5072] C:\Windows\syswow64\kernel32.dll!ReadConsoleInputA 00000000778c74fb 5 bytes JMP 00000001761f46a1 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe[5072] C:\Windows\syswow64\kernel32.dll!ReadConsoleInputW 00000000778c751e 5 bytes JMP 00000001761f47d1 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe[5072] C:\Windows\syswow64\kernel32.dll!ReadConsoleA 00000000778c78c9 5 bytes JMP 00000001761f4901 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe[5072] C:\Windows\syswow64\kernel32.dll!ReadConsoleW 00000000778c7942 5 bytes JMP 00000001761f4a31 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe[5072] C:\Windows\syswow64\KERNELBASE.dll!GetSystemTimeAsFileTime 0000000075c08f8d 5 bytes JMP 00000000761f1a19 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe[5072] C:\Windows\syswow64\KERNELBASE.dll!CloseHandle 0000000075c0c436 5 bytes JMP 00000000761f3b59 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe[5072] C:\Windows\syswow64\KERNELBASE.dll!DeviceIoControl 0000000075c0d0af 5 bytes JMP 00000000761f71f9 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe[5072] C:\Windows\syswow64\KERNELBASE.dll!WriteProcessMemory 0000000075c0eca6 5 bytes JMP 00000000761f3601 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe[5072] C:\Windows\syswow64\KERNELBASE.dll!ExitProcess 0000000075c0f206 5 bytes JMP 00000000761f2399 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe[5072] C:\Windows\syswow64\KERNELBASE.dll!GetStartupInfoW 0000000075c0fa89 5 bytes JMP 00000000761f1e41 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe[5072] C:\Windows\syswow64\KERNELBASE.dll!DefineDosDeviceW 0000000075c0fbb7 5 bytes JMP 00000000761f6c09 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe[5072] C:\Windows\syswow64\KERNELBASE.dll!CreateMutexW 0000000075c11358 5 bytes JMP 00000000761f3ac1 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe[5072] C:\Windows\syswow64\KERNELBASE.dll!OpenMutexW 0000000075c1137f 5 bytes JMP 00000000761f3a29 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe[5072] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000075c11d29 5 bytes JMP 00000000761f1981 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe[5072] C:\Windows\syswow64\KERNELBASE.dll!GetProcAddress 0000000075c11e15 5 bytes JMP 00000000761f24c9 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe[5072] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000075c12ab1 5 bytes JMP 00000000761f6321 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe[5072] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExA 0000000075c12cd9 5 bytes JMP 00000000761f6289 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe[5072] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000075c12d17 5 bytes JMP 00000000761f63b9 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe[5072] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleA 0000000075c12e7a 5 bytes JMP 00000000761f18e9 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe[5072] C:\Windows\syswow64\KERNELBASE.dll!SleepEx 0000000075c13b70 5 bytes JMP 00000000761f2269 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe[5072] C:\Windows\syswow64\KERNELBASE.dll!Sleep 0000000075c14496 5 bytes JMP 00000000761f2431 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe[5072] C:\Windows\syswow64\KERNELBASE.dll!CreateThread 0000000075c14608 5 bytes JMP 00000000761f3569 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe[5072] C:\Windows\syswow64\KERNELBASE.dll!CreateRemoteThread 0000000075c14631 5 bytes JMP 00000000761f2c81 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe[5072] C:\Windows\syswow64\KERNELBASE.dll!FindNextFileW 0000000075c1a211 5 bytes JMP 00000000761f7329 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe[5072] C:\Windows\syswow64\KERNELBASE.dll!FindFirstFileExW 0000000075c1a4fa 5 bytes JMP 00000000761f7291 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe[5072] C:\Windows\syswow64\KERNELBASE.dll!CreateFileA 0000000075c1c734 5 bytes JMP 00000000761f27c1 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe[5072] C:\Windows\syswow64\KERNELBASE.dll!CreateWellKnownSid 0000000075c1e29d 5 bytes JMP 00000000761f7c11 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe[5072] C:\Windows\syswow64\msvcrt.dll!_lock + 41 000000007571a472 5 bytes JMP 00000000761f8331 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe[5072] C:\Windows\syswow64\msvcrt.dll!__p__fmode 00000000757227ce 5 bytes JMP 00000000761f1be1 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe[5072] C:\Windows\syswow64\msvcrt.dll!__p__environ 000000007572e6cf 5 bytes JMP 00000000761f1b49 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe[5072] C:\Windows\syswow64\ADVAPI32.dll!CryptGenKey 0000000075908e89 5 bytes JMP 00000000761f74f1 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe[5072] C:\Windows\syswow64\ADVAPI32.dll!CryptAcquireContextA 0000000075909179 5 bytes JMP 00000000761f73c1 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe[5072] C:\Windows\syswow64\ADVAPI32.dll!CryptExportKey 0000000075909186 5 bytes JMP 00000000761f79b1 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe[5072] C:\Windows\syswow64\ADVAPI32.dll!CryptImportKey 000000007590c4d2 5 bytes JMP 00000000761f7b79 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe[5072] C:\Windows\syswow64\ADVAPI32.dll!OpenServiceW 000000007590c9ec 5 bytes JMP 00000000761f3c89 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe[5072] C:\Windows\syswow64\ADVAPI32.dll!CryptAcquireContextW 000000007590deb4 5 bytes JMP 00000000761f7459 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe[5072] C:\Windows\syswow64\ADVAPI32.dll!CryptHashData 000000007590ded6 5 bytes JMP 00000000761f7ae1 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe[5072] C:\Windows\syswow64\ADVAPI32.dll!CryptCreateHash 000000007590deee 5 bytes JMP 00000000761f7919 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe[5072] C:\Windows\syswow64\ADVAPI32.dll!CryptGetHashParam 000000007590df1e 5 bytes JMP 00000000761f7a49 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe[5072] C:\Windows\syswow64\ADVAPI32.dll!OpenServiceA 0000000075912b70 5 bytes JMP 00000000761f3bf1 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe[5072] C:\Windows\syswow64\ADVAPI32.dll!CloseServiceHandle 000000007591361c 5 bytes JMP 00000000761f40b1 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe[5072] C:\Windows\syswow64\ADVAPI32.dll!RegOpenKeyExA + 222 0000000075914965 5 bytes JMP 00000000761f83c9 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe[5072] C:\Windows\syswow64\ADVAPI32.dll!CreateServiceW 00000000759270c4 5 bytes JMP 00000000761f4311 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe[5072] C:\Windows\syswow64\ADVAPI32.dll!ControlService 00000000759270dc 5 bytes JMP 00000000761f3e51 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe[5072] C:\Windows\syswow64\ADVAPI32.dll!DeleteService 00000000759270f4 5 bytes JMP 00000000761f3ee9 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe[5072] C:\Windows\syswow64\ADVAPI32.dll!CryptEncrypt 0000000075927733 5 bytes JMP 00000000761f7589 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe[5072] C:\Windows\syswow64\ADVAPI32.dll!ChangeServiceConfigA 00000000759431f4 3 bytes JMP 00000000761f3f81 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe[5072] C:\Windows\syswow64\ADVAPI32.dll!ChangeServiceConfigA + 4 00000000759431f8 1 byte [00] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe[5072] C:\Windows\syswow64\ADVAPI32.dll!ChangeServiceConfigW 0000000075943204 3 bytes JMP 00000000761f4019 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe[5072] C:\Windows\syswow64\ADVAPI32.dll!ChangeServiceConfigW + 4 0000000075943208 1 byte [00] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe[5072] C:\Windows\syswow64\ADVAPI32.dll!ControlServiceExA 0000000075943214 3 bytes JMP 00000000761f3d21 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe[5072] C:\Windows\syswow64\ADVAPI32.dll!ControlServiceExA + 4 0000000075943218 1 byte [00] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe[5072] C:\Windows\syswow64\ADVAPI32.dll!ControlServiceExW 0000000075943224 3 bytes JMP 00000000761f3db9 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe[5072] C:\Windows\syswow64\ADVAPI32.dll!ControlServiceExW + 4 0000000075943228 1 byte [00] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe[5072] C:\Windows\syswow64\ADVAPI32.dll!CreateServiceA 0000000075943264 3 bytes JMP 00000000761f4279 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe[5072] C:\Windows\syswow64\ADVAPI32.dll!CreateServiceA + 4 0000000075943268 1 byte [00] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe[5072] C:\Windows\syswow64\USER32.dll!GetMessageW 0000000076af78e2 5 bytes JMP 00000001761f4441 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe[5072] C:\Windows\syswow64\USER32.dll!GetMessageA 0000000076af7bd3 5 bytes JMP 00000001761f43a9 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe[5072] C:\Windows\syswow64\USER32.dll!CreateWindowExW 0000000076af8a29 5 bytes JMP 00000001761f5909 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe[5072] C:\Windows\syswow64\USER32.dll!FindWindowW 0000000076af98fd 5 bytes JMP 00000001761f6581 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe[5072] C:\Windows\syswow64\USER32.dll!UserClientDllInitialize 0000000076afb6ed 5 bytes JMP 00000001761f8461 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe[5072] C:\Windows\syswow64\USER32.dll!CreateWindowExA 0000000076afd22e 5 bytes JMP 00000001761f59a1 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe[5072] C:\Windows\syswow64\USER32.dll!SetWinEventHook 0000000076afee09 5 bytes JMP 00000001761f34d1 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe[5072] C:\Windows\syswow64\USER32.dll!FindWindowA 0000000076afffe6 5 bytes JMP 00000001761f6451 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe[5072] C:\Windows\syswow64\USER32.dll!FindWindowExA 0000000076b000d9 5 bytes JMP 00000001761f64e9 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe[5072] C:\Windows\syswow64\USER32.dll!PeekMessageW 0000000076b005ba 5 bytes JMP 00000001761f4571 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe[5072] C:\Windows\syswow64\USER32.dll!ShowWindow 0000000076b00dfb 5 bytes JMP 00000001761f5a39 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe[5072] C:\Windows\syswow64\USER32.dll!PostMessageW 0000000076b012a5 5 bytes JMP 00000001761f7fa1 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe[5072] C:\Windows\syswow64\USER32.dll!SetWindowTextW 0000000076b020ec 5 bytes JMP 00000001761f5dc9 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe[5072] C:\Windows\syswow64\USER32.dll!PostMessageA 0000000076b03baa 5 bytes JMP 00000001761f7f09 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe[5072] C:\Windows\syswow64\USER32.dll!PeekMessageA 0000000076b05f74 5 bytes JMP 00000001761f44d9 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe[5072] C:\Windows\syswow64\USER32.dll!CallNextHookEx 0000000076b06285 5 bytes JMP 00000001761f4bf9 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe[5072] C:\Windows\syswow64\USER32.dll!SetWindowsHookExW 0000000076b07603 5 bytes JMP 00000001761f2be9 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe[5072] C:\Windows\syswow64\USER32.dll!SetWindowTextA 0000000076b07aee 5 bytes JMP 00000001761f5d31 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe[5072] C:\Windows\syswow64\USER32.dll!SetWindowsHookExA 0000000076b0835c 5 bytes JMP 00000001761f2b51 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe[5072] C:\Windows\syswow64\USER32.dll!DialogBoxIndirectParamAorW 0000000076b1ce54 5 bytes JMP 00000001761f5b69 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe[5072] C:\Windows\syswow64\USER32.dll!UnhookWindowsHookEx 0000000076b1f52b 5 bytes JMP 00000001761f4c91 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe[5072] C:\Windows\syswow64\USER32.dll!FindWindowExW 0000000076b1f588 5 bytes JMP 00000001761f6619 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe[5072] C:\Windows\syswow64\USER32.dll!CreateDialogIndirectParamAorW 0000000076b210a0 5 bytes JMP 00000001761f5ad1 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe[5072] C:\Windows\syswow64\USER32.dll!MessageBoxExA 0000000076b4fcd6 5 bytes JMP 00000001761f5c01 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe[5072] C:\Windows\syswow64\USER32.dll!MessageBoxExW 0000000076b4fcfa 5 bytes JMP 00000001761f5c99 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[1324] C:\Windows\SysWOW64\ntdll.dll!NtWriteFile 0000000077d3f924 5 bytes JMP 00000001761f8169 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[1324] C:\Windows\SysWOW64\ntdll.dll!NtClose 0000000077d3f9dc 5 bytes JMP 00000001761f67e1 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[1324] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationProcess 0000000077d3fb24 5 bytes JMP 00000001761f61f1 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[1324] C:\Windows\SysWOW64\ntdll.dll!NtQueryInformationToken 0000000077d3fba4 5 bytes JMP 00000001761f7d41 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[1324] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess 0000000077d3fc1c 5 bytes JMP 00000001761f31d9 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[1324] C:\Windows\SysWOW64\ntdll.dll!NtMapViewOfSection 0000000077d3fc4c 5 bytes JMP 00000001761f15f1 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[1324] C:\Windows\SysWOW64\ntdll.dll!NtUnmapViewOfSection 0000000077d3fc7c 5 bytes JMP 00000001761f1689 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[1324] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 0000000077d3fcac 5 bytes JMP 00000001761f6159 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[1324] C:\Windows\SysWOW64\ntdll.dll!NtOpenSection 0000000077d3fdc4 5 bytes JMP 00000001761f80d1 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[1324] C:\Windows\SysWOW64\ntdll.dll!NtWriteVirtualMemory 0000000077d3fe10 5 bytes JMP 00000001761f30a9 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[1324] C:\Windows\SysWOW64\ntdll.dll!NtDuplicateObject 0000000077d3fe40 5 bytes JMP 00000001761f3309 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[1324] C:\Windows\SysWOW64\ntdll.dll!NtAdjustPrivilegesToken 0000000077d3febc 5 bytes JMP 00000001761f7161 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[1324] C:\Windows\SysWOW64\ntdll.dll!NtQueueApcThread 0000000077d3ff20 5 bytes JMP 00000001761f3271 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[1324] C:\Windows\SysWOW64\ntdll.dll!NtCreateSection 0000000077d3ffa0 5 bytes JMP 00000001761f8201 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[1324] C:\Windows\SysWOW64\ntdll.dll!NtCreateProcessEx 0000000077d3ffe8 5 bytes JMP 00000001761f2ee1 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[1324] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread 0000000077d40000 5 bytes JMP 00000001761f2db1 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[1324] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile 0000000077d400b0 5 bytes JMP 00000001761f1ed9 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[1324] C:\Windows\SysWOW64\ntdll.dll!NtSetValueKey 0000000077d401c0 5 bytes JMP 00000001761f2301 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[1324] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant 0000000077d40798 5 bytes JMP 00000001761f8039 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[1324] C:\Windows\SysWOW64\ntdll.dll!NtCreateProcess 0000000077d40810 5 bytes JMP 00000001761f2e49 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[1324] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx 0000000077d408a0 5 bytes JMP 00000001761f2d19 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[1324] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver 0000000077d40df0 5 bytes JMP 00000001761f6879 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[1324] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessToken 0000000077d410bc 5 bytes JMP 00000001761f7ca9 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[1324] C:\Windows\SysWOW64\ntdll.dll!NtRaiseHardError 0000000077d41600 5 bytes JMP 00000001761f4ac9 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[1324] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread 0000000077d4191c 5 bytes JMP 00000001761f3141 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[1324] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation 0000000077d41be0 5 bytes JMP 00000001761f6911 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[1324] C:\Windows\SysWOW64\ntdll.dll!NtSuspendProcess 0000000077d41d50 5 bytes JMP 00000001761f3439 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[1324] C:\Windows\SysWOW64\ntdll.dll!NtSuspendThread 0000000077d41d6c 5 bytes JMP 00000001761f33a1 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[1324] C:\Windows\SysWOW64\ntdll.dll!NtSystemDebugControl 0000000077d41d88 5 bytes JMP 00000001761f8299 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[1324] C:\Windows\SysWOW64\ntdll.dll!NtVdmControl 0000000077d41ee4 5 bytes JMP 00000001761f7e71 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[1324] C:\Windows\SysWOW64\ntdll.dll!RtlQueryPerformanceCounter 0000000077d54924 5 bytes JMP 00000001761f1ab1 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[1324] C:\Windows\SysWOW64\ntdll.dll!RtlEqualSid 0000000077d60f81 5 bytes JMP 00000001761f7dd9 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[1324] C:\Windows\SysWOW64\ntdll.dll!RtlCreateProcessParametersEx 0000000077d80edb 5 bytes JMP 00000001761f2009 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[1324] C:\Windows\SysWOW64\ntdll.dll!RtlReportException 0000000077dc886f 5 bytes JMP 00000001761f4b61 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[1324] C:\Windows\SysWOW64\ntdll.dll!RtlCreateProcessParameters 0000000077dceb0b 5 bytes JMP 00000001761f1f71 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[1324] C:\Windows\syswow64\kernel32.dll!GetStartupInfoA 0000000077820e00 5 bytes JMP 00000001761f1da9 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[1324] C:\Windows\syswow64\kernel32.dll!CreateProcessA 0000000077821072 5 bytes JMP 00000001761f2a21 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[1324] C:\Windows\syswow64\kernel32.dll!LoadLibraryA 0000000077824977 5 bytes JMP 00000001761f25f9 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[1324] C:\Windows\syswow64\kernel32.dll!CreateProcessInternalW 0000000077833b93 5 bytes JMP 00000001761f3011 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[1324] C:\Windows\syswow64\kernel32.dll!MoveFileWithProgressW 0000000077839a74 5 bytes JMP 00000001761f70c9 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[1324] C:\Windows\syswow64\kernel32.dll!MoveFileExW 0000000077839ad5 5 bytes JMP 00000001761f6e69 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[1324] C:\Windows\syswow64\kernel32.dll!CreateToolhelp32Snapshot 00000000778472f7 5 bytes JMP 00000001761f2729 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[1324] C:\Windows\syswow64\kernel32.dll!Process32NextW 00000000778488aa 5 bytes JMP 00000001761f6749 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[1324] C:\Windows\syswow64\kernel32.dll!MoveFileExA 000000007784ccb1 5 bytes JMP 00000001761f6d39 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[1324] C:\Windows\syswow64\kernel32.dll!MoveFileWithProgressA 000000007784ccd1 5 bytes JMP 00000001761f6f99 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[1324] C:\Windows\syswow64\kernel32.dll!WinExec 00000000778a3041 5 bytes JMP 00000001761f28f1 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[1324] C:\Windows\syswow64\kernel32.dll!ReadConsoleInputA 00000000778c74fb 5 bytes JMP 00000001761f46a1 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[1324] C:\Windows\syswow64\kernel32.dll!ReadConsoleInputW 00000000778c751e 5 bytes JMP 00000001761f47d1 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[1324] C:\Windows\syswow64\kernel32.dll!ReadConsoleA 00000000778c78c9 5 bytes JMP 00000001761f4901 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[1324] C:\Windows\syswow64\kernel32.dll!ReadConsoleW 00000000778c7942 5 bytes JMP 00000001761f4a31 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[1324] C:\Windows\syswow64\KERNELBASE.dll!GetSystemTimeAsFileTime 0000000075c08f8d 5 bytes JMP 00000000761f1a19 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[1324] C:\Windows\syswow64\KERNELBASE.dll!CloseHandle 0000000075c0c436 5 bytes JMP 00000000761f3b59 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[1324] C:\Windows\syswow64\KERNELBASE.dll!DeviceIoControl 0000000075c0d0af 5 bytes JMP 00000000761f71f9 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[1324] C:\Windows\syswow64\KERNELBASE.dll!WriteProcessMemory 0000000075c0eca6 5 bytes JMP 00000000761f3601 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[1324] C:\Windows\syswow64\KERNELBASE.dll!ExitProcess 0000000075c0f206 5 bytes JMP 00000000761f2399 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[1324] C:\Windows\syswow64\KERNELBASE.dll!GetStartupInfoW 0000000075c0fa89 5 bytes JMP 00000000761f1e41 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[1324] C:\Windows\syswow64\KERNELBASE.dll!DefineDosDeviceW 0000000075c0fbb7 5 bytes JMP 00000000761f6c09 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[1324] C:\Windows\syswow64\KERNELBASE.dll!CreateMutexW 0000000075c11358 5 bytes JMP 00000000761f3ac1 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[1324] C:\Windows\syswow64\KERNELBASE.dll!OpenMutexW 0000000075c1137f 5 bytes JMP 00000000761f3a29 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[1324] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000075c11d29 5 bytes JMP 00000000761f1981 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[1324] C:\Windows\syswow64\KERNELBASE.dll!GetProcAddress 0000000075c11e15 5 bytes JMP 00000000761f24c9 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[1324] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000075c12ab1 5 bytes JMP 00000000761f6321 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[1324] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExA 0000000075c12cd9 5 bytes JMP 00000000761f6289 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[1324] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000075c12d17 5 bytes JMP 00000000761f63b9 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[1324] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleA 0000000075c12e7a 5 bytes JMP 00000000761f18e9 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[1324] C:\Windows\syswow64\KERNELBASE.dll!SleepEx 0000000075c13b70 5 bytes JMP 00000000761f2269 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[1324] C:\Windows\syswow64\KERNELBASE.dll!Sleep 0000000075c14496 5 bytes JMP 00000000761f2431 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[1324] C:\Windows\syswow64\KERNELBASE.dll!CreateThread 0000000075c14608 5 bytes JMP 00000000761f3569 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[1324] C:\Windows\syswow64\KERNELBASE.dll!CreateRemoteThread 0000000075c14631 5 bytes JMP 00000000761f2c81 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[1324] C:\Windows\syswow64\KERNELBASE.dll!FindNextFileW 0000000075c1a211 5 bytes JMP 00000000761f7329 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[1324] C:\Windows\syswow64\KERNELBASE.dll!FindFirstFileExW 0000000075c1a4fa 5 bytes JMP 00000000761f7291 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[1324] C:\Windows\syswow64\KERNELBASE.dll!CreateFileA 0000000075c1c734 5 bytes JMP 00000000761f27c1 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[1324] C:\Windows\syswow64\KERNELBASE.dll!CreateWellKnownSid 0000000075c1e29d 5 bytes JMP 00000000761f7c11 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[1324] C:\Windows\syswow64\msvcrt.dll!_lock + 41 000000007571a472 5 bytes JMP 00000000761f83c9 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[1324] C:\Windows\syswow64\msvcrt.dll!__p__fmode 00000000757227ce 5 bytes JMP 00000000761f1be1 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[1324] C:\Windows\syswow64\msvcrt.dll!__p__environ 000000007572e6cf 5 bytes JMP 00000000761f1b49 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[1324] C:\Windows\syswow64\ADVAPI32.dll!CryptGenKey 0000000075908e89 5 bytes JMP 00000000761f74f1 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[1324] C:\Windows\syswow64\ADVAPI32.dll!CryptAcquireContextA 0000000075909179 5 bytes JMP 00000000761f73c1 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[1324] C:\Windows\syswow64\ADVAPI32.dll!CryptExportKey 0000000075909186 5 bytes JMP 00000000761f79b1 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[1324] C:\Windows\syswow64\ADVAPI32.dll!CryptImportKey 000000007590c4d2 5 bytes JMP 00000000761f7b79 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[1324] C:\Windows\syswow64\ADVAPI32.dll!OpenServiceW 000000007590c9ec 5 bytes JMP 00000000761f3c89 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[1324] C:\Windows\syswow64\ADVAPI32.dll!CryptAcquireContextW 000000007590deb4 5 bytes JMP 00000000761f7459 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[1324] C:\Windows\syswow64\ADVAPI32.dll!CryptHashData 000000007590ded6 5 bytes JMP 00000000761f7ae1 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[1324] C:\Windows\syswow64\ADVAPI32.dll!CryptCreateHash 000000007590deee 5 bytes JMP 00000000761f7919 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[1324] C:\Windows\syswow64\ADVAPI32.dll!CryptGetHashParam 000000007590df1e 5 bytes JMP 00000000761f7a49 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[1324] C:\Windows\syswow64\ADVAPI32.dll!OpenServiceA 0000000075912b70 5 bytes JMP 00000000761f3bf1 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[1324] C:\Windows\syswow64\ADVAPI32.dll!CloseServiceHandle 000000007591361c 5 bytes JMP 00000000761f40b1 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[1324] C:\Windows\syswow64\ADVAPI32.dll!RegOpenKeyExA + 222 0000000075914965 5 bytes JMP 00000000761f8461 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[1324] C:\Windows\syswow64\ADVAPI32.dll!CreateServiceW 00000000759270c4 5 bytes JMP 00000000761f4311 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[1324] C:\Windows\syswow64\ADVAPI32.dll!ControlService 00000000759270dc 5 bytes JMP 00000000761f3e51 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[1324] C:\Windows\syswow64\ADVAPI32.dll!DeleteService 00000000759270f4 5 bytes JMP 00000000761f3ee9 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[1324] C:\Windows\syswow64\ADVAPI32.dll!CryptEncrypt 0000000075927733 5 bytes JMP 00000000761f7589 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[1324] C:\Windows\syswow64\ADVAPI32.dll!ChangeServiceConfigA 00000000759431f4 3 bytes JMP 00000000761f3f81 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[1324] C:\Windows\syswow64\ADVAPI32.dll!ChangeServiceConfigA + 4 00000000759431f8 1 byte [00] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[1324] C:\Windows\syswow64\ADVAPI32.dll!ChangeServiceConfigW 0000000075943204 3 bytes JMP 00000000761f4019 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[1324] C:\Windows\syswow64\ADVAPI32.dll!ChangeServiceConfigW + 4 0000000075943208 1 byte [00] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[1324] C:\Windows\syswow64\ADVAPI32.dll!ControlServiceExA 0000000075943214 3 bytes JMP 00000000761f3d21 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[1324] C:\Windows\syswow64\ADVAPI32.dll!ControlServiceExA + 4 0000000075943218 1 byte [00] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[1324] C:\Windows\syswow64\ADVAPI32.dll!ControlServiceExW 0000000075943224 3 bytes JMP 00000000761f3db9 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[1324] C:\Windows\syswow64\ADVAPI32.dll!ControlServiceExW + 4 0000000075943228 1 byte [00] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[1324] C:\Windows\syswow64\ADVAPI32.dll!CreateServiceA 0000000075943264 3 bytes JMP 00000000761f4279 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[1324] C:\Windows\syswow64\ADVAPI32.dll!CreateServiceA + 4 0000000075943268 1 byte [00] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[1324] C:\Windows\syswow64\WS2_32.dll!closesocket 0000000076c93918 5 bytes JMP 00000001761f60c1 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[1324] C:\Windows\syswow64\WS2_32.dll!WSASocketW 0000000076c93cd3 5 bytes JMP 00000001761f6029 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[1324] C:\Windows\syswow64\WS2_32.dll!socket 0000000076c93eb8 5 bytes JMP 00000001761f7621 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[1324] C:\Windows\syswow64\WS2_32.dll!WSASend 0000000076c94406 5 bytes JMP 00000001761f2139 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[1324] C:\Windows\syswow64\WS2_32.dll!GetAddrInfoW 0000000076c94889 5 bytes JMP 00000001761f5741 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[1324] C:\Windows\syswow64\WS2_32.dll!recv 0000000076c96b0e 5 bytes JMP 00000001761f77e9 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[1324] C:\Windows\syswow64\WS2_32.dll!connect 0000000076c96bdd 1 byte JMP 00000001761f41e1 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[1324] C:\Windows\syswow64\WS2_32.dll!connect + 2 0000000076c96bdf 3 bytes {CALL RBP} .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[1324] C:\Windows\syswow64\WS2_32.dll!send 0000000076c96f01 5 bytes JMP 00000001761f20a1 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[1324] C:\Windows\syswow64\WS2_32.dll!WSARecv 0000000076c97089 5 bytes JMP 00000001761f7881 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[1324] C:\Windows\syswow64\WS2_32.dll!WSAConnect 0000000076c9cc3f 5 bytes JMP 00000001761f7751 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[1324] C:\Windows\syswow64\WS2_32.dll!GetAddrInfoExW 0000000076c9d1ea 5 bytes JMP 00000001761f57d9 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[1324] C:\Windows\syswow64\WS2_32.dll!gethostbyname 0000000076ca7673 5 bytes JMP 00000001761f5871 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[1324] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000076d61401 2 bytes JMP 7784b1ef C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[1324] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000076d61419 2 bytes JMP 7784b31a C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[1324] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000076d61431 2 bytes JMP 778c8f09 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[1324] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000076d6144a 2 bytes CALL 77824885 C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[1324] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000076d614dd 2 bytes JMP 778c8802 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[1324] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000076d614f5 2 bytes JMP 778c89d8 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[1324] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000076d6150d 2 bytes JMP 778c86f8 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[1324] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000076d61525 2 bytes JMP 778c8ac2 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[1324] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000076d6153d 2 bytes JMP 7783fc78 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[1324] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000076d61555 2 bytes JMP 778468bf C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[1324] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000076d6156d 2 bytes JMP 778c8fc1 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[1324] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000076d61585 2 bytes JMP 778c8b22 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[1324] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000076d6159d 2 bytes JMP 778c86bc C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[1324] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000076d615b5 2 bytes JMP 7783fd11 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[1324] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000076d615cd 2 bytes JMP 7784b2b0 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[1324] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000076d616b2 2 bytes JMP 778c8e84 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[1324] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000076d616bd 2 bytes JMP 778c8651 C:\Windows\syswow64\kernel32.dll .text C:\Windows\System32\svchost.exe[3244] C:\Windows\SYSTEM32\ntdll.dll!RtlEqualSid + 1 0000000077b68611 11 bytes [B8, 39, 03, 3E, 76, 00, 00, ...] .text C:\Windows\System32\svchost.exe[3244] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateProcessParametersEx + 1 0000000077b76741 7 bytes [B8, 39, 69, 3D, 76, 00, 00] .text C:\Windows\System32\svchost.exe[3244] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateProcessParametersEx + 10 0000000077b7674a 2 bytes [50, C3] .text C:\Windows\System32\svchost.exe[3244] C:\Windows\SYSTEM32\ntdll.dll!NtWriteFile 0000000077b8dc50 6 bytes [48, B8, F9, 0B, 3E, 76] .text C:\Windows\System32\svchost.exe[3244] C:\Windows\SYSTEM32\ntdll.dll!NtWriteFile + 8 0000000077b8dc58 4 bytes [00, 00, 50, C3] .text C:\Windows\System32\svchost.exe[3244] C:\Windows\SYSTEM32\ntdll.dll!NtClose 0000000077b8dcc0 6 bytes [48, B8, 79, C2, 3D, 76] .text C:\Windows\System32\svchost.exe[3244] C:\Windows\SYSTEM32\ntdll.dll!NtClose + 8 0000000077b8dcc8 4 bytes [00, 00, 50, C3] .text C:\Windows\System32\svchost.exe[3244] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess 0000000077b8dd90 6 bytes [48, B8, 39, AF, 3D, 76] .text C:\Windows\System32\svchost.exe[3244] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess + 8 0000000077b8dd98 4 bytes [00, 00, 50, C3] .text C:\Windows\System32\svchost.exe[3244] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationToken 0000000077b8dde0 6 bytes [48, B8, 79, 01, 3E, 76] .text C:\Windows\System32\svchost.exe[3244] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationToken + 8 0000000077b8dde8 4 bytes [00, 00, 50, C3] .text C:\Windows\System32\svchost.exe[3244] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077b8de30 6 bytes [48, B8, F9, 32, 3D, 76] .text C:\Windows\System32\svchost.exe[3244] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess + 8 0000000077b8de38 4 bytes [00, 00, 50, C3] .text C:\Windows\System32\svchost.exe[3244] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 0000000077b8de50 6 bytes [48, B8, 39, 1C, 3D, 76] .text C:\Windows\System32\svchost.exe[3244] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection + 8 0000000077b8de58 4 bytes [00, 00, 50, C3] .text C:\Windows\System32\svchost.exe[3244] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection 0000000077b8de70 6 bytes [48, B8, F9, 1D, 3D, 76] .text C:\Windows\System32\svchost.exe[3244] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection + 8 0000000077b8de78 4 bytes [00, 00, 50, C3] .text C:\Windows\System32\svchost.exe[3244] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077b8de90 6 bytes [48, B8, 79, AD, 3D, 76] .text C:\Windows\System32\svchost.exe[3244] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess + 8 0000000077b8de98 4 bytes [00, 00, 50, C3] .text C:\Windows\System32\svchost.exe[3244] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077b8df40 6 bytes [48, B8, 39, 0A, 3E, 76] .text C:\Windows\System32\svchost.exe[3244] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection + 8 0000000077b8df48 4 bytes [00, 00, 50, C3] .text C:\Windows\System32\svchost.exe[3244] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077b8df70 6 bytes [48, B8, 79, 2F, 3D, 76] .text C:\Windows\System32\svchost.exe[3244] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory + 8 0000000077b8df78 4 bytes [00, 00, 50, C3] .text C:\Windows\System32\svchost.exe[3244] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077b8df90 6 bytes [48, B8, 79, 36, 3D, 76] .text C:\Windows\System32\svchost.exe[3244] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject + 8 0000000077b8df98 4 bytes [00, 00, 50, C3] .text C:\Windows\System32\svchost.exe[3244] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 0000000077b8e020 6 bytes [48, B8, B9, 34, 3D, 76] .text C:\Windows\System32\svchost.exe[3244] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread + 8 0000000077b8e028 4 bytes [00, 00, 50, C3] .text C:\Windows\System32\svchost.exe[3244] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077b8e070 6 bytes [48, B8, B9, 0D, 3E, 76] .text C:\Windows\System32\svchost.exe[3244] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection + 8 0000000077b8e078 4 bytes [00, 00, 50, C3] .text C:\Windows\System32\svchost.exe[3244] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcessEx 0000000077b8e0a0 6 bytes [48, B8, 39, 2A, 3D, 76] .text C:\Windows\System32\svchost.exe[3244] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcessEx + 8 0000000077b8e0a8 4 bytes [00, 00, 50, C3] .text C:\Windows\System32\svchost.exe[3244] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077b8e0b0 6 bytes [48, B8, B9, 26, 3D, 76] .text C:\Windows\System32\svchost.exe[3244] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread + 8 0000000077b8e0b8 4 bytes [00, 00, 50, C3] .text C:\Windows\System32\svchost.exe[3244] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 0000000077b8e120 6 bytes [48, B8, 79, DE, 3D, 76] .text C:\Windows\System32\svchost.exe[3244] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile + 8 0000000077b8e128 4 bytes [00, 00, 50, C3] .text C:\Windows\System32\svchost.exe[3244] C:\Windows\SYSTEM32\ntdll.dll!NtSetValueKey 0000000077b8e1d0 6 bytes [48, B8, 39, 11, 3E, 76] .text C:\Windows\System32\svchost.exe[3244] C:\Windows\SYSTEM32\ntdll.dll!NtSetValueKey + 8 0000000077b8e1d8 4 bytes [00, 00, 50, C3] .text C:\Windows\System32\svchost.exe[3244] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077b8e5a0 6 bytes [48, B8, 79, 08, 3E, 76] .text C:\Windows\System32\svchost.exe[3244] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant + 8 0000000077b8e5a8 4 bytes [00, 00, 50, C3] .text C:\Windows\System32\svchost.exe[3244] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcess 0000000077b8e5f0 6 bytes [48, B8, 79, 28, 3D, 76] .text C:\Windows\System32\svchost.exe[3244] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcess + 8 0000000077b8e5f8 4 bytes [00, 00, 50, C3] .text C:\Windows\System32\svchost.exe[3244] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077b8e650 6 bytes [48, B8, F9, 24, 3D, 76] .text C:\Windows\System32\svchost.exe[3244] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx + 8 0000000077b8e658 4 bytes [00, 00, 50, C3] .text C:\Windows\System32\svchost.exe[3244] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077b8e9c0 6 bytes [48, B8, 39, C4, 3D, 76] .text C:\Windows\System32\svchost.exe[3244] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver + 8 0000000077b8e9c8 4 bytes [00, 00, 50, C3] .text C:\Windows\System32\svchost.exe[3244] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcessToken 0000000077b8eb90 6 bytes [48, B8, B9, FF, 3D, 76] .text C:\Windows\System32\svchost.exe[3244] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcessToken + 8 0000000077b8eb98 4 bytes [00, 00, 50, C3] .text C:\Windows\System32\svchost.exe[3244] C:\Windows\SYSTEM32\ntdll.dll!NtRaiseHardError 0000000077b8ef00 6 bytes [48, B8, 79, 83, 3D, 76] .text C:\Windows\System32\svchost.exe[3244] C:\Windows\SYSTEM32\ntdll.dll!NtRaiseHardError + 8 0000000077b8ef08 4 bytes [00, 00, 50, C3] .text C:\Windows\System32\svchost.exe[3244] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077b8f100 6 bytes [48, B8, 39, 31, 3D, 76] .text C:\Windows\System32\svchost.exe[3244] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread + 8 0000000077b8f108 4 bytes [00, 00, 50, C3] .text C:\Windows\System32\svchost.exe[3244] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077b8f2c0 6 bytes [48, B8, F9, C5, 3D, 76] .text C:\Windows\System32\svchost.exe[3244] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation + 8 0000000077b8f2c8 4 bytes [00, 00, 50, C3] .text C:\Windows\System32\svchost.exe[3244] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077b8f3a0 6 bytes [48, B8, 79, 3D, 3D, 76] .text C:\Windows\System32\svchost.exe[3244] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess + 8 0000000077b8f3a8 4 bytes [00, 00, 50, C3] .text C:\Windows\System32\svchost.exe[3244] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077b8f3b0 6 bytes [48, B8, B9, 3B, 3D, 76] .text C:\Windows\System32\svchost.exe[3244] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread + 8 0000000077b8f3b8 4 bytes [00, 00, 50, C3] .text C:\Windows\System32\svchost.exe[3244] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077b8f3c0 6 bytes [48, B8, 79, 0F, 3E, 76] .text C:\Windows\System32\svchost.exe[3244] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl + 8 0000000077b8f3c8 4 bytes [00, 00, 50, C3] .text C:\Windows\System32\svchost.exe[3244] C:\Windows\SYSTEM32\ntdll.dll!RtlReportException + 1 0000000077bfea21 11 bytes [B8, 39, 85, 3D, 76, 00, 00, ...] .text C:\Windows\System32\svchost.exe[3244] C:\Windows\system32\KERNELBASE.dll!CloseHandle + 1 000007fefdc51861 11 bytes [B8, 79, 52, 3D, 76, 00, 00, ...] .text C:\Windows\System32\svchost.exe[3244] C:\Windows\system32\KERNELBASE.dll!GetProcAddress + 1 000007fefdc530f1 11 bytes [B8, 39, B6, 3D, 76, 00, 00, ...] .text C:\Windows\System32\svchost.exe[3244] C:\Windows\system32\KERNELBASE.dll!FindFirstFileExW 000007fefdc55200 12 bytes [48, B8, F9, E1, 3D, 76, 00, ...] .text C:\Windows\System32\svchost.exe[3244] C:\Windows\system32\KERNELBASE.dll!FindNextFileW + 1 000007fefdc55b91 11 bytes [B8, B9, E3, 3D, 76, 00, 00, ...] .text C:\Windows\System32\svchost.exe[3244] C:\Windows\system32\KERNELBASE.dll!CreateMutexW 000007fefdc58c00 12 bytes [48, B8, B9, 50, 3D, 76, 00, ...] .text C:\Windows\System32\svchost.exe[3244] C:\Windows\system32\KERNELBASE.dll!CreateWellKnownSid + 1 000007fefdc59531 11 bytes [B8, F9, FD, 3D, 76, 00, 00, ...] .text C:\Windows\System32\svchost.exe[3244] C:\Windows\system32\KERNELBASE.dll!DeviceIoControl + 1 000007fefdc59e71 11 bytes [B8, 39, E0, 3D, 76, 00, 00, ...] .text C:\Windows\System32\svchost.exe[3244] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExA + 1 000007fefdc5b591 11 bytes [B8, F9, B0, 3D, 76, 00, 00, ...] .text C:\Windows\System32\svchost.exe[3244] C:\Windows\system32\KERNELBASE.dll!OpenMutexW + 1 000007fefdc62361 11 bytes [B8, F9, 4E, 3D, 76, 00, 00, ...] .text C:\Windows\System32\svchost.exe[3244] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefdc6a590 12 bytes [48, B8, B9, B2, 3D, 76, 00, ...] .text C:\Windows\System32\svchost.exe[3244] C:\Windows\system32\KERNELBASE.dll!FreeLibrary + 1 000007fefdc6ac01 11 bytes [B8, 79, B4, 3D, 76, 00, 00, ...] .text C:\Windows\System32\svchost.exe[3244] C:\Windows\system32\KERNELBASE.dll!WriteProcessMemory 000007fefdc842e0 12 bytes [48, B8, B9, 42, 3D, 76, 00, ...] .text C:\Windows\System32\svchost.exe[3244] C:\Windows\system32\KERNELBASE.dll!DefineDosDeviceW + 1 000007fefdc90ba1 11 bytes [B8, B9, CE, 3D, 76, 00, 00, ...] .text C:\Windows\System32\svchost.exe[3244] C:\Windows\system32\KERNELBASE.dll!CreateRemoteThread + 1 000007fefdc92801 8 bytes [B8, 39, 23, 3D, 76, 00, 00, ...] .text C:\Windows\System32\svchost.exe[3244] C:\Windows\system32\KERNELBASE.dll!CreateRemoteThread + 10 000007fefdc9280a 2 bytes [50, C3] .text C:\Windows\System32\svchost.exe[3244] C:\Windows\system32\KERNELBASE.dll!CreateThread + 1 000007fefdc92841 11 bytes [B8, F9, 40, 3D, 76, 00, 00, ...] .text C:\Windows\System32\svchost.exe[3244] C:\Windows\system32\WS2_32.dll!WSASend + 1 000007feff1b13b1 11 bytes [B8, B9, AB, 3D, 76, 00, 00, ...] .text C:\Windows\System32\svchost.exe[3244] C:\Windows\system32\WS2_32.dll!closesocket 000007feff1b18e0 12 bytes [48, B8, F9, A9, 3D, 76, 00, ...] .text C:\Windows\System32\svchost.exe[3244] C:\Windows\system32\WS2_32.dll!WSASocketW + 1 000007feff1b1bd1 11 bytes [B8, 39, A8, 3D, 76, 00, 00, ...] .text C:\Windows\System32\svchost.exe[3244] C:\Windows\system32\WS2_32.dll!WSARecv + 1 000007feff1b2201 11 bytes [B8, 79, F3, 3D, 76, 00, 00, ...] .text C:\Windows\System32\svchost.exe[3244] C:\Windows\system32\WS2_32.dll!GetAddrInfoW 000007feff1b23c0 12 bytes [48, B8, 39, 8C, 3D, 76, 00, ...] .text C:\Windows\System32\svchost.exe[3244] C:\Windows\system32\WS2_32.dll!connect 000007feff1b45c0 12 bytes [48, B8, 79, 67, 3D, 76, 00, ...] .text C:\Windows\System32\svchost.exe[3244] C:\Windows\system32\WS2_32.dll!send + 1 000007feff1b8001 11 bytes [B8, 79, A6, 3D, 76, 00, 00, ...] .text C:\Windows\System32\svchost.exe[3244] C:\Windows\system32\WS2_32.dll!gethostbyname 000007feff1b8df0 7 bytes [48, B8, B9, 8F, 3D, 76, 00] .text C:\Windows\System32\svchost.exe[3244] C:\Windows\system32\WS2_32.dll!gethostbyname + 9 000007feff1b8df9 3 bytes [00, 50, C3] .text C:\Windows\System32\svchost.exe[3244] C:\Windows\system32\WS2_32.dll!GetAddrInfoExW 000007feff1bc090 12 bytes [48, B8, F9, 8D, 3D, 76, 00, ...] .text C:\Windows\System32\svchost.exe[3244] C:\Windows\system32\WS2_32.dll!socket + 1 000007feff1bde91 11 bytes [B8, 79, EC, 3D, 76, 00, 00, ...] .text C:\Windows\System32\svchost.exe[3244] C:\Windows\system32\WS2_32.dll!recv + 1 000007feff1bdf41 11 bytes [B8, B9, F1, 3D, 76, 00, 00, ...] .text C:\Windows\System32\svchost.exe[3244] C:\Windows\system32\WS2_32.dll!WSAConnect + 1 000007feff1de0f1 11 bytes [B8, F9, EF, 3D, 76, 00, 00, ...] .text C:\Windows\System32\svchost.exe[3244] C:\Windows\system32\ADVAPI32.dll!CryptExportKey + 1 000007fefdcfaeb1 11 bytes [B8, F9, F6, 3D, 76, 00, 00, ...] .text C:\Windows\System32\svchost.exe[3244] C:\Windows\system32\ADVAPI32.dll!CryptAcquireContextA + 1 000007fefdcfaf11 11 bytes [B8, 79, E5, 3D, 76, 00, 00, ...] .text C:\Windows\System32\svchost.exe[3244] C:\Windows\system32\ADVAPI32.dll!CryptImportKey + 1 000007fefdcfe719 11 bytes [B8, 39, FC, 3D, 76, 00, 00, ...] .text C:\Windows\System32\svchost.exe[3244] C:\Windows\system32\ADVAPI32.dll!CryptAcquireContextW + 1 000007fefdd0051d 11 bytes [B8, 39, E7, 3D, 76, 00, 00, ...] .text C:\Windows\System32\svchost.exe[3244] C:\Windows\system32\ADVAPI32.dll!CryptCreateHash + 1 000007fefdd00609 11 bytes [B8, 39, F5, 3D, 76, 00, 00, ...] .text C:\Windows\System32\svchost.exe[3244] C:\Windows\system32\ADVAPI32.dll!CryptGetHashParam + 1 000007fefdd00641 11 bytes [B8, B9, F8, 3D, 76, 00, 00, ...] .text C:\Windows\System32\svchost.exe[3244] C:\Windows\system32\ADVAPI32.dll!CryptGetHashParam + 73 000007fefdd00689 5 bytes [B8, 79, FA, 3D, 76] .text ... * 2 .text C:\Windows\System32\svchost.exe[3244] C:\Windows\system32\ADVAPI32.dll!IsTextUnicode + 49 000007fefdd14ea1 11 bytes [B8, 79, 16, 3E, 76, 00, 00, ...] .text C:\Windows\System32\svchost.exe[3244] C:\Windows\system32\ADVAPI32.dll!CreateServiceW 000007fefdd155c8 12 bytes [48, B8, B9, 6C, 3D, 76, 00, ...] .text C:\Windows\System32\svchost.exe[3244] C:\Windows\system32\ADVAPI32.dll!CryptEncrypt + 1 000007fefdd2b7d1 7 bytes [B8, B9, EA, 3D, 76, 00, 00] .text C:\Windows\System32\svchost.exe[3244] C:\Windows\system32\ADVAPI32.dll!CryptEncrypt + 10 000007fefdd2b7da 2 bytes [50, C3] .text C:\Windows\System32\svchost.exe[3244] C:\Windows\system32\ADVAPI32.dll!CreateServiceA 000007fefdd2b85c 12 bytes [48, B8, F9, 6A, 3D, 76, 00, ...] .text C:\Windows\System32\svchost.exe[3244] C:\Windows\system32\ADVAPI32.dll!ChangeServiceConfigW 000007fefdd2b9d0 12 bytes [48, B8, 79, 60, 3D, 76, 00, ...] .text C:\Windows\System32\svchost.exe[3244] C:\Windows\system32\ADVAPI32.dll!ChangeServiceConfigA 000007fefdd2ba3c 12 bytes [48, B8, B9, 5E, 3D, 76, 00, ...] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[4940] C:\Windows\SysWOW64\ntdll.dll!NtWriteFile 0000000077d3f924 5 bytes JMP 00000001761f8169 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[4940] C:\Windows\SysWOW64\ntdll.dll!NtClose 0000000077d3f9dc 5 bytes JMP 00000001761f67e1 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[4940] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationProcess 0000000077d3fb24 5 bytes JMP 00000001761f61f1 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[4940] C:\Windows\SysWOW64\ntdll.dll!NtQueryInformationToken 0000000077d3fba4 5 bytes JMP 00000001761f7d41 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[4940] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess 0000000077d3fc1c 5 bytes JMP 00000001761f31d9 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[4940] C:\Windows\SysWOW64\ntdll.dll!NtMapViewOfSection 0000000077d3fc4c 5 bytes JMP 00000001761f15f1 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[4940] C:\Windows\SysWOW64\ntdll.dll!NtUnmapViewOfSection 0000000077d3fc7c 5 bytes JMP 00000001761f1689 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[4940] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 0000000077d3fcac 5 bytes JMP 00000001761f6159 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[4940] C:\Windows\SysWOW64\ntdll.dll!NtOpenSection 0000000077d3fdc4 5 bytes JMP 00000001761f80d1 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[4940] C:\Windows\SysWOW64\ntdll.dll!NtWriteVirtualMemory 0000000077d3fe10 5 bytes JMP 00000001761f30a9 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[4940] C:\Windows\SysWOW64\ntdll.dll!NtDuplicateObject 0000000077d3fe40 5 bytes JMP 00000001761f3309 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[4940] C:\Windows\SysWOW64\ntdll.dll!NtAdjustPrivilegesToken 0000000077d3febc 5 bytes JMP 00000001761f7161 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[4940] C:\Windows\SysWOW64\ntdll.dll!NtQueueApcThread 0000000077d3ff20 5 bytes JMP 00000001761f3271 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[4940] C:\Windows\SysWOW64\ntdll.dll!NtCreateSection 0000000077d3ffa0 5 bytes JMP 00000001761f8201 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[4940] C:\Windows\SysWOW64\ntdll.dll!NtCreateProcessEx 0000000077d3ffe8 5 bytes JMP 00000001761f2ee1 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[4940] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread 0000000077d40000 5 bytes JMP 00000001761f2db1 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[4940] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile 0000000077d400b0 5 bytes JMP 00000001761f1ed9 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[4940] C:\Windows\SysWOW64\ntdll.dll!NtSetValueKey 0000000077d401c0 5 bytes JMP 00000001761f2301 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[4940] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant 0000000077d40798 5 bytes JMP 00000001761f8039 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[4940] C:\Windows\SysWOW64\ntdll.dll!NtCreateProcess 0000000077d40810 5 bytes JMP 00000001761f2e49 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[4940] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx 0000000077d408a0 5 bytes JMP 00000001761f2d19 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[4940] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver 0000000077d40df0 5 bytes JMP 00000001761f6879 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[4940] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessToken 0000000077d410bc 5 bytes JMP 00000001761f7ca9 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[4940] C:\Windows\SysWOW64\ntdll.dll!NtRaiseHardError 0000000077d41600 5 bytes JMP 00000001761f4ac9 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[4940] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread 0000000077d4191c 5 bytes JMP 00000001761f3141 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[4940] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation 0000000077d41be0 5 bytes JMP 00000001761f6911 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[4940] C:\Windows\SysWOW64\ntdll.dll!NtSuspendProcess 0000000077d41d50 5 bytes JMP 00000001761f3439 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[4940] C:\Windows\SysWOW64\ntdll.dll!NtSuspendThread 0000000077d41d6c 5 bytes JMP 00000001761f33a1 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[4940] C:\Windows\SysWOW64\ntdll.dll!NtSystemDebugControl 0000000077d41d88 5 bytes JMP 00000001761f8299 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[4940] C:\Windows\SysWOW64\ntdll.dll!NtVdmControl 0000000077d41ee4 5 bytes JMP 00000001761f7e71 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[4940] C:\Windows\SysWOW64\ntdll.dll!RtlQueryPerformanceCounter 0000000077d54924 5 bytes JMP 00000001761f1ab1 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[4940] C:\Windows\SysWOW64\ntdll.dll!RtlEqualSid 0000000077d60f81 5 bytes JMP 00000001761f7dd9 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[4940] C:\Windows\SysWOW64\ntdll.dll!RtlCreateProcessParametersEx 0000000077d80edb 5 bytes JMP 00000001761f2009 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[4940] C:\Windows\SysWOW64\ntdll.dll!RtlReportException 0000000077dc886f 5 bytes JMP 00000001761f4b61 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[4940] C:\Windows\SysWOW64\ntdll.dll!RtlCreateProcessParameters 0000000077dceb0b 5 bytes JMP 00000001761f1f71 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[4940] C:\Windows\syswow64\kernel32.dll!GetStartupInfoA 0000000077820e00 5 bytes JMP 00000001761f1da9 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[4940] C:\Windows\syswow64\kernel32.dll!CreateProcessA 0000000077821072 5 bytes JMP 00000001761f2a21 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[4940] C:\Windows\syswow64\kernel32.dll!LoadLibraryA 0000000077824977 5 bytes JMP 00000001761f25f9 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[4940] C:\Windows\syswow64\kernel32.dll!CreateProcessInternalW 0000000077833b93 5 bytes JMP 00000001761f3011 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[4940] C:\Windows\syswow64\kernel32.dll!MoveFileWithProgressW 0000000077839a74 5 bytes JMP 00000001761f70c9 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[4940] C:\Windows\syswow64\kernel32.dll!MoveFileExW 0000000077839ad5 5 bytes JMP 00000001761f6e69 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[4940] C:\Windows\syswow64\kernel32.dll!CreateToolhelp32Snapshot 00000000778472f7 5 bytes JMP 00000001761f2729 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[4940] C:\Windows\syswow64\kernel32.dll!Process32NextW 00000000778488aa 5 bytes JMP 00000001761f6749 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[4940] C:\Windows\syswow64\kernel32.dll!MoveFileExA 000000007784ccb1 5 bytes JMP 00000001761f6d39 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[4940] C:\Windows\syswow64\kernel32.dll!MoveFileWithProgressA 000000007784ccd1 5 bytes JMP 00000001761f6f99 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[4940] C:\Windows\syswow64\kernel32.dll!WinExec 00000000778a3041 5 bytes JMP 00000001761f28f1 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[4940] C:\Windows\syswow64\kernel32.dll!ReadConsoleInputA 00000000778c74fb 5 bytes JMP 00000001761f46a1 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[4940] C:\Windows\syswow64\kernel32.dll!ReadConsoleInputW 00000000778c751e 5 bytes JMP 00000001761f47d1 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[4940] C:\Windows\syswow64\kernel32.dll!ReadConsoleA 00000000778c78c9 5 bytes JMP 00000001761f4901 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[4940] C:\Windows\syswow64\kernel32.dll!ReadConsoleW 00000000778c7942 5 bytes JMP 00000001761f4a31 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[4940] C:\Windows\syswow64\KERNELBASE.dll!GetSystemTimeAsFileTime 0000000075c08f8d 5 bytes JMP 00000000761f1a19 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[4940] C:\Windows\syswow64\KERNELBASE.dll!CloseHandle 0000000075c0c436 5 bytes JMP 00000000761f3b59 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[4940] C:\Windows\syswow64\KERNELBASE.dll!DeviceIoControl 0000000075c0d0af 5 bytes JMP 00000000761f71f9 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[4940] C:\Windows\syswow64\KERNELBASE.dll!WriteProcessMemory 0000000075c0eca6 5 bytes JMP 00000000761f3601 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[4940] C:\Windows\syswow64\KERNELBASE.dll!ExitProcess 0000000075c0f206 5 bytes JMP 00000000761f2399 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[4940] C:\Windows\syswow64\KERNELBASE.dll!GetStartupInfoW 0000000075c0fa89 5 bytes JMP 00000000761f1e41 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[4940] C:\Windows\syswow64\KERNELBASE.dll!DefineDosDeviceW 0000000075c0fbb7 5 bytes JMP 00000000761f6c09 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[4940] C:\Windows\syswow64\KERNELBASE.dll!CreateMutexW 0000000075c11358 5 bytes JMP 00000000761f3ac1 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[4940] C:\Windows\syswow64\KERNELBASE.dll!OpenMutexW 0000000075c1137f 5 bytes JMP 00000000761f3a29 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[4940] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000075c11d29 5 bytes JMP 00000000761f1981 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[4940] C:\Windows\syswow64\KERNELBASE.dll!GetProcAddress 0000000075c11e15 5 bytes JMP 00000000761f24c9 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[4940] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000075c12ab1 5 bytes JMP 00000000761f6321 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[4940] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExA 0000000075c12cd9 5 bytes JMP 00000000761f6289 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[4940] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000075c12d17 5 bytes JMP 00000000761f63b9 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[4940] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleA 0000000075c12e7a 5 bytes JMP 00000000761f18e9 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[4940] C:\Windows\syswow64\KERNELBASE.dll!SleepEx 0000000075c13b70 5 bytes JMP 00000000761f2269 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[4940] C:\Windows\syswow64\KERNELBASE.dll!Sleep 0000000075c14496 5 bytes JMP 00000000761f2431 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[4940] C:\Windows\syswow64\KERNELBASE.dll!CreateThread 0000000075c14608 5 bytes JMP 00000000761f3569 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[4940] C:\Windows\syswow64\KERNELBASE.dll!CreateRemoteThread 0000000075c14631 5 bytes JMP 00000000761f2c81 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[4940] C:\Windows\syswow64\KERNELBASE.dll!FindNextFileW 0000000075c1a211 5 bytes JMP 00000000761f7329 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[4940] C:\Windows\syswow64\KERNELBASE.dll!FindFirstFileExW 0000000075c1a4fa 5 bytes JMP 00000000761f7291 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[4940] C:\Windows\syswow64\KERNELBASE.dll!CreateFileA 0000000075c1c734 5 bytes JMP 00000000761f27c1 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[4940] C:\Windows\syswow64\KERNELBASE.dll!CreateWellKnownSid 0000000075c1e29d 5 bytes JMP 00000000761f7c11 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[4940] C:\Windows\syswow64\WS2_32.dll!closesocket 0000000076c93918 5 bytes JMP 00000001761f60c1 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[4940] C:\Windows\syswow64\WS2_32.dll!WSASocketW 0000000076c93cd3 5 bytes JMP 00000001761f6029 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[4940] C:\Windows\syswow64\WS2_32.dll!socket 0000000076c93eb8 5 bytes JMP 00000001761f7621 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[4940] C:\Windows\syswow64\WS2_32.dll!WSASend 0000000076c94406 5 bytes JMP 00000001761f2139 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[4940] C:\Windows\syswow64\WS2_32.dll!GetAddrInfoW 0000000076c94889 5 bytes JMP 00000001761f5741 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[4940] C:\Windows\syswow64\WS2_32.dll!recv 0000000076c96b0e 5 bytes JMP 00000001761f77e9 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[4940] C:\Windows\syswow64\WS2_32.dll!connect 0000000076c96bdd 1 byte JMP 00000001761f41e1 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[4940] C:\Windows\syswow64\WS2_32.dll!connect + 2 0000000076c96bdf 3 bytes {CALL RBP} .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[4940] C:\Windows\syswow64\WS2_32.dll!send 0000000076c96f01 5 bytes JMP 00000001761f20a1 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[4940] C:\Windows\syswow64\WS2_32.dll!WSARecv 0000000076c97089 5 bytes JMP 00000001761f7881 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[4940] C:\Windows\syswow64\WS2_32.dll!WSAConnect 0000000076c9cc3f 5 bytes JMP 00000001761f7751 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[4940] C:\Windows\syswow64\WS2_32.dll!GetAddrInfoExW 0000000076c9d1ea 5 bytes JMP 00000001761f57d9 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[4940] C:\Windows\syswow64\WS2_32.dll!gethostbyname 0000000076ca7673 5 bytes JMP 00000001761f5871 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[4940] C:\Windows\syswow64\msvcrt.dll!_lock + 41 000000007571a472 5 bytes JMP 00000000761f83c9 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[4940] C:\Windows\syswow64\msvcrt.dll!__p__fmode 00000000757227ce 5 bytes JMP 00000000761f1be1 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[4940] C:\Windows\syswow64\msvcrt.dll!__p__environ 000000007572e6cf 5 bytes JMP 00000000761f1b49 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[4940] C:\Windows\syswow64\ADVAPI32.dll!CryptGenKey 0000000075908e89 5 bytes JMP 00000000761f74f1 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[4940] C:\Windows\syswow64\ADVAPI32.dll!CryptAcquireContextA 0000000075909179 5 bytes JMP 00000000761f73c1 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[4940] C:\Windows\syswow64\ADVAPI32.dll!CryptExportKey 0000000075909186 5 bytes JMP 00000000761f79b1 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[4940] C:\Windows\syswow64\ADVAPI32.dll!CryptImportKey 000000007590c4d2 5 bytes JMP 00000000761f7b79 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[4940] C:\Windows\syswow64\ADVAPI32.dll!OpenServiceW 000000007590c9ec 5 bytes JMP 00000000761f3c89 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[4940] C:\Windows\syswow64\ADVAPI32.dll!CryptAcquireContextW 000000007590deb4 5 bytes JMP 00000000761f7459 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[4940] C:\Windows\syswow64\ADVAPI32.dll!CryptHashData 000000007590ded6 5 bytes JMP 00000000761f7ae1 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[4940] C:\Windows\syswow64\ADVAPI32.dll!CryptCreateHash 000000007590deee 5 bytes JMP 00000000761f7919 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[4940] C:\Windows\syswow64\ADVAPI32.dll!CryptGetHashParam 000000007590df1e 5 bytes JMP 00000000761f7a49 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[4940] C:\Windows\syswow64\ADVAPI32.dll!OpenServiceA 0000000075912b70 5 bytes JMP 00000000761f3bf1 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[4940] C:\Windows\syswow64\ADVAPI32.dll!CloseServiceHandle 000000007591361c 5 bytes JMP 00000000761f40b1 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[4940] C:\Windows\syswow64\ADVAPI32.dll!RegOpenKeyExA + 222 0000000075914965 5 bytes JMP 00000000761f8461 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[4940] C:\Windows\syswow64\ADVAPI32.dll!CreateServiceW 00000000759270c4 5 bytes JMP 00000000761f4311 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[4940] C:\Windows\syswow64\ADVAPI32.dll!ControlService 00000000759270dc 5 bytes JMP 00000000761f3e51 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[4940] C:\Windows\syswow64\ADVAPI32.dll!DeleteService 00000000759270f4 5 bytes JMP 00000000761f3ee9 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[4940] C:\Windows\syswow64\ADVAPI32.dll!CryptEncrypt 0000000075927733 5 bytes JMP 00000000761f7589 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[4940] C:\Windows\syswow64\ADVAPI32.dll!ChangeServiceConfigA 00000000759431f4 3 bytes JMP 00000000761f3f81 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[4940] C:\Windows\syswow64\ADVAPI32.dll!ChangeServiceConfigA + 4 00000000759431f8 1 byte [00] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[4940] C:\Windows\syswow64\ADVAPI32.dll!ChangeServiceConfigW 0000000075943204 3 bytes JMP 00000000761f4019 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[4940] C:\Windows\syswow64\ADVAPI32.dll!ChangeServiceConfigW + 4 0000000075943208 1 byte [00] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[4940] C:\Windows\syswow64\ADVAPI32.dll!ControlServiceExA 0000000075943214 3 bytes JMP 00000000761f3d21 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[4940] C:\Windows\syswow64\ADVAPI32.dll!ControlServiceExA + 4 0000000075943218 1 byte [00] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[4940] C:\Windows\syswow64\ADVAPI32.dll!ControlServiceExW 0000000075943224 3 bytes JMP 00000000761f3db9 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[4940] C:\Windows\syswow64\ADVAPI32.dll!ControlServiceExW + 4 0000000075943228 1 byte [00] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[4940] C:\Windows\syswow64\ADVAPI32.dll!CreateServiceA 0000000075943264 3 bytes JMP 00000000761f4279 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[4940] C:\Windows\syswow64\ADVAPI32.dll!CreateServiceA + 4 0000000075943268 1 byte [00] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[4940] C:\Windows\syswow64\USER32.dll!GetMessageW 0000000076af78e2 5 bytes JMP 00000001761f4441 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[4940] C:\Windows\syswow64\USER32.dll!GetMessageA 0000000076af7bd3 5 bytes JMP 00000001761f43a9 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[4940] C:\Windows\syswow64\USER32.dll!CreateWindowExW 0000000076af8a29 5 bytes JMP 00000001761f5909 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[4940] C:\Windows\syswow64\USER32.dll!FindWindowW 0000000076af98fd 5 bytes JMP 00000001761f6581 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[4940] C:\Windows\syswow64\USER32.dll!UserClientDllInitialize 0000000076afb6ed 5 bytes JMP 00000001761f84f9 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[4940] C:\Windows\syswow64\USER32.dll!CreateWindowExA 0000000076afd22e 5 bytes JMP 00000001761f59a1 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[4940] C:\Windows\syswow64\USER32.dll!SetWinEventHook 0000000076afee09 5 bytes JMP 00000001761f34d1 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[4940] C:\Windows\syswow64\USER32.dll!FindWindowA 0000000076afffe6 5 bytes JMP 00000001761f6451 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[4940] C:\Windows\syswow64\USER32.dll!FindWindowExA 0000000076b000d9 5 bytes JMP 00000001761f64e9 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[4940] C:\Windows\syswow64\USER32.dll!PeekMessageW 0000000076b005ba 5 bytes JMP 00000001761f4571 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[4940] C:\Windows\syswow64\USER32.dll!ShowWindow 0000000076b00dfb 5 bytes JMP 00000001761f5a39 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[4940] C:\Windows\syswow64\USER32.dll!PostMessageW 0000000076b012a5 5 bytes JMP 00000001761f7fa1 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[4940] C:\Windows\syswow64\USER32.dll!SetWindowTextW 0000000076b020ec 5 bytes JMP 00000001761f5dc9 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[4940] C:\Windows\syswow64\USER32.dll!PostMessageA 0000000076b03baa 5 bytes JMP 00000001761f7f09 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[4940] C:\Windows\syswow64\USER32.dll!PeekMessageA 0000000076b05f74 5 bytes JMP 00000001761f44d9 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[4940] C:\Windows\syswow64\USER32.dll!CallNextHookEx 0000000076b06285 5 bytes JMP 00000001761f4bf9 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[4940] C:\Windows\syswow64\USER32.dll!SetWindowsHookExW 0000000076b07603 5 bytes JMP 00000001761f2be9 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[4940] C:\Windows\syswow64\USER32.dll!SetWindowTextA 0000000076b07aee 5 bytes JMP 00000001761f5d31 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[4940] C:\Windows\syswow64\USER32.dll!SetWindowsHookExA 0000000076b0835c 5 bytes JMP 00000001761f2b51 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[4940] C:\Windows\syswow64\USER32.dll!DialogBoxIndirectParamAorW 0000000076b1ce54 5 bytes JMP 00000001761f5b69 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[4940] C:\Windows\syswow64\USER32.dll!UnhookWindowsHookEx 0000000076b1f52b 5 bytes JMP 00000001761f4c91 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[4940] C:\Windows\syswow64\USER32.dll!FindWindowExW 0000000076b1f588 5 bytes JMP 00000001761f6619 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[4940] C:\Windows\syswow64\USER32.dll!CreateDialogIndirectParamAorW 0000000076b210a0 5 bytes JMP 00000001761f5ad1 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[4940] C:\Windows\syswow64\USER32.dll!MessageBoxExA 0000000076b4fcd6 5 bytes JMP 00000001761f5c01 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[4940] C:\Windows\syswow64\USER32.dll!MessageBoxExW 0000000076b4fcfa 5 bytes JMP 00000001761f5c99 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[4940] C:\Windows\syswow64\SHELL32.dll!Shell_NotifyIconW 0000000000ad0179 5 bytes JMP 00000000761f4d29 .text C:\Windows\system32\DllHost.exe[2704] C:\Windows\SYSTEM32\ntdll.dll!RtlEqualSid + 1 0000000077b68611 11 bytes [B8, F9, 04, 3E, 76, 00, 00, ...] .text C:\Windows\system32\DllHost.exe[2704] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateProcessParametersEx + 1 0000000077b76741 7 bytes [B8, 39, 69, 3D, 76, 00, 00] .text C:\Windows\system32\DllHost.exe[2704] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateProcessParametersEx + 10 0000000077b7674a 2 bytes [50, C3] .text C:\Windows\system32\DllHost.exe[2704] C:\Windows\SYSTEM32\ntdll.dll!NtWriteFile 0000000077b8dc50 6 bytes [48, B8, F9, 12, 3E, 76] .text C:\Windows\system32\DllHost.exe[2704] C:\Windows\SYSTEM32\ntdll.dll!NtWriteFile + 8 0000000077b8dc58 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\DllHost.exe[2704] C:\Windows\SYSTEM32\ntdll.dll!NtClose 0000000077b8dcc0 6 bytes [48, B8, 79, C2, 3D, 76] .text C:\Windows\system32\DllHost.exe[2704] C:\Windows\SYSTEM32\ntdll.dll!NtClose + 8 0000000077b8dcc8 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\DllHost.exe[2704] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess 0000000077b8dd90 6 bytes [48, B8, 39, AF, 3D, 76] .text C:\Windows\system32\DllHost.exe[2704] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess + 8 0000000077b8dd98 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\DllHost.exe[2704] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationToken 0000000077b8dde0 6 bytes [48, B8, 39, 03, 3E, 76] .text C:\Windows\system32\DllHost.exe[2704] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationToken + 8 0000000077b8dde8 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\DllHost.exe[2704] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077b8de30 6 bytes [48, B8, F9, 32, 3D, 76] .text C:\Windows\system32\DllHost.exe[2704] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess + 8 0000000077b8de38 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\DllHost.exe[2704] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 0000000077b8de50 6 bytes [48, B8, 39, 1C, 3D, 76] .text C:\Windows\system32\DllHost.exe[2704] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection + 8 0000000077b8de58 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\DllHost.exe[2704] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection 0000000077b8de70 6 bytes [48, B8, F9, 1D, 3D, 76] .text C:\Windows\system32\DllHost.exe[2704] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection + 8 0000000077b8de78 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\DllHost.exe[2704] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077b8de90 6 bytes [48, B8, 79, AD, 3D, 76] .text C:\Windows\system32\DllHost.exe[2704] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess + 8 0000000077b8de98 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\DllHost.exe[2704] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077b8df40 6 bytes [48, B8, 39, 11, 3E, 76] .text C:\Windows\system32\DllHost.exe[2704] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection + 8 0000000077b8df48 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\DllHost.exe[2704] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077b8df70 6 bytes [48, B8, 79, 2F, 3D, 76] .text C:\Windows\system32\DllHost.exe[2704] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory + 8 0000000077b8df78 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\DllHost.exe[2704] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077b8df90 6 bytes [48, B8, 79, 36, 3D, 76] .text C:\Windows\system32\DllHost.exe[2704] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject + 8 0000000077b8df98 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\DllHost.exe[2704] C:\Windows\SYSTEM32\ntdll.dll!NtAdjustPrivilegesToken 0000000077b8dfe0 6 bytes [48, B8, 79, DE, 3D, 76] .text C:\Windows\system32\DllHost.exe[2704] C:\Windows\SYSTEM32\ntdll.dll!NtAdjustPrivilegesToken + 8 0000000077b8dfe8 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\DllHost.exe[2704] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 0000000077b8e020 6 bytes [48, B8, B9, 34, 3D, 76] .text C:\Windows\system32\DllHost.exe[2704] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread + 8 0000000077b8e028 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\DllHost.exe[2704] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077b8e070 6 bytes [48, B8, B9, 14, 3E, 76] .text C:\Windows\system32\DllHost.exe[2704] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection + 8 0000000077b8e078 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\DllHost.exe[2704] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcessEx 0000000077b8e0a0 6 bytes [48, B8, 39, 2A, 3D, 76] .text C:\Windows\system32\DllHost.exe[2704] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcessEx + 8 0000000077b8e0a8 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\DllHost.exe[2704] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077b8e0b0 6 bytes [48, B8, B9, 26, 3D, 76] .text C:\Windows\system32\DllHost.exe[2704] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread + 8 0000000077b8e0b8 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\DllHost.exe[2704] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 0000000077b8e120 6 bytes [48, B8, 39, E0, 3D, 76] .text C:\Windows\system32\DllHost.exe[2704] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile + 8 0000000077b8e128 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\DllHost.exe[2704] C:\Windows\SYSTEM32\ntdll.dll!NtSetValueKey 0000000077b8e1d0 6 bytes [48, B8, 39, 18, 3E, 76] .text C:\Windows\system32\DllHost.exe[2704] C:\Windows\SYSTEM32\ntdll.dll!NtSetValueKey + 8 0000000077b8e1d8 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\DllHost.exe[2704] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077b8e5a0 6 bytes [48, B8, 79, 0F, 3E, 76] .text C:\Windows\system32\DllHost.exe[2704] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant + 8 0000000077b8e5a8 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\DllHost.exe[2704] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcess 0000000077b8e5f0 6 bytes [48, B8, 79, 28, 3D, 76] .text C:\Windows\system32\DllHost.exe[2704] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcess + 8 0000000077b8e5f8 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\DllHost.exe[2704] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077b8e650 6 bytes [48, B8, F9, 24, 3D, 76] .text C:\Windows\system32\DllHost.exe[2704] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx + 8 0000000077b8e658 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\DllHost.exe[2704] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077b8e9c0 6 bytes [48, B8, 39, C4, 3D, 76] .text C:\Windows\system32\DllHost.exe[2704] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver + 8 0000000077b8e9c8 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\DllHost.exe[2704] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcessToken 0000000077b8eb90 6 bytes [48, B8, 79, 01, 3E, 76] .text C:\Windows\system32\DllHost.exe[2704] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcessToken + 8 0000000077b8eb98 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\DllHost.exe[2704] C:\Windows\SYSTEM32\ntdll.dll!NtRaiseHardError 0000000077b8ef00 6 bytes [48, B8, 79, 83, 3D, 76] .text C:\Windows\system32\DllHost.exe[2704] C:\Windows\SYSTEM32\ntdll.dll!NtRaiseHardError + 8 0000000077b8ef08 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\DllHost.exe[2704] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077b8f100 6 bytes [48, B8, 39, 31, 3D, 76] .text C:\Windows\system32\DllHost.exe[2704] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread + 8 0000000077b8f108 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\DllHost.exe[2704] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077b8f2c0 6 bytes [48, B8, F9, C5, 3D, 76] .text C:\Windows\system32\DllHost.exe[2704] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation + 8 0000000077b8f2c8 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\DllHost.exe[2704] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077b8f3a0 6 bytes [48, B8, 79, 3D, 3D, 76] .text C:\Windows\system32\DllHost.exe[2704] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess + 8 0000000077b8f3a8 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\DllHost.exe[2704] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077b8f3b0 6 bytes [48, B8, B9, 3B, 3D, 76] .text C:\Windows\system32\DllHost.exe[2704] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread + 8 0000000077b8f3b8 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\DllHost.exe[2704] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077b8f3c0 6 bytes [48, B8, 79, 16, 3E, 76] .text C:\Windows\system32\DllHost.exe[2704] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl + 8 0000000077b8f3c8 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\DllHost.exe[2704] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077b8f4a0 6 bytes [48, B8, 39, 0A, 3E, 76] .text C:\Windows\system32\DllHost.exe[2704] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl + 8 0000000077b8f4a8 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\DllHost.exe[2704] C:\Windows\SYSTEM32\ntdll.dll!RtlReportException + 1 0000000077bfea21 11 bytes [B8, 39, 85, 3D, 76, 00, 00, ...] .text C:\Windows\system32\DllHost.exe[2704] C:\Windows\system32\kernel32.dll!Process32NextW + 1 0000000077a21b21 11 bytes [B8, B9, C0, 3D, 76, 00, 00, ...] .text C:\Windows\system32\DllHost.exe[2704] C:\Windows\system32\kernel32.dll!CreateToolhelp32Snapshot 0000000077a21c10 12 bytes [48, B8, F9, 39, 3D, 76, 00, ...] .text C:\Windows\system32\DllHost.exe[2704] C:\Windows\system32\kernel32.dll!MoveFileExW + 1 0000000077a22b61 8 bytes [B8, B9, D5, 3D, 76, 00, 00, ...] .text C:\Windows\system32\DllHost.exe[2704] C:\Windows\system32\kernel32.dll!MoveFileExW + 10 0000000077a22b6a 2 bytes [50, C3] .text C:\Windows\system32\DllHost.exe[2704] C:\Windows\system32\kernel32.dll!CreateProcessInternalW 0000000077a3dbc0 12 bytes [48, B8, B9, 2D, 3D, 76, 00, ...] .text C:\Windows\system32\DllHost.exe[2704] C:\Windows\system32\kernel32.dll!GetStartupInfoA + 1 0000000077a40941 11 bytes [B8, 79, 08, 3E, 76, 00, 00, ...] .text C:\Windows\system32\DllHost.exe[2704] C:\Windows\system32\kernel32.dll!ReadConsoleInputW + 1 0000000077a75331 11 bytes [B8, B9, 7A, 3D, 76, 00, 00, ...] .text C:\Windows\system32\DllHost.exe[2704] C:\Windows\system32\kernel32.dll!ReadConsoleInputA + 1 0000000077a75351 11 bytes [B8, 39, 77, 3D, 76, 00, 00, ...] .text C:\Windows\system32\DllHost.exe[2704] C:\Windows\system32\kernel32.dll!ReadConsoleW 0000000077a8a660 12 bytes [48, B8, B9, 81, 3D, 76, 00, ...] .text C:\Windows\system32\DllHost.exe[2704] C:\Windows\system32\kernel32.dll!ReadConsoleA 0000000077a8a770 12 bytes [48, B8, 39, 7E, 3D, 76, 00, ...] .text C:\Windows\system32\DllHost.exe[2704] C:\Windows\system32\kernel32.dll!MoveFileWithProgressW + 1 0000000077aaf511 11 bytes [B8, B9, DC, 3D, 76, 00, 00, ...] .text C:\Windows\system32\DllHost.exe[2704] C:\Windows\system32\kernel32.dll!MoveFileWithProgressA + 1 0000000077aaf711 11 bytes [B8, 39, D9, 3D, 76, 00, 00, ...] .text C:\Windows\system32\DllHost.exe[2704] C:\Windows\system32\kernel32.dll!MoveFileExA + 1 0000000077aaf741 8 bytes [B8, 39, D2, 3D, 76, 00, 00, ...] .text C:\Windows\system32\DllHost.exe[2704] C:\Windows\system32\kernel32.dll!MoveFileExA + 10 0000000077aaf74a 2 bytes [50, C3] .text C:\Windows\system32\DllHost.exe[2704] C:\Windows\system32\KERNELBASE.dll!CloseHandle + 1 000007fefdc51861 11 bytes [B8, 79, 52, 3D, 76, 00, 00, ...] .text C:\Windows\system32\DllHost.exe[2704] C:\Windows\system32\KERNELBASE.dll!GetProcAddress + 1 000007fefdc530f1 11 bytes [B8, 39, B6, 3D, 76, 00, 00, ...] .text C:\Windows\system32\DllHost.exe[2704] C:\Windows\system32\KERNELBASE.dll!FindFirstFileExW 000007fefdc55200 12 bytes [48, B8, B9, E3, 3D, 76, 00, ...] .text C:\Windows\system32\DllHost.exe[2704] C:\Windows\system32\KERNELBASE.dll!FindNextFileW + 1 000007fefdc55b91 11 bytes [B8, 79, E5, 3D, 76, 00, 00, ...] .text C:\Windows\system32\DllHost.exe[2704] C:\Windows\system32\KERNELBASE.dll!CreateMutexW 000007fefdc58c00 12 bytes [48, B8, B9, 50, 3D, 76, 00, ...] .text C:\Windows\system32\DllHost.exe[2704] C:\Windows\system32\KERNELBASE.dll!CreateWellKnownSid + 1 000007fefdc59531 11 bytes [B8, B9, FF, 3D, 76, 00, 00, ...] .text C:\Windows\system32\DllHost.exe[2704] C:\Windows\system32\KERNELBASE.dll!DeviceIoControl + 1 000007fefdc59e71 11 bytes [B8, F9, E1, 3D, 76, 00, 00, ...] .text C:\Windows\system32\DllHost.exe[2704] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExA + 1 000007fefdc5b591 11 bytes [B8, F9, B0, 3D, 76, 00, 00, ...] .text C:\Windows\system32\DllHost.exe[2704] C:\Windows\system32\KERNELBASE.dll!OpenMutexW + 1 000007fefdc62361 11 bytes [B8, F9, 4E, 3D, 76, 00, 00, ...] .text C:\Windows\system32\DllHost.exe[2704] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefdc6a590 12 bytes [48, B8, B9, B2, 3D, 76, 00, ...] .text C:\Windows\system32\DllHost.exe[2704] C:\Windows\system32\KERNELBASE.dll!FreeLibrary + 1 000007fefdc6ac01 11 bytes [B8, 79, B4, 3D, 76, 00, 00, ...] .text C:\Windows\system32\DllHost.exe[2704] C:\Windows\system32\KERNELBASE.dll!WriteProcessMemory 000007fefdc842e0 12 bytes [48, B8, B9, 42, 3D, 76, 00, ...] .text C:\Windows\system32\DllHost.exe[2704] C:\Windows\system32\KERNELBASE.dll!DefineDosDeviceW + 1 000007fefdc90ba1 11 bytes [B8, B9, CE, 3D, 76, 00, 00, ...] .text C:\Windows\system32\DllHost.exe[2704] C:\Windows\system32\KERNELBASE.dll!CreateRemoteThread + 1 000007fefdc92801 8 bytes [B8, 39, 23, 3D, 76, 00, 00, ...] .text C:\Windows\system32\DllHost.exe[2704] C:\Windows\system32\KERNELBASE.dll!CreateRemoteThread + 10 000007fefdc9280a 2 bytes [50, C3] .text C:\Windows\system32\DllHost.exe[2704] C:\Windows\system32\KERNELBASE.dll!CreateThread + 1 000007fefdc92841 11 bytes [B8, F9, 40, 3D, 76, 00, 00, ...] .text C:\Windows\system32\DllHost.exe[2704] C:\Windows\system32\ADVAPI32.dll!CryptExportKey + 1 000007fefdcfaeb1 11 bytes [B8, B9, F8, 3D, 76, 00, 00, ...] .text C:\Windows\system32\DllHost.exe[2704] C:\Windows\system32\ADVAPI32.dll!CryptAcquireContextA + 1 000007fefdcfaf11 11 bytes [B8, 39, E7, 3D, 76, 00, 00, ...] .text C:\Windows\system32\DllHost.exe[2704] C:\Windows\system32\ADVAPI32.dll!CryptImportKey + 1 000007fefdcfe719 11 bytes [B8, F9, FD, 3D, 76, 00, 00, ...] .text C:\Windows\system32\DllHost.exe[2704] C:\Windows\system32\ADVAPI32.dll!CryptAcquireContextW + 1 000007fefdd0051d 11 bytes [B8, F9, E8, 3D, 76, 00, 00, ...] .text C:\Windows\system32\DllHost.exe[2704] C:\Windows\system32\ADVAPI32.dll!CryptCreateHash + 1 000007fefdd00609 11 bytes [B8, F9, F6, 3D, 76, 00, 00, ...] .text C:\Windows\system32\DllHost.exe[2704] C:\Windows\system32\ADVAPI32.dll!CryptGetHashParam + 1 000007fefdd00641 11 bytes [B8, 79, FA, 3D, 76, 00, 00, ...] .text C:\Windows\system32\DllHost.exe[2704] C:\Windows\system32\ADVAPI32.dll!CryptGetHashParam + 73 000007fefdd00689 5 bytes [B8, 39, FC, 3D, 76] .text ... * 2 .text C:\Windows\system32\DllHost.exe[2704] C:\Windows\system32\ADVAPI32.dll!IsTextUnicode + 49 000007fefdd14ea1 11 bytes [B8, B9, 1B, 3E, 76, 00, 00, ...] .text C:\Windows\system32\DllHost.exe[2704] C:\Windows\system32\ADVAPI32.dll!CreateServiceW 000007fefdd155c8 12 bytes [48, B8, B9, 6C, 3D, 76, 00, ...] .text C:\Windows\system32\DllHost.exe[2704] C:\Windows\system32\ADVAPI32.dll!CryptEncrypt + 1 000007fefdd2b7d1 7 bytes [B8, 79, EC, 3D, 76, 00, 00] .text C:\Windows\system32\DllHost.exe[2704] C:\Windows\system32\ADVAPI32.dll!CryptEncrypt + 10 000007fefdd2b7da 2 bytes [50, C3] .text C:\Windows\system32\DllHost.exe[2704] C:\Windows\system32\ADVAPI32.dll!CreateServiceA 000007fefdd2b85c 12 bytes [48, B8, F9, 6A, 3D, 76, 00, ...] .text C:\Windows\system32\DllHost.exe[2704] C:\Windows\system32\ADVAPI32.dll!ChangeServiceConfigW 000007fefdd2b9d0 12 bytes [48, B8, 79, 60, 3D, 76, 00, ...] .text C:\Windows\system32\DllHost.exe[2704] C:\Windows\system32\ADVAPI32.dll!ChangeServiceConfigA 000007fefdd2ba3c 12 bytes [48, B8, B9, 5E, 3D, 76, 00, ...] .text C:\Windows\system32\DllHost.exe[2704] C:\Windows\SYSTEM32\sechost.dll!ControlService + 1 000007feff6f642d 11 bytes [B8, 39, 5B, 3D, 76, 00, 00, ...] .text C:\Windows\system32\DllHost.exe[2704] C:\Windows\SYSTEM32\sechost.dll!OpenServiceW 000007feff6f6484 12 bytes [48, B8, F9, 55, 3D, 76, 00, ...] .text C:\Windows\system32\DllHost.exe[2704] C:\Windows\SYSTEM32\sechost.dll!CloseServiceHandle + 1 000007feff6f6519 11 bytes [B8, 39, 62, 3D, 76, 00, 00, ...] .text C:\Windows\system32\DllHost.exe[2704] C:\Windows\SYSTEM32\sechost.dll!OpenServiceA 000007feff6f6c34 12 bytes [48, B8, 39, 54, 3D, 76, 00, ...] .text C:\Windows\system32\DllHost.exe[2704] C:\Windows\SYSTEM32\sechost.dll!DeleteService + 1 000007feff6f7ab5 11 bytes [B8, F9, 5C, 3D, 76, 00, 00, ...] .text C:\Windows\system32\DllHost.exe[2704] C:\Windows\SYSTEM32\sechost.dll!ControlServiceExA + 1 000007feff6f8b01 11 bytes [B8, B9, 57, 3D, 76, 00, 00, ...] .text C:\Windows\system32\DllHost.exe[2704] C:\Windows\SYSTEM32\sechost.dll!ControlServiceExW + 1 000007feff6f8c39 11 bytes [B8, 79, 59, 3D, 76, 00, 00, ...] .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe[3836] C:\Windows\SysWOW64\ntdll.dll!NtWriteFile 0000000077d3f924 5 bytes JMP 00000001761f8169 .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe[3836] C:\Windows\SysWOW64\ntdll.dll!NtClose 0000000077d3f9dc 5 bytes JMP 00000001761f67e1 .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe[3836] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationProcess 0000000077d3fb24 5 bytes JMP 00000001761f61f1 .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe[3836] C:\Windows\SysWOW64\ntdll.dll!NtQueryInformationToken 0000000077d3fba4 5 bytes JMP 00000001761f7d41 .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe[3836] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess 0000000077d3fc1c 5 bytes JMP 00000001761f31d9 .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe[3836] C:\Windows\SysWOW64\ntdll.dll!NtMapViewOfSection 0000000077d3fc4c 5 bytes JMP 00000001761f15f1 .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe[3836] C:\Windows\SysWOW64\ntdll.dll!NtUnmapViewOfSection 0000000077d3fc7c 5 bytes JMP 00000001761f1689 .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe[3836] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 0000000077d3fcac 5 bytes JMP 00000001761f6159 .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe[3836] C:\Windows\SysWOW64\ntdll.dll!NtOpenSection 0000000077d3fdc4 5 bytes JMP 00000001761f80d1 .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe[3836] C:\Windows\SysWOW64\ntdll.dll!NtWriteVirtualMemory 0000000077d3fe10 5 bytes JMP 00000001761f30a9 .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe[3836] C:\Windows\SysWOW64\ntdll.dll!NtDuplicateObject 0000000077d3fe40 5 bytes JMP 00000001761f3309 .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe[3836] C:\Windows\SysWOW64\ntdll.dll!NtAdjustPrivilegesToken 0000000077d3febc 5 bytes JMP 00000001761f7161 .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe[3836] C:\Windows\SysWOW64\ntdll.dll!NtQueueApcThread 0000000077d3ff20 5 bytes JMP 00000001761f3271 .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe[3836] C:\Windows\SysWOW64\ntdll.dll!NtCreateSection 0000000077d3ffa0 5 bytes JMP 00000001761f8201 .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe[3836] C:\Windows\SysWOW64\ntdll.dll!NtCreateProcessEx 0000000077d3ffe8 5 bytes JMP 00000001761f2ee1 .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe[3836] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread 0000000077d40000 5 bytes JMP 00000001761f2db1 .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe[3836] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile 0000000077d400b0 5 bytes JMP 00000001761f1ed9 .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe[3836] C:\Windows\SysWOW64\ntdll.dll!NtSetValueKey 0000000077d401c0 5 bytes JMP 00000001761f2301 .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe[3836] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant 0000000077d40798 5 bytes JMP 00000001761f8039 .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe[3836] C:\Windows\SysWOW64\ntdll.dll!NtCreateProcess 0000000077d40810 5 bytes JMP 00000001761f2e49 .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe[3836] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx 0000000077d408a0 5 bytes JMP 00000001761f2d19 .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe[3836] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver 0000000077d40df0 5 bytes JMP 00000001761f6879 .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe[3836] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessToken 0000000077d410bc 5 bytes JMP 00000001761f7ca9 .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe[3836] C:\Windows\SysWOW64\ntdll.dll!NtRaiseHardError 0000000077d41600 5 bytes JMP 00000001761f4ac9 .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe[3836] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread 0000000077d4191c 5 bytes JMP 00000001761f3141 .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe[3836] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation 0000000077d41be0 5 bytes JMP 00000001761f6911 .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe[3836] C:\Windows\SysWOW64\ntdll.dll!NtSuspendProcess 0000000077d41d50 5 bytes JMP 00000001761f3439 .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe[3836] C:\Windows\SysWOW64\ntdll.dll!NtSuspendThread 0000000077d41d6c 5 bytes JMP 00000001761f33a1 .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe[3836] C:\Windows\SysWOW64\ntdll.dll!NtSystemDebugControl 0000000077d41d88 5 bytes JMP 00000001761f8299 .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe[3836] C:\Windows\SysWOW64\ntdll.dll!NtVdmControl 0000000077d41ee4 5 bytes JMP 00000001761f7e71 .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe[3836] C:\Windows\SysWOW64\ntdll.dll!RtlQueryPerformanceCounter 0000000077d54924 5 bytes JMP 00000001761f1ab1 .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe[3836] C:\Windows\SysWOW64\ntdll.dll!RtlEqualSid 0000000077d60f81 5 bytes JMP 00000001761f7dd9 .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe[3836] C:\Windows\SysWOW64\ntdll.dll!RtlCreateProcessParametersEx 0000000077d80edb 5 bytes JMP 00000001761f2009 .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe[3836] C:\Windows\SysWOW64\ntdll.dll!RtlReportException 0000000077dc886f 5 bytes JMP 00000001761f4b61 .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe[3836] C:\Windows\SysWOW64\ntdll.dll!RtlCreateProcessParameters 0000000077dceb0b 5 bytes JMP 00000001761f1f71 .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe[3836] C:\Windows\syswow64\kernel32.dll!GetStartupInfoA 0000000077820e00 5 bytes JMP 00000001761f1da9 .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe[3836] C:\Windows\syswow64\kernel32.dll!CreateProcessA 0000000077821072 5 bytes JMP 00000001761f2a21 .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe[3836] C:\Windows\syswow64\kernel32.dll!LoadLibraryA 0000000077824977 5 bytes JMP 00000001761f25f9 .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe[3836] C:\Windows\syswow64\kernel32.dll!CreateProcessInternalW 0000000077833b93 5 bytes JMP 00000001761f3011 .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe[3836] C:\Windows\syswow64\kernel32.dll!MoveFileWithProgressW 0000000077839a74 5 bytes JMP 00000001761f70c9 .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe[3836] C:\Windows\syswow64\kernel32.dll!MoveFileExW 0000000077839ad5 5 bytes JMP 00000001761f6e69 .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe[3836] C:\Windows\syswow64\kernel32.dll!CreateToolhelp32Snapshot 00000000778472f7 5 bytes JMP 00000001761f2729 .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe[3836] C:\Windows\syswow64\kernel32.dll!Process32NextW 00000000778488aa 5 bytes JMP 00000001761f6749 .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe[3836] C:\Windows\syswow64\kernel32.dll!MoveFileExA 000000007784ccb1 5 bytes JMP 00000001761f6d39 .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe[3836] C:\Windows\syswow64\kernel32.dll!MoveFileWithProgressA 000000007784ccd1 5 bytes JMP 00000001761f6f99 .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe[3836] C:\Windows\syswow64\kernel32.dll!WinExec 00000000778a3041 5 bytes JMP 00000001761f28f1 .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe[3836] C:\Windows\syswow64\kernel32.dll!ReadConsoleInputA 00000000778c74fb 5 bytes JMP 00000001761f46a1 .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe[3836] C:\Windows\syswow64\kernel32.dll!ReadConsoleInputW 00000000778c751e 5 bytes JMP 00000001761f47d1 .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe[3836] C:\Windows\syswow64\kernel32.dll!ReadConsoleA 00000000778c78c9 5 bytes JMP 00000001761f4901 .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe[3836] C:\Windows\syswow64\kernel32.dll!ReadConsoleW 00000000778c7942 5 bytes JMP 00000001761f4a31 .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe[3836] C:\Windows\syswow64\KERNELBASE.dll!GetSystemTimeAsFileTime 0000000075c08f8d 5 bytes JMP 00000000761f1a19 .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe[3836] C:\Windows\syswow64\KERNELBASE.dll!CloseHandle 0000000075c0c436 5 bytes JMP 00000000761f3b59 .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe[3836] C:\Windows\syswow64\KERNELBASE.dll!DeviceIoControl 0000000075c0d0af 5 bytes JMP 00000000761f71f9 .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe[3836] C:\Windows\syswow64\KERNELBASE.dll!WriteProcessMemory 0000000075c0eca6 5 bytes JMP 00000000761f3601 .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe[3836] C:\Windows\syswow64\KERNELBASE.dll!ExitProcess 0000000075c0f206 5 bytes JMP 00000000761f2399 .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe[3836] C:\Windows\syswow64\KERNELBASE.dll!GetStartupInfoW 0000000075c0fa89 5 bytes JMP 00000000761f1e41 .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe[3836] C:\Windows\syswow64\KERNELBASE.dll!DefineDosDeviceW 0000000075c0fbb7 5 bytes JMP 00000000761f6c09 .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe[3836] C:\Windows\syswow64\KERNELBASE.dll!CreateMutexW 0000000075c11358 5 bytes JMP 00000000761f3ac1 .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe[3836] C:\Windows\syswow64\KERNELBASE.dll!OpenMutexW 0000000075c1137f 5 bytes JMP 00000000761f3a29 .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe[3836] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000075c11d29 5 bytes JMP 00000000761f1981 .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe[3836] C:\Windows\syswow64\KERNELBASE.dll!GetProcAddress 0000000075c11e15 5 bytes JMP 00000000761f24c9 .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe[3836] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000075c12ab1 5 bytes JMP 00000000761f6321 .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe[3836] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExA 0000000075c12cd9 5 bytes JMP 00000000761f6289 .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe[3836] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000075c12d17 5 bytes JMP 00000000761f63b9 .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe[3836] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleA 0000000075c12e7a 5 bytes JMP 00000000761f18e9 .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe[3836] C:\Windows\syswow64\KERNELBASE.dll!SleepEx 0000000075c13b70 5 bytes JMP 00000000761f2269 .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe[3836] C:\Windows\syswow64\KERNELBASE.dll!Sleep 0000000075c14496 5 bytes JMP 00000000761f2431 .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe[3836] C:\Windows\syswow64\KERNELBASE.dll!CreateThread 0000000075c14608 5 bytes JMP 00000000761f3569 .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe[3836] C:\Windows\syswow64\KERNELBASE.dll!CreateRemoteThread 0000000075c14631 5 bytes JMP 00000000761f2c81 .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe[3836] C:\Windows\syswow64\KERNELBASE.dll!FindNextFileW 0000000075c1a211 5 bytes JMP 00000000761f7329 .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe[3836] C:\Windows\syswow64\KERNELBASE.dll!FindFirstFileExW 0000000075c1a4fa 5 bytes JMP 00000000761f7291 .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe[3836] C:\Windows\syswow64\KERNELBASE.dll!CreateFileA 0000000075c1c734 5 bytes JMP 00000000761f27c1 .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe[3836] C:\Windows\syswow64\KERNELBASE.dll!CreateWellKnownSid 0000000075c1e29d 5 bytes JMP 00000000761f7c11 .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe[3836] C:\Windows\syswow64\USER32.dll!GetMessageW 0000000076af78e2 5 bytes JMP 00000001761f4441 .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe[3836] C:\Windows\syswow64\USER32.dll!GetMessageA 0000000076af7bd3 5 bytes JMP 00000001761f43a9 .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe[3836] C:\Windows\syswow64\USER32.dll!CreateWindowExW 0000000076af8a29 5 bytes JMP 00000001761f5909 .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe[3836] C:\Windows\syswow64\USER32.dll!FindWindowW 0000000076af98fd 5 bytes JMP 00000001761f6581 .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe[3836] C:\Windows\syswow64\USER32.dll!UserClientDllInitialize 0000000076afb6ed 5 bytes JMP 00000001761f8331 .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe[3836] C:\Windows\syswow64\USER32.dll!CreateWindowExA 0000000076afd22e 5 bytes JMP 00000001761f59a1 .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe[3836] C:\Windows\syswow64\USER32.dll!SetWinEventHook 0000000076afee09 5 bytes JMP 00000001761f34d1 .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe[3836] C:\Windows\syswow64\USER32.dll!FindWindowA 0000000076afffe6 5 bytes JMP 00000001761f6451 .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe[3836] C:\Windows\syswow64\USER32.dll!FindWindowExA 0000000076b000d9 5 bytes JMP 00000001761f64e9 .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe[3836] C:\Windows\syswow64\USER32.dll!PeekMessageW 0000000076b005ba 5 bytes JMP 00000001761f4571 .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe[3836] C:\Windows\syswow64\USER32.dll!ShowWindow 0000000076b00dfb 5 bytes JMP 00000001761f5a39 .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe[3836] C:\Windows\syswow64\USER32.dll!PostMessageW 0000000076b012a5 5 bytes JMP 00000001761f7fa1 .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe[3836] C:\Windows\syswow64\USER32.dll!SetWindowTextW 0000000076b020ec 5 bytes JMP 00000001761f5dc9 .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe[3836] C:\Windows\syswow64\USER32.dll!PostMessageA 0000000076b03baa 5 bytes JMP 00000001761f7f09 .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe[3836] C:\Windows\syswow64\USER32.dll!PeekMessageA 0000000076b05f74 5 bytes JMP 00000001761f44d9 .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe[3836] C:\Windows\syswow64\USER32.dll!CallNextHookEx 0000000076b06285 5 bytes JMP 00000001761f4bf9 .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe[3836] C:\Windows\syswow64\USER32.dll!SetWindowsHookExW 0000000076b07603 5 bytes JMP 00000001761f2be9 .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe[3836] C:\Windows\syswow64\USER32.dll!SetWindowTextA 0000000076b07aee 5 bytes JMP 00000001761f5d31 .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe[3836] C:\Windows\syswow64\USER32.dll!SetWindowsHookExA 0000000076b0835c 5 bytes JMP 00000001761f2b51 .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe[3836] C:\Windows\syswow64\USER32.dll!DialogBoxIndirectParamAorW 0000000076b1ce54 5 bytes JMP 00000001761f5b69 .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe[3836] C:\Windows\syswow64\USER32.dll!UnhookWindowsHookEx 0000000076b1f52b 5 bytes JMP 00000001761f4c91 .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe[3836] C:\Windows\syswow64\USER32.dll!FindWindowExW 0000000076b1f588 5 bytes JMP 00000001761f6619 .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe[3836] C:\Windows\syswow64\USER32.dll!CreateDialogIndirectParamAorW 0000000076b210a0 5 bytes JMP 00000001761f5ad1 .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe[3836] C:\Windows\syswow64\USER32.dll!MessageBoxExA 0000000076b4fcd6 5 bytes JMP 00000001761f5c01 .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe[3836] C:\Windows\syswow64\USER32.dll!MessageBoxExW 0000000076b4fcfa 5 bytes JMP 00000001761f5c99 .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe[3836] C:\Windows\syswow64\msvcrt.dll!_lock + 41 000000007571a472 5 bytes JMP 00000000761f83c9 .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe[3836] C:\Windows\syswow64\msvcrt.dll!__p__fmode 00000000757227ce 5 bytes JMP 00000000761f1be1 .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe[3836] C:\Windows\syswow64\msvcrt.dll!__p__environ 000000007572e6cf 5 bytes JMP 00000000761f1b49 .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe[3836] C:\Windows\syswow64\ADVAPI32.dll!CryptGenKey 0000000075908e89 5 bytes JMP 00000000761f74f1 .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe[3836] C:\Windows\syswow64\ADVAPI32.dll!CryptAcquireContextA 0000000075909179 5 bytes JMP 00000000761f73c1 .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe[3836] C:\Windows\syswow64\ADVAPI32.dll!CryptExportKey 0000000075909186 5 bytes JMP 00000000761f79b1 .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe[3836] C:\Windows\syswow64\ADVAPI32.dll!CryptImportKey 000000007590c4d2 5 bytes JMP 00000000761f7b79 .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe[3836] C:\Windows\syswow64\ADVAPI32.dll!OpenServiceW 000000007590c9ec 5 bytes JMP 00000000761f3c89 .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe[3836] C:\Windows\syswow64\ADVAPI32.dll!CryptAcquireContextW 000000007590deb4 5 bytes JMP 00000000761f7459 .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe[3836] C:\Windows\syswow64\ADVAPI32.dll!CryptHashData 000000007590ded6 5 bytes JMP 00000000761f7ae1 .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe[3836] C:\Windows\syswow64\ADVAPI32.dll!CryptCreateHash 000000007590deee 5 bytes JMP 00000000761f7919 .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe[3836] C:\Windows\syswow64\ADVAPI32.dll!CryptGetHashParam 000000007590df1e 5 bytes JMP 00000000761f7a49 .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe[3836] C:\Windows\syswow64\ADVAPI32.dll!OpenServiceA 0000000075912b70 5 bytes JMP 00000000761f3bf1 .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe[3836] C:\Windows\syswow64\ADVAPI32.dll!CloseServiceHandle 000000007591361c 5 bytes JMP 00000000761f40b1 .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe[3836] C:\Windows\syswow64\ADVAPI32.dll!RegOpenKeyExA + 222 0000000075914965 5 bytes JMP 00000000761f8461 .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe[3836] C:\Windows\syswow64\ADVAPI32.dll!CreateServiceW 00000000759270c4 5 bytes JMP 00000000761f4311 .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe[3836] C:\Windows\syswow64\ADVAPI32.dll!ControlService 00000000759270dc 5 bytes JMP 00000000761f3e51 .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe[3836] C:\Windows\syswow64\ADVAPI32.dll!DeleteService 00000000759270f4 5 bytes JMP 00000000761f3ee9 .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe[3836] C:\Windows\syswow64\ADVAPI32.dll!CryptEncrypt 0000000075927733 5 bytes JMP 00000000761f7589 .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe[3836] C:\Windows\syswow64\ADVAPI32.dll!ChangeServiceConfigA 00000000759431f4 3 bytes JMP 00000000761f3f81 .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe[3836] C:\Windows\syswow64\ADVAPI32.dll!ChangeServiceConfigA + 4 00000000759431f8 1 byte [00] .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe[3836] C:\Windows\syswow64\ADVAPI32.dll!ChangeServiceConfigW 0000000075943204 3 bytes JMP 00000000761f4019 .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe[3836] C:\Windows\syswow64\ADVAPI32.dll!ChangeServiceConfigW + 4 0000000075943208 1 byte [00] .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe[3836] C:\Windows\syswow64\ADVAPI32.dll!ControlServiceExA 0000000075943214 3 bytes JMP 00000000761f3d21 .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe[3836] C:\Windows\syswow64\ADVAPI32.dll!ControlServiceExA + 4 0000000075943218 1 byte [00] .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe[3836] C:\Windows\syswow64\ADVAPI32.dll!ControlServiceExW 0000000075943224 3 bytes JMP 00000000761f3db9 .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe[3836] C:\Windows\syswow64\ADVAPI32.dll!ControlServiceExW + 4 0000000075943228 1 byte [00] .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe[3836] C:\Windows\syswow64\ADVAPI32.dll!CreateServiceA 0000000075943264 3 bytes JMP 00000000761f4279 .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe[3836] C:\Windows\syswow64\ADVAPI32.dll!CreateServiceA + 4 0000000075943268 1 byte [00] .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe[3836] C:\Windows\syswow64\WS2_32.dll!closesocket 0000000076c93918 5 bytes JMP 00000001761f60c1 .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe[3836] C:\Windows\syswow64\WS2_32.dll!WSASocketW 0000000076c93cd3 5 bytes JMP 00000001761f6029 .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe[3836] C:\Windows\syswow64\WS2_32.dll!socket 0000000076c93eb8 5 bytes JMP 00000001761f7621 .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe[3836] C:\Windows\syswow64\WS2_32.dll!WSASend 0000000076c94406 5 bytes JMP 00000001761f2139 .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe[3836] C:\Windows\syswow64\WS2_32.dll!GetAddrInfoW 0000000076c94889 5 bytes JMP 00000001761f5741 .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe[3836] C:\Windows\syswow64\WS2_32.dll!recv 0000000076c96b0e 5 bytes JMP 00000001761f77e9 .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe[3836] C:\Windows\syswow64\WS2_32.dll!connect 0000000076c96bdd 1 byte JMP 00000001761f41e1 .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe[3836] C:\Windows\syswow64\WS2_32.dll!connect + 2 0000000076c96bdf 3 bytes {CALL RBP} .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe[3836] C:\Windows\syswow64\WS2_32.dll!send 0000000076c96f01 5 bytes JMP 00000001761f20a1 .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe[3836] C:\Windows\syswow64\WS2_32.dll!WSARecv 0000000076c97089 5 bytes JMP 00000001761f7881 .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe[3836] C:\Windows\syswow64\WS2_32.dll!WSAConnect 0000000076c9cc3f 5 bytes JMP 00000001761f7751 .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe[3836] C:\Windows\syswow64\WS2_32.dll!GetAddrInfoExW 0000000076c9d1ea 5 bytes JMP 00000001761f57d9 .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe[3836] C:\Windows\syswow64\WS2_32.dll!gethostbyname 0000000076ca7673 5 bytes JMP 00000001761f5871 .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe[3836] C:\Windows\SysWOW64\urlmon.dll!CreateUri + 128 0000000077402b30 5 bytes JMP 00000001761f86c1 .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe[3836] C:\Windows\SysWOW64\urlmon.dll!URLDownloadToCacheFileW 000000007743f810 5 bytes JMP 00000001761f4149 .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe[3836] C:\Windows\SysWOW64\urlmon.dll!URLDownloadToFileW 000000007743ffd0 5 bytes JMP 00000001761f21d1 .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe[3836] C:\Windows\SysWOW64\urlmon.dll!URLDownloadToFileA 00000000774bef00 5 bytes JMP 00000001761f2ab9 .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe[3836] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000076d61401 2 bytes JMP 7784b1ef C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe[3836] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000076d61419 2 bytes JMP 7784b31a C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe[3836] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000076d61431 2 bytes JMP 778c8f09 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe[3836] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000076d6144a 2 bytes CALL 77824885 C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe[3836] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000076d614dd 2 bytes JMP 778c8802 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe[3836] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000076d614f5 2 bytes JMP 778c89d8 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe[3836] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000076d6150d 2 bytes JMP 778c86f8 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe[3836] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000076d61525 2 bytes JMP 778c8ac2 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe[3836] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000076d6153d 2 bytes JMP 7783fc78 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe[3836] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000076d61555 2 bytes JMP 778468bf C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe[3836] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000076d6156d 2 bytes JMP 778c8fc1 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe[3836] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000076d61585 2 bytes JMP 778c8b22 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe[3836] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000076d6159d 2 bytes JMP 778c86bc C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe[3836] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000076d615b5 2 bytes JMP 7783fd11 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe[3836] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000076d615cd 2 bytes JMP 7784b2b0 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe[3836] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000076d616b2 2 bytes JMP 778c8e84 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe[3836] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000076d616bd 2 bytes JMP 778c8651 C:\Windows\syswow64\kernel32.dll .text C:\Program Files\Windows Media Player\wmpnetwk.exe[3904] C:\Windows\system32\WS2_32.dll!WSASend + 1 000007feff1b13b1 11 bytes [B8, B9, AB, 3D, 76, 00, 00, ...] .text C:\Program Files\Windows Media Player\wmpnetwk.exe[3904] C:\Windows\system32\WS2_32.dll!closesocket 000007feff1b18e0 12 bytes [48, B8, F9, A9, 3D, 76, 00, ...] .text C:\Program Files\Windows Media Player\wmpnetwk.exe[3904] C:\Windows\system32\WS2_32.dll!WSASocketW + 1 000007feff1b1bd1 11 bytes [B8, 39, A8, 3D, 76, 00, 00, ...] .text C:\Program Files\Windows Media Player\wmpnetwk.exe[3904] C:\Windows\system32\WS2_32.dll!WSARecv + 1 000007feff1b2201 11 bytes [B8, 39, F5, 3D, 76, 00, 00, ...] .text C:\Program Files\Windows Media Player\wmpnetwk.exe[3904] C:\Windows\system32\WS2_32.dll!GetAddrInfoW 000007feff1b23c0 12 bytes [48, B8, 39, 8C, 3D, 76, 00, ...] .text C:\Program Files\Windows Media Player\wmpnetwk.exe[3904] C:\Windows\system32\WS2_32.dll!connect 000007feff1b45c0 12 bytes [48, B8, 79, 67, 3D, 76, 00, ...] .text C:\Program Files\Windows Media Player\wmpnetwk.exe[3904] C:\Windows\system32\WS2_32.dll!send + 1 000007feff1b8001 11 bytes [B8, 79, A6, 3D, 76, 00, 00, ...] .text C:\Program Files\Windows Media Player\wmpnetwk.exe[3904] C:\Windows\system32\WS2_32.dll!gethostbyname 000007feff1b8df0 7 bytes [48, B8, B9, 8F, 3D, 76, 00] .text C:\Program Files\Windows Media Player\wmpnetwk.exe[3904] C:\Windows\system32\WS2_32.dll!gethostbyname + 9 000007feff1b8df9 3 bytes [00, 50, C3] .text C:\Program Files\Windows Media Player\wmpnetwk.exe[3904] C:\Windows\system32\WS2_32.dll!GetAddrInfoExW 000007feff1bc090 12 bytes [48, B8, F9, 8D, 3D, 76, 00, ...] .text C:\Program Files\Windows Media Player\wmpnetwk.exe[3904] C:\Windows\system32\WS2_32.dll!socket + 1 000007feff1bde91 11 bytes [B8, 39, EE, 3D, 76, 00, 00, ...] .text C:\Program Files\Windows Media Player\wmpnetwk.exe[3904] C:\Windows\system32\WS2_32.dll!recv + 1 000007feff1bdf41 11 bytes [B8, 79, F3, 3D, 76, 00, 00, ...] .text C:\Program Files\Windows Media Player\wmpnetwk.exe[3904] C:\Windows\system32\WS2_32.dll!WSAConnect + 1 000007feff1de0f1 11 bytes [B8, B9, F1, 3D, 76, 00, 00, ...] .text C:\Windows\system32\wbem\wmiprvse.exe[6192] C:\Windows\SYSTEM32\ntdll.dll!RtlEqualSid + 1 0000000077b68611 11 bytes [B8, 39, 03, 3E, 76, 00, 00, ...] .text C:\Windows\system32\wbem\wmiprvse.exe[6192] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateProcessParametersEx + 1 0000000077b76741 7 bytes [B8, 39, 69, 3D, 76, 00, 00] .text C:\Windows\system32\wbem\wmiprvse.exe[6192] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateProcessParametersEx + 10 0000000077b7674a 2 bytes [50, C3] .text C:\Windows\system32\wbem\wmiprvse.exe[6192] C:\Windows\SYSTEM32\ntdll.dll!NtWriteFile 0000000077b8dc50 6 bytes [48, B8, 39, 11, 3E, 76] .text C:\Windows\system32\wbem\wmiprvse.exe[6192] C:\Windows\SYSTEM32\ntdll.dll!NtWriteFile + 8 0000000077b8dc58 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\wbem\wmiprvse.exe[6192] C:\Windows\SYSTEM32\ntdll.dll!NtClose 0000000077b8dcc0 6 bytes [48, B8, 79, C2, 3D, 76] .text C:\Windows\system32\wbem\wmiprvse.exe[6192] C:\Windows\SYSTEM32\ntdll.dll!NtClose + 8 0000000077b8dcc8 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\wbem\wmiprvse.exe[6192] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess 0000000077b8dd90 6 bytes [48, B8, 39, AF, 3D, 76] .text C:\Windows\system32\wbem\wmiprvse.exe[6192] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess + 8 0000000077b8dd98 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\wbem\wmiprvse.exe[6192] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationToken 0000000077b8dde0 6 bytes [48, B8, 79, 01, 3E, 76] .text C:\Windows\system32\wbem\wmiprvse.exe[6192] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationToken + 8 0000000077b8dde8 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\wbem\wmiprvse.exe[6192] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077b8de30 6 bytes [48, B8, F9, 32, 3D, 76] .text C:\Windows\system32\wbem\wmiprvse.exe[6192] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess + 8 0000000077b8de38 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\wbem\wmiprvse.exe[6192] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 0000000077b8de50 6 bytes [48, B8, 39, 1C, 3D, 76] .text C:\Windows\system32\wbem\wmiprvse.exe[6192] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection + 8 0000000077b8de58 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\wbem\wmiprvse.exe[6192] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection 0000000077b8de70 6 bytes [48, B8, F9, 1D, 3D, 76] .text C:\Windows\system32\wbem\wmiprvse.exe[6192] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection + 8 0000000077b8de78 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\wbem\wmiprvse.exe[6192] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077b8de90 6 bytes [48, B8, 79, AD, 3D, 76] .text C:\Windows\system32\wbem\wmiprvse.exe[6192] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess + 8 0000000077b8de98 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\wbem\wmiprvse.exe[6192] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077b8df40 6 bytes [48, B8, 79, 0F, 3E, 76] .text C:\Windows\system32\wbem\wmiprvse.exe[6192] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection + 8 0000000077b8df48 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\wbem\wmiprvse.exe[6192] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077b8df70 6 bytes [48, B8, 79, 2F, 3D, 76] .text C:\Windows\system32\wbem\wmiprvse.exe[6192] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory + 8 0000000077b8df78 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\wbem\wmiprvse.exe[6192] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077b8df90 6 bytes [48, B8, 79, 36, 3D, 76] .text C:\Windows\system32\wbem\wmiprvse.exe[6192] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject + 8 0000000077b8df98 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\wbem\wmiprvse.exe[6192] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 0000000077b8e020 6 bytes [48, B8, B9, 34, 3D, 76] .text C:\Windows\system32\wbem\wmiprvse.exe[6192] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread + 8 0000000077b8e028 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\wbem\wmiprvse.exe[6192] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077b8e070 6 bytes [48, B8, F9, 12, 3E, 76] .text C:\Windows\system32\wbem\wmiprvse.exe[6192] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection + 8 0000000077b8e078 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\wbem\wmiprvse.exe[6192] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcessEx 0000000077b8e0a0 6 bytes [48, B8, 39, 2A, 3D, 76] .text C:\Windows\system32\wbem\wmiprvse.exe[6192] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcessEx + 8 0000000077b8e0a8 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\wbem\wmiprvse.exe[6192] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077b8e0b0 6 bytes [48, B8, B9, 26, 3D, 76] .text C:\Windows\system32\wbem\wmiprvse.exe[6192] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread + 8 0000000077b8e0b8 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\wbem\wmiprvse.exe[6192] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 0000000077b8e120 6 bytes [48, B8, 79, DE, 3D, 76] .text C:\Windows\system32\wbem\wmiprvse.exe[6192] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile + 8 0000000077b8e128 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\wbem\wmiprvse.exe[6192] C:\Windows\SYSTEM32\ntdll.dll!NtSetValueKey 0000000077b8e1d0 6 bytes [48, B8, 79, 16, 3E, 76] .text C:\Windows\system32\wbem\wmiprvse.exe[6192] C:\Windows\SYSTEM32\ntdll.dll!NtSetValueKey + 8 0000000077b8e1d8 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\wbem\wmiprvse.exe[6192] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077b8e5a0 6 bytes [48, B8, B9, 0D, 3E, 76] .text C:\Windows\system32\wbem\wmiprvse.exe[6192] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant + 8 0000000077b8e5a8 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\wbem\wmiprvse.exe[6192] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcess 0000000077b8e5f0 6 bytes [48, B8, 79, 28, 3D, 76] .text C:\Windows\system32\wbem\wmiprvse.exe[6192] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcess + 8 0000000077b8e5f8 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\wbem\wmiprvse.exe[6192] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077b8e650 6 bytes [48, B8, F9, 24, 3D, 76] .text C:\Windows\system32\wbem\wmiprvse.exe[6192] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx + 8 0000000077b8e658 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\wbem\wmiprvse.exe[6192] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077b8e9c0 6 bytes [48, B8, 39, C4, 3D, 76] .text C:\Windows\system32\wbem\wmiprvse.exe[6192] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver + 8 0000000077b8e9c8 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\wbem\wmiprvse.exe[6192] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcessToken 0000000077b8eb90 6 bytes [48, B8, B9, FF, 3D, 76] .text C:\Windows\system32\wbem\wmiprvse.exe[6192] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcessToken + 8 0000000077b8eb98 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\wbem\wmiprvse.exe[6192] C:\Windows\SYSTEM32\ntdll.dll!NtRaiseHardError 0000000077b8ef00 6 bytes [48, B8, 79, 83, 3D, 76] .text C:\Windows\system32\wbem\wmiprvse.exe[6192] C:\Windows\SYSTEM32\ntdll.dll!NtRaiseHardError + 8 0000000077b8ef08 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\wbem\wmiprvse.exe[6192] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077b8f100 6 bytes [48, B8, 39, 31, 3D, 76] .text C:\Windows\system32\wbem\wmiprvse.exe[6192] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread + 8 0000000077b8f108 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\wbem\wmiprvse.exe[6192] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077b8f2c0 6 bytes [48, B8, F9, C5, 3D, 76] .text C:\Windows\system32\wbem\wmiprvse.exe[6192] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation + 8 0000000077b8f2c8 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\wbem\wmiprvse.exe[6192] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077b8f3a0 6 bytes [48, B8, 79, 3D, 3D, 76] .text C:\Windows\system32\wbem\wmiprvse.exe[6192] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess + 8 0000000077b8f3a8 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\wbem\wmiprvse.exe[6192] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077b8f3b0 6 bytes [48, B8, B9, 3B, 3D, 76] .text C:\Windows\system32\wbem\wmiprvse.exe[6192] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread + 8 0000000077b8f3b8 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\wbem\wmiprvse.exe[6192] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077b8f3c0 6 bytes [48, B8, B9, 14, 3E, 76] .text C:\Windows\system32\wbem\wmiprvse.exe[6192] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl + 8 0000000077b8f3c8 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\wbem\wmiprvse.exe[6192] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077b8f4a0 6 bytes [48, B8, 79, 08, 3E, 76] .text C:\Windows\system32\wbem\wmiprvse.exe[6192] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl + 8 0000000077b8f4a8 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\wbem\wmiprvse.exe[6192] C:\Windows\SYSTEM32\ntdll.dll!RtlReportException + 1 0000000077bfea21 11 bytes [B8, 39, 85, 3D, 76, 00, 00, ...] .text C:\Windows\system32\wbem\wmiprvse.exe[6192] C:\Windows\system32\kernel32.dll!Process32NextW + 1 0000000077a21b21 11 bytes [B8, B9, C0, 3D, 76, 00, 00, ...] .text C:\Windows\system32\wbem\wmiprvse.exe[6192] C:\Windows\system32\kernel32.dll!CreateToolhelp32Snapshot 0000000077a21c10 12 bytes [48, B8, F9, 39, 3D, 76, 00, ...] .text C:\Windows\system32\wbem\wmiprvse.exe[6192] C:\Windows\system32\kernel32.dll!MoveFileExW + 1 0000000077a22b61 8 bytes [B8, B9, D5, 3D, 76, 00, 00, ...] .text C:\Windows\system32\wbem\wmiprvse.exe[6192] C:\Windows\system32\kernel32.dll!MoveFileExW + 10 0000000077a22b6a 2 bytes [50, C3] .text C:\Windows\system32\wbem\wmiprvse.exe[6192] C:\Windows\system32\kernel32.dll!CreateProcessInternalW 0000000077a3dbc0 12 bytes [48, B8, B9, 2D, 3D, 76, 00, ...] .text C:\Windows\system32\wbem\wmiprvse.exe[6192] C:\Windows\system32\kernel32.dll!GetStartupInfoA + 1 0000000077a40941 11 bytes [B8, B9, 06, 3E, 76, 00, 00, ...] .text C:\Windows\system32\wbem\wmiprvse.exe[6192] C:\Windows\system32\kernel32.dll!ReadConsoleInputW + 1 0000000077a75331 11 bytes [B8, B9, 7A, 3D, 76, 00, 00, ...] .text C:\Windows\system32\wbem\wmiprvse.exe[6192] C:\Windows\system32\kernel32.dll!ReadConsoleInputA + 1 0000000077a75351 11 bytes [B8, 39, 77, 3D, 76, 00, 00, ...] .text C:\Windows\system32\wbem\wmiprvse.exe[6192] C:\Windows\system32\kernel32.dll!ReadConsoleW 0000000077a8a660 12 bytes [48, B8, B9, 81, 3D, 76, 00, ...] .text C:\Windows\system32\wbem\wmiprvse.exe[6192] C:\Windows\system32\kernel32.dll!ReadConsoleA 0000000077a8a770 12 bytes [48, B8, 39, 7E, 3D, 76, 00, ...] .text C:\Windows\system32\wbem\wmiprvse.exe[6192] C:\Windows\system32\kernel32.dll!MoveFileWithProgressW + 1 0000000077aaf511 11 bytes [B8, B9, DC, 3D, 76, 00, 00, ...] .text C:\Windows\system32\wbem\wmiprvse.exe[6192] C:\Windows\system32\kernel32.dll!MoveFileWithProgressA + 1 0000000077aaf711 11 bytes [B8, 39, D9, 3D, 76, 00, 00, ...] .text C:\Windows\system32\wbem\wmiprvse.exe[6192] C:\Windows\system32\kernel32.dll!MoveFileExA + 1 0000000077aaf741 8 bytes [B8, 39, D2, 3D, 76, 00, 00, ...] .text C:\Windows\system32\wbem\wmiprvse.exe[6192] C:\Windows\system32\kernel32.dll!MoveFileExA + 10 0000000077aaf74a 2 bytes [50, C3] .text C:\Windows\system32\wbem\wmiprvse.exe[6192] C:\Windows\system32\KERNELBASE.dll!CloseHandle + 1 000007fefdc51861 11 bytes [B8, 79, 52, 3D, 76, 00, 00, ...] .text C:\Windows\system32\wbem\wmiprvse.exe[6192] C:\Windows\system32\KERNELBASE.dll!GetProcAddress + 1 000007fefdc530f1 11 bytes [B8, 39, B6, 3D, 76, 00, 00, ...] .text C:\Windows\system32\wbem\wmiprvse.exe[6192] C:\Windows\system32\KERNELBASE.dll!FindFirstFileExW 000007fefdc55200 12 bytes [48, B8, F9, E1, 3D, 76, 00, ...] .text C:\Windows\system32\wbem\wmiprvse.exe[6192] C:\Windows\system32\KERNELBASE.dll!FindNextFileW + 1 000007fefdc55b91 11 bytes [B8, B9, E3, 3D, 76, 00, 00, ...] .text C:\Windows\system32\wbem\wmiprvse.exe[6192] C:\Windows\system32\KERNELBASE.dll!CreateMutexW 000007fefdc58c00 12 bytes [48, B8, B9, 50, 3D, 76, 00, ...] .text C:\Windows\system32\wbem\wmiprvse.exe[6192] C:\Windows\system32\KERNELBASE.dll!CreateWellKnownSid + 1 000007fefdc59531 11 bytes [B8, F9, FD, 3D, 76, 00, 00, ...] .text C:\Windows\system32\wbem\wmiprvse.exe[6192] C:\Windows\system32\KERNELBASE.dll!DeviceIoControl + 1 000007fefdc59e71 11 bytes [B8, 39, E0, 3D, 76, 00, 00, ...] .text C:\Windows\system32\wbem\wmiprvse.exe[6192] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExA + 1 000007fefdc5b591 11 bytes [B8, F9, B0, 3D, 76, 00, 00, ...] .text C:\Windows\system32\wbem\wmiprvse.exe[6192] C:\Windows\system32\KERNELBASE.dll!OpenMutexW + 1 000007fefdc62361 11 bytes [B8, F9, 4E, 3D, 76, 00, 00, ...] .text C:\Windows\system32\wbem\wmiprvse.exe[6192] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefdc6a590 12 bytes [48, B8, B9, B2, 3D, 76, 00, ...] .text C:\Windows\system32\wbem\wmiprvse.exe[6192] C:\Windows\system32\KERNELBASE.dll!FreeLibrary + 1 000007fefdc6ac01 11 bytes [B8, 79, B4, 3D, 76, 00, 00, ...] .text C:\Windows\system32\wbem\wmiprvse.exe[6192] C:\Windows\system32\KERNELBASE.dll!WriteProcessMemory 000007fefdc842e0 12 bytes [48, B8, B9, 42, 3D, 76, 00, ...] .text C:\Windows\system32\wbem\wmiprvse.exe[6192] C:\Windows\system32\KERNELBASE.dll!DefineDosDeviceW + 1 000007fefdc90ba1 11 bytes [B8, B9, CE, 3D, 76, 00, 00, ...] .text C:\Windows\system32\wbem\wmiprvse.exe[6192] C:\Windows\system32\KERNELBASE.dll!CreateRemoteThread + 1 000007fefdc92801 8 bytes [B8, 39, 23, 3D, 76, 00, 00, ...] .text C:\Windows\system32\wbem\wmiprvse.exe[6192] C:\Windows\system32\KERNELBASE.dll!CreateRemoteThread + 10 000007fefdc9280a 2 bytes [50, C3] .text C:\Windows\system32\wbem\wmiprvse.exe[6192] C:\Windows\system32\KERNELBASE.dll!CreateThread + 1 000007fefdc92841 11 bytes [B8, F9, 40, 3D, 76, 00, 00, ...] .text C:\Windows\system32\wbem\wmiprvse.exe[6192] C:\Windows\system32\ADVAPI32.dll!CryptExportKey + 1 000007fefdcfaeb1 11 bytes [B8, F9, F6, 3D, 76, 00, 00, ...] .text C:\Windows\system32\wbem\wmiprvse.exe[6192] C:\Windows\system32\ADVAPI32.dll!CryptAcquireContextA + 1 000007fefdcfaf11 11 bytes [B8, 79, E5, 3D, 76, 00, 00, ...] .text C:\Windows\system32\wbem\wmiprvse.exe[6192] C:\Windows\system32\ADVAPI32.dll!CryptImportKey + 1 000007fefdcfe719 11 bytes [B8, 39, FC, 3D, 76, 00, 00, ...] .text C:\Windows\system32\wbem\wmiprvse.exe[6192] C:\Windows\system32\ADVAPI32.dll!CryptAcquireContextW + 1 000007fefdd0051d 11 bytes [B8, 39, E7, 3D, 76, 00, 00, ...] .text C:\Windows\system32\wbem\wmiprvse.exe[6192] C:\Windows\system32\ADVAPI32.dll!CryptCreateHash + 1 000007fefdd00609 11 bytes [B8, 39, F5, 3D, 76, 00, 00, ...] .text C:\Windows\system32\wbem\wmiprvse.exe[6192] C:\Windows\system32\ADVAPI32.dll!CryptGetHashParam + 1 000007fefdd00641 11 bytes [B8, B9, F8, 3D, 76, 00, 00, ...] .text C:\Windows\system32\wbem\wmiprvse.exe[6192] C:\Windows\system32\ADVAPI32.dll!CryptGetHashParam + 73 000007fefdd00689 5 bytes [B8, 79, FA, 3D, 76] .text ... * 2 .text C:\Windows\system32\wbem\wmiprvse.exe[6192] C:\Windows\system32\ADVAPI32.dll!IsTextUnicode + 49 000007fefdd14ea1 11 bytes [B8, 39, 18, 3E, 76, 00, 00, ...] .text C:\Windows\system32\wbem\wmiprvse.exe[6192] C:\Windows\system32\ADVAPI32.dll!CreateServiceW 000007fefdd155c8 12 bytes [48, B8, B9, 6C, 3D, 76, 00, ...] .text C:\Windows\system32\wbem\wmiprvse.exe[6192] C:\Windows\system32\ADVAPI32.dll!CryptEncrypt + 1 000007fefdd2b7d1 7 bytes [B8, B9, EA, 3D, 76, 00, 00] .text C:\Windows\system32\wbem\wmiprvse.exe[6192] C:\Windows\system32\ADVAPI32.dll!CryptEncrypt + 10 000007fefdd2b7da 2 bytes [50, C3] .text C:\Windows\system32\wbem\wmiprvse.exe[6192] C:\Windows\system32\ADVAPI32.dll!CreateServiceA 000007fefdd2b85c 12 bytes [48, B8, F9, 6A, 3D, 76, 00, ...] .text C:\Windows\system32\wbem\wmiprvse.exe[6192] C:\Windows\system32\ADVAPI32.dll!ChangeServiceConfigW 000007fefdd2b9d0 12 bytes [48, B8, 79, 60, 3D, 76, 00, ...] .text C:\Windows\system32\wbem\wmiprvse.exe[6192] C:\Windows\system32\ADVAPI32.dll!ChangeServiceConfigA 000007fefdd2ba3c 12 bytes [48, B8, B9, 5E, 3D, 76, 00, ...] .text C:\Windows\system32\wbem\wmiprvse.exe[6192] C:\Windows\SYSTEM32\sechost.dll!ControlService + 1 000007feff6f642d 11 bytes [B8, 39, 5B, 3D, 76, 00, 00, ...] .text C:\Windows\system32\wbem\wmiprvse.exe[6192] C:\Windows\SYSTEM32\sechost.dll!OpenServiceW 000007feff6f6484 12 bytes [48, B8, F9, 55, 3D, 76, 00, ...] .text C:\Windows\system32\wbem\wmiprvse.exe[6192] C:\Windows\SYSTEM32\sechost.dll!CloseServiceHandle + 1 000007feff6f6519 11 bytes [B8, 39, 62, 3D, 76, 00, 00, ...] .text C:\Windows\system32\wbem\wmiprvse.exe[6192] C:\Windows\SYSTEM32\sechost.dll!OpenServiceA 000007feff6f6c34 12 bytes [48, B8, 39, 54, 3D, 76, 00, ...] .text C:\Windows\system32\wbem\wmiprvse.exe[6192] C:\Windows\SYSTEM32\sechost.dll!DeleteService + 1 000007feff6f7ab5 11 bytes [B8, F9, 5C, 3D, 76, 00, 00, ...] .text C:\Windows\system32\wbem\wmiprvse.exe[6192] C:\Windows\SYSTEM32\sechost.dll!ControlServiceExA + 1 000007feff6f8b01 11 bytes [B8, B9, 57, 3D, 76, 00, 00, ...] .text C:\Windows\system32\wbem\wmiprvse.exe[6192] C:\Windows\SYSTEM32\sechost.dll!ControlServiceExW + 1 000007feff6f8c39 11 bytes [B8, 79, 59, 3D, 76, 00, 00, ...] .text C:\Windows\system32\wbem\wmiprvse.exe[6192] C:\Windows\system32\WS2_32.dll!WSASend + 1 000007feff1b13b1 11 bytes [B8, B9, AB, 3D, 76, 00, 00, ...] .text C:\Windows\system32\wbem\wmiprvse.exe[6192] C:\Windows\system32\WS2_32.dll!closesocket 000007feff1b18e0 12 bytes [48, B8, F9, A9, 3D, 76, 00, ...] .text C:\Windows\system32\wbem\wmiprvse.exe[6192] C:\Windows\system32\WS2_32.dll!WSASocketW + 1 000007feff1b1bd1 11 bytes [B8, 39, A8, 3D, 76, 00, 00, ...] .text C:\Windows\system32\wbem\wmiprvse.exe[6192] C:\Windows\system32\WS2_32.dll!WSARecv + 1 000007feff1b2201 11 bytes [B8, 79, F3, 3D, 76, 00, 00, ...] .text C:\Windows\system32\wbem\wmiprvse.exe[6192] C:\Windows\system32\WS2_32.dll!GetAddrInfoW 000007feff1b23c0 12 bytes [48, B8, 39, 8C, 3D, 76, 00, ...] .text C:\Windows\system32\wbem\wmiprvse.exe[6192] C:\Windows\system32\WS2_32.dll!connect 000007feff1b45c0 12 bytes [48, B8, 79, 67, 3D, 76, 00, ...] .text C:\Windows\system32\wbem\wmiprvse.exe[6192] C:\Windows\system32\WS2_32.dll!send + 1 000007feff1b8001 11 bytes [B8, 79, A6, 3D, 76, 00, 00, ...] .text C:\Windows\system32\wbem\wmiprvse.exe[6192] C:\Windows\system32\WS2_32.dll!gethostbyname 000007feff1b8df0 7 bytes [48, B8, B9, 8F, 3D, 76, 00] .text C:\Windows\system32\wbem\wmiprvse.exe[6192] C:\Windows\system32\WS2_32.dll!gethostbyname + 9 000007feff1b8df9 3 bytes [00, 50, C3] .text C:\Windows\system32\wbem\wmiprvse.exe[6192] C:\Windows\system32\WS2_32.dll!GetAddrInfoExW 000007feff1bc090 12 bytes [48, B8, F9, 8D, 3D, 76, 00, ...] .text C:\Windows\system32\wbem\wmiprvse.exe[6192] C:\Windows\system32\WS2_32.dll!socket + 1 000007feff1bde91 11 bytes [B8, 79, EC, 3D, 76, 00, 00, ...] .text C:\Windows\system32\wbem\wmiprvse.exe[6192] C:\Windows\system32\WS2_32.dll!recv + 1 000007feff1bdf41 11 bytes [B8, B9, F1, 3D, 76, 00, 00, ...] .text C:\Windows\system32\wbem\wmiprvse.exe[6192] C:\Windows\system32\WS2_32.dll!WSAConnect + 1 000007feff1de0f1 11 bytes [B8, F9, EF, 3D, 76, 00, 00, ...] .text C:\Windows\system32\wbem\unsecapp.exe[6488] C:\Windows\system32\kernel32.dll!Process32NextW + 1 0000000077a21b21 11 bytes [B8, B9, C0, 3D, 76, 00, 00, ...] .text C:\Windows\system32\wbem\unsecapp.exe[6488] C:\Windows\system32\kernel32.dll!CreateToolhelp32Snapshot 0000000077a21c10 12 bytes [48, B8, F9, 39, 3D, 76, 00, ...] .text C:\Windows\system32\wbem\unsecapp.exe[6488] C:\Windows\system32\kernel32.dll!MoveFileExW + 1 0000000077a22b61 8 bytes [B8, B9, D5, 3D, 76, 00, 00, ...] .text C:\Windows\system32\wbem\unsecapp.exe[6488] C:\Windows\system32\kernel32.dll!MoveFileExW + 10 0000000077a22b6a 2 bytes [50, C3] .text C:\Windows\system32\wbem\unsecapp.exe[6488] C:\Windows\system32\kernel32.dll!CreateProcessInternalW 0000000077a3dbc0 12 bytes [48, B8, B9, 2D, 3D, 76, 00, ...] .text C:\Windows\system32\wbem\unsecapp.exe[6488] C:\Windows\system32\kernel32.dll!GetStartupInfoA + 1 0000000077a40941 11 bytes [B8, 79, 08, 3E, 76, 00, 00, ...] .text C:\Windows\system32\wbem\unsecapp.exe[6488] C:\Windows\system32\kernel32.dll!ReadConsoleInputW + 1 0000000077a75331 11 bytes [B8, B9, 7A, 3D, 76, 00, 00, ...] .text C:\Windows\system32\wbem\unsecapp.exe[6488] C:\Windows\system32\kernel32.dll!ReadConsoleInputA + 1 0000000077a75351 11 bytes [B8, 39, 77, 3D, 76, 00, 00, ...] .text C:\Windows\system32\wbem\unsecapp.exe[6488] C:\Windows\system32\kernel32.dll!ReadConsoleW 0000000077a8a660 12 bytes [48, B8, B9, 81, 3D, 76, 00, ...] .text C:\Windows\system32\wbem\unsecapp.exe[6488] C:\Windows\system32\kernel32.dll!ReadConsoleA 0000000077a8a770 12 bytes [48, B8, 39, 7E, 3D, 76, 00, ...] .text C:\Windows\system32\wbem\unsecapp.exe[6488] C:\Windows\system32\kernel32.dll!MoveFileWithProgressW + 1 0000000077aaf511 11 bytes [B8, B9, DC, 3D, 76, 00, 00, ...] .text C:\Windows\system32\wbem\unsecapp.exe[6488] C:\Windows\system32\kernel32.dll!MoveFileWithProgressA + 1 0000000077aaf711 11 bytes [B8, 39, D9, 3D, 76, 00, 00, ...] .text C:\Windows\system32\wbem\unsecapp.exe[6488] C:\Windows\system32\kernel32.dll!MoveFileExA + 1 0000000077aaf741 8 bytes [B8, 39, D2, 3D, 76, 00, 00, ...] .text C:\Windows\system32\wbem\unsecapp.exe[6488] C:\Windows\system32\kernel32.dll!MoveFileExA + 10 0000000077aaf74a 2 bytes [50, C3] .text C:\Windows\system32\wbem\unsecapp.exe[6488] C:\Windows\system32\KERNELBASE.dll!CloseHandle + 1 000007fefdc51861 11 bytes [B8, 79, 52, 3D, 76, 00, 00, ...] .text C:\Windows\system32\wbem\unsecapp.exe[6488] C:\Windows\system32\KERNELBASE.dll!GetProcAddress + 1 000007fefdc530f1 11 bytes [B8, 39, B6, 3D, 76, 00, 00, ...] .text C:\Windows\system32\wbem\unsecapp.exe[6488] C:\Windows\system32\KERNELBASE.dll!FindFirstFileExW 000007fefdc55200 12 bytes [48, B8, B9, E3, 3D, 76, 00, ...] .text C:\Windows\system32\wbem\unsecapp.exe[6488] C:\Windows\system32\KERNELBASE.dll!FindNextFileW + 1 000007fefdc55b91 11 bytes [B8, 79, E5, 3D, 76, 00, 00, ...] .text C:\Windows\system32\wbem\unsecapp.exe[6488] C:\Windows\system32\KERNELBASE.dll!CreateMutexW 000007fefdc58c00 12 bytes [48, B8, B9, 50, 3D, 76, 00, ...] .text C:\Windows\system32\wbem\unsecapp.exe[6488] C:\Windows\system32\KERNELBASE.dll!CreateWellKnownSid + 1 000007fefdc59531 11 bytes [B8, B9, FF, 3D, 76, 00, 00, ...] .text C:\Windows\system32\wbem\unsecapp.exe[6488] C:\Windows\system32\KERNELBASE.dll!DeviceIoControl + 1 000007fefdc59e71 11 bytes [B8, F9, E1, 3D, 76, 00, 00, ...] .text C:\Windows\system32\wbem\unsecapp.exe[6488] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExA + 1 000007fefdc5b591 11 bytes [B8, F9, B0, 3D, 76, 00, 00, ...] .text C:\Windows\system32\wbem\unsecapp.exe[6488] C:\Windows\system32\KERNELBASE.dll!OpenMutexW + 1 000007fefdc62361 11 bytes [B8, F9, 4E, 3D, 76, 00, 00, ...] .text C:\Windows\system32\wbem\unsecapp.exe[6488] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefdc6a590 12 bytes [48, B8, B9, B2, 3D, 76, 00, ...] .text C:\Windows\system32\wbem\unsecapp.exe[6488] C:\Windows\system32\KERNELBASE.dll!FreeLibrary + 1 000007fefdc6ac01 11 bytes [B8, 79, B4, 3D, 76, 00, 00, ...] .text C:\Windows\system32\wbem\unsecapp.exe[6488] C:\Windows\system32\KERNELBASE.dll!WriteProcessMemory 000007fefdc842e0 12 bytes [48, B8, B9, 42, 3D, 76, 00, ...] .text C:\Windows\system32\wbem\unsecapp.exe[6488] C:\Windows\system32\KERNELBASE.dll!DefineDosDeviceW + 1 000007fefdc90ba1 11 bytes [B8, B9, CE, 3D, 76, 00, 00, ...] .text C:\Windows\system32\wbem\unsecapp.exe[6488] C:\Windows\system32\KERNELBASE.dll!CreateRemoteThread + 1 000007fefdc92801 8 bytes [B8, 39, 23, 3D, 76, 00, 00, ...] .text C:\Windows\system32\wbem\unsecapp.exe[6488] C:\Windows\system32\KERNELBASE.dll!CreateRemoteThread + 10 000007fefdc9280a 2 bytes [50, C3] .text C:\Windows\system32\wbem\unsecapp.exe[6488] C:\Windows\system32\KERNELBASE.dll!CreateThread + 1 000007fefdc92841 11 bytes [B8, F9, 40, 3D, 76, 00, 00, ...] .text C:\Windows\system32\wbem\unsecapp.exe[6488] C:\Windows\system32\WS2_32.dll!WSASend + 1 000007feff1b13b1 11 bytes [B8, B9, AB, 3D, 76, 00, 00, ...] .text C:\Windows\system32\wbem\unsecapp.exe[6488] C:\Windows\system32\WS2_32.dll!closesocket 000007feff1b18e0 12 bytes [48, B8, F9, A9, 3D, 76, 00, ...] .text C:\Windows\system32\wbem\unsecapp.exe[6488] C:\Windows\system32\WS2_32.dll!WSASocketW + 1 000007feff1b1bd1 11 bytes [B8, 39, A8, 3D, 76, 00, 00, ...] .text C:\Windows\system32\wbem\unsecapp.exe[6488] C:\Windows\system32\WS2_32.dll!WSARecv + 1 000007feff1b2201 11 bytes [B8, 39, F5, 3D, 76, 00, 00, ...] .text C:\Windows\system32\wbem\unsecapp.exe[6488] C:\Windows\system32\WS2_32.dll!GetAddrInfoW 000007feff1b23c0 12 bytes [48, B8, 39, 8C, 3D, 76, 00, ...] .text C:\Windows\system32\wbem\unsecapp.exe[6488] C:\Windows\system32\WS2_32.dll!connect 000007feff1b45c0 12 bytes [48, B8, 79, 67, 3D, 76, 00, ...] .text C:\Windows\system32\wbem\unsecapp.exe[6488] C:\Windows\system32\WS2_32.dll!send + 1 000007feff1b8001 11 bytes [B8, 79, A6, 3D, 76, 00, 00, ...] .text C:\Windows\system32\wbem\unsecapp.exe[6488] C:\Windows\system32\WS2_32.dll!gethostbyname 000007feff1b8df0 7 bytes [48, B8, B9, 8F, 3D, 76, 00] .text C:\Windows\system32\wbem\unsecapp.exe[6488] C:\Windows\system32\WS2_32.dll!gethostbyname + 9 000007feff1b8df9 3 bytes [00, 50, C3] .text C:\Windows\system32\wbem\unsecapp.exe[6488] C:\Windows\system32\WS2_32.dll!GetAddrInfoExW 000007feff1bc090 12 bytes [48, B8, F9, 8D, 3D, 76, 00, ...] .text C:\Windows\system32\wbem\unsecapp.exe[6488] C:\Windows\system32\WS2_32.dll!socket + 1 000007feff1bde91 11 bytes [B8, 39, EE, 3D, 76, 00, 00, ...] .text C:\Windows\system32\wbem\unsecapp.exe[6488] C:\Windows\system32\WS2_32.dll!recv + 1 000007feff1bdf41 11 bytes [B8, 79, F3, 3D, 76, 00, 00, ...] .text C:\Windows\system32\wbem\unsecapp.exe[6488] C:\Windows\system32\WS2_32.dll!WSAConnect + 1 000007feff1de0f1 11 bytes [B8, B9, F1, 3D, 76, 00, 00, ...] .text C:\Windows\system32\wbem\unsecapp.exe[6488] C:\Windows\SYSTEM32\sechost.dll!ControlService + 1 000007feff6f642d 11 bytes [B8, 39, 5B, 3D, 76, 00, 00, ...] .text C:\Windows\system32\wbem\unsecapp.exe[6488] C:\Windows\SYSTEM32\sechost.dll!OpenServiceW 000007feff6f6484 12 bytes [48, B8, F9, 55, 3D, 76, 00, ...] .text C:\Windows\system32\wbem\unsecapp.exe[6488] C:\Windows\SYSTEM32\sechost.dll!CloseServiceHandle + 1 000007feff6f6519 11 bytes [B8, 39, 62, 3D, 76, 00, 00, ...] .text C:\Windows\system32\wbem\unsecapp.exe[6488] C:\Windows\SYSTEM32\sechost.dll!OpenServiceA 000007feff6f6c34 12 bytes [48, B8, 39, 54, 3D, 76, 00, ...] .text C:\Windows\system32\wbem\unsecapp.exe[6488] C:\Windows\SYSTEM32\sechost.dll!DeleteService + 1 000007feff6f7ab5 11 bytes [B8, F9, 5C, 3D, 76, 00, 00, ...] .text C:\Windows\system32\wbem\unsecapp.exe[6488] C:\Windows\SYSTEM32\sechost.dll!ControlServiceExA + 1 000007feff6f8b01 11 bytes [B8, B9, 57, 3D, 76, 00, 00, ...] .text C:\Windows\system32\wbem\unsecapp.exe[6488] C:\Windows\SYSTEM32\sechost.dll!ControlServiceExW + 1 000007feff6f8c39 11 bytes [B8, 79, 59, 3D, 76, 00, 00, ...] .text C:\Windows\system32\wbem\unsecapp.exe[6488] C:\Windows\system32\ADVAPI32.dll!CryptExportKey + 1 000007fefdcfaeb1 11 bytes [B8, B9, F8, 3D, 76, 00, 00, ...] .text C:\Windows\system32\wbem\unsecapp.exe[6488] C:\Windows\system32\ADVAPI32.dll!CryptAcquireContextA + 1 000007fefdcfaf11 11 bytes [B8, 39, E7, 3D, 76, 00, 00, ...] .text C:\Windows\system32\wbem\unsecapp.exe[6488] C:\Windows\system32\ADVAPI32.dll!CryptImportKey + 1 000007fefdcfe719 11 bytes [B8, F9, FD, 3D, 76, 00, 00, ...] .text C:\Windows\system32\wbem\unsecapp.exe[6488] C:\Windows\system32\ADVAPI32.dll!CryptAcquireContextW + 1 000007fefdd0051d 11 bytes [B8, F9, E8, 3D, 76, 00, 00, ...] .text C:\Windows\system32\wbem\unsecapp.exe[6488] C:\Windows\system32\ADVAPI32.dll!CryptCreateHash + 1 000007fefdd00609 11 bytes [B8, F9, F6, 3D, 76, 00, 00, ...] .text C:\Windows\system32\wbem\unsecapp.exe[6488] C:\Windows\system32\ADVAPI32.dll!CryptGetHashParam + 1 000007fefdd00641 11 bytes [B8, 79, FA, 3D, 76, 00, 00, ...] .text C:\Windows\system32\wbem\unsecapp.exe[6488] C:\Windows\system32\ADVAPI32.dll!CryptGetHashParam + 73 000007fefdd00689 5 bytes [B8, 39, FC, 3D, 76] .text ... * 2 .text C:\Windows\system32\wbem\unsecapp.exe[6488] C:\Windows\system32\ADVAPI32.dll!IsTextUnicode + 49 000007fefdd14ea1 11 bytes [B8, 79, 1D, 3E, 76, 00, 00, ...] .text C:\Windows\system32\wbem\unsecapp.exe[6488] C:\Windows\system32\ADVAPI32.dll!CreateServiceW 000007fefdd155c8 12 bytes [48, B8, B9, 6C, 3D, 76, 00, ...] .text C:\Windows\system32\wbem\unsecapp.exe[6488] C:\Windows\system32\ADVAPI32.dll!CryptEncrypt + 1 000007fefdd2b7d1 7 bytes [B8, 79, EC, 3D, 76, 00, 00] .text C:\Windows\system32\wbem\unsecapp.exe[6488] C:\Windows\system32\ADVAPI32.dll!CryptEncrypt + 10 000007fefdd2b7da 2 bytes [50, C3] .text C:\Windows\system32\wbem\unsecapp.exe[6488] C:\Windows\system32\ADVAPI32.dll!CreateServiceA 000007fefdd2b85c 12 bytes [48, B8, F9, 6A, 3D, 76, 00, ...] .text C:\Windows\system32\wbem\unsecapp.exe[6488] C:\Windows\system32\ADVAPI32.dll!ChangeServiceConfigW 000007fefdd2b9d0 12 bytes [48, B8, 79, 60, 3D, 76, 00, ...] .text C:\Windows\system32\wbem\unsecapp.exe[6488] C:\Windows\system32\ADVAPI32.dll!ChangeServiceConfigA 000007fefdd2ba3c 12 bytes [48, B8, B9, 5E, 3D, 76, 00, ...] .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe[7044] C:\Windows\SysWOW64\ntdll.dll!NtWriteFile 0000000077d3f924 5 bytes JMP 00000001761f77e9 .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe[7044] C:\Windows\SysWOW64\ntdll.dll!NtClose 0000000077d3f9dc 5 bytes JMP 00000001761f5e61 .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe[7044] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationProcess 0000000077d3fb24 5 bytes JMP 00000001761f5871 .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe[7044] C:\Windows\SysWOW64\ntdll.dll!NtQueryInformationToken 0000000077d3fba4 5 bytes JMP 00000001761f73c1 .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe[7044] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess 0000000077d3fc1c 5 bytes JMP 00000001761f31d9 .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe[7044] C:\Windows\SysWOW64\ntdll.dll!NtMapViewOfSection 0000000077d3fc4c 5 bytes JMP 00000001761f15f1 .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe[7044] C:\Windows\SysWOW64\ntdll.dll!NtUnmapViewOfSection 0000000077d3fc7c 5 bytes JMP 00000001761f1689 .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe[7044] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 0000000077d3fcac 5 bytes JMP 00000001761f57d9 .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe[7044] C:\Windows\SysWOW64\ntdll.dll!NtOpenSection 0000000077d3fdc4 5 bytes JMP 00000001761f7751 .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe[7044] C:\Windows\SysWOW64\ntdll.dll!NtWriteVirtualMemory 0000000077d3fe10 5 bytes JMP 00000001761f30a9 .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe[7044] C:\Windows\SysWOW64\ntdll.dll!NtDuplicateObject 0000000077d3fe40 5 bytes JMP 00000001761f3309 .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe[7044] C:\Windows\SysWOW64\ntdll.dll!NtAdjustPrivilegesToken 0000000077d3febc 5 bytes JMP 00000001761f67e1 .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe[7044] C:\Windows\SysWOW64\ntdll.dll!NtQueueApcThread 0000000077d3ff20 5 bytes JMP 00000001761f3271 .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe[7044] C:\Windows\SysWOW64\ntdll.dll!NtCreateSection 0000000077d3ffa0 5 bytes JMP 00000001761f7881 .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe[7044] C:\Windows\SysWOW64\ntdll.dll!NtCreateProcessEx 0000000077d3ffe8 5 bytes JMP 00000001761f2ee1 .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe[7044] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread 0000000077d40000 5 bytes JMP 00000001761f2db1 .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe[7044] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile 0000000077d400b0 5 bytes JMP 00000001761f1ed9 .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe[7044] C:\Windows\SysWOW64\ntdll.dll!NtSetValueKey 0000000077d401c0 5 bytes JMP 00000001761f2301 .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe[7044] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant 0000000077d40798 5 bytes JMP 00000001761f76b9 .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe[7044] C:\Windows\SysWOW64\ntdll.dll!NtCreateProcess 0000000077d40810 5 bytes JMP 00000001761f2e49 .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe[7044] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx 0000000077d408a0 5 bytes JMP 00000001761f2d19 .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe[7044] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver 0000000077d40df0 5 bytes JMP 00000001761f5ef9 .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe[7044] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessToken 0000000077d410bc 5 bytes JMP 00000001761f7329 .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe[7044] C:\Windows\SysWOW64\ntdll.dll!NtRaiseHardError 0000000077d41600 5 bytes JMP 00000001761f4ac9 .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe[7044] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread 0000000077d4191c 5 bytes JMP 00000001761f3141 .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe[7044] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation 0000000077d41be0 5 bytes JMP 00000001761f5f91 .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe[7044] C:\Windows\SysWOW64\ntdll.dll!NtSuspendProcess 0000000077d41d50 5 bytes JMP 00000001761f3439 .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe[7044] C:\Windows\SysWOW64\ntdll.dll!NtSuspendThread 0000000077d41d6c 5 bytes JMP 00000001761f33a1 .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe[7044] C:\Windows\SysWOW64\ntdll.dll!NtSystemDebugControl 0000000077d41d88 5 bytes JMP 00000001761f7919 .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe[7044] C:\Windows\SysWOW64\ntdll.dll!NtVdmControl 0000000077d41ee4 5 bytes JMP 00000001761f74f1 .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe[7044] C:\Windows\SysWOW64\ntdll.dll!RtlQueryPerformanceCounter 0000000077d54924 5 bytes JMP 00000001761f1ab1 .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe[7044] C:\Windows\SysWOW64\ntdll.dll!RtlEqualSid 0000000077d60f81 5 bytes JMP 00000001761f7459 .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe[7044] C:\Windows\SysWOW64\ntdll.dll!RtlCreateProcessParametersEx 0000000077d80edb 5 bytes JMP 00000001761f2009 .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe[7044] C:\Windows\SysWOW64\ntdll.dll!RtlReportException 0000000077dc886f 5 bytes JMP 00000001761f4b61 .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe[7044] C:\Windows\SysWOW64\ntdll.dll!RtlCreateProcessParameters 0000000077dceb0b 5 bytes JMP 00000001761f1f71 .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe[7044] C:\Windows\syswow64\kernel32.dll!GetStartupInfoA 0000000077820e00 5 bytes JMP 00000001761f1da9 .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe[7044] C:\Windows\syswow64\kernel32.dll!CreateProcessA 0000000077821072 5 bytes JMP 00000001761f2a21 .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe[7044] C:\Windows\syswow64\kernel32.dll!LoadLibraryA 0000000077824977 5 bytes JMP 00000001761f25f9 .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe[7044] C:\Windows\syswow64\kernel32.dll!CreateProcessInternalW 0000000077833b93 5 bytes JMP 00000001761f3011 .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe[7044] C:\Windows\syswow64\kernel32.dll!MoveFileWithProgressW 0000000077839a74 5 bytes JMP 00000001761f6749 .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe[7044] C:\Windows\syswow64\kernel32.dll!MoveFileExW 0000000077839ad5 5 bytes JMP 00000001761f64e9 .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe[7044] C:\Windows\syswow64\kernel32.dll!CreateToolhelp32Snapshot 00000000778472f7 5 bytes JMP 00000001761f2729 .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe[7044] C:\Windows\syswow64\kernel32.dll!Process32NextW 00000000778488aa 5 bytes JMP 00000001761f5dc9 .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe[7044] C:\Windows\syswow64\kernel32.dll!MoveFileExA 000000007784ccb1 5 bytes JMP 00000001761f63b9 .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe[7044] C:\Windows\syswow64\kernel32.dll!MoveFileWithProgressA 000000007784ccd1 5 bytes JMP 00000001761f6619 .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe[7044] C:\Windows\syswow64\kernel32.dll!WinExec 00000000778a3041 5 bytes JMP 00000001761f28f1 .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe[7044] C:\Windows\syswow64\kernel32.dll!ReadConsoleInputA 00000000778c74fb 5 bytes JMP 00000001761f46a1 .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe[7044] C:\Windows\syswow64\kernel32.dll!ReadConsoleInputW 00000000778c751e 5 bytes JMP 00000001761f47d1 .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe[7044] C:\Windows\syswow64\kernel32.dll!ReadConsoleA 00000000778c78c9 5 bytes JMP 00000001761f4901 .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe[7044] C:\Windows\syswow64\kernel32.dll!ReadConsoleW 00000000778c7942 5 bytes JMP 00000001761f4a31 .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe[7044] C:\Windows\syswow64\KERNELBASE.dll!GetSystemTimeAsFileTime 0000000075c08f8d 5 bytes JMP 00000000761f1a19 .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe[7044] C:\Windows\syswow64\KERNELBASE.dll!CloseHandle 0000000075c0c436 5 bytes JMP 00000000761f3b59 .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe[7044] C:\Windows\syswow64\KERNELBASE.dll!DeviceIoControl 0000000075c0d0af 5 bytes JMP 00000000761f6879 .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe[7044] C:\Windows\syswow64\KERNELBASE.dll!WriteProcessMemory 0000000075c0eca6 5 bytes JMP 00000000761f3601 .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe[7044] C:\Windows\syswow64\KERNELBASE.dll!ExitProcess 0000000075c0f206 5 bytes JMP 00000000761f2399 .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe[7044] C:\Windows\syswow64\KERNELBASE.dll!GetStartupInfoW 0000000075c0fa89 5 bytes JMP 00000000761f1e41 .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe[7044] C:\Windows\syswow64\KERNELBASE.dll!DefineDosDeviceW 0000000075c0fbb7 5 bytes JMP 00000000761f6289 .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe[7044] C:\Windows\syswow64\KERNELBASE.dll!CreateMutexW 0000000075c11358 5 bytes JMP 00000000761f3ac1 .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe[7044] C:\Windows\syswow64\KERNELBASE.dll!OpenMutexW 0000000075c1137f 5 bytes JMP 00000000761f3a29 .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe[7044] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000075c11d29 5 bytes JMP 00000000761f1981 .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe[7044] C:\Windows\syswow64\KERNELBASE.dll!GetProcAddress 0000000075c11e15 5 bytes JMP 00000000761f24c9 .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe[7044] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000075c12ab1 5 bytes JMP 00000000761f59a1 .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe[7044] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExA 0000000075c12cd9 5 bytes JMP 00000000761f5909 .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe[7044] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000075c12d17 5 bytes JMP 00000000761f5a39 .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe[7044] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleA 0000000075c12e7a 5 bytes JMP 00000000761f18e9 .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe[7044] C:\Windows\syswow64\KERNELBASE.dll!SleepEx 0000000075c13b70 5 bytes JMP 00000000761f2269 .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe[7044] C:\Windows\syswow64\KERNELBASE.dll!Sleep 0000000075c14496 5 bytes JMP 00000000761f2431 .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe[7044] C:\Windows\syswow64\KERNELBASE.dll!CreateThread 0000000075c14608 5 bytes JMP 00000000761f3569 .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe[7044] C:\Windows\syswow64\KERNELBASE.dll!CreateRemoteThread 0000000075c14631 5 bytes JMP 00000000761f2c81 .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe[7044] C:\Windows\syswow64\KERNELBASE.dll!FindNextFileW 0000000075c1a211 5 bytes JMP 00000000761f69a9 .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe[7044] C:\Windows\syswow64\KERNELBASE.dll!FindFirstFileExW 0000000075c1a4fa 5 bytes JMP 00000000761f6911 .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe[7044] C:\Windows\syswow64\KERNELBASE.dll!CreateFileA 0000000075c1c734 5 bytes JMP 00000000761f27c1 .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe[7044] C:\Windows\syswow64\KERNELBASE.dll!CreateWellKnownSid 0000000075c1e29d 5 bytes JMP 00000000761f7291 .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe[7044] C:\Windows\syswow64\SHELL32.dll!Shell_NotifyIconW 0000000000cf0179 5 bytes JMP 00000000761f4d29 .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe[7044] C:\Windows\syswow64\msvcrt.dll!_lock + 41 000000007571a472 5 bytes JMP 00000000761f7a49 .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe[7044] C:\Windows\syswow64\msvcrt.dll!__p__fmode 00000000757227ce 5 bytes JMP 00000000761f1be1 .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe[7044] C:\Windows\syswow64\msvcrt.dll!__p__environ 000000007572e6cf 5 bytes JMP 00000000761f1b49 .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe[7044] C:\Windows\syswow64\USER32.dll!GetMessageW 0000000076af78e2 5 bytes JMP 00000001761f4441 .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe[7044] C:\Windows\syswow64\USER32.dll!GetMessageA 0000000076af7bd3 5 bytes JMP 00000001761f43a9 .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe[7044] C:\Windows\syswow64\USER32.dll!CreateWindowExW 0000000076af8a29 5 bytes JMP 00000001761f4f89 .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe[7044] C:\Windows\syswow64\USER32.dll!FindWindowW 0000000076af98fd 1 byte JMP 00000001761f5c01 .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe[7044] C:\Windows\syswow64\USER32.dll!FindWindowW + 2 0000000076af98ff 3 bytes {JMP 0xffffffffff6fc304} .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe[7044] C:\Windows\syswow64\USER32.dll!UserClientDllInitialize 0000000076afb6ed 5 bytes JMP 00000001761f7ae1 .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe[7044] C:\Windows\syswow64\USER32.dll!CreateWindowExA 0000000076afd22e 5 bytes JMP 00000001761f5021 .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe[7044] C:\Windows\syswow64\USER32.dll!SetWinEventHook 0000000076afee09 5 bytes JMP 00000001761f34d1 .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe[7044] C:\Windows\syswow64\USER32.dll!FindWindowA 0000000076afffe6 5 bytes JMP 00000001761f5ad1 .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe[7044] C:\Windows\syswow64\USER32.dll!FindWindowExA 0000000076b000d9 5 bytes JMP 00000001761f5b69 .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe[7044] C:\Windows\syswow64\USER32.dll!PeekMessageW 0000000076b005ba 5 bytes JMP 00000001761f4571 .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe[7044] C:\Windows\syswow64\USER32.dll!ShowWindow 0000000076b00dfb 5 bytes JMP 00000001761f50b9 .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe[7044] C:\Windows\syswow64\USER32.dll!PostMessageW 0000000076b012a5 5 bytes JMP 00000001761f7621 .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe[7044] C:\Windows\syswow64\USER32.dll!SetWindowTextW 0000000076b020ec 5 bytes JMP 00000001761f5449 .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe[7044] C:\Windows\syswow64\USER32.dll!PostMessageA 0000000076b03baa 5 bytes JMP 00000001761f7589 .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe[7044] C:\Windows\syswow64\USER32.dll!PeekMessageA 0000000076b05f74 5 bytes JMP 00000001761f44d9 .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe[7044] C:\Windows\syswow64\USER32.dll!CallNextHookEx 0000000076b06285 5 bytes JMP 00000001761f4bf9 .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe[7044] C:\Windows\syswow64\USER32.dll!SetWindowsHookExW 0000000076b07603 5 bytes JMP 00000001761f2be9 .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe[7044] C:\Windows\syswow64\USER32.dll!SetWindowTextA 0000000076b07aee 5 bytes JMP 00000001761f53b1 .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe[7044] C:\Windows\syswow64\USER32.dll!SetWindowsHookExA 0000000076b0835c 5 bytes JMP 00000001761f2b51 .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe[7044] C:\Windows\syswow64\USER32.dll!DialogBoxIndirectParamAorW 0000000076b1ce54 5 bytes JMP 00000001761f51e9 .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe[7044] C:\Windows\syswow64\USER32.dll!UnhookWindowsHookEx 0000000076b1f52b 5 bytes JMP 00000001761f4c91 .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe[7044] C:\Windows\syswow64\USER32.dll!FindWindowExW 0000000076b1f588 5 bytes JMP 00000001761f5c99 .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe[7044] C:\Windows\syswow64\USER32.dll!CreateDialogIndirectParamAorW 0000000076b210a0 5 bytes JMP 00000001761f5151 .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe[7044] C:\Windows\syswow64\USER32.dll!MessageBoxExA 0000000076b4fcd6 2 bytes JMP 00000001761f5281 .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe[7044] C:\Windows\syswow64\USER32.dll!MessageBoxExA + 3 0000000076b4fcd9 2 bytes [6A, FF] .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe[7044] C:\Windows\syswow64\USER32.dll!MessageBoxExW 0000000076b4fcfa 5 bytes JMP 00000001761f5319 .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe[7044] C:\Windows\syswow64\ADVAPI32.dll!CryptGenKey 0000000075908e89 5 bytes JMP 00000000761f6b71 .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe[7044] C:\Windows\syswow64\ADVAPI32.dll!CryptAcquireContextA 0000000075909179 5 bytes JMP 00000000761f6a41 .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe[7044] C:\Windows\syswow64\ADVAPI32.dll!CryptExportKey 0000000075909186 5 bytes JMP 00000000761f7031 .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe[7044] C:\Windows\syswow64\ADVAPI32.dll!CryptImportKey 000000007590c4d2 5 bytes JMP 00000000761f71f9 .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe[7044] C:\Windows\syswow64\ADVAPI32.dll!OpenServiceW 000000007590c9ec 5 bytes JMP 00000000761f3c89 .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe[7044] C:\Windows\syswow64\ADVAPI32.dll!CryptAcquireContextW 000000007590deb4 5 bytes JMP 00000000761f6ad9 .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe[7044] C:\Windows\syswow64\ADVAPI32.dll!CryptHashData 000000007590ded6 5 bytes JMP 00000000761f7161 .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe[7044] C:\Windows\syswow64\ADVAPI32.dll!CryptCreateHash 000000007590deee 5 bytes JMP 00000000761f6f99 .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe[7044] C:\Windows\syswow64\ADVAPI32.dll!CryptGetHashParam 000000007590df1e 5 bytes JMP 00000000761f70c9 .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe[7044] C:\Windows\syswow64\ADVAPI32.dll!OpenServiceA 0000000075912b70 5 bytes JMP 00000000761f3bf1 .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe[7044] C:\Windows\syswow64\ADVAPI32.dll!CloseServiceHandle 000000007591361c 5 bytes JMP 00000000761f40b1 .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe[7044] C:\Windows\syswow64\ADVAPI32.dll!RegOpenKeyExA + 222 0000000075914965 5 bytes JMP 00000000761f7b79 .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe[7044] C:\Windows\syswow64\ADVAPI32.dll!CreateServiceW 00000000759270c4 5 bytes JMP 00000000761f4311 .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe[7044] C:\Windows\syswow64\ADVAPI32.dll!ControlService 00000000759270dc 5 bytes JMP 00000000761f3e51 .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe[7044] C:\Windows\syswow64\ADVAPI32.dll!DeleteService 00000000759270f4 5 bytes JMP 00000000761f3ee9 .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe[7044] C:\Windows\syswow64\ADVAPI32.dll!CryptEncrypt 0000000075927733 5 bytes JMP 00000000761f6c09 .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe[7044] C:\Windows\syswow64\ADVAPI32.dll!ChangeServiceConfigA 00000000759431f4 3 bytes JMP 00000000761f3f81 .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe[7044] C:\Windows\syswow64\ADVAPI32.dll!ChangeServiceConfigA + 4 00000000759431f8 1 byte [00] .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe[7044] C:\Windows\syswow64\ADVAPI32.dll!ChangeServiceConfigW 0000000075943204 3 bytes JMP 00000000761f4019 .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe[7044] C:\Windows\syswow64\ADVAPI32.dll!ChangeServiceConfigW + 4 0000000075943208 1 byte [00] .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe[7044] C:\Windows\syswow64\ADVAPI32.dll!ControlServiceExA 0000000075943214 3 bytes JMP 00000000761f3d21 .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe[7044] C:\Windows\syswow64\ADVAPI32.dll!ControlServiceExA + 4 0000000075943218 1 byte [00] .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe[7044] C:\Windows\syswow64\ADVAPI32.dll!ControlServiceExW 0000000075943224 3 bytes JMP 00000000761f3db9 .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe[7044] C:\Windows\syswow64\ADVAPI32.dll!ControlServiceExW + 4 0000000075943228 1 byte [00] .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe[7044] C:\Windows\syswow64\ADVAPI32.dll!CreateServiceA 0000000075943264 3 bytes JMP 00000000761f4279 .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe[7044] C:\Windows\syswow64\ADVAPI32.dll!CreateServiceA + 4 0000000075943268 1 byte [00] .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe[7044] C:\Windows\syswow64\urlmon.dll!CreateUri + 128 0000000077402b30 5 bytes JMP 00000001761f7ca9 .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe[7044] C:\Windows\syswow64\urlmon.dll!URLDownloadToCacheFileW 000000007743f810 5 bytes JMP 00000001761f4149 .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe[7044] C:\Windows\syswow64\urlmon.dll!URLDownloadToFileW 000000007743ffd0 5 bytes JMP 00000001761f21d1 .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe[7044] C:\Windows\syswow64\urlmon.dll!URLDownloadToFileA 00000000774bef00 5 bytes JMP 00000001761f2ab9 .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe[7044] C:\Windows\syswow64\WS2_32.dll!closesocket 0000000076c93918 5 bytes JMP 00000001761f5741 .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe[7044] C:\Windows\syswow64\WS2_32.dll!WSASocketW 0000000076c93cd3 5 bytes JMP 00000001761f56a9 .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe[7044] C:\Windows\syswow64\WS2_32.dll!socket 0000000076c93eb8 5 bytes JMP 00000001761f6ca1 .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe[7044] C:\Windows\syswow64\WS2_32.dll!WSASend 0000000076c94406 5 bytes JMP 00000001761f2139 .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe[7044] C:\Windows\syswow64\WS2_32.dll!GetAddrInfoW 0000000076c94889 5 bytes JMP 00000001761f4dc1 .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe[7044] C:\Windows\syswow64\WS2_32.dll!recv 0000000076c96b0e 5 bytes JMP 00000001761f6e69 .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe[7044] C:\Windows\syswow64\WS2_32.dll!connect 0000000076c96bdd 1 byte JMP 00000001761f41e1 .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe[7044] C:\Windows\syswow64\WS2_32.dll!connect + 2 0000000076c96bdf 3 bytes {CALL RBP} .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe[7044] C:\Windows\syswow64\WS2_32.dll!send 0000000076c96f01 5 bytes JMP 00000001761f20a1 .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe[7044] C:\Windows\syswow64\WS2_32.dll!WSARecv 0000000076c97089 5 bytes JMP 00000001761f6f01 .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe[7044] C:\Windows\syswow64\WS2_32.dll!WSAConnect 0000000076c9cc3f 5 bytes JMP 00000001761f6dd1 .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe[7044] C:\Windows\syswow64\WS2_32.dll!GetAddrInfoExW 0000000076c9d1ea 5 bytes JMP 00000001761f4e59 .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe[7044] C:\Windows\syswow64\WS2_32.dll!gethostbyname 0000000076ca7673 5 bytes JMP 00000001761f4ef1 .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe[7044] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000076d61401 2 bytes JMP 7784b1ef C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe[7044] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000076d61419 2 bytes JMP 7784b31a C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe[7044] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000076d61431 2 bytes JMP 778c8f09 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe[7044] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000076d6144a 2 bytes CALL 77824885 C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe[7044] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000076d614dd 2 bytes JMP 778c8802 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe[7044] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000076d614f5 2 bytes JMP 778c89d8 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe[7044] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000076d6150d 2 bytes JMP 778c86f8 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe[7044] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000076d61525 2 bytes JMP 778c8ac2 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe[7044] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000076d6153d 2 bytes JMP 7783fc78 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe[7044] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000076d61555 2 bytes JMP 778468bf C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe[7044] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000076d6156d 2 bytes JMP 778c8fc1 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe[7044] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000076d61585 2 bytes JMP 778c8b22 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe[7044] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000076d6159d 2 bytes JMP 778c86bc C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe[7044] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000076d615b5 2 bytes JMP 7783fd11 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe[7044] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000076d615cd 2 bytes JMP 7784b2b0 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe[7044] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000076d616b2 2 bytes JMP 778c8e84 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe[7044] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000076d616bd 2 bytes JMP 778c8651 C:\Windows\syswow64\kernel32.dll .text C:\Users\Olik\Downloads\us424p16.exe[5956] C:\Windows\SysWOW64\ntdll.dll!NtReadFile 0000000077d3f8ec 5 bytes JMP 00000001761f6911 .text C:\Users\Olik\Downloads\us424p16.exe[5956] C:\Windows\SysWOW64\ntdll.dll!NtWriteFile 0000000077d3f924 5 bytes JMP 00000001761f7881 .text C:\Users\Olik\Downloads\us424p16.exe[5956] C:\Windows\SysWOW64\ntdll.dll!NtClose 0000000077d3f9dc 5 bytes JMP 00000001761f5e61 .text C:\Users\Olik\Downloads\us424p16.exe[5956] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationProcess 0000000077d3fb24 5 bytes JMP 00000001761f5871 .text C:\Users\Olik\Downloads\us424p16.exe[5956] C:\Windows\SysWOW64\ntdll.dll!NtQueryInformationToken 0000000077d3fba4 5 bytes JMP 00000001761f7459 .text C:\Users\Olik\Downloads\us424p16.exe[5956] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess 0000000077d3fc1c 5 bytes JMP 00000001761f31d9 .text C:\Users\Olik\Downloads\us424p16.exe[5956] C:\Windows\SysWOW64\ntdll.dll!NtMapViewOfSection 0000000077d3fc4c 5 bytes JMP 00000001761f15f1 .text C:\Users\Olik\Downloads\us424p16.exe[5956] C:\Windows\SysWOW64\ntdll.dll!NtUnmapViewOfSection 0000000077d3fc7c 5 bytes JMP 00000001761f1689 .text C:\Users\Olik\Downloads\us424p16.exe[5956] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 0000000077d3fcac 5 bytes JMP 00000001761f57d9 .text C:\Users\Olik\Downloads\us424p16.exe[5956] C:\Windows\SysWOW64\ntdll.dll!NtOpenSection 0000000077d3fdc4 5 bytes JMP 00000001761f77e9 .text C:\Users\Olik\Downloads\us424p16.exe[5956] C:\Windows\SysWOW64\ntdll.dll!NtWriteVirtualMemory 0000000077d3fe10 5 bytes JMP 00000001761f30a9 .text C:\Users\Olik\Downloads\us424p16.exe[5956] C:\Windows\SysWOW64\ntdll.dll!NtDuplicateObject 0000000077d3fe40 5 bytes JMP 00000001761f3309 .text C:\Users\Olik\Downloads\us424p16.exe[5956] C:\Windows\SysWOW64\ntdll.dll!NtAdjustPrivilegesToken 0000000077d3febc 5 bytes JMP 00000001761f67e1 .text C:\Users\Olik\Downloads\us424p16.exe[5956] C:\Windows\SysWOW64\ntdll.dll!NtQueueApcThread 0000000077d3ff20 5 bytes JMP 00000001761f3271 .text C:\Users\Olik\Downloads\us424p16.exe[5956] C:\Windows\SysWOW64\ntdll.dll!NtCreateSection 0000000077d3ffa0 5 bytes JMP 00000001761f7919 .text C:\Users\Olik\Downloads\us424p16.exe[5956] C:\Windows\SysWOW64\ntdll.dll!NtCreateProcessEx 0000000077d3ffe8 5 bytes JMP 00000001761f2ee1 .text C:\Users\Olik\Downloads\us424p16.exe[5956] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread 0000000077d40000 5 bytes JMP 00000001761f2db1 .text C:\Users\Olik\Downloads\us424p16.exe[5956] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile 0000000077d400b0 5 bytes JMP 00000001761f1ed9 .text C:\Users\Olik\Downloads\us424p16.exe[5956] C:\Windows\SysWOW64\ntdll.dll!NtSetValueKey 0000000077d401c0 5 bytes JMP 00000001761f2301 .text C:\Users\Olik\Downloads\us424p16.exe[5956] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant 0000000077d40798 5 bytes JMP 00000001761f7751 .text C:\Users\Olik\Downloads\us424p16.exe[5956] C:\Windows\SysWOW64\ntdll.dll!NtCreateProcess 0000000077d40810 5 bytes JMP 00000001761f2e49 .text C:\Users\Olik\Downloads\us424p16.exe[5956] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx 0000000077d408a0 5 bytes JMP 00000001761f2d19 .text C:\Users\Olik\Downloads\us424p16.exe[5956] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver 0000000077d40df0 5 bytes JMP 00000001761f5ef9 .text C:\Users\Olik\Downloads\us424p16.exe[5956] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessToken 0000000077d410bc 5 bytes JMP 00000001761f73c1 .text C:\Users\Olik\Downloads\us424p16.exe[5956] C:\Windows\SysWOW64\ntdll.dll!NtRaiseHardError 0000000077d41600 5 bytes JMP 00000001761f4ac9 .text C:\Users\Olik\Downloads\us424p16.exe[5956] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread 0000000077d4191c 5 bytes JMP 00000001761f3141 .text C:\Users\Olik\Downloads\us424p16.exe[5956] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation 0000000077d41be0 5 bytes JMP 00000001761f5f91 .text C:\Users\Olik\Downloads\us424p16.exe[5956] C:\Windows\SysWOW64\ntdll.dll!NtSuspendProcess 0000000077d41d50 5 bytes JMP 00000001761f3439 .text C:\Users\Olik\Downloads\us424p16.exe[5956] C:\Windows\SysWOW64\ntdll.dll!NtSuspendThread 0000000077d41d6c 5 bytes JMP 00000001761f33a1 .text C:\Users\Olik\Downloads\us424p16.exe[5956] C:\Windows\SysWOW64\ntdll.dll!NtSystemDebugControl 0000000077d41d88 5 bytes JMP 00000001761f79b1 .text C:\Users\Olik\Downloads\us424p16.exe[5956] C:\Windows\SysWOW64\ntdll.dll!NtVdmControl 0000000077d41ee4 5 bytes JMP 00000001761f7589 .text C:\Users\Olik\Downloads\us424p16.exe[5956] C:\Windows\SysWOW64\ntdll.dll!RtlQueryPerformanceCounter 0000000077d54924 5 bytes JMP 00000001761f1ab1 .text C:\Users\Olik\Downloads\us424p16.exe[5956] C:\Windows\SysWOW64\ntdll.dll!RtlEqualSid 0000000077d60f81 5 bytes JMP 00000001761f74f1 .text C:\Users\Olik\Downloads\us424p16.exe[5956] C:\Windows\SysWOW64\ntdll.dll!RtlCreateProcessParametersEx 0000000077d80edb 5 bytes JMP 00000001761f2009 .text C:\Users\Olik\Downloads\us424p16.exe[5956] C:\Windows\SysWOW64\ntdll.dll!RtlReportException 0000000077dc886f 5 bytes JMP 00000001761f4b61 .text C:\Users\Olik\Downloads\us424p16.exe[5956] C:\Windows\SysWOW64\ntdll.dll!RtlCreateProcessParameters 0000000077dceb0b 5 bytes JMP 00000001761f1f71 .text C:\Users\Olik\Downloads\us424p16.exe[5956] C:\Windows\syswow64\kernel32.dll!GetStartupInfoA 0000000077820e00 5 bytes JMP 00000001761f1da9 .text C:\Users\Olik\Downloads\us424p16.exe[5956] C:\Windows\syswow64\kernel32.dll!CreateProcessA 0000000077821072 5 bytes JMP 00000001761f2a21 .text C:\Users\Olik\Downloads\us424p16.exe[5956] C:\Windows\syswow64\kernel32.dll!LoadLibraryA 0000000077824977 5 bytes JMP 00000001761f25f9 .text C:\Users\Olik\Downloads\us424p16.exe[5956] C:\Windows\syswow64\kernel32.dll!CreateProcessInternalW 0000000077833b93 5 bytes JMP 00000001761f3011 .text C:\Users\Olik\Downloads\us424p16.exe[5956] C:\Windows\syswow64\kernel32.dll!MoveFileWithProgressW 0000000077839a74 5 bytes JMP 00000001761f6749 .text C:\Users\Olik\Downloads\us424p16.exe[5956] C:\Windows\syswow64\kernel32.dll!MoveFileExW 0000000077839ad5 5 bytes JMP 00000001761f64e9 .text C:\Users\Olik\Downloads\us424p16.exe[5956] C:\Windows\syswow64\kernel32.dll!CreateToolhelp32Snapshot 00000000778472f7 5 bytes JMP 00000001761f2729 .text C:\Users\Olik\Downloads\us424p16.exe[5956] C:\Windows\syswow64\kernel32.dll!Process32NextW 00000000778488aa 5 bytes JMP 00000001761f5dc9 .text C:\Users\Olik\Downloads\us424p16.exe[5956] C:\Windows\syswow64\kernel32.dll!MoveFileExA 000000007784ccb1 5 bytes JMP 00000001761f63b9 .text C:\Users\Olik\Downloads\us424p16.exe[5956] C:\Windows\syswow64\kernel32.dll!MoveFileWithProgressA 000000007784ccd1 5 bytes JMP 00000001761f6619 .text C:\Users\Olik\Downloads\us424p16.exe[5956] C:\Windows\syswow64\kernel32.dll!WinExec 00000000778a3041 5 bytes JMP 00000001761f28f1 .text C:\Users\Olik\Downloads\us424p16.exe[5956] C:\Windows\syswow64\kernel32.dll!ReadConsoleInputA 00000000778c74fb 5 bytes JMP 00000001761f46a1 .text C:\Users\Olik\Downloads\us424p16.exe[5956] C:\Windows\syswow64\kernel32.dll!ReadConsoleInputW 00000000778c751e 5 bytes JMP 00000001761f47d1 .text C:\Users\Olik\Downloads\us424p16.exe[5956] C:\Windows\syswow64\kernel32.dll!ReadConsoleA 00000000778c78c9 5 bytes JMP 00000001761f4901 .text C:\Users\Olik\Downloads\us424p16.exe[5956] C:\Windows\syswow64\kernel32.dll!ReadConsoleW 00000000778c7942 5 bytes JMP 00000001761f4a31 .text C:\Users\Olik\Downloads\us424p16.exe[5956] C:\Windows\syswow64\KERNELBASE.dll!GetSystemTimeAsFileTime 0000000075c08f8d 5 bytes JMP 00000000761f1a19 .text C:\Users\Olik\Downloads\us424p16.exe[5956] C:\Windows\syswow64\KERNELBASE.dll!CloseHandle 0000000075c0c436 5 bytes JMP 00000000761f3b59 .text C:\Users\Olik\Downloads\us424p16.exe[5956] C:\Windows\syswow64\KERNELBASE.dll!DeviceIoControl 0000000075c0d0af 5 bytes JMP 00000000761f6879 .text C:\Users\Olik\Downloads\us424p16.exe[5956] C:\Windows\syswow64\KERNELBASE.dll!WriteProcessMemory 0000000075c0eca6 5 bytes JMP 00000000761f3601 .text C:\Users\Olik\Downloads\us424p16.exe[5956] C:\Windows\syswow64\KERNELBASE.dll!ExitProcess 0000000075c0f206 5 bytes JMP 00000000761f2399 .text C:\Users\Olik\Downloads\us424p16.exe[5956] C:\Windows\syswow64\KERNELBASE.dll!GetStartupInfoW 0000000075c0fa89 5 bytes JMP 00000000761f1e41 .text C:\Users\Olik\Downloads\us424p16.exe[5956] C:\Windows\syswow64\KERNELBASE.dll!DefineDosDeviceW 0000000075c0fbb7 5 bytes JMP 00000000761f6289 .text C:\Users\Olik\Downloads\us424p16.exe[5956] C:\Windows\syswow64\KERNELBASE.dll!CreateMutexW 0000000075c11358 5 bytes JMP 00000000761f3ac1 .text C:\Users\Olik\Downloads\us424p16.exe[5956] C:\Windows\syswow64\KERNELBASE.dll!OpenMutexW 0000000075c1137f 5 bytes JMP 00000000761f3a29 .text C:\Users\Olik\Downloads\us424p16.exe[5956] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000075c11d29 5 bytes JMP 00000000761f1981 .text C:\Users\Olik\Downloads\us424p16.exe[5956] C:\Windows\syswow64\KERNELBASE.dll!GetProcAddress 0000000075c11e15 5 bytes JMP 00000000761f24c9 .text C:\Users\Olik\Downloads\us424p16.exe[5956] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000075c12ab1 5 bytes JMP 00000000761f59a1 .text C:\Users\Olik\Downloads\us424p16.exe[5956] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExA 0000000075c12cd9 5 bytes JMP 00000000761f5909 .text C:\Users\Olik\Downloads\us424p16.exe[5956] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000075c12d17 5 bytes JMP 00000000761f5a39 .text C:\Users\Olik\Downloads\us424p16.exe[5956] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleA 0000000075c12e7a 5 bytes JMP 00000000761f18e9 .text C:\Users\Olik\Downloads\us424p16.exe[5956] C:\Windows\syswow64\KERNELBASE.dll!SleepEx 0000000075c13b70 5 bytes JMP 00000000761f2269 .text C:\Users\Olik\Downloads\us424p16.exe[5956] C:\Windows\syswow64\KERNELBASE.dll!Sleep 0000000075c14496 5 bytes JMP 00000000761f2431 .text C:\Users\Olik\Downloads\us424p16.exe[5956] C:\Windows\syswow64\KERNELBASE.dll!CreateThread 0000000075c14608 5 bytes JMP 00000000761f3569 .text C:\Users\Olik\Downloads\us424p16.exe[5956] C:\Windows\syswow64\KERNELBASE.dll!CreateRemoteThread 0000000075c14631 5 bytes JMP 00000000761f2c81 .text C:\Users\Olik\Downloads\us424p16.exe[5956] C:\Windows\syswow64\KERNELBASE.dll!FindNextFileW 0000000075c1a211 5 bytes JMP 00000000761f6a41 .text C:\Users\Olik\Downloads\us424p16.exe[5956] C:\Windows\syswow64\KERNELBASE.dll!FindFirstFileExW 0000000075c1a4fa 5 bytes JMP 00000000761f69a9 .text C:\Users\Olik\Downloads\us424p16.exe[5956] C:\Windows\syswow64\KERNELBASE.dll!CreateFileA 0000000075c1c734 5 bytes JMP 00000000761f27c1 .text C:\Users\Olik\Downloads\us424p16.exe[5956] C:\Windows\syswow64\KERNELBASE.dll!CreateWellKnownSid 0000000075c1e29d 5 bytes JMP 00000000761f7329 .text C:\Users\Olik\Downloads\us424p16.exe[5956] C:\Windows\syswow64\ADVAPI32.dll!CryptGenKey 0000000075908e89 5 bytes JMP 00000000761f6c09 .text C:\Users\Olik\Downloads\us424p16.exe[5956] C:\Windows\syswow64\ADVAPI32.dll!CryptAcquireContextA 0000000075909179 5 bytes JMP 00000000761f6ad9 .text C:\Users\Olik\Downloads\us424p16.exe[5956] C:\Windows\syswow64\ADVAPI32.dll!CryptExportKey 0000000075909186 5 bytes JMP 00000000761f70c9 .text C:\Users\Olik\Downloads\us424p16.exe[5956] C:\Windows\syswow64\ADVAPI32.dll!CryptImportKey 000000007590c4d2 5 bytes JMP 00000000761f7291 .text C:\Users\Olik\Downloads\us424p16.exe[5956] C:\Windows\syswow64\ADVAPI32.dll!OpenServiceW 000000007590c9ec 5 bytes JMP 00000000761f3c89 .text C:\Users\Olik\Downloads\us424p16.exe[5956] C:\Windows\syswow64\ADVAPI32.dll!CryptAcquireContextW 000000007590deb4 5 bytes JMP 00000000761f6b71 .text C:\Users\Olik\Downloads\us424p16.exe[5956] C:\Windows\syswow64\ADVAPI32.dll!CryptHashData 000000007590ded6 5 bytes JMP 00000000761f71f9 .text C:\Users\Olik\Downloads\us424p16.exe[5956] C:\Windows\syswow64\ADVAPI32.dll!CryptCreateHash 000000007590deee 5 bytes JMP 00000000761f7031 .text C:\Users\Olik\Downloads\us424p16.exe[5956] C:\Windows\syswow64\ADVAPI32.dll!CryptGetHashParam 000000007590df1e 5 bytes JMP 00000000761f7161 .text C:\Users\Olik\Downloads\us424p16.exe[5956] C:\Windows\syswow64\ADVAPI32.dll!OpenServiceA 0000000075912b70 5 bytes JMP 00000000761f3bf1 .text C:\Users\Olik\Downloads\us424p16.exe[5956] C:\Windows\syswow64\ADVAPI32.dll!CloseServiceHandle 000000007591361c 5 bytes JMP 00000000761f40b1 .text C:\Users\Olik\Downloads\us424p16.exe[5956] C:\Windows\syswow64\ADVAPI32.dll!RegOpenKeyExA + 222 0000000075914965 5 bytes JMP 00000000761f7a49 .text C:\Users\Olik\Downloads\us424p16.exe[5956] C:\Windows\syswow64\ADVAPI32.dll!CreateServiceW 00000000759270c4 5 bytes JMP 00000000761f4311 .text C:\Users\Olik\Downloads\us424p16.exe[5956] C:\Windows\syswow64\ADVAPI32.dll!ControlService 00000000759270dc 5 bytes JMP 00000000761f3e51 .text C:\Users\Olik\Downloads\us424p16.exe[5956] C:\Windows\syswow64\ADVAPI32.dll!DeleteService 00000000759270f4 5 bytes JMP 00000000761f3ee9 .text C:\Users\Olik\Downloads\us424p16.exe[5956] C:\Windows\syswow64\ADVAPI32.dll!CryptEncrypt 0000000075927733 5 bytes JMP 00000000761f6ca1 .text C:\Users\Olik\Downloads\us424p16.exe[5956] C:\Windows\syswow64\ADVAPI32.dll!ChangeServiceConfigA 00000000759431f4 3 bytes JMP 00000000761f3f81 .text C:\Users\Olik\Downloads\us424p16.exe[5956] C:\Windows\syswow64\ADVAPI32.dll!ChangeServiceConfigA + 4 00000000759431f8 1 byte [00] .text C:\Users\Olik\Downloads\us424p16.exe[5956] C:\Windows\syswow64\ADVAPI32.dll!ChangeServiceConfigW 0000000075943204 3 bytes JMP 00000000761f4019 .text C:\Users\Olik\Downloads\us424p16.exe[5956] C:\Windows\syswow64\ADVAPI32.dll!ChangeServiceConfigW + 4 0000000075943208 1 byte [00] .text C:\Users\Olik\Downloads\us424p16.exe[5956] C:\Windows\syswow64\ADVAPI32.dll!ControlServiceExA 0000000075943214 3 bytes JMP 00000000761f3d21 .text C:\Users\Olik\Downloads\us424p16.exe[5956] C:\Windows\syswow64\ADVAPI32.dll!ControlServiceExA + 4 0000000075943218 1 byte [00] .text C:\Users\Olik\Downloads\us424p16.exe[5956] C:\Windows\syswow64\ADVAPI32.dll!ControlServiceExW 0000000075943224 3 bytes JMP 00000000761f3db9 .text C:\Users\Olik\Downloads\us424p16.exe[5956] C:\Windows\syswow64\ADVAPI32.dll!ControlServiceExW + 4 0000000075943228 1 byte [00] .text C:\Users\Olik\Downloads\us424p16.exe[5956] C:\Windows\syswow64\ADVAPI32.dll!CreateServiceA 0000000075943264 3 bytes JMP 00000000761f4279 .text C:\Users\Olik\Downloads\us424p16.exe[5956] C:\Windows\syswow64\ADVAPI32.dll!CreateServiceA + 4 0000000075943268 1 byte [00] .text C:\Users\Olik\Downloads\us424p16.exe[5956] C:\Windows\syswow64\msvcrt.dll!_lock + 41 000000007571a472 5 bytes JMP 00000000761f7ae1 .text C:\Users\Olik\Downloads\us424p16.exe[5956] C:\Windows\syswow64\msvcrt.dll!__p__fmode 00000000757227ce 5 bytes JMP 00000000761f1be1 .text C:\Users\Olik\Downloads\us424p16.exe[5956] C:\Windows\syswow64\msvcrt.dll!__p__environ 000000007572e6cf 5 bytes JMP 00000000761f1b49 .text C:\Users\Olik\Downloads\us424p16.exe[5956] C:\Windows\syswow64\USER32.dll!GetMessageW 0000000076af78e2 5 bytes JMP 00000001761f4441 .text C:\Users\Olik\Downloads\us424p16.exe[5956] C:\Windows\syswow64\USER32.dll!GetMessageA 0000000076af7bd3 5 bytes JMP 00000001761f43a9 .text C:\Users\Olik\Downloads\us424p16.exe[5956] C:\Windows\syswow64\USER32.dll!CreateWindowExW 0000000076af8a29 5 bytes JMP 00000001761f4f89 .text C:\Users\Olik\Downloads\us424p16.exe[5956] C:\Windows\syswow64\USER32.dll!FindWindowW 0000000076af98fd 1 byte JMP 00000001761f5c01 .text C:\Users\Olik\Downloads\us424p16.exe[5956] C:\Windows\syswow64\USER32.dll!FindWindowW + 2 0000000076af98ff 3 bytes {JMP 0xffffffffff6fc304} .text C:\Users\Olik\Downloads\us424p16.exe[5956] C:\Windows\syswow64\USER32.dll!UserClientDllInitialize 0000000076afb6ed 5 bytes JMP 00000001761f7b79 .text C:\Users\Olik\Downloads\us424p16.exe[5956] C:\Windows\syswow64\USER32.dll!CreateWindowExA 0000000076afd22e 5 bytes JMP 00000001761f5021 .text C:\Users\Olik\Downloads\us424p16.exe[5956] C:\Windows\syswow64\USER32.dll!SetWinEventHook 0000000076afee09 5 bytes JMP 00000001761f34d1 .text C:\Users\Olik\Downloads\us424p16.exe[5956] C:\Windows\syswow64\USER32.dll!FindWindowA 0000000076afffe6 5 bytes JMP 00000001761f5ad1 .text C:\Users\Olik\Downloads\us424p16.exe[5956] C:\Windows\syswow64\USER32.dll!FindWindowExA 0000000076b000d9 5 bytes JMP 00000001761f5b69 .text C:\Users\Olik\Downloads\us424p16.exe[5956] C:\Windows\syswow64\USER32.dll!PeekMessageW 0000000076b005ba 5 bytes JMP 00000001761f4571 .text C:\Users\Olik\Downloads\us424p16.exe[5956] C:\Windows\syswow64\USER32.dll!ShowWindow 0000000076b00dfb 5 bytes JMP 00000001761f50b9 .text C:\Users\Olik\Downloads\us424p16.exe[5956] C:\Windows\syswow64\USER32.dll!PostMessageW 0000000076b012a5 5 bytes JMP 00000001761f76b9 .text C:\Users\Olik\Downloads\us424p16.exe[5956] C:\Windows\syswow64\USER32.dll!SetWindowTextW 0000000076b020ec 5 bytes JMP 00000001761f5449 .text C:\Users\Olik\Downloads\us424p16.exe[5956] C:\Windows\syswow64\USER32.dll!PostMessageA 0000000076b03baa 5 bytes JMP 00000001761f7621 .text C:\Users\Olik\Downloads\us424p16.exe[5956] C:\Windows\syswow64\USER32.dll!PeekMessageA 0000000076b05f74 5 bytes JMP 00000001761f44d9 .text C:\Users\Olik\Downloads\us424p16.exe[5956] C:\Windows\syswow64\USER32.dll!CallNextHookEx 0000000076b06285 5 bytes JMP 00000001761f4bf9 .text C:\Users\Olik\Downloads\us424p16.exe[5956] C:\Windows\syswow64\USER32.dll!SetWindowsHookExW 0000000076b07603 5 bytes JMP 00000001761f2be9 .text C:\Users\Olik\Downloads\us424p16.exe[5956] C:\Windows\syswow64\USER32.dll!SetWindowTextA 0000000076b07aee 5 bytes JMP 00000001761f53b1 .text C:\Users\Olik\Downloads\us424p16.exe[5956] C:\Windows\syswow64\USER32.dll!SetWindowsHookExA 0000000076b0835c 5 bytes JMP 00000001761f2b51 .text C:\Users\Olik\Downloads\us424p16.exe[5956] C:\Windows\syswow64\USER32.dll!DialogBoxIndirectParamAorW 0000000076b1ce54 5 bytes JMP 00000001761f51e9 .text C:\Users\Olik\Downloads\us424p16.exe[5956] C:\Windows\syswow64\USER32.dll!UnhookWindowsHookEx 0000000076b1f52b 5 bytes JMP 00000001761f4c91 .text C:\Users\Olik\Downloads\us424p16.exe[5956] C:\Windows\syswow64\USER32.dll!FindWindowExW 0000000076b1f588 5 bytes JMP 00000001761f5c99 .text C:\Users\Olik\Downloads\us424p16.exe[5956] C:\Windows\syswow64\USER32.dll!CreateDialogIndirectParamAorW 0000000076b210a0 5 bytes JMP 00000001761f5151 .text C:\Users\Olik\Downloads\us424p16.exe[5956] C:\Windows\syswow64\USER32.dll!MessageBoxExA 0000000076b4fcd6 2 bytes JMP 00000001761f5281 .text C:\Users\Olik\Downloads\us424p16.exe[5956] C:\Windows\syswow64\USER32.dll!MessageBoxExA + 3 0000000076b4fcd9 2 bytes [6A, FF] .text C:\Users\Olik\Downloads\us424p16.exe[5956] C:\Windows\syswow64\USER32.dll!MessageBoxExW 0000000076b4fcfa 5 bytes JMP 00000001761f5319 ---- Devices - GMER 2.1 ---- Device \Driver\am4yiloh \Device\Scsi\am4yiloh1Port1Path0Target0Lun0 fffffa80074ab2c0 Device \Driver\am4yiloh \Device\Scsi\am4yiloh1 fffffa80074ab2c0 Device \FileSystem\Ntfs \Ntfs fffffa80039942c0 Device \FileSystem\fastfat \Fat fffffa80073e82c0 Device \Driver\NetBT \Device\NetBT_Tcpip_{070F1E39-95BC-4348-BC0D-F7FB92EB38AF} fffffa80072e92c0 Device \Driver\usbehci \Device\USBPDO-1 fffffa80073e42c0 Device \Driver\cdrom \Device\CdRom0 fffffa800725e2c0 Device \Driver\cdrom \Device\CdRom1 fffffa800725e2c0 Device \Driver\NetBT \Device\NetBT_Tcpip_{4590982B-B320-4A6D-B33F-9E0B095F98E5} fffffa80072e92c0 Device \Driver\usbehci \Device\USBFDO-0 fffffa80073e42c0 Device \Driver\usbehci \Device\USBFDO-1 fffffa80073e42c0 Device \Driver\NetBT \Device\NetBT_Tcpip_{D7DB1615-27FE-4CE2-9DAF-B843FA24AD70} fffffa80072e92c0 Device \Driver\NetBT \Device\NetBt_Wins_Export fffffa80072e92c0 Device \Driver\usbehci \Device\USBPDO-0 fffffa80073e42c0 Device \Driver\am4yiloh \Device\ScsiPort1 fffffa80074ab2c0 Device \Driver\NetBT \Device\NetBT_Tcpip_{34B7F5EB-E0AA-4A6E-88D7-5B6336DA36BB} fffffa80072e92c0 ---- Modules - GMER 2.1 ---- Module \SystemRoot\System32\Drivers\am4yiloh.SYS fffff88004b89000-fffff88004bda000 (331776 bytes) ---- Processes - GMER 2.1 ---- Library \\?\C:\Program Files\Common Files\Bitdefender\Bitdefender Threat Scanner\trufos.dll (*** suspicious ***) @ C:\Program Files\Bitdefender\Bitdefender 2015\vsserv.exe [432] (FILE NOT FOUND) 000007fefb590000 ---- Disk sectors - GMER 2.1 ---- Disk \Device\Harddisk0\DR0 unknown MBR code ---- EOF - GMER 2.1 ----