GMER 2.1.19357 - http://www.gmer.net Rootkit scan 2015-09-09 21:48:32 Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\00000072 ST310005 rev.JC45 931,51GB Running: 6d96ye29.exe; Driver: C:\Users\Ziggy\AppData\Local\Temp\pxldapow.sys ---- User code sections - GMER 2.1 ---- .text C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[1236] C:\Windows\SysWOW64\ntdll.dll!NtClose 0000000077ccfa20 5 bytes JMP 000000007ef35e61 .text C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[1236] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationProcess 0000000077ccfb68 5 bytes JMP 000000007ef35871 .text C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[1236] C:\Windows\SysWOW64\ntdll.dll!NtQueryInformationToken 0000000077ccfbe8 5 bytes JMP 000000007ef37459 .text C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[1236] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess 0000000077ccfc60 5 bytes JMP 000000007ef331d9 .text C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[1236] C:\Windows\SysWOW64\ntdll.dll!NtMapViewOfSection 0000000077ccfc90 5 bytes JMP 000000007ef315f1 .text C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[1236] C:\Windows\SysWOW64\ntdll.dll!NtUnmapViewOfSection 0000000077ccfcc0 5 bytes JMP 000000007ef31689 .text C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[1236] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 0000000077ccfcf0 5 bytes JMP 000000007ef357d9 .text C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[1236] C:\Windows\SysWOW64\ntdll.dll!NtWriteVirtualMemory 0000000077ccfe54 5 bytes JMP 000000007ef330a9 .text C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[1236] C:\Windows\SysWOW64\ntdll.dll!NtDuplicateObject 0000000077ccfe84 5 bytes JMP 000000007ef33309 .text C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[1236] C:\Windows\SysWOW64\ntdll.dll!NtAdjustPrivilegesToken 0000000077ccff00 5 bytes JMP 000000007ef367e1 .text C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[1236] C:\Windows\SysWOW64\ntdll.dll!NtQueueApcThread 0000000077ccff64 5 bytes JMP 000000007ef33271 .text C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[1236] C:\Windows\SysWOW64\ntdll.dll!NtCreateProcessEx 0000000077cd002c 5 bytes JMP 000000007ef32ee1 .text C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[1236] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread 0000000077cd0044 5 bytes JMP 000000007ef32db1 .text C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[1236] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile 0000000077cd00f4 5 bytes JMP 000000007ef31ed9 .text C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[1236] C:\Windows\SysWOW64\ntdll.dll!NtSetValueKey 0000000077cd0204 5 bytes JMP 000000007ef32301 .text C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[1236] C:\Windows\SysWOW64\ntdll.dll!NtCreateProcess 0000000077cd0854 5 bytes JMP 000000007ef32e49 .text C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[1236] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx 0000000077cd08e4 5 bytes JMP 000000007ef32d19 .text C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[1236] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver 0000000077cd0e34 5 bytes JMP 000000007ef35ef9 .text C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[1236] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessToken 0000000077cd1100 5 bytes JMP 000000007ef373c1 .text C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[1236] C:\Windows\SysWOW64\ntdll.dll!NtRaiseHardError 0000000077cd1644 5 bytes JMP 000000007ef34ac9 .text C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[1236] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread 0000000077cd1960 5 bytes JMP 000000007ef33141 .text C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[1236] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation 0000000077cd1c24 5 bytes JMP 000000007ef35f91 .text C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[1236] C:\Windows\SysWOW64\ntdll.dll!NtSuspendProcess 0000000077cd1d94 5 bytes JMP 000000007ef33439 .text C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[1236] C:\Windows\SysWOW64\ntdll.dll!NtSuspendThread 0000000077cd1db0 5 bytes JMP 000000007ef333a1 .text C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[1236] C:\Windows\SysWOW64\ntdll.dll!NtVdmControl 0000000077cd1f28 5 bytes JMP 000000007ef37589 .text C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[1236] C:\Windows\SysWOW64\ntdll.dll!RtlQueryPerformanceCounter 0000000077ce28e4 5 bytes JMP 000000007ef31ab1 .text C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[1236] C:\Windows\SysWOW64\ntdll.dll!RtlEqualSid 0000000077ce8e61 5 bytes JMP 000000007ef374f1 .text C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[1236] C:\Windows\SysWOW64\ntdll.dll!RtlCreateProcessParametersEx 0000000077d10eab 5 bytes JMP 000000007ef32009 .text C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[1236] C:\Windows\SysWOW64\ntdll.dll!RtlReportException 0000000077d58b7f 5 bytes JMP 000000007ef34b61 .text C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[1236] C:\Windows\SysWOW64\ntdll.dll!RtlCreateProcessParameters 0000000077d5ee1b 5 bytes JMP 000000007ef31f71 .text C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[1236] C:\Windows\syswow64\kernel32.dll!GetStartupInfoA 0000000075a90e00 5 bytes JMP 000000007ef31da9 .text C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[1236] C:\Windows\syswow64\kernel32.dll!CreateProcessA 0000000075a91072 5 bytes JMP 000000007ef32a21 .text C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[1236] C:\Windows\syswow64\kernel32.dll!LoadLibraryA 0000000075a94977 5 bytes JMP 000000007ef325f9 .text C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[1236] C:\Windows\syswow64\kernel32.dll!CreateProcessInternalW 0000000075aa3b93 5 bytes JMP 000000007ef33011 .text C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[1236] C:\Windows\syswow64\kernel32.dll!MoveFileWithProgressW 0000000075aa9a8c 5 bytes JMP 000000007ef36749 .text C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[1236] C:\Windows\syswow64\kernel32.dll!MoveFileExW 0000000075aa9aed 5 bytes JMP 000000007ef364e9 .text C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[1236] C:\Windows\syswow64\kernel32.dll!CreateToolhelp32Snapshot 0000000075ab7317 5 bytes JMP 000000007ef32729 .text C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[1236] C:\Windows\syswow64\kernel32.dll!Process32NextW 0000000075ab88ca 5 bytes JMP 000000007ef35dc9 .text C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[1236] C:\Windows\syswow64\kernel32.dll!MoveFileExA 0000000075abccb1 5 bytes JMP 000000007ef363b9 .text C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[1236] C:\Windows\syswow64\kernel32.dll!MoveFileWithProgressA 0000000075abccd1 5 bytes JMP 000000007ef36619 .text C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[1236] C:\Windows\syswow64\kernel32.dll!WinExec 0000000075b13061 5 bytes JMP 000000007ef328f1 .text C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[1236] C:\Windows\syswow64\kernel32.dll!ReadConsoleInputA 0000000075b3752b 5 bytes JMP 000000007ef346a1 .text C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[1236] C:\Windows\syswow64\kernel32.dll!ReadConsoleInputW 0000000075b3754e 5 bytes JMP 000000007ef347d1 .text C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[1236] C:\Windows\syswow64\kernel32.dll!ReadConsoleA 0000000075b378f9 5 bytes JMP 000000007ef34901 .text C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[1236] C:\Windows\syswow64\kernel32.dll!ReadConsoleW 0000000075b37972 5 bytes JMP 000000007ef34a31 .text C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[1236] C:\Windows\syswow64\KERNELBASE.dll!GetSystemTimeAsFileTime 0000000075a38f8d 5 bytes JMP 000000007ef31a19 .text C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[1236] C:\Windows\syswow64\KERNELBASE.dll!CloseHandle 0000000075a3c436 5 bytes JMP 000000007ef33b59 .text C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[1236] C:\Windows\syswow64\KERNELBASE.dll!DeviceIoControl 0000000075a3d0af 5 bytes JMP 000000007ef36879 .text C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[1236] C:\Windows\syswow64\KERNELBASE.dll!WriteProcessMemory 0000000075a3eca6 5 bytes JMP 000000007ef33601 .text C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[1236] C:\Windows\syswow64\KERNELBASE.dll!ExitProcess 0000000075a3f206 5 bytes JMP 000000007ef32399 .text C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[1236] C:\Windows\syswow64\KERNELBASE.dll!GetStartupInfoW 0000000075a3fa89 5 bytes JMP 000000007ef31e41 .text C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[1236] C:\Windows\syswow64\KERNELBASE.dll!DefineDosDeviceW 0000000075a3fbb7 5 bytes JMP 000000007ef36289 .text C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[1236] C:\Windows\syswow64\KERNELBASE.dll!CreateMutexW 0000000075a41358 5 bytes JMP 000000007ef33ac1 .text C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[1236] C:\Windows\syswow64\KERNELBASE.dll!OpenMutexW 0000000075a4137f 5 bytes JMP 000000007ef33a29 .text C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[1236] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000075a41d29 5 bytes JMP 000000007ef31981 .text C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[1236] C:\Windows\syswow64\KERNELBASE.dll!GetProcAddress 0000000075a41e15 5 bytes JMP 000000007ef324c9 .text C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[1236] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000075a42ab1 5 bytes JMP 000000007ef359a1 .text C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[1236] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExA 0000000075a42cdf 5 bytes JMP 000000007ef35909 .text C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[1236] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000075a42d1d 5 bytes JMP 000000007ef35a39 .text C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[1236] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleA 0000000075a42e80 5 bytes JMP 000000007ef318e9 .text C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[1236] C:\Windows\syswow64\KERNELBASE.dll!SleepEx 0000000075a43b76 5 bytes JMP 000000007ef32269 .text C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[1236] C:\Windows\syswow64\KERNELBASE.dll!Sleep 0000000075a4449c 5 bytes JMP 000000007ef32431 .text C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[1236] C:\Windows\syswow64\KERNELBASE.dll!CreateThread 0000000075a4460e 5 bytes JMP 000000007ef33569 .text C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[1236] C:\Windows\syswow64\KERNELBASE.dll!CreateRemoteThread 0000000075a44637 5 bytes JMP 000000007ef32c81 .text C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[1236] C:\Windows\syswow64\KERNELBASE.dll!FindNextFileW 0000000075a4a217 5 bytes JMP 000000007ef369a9 .text C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[1236] C:\Windows\syswow64\KERNELBASE.dll!FindFirstFileExW 0000000075a4a500 5 bytes JMP 000000007ef36911 .text C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[1236] C:\Windows\syswow64\KERNELBASE.dll!CreateFileA 0000000075a4c73a 5 bytes JMP 000000007ef327c1 .text C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[1236] C:\Windows\syswow64\KERNELBASE.dll!CreateWellKnownSid 0000000075a4e2a4 5 bytes JMP 000000007ef37329 .text C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[1236] C:\Windows\syswow64\msvcrt.dll!_lock + 41 0000000075b9a472 5 bytes JMP 000000007ef37751 .text C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[1236] C:\Windows\syswow64\msvcrt.dll!__p__fmode 0000000075ba27ce 5 bytes JMP 000000007ef31be1 .text C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[1236] C:\Windows\syswow64\msvcrt.dll!__p__environ 0000000075bae6cf 5 bytes JMP 000000007ef31b49 .text C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[1236] C:\Windows\syswow64\ADVAPI32.dll!CryptGenKey 0000000075698e89 5 bytes JMP 000000007ef36b71 .text C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[1236] C:\Windows\syswow64\ADVAPI32.dll!CryptAcquireContextA 0000000075699179 5 bytes JMP 000000007ef36a41 .text C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[1236] C:\Windows\syswow64\ADVAPI32.dll!CryptExportKey 0000000075699186 5 bytes JMP 000000007ef370c9 .text C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[1236] C:\Windows\syswow64\ADVAPI32.dll!CryptImportKey 000000007569c4d2 5 bytes JMP 000000007ef37291 .text C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[1236] C:\Windows\syswow64\ADVAPI32.dll!OpenServiceW 000000007569c9ec 5 bytes JMP 000000007ef33c89 .text C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[1236] C:\Windows\syswow64\ADVAPI32.dll!CryptAcquireContextW 000000007569deb4 5 bytes JMP 000000007ef36ad9 .text C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[1236] C:\Windows\syswow64\ADVAPI32.dll!CryptHashData 000000007569ded6 5 bytes JMP 000000007ef371f9 .text C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[1236] C:\Windows\syswow64\ADVAPI32.dll!CryptCreateHash 000000007569deee 5 bytes JMP 000000007ef37031 .text C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[1236] C:\Windows\syswow64\ADVAPI32.dll!CryptGetHashParam 000000007569df1e 5 bytes JMP 000000007ef37161 .text C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[1236] C:\Windows\syswow64\ADVAPI32.dll!OpenServiceA 00000000756a2b50 5 bytes JMP 000000007ef33bf1 .text C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[1236] C:\Windows\syswow64\ADVAPI32.dll!CloseServiceHandle 00000000756a35fc 5 bytes JMP 000000007ef340b1 .text C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[1236] C:\Windows\syswow64\ADVAPI32.dll!RegOpenKeyExA + 222 00000000756a494d 5 bytes JMP 000000007ef377e9 .text C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[1236] C:\Windows\syswow64\ADVAPI32.dll!CreateServiceW 00000000756b714c 5 bytes JMP 000000007ef34311 .text C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[1236] C:\Windows\syswow64\ADVAPI32.dll!ControlService 00000000756b7164 5 bytes JMP 000000007ef33e51 .text C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[1236] C:\Windows\syswow64\ADVAPI32.dll!DeleteService 00000000756b717c 5 bytes JMP 000000007ef33ee9 .text C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[1236] C:\Windows\syswow64\ADVAPI32.dll!CryptEncrypt 00000000756b77c3 5 bytes JMP 000000007ef36c09 .text C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[1236] C:\Windows\syswow64\ADVAPI32.dll!ChangeServiceConfigA 00000000756d3384 5 bytes JMP 000000007ef33f81 .text C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[1236] C:\Windows\syswow64\ADVAPI32.dll!ChangeServiceConfigW 00000000756d3394 5 bytes JMP 000000007ef34019 .text C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[1236] C:\Windows\syswow64\ADVAPI32.dll!ControlServiceExA 00000000756d33a4 5 bytes JMP 000000007ef33d21 .text C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[1236] C:\Windows\syswow64\ADVAPI32.dll!ControlServiceExW 00000000756d33b4 5 bytes JMP 000000007ef33db9 .text C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[1236] C:\Windows\syswow64\ADVAPI32.dll!CreateServiceA 00000000756d33f4 5 bytes JMP 000000007ef34279 .text C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[1236] C:\Windows\syswow64\GDI32.dll!TranslateCharsetInfo + 505 0000000076b4633b 5 bytes JMP 000000007ef37881 .text C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[1236] C:\Windows\syswow64\GDI32.dll!NamedEscape 0000000076b740e9 5 bytes JMP 000000007ef36f99 .text C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[1236] C:\Windows\syswow64\USER32.dll!GetMessageW 0000000076e278e2 5 bytes JMP 000000007ef34441 .text C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[1236] C:\Windows\syswow64\USER32.dll!GetMessageA 0000000076e27bd3 5 bytes JMP 000000007ef343a9 .text C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[1236] C:\Windows\syswow64\USER32.dll!CreateWindowExW 0000000076e28a29 5 bytes JMP 000000007ef34f89 .text C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[1236] C:\Windows\syswow64\USER32.dll!FindWindowW 0000000076e298fd 1 byte JMP 000000007ef35c01 .text C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[1236] C:\Windows\syswow64\USER32.dll!FindWindowW + 2 0000000076e298ff 3 bytes {JMP 0x810c304} .text C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[1236] C:\Windows\syswow64\USER32.dll!UserClientDllInitialize 0000000076e2b6ed 5 bytes JMP 000000007ef37919 .text C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[1236] C:\Windows\syswow64\USER32.dll!CreateWindowExA 0000000076e2d22e 5 bytes JMP 000000007ef35021 .text C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[1236] C:\Windows\syswow64\USER32.dll!SetWinEventHook 0000000076e2ee09 5 bytes JMP 000000007ef334d1 .text C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[1236] C:\Windows\syswow64\USER32.dll!FindWindowA 0000000076e2ffe6 5 bytes JMP 000000007ef35ad1 .text C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[1236] C:\Windows\syswow64\USER32.dll!FindWindowExA 0000000076e300d9 5 bytes JMP 000000007ef35b69 .text C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[1236] C:\Windows\syswow64\USER32.dll!PeekMessageW 0000000076e305ba 5 bytes JMP 000000007ef34571 .text C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[1236] C:\Windows\syswow64\USER32.dll!ShowWindow 0000000076e30dfb 5 bytes JMP 000000007ef350b9 .text C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[1236] C:\Windows\syswow64\USER32.dll!PostMessageW 0000000076e312a5 5 bytes JMP 000000007ef376b9 .text C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[1236] C:\Windows\syswow64\USER32.dll!SetWindowTextW 0000000076e320ec 5 bytes JMP 000000007ef35449 .text C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[1236] C:\Windows\syswow64\USER32.dll!PostMessageA 0000000076e33baa 5 bytes JMP 000000007ef37621 .text C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[1236] C:\Windows\syswow64\USER32.dll!PeekMessageA 0000000076e35f74 5 bytes JMP 000000007ef344d9 .text C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[1236] C:\Windows\syswow64\USER32.dll!CallNextHookEx 0000000076e36285 5 bytes JMP 000000007ef34bf9 .text C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[1236] C:\Windows\syswow64\USER32.dll!SetWindowsHookExW 0000000076e37603 5 bytes JMP 000000007ef32be9 .text C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[1236] C:\Windows\syswow64\USER32.dll!SetWindowTextA 0000000076e37aee 5 bytes JMP 000000007ef353b1 .text C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[1236] C:\Windows\syswow64\USER32.dll!SetWindowsHookExA 0000000076e3835c 5 bytes JMP 000000007ef32b51 .text C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[1236] C:\Windows\syswow64\USER32.dll!DialogBoxIndirectParamAorW 0000000076e4ce54 5 bytes JMP 000000007ef351e9 .text C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[1236] C:\Windows\syswow64\USER32.dll!UnhookWindowsHookEx 0000000076e4f52b 5 bytes JMP 000000007ef34c91 .text C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[1236] C:\Windows\syswow64\USER32.dll!FindWindowExW 0000000076e4f588 5 bytes JMP 000000007ef35c99 .text C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[1236] C:\Windows\syswow64\USER32.dll!CreateDialogIndirectParamAorW 0000000076e510a0 5 bytes JMP 000000007ef35151 .text C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[1236] C:\Windows\syswow64\USER32.dll!MessageBoxExA 0000000076e7fcd6 2 bytes JMP 000000007ef35281 .text C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[1236] C:\Windows\syswow64\USER32.dll!MessageBoxExA + 3 0000000076e7fcd9 2 bytes [0B, 08] .text C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[1236] C:\Windows\syswow64\USER32.dll!MessageBoxExW 0000000076e7fcfa 5 bytes JMP 000000007ef35319 .text C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[1236] C:\Windows\syswow64\SHELL32.dll!Shell_NotifyIconW 0000000075dc01a9 5 bytes JMP 000000007ef34d29 .text C:\Windows\system32\svchost.exe[1336] C:\Windows\SYSTEM32\ntdll.dll!RtlEqualSid + 1 0000000077af85e1 11 bytes [B8, F9, 04, A5, 75, 00, 00, ...] .text C:\Windows\system32\svchost.exe[1336] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateProcessParametersEx + 1 0000000077b06921 7 bytes [B8, 39, 69, A4, 75, 00, 00] .text C:\Windows\system32\svchost.exe[1336] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateProcessParametersEx + 10 0000000077b0692a 2 bytes [50, C3] .text C:\Windows\system32\svchost.exe[1336] C:\Windows\SYSTEM32\ntdll.dll!NtClose 0000000077b1daa0 6 bytes [48, B8, 79, C2, A4, 75] .text C:\Windows\system32\svchost.exe[1336] C:\Windows\SYSTEM32\ntdll.dll!NtClose + 8 0000000077b1daa8 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\svchost.exe[1336] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess 0000000077b1db70 6 bytes [48, B8, 39, AF, A4, 75] .text C:\Windows\system32\svchost.exe[1336] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess + 8 0000000077b1db78 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\svchost.exe[1336] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationToken 0000000077b1dbc0 6 bytes [48, B8, 39, 03, A5, 75] .text C:\Windows\system32\svchost.exe[1336] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationToken + 8 0000000077b1dbc8 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\svchost.exe[1336] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077b1dc10 6 bytes [48, B8, F9, 32, A4, 75] .text C:\Windows\system32\svchost.exe[1336] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess + 8 0000000077b1dc18 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\svchost.exe[1336] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 0000000077b1dc30 6 bytes [48, B8, 39, 1C, A4, 75] .text C:\Windows\system32\svchost.exe[1336] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection + 8 0000000077b1dc38 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\svchost.exe[1336] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection 0000000077b1dc50 6 bytes [48, B8, F9, 1D, A4, 75] .text C:\Windows\system32\svchost.exe[1336] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection + 8 0000000077b1dc58 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\svchost.exe[1336] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077b1dc70 6 bytes [48, B8, 79, AD, A4, 75] .text C:\Windows\system32\svchost.exe[1336] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess + 8 0000000077b1dc78 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\svchost.exe[1336] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077b1dd50 6 bytes [48, B8, 79, 2F, A4, 75] .text C:\Windows\system32\svchost.exe[1336] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory + 8 0000000077b1dd58 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\svchost.exe[1336] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077b1dd70 6 bytes [48, B8, 79, 36, A4, 75] .text C:\Windows\system32\svchost.exe[1336] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject + 8 0000000077b1dd78 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\svchost.exe[1336] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 0000000077b1de00 6 bytes [48, B8, B9, 34, A4, 75] .text C:\Windows\system32\svchost.exe[1336] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread + 8 0000000077b1de08 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\svchost.exe[1336] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcessEx 0000000077b1de80 6 bytes [48, B8, 39, 2A, A4, 75] .text C:\Windows\system32\svchost.exe[1336] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcessEx + 8 0000000077b1de88 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\svchost.exe[1336] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077b1de90 6 bytes [48, B8, B9, 26, A4, 75] .text C:\Windows\system32\svchost.exe[1336] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread + 8 0000000077b1de98 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\svchost.exe[1336] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 0000000077b1df00 6 bytes [48, B8, 79, DE, A4, 75] .text C:\Windows\system32\svchost.exe[1336] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile + 8 0000000077b1df08 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\svchost.exe[1336] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcess 0000000077b1e3d0 6 bytes [48, B8, 79, 28, A4, 75] .text C:\Windows\system32\svchost.exe[1336] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcess + 8 0000000077b1e3d8 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\svchost.exe[1336] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077b1e430 6 bytes [48, B8, F9, 24, A4, 75] .text C:\Windows\system32\svchost.exe[1336] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx + 8 0000000077b1e438 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\svchost.exe[1336] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077b1e7a0 6 bytes [48, B8, 39, C4, A4, 75] .text C:\Windows\system32\svchost.exe[1336] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver + 8 0000000077b1e7a8 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\svchost.exe[1336] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcessToken 0000000077b1e970 6 bytes [48, B8, 79, 01, A5, 75] .text C:\Windows\system32\svchost.exe[1336] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcessToken + 8 0000000077b1e978 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\svchost.exe[1336] C:\Windows\SYSTEM32\ntdll.dll!NtRaiseHardError 0000000077b1ece0 6 bytes [48, B8, 79, 83, A4, 75] .text C:\Windows\system32\svchost.exe[1336] C:\Windows\SYSTEM32\ntdll.dll!NtRaiseHardError + 8 0000000077b1ece8 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\svchost.exe[1336] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077b1eee0 6 bytes [48, B8, 39, 31, A4, 75] .text C:\Windows\system32\svchost.exe[1336] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread + 8 0000000077b1eee8 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\svchost.exe[1336] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077b1f0a0 6 bytes [48, B8, F9, C5, A4, 75] .text C:\Windows\system32\svchost.exe[1336] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation + 8 0000000077b1f0a8 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\svchost.exe[1336] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077b1f180 6 bytes [48, B8, 79, 3D, A4, 75] .text C:\Windows\system32\svchost.exe[1336] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess + 8 0000000077b1f188 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\svchost.exe[1336] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077b1f190 6 bytes [48, B8, B9, 3B, A4, 75] .text C:\Windows\system32\svchost.exe[1336] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread + 8 0000000077b1f198 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\svchost.exe[1336] C:\Windows\SYSTEM32\ntdll.dll!RtlReportException + 1 0000000077b8f0c1 11 bytes [B8, 39, 85, A4, 75, 00, 00, ...] .text C:\Windows\system32\svchost.exe[1336] C:\Windows\system32\kernel32.dll!Process32NextW + 1 00000000779b1b21 11 bytes [B8, B9, C0, A4, 75, 00, 00, ...] .text C:\Windows\system32\svchost.exe[1336] C:\Windows\system32\kernel32.dll!CreateToolhelp32Snapshot 00000000779b1c10 12 bytes [48, B8, F9, 39, A4, 75, 00, ...] .text C:\Windows\system32\svchost.exe[1336] C:\Windows\system32\kernel32.dll!MoveFileExW + 1 00000000779b2b61 8 bytes [B8, B9, D5, A4, 75, 00, 00, ...] .text C:\Windows\system32\svchost.exe[1336] C:\Windows\system32\kernel32.dll!MoveFileExW + 10 00000000779b2b6a 2 bytes [50, C3] .text C:\Windows\system32\svchost.exe[1336] C:\Windows\system32\kernel32.dll!CreateProcessInternalW 00000000779cdb10 12 bytes [48, B8, B9, 2D, A4, 75, 00, ...] .text C:\Windows\system32\svchost.exe[1336] C:\Windows\system32\kernel32.dll!GetStartupInfoA + 1 00000000779d0951 11 bytes [B8, 79, 08, A5, 75, 00, 00, ...] .text C:\Windows\system32\svchost.exe[1336] C:\Windows\system32\kernel32.dll!ReadConsoleInputW + 1 0000000077a052c1 11 bytes [B8, B9, 7A, A4, 75, 00, 00, ...] .text C:\Windows\system32\svchost.exe[1336] C:\Windows\system32\kernel32.dll!ReadConsoleInputA + 1 0000000077a052e1 11 bytes [B8, 39, 77, A4, 75, 00, 00, ...] .text C:\Windows\system32\svchost.exe[1336] C:\Windows\system32\kernel32.dll!ReadConsoleW 0000000077a1a630 12 bytes [48, B8, B9, 81, A4, 75, 00, ...] .text C:\Windows\system32\svchost.exe[1336] C:\Windows\system32\kernel32.dll!ReadConsoleA 0000000077a1a740 12 bytes [48, B8, 39, 7E, A4, 75, 00, ...] .text C:\Windows\system32\svchost.exe[1336] C:\Windows\system32\kernel32.dll!MoveFileWithProgressW + 1 0000000077a3f4e1 11 bytes [B8, B9, DC, A4, 75, 00, 00, ...] .text C:\Windows\system32\svchost.exe[1336] C:\Windows\system32\kernel32.dll!MoveFileWithProgressA + 1 0000000077a3f6e1 11 bytes [B8, 39, D9, A4, 75, 00, 00, ...] .text C:\Windows\system32\svchost.exe[1336] C:\Windows\system32\kernel32.dll!MoveFileExA + 1 0000000077a3f711 8 bytes [B8, 39, D2, A4, 75, 00, 00, ...] .text C:\Windows\system32\svchost.exe[1336] C:\Windows\system32\kernel32.dll!MoveFileExA + 10 0000000077a3f71a 2 bytes [50, C3] .text C:\Windows\system32\svchost.exe[1336] C:\Windows\system32\KERNELBASE.dll!CloseHandle + 1 000007fefd951861 11 bytes [B8, 79, 52, A4, 75, 00, 00, ...] .text C:\Windows\system32\svchost.exe[1336] C:\Windows\system32\KERNELBASE.dll!GetProcAddress + 1 000007fefd9530f1 11 bytes [B8, 39, B6, A4, 75, 00, 00, ...] .text C:\Windows\system32\svchost.exe[1336] C:\Windows\system32\KERNELBASE.dll!FindFirstFileExW 000007fefd954a20 12 bytes [48, B8, F9, E1, A4, 75, 00, ...] .text C:\Windows\system32\svchost.exe[1336] C:\Windows\system32\KERNELBASE.dll!FindNextFileW + 1 000007fefd955501 11 bytes [B8, B9, E3, A4, 75, 00, 00, ...] .text C:\Windows\system32\svchost.exe[1336] C:\Windows\system32\KERNELBASE.dll!CreateMutexW 000007fefd9585b0 12 bytes [48, B8, B9, 50, A4, 75, 00, ...] .text C:\Windows\system32\svchost.exe[1336] C:\Windows\system32\KERNELBASE.dll!DeviceIoControl + 1 000007fefd9590a1 11 bytes [B8, 39, E0, A4, 75, 00, 00, ...] .text C:\Windows\system32\svchost.exe[1336] C:\Windows\system32\KERNELBASE.dll!CreateWellKnownSid + 1 000007fefd95a881 11 bytes [B8, B9, FF, A4, 75, 00, 00, ...] .text C:\Windows\system32\svchost.exe[1336] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd95ac50 12 bytes [48, B8, B9, B2, A4, 75, 00, ...] .text C:\Windows\system32\svchost.exe[1336] C:\Windows\system32\KERNELBASE.dll!FreeLibrary + 1 000007fefd95b2c1 11 bytes [B8, 79, B4, A4, 75, 00, 00, ...] .text C:\Windows\system32\svchost.exe[1336] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExA + 1 000007fefd95cec1 11 bytes [B8, F9, B0, A4, 75, 00, 00, ...] .text C:\Windows\system32\svchost.exe[1336] C:\Windows\system32\KERNELBASE.dll!OpenMutexW + 1 000007fefd963c71 11 bytes [B8, F9, 4E, A4, 75, 00, 00, ...] .text C:\Windows\system32\svchost.exe[1336] C:\Windows\system32\KERNELBASE.dll!WriteProcessMemory 000007fefd984300 12 bytes [48, B8, B9, 42, A4, 75, 00, ...] .text C:\Windows\system32\svchost.exe[1336] C:\Windows\system32\KERNELBASE.dll!DefineDosDeviceW + 1 000007fefd990bc1 11 bytes [B8, B9, CE, A4, 75, 00, 00, ...] .text C:\Windows\system32\svchost.exe[1336] C:\Windows\system32\KERNELBASE.dll!CreateRemoteThread + 1 000007fefd992821 8 bytes [B8, 39, 23, A4, 75, 00, 00, ...] .text C:\Windows\system32\svchost.exe[1336] C:\Windows\system32\KERNELBASE.dll!CreateRemoteThread + 10 000007fefd99282a 2 bytes [50, C3] .text C:\Windows\system32\svchost.exe[1336] C:\Windows\system32\KERNELBASE.dll!CreateThread + 1 000007fefd992861 11 bytes [B8, F9, 40, A4, 75, 00, 00, ...] .text C:\Windows\system32\svchost.exe[1336] C:\Windows\SYSTEM32\sechost.dll!ControlService + 1 000007fefe88642d 11 bytes [B8, 39, 5B, A4, 75, 00, 00, ...] .text C:\Windows\system32\svchost.exe[1336] C:\Windows\SYSTEM32\sechost.dll!OpenServiceW 000007fefe886484 12 bytes [48, B8, F9, 55, A4, 75, 00, ...] .text C:\Windows\system32\svchost.exe[1336] C:\Windows\SYSTEM32\sechost.dll!CloseServiceHandle + 1 000007fefe886519 11 bytes [B8, 39, 62, A4, 75, 00, 00, ...] .text C:\Windows\system32\svchost.exe[1336] C:\Windows\SYSTEM32\sechost.dll!OpenServiceA 000007fefe886c34 12 bytes [48, B8, 39, 54, A4, 75, 00, ...] .text C:\Windows\system32\svchost.exe[1336] C:\Windows\SYSTEM32\sechost.dll!DeleteService + 1 000007fefe887ab5 11 bytes [B8, F9, 5C, A4, 75, 00, 00, ...] .text C:\Windows\system32\svchost.exe[1336] C:\Windows\SYSTEM32\sechost.dll!ControlServiceExA + 1 000007fefe888b01 11 bytes [B8, B9, 57, A4, 75, 00, 00, ...] .text C:\Windows\system32\svchost.exe[1336] C:\Windows\SYSTEM32\sechost.dll!ControlServiceExW + 1 000007fefe888c39 11 bytes [B8, 79, 59, A4, 75, 00, 00, ...] .text C:\Windows\system32\svchost.exe[1336] C:\Windows\system32\ADVAPI32.dll!CryptExportKey + 1 000007fefe00ae81 11 bytes [B8, B9, F8, A4, 75, 00, 00, ...] .text C:\Windows\system32\svchost.exe[1336] C:\Windows\system32\ADVAPI32.dll!CryptAcquireContextA + 1 000007fefe00aee1 11 bytes [B8, 79, E5, A4, 75, 00, 00, ...] .text C:\Windows\system32\svchost.exe[1336] C:\Windows\system32\ADVAPI32.dll!CryptImportKey + 1 000007fefe00e6e9 11 bytes [B8, F9, FD, A4, 75, 00, 00, ...] .text C:\Windows\system32\svchost.exe[1336] C:\Windows\system32\ADVAPI32.dll!CryptAcquireContextW + 1 000007fefe01048d 11 bytes [B8, 39, E7, A4, 75, 00, 00, ...] .text C:\Windows\system32\svchost.exe[1336] C:\Windows\system32\ADVAPI32.dll!CryptCreateHash + 1 000007fefe010579 11 bytes [B8, F9, F6, A4, 75, 00, 00, ...] .text C:\Windows\system32\svchost.exe[1336] C:\Windows\system32\ADVAPI32.dll!CryptGetHashParam + 1 000007fefe0105b1 11 bytes [B8, 79, FA, A4, 75, 00, 00, ...] .text C:\Windows\system32\svchost.exe[1336] C:\Windows\system32\ADVAPI32.dll!CryptGetHashParam + 73 000007fefe0105f9 5 bytes [B8, 39, FC, A4, 75] .text ... * 2 .text C:\Windows\system32\svchost.exe[1336] C:\Windows\system32\ADVAPI32.dll!IsTextUnicode + 49 000007fefe024e21 11 bytes [B8, 39, 0A, A5, 75, 00, 00, ...] .text C:\Windows\system32\svchost.exe[1336] C:\Windows\system32\ADVAPI32.dll!CreateServiceW 000007fefe025538 12 bytes [48, B8, B9, 6C, A4, 75, 00, ...] .text C:\Windows\system32\svchost.exe[1336] C:\Windows\system32\ADVAPI32.dll!CryptEncrypt + 1 000007fefe03b9c1 7 bytes [B8, B9, EA, A4, 75, 00, 00] .text C:\Windows\system32\svchost.exe[1336] C:\Windows\system32\ADVAPI32.dll!CryptEncrypt + 10 000007fefe03b9ca 2 bytes [50, C3] .text C:\Windows\system32\svchost.exe[1336] C:\Windows\system32\ADVAPI32.dll!CreateServiceA 000007fefe03ba4c 12 bytes [48, B8, F9, 6A, A4, 75, 00, ...] .text C:\Windows\system32\svchost.exe[1336] C:\Windows\system32\ADVAPI32.dll!ChangeServiceConfigW 000007fefe03bbc0 12 bytes [48, B8, 79, 60, A4, 75, 00, ...] .text C:\Windows\system32\svchost.exe[1336] C:\Windows\system32\ADVAPI32.dll!ChangeServiceConfigA 000007fefe03bc2c 12 bytes [48, B8, B9, 5E, A4, 75, 00, ...] .text C:\Windows\system32\svchost.exe[1336] C:\Windows\system32\WS2_32.dll!WSASend + 1 000007feff9613b1 11 bytes [B8, B9, AB, A4, 75, 00, 00, ...] .text C:\Windows\system32\svchost.exe[1336] C:\Windows\system32\WS2_32.dll!closesocket 000007feff9618e0 12 bytes [48, B8, F9, A9, A4, 75, 00, ...] .text C:\Windows\system32\svchost.exe[1336] C:\Windows\system32\WS2_32.dll!WSASocketW + 1 000007feff961bd1 11 bytes [B8, 39, A8, A4, 75, 00, 00, ...] .text C:\Windows\system32\svchost.exe[1336] C:\Windows\system32\WS2_32.dll!WSARecv + 1 000007feff962201 11 bytes [B8, 79, F3, A4, 75, 00, 00, ...] .text C:\Windows\system32\svchost.exe[1336] C:\Windows\system32\WS2_32.dll!GetAddrInfoW 000007feff9623c0 12 bytes [48, B8, 39, 8C, A4, 75, 00, ...] .text C:\Windows\system32\svchost.exe[1336] C:\Windows\system32\WS2_32.dll!connect 000007feff9645c0 12 bytes [48, B8, 79, 67, A4, 75, 00, ...] .text C:\Windows\system32\svchost.exe[1336] C:\Windows\system32\WS2_32.dll!send + 1 000007feff968001 11 bytes [B8, 79, A6, A4, 75, 00, 00, ...] .text C:\Windows\system32\svchost.exe[1336] C:\Windows\system32\WS2_32.dll!gethostbyname 000007feff968df0 7 bytes [48, B8, B9, 8F, A4, 75, 00] .text C:\Windows\system32\svchost.exe[1336] C:\Windows\system32\WS2_32.dll!gethostbyname + 9 000007feff968df9 3 bytes [00, 50, C3] .text C:\Windows\system32\svchost.exe[1336] C:\Windows\system32\WS2_32.dll!GetAddrInfoExW 000007feff96c090 12 bytes [48, B8, F9, 8D, A4, 75, 00, ...] .text C:\Windows\system32\svchost.exe[1336] C:\Windows\system32\WS2_32.dll!socket + 1 000007feff96de91 11 bytes [B8, 79, EC, A4, 75, 00, 00, ...] .text C:\Windows\system32\svchost.exe[1336] C:\Windows\system32\WS2_32.dll!recv + 1 000007feff96df41 11 bytes [B8, B9, F1, A4, 75, 00, 00, ...] .text C:\Windows\system32\svchost.exe[1336] C:\Windows\system32\WS2_32.dll!WSAConnect + 1 000007feff98e0f1 11 bytes [B8, F9, EF, A4, 75, 00, 00, ...] .text C:\Windows\system32\svchost.exe[1336] C:\Windows\system32\GDI32.dll!GdiDllInitialize + 349 000007feff8fb031 11 bytes [B8, 79, 0F, A5, 75, 00, 00, ...] .text C:\Windows\system32\svchost.exe[1336] C:\Windows\system32\GDI32.dll!NamedEscape + 1 000007feff929209 11 bytes [B8, 39, F5, A4, 75, 00, 00, ...] .text C:\Windows\System32\svchost.exe[1428] C:\Windows\SYSTEM32\ntdll.dll!RtlEqualSid + 1 0000000077af85e1 11 bytes [B8, F9, 04, A5, 75, 00, 00, ...] .text C:\Windows\System32\svchost.exe[1428] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateProcessParametersEx + 1 0000000077b06921 7 bytes [B8, 39, 69, A4, 75, 00, 00] .text C:\Windows\System32\svchost.exe[1428] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateProcessParametersEx + 10 0000000077b0692a 2 bytes [50, C3] .text C:\Windows\System32\svchost.exe[1428] C:\Windows\SYSTEM32\ntdll.dll!NtClose 0000000077b1daa0 6 bytes [48, B8, 79, C2, A4, 75] .text C:\Windows\System32\svchost.exe[1428] C:\Windows\SYSTEM32\ntdll.dll!NtClose + 8 0000000077b1daa8 4 bytes [00, 00, 50, C3] .text C:\Windows\System32\svchost.exe[1428] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess 0000000077b1db70 6 bytes [48, B8, 39, AF, A4, 75] .text C:\Windows\System32\svchost.exe[1428] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess + 8 0000000077b1db78 4 bytes [00, 00, 50, C3] .text C:\Windows\System32\svchost.exe[1428] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationToken 0000000077b1dbc0 6 bytes [48, B8, 39, 03, A5, 75] .text C:\Windows\System32\svchost.exe[1428] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationToken + 8 0000000077b1dbc8 4 bytes [00, 00, 50, C3] .text C:\Windows\System32\svchost.exe[1428] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077b1dc10 6 bytes [48, B8, F9, 32, A4, 75] .text C:\Windows\System32\svchost.exe[1428] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess + 8 0000000077b1dc18 4 bytes [00, 00, 50, C3] .text C:\Windows\System32\svchost.exe[1428] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 0000000077b1dc30 6 bytes [48, B8, 39, 1C, A4, 75] .text C:\Windows\System32\svchost.exe[1428] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection + 8 0000000077b1dc38 4 bytes [00, 00, 50, C3] .text C:\Windows\System32\svchost.exe[1428] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection 0000000077b1dc50 6 bytes [48, B8, F9, 1D, A4, 75] .text C:\Windows\System32\svchost.exe[1428] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection + 8 0000000077b1dc58 4 bytes [00, 00, 50, C3] .text C:\Windows\System32\svchost.exe[1428] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077b1dc70 6 bytes [48, B8, 79, AD, A4, 75] .text C:\Windows\System32\svchost.exe[1428] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess + 8 0000000077b1dc78 4 bytes [00, 00, 50, C3] .text C:\Windows\System32\svchost.exe[1428] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077b1dd50 6 bytes [48, B8, 79, 2F, A4, 75] .text C:\Windows\System32\svchost.exe[1428] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory + 8 0000000077b1dd58 4 bytes [00, 00, 50, C3] .text C:\Windows\System32\svchost.exe[1428] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077b1dd70 6 bytes [48, B8, 79, 36, A4, 75] .text C:\Windows\System32\svchost.exe[1428] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject + 8 0000000077b1dd78 4 bytes [00, 00, 50, C3] .text C:\Windows\System32\svchost.exe[1428] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 0000000077b1de00 6 bytes [48, B8, B9, 34, A4, 75] .text C:\Windows\System32\svchost.exe[1428] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread + 8 0000000077b1de08 4 bytes [00, 00, 50, C3] .text C:\Windows\System32\svchost.exe[1428] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcessEx 0000000077b1de80 6 bytes [48, B8, 39, 2A, A4, 75] .text C:\Windows\System32\svchost.exe[1428] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcessEx + 8 0000000077b1de88 4 bytes [00, 00, 50, C3] .text C:\Windows\System32\svchost.exe[1428] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077b1de90 6 bytes [48, B8, B9, 26, A4, 75] .text C:\Windows\System32\svchost.exe[1428] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread + 8 0000000077b1de98 4 bytes [00, 00, 50, C3] .text C:\Windows\System32\svchost.exe[1428] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 0000000077b1df00 6 bytes [48, B8, 79, DE, A4, 75] .text C:\Windows\System32\svchost.exe[1428] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile + 8 0000000077b1df08 4 bytes [00, 00, 50, C3] .text C:\Windows\System32\svchost.exe[1428] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcess 0000000077b1e3d0 6 bytes [48, B8, 79, 28, A4, 75] .text C:\Windows\System32\svchost.exe[1428] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcess + 8 0000000077b1e3d8 4 bytes [00, 00, 50, C3] .text C:\Windows\System32\svchost.exe[1428] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077b1e430 6 bytes [48, B8, F9, 24, A4, 75] .text C:\Windows\System32\svchost.exe[1428] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx + 8 0000000077b1e438 4 bytes [00, 00, 50, C3] .text C:\Windows\System32\svchost.exe[1428] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077b1e7a0 6 bytes [48, B8, 39, C4, A4, 75] .text C:\Windows\System32\svchost.exe[1428] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver + 8 0000000077b1e7a8 4 bytes [00, 00, 50, C3] .text C:\Windows\System32\svchost.exe[1428] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcessToken 0000000077b1e970 6 bytes [48, B8, 79, 01, A5, 75] .text C:\Windows\System32\svchost.exe[1428] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcessToken + 8 0000000077b1e978 4 bytes [00, 00, 50, C3] .text C:\Windows\System32\svchost.exe[1428] C:\Windows\SYSTEM32\ntdll.dll!NtRaiseHardError 0000000077b1ece0 6 bytes [48, B8, 79, 83, A4, 75] .text C:\Windows\System32\svchost.exe[1428] C:\Windows\SYSTEM32\ntdll.dll!NtRaiseHardError + 8 0000000077b1ece8 4 bytes [00, 00, 50, C3] .text C:\Windows\System32\svchost.exe[1428] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077b1eee0 6 bytes [48, B8, 39, 31, A4, 75] .text C:\Windows\System32\svchost.exe[1428] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread + 8 0000000077b1eee8 4 bytes [00, 00, 50, C3] .text C:\Windows\System32\svchost.exe[1428] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077b1f0a0 6 bytes [48, B8, F9, C5, A4, 75] .text C:\Windows\System32\svchost.exe[1428] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation + 8 0000000077b1f0a8 4 bytes [00, 00, 50, C3] .text C:\Windows\System32\svchost.exe[1428] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077b1f180 6 bytes [48, B8, 79, 3D, A4, 75] .text C:\Windows\System32\svchost.exe[1428] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess + 8 0000000077b1f188 4 bytes [00, 00, 50, C3] .text C:\Windows\System32\svchost.exe[1428] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077b1f190 6 bytes [48, B8, B9, 3B, A4, 75] .text C:\Windows\System32\svchost.exe[1428] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread + 8 0000000077b1f198 4 bytes [00, 00, 50, C3] .text C:\Windows\System32\svchost.exe[1428] C:\Windows\SYSTEM32\ntdll.dll!RtlReportException + 1 0000000077b8f0c1 11 bytes [B8, 39, 85, A4, 75, 00, 00, ...] .text C:\Windows\System32\svchost.exe[1428] C:\Windows\system32\kernel32.dll!Process32NextW + 1 00000000779b1b21 11 bytes [B8, B9, C0, A4, 75, 00, 00, ...] .text C:\Windows\System32\svchost.exe[1428] C:\Windows\system32\kernel32.dll!CreateToolhelp32Snapshot 00000000779b1c10 12 bytes [48, B8, F9, 39, A4, 75, 00, ...] .text C:\Windows\System32\svchost.exe[1428] C:\Windows\system32\kernel32.dll!MoveFileExW + 1 00000000779b2b61 8 bytes [B8, B9, D5, A4, 75, 00, 00, ...] .text C:\Windows\System32\svchost.exe[1428] C:\Windows\system32\kernel32.dll!MoveFileExW + 10 00000000779b2b6a 2 bytes [50, C3] .text C:\Windows\System32\svchost.exe[1428] C:\Windows\system32\kernel32.dll!CreateProcessInternalW 00000000779cdb10 12 bytes [48, B8, B9, 2D, A4, 75, 00, ...] .text C:\Windows\System32\svchost.exe[1428] C:\Windows\system32\kernel32.dll!GetStartupInfoA + 1 00000000779d0951 11 bytes [B8, 79, 08, A5, 75, 00, 00, ...] .text C:\Windows\System32\svchost.exe[1428] C:\Windows\system32\kernel32.dll!ReadConsoleInputW + 1 0000000077a052c1 11 bytes [B8, B9, 7A, A4, 75, 00, 00, ...] .text C:\Windows\System32\svchost.exe[1428] C:\Windows\system32\kernel32.dll!ReadConsoleInputA + 1 0000000077a052e1 11 bytes [B8, 39, 77, A4, 75, 00, 00, ...] .text C:\Windows\System32\svchost.exe[1428] C:\Windows\system32\kernel32.dll!ReadConsoleW 0000000077a1a630 12 bytes [48, B8, B9, 81, A4, 75, 00, ...] .text C:\Windows\System32\svchost.exe[1428] C:\Windows\system32\kernel32.dll!ReadConsoleA 0000000077a1a740 12 bytes [48, B8, 39, 7E, A4, 75, 00, ...] .text C:\Windows\System32\svchost.exe[1428] C:\Windows\system32\kernel32.dll!MoveFileWithProgressW + 1 0000000077a3f4e1 11 bytes [B8, B9, DC, A4, 75, 00, 00, ...] .text C:\Windows\System32\svchost.exe[1428] C:\Windows\system32\kernel32.dll!MoveFileWithProgressA + 1 0000000077a3f6e1 11 bytes [B8, 39, D9, A4, 75, 00, 00, ...] .text C:\Windows\System32\svchost.exe[1428] C:\Windows\system32\kernel32.dll!MoveFileExA + 1 0000000077a3f711 8 bytes [B8, 39, D2, A4, 75, 00, 00, ...] .text C:\Windows\System32\svchost.exe[1428] C:\Windows\system32\kernel32.dll!MoveFileExA + 10 0000000077a3f71a 2 bytes [50, C3] .text C:\Windows\System32\svchost.exe[1428] C:\Windows\system32\KERNELBASE.dll!CloseHandle + 1 000007fefd951861 11 bytes [B8, 79, 52, A4, 75, 00, 00, ...] .text C:\Windows\System32\svchost.exe[1428] C:\Windows\system32\KERNELBASE.dll!GetProcAddress + 1 000007fefd9530f1 11 bytes [B8, 39, B6, A4, 75, 00, 00, ...] .text C:\Windows\System32\svchost.exe[1428] C:\Windows\system32\KERNELBASE.dll!FindFirstFileExW 000007fefd954a20 12 bytes [48, B8, F9, E1, A4, 75, 00, ...] .text C:\Windows\System32\svchost.exe[1428] C:\Windows\system32\KERNELBASE.dll!FindNextFileW + 1 000007fefd955501 11 bytes [B8, B9, E3, A4, 75, 00, 00, ...] .text C:\Windows\System32\svchost.exe[1428] C:\Windows\system32\KERNELBASE.dll!CreateMutexW 000007fefd9585b0 12 bytes [48, B8, B9, 50, A4, 75, 00, ...] .text C:\Windows\System32\svchost.exe[1428] C:\Windows\system32\KERNELBASE.dll!DeviceIoControl + 1 000007fefd9590a1 11 bytes [B8, 39, E0, A4, 75, 00, 00, ...] .text C:\Windows\System32\svchost.exe[1428] C:\Windows\system32\KERNELBASE.dll!CreateWellKnownSid + 1 000007fefd95a881 11 bytes [B8, B9, FF, A4, 75, 00, 00, ...] .text C:\Windows\System32\svchost.exe[1428] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd95ac50 12 bytes [48, B8, B9, B2, A4, 75, 00, ...] .text C:\Windows\System32\svchost.exe[1428] C:\Windows\system32\KERNELBASE.dll!FreeLibrary + 1 000007fefd95b2c1 11 bytes [B8, 79, B4, A4, 75, 00, 00, ...] .text C:\Windows\System32\svchost.exe[1428] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExA + 1 000007fefd95cec1 11 bytes [B8, F9, B0, A4, 75, 00, 00, ...] .text C:\Windows\System32\svchost.exe[1428] C:\Windows\system32\KERNELBASE.dll!OpenMutexW + 1 000007fefd963c71 11 bytes [B8, F9, 4E, A4, 75, 00, 00, ...] .text C:\Windows\System32\svchost.exe[1428] C:\Windows\system32\KERNELBASE.dll!WriteProcessMemory 000007fefd984300 12 bytes [48, B8, B9, 42, A4, 75, 00, ...] .text C:\Windows\System32\svchost.exe[1428] C:\Windows\system32\KERNELBASE.dll!DefineDosDeviceW + 1 000007fefd990bc1 11 bytes [B8, B9, CE, A4, 75, 00, 00, ...] .text C:\Windows\System32\svchost.exe[1428] C:\Windows\system32\KERNELBASE.dll!CreateRemoteThread + 1 000007fefd992821 8 bytes [B8, 39, 23, A4, 75, 00, 00, ...] .text C:\Windows\System32\svchost.exe[1428] C:\Windows\system32\KERNELBASE.dll!CreateRemoteThread + 10 000007fefd99282a 2 bytes [50, C3] .text C:\Windows\System32\svchost.exe[1428] C:\Windows\system32\KERNELBASE.dll!CreateThread + 1 000007fefd992861 11 bytes [B8, F9, 40, A4, 75, 00, 00, ...] .text C:\Windows\System32\svchost.exe[1428] C:\Windows\SYSTEM32\sechost.dll!ControlService + 1 000007fefe88642d 11 bytes [B8, 39, 5B, A4, 75, 00, 00, ...] .text C:\Windows\System32\svchost.exe[1428] C:\Windows\SYSTEM32\sechost.dll!OpenServiceW 000007fefe886484 12 bytes [48, B8, F9, 55, A4, 75, 00, ...] .text C:\Windows\System32\svchost.exe[1428] C:\Windows\SYSTEM32\sechost.dll!CloseServiceHandle + 1 000007fefe886519 11 bytes [B8, 39, 62, A4, 75, 00, 00, ...] .text C:\Windows\System32\svchost.exe[1428] C:\Windows\SYSTEM32\sechost.dll!OpenServiceA 000007fefe886c34 12 bytes [48, B8, 39, 54, A4, 75, 00, ...] .text C:\Windows\System32\svchost.exe[1428] C:\Windows\SYSTEM32\sechost.dll!DeleteService + 1 000007fefe887ab5 11 bytes [B8, F9, 5C, A4, 75, 00, 00, ...] .text C:\Windows\System32\svchost.exe[1428] C:\Windows\SYSTEM32\sechost.dll!ControlServiceExA + 1 000007fefe888b01 11 bytes [B8, B9, 57, A4, 75, 00, 00, ...] .text C:\Windows\System32\svchost.exe[1428] C:\Windows\SYSTEM32\sechost.dll!ControlServiceExW + 1 000007fefe888c39 11 bytes [B8, 79, 59, A4, 75, 00, 00, ...] .text C:\Windows\System32\svchost.exe[1428] C:\Windows\system32\GDI32.dll!GdiDllInitialize + 349 000007feff8fb031 11 bytes [B8, 39, 0A, A5, 75, 00, 00, ...] .text C:\Windows\System32\svchost.exe[1428] C:\Windows\system32\GDI32.dll!NamedEscape + 1 000007feff929209 11 bytes [B8, 39, F5, A4, 75, 00, 00, ...] .text C:\Windows\System32\svchost.exe[1428] C:\Windows\system32\ADVAPI32.dll!CryptExportKey + 1 000007fefe00ae81 11 bytes [B8, B9, F8, A4, 75, 00, 00, ...] .text C:\Windows\System32\svchost.exe[1428] C:\Windows\system32\ADVAPI32.dll!CryptAcquireContextA + 1 000007fefe00aee1 11 bytes [B8, 79, E5, A4, 75, 00, 00, ...] .text C:\Windows\System32\svchost.exe[1428] C:\Windows\system32\ADVAPI32.dll!CryptImportKey + 1 000007fefe00e6e9 11 bytes [B8, F9, FD, A4, 75, 00, 00, ...] .text C:\Windows\System32\svchost.exe[1428] C:\Windows\system32\ADVAPI32.dll!CryptAcquireContextW + 1 000007fefe01048d 11 bytes [B8, 39, E7, A4, 75, 00, 00, ...] .text C:\Windows\System32\svchost.exe[1428] C:\Windows\system32\ADVAPI32.dll!CryptCreateHash + 1 000007fefe010579 11 bytes [B8, F9, F6, A4, 75, 00, 00, ...] .text C:\Windows\System32\svchost.exe[1428] C:\Windows\system32\ADVAPI32.dll!CryptGetHashParam + 1 000007fefe0105b1 11 bytes [B8, 79, FA, A4, 75, 00, 00, ...] .text C:\Windows\System32\svchost.exe[1428] C:\Windows\system32\ADVAPI32.dll!CryptGetHashParam + 73 000007fefe0105f9 5 bytes [B8, 39, FC, A4, 75] .text ... * 2 .text C:\Windows\System32\svchost.exe[1428] C:\Windows\system32\ADVAPI32.dll!IsTextUnicode + 49 000007fefe024e21 11 bytes [B8, B9, 0D, A5, 75, 00, 00, ...] .text C:\Windows\System32\svchost.exe[1428] C:\Windows\system32\ADVAPI32.dll!CreateServiceW 000007fefe025538 12 bytes [48, B8, B9, 6C, A4, 75, 00, ...] .text C:\Windows\System32\svchost.exe[1428] C:\Windows\system32\ADVAPI32.dll!CryptEncrypt + 1 000007fefe03b9c1 7 bytes [B8, B9, EA, A4, 75, 00, 00] .text C:\Windows\System32\svchost.exe[1428] C:\Windows\system32\ADVAPI32.dll!CryptEncrypt + 10 000007fefe03b9ca 2 bytes [50, C3] .text C:\Windows\System32\svchost.exe[1428] C:\Windows\system32\ADVAPI32.dll!CreateServiceA 000007fefe03ba4c 12 bytes [48, B8, F9, 6A, A4, 75, 00, ...] .text C:\Windows\System32\svchost.exe[1428] C:\Windows\system32\ADVAPI32.dll!ChangeServiceConfigW 000007fefe03bbc0 12 bytes [48, B8, 79, 60, A4, 75, 00, ...] .text C:\Windows\System32\svchost.exe[1428] C:\Windows\system32\ADVAPI32.dll!ChangeServiceConfigA 000007fefe03bc2c 12 bytes [48, B8, B9, 5E, A4, 75, 00, ...] .text C:\Windows\System32\svchost.exe[1428] C:\Windows\system32\WS2_32.dll!WSASend + 1 000007feff9613b1 11 bytes [B8, B9, AB, A4, 75, 00, 00, ...] .text C:\Windows\System32\svchost.exe[1428] C:\Windows\system32\WS2_32.dll!closesocket 000007feff9618e0 12 bytes [48, B8, F9, A9, A4, 75, 00, ...] .text C:\Windows\System32\svchost.exe[1428] C:\Windows\system32\WS2_32.dll!WSASocketW + 1 000007feff961bd1 11 bytes [B8, 39, A8, A4, 75, 00, 00, ...] .text C:\Windows\System32\svchost.exe[1428] C:\Windows\system32\WS2_32.dll!WSARecv + 1 000007feff962201 11 bytes [B8, 79, F3, A4, 75, 00, 00, ...] .text C:\Windows\System32\svchost.exe[1428] C:\Windows\system32\WS2_32.dll!GetAddrInfoW 000007feff9623c0 12 bytes [48, B8, 39, 8C, A4, 75, 00, ...] .text C:\Windows\System32\svchost.exe[1428] C:\Windows\system32\WS2_32.dll!connect 000007feff9645c0 12 bytes [48, B8, 79, 67, A4, 75, 00, ...] .text C:\Windows\System32\svchost.exe[1428] C:\Windows\system32\WS2_32.dll!send + 1 000007feff968001 11 bytes [B8, 79, A6, A4, 75, 00, 00, ...] .text C:\Windows\System32\svchost.exe[1428] C:\Windows\system32\WS2_32.dll!gethostbyname 000007feff968df0 7 bytes [48, B8, B9, 8F, A4, 75, 00] .text C:\Windows\System32\svchost.exe[1428] C:\Windows\system32\WS2_32.dll!gethostbyname + 9 000007feff968df9 3 bytes [00, 50, C3] .text C:\Windows\System32\svchost.exe[1428] C:\Windows\system32\WS2_32.dll!GetAddrInfoExW 000007feff96c090 12 bytes [48, B8, F9, 8D, A4, 75, 00, ...] .text C:\Windows\System32\svchost.exe[1428] C:\Windows\system32\WS2_32.dll!socket + 1 000007feff96de91 11 bytes [B8, 79, EC, A4, 75, 00, 00, ...] .text C:\Windows\System32\svchost.exe[1428] C:\Windows\system32\WS2_32.dll!recv + 1 000007feff96df41 11 bytes [B8, B9, F1, A4, 75, 00, 00, ...] .text C:\Windows\System32\svchost.exe[1428] C:\Windows\system32\WS2_32.dll!WSAConnect + 1 000007feff98e0f1 11 bytes [B8, F9, EF, A4, 75, 00, 00, ...] .text C:\Windows\System32\svchost.exe[1428] c:\windows\system32\DNSAPI.dll!DnsQuery_UTF8 000007fefcea56e0 12 bytes [48, B8, 39, CB, A4, 75, 00, ...] .text C:\Windows\System32\svchost.exe[1428] c:\windows\system32\DNSAPI.dll!DnsQuery_W 000007fefceb010c 12 bytes [48, B8, 79, C9, A4, 75, 00, ...] .text C:\Windows\System32\svchost.exe[1428] c:\windows\system32\DNSAPI.dll!DnsQuery_A 000007fefcecdaa0 12 bytes [48, B8, B9, C7, A4, 75, 00, ...] .text C:\Windows\System32\svchost.exe[1504] C:\Windows\SYSTEM32\ntdll.dll!RtlEqualSid + 1 0000000077af85e1 11 bytes [B8, F9, 04, A5, 75, 00, 00, ...] .text C:\Windows\System32\svchost.exe[1504] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateProcessParametersEx + 1 0000000077b06921 7 bytes [B8, 39, 69, A4, 75, 00, 00] .text C:\Windows\System32\svchost.exe[1504] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateProcessParametersEx + 10 0000000077b0692a 2 bytes [50, C3] .text C:\Windows\System32\svchost.exe[1504] C:\Windows\SYSTEM32\ntdll.dll!NtClose 0000000077b1daa0 6 bytes [48, B8, 79, C2, A4, 75] .text C:\Windows\System32\svchost.exe[1504] C:\Windows\SYSTEM32\ntdll.dll!NtClose + 8 0000000077b1daa8 4 bytes [00, 00, 50, C3] .text C:\Windows\System32\svchost.exe[1504] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess 0000000077b1db70 6 bytes [48, B8, 39, AF, A4, 75] .text C:\Windows\System32\svchost.exe[1504] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess + 8 0000000077b1db78 4 bytes [00, 00, 50, C3] .text C:\Windows\System32\svchost.exe[1504] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationToken 0000000077b1dbc0 6 bytes [48, B8, 39, 03, A5, 75] .text C:\Windows\System32\svchost.exe[1504] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationToken + 8 0000000077b1dbc8 4 bytes [00, 00, 50, C3] .text C:\Windows\System32\svchost.exe[1504] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077b1dc10 6 bytes [48, B8, F9, 32, A4, 75] .text C:\Windows\System32\svchost.exe[1504] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess + 8 0000000077b1dc18 4 bytes [00, 00, 50, C3] .text C:\Windows\System32\svchost.exe[1504] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 0000000077b1dc30 6 bytes [48, B8, 39, 1C, A4, 75] .text C:\Windows\System32\svchost.exe[1504] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection + 8 0000000077b1dc38 4 bytes [00, 00, 50, C3] .text C:\Windows\System32\svchost.exe[1504] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection 0000000077b1dc50 6 bytes [48, B8, F9, 1D, A4, 75] .text C:\Windows\System32\svchost.exe[1504] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection + 8 0000000077b1dc58 4 bytes [00, 00, 50, C3] .text C:\Windows\System32\svchost.exe[1504] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077b1dc70 6 bytes [48, B8, 79, AD, A4, 75] .text C:\Windows\System32\svchost.exe[1504] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess + 8 0000000077b1dc78 4 bytes [00, 00, 50, C3] .text C:\Windows\System32\svchost.exe[1504] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077b1dd50 6 bytes [48, B8, 79, 2F, A4, 75] .text C:\Windows\System32\svchost.exe[1504] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory + 8 0000000077b1dd58 4 bytes [00, 00, 50, C3] .text C:\Windows\System32\svchost.exe[1504] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077b1dd70 6 bytes [48, B8, 79, 36, A4, 75] .text C:\Windows\System32\svchost.exe[1504] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject + 8 0000000077b1dd78 4 bytes [00, 00, 50, C3] .text C:\Windows\System32\svchost.exe[1504] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 0000000077b1de00 6 bytes [48, B8, B9, 34, A4, 75] .text C:\Windows\System32\svchost.exe[1504] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread + 8 0000000077b1de08 4 bytes [00, 00, 50, C3] .text C:\Windows\System32\svchost.exe[1504] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcessEx 0000000077b1de80 6 bytes [48, B8, 39, 2A, A4, 75] .text C:\Windows\System32\svchost.exe[1504] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcessEx + 8 0000000077b1de88 4 bytes [00, 00, 50, C3] .text C:\Windows\System32\svchost.exe[1504] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077b1de90 6 bytes [48, B8, B9, 26, A4, 75] .text C:\Windows\System32\svchost.exe[1504] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread + 8 0000000077b1de98 4 bytes [00, 00, 50, C3] .text C:\Windows\System32\svchost.exe[1504] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 0000000077b1df00 6 bytes [48, B8, 79, DE, A4, 75] .text C:\Windows\System32\svchost.exe[1504] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile + 8 0000000077b1df08 4 bytes [00, 00, 50, C3] .text C:\Windows\System32\svchost.exe[1504] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcess 0000000077b1e3d0 6 bytes [48, B8, 79, 28, A4, 75] .text C:\Windows\System32\svchost.exe[1504] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcess + 8 0000000077b1e3d8 4 bytes [00, 00, 50, C3] .text C:\Windows\System32\svchost.exe[1504] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077b1e430 6 bytes [48, B8, F9, 24, A4, 75] .text C:\Windows\System32\svchost.exe[1504] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx + 8 0000000077b1e438 4 bytes [00, 00, 50, C3] .text C:\Windows\System32\svchost.exe[1504] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077b1e7a0 6 bytes [48, B8, 39, C4, A4, 75] .text C:\Windows\System32\svchost.exe[1504] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver + 8 0000000077b1e7a8 4 bytes [00, 00, 50, C3] .text C:\Windows\System32\svchost.exe[1504] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcessToken 0000000077b1e970 6 bytes [48, B8, 79, 01, A5, 75] .text C:\Windows\System32\svchost.exe[1504] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcessToken + 8 0000000077b1e978 4 bytes [00, 00, 50, C3] .text C:\Windows\System32\svchost.exe[1504] C:\Windows\SYSTEM32\ntdll.dll!NtRaiseHardError 0000000077b1ece0 6 bytes [48, B8, 79, 83, A4, 75] .text C:\Windows\System32\svchost.exe[1504] C:\Windows\SYSTEM32\ntdll.dll!NtRaiseHardError + 8 0000000077b1ece8 4 bytes [00, 00, 50, C3] .text C:\Windows\System32\svchost.exe[1504] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077b1eee0 6 bytes [48, B8, 39, 31, A4, 75] .text C:\Windows\System32\svchost.exe[1504] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread + 8 0000000077b1eee8 4 bytes [00, 00, 50, C3] .text C:\Windows\System32\svchost.exe[1504] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077b1f0a0 6 bytes [48, B8, F9, C5, A4, 75] .text C:\Windows\System32\svchost.exe[1504] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation + 8 0000000077b1f0a8 4 bytes [00, 00, 50, C3] .text C:\Windows\System32\svchost.exe[1504] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077b1f180 6 bytes [48, B8, 79, 3D, A4, 75] .text C:\Windows\System32\svchost.exe[1504] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess + 8 0000000077b1f188 4 bytes [00, 00, 50, C3] .text C:\Windows\System32\svchost.exe[1504] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077b1f190 6 bytes [48, B8, B9, 3B, A4, 75] .text C:\Windows\System32\svchost.exe[1504] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread + 8 0000000077b1f198 4 bytes [00, 00, 50, C3] .text C:\Windows\System32\svchost.exe[1504] C:\Windows\SYSTEM32\ntdll.dll!RtlReportException + 1 0000000077b8f0c1 11 bytes [B8, 39, 85, A4, 75, 00, 00, ...] .text C:\Windows\System32\svchost.exe[1504] C:\Windows\system32\kernel32.dll!Process32NextW + 1 00000000779b1b21 11 bytes [B8, B9, C0, A4, 75, 00, 00, ...] .text C:\Windows\System32\svchost.exe[1504] C:\Windows\system32\kernel32.dll!CreateToolhelp32Snapshot 00000000779b1c10 12 bytes [48, B8, F9, 39, A4, 75, 00, ...] .text C:\Windows\System32\svchost.exe[1504] C:\Windows\system32\kernel32.dll!MoveFileExW + 1 00000000779b2b61 8 bytes [B8, B9, D5, A4, 75, 00, 00, ...] .text C:\Windows\System32\svchost.exe[1504] C:\Windows\system32\kernel32.dll!MoveFileExW + 10 00000000779b2b6a 2 bytes [50, C3] .text C:\Windows\System32\svchost.exe[1504] C:\Windows\system32\kernel32.dll!CreateProcessInternalW 00000000779cdb10 12 bytes [48, B8, B9, 2D, A4, 75, 00, ...] .text C:\Windows\System32\svchost.exe[1504] C:\Windows\system32\kernel32.dll!GetStartupInfoA + 1 00000000779d0951 11 bytes [B8, 79, 08, A5, 75, 00, 00, ...] .text C:\Windows\System32\svchost.exe[1504] C:\Windows\system32\kernel32.dll!ReadConsoleInputW + 1 0000000077a052c1 11 bytes [B8, B9, 7A, A4, 75, 00, 00, ...] .text C:\Windows\System32\svchost.exe[1504] C:\Windows\system32\kernel32.dll!ReadConsoleInputA + 1 0000000077a052e1 11 bytes [B8, 39, 77, A4, 75, 00, 00, ...] .text C:\Windows\System32\svchost.exe[1504] C:\Windows\system32\kernel32.dll!ReadConsoleW 0000000077a1a630 12 bytes [48, B8, B9, 81, A4, 75, 00, ...] .text C:\Windows\System32\svchost.exe[1504] C:\Windows\system32\kernel32.dll!ReadConsoleA 0000000077a1a740 12 bytes [48, B8, 39, 7E, A4, 75, 00, ...] .text C:\Windows\System32\svchost.exe[1504] C:\Windows\system32\kernel32.dll!MoveFileWithProgressW + 1 0000000077a3f4e1 11 bytes [B8, B9, DC, A4, 75, 00, 00, ...] .text C:\Windows\System32\svchost.exe[1504] C:\Windows\system32\kernel32.dll!MoveFileWithProgressA + 1 0000000077a3f6e1 11 bytes [B8, 39, D9, A4, 75, 00, 00, ...] .text C:\Windows\System32\svchost.exe[1504] C:\Windows\system32\kernel32.dll!MoveFileExA + 1 0000000077a3f711 8 bytes [B8, 39, D2, A4, 75, 00, 00, ...] .text C:\Windows\System32\svchost.exe[1504] C:\Windows\system32\kernel32.dll!MoveFileExA + 10 0000000077a3f71a 2 bytes [50, C3] .text C:\Windows\System32\svchost.exe[1504] C:\Windows\system32\KERNELBASE.dll!CloseHandle + 1 000007fefd951861 11 bytes [B8, 79, 52, A4, 75, 00, 00, ...] .text C:\Windows\System32\svchost.exe[1504] C:\Windows\system32\KERNELBASE.dll!GetProcAddress + 1 000007fefd9530f1 11 bytes [B8, 39, B6, A4, 75, 00, 00, ...] .text C:\Windows\System32\svchost.exe[1504] C:\Windows\system32\KERNELBASE.dll!FindFirstFileExW 000007fefd954a20 12 bytes [48, B8, F9, E1, A4, 75, 00, ...] .text C:\Windows\System32\svchost.exe[1504] C:\Windows\system32\KERNELBASE.dll!FindNextFileW + 1 000007fefd955501 11 bytes [B8, B9, E3, A4, 75, 00, 00, ...] .text C:\Windows\System32\svchost.exe[1504] C:\Windows\system32\KERNELBASE.dll!CreateMutexW 000007fefd9585b0 12 bytes [48, B8, B9, 50, A4, 75, 00, ...] .text C:\Windows\System32\svchost.exe[1504] C:\Windows\system32\KERNELBASE.dll!DeviceIoControl + 1 000007fefd9590a1 11 bytes [B8, 39, E0, A4, 75, 00, 00, ...] .text C:\Windows\System32\svchost.exe[1504] C:\Windows\system32\KERNELBASE.dll!CreateWellKnownSid + 1 000007fefd95a881 11 bytes [B8, B9, FF, A4, 75, 00, 00, ...] .text C:\Windows\System32\svchost.exe[1504] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd95ac50 12 bytes [48, B8, B9, B2, A4, 75, 00, ...] .text C:\Windows\System32\svchost.exe[1504] C:\Windows\system32\KERNELBASE.dll!FreeLibrary + 1 000007fefd95b2c1 11 bytes [B8, 79, B4, A4, 75, 00, 00, ...] .text C:\Windows\System32\svchost.exe[1504] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExA + 1 000007fefd95cec1 11 bytes [B8, F9, B0, A4, 75, 00, 00, ...] .text C:\Windows\System32\svchost.exe[1504] C:\Windows\system32\KERNELBASE.dll!OpenMutexW + 1 000007fefd963c71 11 bytes [B8, F9, 4E, A4, 75, 00, 00, ...] .text C:\Windows\System32\svchost.exe[1504] C:\Windows\system32\KERNELBASE.dll!WriteProcessMemory 000007fefd984300 12 bytes [48, B8, B9, 42, A4, 75, 00, ...] .text C:\Windows\System32\svchost.exe[1504] C:\Windows\system32\KERNELBASE.dll!DefineDosDeviceW + 1 000007fefd990bc1 11 bytes [B8, B9, CE, A4, 75, 00, 00, ...] .text C:\Windows\System32\svchost.exe[1504] C:\Windows\system32\KERNELBASE.dll!CreateRemoteThread + 1 000007fefd992821 8 bytes [B8, 39, 23, A4, 75, 00, 00, ...] .text C:\Windows\System32\svchost.exe[1504] C:\Windows\system32\KERNELBASE.dll!CreateRemoteThread + 10 000007fefd99282a 2 bytes [50, C3] .text C:\Windows\System32\svchost.exe[1504] C:\Windows\system32\KERNELBASE.dll!CreateThread + 1 000007fefd992861 11 bytes [B8, F9, 40, A4, 75, 00, 00, ...] .text C:\Windows\System32\svchost.exe[1504] C:\Windows\SYSTEM32\sechost.dll!ControlService + 1 000007fefe88642d 11 bytes [B8, 39, 5B, A4, 75, 00, 00, ...] .text C:\Windows\System32\svchost.exe[1504] C:\Windows\SYSTEM32\sechost.dll!OpenServiceW 000007fefe886484 12 bytes [48, B8, F9, 55, A4, 75, 00, ...] .text C:\Windows\System32\svchost.exe[1504] C:\Windows\SYSTEM32\sechost.dll!CloseServiceHandle + 1 000007fefe886519 11 bytes [B8, 39, 62, A4, 75, 00, 00, ...] .text C:\Windows\System32\svchost.exe[1504] C:\Windows\SYSTEM32\sechost.dll!OpenServiceA 000007fefe886c34 12 bytes [48, B8, 39, 54, A4, 75, 00, ...] .text C:\Windows\System32\svchost.exe[1504] C:\Windows\SYSTEM32\sechost.dll!DeleteService + 1 000007fefe887ab5 11 bytes [B8, F9, 5C, A4, 75, 00, 00, ...] .text C:\Windows\System32\svchost.exe[1504] C:\Windows\SYSTEM32\sechost.dll!ControlServiceExA + 1 000007fefe888b01 11 bytes [B8, B9, 57, A4, 75, 00, 00, ...] .text C:\Windows\System32\svchost.exe[1504] C:\Windows\SYSTEM32\sechost.dll!ControlServiceExW + 1 000007fefe888c39 11 bytes [B8, 79, 59, A4, 75, 00, 00, ...] .text C:\Windows\System32\svchost.exe[1504] C:\Windows\system32\GDI32.dll!GdiDllInitialize + 349 000007feff8fb031 11 bytes [B8, 39, 0A, A5, 75, 00, 00, ...] .text C:\Windows\System32\svchost.exe[1504] C:\Windows\system32\GDI32.dll!NamedEscape + 1 000007feff929209 11 bytes [B8, 39, F5, A4, 75, 00, 00, ...] .text C:\Windows\System32\svchost.exe[1504] C:\Windows\system32\ADVAPI32.dll!CryptExportKey + 1 000007fefe00ae81 11 bytes [B8, B9, F8, A4, 75, 00, 00, ...] .text C:\Windows\System32\svchost.exe[1504] C:\Windows\system32\ADVAPI32.dll!CryptAcquireContextA + 1 000007fefe00aee1 11 bytes [B8, 79, E5, A4, 75, 00, 00, ...] .text C:\Windows\System32\svchost.exe[1504] C:\Windows\system32\ADVAPI32.dll!CryptImportKey + 1 000007fefe00e6e9 11 bytes [B8, F9, FD, A4, 75, 00, 00, ...] .text C:\Windows\System32\svchost.exe[1504] C:\Windows\system32\ADVAPI32.dll!CryptAcquireContextW + 1 000007fefe01048d 11 bytes [B8, 39, E7, A4, 75, 00, 00, ...] .text C:\Windows\System32\svchost.exe[1504] C:\Windows\system32\ADVAPI32.dll!CryptCreateHash + 1 000007fefe010579 11 bytes [B8, F9, F6, A4, 75, 00, 00, ...] .text C:\Windows\System32\svchost.exe[1504] C:\Windows\system32\ADVAPI32.dll!CryptGetHashParam + 1 000007fefe0105b1 11 bytes [B8, 79, FA, A4, 75, 00, 00, ...] .text C:\Windows\System32\svchost.exe[1504] C:\Windows\system32\ADVAPI32.dll!CryptGetHashParam + 73 000007fefe0105f9 5 bytes [B8, 39, FC, A4, 75] .text ... * 2 .text C:\Windows\System32\svchost.exe[1504] C:\Windows\system32\ADVAPI32.dll!IsTextUnicode + 49 000007fefe024e21 11 bytes [B8, B9, 0D, A5, 75, 00, 00, ...] .text C:\Windows\System32\svchost.exe[1504] C:\Windows\system32\ADVAPI32.dll!CreateServiceW 000007fefe025538 12 bytes [48, B8, B9, 6C, A4, 75, 00, ...] .text C:\Windows\System32\svchost.exe[1504] C:\Windows\system32\ADVAPI32.dll!CryptEncrypt + 1 000007fefe03b9c1 7 bytes [B8, B9, EA, A4, 75, 00, 00] .text C:\Windows\System32\svchost.exe[1504] C:\Windows\system32\ADVAPI32.dll!CryptEncrypt + 10 000007fefe03b9ca 2 bytes [50, C3] .text C:\Windows\System32\svchost.exe[1504] C:\Windows\system32\ADVAPI32.dll!CreateServiceA 000007fefe03ba4c 12 bytes [48, B8, F9, 6A, A4, 75, 00, ...] .text C:\Windows\System32\svchost.exe[1504] C:\Windows\system32\ADVAPI32.dll!ChangeServiceConfigW 000007fefe03bbc0 12 bytes [48, B8, 79, 60, A4, 75, 00, ...] .text C:\Windows\System32\svchost.exe[1504] C:\Windows\system32\ADVAPI32.dll!ChangeServiceConfigA 000007fefe03bc2c 12 bytes [48, B8, B9, 5E, A4, 75, 00, ...] .text C:\Windows\System32\svchost.exe[1504] C:\Windows\system32\WS2_32.dll!WSASend + 1 000007feff9613b1 11 bytes [B8, B9, AB, A4, 75, 00, 00, ...] .text C:\Windows\System32\svchost.exe[1504] C:\Windows\system32\WS2_32.dll!closesocket 000007feff9618e0 12 bytes [48, B8, F9, A9, A4, 75, 00, ...] .text C:\Windows\System32\svchost.exe[1504] C:\Windows\system32\WS2_32.dll!WSASocketW + 1 000007feff961bd1 11 bytes [B8, 39, A8, A4, 75, 00, 00, ...] .text C:\Windows\System32\svchost.exe[1504] C:\Windows\system32\WS2_32.dll!WSARecv + 1 000007feff962201 11 bytes [B8, 79, F3, A4, 75, 00, 00, ...] .text C:\Windows\System32\svchost.exe[1504] C:\Windows\system32\WS2_32.dll!GetAddrInfoW 000007feff9623c0 12 bytes [48, B8, 39, 8C, A4, 75, 00, ...] .text C:\Windows\System32\svchost.exe[1504] C:\Windows\system32\WS2_32.dll!connect 000007feff9645c0 12 bytes [48, B8, 79, 67, A4, 75, 00, ...] .text C:\Windows\System32\svchost.exe[1504] C:\Windows\system32\WS2_32.dll!send + 1 000007feff968001 11 bytes [B8, 79, A6, A4, 75, 00, 00, ...] .text C:\Windows\System32\svchost.exe[1504] C:\Windows\system32\WS2_32.dll!gethostbyname 000007feff968df0 7 bytes [48, B8, B9, 8F, A4, 75, 00] .text C:\Windows\System32\svchost.exe[1504] C:\Windows\system32\WS2_32.dll!gethostbyname + 9 000007feff968df9 3 bytes [00, 50, C3] .text C:\Windows\System32\svchost.exe[1504] C:\Windows\system32\WS2_32.dll!GetAddrInfoExW 000007feff96c090 12 bytes [48, B8, F9, 8D, A4, 75, 00, ...] .text C:\Windows\System32\svchost.exe[1504] C:\Windows\system32\WS2_32.dll!socket + 1 000007feff96de91 11 bytes [B8, 79, EC, A4, 75, 00, 00, ...] .text C:\Windows\System32\svchost.exe[1504] C:\Windows\system32\WS2_32.dll!recv + 1 000007feff96df41 11 bytes [B8, B9, F1, A4, 75, 00, 00, ...] .text C:\Windows\System32\svchost.exe[1504] C:\Windows\system32\WS2_32.dll!WSAConnect + 1 000007feff98e0f1 11 bytes [B8, F9, EF, A4, 75, 00, 00, ...] .text C:\Windows\system32\svchost.exe[1548] C:\Windows\SYSTEM32\ntdll.dll!RtlEqualSid + 1 0000000077af85e1 11 bytes [B8, F9, 04, A5, 75, 00, 00, ...] .text C:\Windows\system32\svchost.exe[1548] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateProcessParametersEx + 1 0000000077b06921 7 bytes [B8, 39, 69, A4, 75, 00, 00] .text C:\Windows\system32\svchost.exe[1548] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateProcessParametersEx + 10 0000000077b0692a 2 bytes [50, C3] .text C:\Windows\system32\svchost.exe[1548] C:\Windows\SYSTEM32\ntdll.dll!NtClose 0000000077b1daa0 6 bytes [48, B8, 79, C2, A4, 75] .text C:\Windows\system32\svchost.exe[1548] C:\Windows\SYSTEM32\ntdll.dll!NtClose + 8 0000000077b1daa8 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\svchost.exe[1548] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess 0000000077b1db70 6 bytes [48, B8, 39, AF, A4, 75] .text C:\Windows\system32\svchost.exe[1548] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess + 8 0000000077b1db78 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\svchost.exe[1548] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationToken 0000000077b1dbc0 6 bytes [48, B8, 39, 03, A5, 75] .text C:\Windows\system32\svchost.exe[1548] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationToken + 8 0000000077b1dbc8 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\svchost.exe[1548] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077b1dc10 6 bytes [48, B8, F9, 32, A4, 75] .text C:\Windows\system32\svchost.exe[1548] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess + 8 0000000077b1dc18 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\svchost.exe[1548] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 0000000077b1dc30 6 bytes [48, B8, 39, 1C, A4, 75] .text C:\Windows\system32\svchost.exe[1548] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection + 8 0000000077b1dc38 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\svchost.exe[1548] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection 0000000077b1dc50 6 bytes [48, B8, F9, 1D, A4, 75] .text C:\Windows\system32\svchost.exe[1548] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection + 8 0000000077b1dc58 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\svchost.exe[1548] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077b1dc70 6 bytes [48, B8, 79, AD, A4, 75] .text C:\Windows\system32\svchost.exe[1548] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess + 8 0000000077b1dc78 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\svchost.exe[1548] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077b1dd50 6 bytes [48, B8, 79, 2F, A4, 75] .text C:\Windows\system32\svchost.exe[1548] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory + 8 0000000077b1dd58 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\svchost.exe[1548] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077b1dd70 6 bytes [48, B8, 79, 36, A4, 75] .text C:\Windows\system32\svchost.exe[1548] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject + 8 0000000077b1dd78 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\svchost.exe[1548] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 0000000077b1de00 6 bytes [48, B8, B9, 34, A4, 75] .text C:\Windows\system32\svchost.exe[1548] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread + 8 0000000077b1de08 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\svchost.exe[1548] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcessEx 0000000077b1de80 6 bytes [48, B8, 39, 2A, A4, 75] .text C:\Windows\system32\svchost.exe[1548] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcessEx + 8 0000000077b1de88 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\svchost.exe[1548] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077b1de90 6 bytes [48, B8, B9, 26, A4, 75] .text C:\Windows\system32\svchost.exe[1548] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread + 8 0000000077b1de98 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\svchost.exe[1548] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 0000000077b1df00 6 bytes [48, B8, 79, DE, A4, 75] .text C:\Windows\system32\svchost.exe[1548] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile + 8 0000000077b1df08 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\svchost.exe[1548] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcess 0000000077b1e3d0 6 bytes [48, B8, 79, 28, A4, 75] .text C:\Windows\system32\svchost.exe[1548] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcess + 8 0000000077b1e3d8 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\svchost.exe[1548] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077b1e430 6 bytes [48, B8, F9, 24, A4, 75] .text C:\Windows\system32\svchost.exe[1548] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx + 8 0000000077b1e438 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\svchost.exe[1548] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077b1e7a0 6 bytes [48, B8, 39, C4, A4, 75] .text C:\Windows\system32\svchost.exe[1548] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver + 8 0000000077b1e7a8 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\svchost.exe[1548] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcessToken 0000000077b1e970 6 bytes [48, B8, 79, 01, A5, 75] .text C:\Windows\system32\svchost.exe[1548] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcessToken + 8 0000000077b1e978 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\svchost.exe[1548] C:\Windows\SYSTEM32\ntdll.dll!NtRaiseHardError 0000000077b1ece0 6 bytes [48, B8, 79, 83, A4, 75] .text C:\Windows\system32\svchost.exe[1548] C:\Windows\SYSTEM32\ntdll.dll!NtRaiseHardError + 8 0000000077b1ece8 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\svchost.exe[1548] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077b1eee0 6 bytes [48, B8, 39, 31, A4, 75] .text C:\Windows\system32\svchost.exe[1548] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread + 8 0000000077b1eee8 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\svchost.exe[1548] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077b1f0a0 6 bytes [48, B8, F9, C5, A4, 75] .text C:\Windows\system32\svchost.exe[1548] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation + 8 0000000077b1f0a8 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\svchost.exe[1548] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077b1f180 6 bytes [48, B8, 79, 3D, A4, 75] .text C:\Windows\system32\svchost.exe[1548] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess + 8 0000000077b1f188 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\svchost.exe[1548] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077b1f190 6 bytes [48, B8, B9, 3B, A4, 75] .text C:\Windows\system32\svchost.exe[1548] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread + 8 0000000077b1f198 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\svchost.exe[1548] C:\Windows\SYSTEM32\ntdll.dll!RtlReportException + 1 0000000077b8f0c1 11 bytes [B8, 39, 85, A4, 75, 00, 00, ...] .text C:\Windows\system32\svchost.exe[1548] C:\Windows\system32\kernel32.dll!Process32NextW + 1 00000000779b1b21 11 bytes [B8, B9, C0, A4, 75, 00, 00, ...] .text C:\Windows\system32\svchost.exe[1548] C:\Windows\system32\kernel32.dll!CreateToolhelp32Snapshot 00000000779b1c10 12 bytes [48, B8, F9, 39, A4, 75, 00, ...] .text C:\Windows\system32\svchost.exe[1548] C:\Windows\system32\kernel32.dll!MoveFileExW + 1 00000000779b2b61 8 bytes [B8, B9, D5, A4, 75, 00, 00, ...] .text C:\Windows\system32\svchost.exe[1548] C:\Windows\system32\kernel32.dll!MoveFileExW + 10 00000000779b2b6a 2 bytes [50, C3] .text C:\Windows\system32\svchost.exe[1548] C:\Windows\system32\kernel32.dll!CreateProcessInternalW 00000000779cdb10 12 bytes [48, B8, B9, 2D, A4, 75, 00, ...] .text C:\Windows\system32\svchost.exe[1548] C:\Windows\system32\kernel32.dll!GetStartupInfoA + 1 00000000779d0951 11 bytes [B8, 79, 08, A5, 75, 00, 00, ...] .text C:\Windows\system32\svchost.exe[1548] C:\Windows\system32\kernel32.dll!ReadConsoleInputW + 1 0000000077a052c1 11 bytes [B8, B9, 7A, A4, 75, 00, 00, ...] .text C:\Windows\system32\svchost.exe[1548] C:\Windows\system32\kernel32.dll!ReadConsoleInputA + 1 0000000077a052e1 11 bytes [B8, 39, 77, A4, 75, 00, 00, ...] .text C:\Windows\system32\svchost.exe[1548] C:\Windows\system32\kernel32.dll!ReadConsoleW 0000000077a1a630 12 bytes [48, B8, B9, 81, A4, 75, 00, ...] .text C:\Windows\system32\svchost.exe[1548] C:\Windows\system32\kernel32.dll!ReadConsoleA 0000000077a1a740 12 bytes [48, B8, 39, 7E, A4, 75, 00, ...] .text C:\Windows\system32\svchost.exe[1548] C:\Windows\system32\kernel32.dll!MoveFileWithProgressW + 1 0000000077a3f4e1 11 bytes [B8, B9, DC, A4, 75, 00, 00, ...] .text C:\Windows\system32\svchost.exe[1548] C:\Windows\system32\kernel32.dll!MoveFileWithProgressA + 1 0000000077a3f6e1 11 bytes [B8, 39, D9, A4, 75, 00, 00, ...] .text C:\Windows\system32\svchost.exe[1548] C:\Windows\system32\kernel32.dll!MoveFileExA + 1 0000000077a3f711 8 bytes [B8, 39, D2, A4, 75, 00, 00, ...] .text C:\Windows\system32\svchost.exe[1548] C:\Windows\system32\kernel32.dll!MoveFileExA + 10 0000000077a3f71a 2 bytes [50, C3] .text C:\Windows\system32\svchost.exe[1548] C:\Windows\system32\KERNELBASE.dll!CloseHandle + 1 000007fefd951861 11 bytes [B8, 79, 52, A4, 75, 00, 00, ...] .text C:\Windows\system32\svchost.exe[1548] C:\Windows\system32\KERNELBASE.dll!GetProcAddress + 1 000007fefd9530f1 11 bytes [B8, 39, B6, A4, 75, 00, 00, ...] .text C:\Windows\system32\svchost.exe[1548] C:\Windows\system32\KERNELBASE.dll!FindFirstFileExW 000007fefd954a20 12 bytes [48, B8, F9, E1, A4, 75, 00, ...] .text C:\Windows\system32\svchost.exe[1548] C:\Windows\system32\KERNELBASE.dll!FindNextFileW + 1 000007fefd955501 11 bytes [B8, B9, E3, A4, 75, 00, 00, ...] .text C:\Windows\system32\svchost.exe[1548] C:\Windows\system32\KERNELBASE.dll!CreateMutexW 000007fefd9585b0 12 bytes [48, B8, B9, 50, A4, 75, 00, ...] .text C:\Windows\system32\svchost.exe[1548] C:\Windows\system32\KERNELBASE.dll!DeviceIoControl + 1 000007fefd9590a1 11 bytes [B8, 39, E0, A4, 75, 00, 00, ...] .text C:\Windows\system32\svchost.exe[1548] C:\Windows\system32\KERNELBASE.dll!CreateWellKnownSid + 1 000007fefd95a881 11 bytes [B8, B9, FF, A4, 75, 00, 00, ...] .text C:\Windows\system32\svchost.exe[1548] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd95ac50 12 bytes [48, B8, B9, B2, A4, 75, 00, ...] .text C:\Windows\system32\svchost.exe[1548] C:\Windows\system32\KERNELBASE.dll!FreeLibrary + 1 000007fefd95b2c1 11 bytes [B8, 79, B4, A4, 75, 00, 00, ...] .text C:\Windows\system32\svchost.exe[1548] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExA + 1 000007fefd95cec1 11 bytes [B8, F9, B0, A4, 75, 00, 00, ...] .text C:\Windows\system32\svchost.exe[1548] C:\Windows\system32\KERNELBASE.dll!OpenMutexW + 1 000007fefd963c71 11 bytes [B8, F9, 4E, A4, 75, 00, 00, ...] .text C:\Windows\system32\svchost.exe[1548] C:\Windows\system32\KERNELBASE.dll!WriteProcessMemory 000007fefd984300 12 bytes [48, B8, B9, 42, A4, 75, 00, ...] .text C:\Windows\system32\svchost.exe[1548] C:\Windows\system32\KERNELBASE.dll!DefineDosDeviceW + 1 000007fefd990bc1 11 bytes [B8, B9, CE, A4, 75, 00, 00, ...] .text C:\Windows\system32\svchost.exe[1548] C:\Windows\system32\KERNELBASE.dll!CreateRemoteThread + 1 000007fefd992821 8 bytes [B8, 39, 23, A4, 75, 00, 00, ...] .text C:\Windows\system32\svchost.exe[1548] C:\Windows\system32\KERNELBASE.dll!CreateRemoteThread + 10 000007fefd99282a 2 bytes [50, C3] .text C:\Windows\system32\svchost.exe[1548] C:\Windows\system32\KERNELBASE.dll!CreateThread + 1 000007fefd992861 11 bytes [B8, F9, 40, A4, 75, 00, 00, ...] .text C:\Windows\system32\svchost.exe[1548] C:\Windows\SYSTEM32\sechost.dll!ControlService + 1 000007fefe88642d 11 bytes [B8, 39, 5B, A4, 75, 00, 00, ...] .text C:\Windows\system32\svchost.exe[1548] C:\Windows\SYSTEM32\sechost.dll!OpenServiceW 000007fefe886484 12 bytes [48, B8, F9, 55, A4, 75, 00, ...] .text C:\Windows\system32\svchost.exe[1548] C:\Windows\SYSTEM32\sechost.dll!CloseServiceHandle + 1 000007fefe886519 11 bytes [B8, 39, 62, A4, 75, 00, 00, ...] .text C:\Windows\system32\svchost.exe[1548] C:\Windows\SYSTEM32\sechost.dll!OpenServiceA 000007fefe886c34 12 bytes [48, B8, 39, 54, A4, 75, 00, ...] .text C:\Windows\system32\svchost.exe[1548] C:\Windows\SYSTEM32\sechost.dll!DeleteService + 1 000007fefe887ab5 11 bytes [B8, F9, 5C, A4, 75, 00, 00, ...] .text C:\Windows\system32\svchost.exe[1548] C:\Windows\SYSTEM32\sechost.dll!ControlServiceExA + 1 000007fefe888b01 11 bytes [B8, B9, 57, A4, 75, 00, 00, ...] .text C:\Windows\system32\svchost.exe[1548] C:\Windows\SYSTEM32\sechost.dll!ControlServiceExW + 1 000007fefe888c39 11 bytes [B8, 79, 59, A4, 75, 00, 00, ...] .text C:\Windows\system32\svchost.exe[1548] C:\Windows\system32\GDI32.dll!GdiDllInitialize + 349 000007feff8fb031 11 bytes [B8, 39, 0A, A5, 75, 00, 00, ...] .text C:\Windows\system32\svchost.exe[1548] C:\Windows\system32\GDI32.dll!NamedEscape + 1 000007feff929209 11 bytes [B8, 39, F5, A4, 75, 00, 00, ...] .text C:\Windows\system32\svchost.exe[1548] C:\Windows\system32\ADVAPI32.dll!CryptExportKey + 1 000007fefe00ae81 11 bytes [B8, B9, F8, A4, 75, 00, 00, ...] .text C:\Windows\system32\svchost.exe[1548] C:\Windows\system32\ADVAPI32.dll!CryptAcquireContextA + 1 000007fefe00aee1 11 bytes [B8, 79, E5, A4, 75, 00, 00, ...] .text C:\Windows\system32\svchost.exe[1548] C:\Windows\system32\ADVAPI32.dll!CryptImportKey + 1 000007fefe00e6e9 11 bytes [B8, F9, FD, A4, 75, 00, 00, ...] .text C:\Windows\system32\svchost.exe[1548] C:\Windows\system32\ADVAPI32.dll!CryptAcquireContextW + 1 000007fefe01048d 11 bytes [B8, 39, E7, A4, 75, 00, 00, ...] .text C:\Windows\system32\svchost.exe[1548] C:\Windows\system32\ADVAPI32.dll!CryptCreateHash + 1 000007fefe010579 11 bytes [B8, F9, F6, A4, 75, 00, 00, ...] .text C:\Windows\system32\svchost.exe[1548] C:\Windows\system32\ADVAPI32.dll!CryptGetHashParam + 1 000007fefe0105b1 11 bytes [B8, 79, FA, A4, 75, 00, 00, ...] .text C:\Windows\system32\svchost.exe[1548] C:\Windows\system32\ADVAPI32.dll!CryptGetHashParam + 73 000007fefe0105f9 5 bytes [B8, 39, FC, A4, 75] .text ... * 2 .text C:\Windows\system32\svchost.exe[1548] C:\Windows\system32\ADVAPI32.dll!IsTextUnicode + 49 000007fefe024e21 11 bytes [B8, B9, 0D, A5, 75, 00, 00, ...] .text C:\Windows\system32\svchost.exe[1548] C:\Windows\system32\ADVAPI32.dll!CreateServiceW 000007fefe025538 12 bytes [48, B8, B9, 6C, A4, 75, 00, ...] .text C:\Windows\system32\svchost.exe[1548] C:\Windows\system32\ADVAPI32.dll!CryptEncrypt + 1 000007fefe03b9c1 7 bytes [B8, B9, EA, A4, 75, 00, 00] .text C:\Windows\system32\svchost.exe[1548] C:\Windows\system32\ADVAPI32.dll!CryptEncrypt + 10 000007fefe03b9ca 2 bytes [50, C3] .text C:\Windows\system32\svchost.exe[1548] C:\Windows\system32\ADVAPI32.dll!CreateServiceA 000007fefe03ba4c 12 bytes [48, B8, F9, 6A, A4, 75, 00, ...] .text C:\Windows\system32\svchost.exe[1548] C:\Windows\system32\ADVAPI32.dll!ChangeServiceConfigW 000007fefe03bbc0 12 bytes [48, B8, 79, 60, A4, 75, 00, ...] .text C:\Windows\system32\svchost.exe[1548] C:\Windows\system32\ADVAPI32.dll!ChangeServiceConfigA 000007fefe03bc2c 12 bytes [48, B8, B9, 5E, A4, 75, 00, ...] .text C:\Windows\system32\svchost.exe[1548] C:\Windows\system32\winhttp.dll!WinHttpCloseHandle 000007fefc1b22e0 12 bytes [48, B8, F9, A2, A4, 75, 00, ...] .text C:\Windows\system32\svchost.exe[1548] C:\Windows\system32\winhttp.dll!WinHttpOpenRequest 000007fefc1b45f8 12 bytes [48, B8, 39, A1, A4, 75, 00, ...] .text C:\Windows\system32\svchost.exe[1548] C:\Windows\system32\winhttp.dll!WinHttpConnect 000007fefc1c3e3c 12 bytes [48, B8, B9, A4, A4, 75, 00, ...] .text C:\Windows\system32\svchost.exe[1548] C:\Windows\system32\WS2_32.dll!WSASend + 1 000007feff9613b1 11 bytes [B8, B9, AB, A4, 75, 00, 00, ...] .text C:\Windows\system32\svchost.exe[1548] C:\Windows\system32\WS2_32.dll!closesocket 000007feff9618e0 12 bytes [48, B8, F9, A9, A4, 75, 00, ...] .text C:\Windows\system32\svchost.exe[1548] C:\Windows\system32\WS2_32.dll!WSASocketW + 1 000007feff961bd1 11 bytes [B8, 39, A8, A4, 75, 00, 00, ...] .text C:\Windows\system32\svchost.exe[1548] C:\Windows\system32\WS2_32.dll!WSARecv + 1 000007feff962201 11 bytes [B8, 79, F3, A4, 75, 00, 00, ...] .text C:\Windows\system32\svchost.exe[1548] C:\Windows\system32\WS2_32.dll!GetAddrInfoW 000007feff9623c0 12 bytes [48, B8, 39, 8C, A4, 75, 00, ...] .text C:\Windows\system32\svchost.exe[1548] C:\Windows\system32\WS2_32.dll!connect 000007feff9645c0 12 bytes [48, B8, 79, 67, A4, 75, 00, ...] .text C:\Windows\system32\svchost.exe[1548] C:\Windows\system32\WS2_32.dll!send + 1 000007feff968001 11 bytes [B8, 79, A6, A4, 75, 00, 00, ...] .text C:\Windows\system32\svchost.exe[1548] C:\Windows\system32\WS2_32.dll!gethostbyname 000007feff968df0 7 bytes [48, B8, B9, 8F, A4, 75, 00] .text C:\Windows\system32\svchost.exe[1548] C:\Windows\system32\WS2_32.dll!gethostbyname + 9 000007feff968df9 3 bytes [00, 50, C3] .text C:\Windows\system32\svchost.exe[1548] C:\Windows\system32\WS2_32.dll!GetAddrInfoExW 000007feff96c090 12 bytes [48, B8, F9, 8D, A4, 75, 00, ...] .text C:\Windows\system32\svchost.exe[1548] C:\Windows\system32\WS2_32.dll!socket + 1 000007feff96de91 11 bytes [B8, 79, EC, A4, 75, 00, 00, ...] .text C:\Windows\system32\svchost.exe[1548] C:\Windows\system32\WS2_32.dll!recv + 1 000007feff96df41 11 bytes [B8, B9, F1, A4, 75, 00, 00, ...] .text C:\Windows\system32\svchost.exe[1548] C:\Windows\system32\WS2_32.dll!WSAConnect + 1 000007feff98e0f1 11 bytes [B8, F9, EF, A4, 75, 00, 00, ...] .text C:\Windows\system32\svchost.exe[1548] C:\Windows\system32\DNSAPI.dll!DnsQuery_UTF8 000007fefcea56e0 12 bytes [48, B8, 39, CB, A4, 75, 00, ...] .text C:\Windows\system32\svchost.exe[1548] C:\Windows\system32\DNSAPI.dll!DnsQuery_W 000007fefceb010c 12 bytes [48, B8, 79, C9, A4, 75, 00, ...] .text C:\Windows\system32\svchost.exe[1548] C:\Windows\system32\DNSAPI.dll!DnsQuery_A 000007fefcecdaa0 12 bytes [48, B8, B9, C7, A4, 75, 00, ...] .text C:\Windows\system32\svchost.exe[1572] C:\Windows\SYSTEM32\ntdll.dll!RtlEqualSid + 1 0000000077af85e1 11 bytes [B8, F9, 04, A5, 75, 00, 00, ...] .text C:\Windows\system32\svchost.exe[1572] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateProcessParametersEx + 1 0000000077b06921 7 bytes [B8, 39, 69, A4, 75, 00, 00] .text C:\Windows\system32\svchost.exe[1572] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateProcessParametersEx + 10 0000000077b0692a 2 bytes [50, C3] .text C:\Windows\system32\svchost.exe[1572] C:\Windows\SYSTEM32\ntdll.dll!NtClose 0000000077b1daa0 6 bytes [48, B8, 79, C2, A4, 75] .text C:\Windows\system32\svchost.exe[1572] C:\Windows\SYSTEM32\ntdll.dll!NtClose + 8 0000000077b1daa8 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\svchost.exe[1572] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess 0000000077b1db70 6 bytes [48, B8, 39, AF, A4, 75] .text C:\Windows\system32\svchost.exe[1572] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess + 8 0000000077b1db78 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\svchost.exe[1572] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationToken 0000000077b1dbc0 6 bytes [48, B8, 39, 03, A5, 75] .text C:\Windows\system32\svchost.exe[1572] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationToken + 8 0000000077b1dbc8 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\svchost.exe[1572] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077b1dc10 6 bytes [48, B8, F9, 32, A4, 75] .text C:\Windows\system32\svchost.exe[1572] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess + 8 0000000077b1dc18 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\svchost.exe[1572] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 0000000077b1dc30 6 bytes [48, B8, 39, 1C, A4, 75] .text C:\Windows\system32\svchost.exe[1572] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection + 8 0000000077b1dc38 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\svchost.exe[1572] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection 0000000077b1dc50 6 bytes [48, B8, F9, 1D, A4, 75] .text C:\Windows\system32\svchost.exe[1572] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection + 8 0000000077b1dc58 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\svchost.exe[1572] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077b1dc70 6 bytes [48, B8, 79, AD, A4, 75] .text C:\Windows\system32\svchost.exe[1572] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess + 8 0000000077b1dc78 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\svchost.exe[1572] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077b1dd50 6 bytes [48, B8, 79, 2F, A4, 75] .text C:\Windows\system32\svchost.exe[1572] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory + 8 0000000077b1dd58 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\svchost.exe[1572] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077b1dd70 6 bytes [48, B8, 79, 36, A4, 75] .text C:\Windows\system32\svchost.exe[1572] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject + 8 0000000077b1dd78 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\svchost.exe[1572] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 0000000077b1de00 6 bytes [48, B8, B9, 34, A4, 75] .text C:\Windows\system32\svchost.exe[1572] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread + 8 0000000077b1de08 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\svchost.exe[1572] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcessEx 0000000077b1de80 6 bytes [48, B8, 39, 2A, A4, 75] .text C:\Windows\system32\svchost.exe[1572] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcessEx + 8 0000000077b1de88 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\svchost.exe[1572] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077b1de90 6 bytes [48, B8, B9, 26, A4, 75] .text C:\Windows\system32\svchost.exe[1572] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread + 8 0000000077b1de98 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\svchost.exe[1572] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 0000000077b1df00 6 bytes [48, B8, 79, DE, A4, 75] .text C:\Windows\system32\svchost.exe[1572] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile + 8 0000000077b1df08 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\svchost.exe[1572] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcess 0000000077b1e3d0 6 bytes [48, B8, 79, 28, A4, 75] .text C:\Windows\system32\svchost.exe[1572] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcess + 8 0000000077b1e3d8 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\svchost.exe[1572] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077b1e430 6 bytes [48, B8, F9, 24, A4, 75] .text C:\Windows\system32\svchost.exe[1572] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx + 8 0000000077b1e438 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\svchost.exe[1572] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077b1e7a0 6 bytes [48, B8, 39, C4, A4, 75] .text C:\Windows\system32\svchost.exe[1572] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver + 8 0000000077b1e7a8 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\svchost.exe[1572] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcessToken 0000000077b1e970 6 bytes [48, B8, 79, 01, A5, 75] .text C:\Windows\system32\svchost.exe[1572] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcessToken + 8 0000000077b1e978 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\svchost.exe[1572] C:\Windows\SYSTEM32\ntdll.dll!NtRaiseHardError 0000000077b1ece0 6 bytes [48, B8, 79, 83, A4, 75] .text C:\Windows\system32\svchost.exe[1572] C:\Windows\SYSTEM32\ntdll.dll!NtRaiseHardError + 8 0000000077b1ece8 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\svchost.exe[1572] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077b1eee0 6 bytes [48, B8, 39, 31, A4, 75] .text C:\Windows\system32\svchost.exe[1572] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread + 8 0000000077b1eee8 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\svchost.exe[1572] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077b1f0a0 6 bytes [48, B8, F9, C5, A4, 75] .text C:\Windows\system32\svchost.exe[1572] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation + 8 0000000077b1f0a8 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\svchost.exe[1572] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077b1f180 6 bytes [48, B8, 79, 3D, A4, 75] .text C:\Windows\system32\svchost.exe[1572] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess + 8 0000000077b1f188 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\svchost.exe[1572] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077b1f190 6 bytes [48, B8, B9, 3B, A4, 75] .text C:\Windows\system32\svchost.exe[1572] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread + 8 0000000077b1f198 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\svchost.exe[1572] C:\Windows\SYSTEM32\ntdll.dll!RtlReportException + 1 0000000077b8f0c1 11 bytes [B8, 39, 85, A4, 75, 00, 00, ...] .text C:\Windows\system32\svchost.exe[1572] C:\Windows\system32\kernel32.dll!Process32NextW + 1 00000000779b1b21 11 bytes [B8, B9, C0, A4, 75, 00, 00, ...] .text C:\Windows\system32\svchost.exe[1572] C:\Windows\system32\kernel32.dll!CreateToolhelp32Snapshot 00000000779b1c10 12 bytes [48, B8, F9, 39, A4, 75, 00, ...] .text C:\Windows\system32\svchost.exe[1572] C:\Windows\system32\kernel32.dll!MoveFileExW + 1 00000000779b2b61 8 bytes [B8, B9, D5, A4, 75, 00, 00, ...] .text C:\Windows\system32\svchost.exe[1572] C:\Windows\system32\kernel32.dll!MoveFileExW + 10 00000000779b2b6a 2 bytes [50, C3] .text C:\Windows\system32\svchost.exe[1572] C:\Windows\system32\kernel32.dll!CreateProcessInternalW 00000000779cdb10 12 bytes [48, B8, B9, 2D, A4, 75, 00, ...] .text C:\Windows\system32\svchost.exe[1572] C:\Windows\system32\kernel32.dll!GetStartupInfoA + 1 00000000779d0951 11 bytes [B8, 79, 08, A5, 75, 00, 00, ...] .text C:\Windows\system32\svchost.exe[1572] C:\Windows\system32\kernel32.dll!ReadConsoleInputW + 1 0000000077a052c1 11 bytes [B8, B9, 7A, A4, 75, 00, 00, ...] .text C:\Windows\system32\svchost.exe[1572] C:\Windows\system32\kernel32.dll!ReadConsoleInputA + 1 0000000077a052e1 11 bytes [B8, 39, 77, A4, 75, 00, 00, ...] .text C:\Windows\system32\svchost.exe[1572] C:\Windows\system32\kernel32.dll!ReadConsoleW 0000000077a1a630 12 bytes [48, B8, B9, 81, A4, 75, 00, ...] .text C:\Windows\system32\svchost.exe[1572] C:\Windows\system32\kernel32.dll!ReadConsoleA 0000000077a1a740 12 bytes [48, B8, 39, 7E, A4, 75, 00, ...] .text C:\Windows\system32\svchost.exe[1572] C:\Windows\system32\kernel32.dll!MoveFileWithProgressW + 1 0000000077a3f4e1 11 bytes [B8, B9, DC, A4, 75, 00, 00, ...] .text C:\Windows\system32\svchost.exe[1572] C:\Windows\system32\kernel32.dll!MoveFileWithProgressA + 1 0000000077a3f6e1 11 bytes [B8, 39, D9, A4, 75, 00, 00, ...] .text C:\Windows\system32\svchost.exe[1572] C:\Windows\system32\kernel32.dll!MoveFileExA + 1 0000000077a3f711 8 bytes [B8, 39, D2, A4, 75, 00, 00, ...] .text C:\Windows\system32\svchost.exe[1572] C:\Windows\system32\kernel32.dll!MoveFileExA + 10 0000000077a3f71a 2 bytes [50, C3] .text C:\Windows\system32\svchost.exe[1572] C:\Windows\system32\KERNELBASE.dll!CloseHandle + 1 000007fefd951861 11 bytes [B8, 79, 52, A4, 75, 00, 00, ...] .text C:\Windows\system32\svchost.exe[1572] C:\Windows\system32\KERNELBASE.dll!GetProcAddress + 1 000007fefd9530f1 11 bytes [B8, 39, B6, A4, 75, 00, 00, ...] .text C:\Windows\system32\svchost.exe[1572] C:\Windows\system32\KERNELBASE.dll!FindFirstFileExW 000007fefd954a20 12 bytes [48, B8, F9, E1, A4, 75, 00, ...] .text C:\Windows\system32\svchost.exe[1572] C:\Windows\system32\KERNELBASE.dll!FindNextFileW + 1 000007fefd955501 11 bytes [B8, B9, E3, A4, 75, 00, 00, ...] .text C:\Windows\system32\svchost.exe[1572] C:\Windows\system32\KERNELBASE.dll!CreateMutexW 000007fefd9585b0 12 bytes [48, B8, B9, 50, A4, 75, 00, ...] .text C:\Windows\system32\svchost.exe[1572] C:\Windows\system32\KERNELBASE.dll!DeviceIoControl + 1 000007fefd9590a1 11 bytes [B8, 39, E0, A4, 75, 00, 00, ...] .text C:\Windows\system32\svchost.exe[1572] C:\Windows\system32\KERNELBASE.dll!CreateWellKnownSid + 1 000007fefd95a881 11 bytes [B8, B9, FF, A4, 75, 00, 00, ...] .text C:\Windows\system32\svchost.exe[1572] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd95ac50 12 bytes [48, B8, B9, B2, A4, 75, 00, ...] .text C:\Windows\system32\svchost.exe[1572] C:\Windows\system32\KERNELBASE.dll!FreeLibrary + 1 000007fefd95b2c1 11 bytes [B8, 79, B4, A4, 75, 00, 00, ...] .text C:\Windows\system32\svchost.exe[1572] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExA + 1 000007fefd95cec1 11 bytes [B8, F9, B0, A4, 75, 00, 00, ...] .text C:\Windows\system32\svchost.exe[1572] C:\Windows\system32\KERNELBASE.dll!OpenMutexW + 1 000007fefd963c71 11 bytes [B8, F9, 4E, A4, 75, 00, 00, ...] .text C:\Windows\system32\svchost.exe[1572] C:\Windows\system32\KERNELBASE.dll!WriteProcessMemory 000007fefd984300 12 bytes [48, B8, B9, 42, A4, 75, 00, ...] .text C:\Windows\system32\svchost.exe[1572] C:\Windows\system32\KERNELBASE.dll!DefineDosDeviceW + 1 000007fefd990bc1 11 bytes [B8, B9, CE, A4, 75, 00, 00, ...] .text C:\Windows\system32\svchost.exe[1572] C:\Windows\system32\KERNELBASE.dll!CreateRemoteThread + 1 000007fefd992821 8 bytes [B8, 39, 23, A4, 75, 00, 00, ...] .text C:\Windows\system32\svchost.exe[1572] C:\Windows\system32\KERNELBASE.dll!CreateRemoteThread + 10 000007fefd99282a 2 bytes [50, C3] .text C:\Windows\system32\svchost.exe[1572] C:\Windows\system32\KERNELBASE.dll!CreateThread + 1 000007fefd992861 11 bytes [B8, F9, 40, A4, 75, 00, 00, ...] .text C:\Windows\system32\svchost.exe[1572] C:\Windows\SYSTEM32\sechost.dll!ControlService + 1 000007fefe88642d 11 bytes [B8, 39, 5B, A4, 75, 00, 00, ...] .text C:\Windows\system32\svchost.exe[1572] C:\Windows\SYSTEM32\sechost.dll!OpenServiceW 000007fefe886484 12 bytes [48, B8, F9, 55, A4, 75, 00, ...] .text C:\Windows\system32\svchost.exe[1572] C:\Windows\SYSTEM32\sechost.dll!CloseServiceHandle + 1 000007fefe886519 11 bytes [B8, 39, 62, A4, 75, 00, 00, ...] .text C:\Windows\system32\svchost.exe[1572] C:\Windows\SYSTEM32\sechost.dll!OpenServiceA 000007fefe886c34 12 bytes [48, B8, 39, 54, A4, 75, 00, ...] .text C:\Windows\system32\svchost.exe[1572] C:\Windows\SYSTEM32\sechost.dll!DeleteService + 1 000007fefe887ab5 11 bytes [B8, F9, 5C, A4, 75, 00, 00, ...] .text C:\Windows\system32\svchost.exe[1572] C:\Windows\SYSTEM32\sechost.dll!ControlServiceExA + 1 000007fefe888b01 11 bytes [B8, B9, 57, A4, 75, 00, 00, ...] .text C:\Windows\system32\svchost.exe[1572] C:\Windows\SYSTEM32\sechost.dll!ControlServiceExW + 1 000007fefe888c39 11 bytes [B8, 79, 59, A4, 75, 00, 00, ...] .text C:\Windows\system32\svchost.exe[1572] C:\Windows\system32\GDI32.dll!GdiDllInitialize + 349 000007feff8fb031 11 bytes [B8, 39, 0A, A5, 75, 00, 00, ...] .text C:\Windows\system32\svchost.exe[1572] C:\Windows\system32\GDI32.dll!NamedEscape + 1 000007feff929209 11 bytes [B8, 39, F5, A4, 75, 00, 00, ...] .text C:\Windows\system32\svchost.exe[1572] C:\Windows\system32\ADVAPI32.dll!CryptExportKey + 1 000007fefe00ae81 11 bytes [B8, B9, F8, A4, 75, 00, 00, ...] .text C:\Windows\system32\svchost.exe[1572] C:\Windows\system32\ADVAPI32.dll!CryptAcquireContextA + 1 000007fefe00aee1 11 bytes [B8, 79, E5, A4, 75, 00, 00, ...] .text C:\Windows\system32\svchost.exe[1572] C:\Windows\system32\ADVAPI32.dll!CryptImportKey + 1 000007fefe00e6e9 11 bytes [B8, F9, FD, A4, 75, 00, 00, ...] .text C:\Windows\system32\svchost.exe[1572] C:\Windows\system32\ADVAPI32.dll!CryptAcquireContextW + 1 000007fefe01048d 11 bytes [B8, 39, E7, A4, 75, 00, 00, ...] .text C:\Windows\system32\svchost.exe[1572] C:\Windows\system32\ADVAPI32.dll!CryptCreateHash + 1 000007fefe010579 11 bytes [B8, F9, F6, A4, 75, 00, 00, ...] .text C:\Windows\system32\svchost.exe[1572] C:\Windows\system32\ADVAPI32.dll!CryptGetHashParam + 1 000007fefe0105b1 11 bytes [B8, 79, FA, A4, 75, 00, 00, ...] .text C:\Windows\system32\svchost.exe[1572] C:\Windows\system32\ADVAPI32.dll!CryptGetHashParam + 73 000007fefe0105f9 5 bytes [B8, 39, FC, A4, 75] .text ... * 2 .text C:\Windows\system32\svchost.exe[1572] C:\Windows\system32\ADVAPI32.dll!IsTextUnicode + 49 000007fefe024e21 11 bytes [B8, B9, 0D, A5, 75, 00, 00, ...] .text C:\Windows\system32\svchost.exe[1572] C:\Windows\system32\ADVAPI32.dll!CreateServiceW 000007fefe025538 12 bytes [48, B8, B9, 6C, A4, 75, 00, ...] .text C:\Windows\system32\svchost.exe[1572] C:\Windows\system32\ADVAPI32.dll!CryptEncrypt + 1 000007fefe03b9c1 7 bytes [B8, B9, EA, A4, 75, 00, 00] .text C:\Windows\system32\svchost.exe[1572] C:\Windows\system32\ADVAPI32.dll!CryptEncrypt + 10 000007fefe03b9ca 2 bytes [50, C3] .text C:\Windows\system32\svchost.exe[1572] C:\Windows\system32\ADVAPI32.dll!CreateServiceA 000007fefe03ba4c 12 bytes [48, B8, F9, 6A, A4, 75, 00, ...] .text C:\Windows\system32\svchost.exe[1572] C:\Windows\system32\ADVAPI32.dll!ChangeServiceConfigW 000007fefe03bbc0 12 bytes [48, B8, 79, 60, A4, 75, 00, ...] .text C:\Windows\system32\svchost.exe[1572] C:\Windows\system32\ADVAPI32.dll!ChangeServiceConfigA 000007fefe03bc2c 12 bytes [48, B8, B9, 5E, A4, 75, 00, ...] .text C:\Windows\system32\svchost.exe[1572] C:\Windows\system32\WS2_32.dll!WSASend + 1 000007feff9613b1 11 bytes [B8, B9, AB, A4, 75, 00, 00, ...] .text C:\Windows\system32\svchost.exe[1572] C:\Windows\system32\WS2_32.dll!closesocket 000007feff9618e0 12 bytes [48, B8, F9, A9, A4, 75, 00, ...] .text C:\Windows\system32\svchost.exe[1572] C:\Windows\system32\WS2_32.dll!WSASocketW + 1 000007feff961bd1 11 bytes [B8, 39, A8, A4, 75, 00, 00, ...] .text C:\Windows\system32\svchost.exe[1572] C:\Windows\system32\WS2_32.dll!WSARecv + 1 000007feff962201 11 bytes [B8, 79, F3, A4, 75, 00, 00, ...] .text C:\Windows\system32\svchost.exe[1572] C:\Windows\system32\WS2_32.dll!GetAddrInfoW 000007feff9623c0 12 bytes [48, B8, 39, 8C, A4, 75, 00, ...] .text C:\Windows\system32\svchost.exe[1572] C:\Windows\system32\WS2_32.dll!connect 000007feff9645c0 12 bytes [48, B8, 79, 67, A4, 75, 00, ...] .text C:\Windows\system32\svchost.exe[1572] C:\Windows\system32\WS2_32.dll!send + 1 000007feff968001 11 bytes [B8, 79, A6, A4, 75, 00, 00, ...] .text C:\Windows\system32\svchost.exe[1572] C:\Windows\system32\WS2_32.dll!gethostbyname 000007feff968df0 7 bytes [48, B8, B9, 8F, A4, 75, 00] .text C:\Windows\system32\svchost.exe[1572] C:\Windows\system32\WS2_32.dll!gethostbyname + 9 000007feff968df9 3 bytes [00, 50, C3] .text C:\Windows\system32\svchost.exe[1572] C:\Windows\system32\WS2_32.dll!GetAddrInfoExW 000007feff96c090 12 bytes [48, B8, F9, 8D, A4, 75, 00, ...] .text C:\Windows\system32\svchost.exe[1572] C:\Windows\system32\WS2_32.dll!socket + 1 000007feff96de91 11 bytes [B8, 79, EC, A4, 75, 00, 00, ...] .text C:\Windows\system32\svchost.exe[1572] C:\Windows\system32\WS2_32.dll!recv + 1 000007feff96df41 11 bytes [B8, B9, F1, A4, 75, 00, 00, ...] .text C:\Windows\system32\svchost.exe[1572] C:\Windows\system32\WS2_32.dll!WSAConnect + 1 000007feff98e0f1 11 bytes [B8, F9, EF, A4, 75, 00, 00, ...] .text C:\Windows\system32\svchost.exe[1572] c:\windows\system32\WINHTTP.dll!WinHttpCloseHandle 000007fefc1b22e0 12 bytes [48, B8, F9, A2, A4, 75, 00, ...] .text C:\Windows\system32\svchost.exe[1572] c:\windows\system32\WINHTTP.dll!WinHttpOpenRequest 000007fefc1b45f8 12 bytes [48, B8, 39, A1, A4, 75, 00, ...] .text C:\Windows\system32\svchost.exe[1572] c:\windows\system32\WINHTTP.dll!WinHttpConnect 000007fefc1c3e3c 12 bytes [48, B8, B9, A4, A4, 75, 00, ...] .text C:\Windows\system32\svchost.exe[1572] C:\Windows\system32\DNSAPI.dll!DnsQuery_UTF8 000007fefcea56e0 12 bytes [48, B8, 39, CB, A4, 75, 00, ...] .text C:\Windows\system32\svchost.exe[1572] C:\Windows\system32\DNSAPI.dll!DnsQuery_W 000007fefceb010c 12 bytes [48, B8, 79, C9, A4, 75, 00, ...] .text C:\Windows\system32\svchost.exe[1572] C:\Windows\system32\DNSAPI.dll!DnsQuery_A 000007fefcecdaa0 12 bytes [48, B8, B9, C7, A4, 75, 00, ...] .text C:\Windows\system32\svchost.exe[1572] C:\Windows\system32\msi.dll!MsiDecomposeDescriptorW + 165 000007fef3ca3e91 11 bytes [B8, 39, 18, A5, 75, 00, 00, ...] .text C:\Windows\system32\svchost.exe[1572] C:\Windows\system32\msi.dll!MsiQueryProductStateA + 1 000007fef3d226b5 11 bytes [B8, 79, 4B, A4, 75, 00, 00, ...] .text C:\Windows\system32\svchost.exe[1572] C:\Windows\system32\msi.dll!MsiInstallProductA + 1 000007fef3d22b31 11 bytes [B8, F9, 47, A4, 75, 00, 00, ...] .text C:\Windows\system32\svchost.exe[1572] C:\Windows\system32\msi.dll!MsiQueryProductStateW + 1 000007fef3d3134d 11 bytes [B8, 39, 4D, A4, 75, 00, 00, ...] .text C:\Windows\system32\svchost.exe[1572] C:\Windows\system32\msi.dll!MsiInstallProductW + 1 000007fef3d316b9 11 bytes [B8, B9, 49, A4, 75, 00, 00, ...] .text C:\Windows\system32\svchost.exe[1572] C:\Windows\system32\msi.dll!MsiOpenDatabaseW + 1 000007fef3d49d3d 11 bytes [B8, 39, 46, A4, 75, 00, 00, ...] .text C:\Windows\system32\svchost.exe[1572] C:\Windows\system32\msi.dll!MsiOpenDatabaseA + 1 000007fef3d49f69 11 bytes [B8, 79, 44, A4, 75, 00, 00, ...] .text C:\Windows\system32\svchost.exe[1688] C:\Windows\system32\kernel32.dll!Process32NextW + 1 00000000779b1b21 11 bytes [B8, B9, C0, A4, 75, 00, 00, ...] .text C:\Windows\system32\svchost.exe[1688] C:\Windows\system32\kernel32.dll!CreateToolhelp32Snapshot 00000000779b1c10 12 bytes [48, B8, F9, 39, A4, 75, 00, ...] .text C:\Windows\system32\svchost.exe[1688] C:\Windows\system32\kernel32.dll!MoveFileExW + 1 00000000779b2b61 8 bytes [B8, B9, D5, A4, 75, 00, 00, ...] .text C:\Windows\system32\svchost.exe[1688] C:\Windows\system32\kernel32.dll!MoveFileExW + 10 00000000779b2b6a 2 bytes [50, C3] .text C:\Windows\system32\svchost.exe[1688] C:\Windows\system32\kernel32.dll!CreateProcessInternalW 00000000779cdb10 12 bytes [48, B8, B9, 2D, A4, 75, 00, ...] .text C:\Windows\system32\svchost.exe[1688] C:\Windows\system32\kernel32.dll!GetStartupInfoA + 1 00000000779d0951 11 bytes [B8, 79, 08, A5, 75, 00, 00, ...] .text C:\Windows\system32\svchost.exe[1688] C:\Windows\system32\kernel32.dll!ReadConsoleInputW + 1 0000000077a052c1 11 bytes [B8, B9, 7A, A4, 75, 00, 00, ...] .text C:\Windows\system32\svchost.exe[1688] C:\Windows\system32\kernel32.dll!ReadConsoleInputA + 1 0000000077a052e1 11 bytes [B8, 39, 77, A4, 75, 00, 00, ...] .text C:\Windows\system32\svchost.exe[1688] C:\Windows\system32\kernel32.dll!ReadConsoleW 0000000077a1a630 12 bytes [48, B8, B9, 81, A4, 75, 00, ...] .text C:\Windows\system32\svchost.exe[1688] C:\Windows\system32\kernel32.dll!ReadConsoleA 0000000077a1a740 12 bytes [48, B8, 39, 7E, A4, 75, 00, ...] .text C:\Windows\system32\svchost.exe[1688] C:\Windows\system32\kernel32.dll!MoveFileWithProgressW + 1 0000000077a3f4e1 11 bytes [B8, B9, DC, A4, 75, 00, 00, ...] .text C:\Windows\system32\svchost.exe[1688] C:\Windows\system32\kernel32.dll!MoveFileWithProgressA + 1 0000000077a3f6e1 11 bytes [B8, 39, D9, A4, 75, 00, 00, ...] .text C:\Windows\system32\svchost.exe[1688] C:\Windows\system32\kernel32.dll!MoveFileExA + 1 0000000077a3f711 8 bytes [B8, 39, D2, A4, 75, 00, 00, ...] .text C:\Windows\system32\svchost.exe[1688] C:\Windows\system32\kernel32.dll!MoveFileExA + 10 0000000077a3f71a 2 bytes [50, C3] .text C:\Windows\system32\svchost.exe[1688] C:\Windows\system32\KERNELBASE.dll!CloseHandle + 1 000007fefd951861 11 bytes [B8, 79, 52, A4, 75, 00, 00, ...] .text C:\Windows\system32\svchost.exe[1688] C:\Windows\system32\KERNELBASE.dll!GetProcAddress + 1 000007fefd9530f1 11 bytes [B8, 39, B6, A4, 75, 00, 00, ...] .text C:\Windows\system32\svchost.exe[1688] C:\Windows\system32\KERNELBASE.dll!FindFirstFileExW 000007fefd954a20 12 bytes [48, B8, F9, E1, A4, 75, 00, ...] .text C:\Windows\system32\svchost.exe[1688] C:\Windows\system32\KERNELBASE.dll!FindNextFileW + 1 000007fefd955501 11 bytes [B8, B9, E3, A4, 75, 00, 00, ...] .text C:\Windows\system32\svchost.exe[1688] C:\Windows\system32\KERNELBASE.dll!CreateMutexW 000007fefd9585b0 12 bytes [48, B8, B9, 50, A4, 75, 00, ...] .text C:\Windows\system32\svchost.exe[1688] C:\Windows\system32\KERNELBASE.dll!DeviceIoControl + 1 000007fefd9590a1 11 bytes [B8, 39, E0, A4, 75, 00, 00, ...] .text C:\Windows\system32\svchost.exe[1688] C:\Windows\system32\KERNELBASE.dll!CreateWellKnownSid + 1 000007fefd95a881 11 bytes [B8, B9, FF, A4, 75, 00, 00, ...] .text C:\Windows\system32\svchost.exe[1688] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd95ac50 12 bytes [48, B8, B9, B2, A4, 75, 00, ...] .text C:\Windows\system32\svchost.exe[1688] C:\Windows\system32\KERNELBASE.dll!FreeLibrary + 1 000007fefd95b2c1 11 bytes [B8, 79, B4, A4, 75, 00, 00, ...] .text C:\Windows\system32\svchost.exe[1688] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExA + 1 000007fefd95cec1 11 bytes [B8, F9, B0, A4, 75, 00, 00, ...] .text C:\Windows\system32\svchost.exe[1688] C:\Windows\system32\KERNELBASE.dll!OpenMutexW + 1 000007fefd963c71 11 bytes [B8, F9, 4E, A4, 75, 00, 00, ...] .text C:\Windows\system32\svchost.exe[1688] C:\Windows\system32\KERNELBASE.dll!WriteProcessMemory 000007fefd984300 12 bytes [48, B8, B9, 42, A4, 75, 00, ...] .text C:\Windows\system32\svchost.exe[1688] C:\Windows\system32\KERNELBASE.dll!DefineDosDeviceW + 1 000007fefd990bc1 11 bytes [B8, B9, CE, A4, 75, 00, 00, ...] .text C:\Windows\system32\svchost.exe[1688] C:\Windows\system32\KERNELBASE.dll!CreateRemoteThread + 1 000007fefd992821 8 bytes [B8, 39, 23, A4, 75, 00, 00, ...] .text C:\Windows\system32\svchost.exe[1688] C:\Windows\system32\KERNELBASE.dll!CreateRemoteThread + 10 000007fefd99282a 2 bytes [50, C3] .text C:\Windows\system32\svchost.exe[1688] C:\Windows\system32\KERNELBASE.dll!CreateThread + 1 000007fefd992861 11 bytes [B8, F9, 40, A4, 75, 00, 00, ...] .text C:\Windows\system32\svchost.exe[1688] C:\Windows\SYSTEM32\sechost.dll!ControlService + 1 000007fefe88642d 11 bytes [B8, 39, 5B, A4, 75, 00, 00, ...] .text C:\Windows\system32\svchost.exe[1688] C:\Windows\SYSTEM32\sechost.dll!OpenServiceW 000007fefe886484 12 bytes [48, B8, F9, 55, A4, 75, 00, ...] .text C:\Windows\system32\svchost.exe[1688] C:\Windows\SYSTEM32\sechost.dll!CloseServiceHandle + 1 000007fefe886519 11 bytes [B8, 39, 62, A4, 75, 00, 00, ...] .text C:\Windows\system32\svchost.exe[1688] C:\Windows\SYSTEM32\sechost.dll!OpenServiceA 000007fefe886c34 12 bytes [48, B8, 39, 54, A4, 75, 00, ...] .text C:\Windows\system32\svchost.exe[1688] C:\Windows\SYSTEM32\sechost.dll!DeleteService + 1 000007fefe887ab5 11 bytes [B8, F9, 5C, A4, 75, 00, 00, ...] .text C:\Windows\system32\svchost.exe[1688] C:\Windows\SYSTEM32\sechost.dll!ControlServiceExA + 1 000007fefe888b01 11 bytes [B8, B9, 57, A4, 75, 00, 00, ...] .text C:\Windows\system32\svchost.exe[1688] C:\Windows\SYSTEM32\sechost.dll!ControlServiceExW + 1 000007fefe888c39 11 bytes [B8, 79, 59, A4, 75, 00, 00, ...] .text C:\Windows\system32\svchost.exe[1688] C:\Windows\system32\GDI32.dll!GdiDllInitialize + 349 000007feff8fb031 11 bytes [B8, 39, 0A, A5, 75, 00, 00, ...] .text C:\Windows\system32\svchost.exe[1688] C:\Windows\system32\GDI32.dll!NamedEscape + 1 000007feff929209 11 bytes [B8, 39, F5, A4, 75, 00, 00, ...] .text C:\Windows\system32\svchost.exe[1688] C:\Windows\system32\ADVAPI32.dll!CryptExportKey + 1 000007fefe00ae81 11 bytes [B8, B9, F8, A4, 75, 00, 00, ...] .text C:\Windows\system32\svchost.exe[1688] C:\Windows\system32\ADVAPI32.dll!CryptAcquireContextA + 1 000007fefe00aee1 11 bytes [B8, 79, E5, A4, 75, 00, 00, ...] .text C:\Windows\system32\svchost.exe[1688] C:\Windows\system32\ADVAPI32.dll!CryptImportKey + 1 000007fefe00e6e9 11 bytes [B8, F9, FD, A4, 75, 00, 00, ...] .text C:\Windows\system32\svchost.exe[1688] C:\Windows\system32\ADVAPI32.dll!CryptAcquireContextW + 1 000007fefe01048d 11 bytes [B8, 39, E7, A4, 75, 00, 00, ...] .text C:\Windows\system32\svchost.exe[1688] C:\Windows\system32\ADVAPI32.dll!CryptCreateHash + 1 000007fefe010579 11 bytes [B8, F9, F6, A4, 75, 00, 00, ...] .text C:\Windows\system32\svchost.exe[1688] C:\Windows\system32\ADVAPI32.dll!CryptGetHashParam + 1 000007fefe0105b1 11 bytes [B8, 79, FA, A4, 75, 00, 00, ...] .text C:\Windows\system32\svchost.exe[1688] C:\Windows\system32\ADVAPI32.dll!CryptGetHashParam + 73 000007fefe0105f9 5 bytes [B8, 39, FC, A4, 75] .text ... * 2 .text C:\Windows\system32\svchost.exe[1688] C:\Windows\system32\ADVAPI32.dll!IsTextUnicode + 49 000007fefe024e21 11 bytes [B8, B9, 0D, A5, 75, 00, 00, ...] .text C:\Windows\system32\svchost.exe[1688] C:\Windows\system32\ADVAPI32.dll!CreateServiceW 000007fefe025538 12 bytes [48, B8, B9, 6C, A4, 75, 00, ...] .text C:\Windows\system32\svchost.exe[1688] C:\Windows\system32\ADVAPI32.dll!CryptEncrypt + 1 000007fefe03b9c1 7 bytes [B8, B9, EA, A4, 75, 00, 00] .text C:\Windows\system32\svchost.exe[1688] C:\Windows\system32\ADVAPI32.dll!CryptEncrypt + 10 000007fefe03b9ca 2 bytes [50, C3] .text C:\Windows\system32\svchost.exe[1688] C:\Windows\system32\ADVAPI32.dll!CreateServiceA 000007fefe03ba4c 12 bytes [48, B8, F9, 6A, A4, 75, 00, ...] .text C:\Windows\system32\svchost.exe[1688] C:\Windows\system32\ADVAPI32.dll!ChangeServiceConfigW 000007fefe03bbc0 12 bytes [48, B8, 79, 60, A4, 75, 00, ...] .text C:\Windows\system32\svchost.exe[1688] C:\Windows\system32\ADVAPI32.dll!ChangeServiceConfigA 000007fefe03bc2c 12 bytes [48, B8, B9, 5E, A4, 75, 00, ...] .text C:\Windows\system32\svchost.exe[1780] C:\Windows\SYSTEM32\ntdll.dll!RtlEqualSid + 1 0000000077af85e1 11 bytes [B8, F9, 04, A5, 75, 00, 00, ...] .text C:\Windows\system32\svchost.exe[1780] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateProcessParametersEx + 1 0000000077b06921 7 bytes [B8, 39, 69, A4, 75, 00, 00] .text C:\Windows\system32\svchost.exe[1780] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateProcessParametersEx + 10 0000000077b0692a 2 bytes [50, C3] .text C:\Windows\system32\svchost.exe[1780] C:\Windows\SYSTEM32\ntdll.dll!NtClose 0000000077b1daa0 6 bytes [48, B8, 79, C2, A4, 75] .text C:\Windows\system32\svchost.exe[1780] C:\Windows\SYSTEM32\ntdll.dll!NtClose + 8 0000000077b1daa8 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\svchost.exe[1780] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess 0000000077b1db70 6 bytes [48, B8, 39, AF, A4, 75] .text C:\Windows\system32\svchost.exe[1780] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess + 8 0000000077b1db78 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\svchost.exe[1780] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationToken 0000000077b1dbc0 6 bytes [48, B8, 39, 03, A5, 75] .text C:\Windows\system32\svchost.exe[1780] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationToken + 8 0000000077b1dbc8 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\svchost.exe[1780] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077b1dc10 6 bytes [48, B8, F9, 32, A4, 75] .text C:\Windows\system32\svchost.exe[1780] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess + 8 0000000077b1dc18 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\svchost.exe[1780] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 0000000077b1dc30 6 bytes [48, B8, 39, 1C, A4, 75] .text C:\Windows\system32\svchost.exe[1780] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection + 8 0000000077b1dc38 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\svchost.exe[1780] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection 0000000077b1dc50 6 bytes [48, B8, F9, 1D, A4, 75] .text C:\Windows\system32\svchost.exe[1780] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection + 8 0000000077b1dc58 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\svchost.exe[1780] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077b1dc70 6 bytes [48, B8, 79, AD, A4, 75] .text C:\Windows\system32\svchost.exe[1780] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess + 8 0000000077b1dc78 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\svchost.exe[1780] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077b1dd50 6 bytes [48, B8, 79, 2F, A4, 75] .text C:\Windows\system32\svchost.exe[1780] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory + 8 0000000077b1dd58 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\svchost.exe[1780] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077b1dd70 6 bytes [48, B8, 79, 36, A4, 75] .text C:\Windows\system32\svchost.exe[1780] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject + 8 0000000077b1dd78 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\svchost.exe[1780] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 0000000077b1de00 6 bytes [48, B8, B9, 34, A4, 75] .text C:\Windows\system32\svchost.exe[1780] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread + 8 0000000077b1de08 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\svchost.exe[1780] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcessEx 0000000077b1de80 6 bytes [48, B8, 39, 2A, A4, 75] .text C:\Windows\system32\svchost.exe[1780] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcessEx + 8 0000000077b1de88 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\svchost.exe[1780] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077b1de90 6 bytes [48, B8, B9, 26, A4, 75] .text C:\Windows\system32\svchost.exe[1780] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread + 8 0000000077b1de98 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\svchost.exe[1780] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 0000000077b1df00 6 bytes [48, B8, 79, DE, A4, 75] .text C:\Windows\system32\svchost.exe[1780] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile + 8 0000000077b1df08 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\svchost.exe[1780] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcess 0000000077b1e3d0 6 bytes [48, B8, 79, 28, A4, 75] .text C:\Windows\system32\svchost.exe[1780] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcess + 8 0000000077b1e3d8 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\svchost.exe[1780] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077b1e430 6 bytes [48, B8, F9, 24, A4, 75] .text C:\Windows\system32\svchost.exe[1780] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx + 8 0000000077b1e438 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\svchost.exe[1780] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077b1e7a0 6 bytes [48, B8, 39, C4, A4, 75] .text C:\Windows\system32\svchost.exe[1780] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver + 8 0000000077b1e7a8 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\svchost.exe[1780] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcessToken 0000000077b1e970 6 bytes [48, B8, 79, 01, A5, 75] .text C:\Windows\system32\svchost.exe[1780] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcessToken + 8 0000000077b1e978 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\svchost.exe[1780] C:\Windows\SYSTEM32\ntdll.dll!NtRaiseHardError 0000000077b1ece0 6 bytes [48, B8, 79, 83, A4, 75] .text C:\Windows\system32\svchost.exe[1780] C:\Windows\SYSTEM32\ntdll.dll!NtRaiseHardError + 8 0000000077b1ece8 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\svchost.exe[1780] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077b1eee0 6 bytes [48, B8, 39, 31, A4, 75] .text C:\Windows\system32\svchost.exe[1780] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread + 8 0000000077b1eee8 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\svchost.exe[1780] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077b1f0a0 6 bytes [48, B8, F9, C5, A4, 75] .text C:\Windows\system32\svchost.exe[1780] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation + 8 0000000077b1f0a8 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\svchost.exe[1780] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077b1f180 6 bytes [48, B8, 79, 3D, A4, 75] .text C:\Windows\system32\svchost.exe[1780] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess + 8 0000000077b1f188 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\svchost.exe[1780] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077b1f190 6 bytes [48, B8, B9, 3B, A4, 75] .text C:\Windows\system32\svchost.exe[1780] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread + 8 0000000077b1f198 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\svchost.exe[1780] C:\Windows\SYSTEM32\ntdll.dll!RtlReportException + 1 0000000077b8f0c1 11 bytes [B8, 39, 85, A4, 75, 00, 00, ...] .text C:\Windows\system32\svchost.exe[1780] C:\Windows\system32\kernel32.dll!Process32NextW + 1 00000000779b1b21 11 bytes [B8, B9, C0, A4, 75, 00, 00, ...] .text C:\Windows\system32\svchost.exe[1780] C:\Windows\system32\kernel32.dll!CreateToolhelp32Snapshot 00000000779b1c10 12 bytes [48, B8, F9, 39, A4, 75, 00, ...] .text C:\Windows\system32\svchost.exe[1780] C:\Windows\system32\kernel32.dll!MoveFileExW + 1 00000000779b2b61 8 bytes [B8, B9, D5, A4, 75, 00, 00, ...] .text C:\Windows\system32\svchost.exe[1780] C:\Windows\system32\kernel32.dll!MoveFileExW + 10 00000000779b2b6a 2 bytes [50, C3] .text C:\Windows\system32\svchost.exe[1780] C:\Windows\system32\kernel32.dll!CreateProcessInternalW 00000000779cdb10 12 bytes [48, B8, B9, 2D, A4, 75, 00, ...] .text C:\Windows\system32\svchost.exe[1780] C:\Windows\system32\kernel32.dll!GetStartupInfoA + 1 00000000779d0951 11 bytes [B8, 79, 08, A5, 75, 00, 00, ...] .text C:\Windows\system32\svchost.exe[1780] C:\Windows\system32\kernel32.dll!ReadConsoleInputW + 1 0000000077a052c1 11 bytes [B8, B9, 7A, A4, 75, 00, 00, ...] .text C:\Windows\system32\svchost.exe[1780] C:\Windows\system32\kernel32.dll!ReadConsoleInputA + 1 0000000077a052e1 11 bytes [B8, 39, 77, A4, 75, 00, 00, ...] .text C:\Windows\system32\svchost.exe[1780] C:\Windows\system32\kernel32.dll!ReadConsoleW 0000000077a1a630 12 bytes [48, B8, B9, 81, A4, 75, 00, ...] .text C:\Windows\system32\svchost.exe[1780] C:\Windows\system32\kernel32.dll!ReadConsoleA 0000000077a1a740 12 bytes [48, B8, 39, 7E, A4, 75, 00, ...] .text C:\Windows\system32\svchost.exe[1780] C:\Windows\system32\kernel32.dll!MoveFileWithProgressW + 1 0000000077a3f4e1 11 bytes [B8, B9, DC, A4, 75, 00, 00, ...] .text C:\Windows\system32\svchost.exe[1780] C:\Windows\system32\kernel32.dll!MoveFileWithProgressA + 1 0000000077a3f6e1 11 bytes [B8, 39, D9, A4, 75, 00, 00, ...] .text C:\Windows\system32\svchost.exe[1780] C:\Windows\system32\kernel32.dll!MoveFileExA + 1 0000000077a3f711 8 bytes [B8, 39, D2, A4, 75, 00, 00, ...] .text C:\Windows\system32\svchost.exe[1780] C:\Windows\system32\kernel32.dll!MoveFileExA + 10 0000000077a3f71a 2 bytes [50, C3] .text C:\Windows\system32\svchost.exe[1780] C:\Windows\system32\KERNELBASE.dll!CloseHandle + 1 000007fefd951861 11 bytes [B8, 79, 52, A4, 75, 00, 00, ...] .text C:\Windows\system32\svchost.exe[1780] C:\Windows\system32\KERNELBASE.dll!GetProcAddress + 1 000007fefd9530f1 11 bytes [B8, 39, B6, A4, 75, 00, 00, ...] .text C:\Windows\system32\svchost.exe[1780] C:\Windows\system32\KERNELBASE.dll!FindFirstFileExW 000007fefd954a20 12 bytes [48, B8, F9, E1, A4, 75, 00, ...] .text C:\Windows\system32\svchost.exe[1780] C:\Windows\system32\KERNELBASE.dll!FindNextFileW + 1 000007fefd955501 11 bytes [B8, B9, E3, A4, 75, 00, 00, ...] .text C:\Windows\system32\svchost.exe[1780] C:\Windows\system32\KERNELBASE.dll!CreateMutexW 000007fefd9585b0 12 bytes [48, B8, B9, 50, A4, 75, 00, ...] .text C:\Windows\system32\svchost.exe[1780] C:\Windows\system32\KERNELBASE.dll!DeviceIoControl + 1 000007fefd9590a1 11 bytes [B8, 39, E0, A4, 75, 00, 00, ...] .text C:\Windows\system32\svchost.exe[1780] C:\Windows\system32\KERNELBASE.dll!CreateWellKnownSid + 1 000007fefd95a881 11 bytes [B8, B9, FF, A4, 75, 00, 00, ...] .text C:\Windows\system32\svchost.exe[1780] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd95ac50 12 bytes [48, B8, B9, B2, A4, 75, 00, ...] .text C:\Windows\system32\svchost.exe[1780] C:\Windows\system32\KERNELBASE.dll!FreeLibrary + 1 000007fefd95b2c1 11 bytes [B8, 79, B4, A4, 75, 00, 00, ...] .text C:\Windows\system32\svchost.exe[1780] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExA + 1 000007fefd95cec1 11 bytes [B8, F9, B0, A4, 75, 00, 00, ...] .text C:\Windows\system32\svchost.exe[1780] C:\Windows\system32\KERNELBASE.dll!OpenMutexW + 1 000007fefd963c71 11 bytes [B8, F9, 4E, A4, 75, 00, 00, ...] .text C:\Windows\system32\svchost.exe[1780] C:\Windows\system32\KERNELBASE.dll!WriteProcessMemory 000007fefd984300 12 bytes [48, B8, B9, 42, A4, 75, 00, ...] .text C:\Windows\system32\svchost.exe[1780] C:\Windows\system32\KERNELBASE.dll!DefineDosDeviceW + 1 000007fefd990bc1 11 bytes [B8, B9, CE, A4, 75, 00, 00, ...] .text C:\Windows\system32\svchost.exe[1780] C:\Windows\system32\KERNELBASE.dll!CreateRemoteThread + 1 000007fefd992821 8 bytes [B8, 39, 23, A4, 75, 00, 00, ...] .text C:\Windows\system32\svchost.exe[1780] C:\Windows\system32\KERNELBASE.dll!CreateRemoteThread + 10 000007fefd99282a 2 bytes [50, C3] .text C:\Windows\system32\svchost.exe[1780] C:\Windows\system32\KERNELBASE.dll!CreateThread + 1 000007fefd992861 11 bytes [B8, F9, 40, A4, 75, 00, 00, ...] .text C:\Windows\system32\svchost.exe[1780] C:\Windows\SYSTEM32\sechost.dll!ControlService + 1 000007fefe88642d 11 bytes [B8, 39, 5B, A4, 75, 00, 00, ...] .text C:\Windows\system32\svchost.exe[1780] C:\Windows\SYSTEM32\sechost.dll!OpenServiceW 000007fefe886484 12 bytes [48, B8, F9, 55, A4, 75, 00, ...] .text C:\Windows\system32\svchost.exe[1780] C:\Windows\SYSTEM32\sechost.dll!CloseServiceHandle + 1 000007fefe886519 11 bytes [B8, 39, 62, A4, 75, 00, 00, ...] .text C:\Windows\system32\svchost.exe[1780] C:\Windows\SYSTEM32\sechost.dll!OpenServiceA 000007fefe886c34 12 bytes [48, B8, 39, 54, A4, 75, 00, ...] .text C:\Windows\system32\svchost.exe[1780] C:\Windows\SYSTEM32\sechost.dll!DeleteService + 1 000007fefe887ab5 11 bytes [B8, F9, 5C, A4, 75, 00, 00, ...] .text C:\Windows\system32\svchost.exe[1780] C:\Windows\SYSTEM32\sechost.dll!ControlServiceExA + 1 000007fefe888b01 11 bytes [B8, B9, 57, A4, 75, 00, 00, ...] .text C:\Windows\system32\svchost.exe[1780] C:\Windows\SYSTEM32\sechost.dll!ControlServiceExW + 1 000007fefe888c39 11 bytes [B8, 79, 59, A4, 75, 00, 00, ...] .text C:\Windows\system32\svchost.exe[1780] C:\Windows\system32\GDI32.dll!GdiDllInitialize + 349 000007feff8fb031 11 bytes [B8, 39, 0A, A5, 75, 00, 00, ...] .text C:\Windows\system32\svchost.exe[1780] C:\Windows\system32\GDI32.dll!NamedEscape + 1 000007feff929209 11 bytes [B8, 39, F5, A4, 75, 00, 00, ...] .text C:\Windows\system32\svchost.exe[1780] C:\Windows\system32\ADVAPI32.dll!CryptExportKey + 1 000007fefe00ae81 11 bytes [B8, B9, F8, A4, 75, 00, 00, ...] .text C:\Windows\system32\svchost.exe[1780] C:\Windows\system32\ADVAPI32.dll!CryptAcquireContextA + 1 000007fefe00aee1 11 bytes [B8, 79, E5, A4, 75, 00, 00, ...] .text C:\Windows\system32\svchost.exe[1780] C:\Windows\system32\ADVAPI32.dll!CryptImportKey + 1 000007fefe00e6e9 11 bytes [B8, F9, FD, A4, 75, 00, 00, ...] .text C:\Windows\system32\svchost.exe[1780] C:\Windows\system32\ADVAPI32.dll!CryptAcquireContextW + 1 000007fefe01048d 11 bytes [B8, 39, E7, A4, 75, 00, 00, ...] .text C:\Windows\system32\svchost.exe[1780] C:\Windows\system32\ADVAPI32.dll!CryptCreateHash + 1 000007fefe010579 11 bytes [B8, F9, F6, A4, 75, 00, 00, ...] .text C:\Windows\system32\svchost.exe[1780] C:\Windows\system32\ADVAPI32.dll!CryptGetHashParam + 1 000007fefe0105b1 11 bytes [B8, 79, FA, A4, 75, 00, 00, ...] .text C:\Windows\system32\svchost.exe[1780] C:\Windows\system32\ADVAPI32.dll!CryptGetHashParam + 73 000007fefe0105f9 5 bytes [B8, 39, FC, A4, 75] .text ... * 2 .text C:\Windows\system32\svchost.exe[1780] C:\Windows\system32\ADVAPI32.dll!IsTextUnicode + 49 000007fefe024e21 11 bytes [B8, B9, 0D, A5, 75, 00, 00, ...] .text C:\Windows\system32\svchost.exe[1780] C:\Windows\system32\ADVAPI32.dll!CreateServiceW 000007fefe025538 12 bytes [48, B8, B9, 6C, A4, 75, 00, ...] .text C:\Windows\system32\svchost.exe[1780] C:\Windows\system32\ADVAPI32.dll!CryptEncrypt + 1 000007fefe03b9c1 7 bytes [B8, B9, EA, A4, 75, 00, 00] .text C:\Windows\system32\svchost.exe[1780] C:\Windows\system32\ADVAPI32.dll!CryptEncrypt + 10 000007fefe03b9ca 2 bytes [50, C3] .text C:\Windows\system32\svchost.exe[1780] C:\Windows\system32\ADVAPI32.dll!CreateServiceA 000007fefe03ba4c 12 bytes [48, B8, F9, 6A, A4, 75, 00, ...] .text C:\Windows\system32\svchost.exe[1780] C:\Windows\system32\ADVAPI32.dll!ChangeServiceConfigW 000007fefe03bbc0 12 bytes [48, B8, 79, 60, A4, 75, 00, ...] .text C:\Windows\system32\svchost.exe[1780] C:\Windows\system32\ADVAPI32.dll!ChangeServiceConfigA 000007fefe03bc2c 12 bytes [48, B8, B9, 5E, A4, 75, 00, ...] .text C:\Windows\system32\svchost.exe[1780] C:\Windows\system32\WS2_32.dll!WSASend + 1 000007feff9613b1 11 bytes [B8, B9, AB, A4, 75, 00, 00, ...] .text C:\Windows\system32\svchost.exe[1780] C:\Windows\system32\WS2_32.dll!closesocket 000007feff9618e0 12 bytes [48, B8, F9, A9, A4, 75, 00, ...] .text C:\Windows\system32\svchost.exe[1780] C:\Windows\system32\WS2_32.dll!WSASocketW + 1 000007feff961bd1 11 bytes [B8, 39, A8, A4, 75, 00, 00, ...] .text C:\Windows\system32\svchost.exe[1780] C:\Windows\system32\WS2_32.dll!WSARecv + 1 000007feff962201 11 bytes [B8, 79, F3, A4, 75, 00, 00, ...] .text C:\Windows\system32\svchost.exe[1780] C:\Windows\system32\WS2_32.dll!GetAddrInfoW 000007feff9623c0 12 bytes [48, B8, 39, 8C, A4, 75, 00, ...] .text C:\Windows\system32\svchost.exe[1780] C:\Windows\system32\WS2_32.dll!connect 000007feff9645c0 12 bytes [48, B8, 79, 67, A4, 75, 00, ...] .text C:\Windows\system32\svchost.exe[1780] C:\Windows\system32\WS2_32.dll!send + 1 000007feff968001 11 bytes [B8, 79, A6, A4, 75, 00, 00, ...] .text C:\Windows\system32\svchost.exe[1780] C:\Windows\system32\WS2_32.dll!gethostbyname 000007feff968df0 7 bytes [48, B8, B9, 8F, A4, 75, 00] .text C:\Windows\system32\svchost.exe[1780] C:\Windows\system32\WS2_32.dll!gethostbyname + 9 000007feff968df9 3 bytes [00, 50, C3] .text C:\Windows\system32\svchost.exe[1780] C:\Windows\system32\WS2_32.dll!GetAddrInfoExW 000007feff96c090 12 bytes [48, B8, F9, 8D, A4, 75, 00, ...] .text C:\Windows\system32\svchost.exe[1780] C:\Windows\system32\WS2_32.dll!socket + 1 000007feff96de91 11 bytes [B8, 79, EC, A4, 75, 00, 00, ...] .text C:\Windows\system32\svchost.exe[1780] C:\Windows\system32\WS2_32.dll!recv + 1 000007feff96df41 11 bytes [B8, B9, F1, A4, 75, 00, 00, ...] .text C:\Windows\system32\svchost.exe[1780] C:\Windows\system32\WS2_32.dll!WSAConnect + 1 000007feff98e0f1 11 bytes [B8, F9, EF, A4, 75, 00, 00, ...] .text C:\Windows\system32\svchost.exe[1780] c:\windows\system32\DNSAPI.dll!DnsQuery_UTF8 000007fefcea56e0 12 bytes [48, B8, 39, CB, A4, 75, 00, ...] .text C:\Windows\system32\svchost.exe[1780] c:\windows\system32\DNSAPI.dll!DnsQuery_W 000007fefceb010c 12 bytes [48, B8, 79, C9, A4, 75, 00, ...] .text C:\Windows\system32\svchost.exe[1780] c:\windows\system32\DNSAPI.dll!DnsQuery_A 000007fefcecdaa0 12 bytes [48, B8, B9, C7, A4, 75, 00, ...] .text C:\Windows\system32\svchost.exe[1780] c:\windows\system32\WINHTTP.dll!WinHttpCloseHandle 000007fefc1b22e0 12 bytes [48, B8, F9, A2, A4, 75, 00, ...] .text C:\Windows\system32\svchost.exe[1780] c:\windows\system32\WINHTTP.dll!WinHttpOpenRequest 000007fefc1b45f8 12 bytes [48, B8, 39, A1, A4, 75, 00, ...] .text C:\Windows\system32\svchost.exe[1780] c:\windows\system32\WINHTTP.dll!WinHttpConnect 000007fefc1c3e3c 12 bytes [48, B8, B9, A4, A4, 75, 00, ...] .text C:\Windows\System32\spoolsv.exe[1864] C:\Windows\SYSTEM32\ntdll.dll!RtlEqualSid + 1 0000000077af85e1 11 bytes [B8, B9, 06, A5, 75, 00, 00, ...] .text C:\Windows\System32\spoolsv.exe[1864] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateProcessParametersEx + 1 0000000077b06921 7 bytes [B8, 39, 69, A4, 75, 00, 00] .text C:\Windows\System32\spoolsv.exe[1864] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateProcessParametersEx + 10 0000000077b0692a 2 bytes [50, C3] .text C:\Windows\System32\spoolsv.exe[1864] C:\Windows\SYSTEM32\ntdll.dll!NtClose 0000000077b1daa0 6 bytes [48, B8, 79, C2, A4, 75] .text C:\Windows\System32\spoolsv.exe[1864] C:\Windows\SYSTEM32\ntdll.dll!NtClose + 8 0000000077b1daa8 4 bytes [00, 00, 50, C3] .text C:\Windows\System32\spoolsv.exe[1864] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess 0000000077b1db70 6 bytes [48, B8, 39, AF, A4, 75] .text C:\Windows\System32\spoolsv.exe[1864] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess + 8 0000000077b1db78 4 bytes [00, 00, 50, C3] .text C:\Windows\System32\spoolsv.exe[1864] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationToken 0000000077b1dbc0 6 bytes [48, B8, F9, 04, A5, 75] .text C:\Windows\System32\spoolsv.exe[1864] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationToken + 8 0000000077b1dbc8 4 bytes [00, 00, 50, C3] .text C:\Windows\System32\spoolsv.exe[1864] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077b1dc10 6 bytes [48, B8, F9, 32, A4, 75] .text C:\Windows\System32\spoolsv.exe[1864] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess + 8 0000000077b1dc18 4 bytes [00, 00, 50, C3] .text C:\Windows\System32\spoolsv.exe[1864] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 0000000077b1dc30 6 bytes [48, B8, 39, 1C, A4, 75] .text C:\Windows\System32\spoolsv.exe[1864] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection + 8 0000000077b1dc38 4 bytes [00, 00, 50, C3] .text C:\Windows\System32\spoolsv.exe[1864] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection 0000000077b1dc50 6 bytes [48, B8, F9, 1D, A4, 75] .text C:\Windows\System32\spoolsv.exe[1864] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection + 8 0000000077b1dc58 4 bytes [00, 00, 50, C3] .text C:\Windows\System32\spoolsv.exe[1864] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077b1dc70 6 bytes [48, B8, 79, AD, A4, 75] .text C:\Windows\System32\spoolsv.exe[1864] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess + 8 0000000077b1dc78 4 bytes [00, 00, 50, C3] .text C:\Windows\System32\spoolsv.exe[1864] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077b1dd50 6 bytes [48, B8, 79, 2F, A4, 75] .text C:\Windows\System32\spoolsv.exe[1864] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory + 8 0000000077b1dd58 4 bytes [00, 00, 50, C3] .text C:\Windows\System32\spoolsv.exe[1864] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077b1dd70 6 bytes [48, B8, 79, 36, A4, 75] .text C:\Windows\System32\spoolsv.exe[1864] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject + 8 0000000077b1dd78 4 bytes [00, 00, 50, C3] .text C:\Windows\System32\spoolsv.exe[1864] C:\Windows\SYSTEM32\ntdll.dll!NtAdjustPrivilegesToken 0000000077b1ddc0 6 bytes [48, B8, 79, DE, A4, 75] .text C:\Windows\System32\spoolsv.exe[1864] C:\Windows\SYSTEM32\ntdll.dll!NtAdjustPrivilegesToken + 8 0000000077b1ddc8 4 bytes [00, 00, 50, C3] .text C:\Windows\System32\spoolsv.exe[1864] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 0000000077b1de00 6 bytes [48, B8, B9, 34, A4, 75] .text C:\Windows\System32\spoolsv.exe[1864] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread + 8 0000000077b1de08 4 bytes [00, 00, 50, C3] .text C:\Windows\System32\spoolsv.exe[1864] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcessEx 0000000077b1de80 6 bytes [48, B8, 39, 2A, A4, 75] .text C:\Windows\System32\spoolsv.exe[1864] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcessEx + 8 0000000077b1de88 4 bytes [00, 00, 50, C3] .text C:\Windows\System32\spoolsv.exe[1864] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077b1de90 6 bytes [48, B8, B9, 26, A4, 75] .text C:\Windows\System32\spoolsv.exe[1864] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread + 8 0000000077b1de98 4 bytes [00, 00, 50, C3] .text C:\Windows\System32\spoolsv.exe[1864] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 0000000077b1df00 6 bytes [48, B8, 39, E0, A4, 75] .text C:\Windows\System32\spoolsv.exe[1864] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile + 8 0000000077b1df08 4 bytes [00, 00, 50, C3] .text C:\Windows\System32\spoolsv.exe[1864] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcess 0000000077b1e3d0 6 bytes [48, B8, 79, 28, A4, 75] .text C:\Windows\System32\spoolsv.exe[1864] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcess + 8 0000000077b1e3d8 4 bytes [00, 00, 50, C3] .text C:\Windows\System32\spoolsv.exe[1864] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077b1e430 6 bytes [48, B8, F9, 24, A4, 75] .text C:\Windows\System32\spoolsv.exe[1864] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx + 8 0000000077b1e438 4 bytes [00, 00, 50, C3] .text C:\Windows\System32\spoolsv.exe[1864] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077b1e7a0 6 bytes [48, B8, 39, C4, A4, 75] .text C:\Windows\System32\spoolsv.exe[1864] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver + 8 0000000077b1e7a8 4 bytes [00, 00, 50, C3] .text C:\Windows\System32\spoolsv.exe[1864] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcessToken 0000000077b1e970 6 bytes [48, B8, 39, 03, A5, 75] .text C:\Windows\System32\spoolsv.exe[1864] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcessToken + 8 0000000077b1e978 4 bytes [00, 00, 50, C3] .text C:\Windows\System32\spoolsv.exe[1864] C:\Windows\SYSTEM32\ntdll.dll!NtRaiseHardError 0000000077b1ece0 6 bytes [48, B8, 79, 83, A4, 75] .text C:\Windows\System32\spoolsv.exe[1864] C:\Windows\SYSTEM32\ntdll.dll!NtRaiseHardError + 8 0000000077b1ece8 4 bytes [00, 00, 50, C3] .text C:\Windows\System32\spoolsv.exe[1864] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077b1eee0 6 bytes [48, B8, 39, 31, A4, 75] .text C:\Windows\System32\spoolsv.exe[1864] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread + 8 0000000077b1eee8 4 bytes [00, 00, 50, C3] .text C:\Windows\System32\spoolsv.exe[1864] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077b1f0a0 6 bytes [48, B8, F9, C5, A4, 75] .text C:\Windows\System32\spoolsv.exe[1864] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation + 8 0000000077b1f0a8 4 bytes [00, 00, 50, C3] .text C:\Windows\System32\spoolsv.exe[1864] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077b1f180 6 bytes [48, B8, 79, 3D, A4, 75] .text C:\Windows\System32\spoolsv.exe[1864] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess + 8 0000000077b1f188 4 bytes [00, 00, 50, C3] .text C:\Windows\System32\spoolsv.exe[1864] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077b1f190 6 bytes [48, B8, B9, 3B, A4, 75] .text C:\Windows\System32\spoolsv.exe[1864] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread + 8 0000000077b1f198 4 bytes [00, 00, 50, C3] .text C:\Windows\System32\spoolsv.exe[1864] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077b1f280 6 bytes [48, B8, F9, 0B, A5, 75] .text C:\Windows\System32\spoolsv.exe[1864] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl + 8 0000000077b1f288 4 bytes [00, 00, 50, C3] .text C:\Windows\System32\spoolsv.exe[1864] C:\Windows\SYSTEM32\ntdll.dll!RtlReportException + 1 0000000077b8f0c1 11 bytes [B8, 39, 85, A4, 75, 00, 00, ...] .text C:\Windows\System32\spoolsv.exe[1864] C:\Windows\system32\kernel32.dll!Process32NextW + 1 00000000779b1b21 11 bytes [B8, B9, C0, A4, 75, 00, 00, ...] .text C:\Windows\System32\spoolsv.exe[1864] C:\Windows\system32\kernel32.dll!CreateToolhelp32Snapshot 00000000779b1c10 12 bytes [48, B8, F9, 39, A4, 75, 00, ...] .text C:\Windows\System32\spoolsv.exe[1864] C:\Windows\system32\kernel32.dll!MoveFileExW + 1 00000000779b2b61 8 bytes [B8, B9, D5, A4, 75, 00, 00, ...] .text C:\Windows\System32\spoolsv.exe[1864] C:\Windows\system32\kernel32.dll!MoveFileExW + 10 00000000779b2b6a 2 bytes [50, C3] .text C:\Windows\System32\spoolsv.exe[1864] C:\Windows\system32\kernel32.dll!CreateProcessInternalW 00000000779cdb10 12 bytes [48, B8, B9, 2D, A4, 75, 00, ...] .text C:\Windows\System32\spoolsv.exe[1864] C:\Windows\system32\kernel32.dll!GetStartupInfoA + 1 00000000779d0951 11 bytes [B8, 39, 0A, A5, 75, 00, 00, ...] .text C:\Windows\System32\spoolsv.exe[1864] C:\Windows\system32\kernel32.dll!ReadConsoleInputW + 1 0000000077a052c1 11 bytes [B8, B9, 7A, A4, 75, 00, 00, ...] .text C:\Windows\System32\spoolsv.exe[1864] C:\Windows\system32\kernel32.dll!ReadConsoleInputA + 1 0000000077a052e1 11 bytes [B8, 39, 77, A4, 75, 00, 00, ...] .text C:\Windows\System32\spoolsv.exe[1864] C:\Windows\system32\kernel32.dll!ReadConsoleW 0000000077a1a630 12 bytes [48, B8, B9, 81, A4, 75, 00, ...] .text C:\Windows\System32\spoolsv.exe[1864] C:\Windows\system32\kernel32.dll!ReadConsoleA 0000000077a1a740 12 bytes [48, B8, 39, 7E, A4, 75, 00, ...] .text C:\Windows\System32\spoolsv.exe[1864] C:\Windows\system32\kernel32.dll!MoveFileWithProgressW + 1 0000000077a3f4e1 11 bytes [B8, B9, DC, A4, 75, 00, 00, ...] .text C:\Windows\System32\spoolsv.exe[1864] C:\Windows\system32\kernel32.dll!MoveFileWithProgressA + 1 0000000077a3f6e1 11 bytes [B8, 39, D9, A4, 75, 00, 00, ...] .text C:\Windows\System32\spoolsv.exe[1864] C:\Windows\system32\kernel32.dll!MoveFileExA + 1 0000000077a3f711 8 bytes [B8, 39, D2, A4, 75, 00, 00, ...] .text C:\Windows\System32\spoolsv.exe[1864] C:\Windows\system32\kernel32.dll!MoveFileExA + 10 0000000077a3f71a 2 bytes [50, C3] .text C:\Windows\System32\spoolsv.exe[1864] C:\Windows\system32\KERNELBASE.dll!CloseHandle + 1 000007fefd951861 11 bytes [B8, 79, 52, A4, 75, 00, 00, ...] .text C:\Windows\System32\spoolsv.exe[1864] C:\Windows\system32\KERNELBASE.dll!GetProcAddress + 1 000007fefd9530f1 11 bytes [B8, 39, B6, A4, 75, 00, 00, ...] .text C:\Windows\System32\spoolsv.exe[1864] C:\Windows\system32\KERNELBASE.dll!FindFirstFileExW 000007fefd954a20 12 bytes [48, B8, B9, E3, A4, 75, 00, ...] .text C:\Windows\System32\spoolsv.exe[1864] C:\Windows\system32\KERNELBASE.dll!FindNextFileW + 1 000007fefd955501 11 bytes [B8, 79, E5, A4, 75, 00, 00, ...] .text C:\Windows\System32\spoolsv.exe[1864] C:\Windows\system32\KERNELBASE.dll!CreateMutexW 000007fefd9585b0 12 bytes [48, B8, B9, 50, A4, 75, 00, ...] .text C:\Windows\System32\spoolsv.exe[1864] C:\Windows\system32\KERNELBASE.dll!DeviceIoControl + 1 000007fefd9590a1 11 bytes [B8, F9, E1, A4, 75, 00, 00, ...] .text C:\Windows\System32\spoolsv.exe[1864] C:\Windows\system32\KERNELBASE.dll!CreateWellKnownSid + 1 000007fefd95a881 11 bytes [B8, 79, 01, A5, 75, 00, 00, ...] .text C:\Windows\System32\spoolsv.exe[1864] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd95ac50 12 bytes [48, B8, B9, B2, A4, 75, 00, ...] .text C:\Windows\System32\spoolsv.exe[1864] C:\Windows\system32\KERNELBASE.dll!FreeLibrary + 1 000007fefd95b2c1 11 bytes [B8, 79, B4, A4, 75, 00, 00, ...] .text C:\Windows\System32\spoolsv.exe[1864] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExA + 1 000007fefd95cec1 11 bytes [B8, F9, B0, A4, 75, 00, 00, ...] .text C:\Windows\System32\spoolsv.exe[1864] C:\Windows\system32\KERNELBASE.dll!OpenMutexW + 1 000007fefd963c71 11 bytes [B8, F9, 4E, A4, 75, 00, 00, ...] .text C:\Windows\System32\spoolsv.exe[1864] C:\Windows\system32\KERNELBASE.dll!WriteProcessMemory 000007fefd984300 12 bytes [48, B8, B9, 42, A4, 75, 00, ...] .text C:\Windows\System32\spoolsv.exe[1864] C:\Windows\system32\KERNELBASE.dll!DefineDosDeviceW + 1 000007fefd990bc1 11 bytes [B8, B9, CE, A4, 75, 00, 00, ...] .text C:\Windows\System32\spoolsv.exe[1864] C:\Windows\system32\KERNELBASE.dll!CreateRemoteThread + 1 000007fefd992821 8 bytes [B8, 39, 23, A4, 75, 00, 00, ...] .text C:\Windows\System32\spoolsv.exe[1864] C:\Windows\system32\KERNELBASE.dll!CreateRemoteThread + 10 000007fefd99282a 2 bytes [50, C3] .text C:\Windows\System32\spoolsv.exe[1864] C:\Windows\system32\KERNELBASE.dll!CreateThread + 1 000007fefd992861 11 bytes [B8, F9, 40, A4, 75, 00, 00, ...] .text C:\Windows\System32\spoolsv.exe[1864] C:\Windows\SYSTEM32\sechost.dll!ControlService + 1 000007fefe88642d 11 bytes [B8, 39, 5B, A4, 75, 00, 00, ...] .text C:\Windows\System32\spoolsv.exe[1864] C:\Windows\SYSTEM32\sechost.dll!OpenServiceW 000007fefe886484 12 bytes [48, B8, F9, 55, A4, 75, 00, ...] .text C:\Windows\System32\spoolsv.exe[1864] C:\Windows\SYSTEM32\sechost.dll!CloseServiceHandle + 1 000007fefe886519 11 bytes [B8, 39, 62, A4, 75, 00, 00, ...] .text C:\Windows\System32\spoolsv.exe[1864] C:\Windows\SYSTEM32\sechost.dll!OpenServiceA 000007fefe886c34 12 bytes [48, B8, 39, 54, A4, 75, 00, ...] .text C:\Windows\System32\spoolsv.exe[1864] C:\Windows\SYSTEM32\sechost.dll!DeleteService + 1 000007fefe887ab5 11 bytes [B8, F9, 5C, A4, 75, 00, 00, ...] .text C:\Windows\System32\spoolsv.exe[1864] C:\Windows\SYSTEM32\sechost.dll!ControlServiceExA + 1 000007fefe888b01 11 bytes [B8, B9, 57, A4, 75, 00, 00, ...] .text C:\Windows\System32\spoolsv.exe[1864] C:\Windows\SYSTEM32\sechost.dll!ControlServiceExW + 1 000007fefe888c39 11 bytes [B8, 79, 59, A4, 75, 00, 00, ...] .text C:\Windows\System32\spoolsv.exe[1864] C:\Windows\system32\GDI32.dll!GdiDllInitialize + 349 000007feff8fb031 11 bytes [B8, F9, 12, A5, 75, 00, 00, ...] .text C:\Windows\System32\spoolsv.exe[1864] C:\Windows\system32\GDI32.dll!NamedEscape + 1 000007feff929209 11 bytes [B8, F9, F6, A4, 75, 00, 00, ...] .text C:\Windows\System32\spoolsv.exe[1864] C:\Windows\system32\ADVAPI32.dll!CryptExportKey + 1 000007fefe00ae81 11 bytes [B8, 79, FA, A4, 75, 00, 00, ...] .text C:\Windows\System32\spoolsv.exe[1864] C:\Windows\system32\ADVAPI32.dll!CryptAcquireContextA + 1 000007fefe00aee1 11 bytes [B8, 39, E7, A4, 75, 00, 00, ...] .text C:\Windows\System32\spoolsv.exe[1864] C:\Windows\system32\ADVAPI32.dll!CryptImportKey + 1 000007fefe00e6e9 11 bytes [B8, B9, FF, A4, 75, 00, 00, ...] .text C:\Windows\System32\spoolsv.exe[1864] C:\Windows\system32\ADVAPI32.dll!CryptAcquireContextW + 1 000007fefe01048d 11 bytes [B8, F9, E8, A4, 75, 00, 00, ...] .text C:\Windows\System32\spoolsv.exe[1864] C:\Windows\system32\ADVAPI32.dll!CryptCreateHash + 1 000007fefe010579 11 bytes [B8, B9, F8, A4, 75, 00, 00, ...] .text C:\Windows\System32\spoolsv.exe[1864] C:\Windows\system32\ADVAPI32.dll!CryptGetHashParam + 1 000007fefe0105b1 11 bytes [B8, 39, FC, A4, 75, 00, 00, ...] .text C:\Windows\System32\spoolsv.exe[1864] C:\Windows\system32\ADVAPI32.dll!CryptGetHashParam + 73 000007fefe0105f9 5 bytes [B8, F9, FD, A4, 75] .text ... * 2 .text C:\Windows\System32\spoolsv.exe[1864] C:\Windows\system32\ADVAPI32.dll!IsTextUnicode + 49 000007fefe024e21 11 bytes [B8, B9, 14, A5, 75, 00, 00, ...] .text C:\Windows\System32\spoolsv.exe[1864] C:\Windows\system32\ADVAPI32.dll!CreateServiceW 000007fefe025538 12 bytes [48, B8, B9, 6C, A4, 75, 00, ...] .text C:\Windows\System32\spoolsv.exe[1864] C:\Windows\system32\ADVAPI32.dll!CryptEncrypt + 1 000007fefe03b9c1 7 bytes [B8, 79, EC, A4, 75, 00, 00] .text C:\Windows\System32\spoolsv.exe[1864] C:\Windows\system32\ADVAPI32.dll!CryptEncrypt + 10 000007fefe03b9ca 2 bytes [50, C3] .text C:\Windows\System32\spoolsv.exe[1864] C:\Windows\system32\ADVAPI32.dll!CreateServiceA 000007fefe03ba4c 12 bytes [48, B8, F9, 6A, A4, 75, 00, ...] .text C:\Windows\System32\spoolsv.exe[1864] C:\Windows\system32\ADVAPI32.dll!ChangeServiceConfigW 000007fefe03bbc0 12 bytes [48, B8, 79, 60, A4, 75, 00, ...] .text C:\Windows\System32\spoolsv.exe[1864] C:\Windows\system32\ADVAPI32.dll!ChangeServiceConfigA 000007fefe03bc2c 12 bytes [48, B8, B9, 5E, A4, 75, 00, ...] .text C:\Windows\System32\spoolsv.exe[1864] C:\Windows\System32\DNSAPI.dll!DnsQuery_UTF8 000007fefcea56e0 12 bytes [48, B8, 39, CB, A4, 75, 00, ...] .text C:\Windows\System32\spoolsv.exe[1864] C:\Windows\System32\DNSAPI.dll!DnsQuery_W 000007fefceb010c 12 bytes [48, B8, 79, C9, A4, 75, 00, ...] .text C:\Windows\System32\spoolsv.exe[1864] C:\Windows\System32\DNSAPI.dll!DnsQuery_A 000007fefcecdaa0 12 bytes [48, B8, B9, C7, A4, 75, 00, ...] .text C:\Windows\System32\spoolsv.exe[1864] C:\Windows\system32\WS2_32.dll!WSASend + 1 000007feff9613b1 11 bytes [B8, B9, AB, A4, 75, 00, 00, ...] .text C:\Windows\System32\spoolsv.exe[1864] C:\Windows\system32\WS2_32.dll!closesocket 000007feff9618e0 12 bytes [48, B8, F9, A9, A4, 75, 00, ...] .text C:\Windows\System32\spoolsv.exe[1864] C:\Windows\system32\WS2_32.dll!WSASocketW + 1 000007feff961bd1 11 bytes [B8, 39, A8, A4, 75, 00, 00, ...] .text C:\Windows\System32\spoolsv.exe[1864] C:\Windows\system32\WS2_32.dll!WSARecv + 1 000007feff962201 11 bytes [B8, 39, F5, A4, 75, 00, 00, ...] .text C:\Windows\System32\spoolsv.exe[1864] C:\Windows\system32\WS2_32.dll!GetAddrInfoW 000007feff9623c0 12 bytes [48, B8, 39, 8C, A4, 75, 00, ...] .text C:\Windows\System32\spoolsv.exe[1864] C:\Windows\system32\WS2_32.dll!connect 000007feff9645c0 12 bytes [48, B8, 79, 67, A4, 75, 00, ...] .text C:\Windows\System32\spoolsv.exe[1864] C:\Windows\system32\WS2_32.dll!send + 1 000007feff968001 11 bytes [B8, 79, A6, A4, 75, 00, 00, ...] .text C:\Windows\System32\spoolsv.exe[1864] C:\Windows\system32\WS2_32.dll!gethostbyname 000007feff968df0 7 bytes [48, B8, B9, 8F, A4, 75, 00] .text C:\Windows\System32\spoolsv.exe[1864] C:\Windows\system32\WS2_32.dll!gethostbyname + 9 000007feff968df9 3 bytes [00, 50, C3] .text C:\Windows\System32\spoolsv.exe[1864] C:\Windows\system32\WS2_32.dll!GetAddrInfoExW 000007feff96c090 12 bytes [48, B8, F9, 8D, A4, 75, 00, ...] .text C:\Windows\System32\spoolsv.exe[1864] C:\Windows\system32\WS2_32.dll!socket + 1 000007feff96de91 11 bytes [B8, 39, EE, A4, 75, 00, 00, ...] .text C:\Windows\System32\spoolsv.exe[1864] C:\Windows\system32\WS2_32.dll!recv + 1 000007feff96df41 11 bytes [B8, 79, F3, A4, 75, 00, 00, ...] .text C:\Windows\System32\spoolsv.exe[1864] C:\Windows\system32\WS2_32.dll!WSAConnect + 1 000007feff98e0f1 11 bytes [B8, B9, F1, A4, 75, 00, 00, ...] .text C:\Windows\system32\svchost.exe[1988] C:\Windows\SYSTEM32\ntdll.dll!RtlEqualSid + 1 0000000077af85e1 11 bytes [B8, F9, 04, A5, 75, 00, 00, ...] .text C:\Windows\system32\svchost.exe[1988] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateProcessParametersEx + 1 0000000077b06921 7 bytes [B8, 39, 69, A4, 75, 00, 00] .text C:\Windows\system32\svchost.exe[1988] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateProcessParametersEx + 10 0000000077b0692a 2 bytes [50, C3] .text C:\Windows\system32\svchost.exe[1988] C:\Windows\SYSTEM32\ntdll.dll!NtClose 0000000077b1daa0 6 bytes [48, B8, 79, C2, A4, 75] .text C:\Windows\system32\svchost.exe[1988] C:\Windows\SYSTEM32\ntdll.dll!NtClose + 8 0000000077b1daa8 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\svchost.exe[1988] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess 0000000077b1db70 6 bytes [48, B8, 39, AF, A4, 75] .text C:\Windows\system32\svchost.exe[1988] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess + 8 0000000077b1db78 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\svchost.exe[1988] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationToken 0000000077b1dbc0 6 bytes [48, B8, 39, 03, A5, 75] .text C:\Windows\system32\svchost.exe[1988] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationToken + 8 0000000077b1dbc8 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\svchost.exe[1988] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077b1dc10 6 bytes [48, B8, F9, 32, A4, 75] .text C:\Windows\system32\svchost.exe[1988] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess + 8 0000000077b1dc18 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\svchost.exe[1988] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 0000000077b1dc30 6 bytes [48, B8, 39, 1C, A4, 75] .text C:\Windows\system32\svchost.exe[1988] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection + 8 0000000077b1dc38 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\svchost.exe[1988] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection 0000000077b1dc50 6 bytes [48, B8, F9, 1D, A4, 75] .text C:\Windows\system32\svchost.exe[1988] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection + 8 0000000077b1dc58 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\svchost.exe[1988] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077b1dc70 6 bytes [48, B8, 79, AD, A4, 75] .text C:\Windows\system32\svchost.exe[1988] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess + 8 0000000077b1dc78 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\svchost.exe[1988] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077b1dd50 6 bytes [48, B8, 79, 2F, A4, 75] .text C:\Windows\system32\svchost.exe[1988] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory + 8 0000000077b1dd58 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\svchost.exe[1988] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077b1dd70 6 bytes [48, B8, 79, 36, A4, 75] .text C:\Windows\system32\svchost.exe[1988] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject + 8 0000000077b1dd78 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\svchost.exe[1988] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 0000000077b1de00 6 bytes [48, B8, B9, 34, A4, 75] .text C:\Windows\system32\svchost.exe[1988] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread + 8 0000000077b1de08 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\svchost.exe[1988] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcessEx 0000000077b1de80 6 bytes [48, B8, 39, 2A, A4, 75] .text C:\Windows\system32\svchost.exe[1988] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcessEx + 8 0000000077b1de88 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\svchost.exe[1988] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077b1de90 6 bytes [48, B8, B9, 26, A4, 75] .text C:\Windows\system32\svchost.exe[1988] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread + 8 0000000077b1de98 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\svchost.exe[1988] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 0000000077b1df00 6 bytes [48, B8, 79, DE, A4, 75] .text C:\Windows\system32\svchost.exe[1988] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile + 8 0000000077b1df08 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\svchost.exe[1988] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcess 0000000077b1e3d0 6 bytes [48, B8, 79, 28, A4, 75] .text C:\Windows\system32\svchost.exe[1988] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcess + 8 0000000077b1e3d8 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\svchost.exe[1988] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077b1e430 6 bytes [48, B8, F9, 24, A4, 75] .text C:\Windows\system32\svchost.exe[1988] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx + 8 0000000077b1e438 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\svchost.exe[1988] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077b1e7a0 6 bytes [48, B8, 39, C4, A4, 75] .text C:\Windows\system32\svchost.exe[1988] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver + 8 0000000077b1e7a8 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\svchost.exe[1988] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcessToken 0000000077b1e970 6 bytes [48, B8, 79, 01, A5, 75] .text C:\Windows\system32\svchost.exe[1988] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcessToken + 8 0000000077b1e978 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\svchost.exe[1988] C:\Windows\SYSTEM32\ntdll.dll!NtRaiseHardError 0000000077b1ece0 6 bytes [48, B8, 79, 83, A4, 75] .text C:\Windows\system32\svchost.exe[1988] C:\Windows\SYSTEM32\ntdll.dll!NtRaiseHardError + 8 0000000077b1ece8 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\svchost.exe[1988] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077b1eee0 6 bytes [48, B8, 39, 31, A4, 75] .text C:\Windows\system32\svchost.exe[1988] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread + 8 0000000077b1eee8 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\svchost.exe[1988] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077b1f0a0 6 bytes [48, B8, F9, C5, A4, 75] .text C:\Windows\system32\svchost.exe[1988] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation + 8 0000000077b1f0a8 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\svchost.exe[1988] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077b1f180 6 bytes [48, B8, 79, 3D, A4, 75] .text C:\Windows\system32\svchost.exe[1988] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess + 8 0000000077b1f188 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\svchost.exe[1988] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077b1f190 6 bytes [48, B8, B9, 3B, A4, 75] .text C:\Windows\system32\svchost.exe[1988] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread + 8 0000000077b1f198 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\svchost.exe[1988] C:\Windows\SYSTEM32\ntdll.dll!RtlReportException + 1 0000000077b8f0c1 11 bytes [B8, 39, 85, A4, 75, 00, 00, ...] .text C:\Windows\system32\svchost.exe[1988] C:\Windows\system32\kernel32.dll!Process32NextW + 1 00000000779b1b21 11 bytes [B8, B9, C0, A4, 75, 00, 00, ...] .text C:\Windows\system32\svchost.exe[1988] C:\Windows\system32\kernel32.dll!CreateToolhelp32Snapshot 00000000779b1c10 12 bytes [48, B8, F9, 39, A4, 75, 00, ...] .text C:\Windows\system32\svchost.exe[1988] C:\Windows\system32\kernel32.dll!MoveFileExW + 1 00000000779b2b61 8 bytes [B8, B9, D5, A4, 75, 00, 00, ...] .text C:\Windows\system32\svchost.exe[1988] C:\Windows\system32\kernel32.dll!MoveFileExW + 10 00000000779b2b6a 2 bytes [50, C3] .text C:\Windows\system32\svchost.exe[1988] C:\Windows\system32\kernel32.dll!CreateProcessInternalW 00000000779cdb10 12 bytes [48, B8, B9, 2D, A4, 75, 00, ...] .text C:\Windows\system32\svchost.exe[1988] C:\Windows\system32\kernel32.dll!GetStartupInfoA + 1 00000000779d0951 11 bytes [B8, 79, 08, A5, 75, 00, 00, ...] .text C:\Windows\system32\svchost.exe[1988] C:\Windows\system32\kernel32.dll!ReadConsoleInputW + 1 0000000077a052c1 11 bytes [B8, B9, 7A, A4, 75, 00, 00, ...] .text C:\Windows\system32\svchost.exe[1988] C:\Windows\system32\kernel32.dll!ReadConsoleInputA + 1 0000000077a052e1 11 bytes [B8, 39, 77, A4, 75, 00, 00, ...] .text C:\Windows\system32\svchost.exe[1988] C:\Windows\system32\kernel32.dll!ReadConsoleW 0000000077a1a630 12 bytes [48, B8, B9, 81, A4, 75, 00, ...] .text C:\Windows\system32\svchost.exe[1988] C:\Windows\system32\kernel32.dll!ReadConsoleA 0000000077a1a740 12 bytes [48, B8, 39, 7E, A4, 75, 00, ...] .text C:\Windows\system32\svchost.exe[1988] C:\Windows\system32\kernel32.dll!MoveFileWithProgressW + 1 0000000077a3f4e1 11 bytes [B8, B9, DC, A4, 75, 00, 00, ...] .text C:\Windows\system32\svchost.exe[1988] C:\Windows\system32\kernel32.dll!MoveFileWithProgressA + 1 0000000077a3f6e1 11 bytes [B8, 39, D9, A4, 75, 00, 00, ...] .text C:\Windows\system32\svchost.exe[1988] C:\Windows\system32\kernel32.dll!MoveFileExA + 1 0000000077a3f711 8 bytes [B8, 39, D2, A4, 75, 00, 00, ...] .text C:\Windows\system32\svchost.exe[1988] C:\Windows\system32\kernel32.dll!MoveFileExA + 10 0000000077a3f71a 2 bytes [50, C3] .text C:\Windows\system32\svchost.exe[1988] C:\Windows\system32\KERNELBASE.dll!CloseHandle + 1 000007fefd951861 11 bytes [B8, 79, 52, A4, 75, 00, 00, ...] .text C:\Windows\system32\svchost.exe[1988] C:\Windows\system32\KERNELBASE.dll!GetProcAddress + 1 000007fefd9530f1 11 bytes [B8, 39, B6, A4, 75, 00, 00, ...] .text C:\Windows\system32\svchost.exe[1988] C:\Windows\system32\KERNELBASE.dll!FindFirstFileExW 000007fefd954a20 12 bytes [48, B8, F9, E1, A4, 75, 00, ...] .text C:\Windows\system32\svchost.exe[1988] C:\Windows\system32\KERNELBASE.dll!FindNextFileW + 1 000007fefd955501 11 bytes [B8, B9, E3, A4, 75, 00, 00, ...] .text C:\Windows\system32\svchost.exe[1988] C:\Windows\system32\KERNELBASE.dll!CreateMutexW 000007fefd9585b0 12 bytes [48, B8, B9, 50, A4, 75, 00, ...] .text C:\Windows\system32\svchost.exe[1988] C:\Windows\system32\KERNELBASE.dll!DeviceIoControl + 1 000007fefd9590a1 11 bytes [B8, 39, E0, A4, 75, 00, 00, ...] .text C:\Windows\system32\svchost.exe[1988] C:\Windows\system32\KERNELBASE.dll!CreateWellKnownSid + 1 000007fefd95a881 11 bytes [B8, B9, FF, A4, 75, 00, 00, ...] .text C:\Windows\system32\svchost.exe[1988] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd95ac50 12 bytes [48, B8, B9, B2, A4, 75, 00, ...] .text C:\Windows\system32\svchost.exe[1988] C:\Windows\system32\KERNELBASE.dll!FreeLibrary + 1 000007fefd95b2c1 11 bytes [B8, 79, B4, A4, 75, 00, 00, ...] .text C:\Windows\system32\svchost.exe[1988] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExA + 1 000007fefd95cec1 11 bytes [B8, F9, B0, A4, 75, 00, 00, ...] .text C:\Windows\system32\svchost.exe[1988] C:\Windows\system32\KERNELBASE.dll!OpenMutexW + 1 000007fefd963c71 11 bytes [B8, F9, 4E, A4, 75, 00, 00, ...] .text C:\Windows\system32\svchost.exe[1988] C:\Windows\system32\KERNELBASE.dll!WriteProcessMemory 000007fefd984300 12 bytes [48, B8, B9, 42, A4, 75, 00, ...] .text C:\Windows\system32\svchost.exe[1988] C:\Windows\system32\KERNELBASE.dll!DefineDosDeviceW + 1 000007fefd990bc1 11 bytes [B8, B9, CE, A4, 75, 00, 00, ...] .text C:\Windows\system32\svchost.exe[1988] C:\Windows\system32\KERNELBASE.dll!CreateRemoteThread + 1 000007fefd992821 8 bytes [B8, 39, 23, A4, 75, 00, 00, ...] .text C:\Windows\system32\svchost.exe[1988] C:\Windows\system32\KERNELBASE.dll!CreateRemoteThread + 10 000007fefd99282a 2 bytes [50, C3] .text C:\Windows\system32\svchost.exe[1988] C:\Windows\system32\KERNELBASE.dll!CreateThread + 1 000007fefd992861 11 bytes [B8, F9, 40, A4, 75, 00, 00, ...] .text C:\Windows\system32\svchost.exe[1988] C:\Windows\SYSTEM32\sechost.dll!ControlService + 1 000007fefe88642d 11 bytes [B8, 39, 5B, A4, 75, 00, 00, ...] .text C:\Windows\system32\svchost.exe[1988] C:\Windows\SYSTEM32\sechost.dll!OpenServiceW 000007fefe886484 12 bytes [48, B8, F9, 55, A4, 75, 00, ...] .text C:\Windows\system32\svchost.exe[1988] C:\Windows\SYSTEM32\sechost.dll!CloseServiceHandle + 1 000007fefe886519 11 bytes [B8, 39, 62, A4, 75, 00, 00, ...] .text C:\Windows\system32\svchost.exe[1988] C:\Windows\SYSTEM32\sechost.dll!OpenServiceA 000007fefe886c34 12 bytes [48, B8, 39, 54, A4, 75, 00, ...] .text C:\Windows\system32\svchost.exe[1988] C:\Windows\SYSTEM32\sechost.dll!DeleteService + 1 000007fefe887ab5 11 bytes [B8, F9, 5C, A4, 75, 00, 00, ...] .text C:\Windows\system32\svchost.exe[1988] C:\Windows\SYSTEM32\sechost.dll!ControlServiceExA + 1 000007fefe888b01 11 bytes [B8, B9, 57, A4, 75, 00, 00, ...] .text C:\Windows\system32\svchost.exe[1988] C:\Windows\SYSTEM32\sechost.dll!ControlServiceExW + 1 000007fefe888c39 11 bytes [B8, 79, 59, A4, 75, 00, 00, ...] .text C:\Windows\system32\svchost.exe[1988] C:\Windows\system32\GDI32.dll!GdiDllInitialize + 349 000007feff8fb031 11 bytes [B8, 39, 0A, A5, 75, 00, 00, ...] .text C:\Windows\system32\svchost.exe[1988] C:\Windows\system32\GDI32.dll!NamedEscape + 1 000007feff929209 11 bytes [B8, 39, F5, A4, 75, 00, 00, ...] .text C:\Windows\system32\svchost.exe[1988] C:\Windows\system32\ADVAPI32.dll!CryptExportKey + 1 000007fefe00ae81 11 bytes [B8, B9, F8, A4, 75, 00, 00, ...] .text C:\Windows\system32\svchost.exe[1988] C:\Windows\system32\ADVAPI32.dll!CryptAcquireContextA + 1 000007fefe00aee1 11 bytes [B8, 79, E5, A4, 75, 00, 00, ...] .text C:\Windows\system32\svchost.exe[1988] C:\Windows\system32\ADVAPI32.dll!CryptImportKey + 1 000007fefe00e6e9 11 bytes [B8, F9, FD, A4, 75, 00, 00, ...] .text C:\Windows\system32\svchost.exe[1988] C:\Windows\system32\ADVAPI32.dll!CryptAcquireContextW + 1 000007fefe01048d 11 bytes [B8, 39, E7, A4, 75, 00, 00, ...] .text C:\Windows\system32\svchost.exe[1988] C:\Windows\system32\ADVAPI32.dll!CryptCreateHash + 1 000007fefe010579 11 bytes [B8, F9, F6, A4, 75, 00, 00, ...] .text C:\Windows\system32\svchost.exe[1988] C:\Windows\system32\ADVAPI32.dll!CryptGetHashParam + 1 000007fefe0105b1 11 bytes [B8, 79, FA, A4, 75, 00, 00, ...] .text C:\Windows\system32\svchost.exe[1988] C:\Windows\system32\ADVAPI32.dll!CryptGetHashParam + 73 000007fefe0105f9 5 bytes [B8, 39, FC, A4, 75] .text ... * 2 .text C:\Windows\system32\svchost.exe[1988] C:\Windows\system32\ADVAPI32.dll!IsTextUnicode + 49 000007fefe024e21 11 bytes [B8, B9, 0D, A5, 75, 00, 00, ...] .text C:\Windows\system32\svchost.exe[1988] C:\Windows\system32\ADVAPI32.dll!CreateServiceW 000007fefe025538 12 bytes [48, B8, B9, 6C, A4, 75, 00, ...] .text C:\Windows\system32\svchost.exe[1988] C:\Windows\system32\ADVAPI32.dll!CryptEncrypt + 1 000007fefe03b9c1 7 bytes [B8, B9, EA, A4, 75, 00, 00] .text C:\Windows\system32\svchost.exe[1988] C:\Windows\system32\ADVAPI32.dll!CryptEncrypt + 10 000007fefe03b9ca 2 bytes [50, C3] .text C:\Windows\system32\svchost.exe[1988] C:\Windows\system32\ADVAPI32.dll!CreateServiceA 000007fefe03ba4c 12 bytes [48, B8, F9, 6A, A4, 75, 00, ...] .text C:\Windows\system32\svchost.exe[1988] C:\Windows\system32\ADVAPI32.dll!ChangeServiceConfigW 000007fefe03bbc0 12 bytes [48, B8, 79, 60, A4, 75, 00, ...] .text C:\Windows\system32\svchost.exe[1988] C:\Windows\system32\ADVAPI32.dll!ChangeServiceConfigA 000007fefe03bc2c 12 bytes [48, B8, B9, 5E, A4, 75, 00, ...] .text C:\Windows\system32\svchost.exe[1988] C:\Windows\system32\WS2_32.dll!WSASend + 1 000007feff9613b1 11 bytes [B8, B9, AB, A4, 75, 00, 00, ...] .text C:\Windows\system32\svchost.exe[1988] C:\Windows\system32\WS2_32.dll!closesocket 000007feff9618e0 12 bytes [48, B8, F9, A9, A4, 75, 00, ...] .text C:\Windows\system32\svchost.exe[1988] C:\Windows\system32\WS2_32.dll!WSASocketW + 1 000007feff961bd1 11 bytes [B8, 39, A8, A4, 75, 00, 00, ...] .text C:\Windows\system32\svchost.exe[1988] C:\Windows\system32\WS2_32.dll!WSARecv + 1 000007feff962201 11 bytes [B8, 79, F3, A4, 75, 00, 00, ...] .text C:\Windows\system32\svchost.exe[1988] C:\Windows\system32\WS2_32.dll!GetAddrInfoW 000007feff9623c0 12 bytes [48, B8, 39, 8C, A4, 75, 00, ...] .text C:\Windows\system32\svchost.exe[1988] C:\Windows\system32\WS2_32.dll!connect 000007feff9645c0 12 bytes [48, B8, 79, 67, A4, 75, 00, ...] .text C:\Windows\system32\svchost.exe[1988] C:\Windows\system32\WS2_32.dll!send + 1 000007feff968001 11 bytes [B8, 79, A6, A4, 75, 00, 00, ...] .text C:\Windows\system32\svchost.exe[1988] C:\Windows\system32\WS2_32.dll!gethostbyname 000007feff968df0 7 bytes [48, B8, B9, 8F, A4, 75, 00] .text C:\Windows\system32\svchost.exe[1988] C:\Windows\system32\WS2_32.dll!gethostbyname + 9 000007feff968df9 3 bytes [00, 50, C3] .text C:\Windows\system32\svchost.exe[1988] C:\Windows\system32\WS2_32.dll!GetAddrInfoExW 000007feff96c090 12 bytes [48, B8, F9, 8D, A4, 75, 00, ...] .text C:\Windows\system32\svchost.exe[1988] C:\Windows\system32\WS2_32.dll!socket + 1 000007feff96de91 11 bytes [B8, 79, EC, A4, 75, 00, 00, ...] .text C:\Windows\system32\svchost.exe[1988] C:\Windows\system32\WS2_32.dll!recv + 1 000007feff96df41 11 bytes [B8, B9, F1, A4, 75, 00, 00, ...] .text C:\Windows\system32\svchost.exe[1988] C:\Windows\system32\WS2_32.dll!WSAConnect + 1 000007feff98e0f1 11 bytes [B8, F9, EF, A4, 75, 00, 00, ...] .text C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe[1756] C:\Windows\SysWOW64\ntdll.dll!NtClose 0000000077ccfa20 5 bytes JMP 000000007ef35e61 .text C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe[1756] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationProcess 0000000077ccfb68 5 bytes JMP 000000007ef35871 .text C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe[1756] C:\Windows\SysWOW64\ntdll.dll!NtQueryInformationToken 0000000077ccfbe8 5 bytes JMP 000000007ef37459 .text C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe[1756] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess 0000000077ccfc60 5 bytes JMP 000000007ef331d9 .text C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe[1756] C:\Windows\SysWOW64\ntdll.dll!NtMapViewOfSection 0000000077ccfc90 5 bytes JMP 000000007ef315f1 .text C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe[1756] C:\Windows\SysWOW64\ntdll.dll!NtUnmapViewOfSection 0000000077ccfcc0 5 bytes JMP 000000007ef31689 .text C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe[1756] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 0000000077ccfcf0 5 bytes JMP 000000007ef357d9 .text C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe[1756] C:\Windows\SysWOW64\ntdll.dll!NtWriteVirtualMemory 0000000077ccfe54 5 bytes JMP 000000007ef330a9 .text C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe[1756] C:\Windows\SysWOW64\ntdll.dll!NtDuplicateObject 0000000077ccfe84 5 bytes JMP 000000007ef33309 .text C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe[1756] C:\Windows\SysWOW64\ntdll.dll!NtAdjustPrivilegesToken 0000000077ccff00 5 bytes JMP 000000007ef367e1 .text C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe[1756] C:\Windows\SysWOW64\ntdll.dll!NtQueueApcThread 0000000077ccff64 5 bytes JMP 000000007ef33271 .text C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe[1756] C:\Windows\SysWOW64\ntdll.dll!NtCreateProcessEx 0000000077cd002c 5 bytes JMP 000000007ef32ee1 .text C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe[1756] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread 0000000077cd0044 5 bytes JMP 000000007ef32db1 .text C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe[1756] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile 0000000077cd00f4 5 bytes JMP 000000007ef31ed9 .text C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe[1756] C:\Windows\SysWOW64\ntdll.dll!NtSetValueKey 0000000077cd0204 5 bytes JMP 000000007ef32301 .text C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe[1756] C:\Windows\SysWOW64\ntdll.dll!NtCreateProcess 0000000077cd0854 5 bytes JMP 000000007ef32e49 .text C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe[1756] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx 0000000077cd08e4 5 bytes JMP 000000007ef32d19 .text C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe[1756] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver 0000000077cd0e34 5 bytes JMP 000000007ef35ef9 .text C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe[1756] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessToken 0000000077cd1100 5 bytes JMP 000000007ef373c1 .text C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe[1756] C:\Windows\SysWOW64\ntdll.dll!NtRaiseHardError 0000000077cd1644 5 bytes JMP 000000007ef34ac9 .text C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe[1756] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread 0000000077cd1960 5 bytes JMP 000000007ef33141 .text C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe[1756] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation 0000000077cd1c24 5 bytes JMP 000000007ef35f91 .text C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe[1756] C:\Windows\SysWOW64\ntdll.dll!NtSuspendProcess 0000000077cd1d94 5 bytes JMP 000000007ef33439 .text C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe[1756] C:\Windows\SysWOW64\ntdll.dll!NtSuspendThread 0000000077cd1db0 5 bytes JMP 000000007ef333a1 .text C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe[1756] C:\Windows\SysWOW64\ntdll.dll!NtVdmControl 0000000077cd1f28 5 bytes JMP 000000007ef37589 .text C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe[1756] C:\Windows\SysWOW64\ntdll.dll!RtlQueryPerformanceCounter 0000000077ce28e4 5 bytes JMP 000000007ef31ab1 .text C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe[1756] C:\Windows\SysWOW64\ntdll.dll!RtlEqualSid 0000000077ce8e61 5 bytes JMP 000000007ef374f1 .text C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe[1756] C:\Windows\SysWOW64\ntdll.dll!RtlCreateProcessParametersEx 0000000077d10eab 5 bytes JMP 000000007ef32009 .text C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe[1756] C:\Windows\SysWOW64\ntdll.dll!RtlReportException 0000000077d58b7f 5 bytes JMP 000000007ef34b61 .text C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe[1756] C:\Windows\SysWOW64\ntdll.dll!RtlCreateProcessParameters 0000000077d5ee1b 5 bytes JMP 000000007ef31f71 .text C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe[1756] C:\Windows\syswow64\kernel32.dll!GetStartupInfoA 0000000075a90e00 5 bytes JMP 000000007ef31da9 .text C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe[1756] C:\Windows\syswow64\kernel32.dll!CreateProcessA 0000000075a91072 5 bytes JMP 000000007ef32a21 .text C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe[1756] C:\Windows\syswow64\kernel32.dll!LoadLibraryA 0000000075a94977 5 bytes JMP 000000007ef325f9 .text C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe[1756] C:\Windows\syswow64\kernel32.dll!CreateProcessInternalW 0000000075aa3b93 5 bytes JMP 000000007ef33011 .text C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe[1756] C:\Windows\syswow64\kernel32.dll!MoveFileWithProgressW 0000000075aa9a8c 5 bytes JMP 000000007ef36749 .text C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe[1756] C:\Windows\syswow64\kernel32.dll!MoveFileExW 0000000075aa9aed 5 bytes JMP 000000007ef364e9 .text C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe[1756] C:\Windows\syswow64\kernel32.dll!CreateToolhelp32Snapshot 0000000075ab7317 5 bytes JMP 000000007ef32729 .text C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe[1756] C:\Windows\syswow64\kernel32.dll!Process32NextW 0000000075ab88ca 5 bytes JMP 000000007ef35dc9 .text C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe[1756] C:\Windows\syswow64\kernel32.dll!MoveFileExA 0000000075abccb1 5 bytes JMP 000000007ef363b9 .text C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe[1756] C:\Windows\syswow64\kernel32.dll!MoveFileWithProgressA 0000000075abccd1 5 bytes JMP 000000007ef36619 .text C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe[1756] C:\Windows\syswow64\kernel32.dll!WinExec 0000000075b13061 5 bytes JMP 000000007ef328f1 .text C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe[1756] C:\Windows\syswow64\kernel32.dll!ReadConsoleInputA 0000000075b3752b 5 bytes JMP 000000007ef346a1 .text C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe[1756] C:\Windows\syswow64\kernel32.dll!ReadConsoleInputW 0000000075b3754e 5 bytes JMP 000000007ef347d1 .text C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe[1756] C:\Windows\syswow64\kernel32.dll!ReadConsoleA 0000000075b378f9 5 bytes JMP 000000007ef34901 .text C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe[1756] C:\Windows\syswow64\kernel32.dll!ReadConsoleW 0000000075b37972 5 bytes JMP 000000007ef34a31 .text C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe[1756] C:\Windows\syswow64\KERNELBASE.dll!GetSystemTimeAsFileTime 0000000075a38f8d 5 bytes JMP 000000007ef31a19 .text C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe[1756] C:\Windows\syswow64\KERNELBASE.dll!CloseHandle 0000000075a3c436 5 bytes JMP 000000007ef33b59 .text C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe[1756] C:\Windows\syswow64\KERNELBASE.dll!DeviceIoControl 0000000075a3d0af 5 bytes JMP 000000007ef36879 .text C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe[1756] C:\Windows\syswow64\KERNELBASE.dll!WriteProcessMemory 0000000075a3eca6 5 bytes JMP 000000007ef33601 .text C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe[1756] C:\Windows\syswow64\KERNELBASE.dll!ExitProcess 0000000075a3f206 5 bytes JMP 000000007ef32399 .text C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe[1756] C:\Windows\syswow64\KERNELBASE.dll!GetStartupInfoW 0000000075a3fa89 5 bytes JMP 000000007ef31e41 .text C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe[1756] C:\Windows\syswow64\KERNELBASE.dll!DefineDosDeviceW 0000000075a3fbb7 5 bytes JMP 000000007ef36289 .text C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe[1756] C:\Windows\syswow64\KERNELBASE.dll!CreateMutexW 0000000075a41358 5 bytes JMP 000000007ef33ac1 .text C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe[1756] C:\Windows\syswow64\KERNELBASE.dll!OpenMutexW 0000000075a4137f 5 bytes JMP 000000007ef33a29 .text C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe[1756] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000075a41d29 5 bytes JMP 000000007ef31981 .text C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe[1756] C:\Windows\syswow64\KERNELBASE.dll!GetProcAddress 0000000075a41e15 5 bytes JMP 000000007ef324c9 .text C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe[1756] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000075a42ab1 5 bytes JMP 000000007ef359a1 .text C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe[1756] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExA 0000000075a42cdf 5 bytes JMP 000000007ef35909 .text C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe[1756] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000075a42d1d 5 bytes JMP 000000007ef35a39 .text C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe[1756] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleA 0000000075a42e80 5 bytes JMP 000000007ef318e9 .text C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe[1756] C:\Windows\syswow64\KERNELBASE.dll!SleepEx 0000000075a43b76 5 bytes JMP 000000007ef32269 .text C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe[1756] C:\Windows\syswow64\KERNELBASE.dll!Sleep 0000000075a4449c 5 bytes JMP 000000007ef32431 .text C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe[1756] C:\Windows\syswow64\KERNELBASE.dll!CreateThread 0000000075a4460e 5 bytes JMP 000000007ef33569 .text C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe[1756] C:\Windows\syswow64\KERNELBASE.dll!CreateRemoteThread 0000000075a44637 5 bytes JMP 000000007ef32c81 .text C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe[1756] C:\Windows\syswow64\KERNELBASE.dll!FindNextFileW 0000000075a4a217 5 bytes JMP 000000007ef369a9 .text C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe[1756] C:\Windows\syswow64\KERNELBASE.dll!FindFirstFileExW 0000000075a4a500 5 bytes JMP 000000007ef36911 .text C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe[1756] C:\Windows\syswow64\KERNELBASE.dll!CreateFileA 0000000075a4c73a 5 bytes JMP 000000007ef327c1 .text C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe[1756] C:\Windows\syswow64\KERNELBASE.dll!CreateWellKnownSid 0000000075a4e2a4 5 bytes JMP 000000007ef37329 .text C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe[1756] C:\Windows\syswow64\ADVAPI32.dll!CryptGenKey 0000000075698e89 5 bytes JMP 000000007ef36b71 .text C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe[1756] C:\Windows\syswow64\ADVAPI32.dll!CryptAcquireContextA 0000000075699179 5 bytes JMP 000000007ef36a41 .text C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe[1756] C:\Windows\syswow64\ADVAPI32.dll!CryptExportKey 0000000075699186 5 bytes JMP 000000007ef370c9 .text C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe[1756] C:\Windows\syswow64\ADVAPI32.dll!CryptImportKey 000000007569c4d2 5 bytes JMP 000000007ef37291 .text C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe[1756] C:\Windows\syswow64\ADVAPI32.dll!OpenServiceW 000000007569c9ec 5 bytes JMP 000000007ef33c89 .text C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe[1756] C:\Windows\syswow64\ADVAPI32.dll!CryptAcquireContextW 000000007569deb4 5 bytes JMP 000000007ef36ad9 .text C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe[1756] C:\Windows\syswow64\ADVAPI32.dll!CryptHashData 000000007569ded6 5 bytes JMP 000000007ef371f9 .text C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe[1756] C:\Windows\syswow64\ADVAPI32.dll!CryptCreateHash 000000007569deee 5 bytes JMP 000000007ef37031 .text C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe[1756] C:\Windows\syswow64\ADVAPI32.dll!CryptGetHashParam 000000007569df1e 5 bytes JMP 000000007ef37161 .text C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe[1756] C:\Windows\syswow64\ADVAPI32.dll!OpenServiceA 00000000756a2b50 5 bytes JMP 000000007ef33bf1 .text C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe[1756] C:\Windows\syswow64\ADVAPI32.dll!CloseServiceHandle 00000000756a35fc 5 bytes JMP 000000007ef340b1 .text C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe[1756] C:\Windows\syswow64\ADVAPI32.dll!RegOpenKeyExA + 222 00000000756a494d 1 byte JMP 000000007ef37751 .text C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe[1756] C:\Windows\syswow64\ADVAPI32.dll!RegOpenKeyExA + 224 00000000756a494f 3 bytes {JMP 0x9892e04} .text C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe[1756] C:\Windows\syswow64\ADVAPI32.dll!CreateServiceW 00000000756b714c 5 bytes JMP 000000007ef34311 .text C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe[1756] C:\Windows\syswow64\ADVAPI32.dll!ControlService 00000000756b7164 5 bytes JMP 000000007ef33e51 .text C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe[1756] C:\Windows\syswow64\ADVAPI32.dll!DeleteService 00000000756b717c 5 bytes JMP 000000007ef33ee9 .text C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe[1756] C:\Windows\syswow64\ADVAPI32.dll!CryptEncrypt 00000000756b77c3 5 bytes JMP 000000007ef36c09 .text C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe[1756] C:\Windows\syswow64\ADVAPI32.dll!ChangeServiceConfigA 00000000756d3384 5 bytes JMP 000000007ef33f81 .text C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe[1756] C:\Windows\syswow64\ADVAPI32.dll!ChangeServiceConfigW 00000000756d3394 5 bytes JMP 000000007ef34019 .text C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe[1756] C:\Windows\syswow64\ADVAPI32.dll!ControlServiceExA 00000000756d33a4 5 bytes JMP 000000007ef33d21 .text C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe[1756] C:\Windows\syswow64\ADVAPI32.dll!ControlServiceExW 00000000756d33b4 5 bytes JMP 000000007ef33db9 .text C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe[1756] C:\Windows\syswow64\ADVAPI32.dll!CreateServiceA 00000000756d33f4 5 bytes JMP 000000007ef34279 .text C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe[1756] C:\Windows\syswow64\msvcrt.dll!_lock + 41 0000000075b9a472 5 bytes JMP 000000007ef377e9 .text C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe[1756] C:\Windows\syswow64\msvcrt.dll!__p__fmode 0000000075ba27ce 5 bytes JMP 000000007ef31be1 .text C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe[1756] C:\Windows\syswow64\msvcrt.dll!__p__environ 0000000075bae6cf 5 bytes JMP 000000007ef31b49 .text C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe[1756] C:\Windows\syswow64\GDI32.dll!TranslateCharsetInfo + 505 0000000076b4633b 5 bytes JMP 000000007ef37881 .text C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe[1756] C:\Windows\syswow64\GDI32.dll!NamedEscape 0000000076b740e9 5 bytes JMP 000000007ef36f99 .text C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe[1756] C:\Windows\syswow64\USER32.dll!GetMessageW 0000000076e278e2 5 bytes JMP 000000007ef34441 .text C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe[1756] C:\Windows\syswow64\USER32.dll!GetMessageA 0000000076e27bd3 5 bytes JMP 000000007ef343a9 .text C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe[1756] C:\Windows\syswow64\USER32.dll!CreateWindowExW 0000000076e28a29 5 bytes JMP 000000007ef34f89 .text C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe[1756] C:\Windows\syswow64\USER32.dll!FindWindowW 0000000076e298fd 1 byte JMP 000000007ef35c01 .text C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe[1756] C:\Windows\syswow64\USER32.dll!FindWindowW + 2 0000000076e298ff 3 bytes {JMP 0x810c304} .text C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe[1756] C:\Windows\syswow64\USER32.dll!UserClientDllInitialize 0000000076e2b6ed 5 bytes JMP 000000007ef37919 .text C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe[1756] C:\Windows\syswow64\USER32.dll!CreateWindowExA 0000000076e2d22e 5 bytes JMP 000000007ef35021 .text C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe[1756] C:\Windows\syswow64\USER32.dll!SetWinEventHook 0000000076e2ee09 5 bytes JMP 000000007ef334d1 .text C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe[1756] C:\Windows\syswow64\USER32.dll!FindWindowA 0000000076e2ffe6 5 bytes JMP 000000007ef35ad1 .text C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe[1756] C:\Windows\syswow64\USER32.dll!FindWindowExA 0000000076e300d9 5 bytes JMP 000000007ef35b69 .text C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe[1756] C:\Windows\syswow64\USER32.dll!PeekMessageW 0000000076e305ba 5 bytes JMP 000000007ef34571 .text C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe[1756] C:\Windows\syswow64\USER32.dll!ShowWindow 0000000076e30dfb 5 bytes JMP 000000007ef350b9 .text C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe[1756] C:\Windows\syswow64\USER32.dll!PostMessageW 0000000076e312a5 5 bytes JMP 000000007ef376b9 .text C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe[1756] C:\Windows\syswow64\USER32.dll!SetWindowTextW 0000000076e320ec 5 bytes JMP 000000007ef35449 .text C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe[1756] C:\Windows\syswow64\USER32.dll!PostMessageA 0000000076e33baa 5 bytes JMP 000000007ef37621 .text C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe[1756] C:\Windows\syswow64\USER32.dll!PeekMessageA 0000000076e35f74 5 bytes JMP 000000007ef344d9 .text C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe[1756] C:\Windows\syswow64\USER32.dll!CallNextHookEx 0000000076e36285 5 bytes JMP 000000007ef34bf9 .text C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe[1756] C:\Windows\syswow64\USER32.dll!SetWindowsHookExW 0000000076e37603 5 bytes JMP 000000007ef32be9 .text C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe[1756] C:\Windows\syswow64\USER32.dll!SetWindowTextA 0000000076e37aee 5 bytes JMP 000000007ef353b1 .text C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe[1756] C:\Windows\syswow64\USER32.dll!SetWindowsHookExA 0000000076e3835c 5 bytes JMP 000000007ef32b51 .text C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe[1756] C:\Windows\syswow64\USER32.dll!DialogBoxIndirectParamAorW 0000000076e4ce54 5 bytes JMP 000000007ef351e9 .text C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe[1756] C:\Windows\syswow64\USER32.dll!UnhookWindowsHookEx 0000000076e4f52b 5 bytes JMP 000000007ef34c91 .text C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe[1756] C:\Windows\syswow64\USER32.dll!FindWindowExW 0000000076e4f588 5 bytes JMP 000000007ef35c99 .text C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe[1756] C:\Windows\syswow64\USER32.dll!CreateDialogIndirectParamAorW 0000000076e510a0 5 bytes JMP 000000007ef35151 .text C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe[1756] C:\Windows\syswow64\USER32.dll!MessageBoxExA 0000000076e7fcd6 2 bytes JMP 000000007ef35281 .text C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe[1756] C:\Windows\syswow64\USER32.dll!MessageBoxExA + 3 0000000076e7fcd9 2 bytes [0B, 08] .text C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe[1756] C:\Windows\syswow64\USER32.dll!MessageBoxExW 0000000076e7fcfa 5 bytes JMP 000000007ef35319 .text C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe[1756] C:\Windows\syswow64\WS2_32.dll!closesocket 0000000077293918 5 bytes JMP 000000007ef35741 .text C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe[1756] C:\Windows\syswow64\WS2_32.dll!WSASocketW 0000000077293cd3 5 bytes JMP 000000007ef356a9 .text C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe[1756] C:\Windows\syswow64\WS2_32.dll!socket 0000000077293eb8 5 bytes JMP 000000007ef36ca1 .text C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe[1756] C:\Windows\syswow64\WS2_32.dll!WSASend 0000000077294406 5 bytes JMP 000000007ef32139 .text C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe[1756] C:\Windows\syswow64\WS2_32.dll!GetAddrInfoW 0000000077294889 5 bytes JMP 000000007ef34dc1 .text C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe[1756] C:\Windows\syswow64\WS2_32.dll!recv 0000000077296b0e 5 bytes JMP 000000007ef36e69 .text C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe[1756] C:\Windows\syswow64\WS2_32.dll!connect 0000000077296bdd 1 byte JMP 000000007ef341e1 .text C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe[1756] C:\Windows\syswow64\WS2_32.dll!connect + 2 0000000077296bdf 3 bytes {CALL RBP} .text C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe[1756] C:\Windows\syswow64\WS2_32.dll!send 0000000077296f01 5 bytes JMP 000000007ef320a1 .text C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe[1756] C:\Windows\syswow64\WS2_32.dll!WSARecv 0000000077297089 5 bytes JMP 000000007ef36f01 .text C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe[1756] C:\Windows\syswow64\WS2_32.dll!WSAConnect 000000007729cc3f 5 bytes JMP 000000007ef36dd1 .text C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe[1756] C:\Windows\syswow64\WS2_32.dll!GetAddrInfoExW 000000007729d1ea 5 bytes JMP 000000007ef34e59 .text C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe[1756] C:\Windows\syswow64\WS2_32.dll!gethostbyname 00000000772a7673 5 bytes JMP 000000007ef34ef1 .text C:\Windows\System32\svchost.exe[2052] C:\Windows\SYSTEM32\ntdll.dll!RtlEqualSid + 1 0000000077af85e1 11 bytes [B8, F9, 04, A5, 75, 00, 00, ...] .text C:\Windows\System32\svchost.exe[2052] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateProcessParametersEx + 1 0000000077b06921 7 bytes [B8, 39, 69, A4, 75, 00, 00] .text C:\Windows\System32\svchost.exe[2052] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateProcessParametersEx + 10 0000000077b0692a 2 bytes [50, C3] .text C:\Windows\System32\svchost.exe[2052] C:\Windows\SYSTEM32\ntdll.dll!NtClose 0000000077b1daa0 6 bytes [48, B8, 79, C2, A4, 75] .text C:\Windows\System32\svchost.exe[2052] C:\Windows\SYSTEM32\ntdll.dll!NtClose + 8 0000000077b1daa8 4 bytes [00, 00, 50, C3] .text C:\Windows\System32\svchost.exe[2052] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess 0000000077b1db70 6 bytes [48, B8, 39, AF, A4, 75] .text C:\Windows\System32\svchost.exe[2052] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess + 8 0000000077b1db78 4 bytes [00, 00, 50, C3] .text C:\Windows\System32\svchost.exe[2052] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationToken 0000000077b1dbc0 6 bytes [48, B8, 39, 03, A5, 75] .text C:\Windows\System32\svchost.exe[2052] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationToken + 8 0000000077b1dbc8 4 bytes [00, 00, 50, C3] .text C:\Windows\System32\svchost.exe[2052] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077b1dc10 6 bytes [48, B8, F9, 32, A4, 75] .text C:\Windows\System32\svchost.exe[2052] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess + 8 0000000077b1dc18 4 bytes [00, 00, 50, C3] .text C:\Windows\System32\svchost.exe[2052] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 0000000077b1dc30 6 bytes [48, B8, 39, 1C, A4, 75] .text C:\Windows\System32\svchost.exe[2052] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection + 8 0000000077b1dc38 4 bytes [00, 00, 50, C3] .text C:\Windows\System32\svchost.exe[2052] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection 0000000077b1dc50 6 bytes [48, B8, F9, 1D, A4, 75] .text C:\Windows\System32\svchost.exe[2052] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection + 8 0000000077b1dc58 4 bytes [00, 00, 50, C3] .text C:\Windows\System32\svchost.exe[2052] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077b1dc70 6 bytes [48, B8, 79, AD, A4, 75] .text C:\Windows\System32\svchost.exe[2052] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess + 8 0000000077b1dc78 4 bytes [00, 00, 50, C3] .text C:\Windows\System32\svchost.exe[2052] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077b1dd50 6 bytes [48, B8, 79, 2F, A4, 75] .text C:\Windows\System32\svchost.exe[2052] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory + 8 0000000077b1dd58 4 bytes [00, 00, 50, C3] .text C:\Windows\System32\svchost.exe[2052] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077b1dd70 6 bytes [48, B8, 79, 36, A4, 75] .text C:\Windows\System32\svchost.exe[2052] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject + 8 0000000077b1dd78 4 bytes [00, 00, 50, C3] .text C:\Windows\System32\svchost.exe[2052] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 0000000077b1de00 6 bytes [48, B8, B9, 34, A4, 75] .text C:\Windows\System32\svchost.exe[2052] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread + 8 0000000077b1de08 4 bytes [00, 00, 50, C3] .text C:\Windows\System32\svchost.exe[2052] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcessEx 0000000077b1de80 6 bytes [48, B8, 39, 2A, A4, 75] .text C:\Windows\System32\svchost.exe[2052] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcessEx + 8 0000000077b1de88 4 bytes [00, 00, 50, C3] .text C:\Windows\System32\svchost.exe[2052] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077b1de90 6 bytes [48, B8, B9, 26, A4, 75] .text C:\Windows\System32\svchost.exe[2052] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread + 8 0000000077b1de98 4 bytes [00, 00, 50, C3] .text C:\Windows\System32\svchost.exe[2052] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 0000000077b1df00 6 bytes [48, B8, 79, DE, A4, 75] .text C:\Windows\System32\svchost.exe[2052] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile + 8 0000000077b1df08 4 bytes [00, 00, 50, C3] .text C:\Windows\System32\svchost.exe[2052] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcess 0000000077b1e3d0 6 bytes [48, B8, 79, 28, A4, 75] .text C:\Windows\System32\svchost.exe[2052] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcess + 8 0000000077b1e3d8 4 bytes [00, 00, 50, C3] .text C:\Windows\System32\svchost.exe[2052] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077b1e430 6 bytes [48, B8, F9, 24, A4, 75] .text C:\Windows\System32\svchost.exe[2052] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx + 8 0000000077b1e438 4 bytes [00, 00, 50, C3] .text C:\Windows\System32\svchost.exe[2052] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077b1e7a0 6 bytes [48, B8, 39, C4, A4, 75] .text C:\Windows\System32\svchost.exe[2052] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver + 8 0000000077b1e7a8 4 bytes [00, 00, 50, C3] .text C:\Windows\System32\svchost.exe[2052] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcessToken 0000000077b1e970 6 bytes [48, B8, 79, 01, A5, 75] .text C:\Windows\System32\svchost.exe[2052] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcessToken + 8 0000000077b1e978 4 bytes [00, 00, 50, C3] .text C:\Windows\System32\svchost.exe[2052] C:\Windows\SYSTEM32\ntdll.dll!NtRaiseHardError 0000000077b1ece0 6 bytes [48, B8, 79, 83, A4, 75] .text C:\Windows\System32\svchost.exe[2052] C:\Windows\SYSTEM32\ntdll.dll!NtRaiseHardError + 8 0000000077b1ece8 4 bytes [00, 00, 50, C3] .text C:\Windows\System32\svchost.exe[2052] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077b1eee0 6 bytes [48, B8, 39, 31, A4, 75] .text C:\Windows\System32\svchost.exe[2052] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread + 8 0000000077b1eee8 4 bytes [00, 00, 50, C3] .text C:\Windows\System32\svchost.exe[2052] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077b1f0a0 6 bytes [48, B8, F9, C5, A4, 75] .text C:\Windows\System32\svchost.exe[2052] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation + 8 0000000077b1f0a8 4 bytes [00, 00, 50, C3] .text C:\Windows\System32\svchost.exe[2052] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077b1f180 6 bytes [48, B8, 79, 3D, A4, 75] .text C:\Windows\System32\svchost.exe[2052] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess + 8 0000000077b1f188 4 bytes [00, 00, 50, C3] .text C:\Windows\System32\svchost.exe[2052] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077b1f190 6 bytes [48, B8, B9, 3B, A4, 75] .text C:\Windows\System32\svchost.exe[2052] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread + 8 0000000077b1f198 4 bytes [00, 00, 50, C3] .text C:\Windows\System32\svchost.exe[2052] C:\Windows\SYSTEM32\ntdll.dll!RtlReportException + 1 0000000077b8f0c1 11 bytes [B8, 39, 85, A4, 75, 00, 00, ...] .text C:\Windows\System32\svchost.exe[2052] C:\Windows\system32\kernel32.dll!Process32NextW + 1 00000000779b1b21 11 bytes [B8, B9, C0, A4, 75, 00, 00, ...] .text C:\Windows\System32\svchost.exe[2052] C:\Windows\system32\kernel32.dll!CreateToolhelp32Snapshot 00000000779b1c10 12 bytes [48, B8, F9, 39, A4, 75, 00, ...] .text C:\Windows\System32\svchost.exe[2052] C:\Windows\system32\kernel32.dll!MoveFileExW + 1 00000000779b2b61 8 bytes [B8, B9, D5, A4, 75, 00, 00, ...] .text C:\Windows\System32\svchost.exe[2052] C:\Windows\system32\kernel32.dll!MoveFileExW + 10 00000000779b2b6a 2 bytes [50, C3] .text C:\Windows\System32\svchost.exe[2052] C:\Windows\system32\kernel32.dll!CreateProcessInternalW 00000000779cdb10 12 bytes [48, B8, B9, 2D, A4, 75, 00, ...] .text C:\Windows\System32\svchost.exe[2052] C:\Windows\system32\kernel32.dll!GetStartupInfoA + 1 00000000779d0951 11 bytes [B8, 79, 08, A5, 75, 00, 00, ...] .text C:\Windows\System32\svchost.exe[2052] C:\Windows\system32\kernel32.dll!ReadConsoleInputW + 1 0000000077a052c1 11 bytes [B8, B9, 7A, A4, 75, 00, 00, ...] .text C:\Windows\System32\svchost.exe[2052] C:\Windows\system32\kernel32.dll!ReadConsoleInputA + 1 0000000077a052e1 11 bytes [B8, 39, 77, A4, 75, 00, 00, ...] .text C:\Windows\System32\svchost.exe[2052] C:\Windows\system32\kernel32.dll!ReadConsoleW 0000000077a1a630 12 bytes [48, B8, B9, 81, A4, 75, 00, ...] .text C:\Windows\System32\svchost.exe[2052] C:\Windows\system32\kernel32.dll!ReadConsoleA 0000000077a1a740 12 bytes [48, B8, 39, 7E, A4, 75, 00, ...] .text C:\Windows\System32\svchost.exe[2052] C:\Windows\system32\kernel32.dll!MoveFileWithProgressW + 1 0000000077a3f4e1 11 bytes [B8, B9, DC, A4, 75, 00, 00, ...] .text C:\Windows\System32\svchost.exe[2052] C:\Windows\system32\kernel32.dll!MoveFileWithProgressA + 1 0000000077a3f6e1 11 bytes [B8, 39, D9, A4, 75, 00, 00, ...] .text C:\Windows\System32\svchost.exe[2052] C:\Windows\system32\kernel32.dll!MoveFileExA + 1 0000000077a3f711 8 bytes [B8, 39, D2, A4, 75, 00, 00, ...] .text C:\Windows\System32\svchost.exe[2052] C:\Windows\system32\kernel32.dll!MoveFileExA + 10 0000000077a3f71a 2 bytes [50, C3] .text C:\Windows\System32\svchost.exe[2052] C:\Windows\system32\KERNELBASE.dll!CloseHandle + 1 000007fefd951861 11 bytes [B8, 79, 52, A4, 75, 00, 00, ...] .text C:\Windows\System32\svchost.exe[2052] C:\Windows\system32\KERNELBASE.dll!GetProcAddress + 1 000007fefd9530f1 11 bytes [B8, 39, B6, A4, 75, 00, 00, ...] .text C:\Windows\System32\svchost.exe[2052] C:\Windows\system32\KERNELBASE.dll!FindFirstFileExW 000007fefd954a20 12 bytes [48, B8, F9, E1, A4, 75, 00, ...] .text C:\Windows\System32\svchost.exe[2052] C:\Windows\system32\KERNELBASE.dll!FindNextFileW + 1 000007fefd955501 11 bytes [B8, B9, E3, A4, 75, 00, 00, ...] .text C:\Windows\System32\svchost.exe[2052] C:\Windows\system32\KERNELBASE.dll!CreateMutexW 000007fefd9585b0 12 bytes [48, B8, B9, 50, A4, 75, 00, ...] .text C:\Windows\System32\svchost.exe[2052] C:\Windows\system32\KERNELBASE.dll!DeviceIoControl + 1 000007fefd9590a1 11 bytes [B8, 39, E0, A4, 75, 00, 00, ...] .text C:\Windows\System32\svchost.exe[2052] C:\Windows\system32\KERNELBASE.dll!CreateWellKnownSid + 1 000007fefd95a881 11 bytes [B8, B9, FF, A4, 75, 00, 00, ...] .text C:\Windows\System32\svchost.exe[2052] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd95ac50 12 bytes [48, B8, B9, B2, A4, 75, 00, ...] .text C:\Windows\System32\svchost.exe[2052] C:\Windows\system32\KERNELBASE.dll!FreeLibrary + 1 000007fefd95b2c1 11 bytes [B8, 79, B4, A4, 75, 00, 00, ...] .text C:\Windows\System32\svchost.exe[2052] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExA + 1 000007fefd95cec1 11 bytes [B8, F9, B0, A4, 75, 00, 00, ...] .text C:\Windows\System32\svchost.exe[2052] C:\Windows\system32\KERNELBASE.dll!OpenMutexW + 1 000007fefd963c71 11 bytes [B8, F9, 4E, A4, 75, 00, 00, ...] .text C:\Windows\System32\svchost.exe[2052] C:\Windows\system32\KERNELBASE.dll!WriteProcessMemory 000007fefd984300 12 bytes [48, B8, B9, 42, A4, 75, 00, ...] .text C:\Windows\System32\svchost.exe[2052] C:\Windows\system32\KERNELBASE.dll!DefineDosDeviceW + 1 000007fefd990bc1 11 bytes [B8, B9, CE, A4, 75, 00, 00, ...] .text C:\Windows\System32\svchost.exe[2052] C:\Windows\system32\KERNELBASE.dll!CreateRemoteThread + 1 000007fefd992821 8 bytes [B8, 39, 23, A4, 75, 00, 00, ...] .text C:\Windows\System32\svchost.exe[2052] C:\Windows\system32\KERNELBASE.dll!CreateRemoteThread + 10 000007fefd99282a 2 bytes [50, C3] .text C:\Windows\System32\svchost.exe[2052] C:\Windows\system32\KERNELBASE.dll!CreateThread + 1 000007fefd992861 11 bytes [B8, F9, 40, A4, 75, 00, 00, ...] .text C:\Windows\System32\svchost.exe[2052] C:\Windows\SYSTEM32\sechost.dll!ControlService + 1 000007fefe88642d 11 bytes [B8, 39, 5B, A4, 75, 00, 00, ...] .text C:\Windows\System32\svchost.exe[2052] C:\Windows\SYSTEM32\sechost.dll!OpenServiceW 000007fefe886484 12 bytes [48, B8, F9, 55, A4, 75, 00, ...] .text C:\Windows\System32\svchost.exe[2052] C:\Windows\SYSTEM32\sechost.dll!CloseServiceHandle + 1 000007fefe886519 11 bytes [B8, 39, 62, A4, 75, 00, 00, ...] .text C:\Windows\System32\svchost.exe[2052] C:\Windows\SYSTEM32\sechost.dll!OpenServiceA 000007fefe886c34 12 bytes [48, B8, 39, 54, A4, 75, 00, ...] .text C:\Windows\System32\svchost.exe[2052] C:\Windows\SYSTEM32\sechost.dll!DeleteService + 1 000007fefe887ab5 11 bytes [B8, F9, 5C, A4, 75, 00, 00, ...] .text C:\Windows\System32\svchost.exe[2052] C:\Windows\SYSTEM32\sechost.dll!ControlServiceExA + 1 000007fefe888b01 11 bytes [B8, B9, 57, A4, 75, 00, 00, ...] .text C:\Windows\System32\svchost.exe[2052] C:\Windows\SYSTEM32\sechost.dll!ControlServiceExW + 1 000007fefe888c39 11 bytes [B8, 79, 59, A4, 75, 00, 00, ...] .text C:\Windows\System32\svchost.exe[2052] C:\Windows\system32\GDI32.dll!GdiDllInitialize + 349 000007feff8fb031 11 bytes [B8, 39, 0A, A5, 75, 00, 00, ...] .text C:\Windows\System32\svchost.exe[2052] C:\Windows\system32\GDI32.dll!NamedEscape + 1 000007feff929209 11 bytes [B8, 39, F5, A4, 75, 00, 00, ...] .text C:\Windows\System32\svchost.exe[2052] C:\Windows\system32\ADVAPI32.dll!CryptExportKey + 1 000007fefe00ae81 11 bytes [B8, B9, F8, A4, 75, 00, 00, ...] .text C:\Windows\System32\svchost.exe[2052] C:\Windows\system32\ADVAPI32.dll!CryptAcquireContextA + 1 000007fefe00aee1 11 bytes [B8, 79, E5, A4, 75, 00, 00, ...] .text C:\Windows\System32\svchost.exe[2052] C:\Windows\system32\ADVAPI32.dll!CryptImportKey + 1 000007fefe00e6e9 11 bytes [B8, F9, FD, A4, 75, 00, 00, ...] .text C:\Windows\System32\svchost.exe[2052] C:\Windows\system32\ADVAPI32.dll!CryptAcquireContextW + 1 000007fefe01048d 11 bytes [B8, 39, E7, A4, 75, 00, 00, ...] .text C:\Windows\System32\svchost.exe[2052] C:\Windows\system32\ADVAPI32.dll!CryptCreateHash + 1 000007fefe010579 11 bytes [B8, F9, F6, A4, 75, 00, 00, ...] .text C:\Windows\System32\svchost.exe[2052] C:\Windows\system32\ADVAPI32.dll!CryptGetHashParam + 1 000007fefe0105b1 11 bytes [B8, 79, FA, A4, 75, 00, 00, ...] .text C:\Windows\System32\svchost.exe[2052] C:\Windows\system32\ADVAPI32.dll!CryptGetHashParam + 73 000007fefe0105f9 5 bytes [B8, 39, FC, A4, 75] .text ... * 2 .text C:\Windows\System32\svchost.exe[2052] C:\Windows\system32\ADVAPI32.dll!IsTextUnicode + 49 000007fefe024e21 11 bytes [B8, B9, 0D, A5, 75, 00, 00, ...] .text C:\Windows\System32\svchost.exe[2052] C:\Windows\system32\ADVAPI32.dll!CreateServiceW 000007fefe025538 12 bytes [48, B8, B9, 6C, A4, 75, 00, ...] .text C:\Windows\System32\svchost.exe[2052] C:\Windows\system32\ADVAPI32.dll!CryptEncrypt + 1 000007fefe03b9c1 7 bytes [B8, B9, EA, A4, 75, 00, 00] .text C:\Windows\System32\svchost.exe[2052] C:\Windows\system32\ADVAPI32.dll!CryptEncrypt + 10 000007fefe03b9ca 2 bytes [50, C3] .text C:\Windows\System32\svchost.exe[2052] C:\Windows\system32\ADVAPI32.dll!CreateServiceA 000007fefe03ba4c 12 bytes [48, B8, F9, 6A, A4, 75, 00, ...] .text C:\Windows\System32\svchost.exe[2052] C:\Windows\system32\ADVAPI32.dll!ChangeServiceConfigW 000007fefe03bbc0 12 bytes [48, B8, 79, 60, A4, 75, 00, ...] .text C:\Windows\System32\svchost.exe[2052] C:\Windows\system32\ADVAPI32.dll!ChangeServiceConfigA 000007fefe03bc2c 12 bytes [48, B8, B9, 5E, A4, 75, 00, ...] .text C:\Windows\System32\svchost.exe[2052] C:\Windows\system32\WS2_32.dll!WSASend + 1 000007feff9613b1 11 bytes [B8, B9, AB, A4, 75, 00, 00, ...] .text C:\Windows\System32\svchost.exe[2052] C:\Windows\system32\WS2_32.dll!closesocket 000007feff9618e0 12 bytes [48, B8, F9, A9, A4, 75, 00, ...] .text C:\Windows\System32\svchost.exe[2052] C:\Windows\system32\WS2_32.dll!WSASocketW + 1 000007feff961bd1 11 bytes [B8, 39, A8, A4, 75, 00, 00, ...] .text C:\Windows\System32\svchost.exe[2052] C:\Windows\system32\WS2_32.dll!WSARecv + 1 000007feff962201 11 bytes [B8, 79, F3, A4, 75, 00, 00, ...] .text C:\Windows\System32\svchost.exe[2052] C:\Windows\system32\WS2_32.dll!GetAddrInfoW 000007feff9623c0 12 bytes [48, B8, 39, 8C, A4, 75, 00, ...] .text C:\Windows\System32\svchost.exe[2052] C:\Windows\system32\WS2_32.dll!connect 000007feff9645c0 12 bytes [48, B8, 79, 67, A4, 75, 00, ...] .text C:\Windows\System32\svchost.exe[2052] C:\Windows\system32\WS2_32.dll!send + 1 000007feff968001 11 bytes [B8, 79, A6, A4, 75, 00, 00, ...] .text C:\Windows\System32\svchost.exe[2052] C:\Windows\system32\WS2_32.dll!gethostbyname 000007feff968df0 7 bytes [48, B8, B9, 8F, A4, 75, 00] .text C:\Windows\System32\svchost.exe[2052] C:\Windows\system32\WS2_32.dll!gethostbyname + 9 000007feff968df9 3 bytes [00, 50, C3] .text C:\Windows\System32\svchost.exe[2052] C:\Windows\system32\WS2_32.dll!GetAddrInfoExW 000007feff96c090 12 bytes [48, B8, F9, 8D, A4, 75, 00, ...] .text C:\Windows\System32\svchost.exe[2052] C:\Windows\system32\WS2_32.dll!socket + 1 000007feff96de91 11 bytes [B8, 79, EC, A4, 75, 00, 00, ...] .text C:\Windows\System32\svchost.exe[2052] C:\Windows\system32\WS2_32.dll!recv + 1 000007feff96df41 11 bytes [B8, B9, F1, A4, 75, 00, 00, ...] .text C:\Windows\System32\svchost.exe[2052] C:\Windows\system32\WS2_32.dll!WSAConnect + 1 000007feff98e0f1 11 bytes [B8, F9, EF, A4, 75, 00, 00, ...] .text C:\Windows\System32\svchost.exe[2052] c:\windows\system32\WINHTTP.dll!WinHttpCloseHandle 000007fefc1b22e0 12 bytes [48, B8, F9, A2, A4, 75, 00, ...] .text C:\Windows\System32\svchost.exe[2052] c:\windows\system32\WINHTTP.dll!WinHttpOpenRequest 000007fefc1b45f8 12 bytes [48, B8, 39, A1, A4, 75, 00, ...] .text C:\Windows\System32\svchost.exe[2052] c:\windows\system32\WINHTTP.dll!WinHttpConnect 000007fefc1c3e3c 12 bytes [48, B8, B9, A4, A4, 75, 00, ...] .text C:\Windows\System32\svchost.exe[2052] C:\Windows\System32\DNSAPI.dll!DnsQuery_UTF8 000007fefcea56e0 12 bytes [48, B8, 39, CB, A4, 75, 00, ...] .text C:\Windows\System32\svchost.exe[2052] C:\Windows\System32\DNSAPI.dll!DnsQuery_W 000007fefceb010c 12 bytes [48, B8, 79, C9, A4, 75, 00, ...] .text C:\Windows\System32\svchost.exe[2052] C:\Windows\System32\DNSAPI.dll!DnsQuery_A 000007fefcecdaa0 12 bytes [48, B8, B9, C7, A4, 75, 00, ...] .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[2152] C:\Windows\SYSTEM32\ntdll.dll!RtlEqualSid + 1 0000000077af85e1 11 bytes [B8, B9, 06, A5, 75, 00, 00, ...] .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[2152] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateProcessParametersEx + 1 0000000077b06921 7 bytes [B8, 39, 69, A4, 75, 00, 00] .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[2152] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateProcessParametersEx + 10 0000000077b0692a 2 bytes [50, C3] .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[2152] C:\Windows\SYSTEM32\ntdll.dll!NtClose 0000000077b1daa0 6 bytes [48, B8, 79, C2, A4, 75] .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[2152] C:\Windows\SYSTEM32\ntdll.dll!NtClose + 8 0000000077b1daa8 4 bytes [00, 00, 50, C3] .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[2152] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess 0000000077b1db70 6 bytes [48, B8, 39, AF, A4, 75] .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[2152] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess + 8 0000000077b1db78 4 bytes [00, 00, 50, C3] .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[2152] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationToken 0000000077b1dbc0 6 bytes [48, B8, F9, 04, A5, 75] .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[2152] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationToken + 8 0000000077b1dbc8 4 bytes [00, 00, 50, C3] .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[2152] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077b1dc10 6 bytes [48, B8, F9, 32, A4, 75] .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[2152] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess + 8 0000000077b1dc18 4 bytes [00, 00, 50, C3] .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[2152] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 0000000077b1dc30 6 bytes [48, B8, 39, 1C, A4, 75] .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[2152] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection + 8 0000000077b1dc38 4 bytes [00, 00, 50, C3] .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[2152] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection 0000000077b1dc50 6 bytes [48, B8, F9, 1D, A4, 75] .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[2152] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection + 8 0000000077b1dc58 4 bytes [00, 00, 50, C3] .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[2152] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077b1dc70 6 bytes [48, B8, 79, AD, A4, 75] .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[2152] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess + 8 0000000077b1dc78 4 bytes [00, 00, 50, C3] .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[2152] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077b1dd50 6 bytes [48, B8, 79, 2F, A4, 75] .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[2152] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory + 8 0000000077b1dd58 4 bytes [00, 00, 50, C3] .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[2152] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077b1dd70 6 bytes [48, B8, 79, 36, A4, 75] .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[2152] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject + 8 0000000077b1dd78 4 bytes [00, 00, 50, C3] .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[2152] C:\Windows\SYSTEM32\ntdll.dll!NtAdjustPrivilegesToken 0000000077b1ddc0 6 bytes [48, B8, 79, DE, A4, 75] .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[2152] C:\Windows\SYSTEM32\ntdll.dll!NtAdjustPrivilegesToken + 8 0000000077b1ddc8 4 bytes [00, 00, 50, C3] .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[2152] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 0000000077b1de00 6 bytes [48, B8, B9, 34, A4, 75] .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[2152] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread + 8 0000000077b1de08 4 bytes [00, 00, 50, C3] .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[2152] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcessEx 0000000077b1de80 6 bytes [48, B8, 39, 2A, A4, 75] .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[2152] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcessEx + 8 0000000077b1de88 4 bytes [00, 00, 50, C3] .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[2152] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077b1de90 6 bytes [48, B8, B9, 26, A4, 75] .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[2152] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread + 8 0000000077b1de98 4 bytes [00, 00, 50, C3] .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[2152] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 0000000077b1df00 6 bytes [48, B8, 39, E0, A4, 75] .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[2152] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile + 8 0000000077b1df08 4 bytes [00, 00, 50, C3] .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[2152] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcess 0000000077b1e3d0 6 bytes [48, B8, 79, 28, A4, 75] .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[2152] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcess + 8 0000000077b1e3d8 4 bytes [00, 00, 50, C3] .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[2152] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077b1e430 6 bytes [48, B8, F9, 24, A4, 75] .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[2152] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx + 8 0000000077b1e438 4 bytes [00, 00, 50, C3] .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[2152] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077b1e7a0 6 bytes [48, B8, 39, C4, A4, 75] .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[2152] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver + 8 0000000077b1e7a8 4 bytes [00, 00, 50, C3] .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[2152] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcessToken 0000000077b1e970 6 bytes [48, B8, 39, 03, A5, 75] .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[2152] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcessToken + 8 0000000077b1e978 4 bytes [00, 00, 50, C3] .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[2152] C:\Windows\SYSTEM32\ntdll.dll!NtRaiseHardError 0000000077b1ece0 6 bytes [48, B8, 79, 83, A4, 75] .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[2152] C:\Windows\SYSTEM32\ntdll.dll!NtRaiseHardError + 8 0000000077b1ece8 4 bytes [00, 00, 50, C3] .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[2152] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077b1eee0 6 bytes [48, B8, 39, 31, A4, 75] .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[2152] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread + 8 0000000077b1eee8 4 bytes [00, 00, 50, C3] .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[2152] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077b1f0a0 6 bytes [48, B8, F9, C5, A4, 75] .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[2152] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation + 8 0000000077b1f0a8 4 bytes [00, 00, 50, C3] .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[2152] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077b1f180 6 bytes [48, B8, 79, 3D, A4, 75] .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[2152] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess + 8 0000000077b1f188 4 bytes [00, 00, 50, C3] .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[2152] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077b1f190 6 bytes [48, B8, B9, 3B, A4, 75] .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[2152] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread + 8 0000000077b1f198 4 bytes [00, 00, 50, C3] .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[2152] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077b1f280 6 bytes [48, B8, F9, 0B, A5, 75] .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[2152] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl + 8 0000000077b1f288 4 bytes [00, 00, 50, C3] .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[2152] C:\Windows\SYSTEM32\ntdll.dll!RtlReportException + 1 0000000077b8f0c1 11 bytes [B8, 39, 85, A4, 75, 00, 00, ...] .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[2152] C:\Windows\system32\kernel32.dll!Process32NextW + 1 00000000779b1b21 11 bytes [B8, B9, C0, A4, 75, 00, 00, ...] .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[2152] C:\Windows\system32\kernel32.dll!CreateToolhelp32Snapshot 00000000779b1c10 12 bytes [48, B8, F9, 39, A4, 75, 00, ...] .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[2152] C:\Windows\system32\kernel32.dll!MoveFileExW + 1 00000000779b2b61 8 bytes [B8, B9, D5, A4, 75, 00, 00, ...] .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[2152] C:\Windows\system32\kernel32.dll!MoveFileExW + 10 00000000779b2b6a 2 bytes [50, C3] .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[2152] C:\Windows\system32\kernel32.dll!CreateProcessInternalW 00000000779cdb10 12 bytes [48, B8, B9, 2D, A4, 75, 00, ...] .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[2152] C:\Windows\system32\kernel32.dll!GetStartupInfoA + 1 00000000779d0951 11 bytes [B8, 39, 0A, A5, 75, 00, 00, ...] .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[2152] C:\Windows\system32\kernel32.dll!ReadConsoleInputW + 1 0000000077a052c1 11 bytes [B8, B9, 7A, A4, 75, 00, 00, ...] .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[2152] C:\Windows\system32\kernel32.dll!ReadConsoleInputA + 1 0000000077a052e1 11 bytes [B8, 39, 77, A4, 75, 00, 00, ...] .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[2152] C:\Windows\system32\kernel32.dll!ReadConsoleW 0000000077a1a630 12 bytes [48, B8, B9, 81, A4, 75, 00, ...] .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[2152] C:\Windows\system32\kernel32.dll!ReadConsoleA 0000000077a1a740 12 bytes [48, B8, 39, 7E, A4, 75, 00, ...] .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[2152] C:\Windows\system32\kernel32.dll!MoveFileWithProgressW + 1 0000000077a3f4e1 11 bytes [B8, B9, DC, A4, 75, 00, 00, ...] .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[2152] C:\Windows\system32\kernel32.dll!MoveFileWithProgressA + 1 0000000077a3f6e1 11 bytes [B8, 39, D9, A4, 75, 00, 00, ...] .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[2152] C:\Windows\system32\kernel32.dll!MoveFileExA + 1 0000000077a3f711 8 bytes [B8, 39, D2, A4, 75, 00, 00, ...] .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[2152] C:\Windows\system32\kernel32.dll!MoveFileExA + 10 0000000077a3f71a 2 bytes [50, C3] .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[2152] C:\Windows\system32\KERNELBASE.dll!CloseHandle + 1 000007fefd951861 11 bytes [B8, 79, 52, A4, 75, 00, 00, ...] .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[2152] C:\Windows\system32\KERNELBASE.dll!GetProcAddress + 1 000007fefd9530f1 11 bytes [B8, 39, B6, A4, 75, 00, 00, ...] .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[2152] C:\Windows\system32\KERNELBASE.dll!FindFirstFileExW 000007fefd954a20 12 bytes [48, B8, B9, E3, A4, 75, 00, ...] .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[2152] C:\Windows\system32\KERNELBASE.dll!FindNextFileW + 1 000007fefd955501 11 bytes [B8, 79, E5, A4, 75, 00, 00, ...] .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[2152] C:\Windows\system32\KERNELBASE.dll!CreateMutexW 000007fefd9585b0 12 bytes [48, B8, B9, 50, A4, 75, 00, ...] .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[2152] C:\Windows\system32\KERNELBASE.dll!DeviceIoControl + 1 000007fefd9590a1 11 bytes [B8, F9, E1, A4, 75, 00, 00, ...] .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[2152] C:\Windows\system32\KERNELBASE.dll!CreateWellKnownSid + 1 000007fefd95a881 11 bytes [B8, 79, 01, A5, 75, 00, 00, ...] .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[2152] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd95ac50 12 bytes [48, B8, B9, B2, A4, 75, 00, ...] .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[2152] C:\Windows\system32\KERNELBASE.dll!FreeLibrary + 1 000007fefd95b2c1 11 bytes [B8, 79, B4, A4, 75, 00, 00, ...] .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[2152] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExA + 1 000007fefd95cec1 11 bytes [B8, F9, B0, A4, 75, 00, 00, ...] .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[2152] C:\Windows\system32\KERNELBASE.dll!OpenMutexW + 1 000007fefd963c71 11 bytes [B8, F9, 4E, A4, 75, 00, 00, ...] .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[2152] C:\Windows\system32\KERNELBASE.dll!WriteProcessMemory 000007fefd984300 12 bytes [48, B8, B9, 42, A4, 75, 00, ...] .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[2152] C:\Windows\system32\KERNELBASE.dll!DefineDosDeviceW + 1 000007fefd990bc1 11 bytes [B8, B9, CE, A4, 75, 00, 00, ...] .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[2152] C:\Windows\system32\KERNELBASE.dll!CreateRemoteThread + 1 000007fefd992821 8 bytes [B8, 39, 23, A4, 75, 00, 00, ...] .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[2152] C:\Windows\system32\KERNELBASE.dll!CreateRemoteThread + 10 000007fefd99282a 2 bytes [50, C3] .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[2152] C:\Windows\system32\KERNELBASE.dll!CreateThread + 1 000007fefd992861 11 bytes [B8, F9, 40, A4, 75, 00, 00, ...] .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[2152] C:\Windows\system32\ADVAPI32.dll!CryptExportKey + 1 000007fefe00ae81 11 bytes [B8, 79, FA, A4, 75, 00, 00, ...] .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[2152] C:\Windows\system32\ADVAPI32.dll!CryptAcquireContextA + 1 000007fefe00aee1 11 bytes [B8, 39, E7, A4, 75, 00, 00, ...] .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[2152] C:\Windows\system32\ADVAPI32.dll!CryptImportKey + 1 000007fefe00e6e9 11 bytes [B8, B9, FF, A4, 75, 00, 00, ...] .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[2152] C:\Windows\system32\ADVAPI32.dll!CryptAcquireContextW + 1 000007fefe01048d 11 bytes [B8, F9, E8, A4, 75, 00, 00, ...] .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[2152] C:\Windows\system32\ADVAPI32.dll!CryptCreateHash + 1 000007fefe010579 11 bytes [B8, B9, F8, A4, 75, 00, 00, ...] .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[2152] C:\Windows\system32\ADVAPI32.dll!CryptGetHashParam + 1 000007fefe0105b1 11 bytes [B8, 39, FC, A4, 75, 00, 00, ...] .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[2152] C:\Windows\system32\ADVAPI32.dll!CryptGetHashParam + 73 000007fefe0105f9 5 bytes [B8, F9, FD, A4, 75] .text ... * 2 .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[2152] C:\Windows\system32\ADVAPI32.dll!IsTextUnicode + 49 000007fefe024e21 11 bytes [B8, 39, 11, A5, 75, 00, 00, ...] .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[2152] C:\Windows\system32\ADVAPI32.dll!CreateServiceW 000007fefe025538 12 bytes [48, B8, B9, 6C, A4, 75, 00, ...] .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[2152] C:\Windows\system32\ADVAPI32.dll!CryptEncrypt + 1 000007fefe03b9c1 7 bytes [B8, 79, EC, A4, 75, 00, 00] .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[2152] C:\Windows\system32\ADVAPI32.dll!CryptEncrypt + 10 000007fefe03b9ca 2 bytes [50, C3] .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[2152] C:\Windows\system32\ADVAPI32.dll!CreateServiceA 000007fefe03ba4c 12 bytes [48, B8, F9, 6A, A4, 75, 00, ...] .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[2152] C:\Windows\system32\ADVAPI32.dll!ChangeServiceConfigW 000007fefe03bbc0 12 bytes [48, B8, 79, 60, A4, 75, 00, ...] .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[2152] C:\Windows\system32\ADVAPI32.dll!ChangeServiceConfigA 000007fefe03bc2c 12 bytes [48, B8, B9, 5E, A4, 75, 00, ...] .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[2152] C:\Windows\SYSTEM32\sechost.dll!ControlService + 1 000007fefe88642d 11 bytes [B8, 39, 5B, A4, 75, 00, 00, ...] .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[2152] C:\Windows\SYSTEM32\sechost.dll!OpenServiceW 000007fefe886484 12 bytes [48, B8, F9, 55, A4, 75, 00, ...] .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[2152] C:\Windows\SYSTEM32\sechost.dll!CloseServiceHandle + 1 000007fefe886519 11 bytes [B8, 39, 62, A4, 75, 00, 00, ...] .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[2152] C:\Windows\SYSTEM32\sechost.dll!OpenServiceA 000007fefe886c34 12 bytes [48, B8, 39, 54, A4, 75, 00, ...] .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[2152] C:\Windows\SYSTEM32\sechost.dll!DeleteService + 1 000007fefe887ab5 11 bytes [B8, F9, 5C, A4, 75, 00, 00, ...] .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[2152] C:\Windows\SYSTEM32\sechost.dll!ControlServiceExA + 1 000007fefe888b01 11 bytes [B8, B9, 57, A4, 75, 00, 00, ...] .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[2152] C:\Windows\SYSTEM32\sechost.dll!ControlServiceExW + 1 000007fefe888c39 11 bytes [B8, 79, 59, A4, 75, 00, 00, ...] .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[2152] C:\Windows\system32\GDI32.dll!GdiDllInitialize + 349 000007feff8fb031 11 bytes [B8, F9, 12, A5, 75, 00, 00, ...] .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[2152] C:\Windows\system32\GDI32.dll!NamedEscape + 1 000007feff929209 11 bytes [B8, F9, F6, A4, 75, 00, 00, ...] .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[2152] C:\Windows\system32\WS2_32.dll!WSASend + 1 000007feff9613b1 11 bytes [B8, B9, AB, A4, 75, 00, 00, ...] .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[2152] C:\Windows\system32\WS2_32.dll!closesocket 000007feff9618e0 12 bytes [48, B8, F9, A9, A4, 75, 00, ...] .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[2152] C:\Windows\system32\WS2_32.dll!WSASocketW + 1 000007feff961bd1 11 bytes [B8, 39, A8, A4, 75, 00, 00, ...] .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[2152] C:\Windows\system32\WS2_32.dll!WSARecv + 1 000007feff962201 11 bytes [B8, 39, F5, A4, 75, 00, 00, ...] .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[2152] C:\Windows\system32\WS2_32.dll!GetAddrInfoW 000007feff9623c0 12 bytes [48, B8, 39, 8C, A4, 75, 00, ...] .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[2152] C:\Windows\system32\WS2_32.dll!connect 000007feff9645c0 12 bytes [48, B8, 79, 67, A4, 75, 00, ...] .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[2152] C:\Windows\system32\WS2_32.dll!send + 1 000007feff968001 11 bytes [B8, 79, A6, A4, 75, 00, 00, ...] .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[2152] C:\Windows\system32\WS2_32.dll!gethostbyname 000007feff968df0 7 bytes [48, B8, B9, 8F, A4, 75, 00] .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[2152] C:\Windows\system32\WS2_32.dll!gethostbyname + 9 000007feff968df9 3 bytes [00, 50, C3] .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[2152] C:\Windows\system32\WS2_32.dll!GetAddrInfoExW 000007feff96c090 12 bytes [48, B8, F9, 8D, A4, 75, 00, ...] .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[2152] C:\Windows\system32\WS2_32.dll!socket + 1 000007feff96de91 11 bytes [B8, 39, EE, A4, 75, 00, 00, ...] .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[2152] C:\Windows\system32\WS2_32.dll!recv + 1 000007feff96df41 11 bytes [B8, 79, F3, A4, 75, 00, 00, ...] .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[2152] C:\Windows\system32\WS2_32.dll!WSAConnect + 1 000007feff98e0f1 11 bytes [B8, B9, F1, A4, 75, 00, 00, ...] .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[2152] C:\Windows\system32\DNSAPI.dll!DnsQuery_UTF8 000007fefcea56e0 12 bytes [48, B8, 39, CB, A4, 75, 00, ...] .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[2152] C:\Windows\system32\DNSAPI.dll!DnsQuery_W 000007fefceb010c 12 bytes [48, B8, 79, C9, A4, 75, 00, ...] .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[2152] C:\Windows\system32\DNSAPI.dll!DnsQuery_A 000007fefcecdaa0 12 bytes [48, B8, B9, C7, A4, 75, 00, ...] .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[2152] C:\Windows\system32\urlmon.dll!URLDownloadToCacheFileW 000007fefdd580b0 12 bytes [48, B8, B9, 65, A4, 75, 00, ...] .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[2152] C:\Windows\system32\urlmon.dll!URLDownloadToFileW + 1 000007fefdd59641 11 bytes [B8, F9, 63, A4, 75, 00, 00, ...] .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2208] C:\Windows\SYSTEM32\ntdll.dll!RtlEqualSid + 1 0000000077af85e1 11 bytes [B8, B9, 22, A5, 75, 00, 00, ...] .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2208] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateProcessParametersEx + 1 0000000077b06921 7 bytes [B8, 39, 69, A4, 75, 00, 00] .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2208] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateProcessParametersEx + 10 0000000077b0692a 2 bytes [50, C3] .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2208] C:\Windows\SYSTEM32\ntdll.dll!NtClose 0000000077b1daa0 6 bytes [48, B8, 79, DE, A4, 75] .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2208] C:\Windows\SYSTEM32\ntdll.dll!NtClose + 8 0000000077b1daa8 4 bytes [00, 00, 50, C3] .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2208] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess 0000000077b1db70 6 bytes [48, B8, 39, CB, A4, 75] .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2208] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess + 8 0000000077b1db78 4 bytes [00, 00, 50, C3] .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2208] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationToken 0000000077b1dbc0 6 bytes [48, B8, F9, 20, A5, 75] .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2208] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationToken + 8 0000000077b1dbc8 4 bytes [00, 00, 50, C3] .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2208] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077b1dc10 6 bytes [48, B8, F9, 32, A4, 75] .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2208] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess + 8 0000000077b1dc18 4 bytes [00, 00, 50, C3] .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2208] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 0000000077b1dc30 6 bytes [48, B8, 39, 1C, A4, 75] .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2208] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection + 8 0000000077b1dc38 4 bytes [00, 00, 50, C3] .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2208] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection 0000000077b1dc50 6 bytes [48, B8, F9, 1D, A4, 75] .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2208] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection + 8 0000000077b1dc58 4 bytes [00, 00, 50, C3] .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2208] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077b1dc70 6 bytes [48, B8, 79, C9, A4, 75] .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2208] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess + 8 0000000077b1dc78 4 bytes [00, 00, 50, C3] .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2208] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077b1dd50 6 bytes [48, B8, 79, 2F, A4, 75] .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2208] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory + 8 0000000077b1dd58 4 bytes [00, 00, 50, C3] .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2208] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077b1dd70 6 bytes [48, B8, 79, 36, A4, 75] .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2208] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject + 8 0000000077b1dd78 4 bytes [00, 00, 50, C3] .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2208] C:\Windows\SYSTEM32\ntdll.dll!NtAdjustPrivilegesToken 0000000077b1ddc0 6 bytes [48, B8, 79, FA, A4, 75] .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2208] C:\Windows\SYSTEM32\ntdll.dll!NtAdjustPrivilegesToken + 8 0000000077b1ddc8 4 bytes [00, 00, 50, C3] .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2208] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 0000000077b1de00 6 bytes [48, B8, B9, 34, A4, 75] .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2208] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread + 8 0000000077b1de08 4 bytes [00, 00, 50, C3] .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2208] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcessEx 0000000077b1de80 6 bytes [48, B8, 39, 2A, A4, 75] .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2208] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcessEx + 8 0000000077b1de88 4 bytes [00, 00, 50, C3] .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2208] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077b1de90 6 bytes [48, B8, B9, 26, A4, 75] .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2208] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread + 8 0000000077b1de98 4 bytes [00, 00, 50, C3] .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2208] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 0000000077b1df00 6 bytes [48, B8, 39, FC, A4, 75] .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2208] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile + 8 0000000077b1df08 4 bytes [00, 00, 50, C3] .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2208] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcess 0000000077b1e3d0 6 bytes [48, B8, 79, 28, A4, 75] .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2208] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcess + 8 0000000077b1e3d8 4 bytes [00, 00, 50, C3] .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2208] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077b1e430 6 bytes [48, B8, F9, 24, A4, 75] .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2208] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx + 8 0000000077b1e438 4 bytes [00, 00, 50, C3] .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2208] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077b1e7a0 6 bytes [48, B8, 39, E0, A4, 75] .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2208] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver + 8 0000000077b1e7a8 4 bytes [00, 00, 50, C3] .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2208] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcessToken 0000000077b1e970 6 bytes [48, B8, 39, 1F, A5, 75] .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2208] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcessToken + 8 0000000077b1e978 4 bytes [00, 00, 50, C3] .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2208] C:\Windows\SYSTEM32\ntdll.dll!NtRaiseHardError 0000000077b1ece0 6 bytes [48, B8, 79, 83, A4, 75] .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2208] C:\Windows\SYSTEM32\ntdll.dll!NtRaiseHardError + 8 0000000077b1ece8 4 bytes [00, 00, 50, C3] .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2208] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077b1eee0 6 bytes [48, B8, 39, 31, A4, 75] .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2208] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread + 8 0000000077b1eee8 4 bytes [00, 00, 50, C3] .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2208] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077b1f0a0 6 bytes [48, B8, F9, E1, A4, 75] .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2208] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation + 8 0000000077b1f0a8 4 bytes [00, 00, 50, C3] .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2208] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077b1f180 6 bytes [48, B8, 79, 3D, A4, 75] .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2208] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess + 8 0000000077b1f188 4 bytes [00, 00, 50, C3] .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2208] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077b1f190 6 bytes [48, B8, B9, 3B, A4, 75] .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2208] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread + 8 0000000077b1f198 4 bytes [00, 00, 50, C3] .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2208] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077b1f280 6 bytes [48, B8, F9, 27, A5, 75] .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2208] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl + 8 0000000077b1f288 4 bytes [00, 00, 50, C3] .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2208] C:\Windows\SYSTEM32\ntdll.dll!RtlReportException + 1 0000000077b8f0c1 11 bytes [B8, 39, 85, A4, 75, 00, 00, ...] .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2208] C:\Windows\system32\kernel32.dll!Process32NextW + 1 00000000779b1b21 11 bytes [B8, B9, DC, A4, 75, 00, 00, ...] .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2208] C:\Windows\system32\kernel32.dll!CreateToolhelp32Snapshot 00000000779b1c10 12 bytes [48, B8, F9, 39, A4, 75, 00, ...] .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2208] C:\Windows\system32\kernel32.dll!MoveFileExW + 1 00000000779b2b61 8 bytes [B8, B9, F1, A4, 75, 00, 00, ...] .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2208] C:\Windows\system32\kernel32.dll!MoveFileExW + 10 00000000779b2b6a 2 bytes [50, C3] .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2208] C:\Windows\system32\kernel32.dll!CreateProcessInternalW 00000000779cdb10 12 bytes [48, B8, B9, 2D, A4, 75, 00, ...] .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2208] C:\Windows\system32\kernel32.dll!GetStartupInfoA + 1 00000000779d0951 11 bytes [B8, 39, 26, A5, 75, 00, 00, ...] .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2208] C:\Windows\system32\kernel32.dll!ReadConsoleInputW + 1 0000000077a052c1 11 bytes [B8, B9, 7A, A4, 75, 00, 00, ...] .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2208] C:\Windows\system32\kernel32.dll!ReadConsoleInputA + 1 0000000077a052e1 11 bytes [B8, 39, 77, A4, 75, 00, 00, ...] .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2208] C:\Windows\system32\kernel32.dll!ReadConsoleW 0000000077a1a630 12 bytes [48, B8, B9, 81, A4, 75, 00, ...] .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2208] C:\Windows\system32\kernel32.dll!ReadConsoleA 0000000077a1a740 12 bytes [48, B8, 39, 7E, A4, 75, 00, ...] .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2208] C:\Windows\system32\kernel32.dll!MoveFileWithProgressW + 1 0000000077a3f4e1 11 bytes [B8, B9, F8, A4, 75, 00, 00, ...] .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2208] C:\Windows\system32\kernel32.dll!MoveFileWithProgressA + 1 0000000077a3f6e1 11 bytes [B8, 39, F5, A4, 75, 00, 00, ...] .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2208] C:\Windows\system32\kernel32.dll!MoveFileExA + 1 0000000077a3f711 8 bytes [B8, 39, EE, A4, 75, 00, 00, ...] .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2208] C:\Windows\system32\kernel32.dll!MoveFileExA + 10 0000000077a3f71a 2 bytes [50, C3] .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2208] C:\Windows\system32\KERNELBASE.dll!CloseHandle + 1 000007fefd951861 11 bytes [B8, 79, 52, A4, 75, 00, 00, ...] .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2208] C:\Windows\system32\KERNELBASE.dll!GetProcAddress + 1 000007fefd9530f1 11 bytes [B8, 39, D2, A4, 75, 00, 00, ...] .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2208] C:\Windows\system32\KERNELBASE.dll!FindFirstFileExW 000007fefd954a20 12 bytes [48, B8, B9, FF, A4, 75, 00, ...] .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2208] C:\Windows\system32\KERNELBASE.dll!FindNextFileW + 1 000007fefd955501 11 bytes [B8, 79, 01, A5, 75, 00, 00, ...] .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2208] C:\Windows\system32\KERNELBASE.dll!CreateMutexW 000007fefd9585b0 12 bytes [48, B8, B9, 50, A4, 75, 00, ...] .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2208] C:\Windows\system32\KERNELBASE.dll!DeviceIoControl + 1 000007fefd9590a1 11 bytes [B8, F9, FD, A4, 75, 00, 00, ...] .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2208] C:\Windows\system32\KERNELBASE.dll!CreateWellKnownSid + 1 000007fefd95a881 11 bytes [B8, 79, 1D, A5, 75, 00, 00, ...] .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2208] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd95ac50 12 bytes [48, B8, B9, CE, A4, 75, 00, ...] .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2208] C:\Windows\system32\KERNELBASE.dll!FreeLibrary + 1 000007fefd95b2c1 11 bytes [B8, 79, D0, A4, 75, 00, 00, ...] .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2208] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExA + 1 000007fefd95cec1 11 bytes [B8, F9, CC, A4, 75, 00, 00, ...] .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2208] C:\Windows\system32\KERNELBASE.dll!OpenMutexW + 1 000007fefd963c71 11 bytes [B8, F9, 4E, A4, 75, 00, 00, ...] .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2208] C:\Windows\system32\KERNELBASE.dll!WriteProcessMemory 000007fefd984300 12 bytes [48, B8, B9, 42, A4, 75, 00, ...] .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2208] C:\Windows\system32\KERNELBASE.dll!DefineDosDeviceW + 1 000007fefd990bc1 11 bytes [B8, B9, EA, A4, 75, 00, 00, ...] .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2208] C:\Windows\system32\KERNELBASE.dll!CreateRemoteThread + 1 000007fefd992821 8 bytes [B8, 39, 23, A4, 75, 00, 00, ...] .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2208] C:\Windows\system32\KERNELBASE.dll!CreateRemoteThread + 10 000007fefd99282a 2 bytes [50, C3] .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2208] C:\Windows\system32\KERNELBASE.dll!CreateThread + 1 000007fefd992861 11 bytes [B8, F9, 40, A4, 75, 00, 00, ...] .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2208] C:\Windows\system32\ADVAPI32.dll!CryptExportKey + 1 000007fefe00ae81 11 bytes [B8, 79, 16, A5, 75, 00, 00, ...] .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2208] C:\Windows\system32\ADVAPI32.dll!CryptAcquireContextA + 1 000007fefe00aee1 11 bytes [B8, 39, 03, A5, 75, 00, 00, ...] .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2208] C:\Windows\system32\ADVAPI32.dll!CryptImportKey + 1 000007fefe00e6e9 11 bytes [B8, B9, 1B, A5, 75, 00, 00, ...] .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2208] C:\Windows\system32\ADVAPI32.dll!CryptAcquireContextW + 1 000007fefe01048d 11 bytes [B8, F9, 04, A5, 75, 00, 00, ...] .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2208] C:\Windows\system32\ADVAPI32.dll!CryptCreateHash + 1 000007fefe010579 11 bytes [B8, B9, 14, A5, 75, 00, 00, ...] .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2208] C:\Windows\system32\ADVAPI32.dll!CryptGetHashParam + 1 000007fefe0105b1 11 bytes [B8, 39, 18, A5, 75, 00, 00, ...] .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2208] C:\Windows\system32\ADVAPI32.dll!CryptGetHashParam + 73 000007fefe0105f9 5 bytes [B8, F9, 19, A5, 75] .text ... * 2 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2208] C:\Windows\system32\ADVAPI32.dll!IsTextUnicode + 49 000007fefe024e21 11 bytes [B8, 39, 2D, A5, 75, 00, 00, ...] .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2208] C:\Windows\system32\ADVAPI32.dll!CreateServiceW 000007fefe025538 12 bytes [48, B8, B9, 6C, A4, 75, 00, ...] .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2208] C:\Windows\system32\ADVAPI32.dll!CryptEncrypt + 1 000007fefe03b9c1 7 bytes [B8, 79, 08, A5, 75, 00, 00] .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2208] C:\Windows\system32\ADVAPI32.dll!CryptEncrypt + 10 000007fefe03b9ca 2 bytes [50, C3] .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2208] C:\Windows\system32\ADVAPI32.dll!CreateServiceA 000007fefe03ba4c 12 bytes [48, B8, F9, 6A, A4, 75, 00, ...] .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2208] C:\Windows\system32\ADVAPI32.dll!ChangeServiceConfigW 000007fefe03bbc0 12 bytes [48, B8, 79, 60, A4, 75, 00, ...] .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2208] C:\Windows\system32\ADVAPI32.dll!ChangeServiceConfigA 000007fefe03bc2c 12 bytes [48, B8, B9, 5E, A4, 75, 00, ...] .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2208] C:\Windows\SYSTEM32\sechost.dll!ControlService + 1 000007fefe88642d 11 bytes [B8, 39, 5B, A4, 75, 00, 00, ...] .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2208] C:\Windows\SYSTEM32\sechost.dll!OpenServiceW 000007fefe886484 12 bytes [48, B8, F9, 55, A4, 75, 00, ...] .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2208] C:\Windows\SYSTEM32\sechost.dll!CloseServiceHandle + 1 000007fefe886519 11 bytes [B8, 39, 62, A4, 75, 00, 00, ...] .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2208] C:\Windows\SYSTEM32\sechost.dll!OpenServiceA 000007fefe886c34 12 bytes [48, B8, 39, 54, A4, 75, 00, ...] .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2208] C:\Windows\SYSTEM32\sechost.dll!DeleteService + 1 000007fefe887ab5 11 bytes [B8, F9, 5C, A4, 75, 00, 00, ...] .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2208] C:\Windows\SYSTEM32\sechost.dll!ControlServiceExA + 1 000007fefe888b01 11 bytes [B8, B9, 57, A4, 75, 00, 00, ...] .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2208] C:\Windows\SYSTEM32\sechost.dll!ControlServiceExW + 1 000007fefe888c39 11 bytes [B8, 79, 59, A4, 75, 00, 00, ...] .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2208] C:\Windows\system32\GDI32.dll!GdiDllInitialize + 349 000007feff8fb031 11 bytes [B8, F9, 2E, A5, 75, 00, 00, ...] .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2208] C:\Windows\system32\GDI32.dll!NamedEscape + 1 000007feff929209 11 bytes [B8, F9, 12, A5, 75, 00, 00, ...] .text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[2556] C:\Windows\SysWOW64\ntdll.dll!NtClose 0000000077ccfa20 5 bytes JMP 000000007ef35e61 .text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[2556] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationProcess 0000000077ccfb68 5 bytes JMP 000000007ef35871 .text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[2556] C:\Windows\SysWOW64\ntdll.dll!NtQueryInformationToken 0000000077ccfbe8 5 bytes JMP 000000007ef37459 .text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[2556] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess 0000000077ccfc60 5 bytes JMP 000000007ef331d9 .text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[2556] C:\Windows\SysWOW64\ntdll.dll!NtMapViewOfSection 0000000077ccfc90 5 bytes JMP 000000007ef315f1 .text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[2556] C:\Windows\SysWOW64\ntdll.dll!NtUnmapViewOfSection 0000000077ccfcc0 5 bytes JMP 000000007ef31689 .text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[2556] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 0000000077ccfcf0 5 bytes JMP 000000007ef357d9 .text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[2556] C:\Windows\SysWOW64\ntdll.dll!NtWriteVirtualMemory 0000000077ccfe54 5 bytes JMP 000000007ef330a9 .text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[2556] C:\Windows\SysWOW64\ntdll.dll!NtDuplicateObject 0000000077ccfe84 5 bytes JMP 000000007ef33309 .text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[2556] C:\Windows\SysWOW64\ntdll.dll!NtAdjustPrivilegesToken 0000000077ccff00 5 bytes JMP 000000007ef367e1 .text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[2556] C:\Windows\SysWOW64\ntdll.dll!NtQueueApcThread 0000000077ccff64 5 bytes JMP 000000007ef33271 .text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[2556] C:\Windows\SysWOW64\ntdll.dll!NtCreateProcessEx 0000000077cd002c 5 bytes JMP 000000007ef32ee1 .text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[2556] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread 0000000077cd0044 5 bytes JMP 000000007ef32db1 .text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[2556] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile 0000000077cd00f4 5 bytes JMP 000000007ef31ed9 .text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[2556] C:\Windows\SysWOW64\ntdll.dll!NtSetValueKey 0000000077cd0204 5 bytes JMP 000000007ef32301 .text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[2556] C:\Windows\SysWOW64\ntdll.dll!NtCreateProcess 0000000077cd0854 5 bytes JMP 000000007ef32e49 .text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[2556] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx 0000000077cd08e4 5 bytes JMP 000000007ef32d19 .text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[2556] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver 0000000077cd0e34 5 bytes JMP 000000007ef35ef9 .text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[2556] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessToken 0000000077cd1100 5 bytes JMP 000000007ef373c1 .text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[2556] C:\Windows\SysWOW64\ntdll.dll!NtRaiseHardError 0000000077cd1644 5 bytes JMP 000000007ef34ac9 .text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[2556] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread 0000000077cd1960 5 bytes JMP 000000007ef33141 .text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[2556] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation 0000000077cd1c24 5 bytes JMP 000000007ef35f91 .text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[2556] C:\Windows\SysWOW64\ntdll.dll!NtSuspendProcess 0000000077cd1d94 5 bytes JMP 000000007ef33439 .text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[2556] C:\Windows\SysWOW64\ntdll.dll!NtSuspendThread 0000000077cd1db0 5 bytes JMP 000000007ef333a1 .text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[2556] C:\Windows\SysWOW64\ntdll.dll!NtVdmControl 0000000077cd1f28 5 bytes JMP 000000007ef37589 .text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[2556] C:\Windows\SysWOW64\ntdll.dll!RtlQueryPerformanceCounter 0000000077ce28e4 5 bytes JMP 000000007ef31ab1 .text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[2556] C:\Windows\SysWOW64\ntdll.dll!RtlEqualSid 0000000077ce8e61 5 bytes JMP 000000007ef374f1 .text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[2556] C:\Windows\SysWOW64\ntdll.dll!RtlCreateProcessParametersEx 0000000077d10eab 5 bytes JMP 000000007ef32009 .text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[2556] C:\Windows\SysWOW64\ntdll.dll!RtlReportException 0000000077d58b7f 5 bytes JMP 000000007ef34b61 .text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[2556] C:\Windows\SysWOW64\ntdll.dll!RtlCreateProcessParameters 0000000077d5ee1b 5 bytes JMP 000000007ef31f71 .text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[2556] C:\Windows\syswow64\kernel32.dll!GetStartupInfoA 0000000075a90e00 5 bytes JMP 000000007ef31da9 .text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[2556] C:\Windows\syswow64\kernel32.dll!CreateProcessA 0000000075a91072 5 bytes JMP 000000007ef32a21 .text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[2556] C:\Windows\syswow64\kernel32.dll!LoadLibraryA 0000000075a94977 5 bytes JMP 000000007ef325f9 .text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[2556] C:\Windows\syswow64\kernel32.dll!CreateProcessInternalW 0000000075aa3b93 5 bytes JMP 000000007ef33011 .text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[2556] C:\Windows\syswow64\kernel32.dll!MoveFileWithProgressW 0000000075aa9a8c 5 bytes JMP 000000007ef36749 .text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[2556] C:\Windows\syswow64\kernel32.dll!MoveFileExW 0000000075aa9aed 5 bytes JMP 000000007ef364e9 .text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[2556] C:\Windows\syswow64\kernel32.dll!CreateToolhelp32Snapshot 0000000075ab7317 5 bytes JMP 000000007ef32729 .text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[2556] C:\Windows\syswow64\kernel32.dll!Process32NextW 0000000075ab88ca 5 bytes JMP 000000007ef35dc9 .text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[2556] C:\Windows\syswow64\kernel32.dll!MoveFileExA 0000000075abccb1 5 bytes JMP 000000007ef363b9 .text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[2556] C:\Windows\syswow64\kernel32.dll!MoveFileWithProgressA 0000000075abccd1 5 bytes JMP 000000007ef36619 .text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[2556] C:\Windows\syswow64\kernel32.dll!WinExec 0000000075b13061 5 bytes JMP 000000007ef328f1 .text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[2556] C:\Windows\syswow64\kernel32.dll!ReadConsoleInputA 0000000075b3752b 5 bytes JMP 000000007ef346a1 .text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[2556] C:\Windows\syswow64\kernel32.dll!ReadConsoleInputW 0000000075b3754e 5 bytes JMP 000000007ef347d1 .text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[2556] C:\Windows\syswow64\kernel32.dll!ReadConsoleA 0000000075b378f9 5 bytes JMP 000000007ef34901 .text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[2556] C:\Windows\syswow64\kernel32.dll!ReadConsoleW 0000000075b37972 5 bytes JMP 000000007ef34a31 .text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[2556] C:\Windows\syswow64\KERNELBASE.dll!GetSystemTimeAsFileTime 0000000075a38f8d 5 bytes JMP 000000007ef31a19 .text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[2556] C:\Windows\syswow64\KERNELBASE.dll!CloseHandle 0000000075a3c436 5 bytes JMP 000000007ef33b59 .text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[2556] C:\Windows\syswow64\KERNELBASE.dll!DeviceIoControl 0000000075a3d0af 5 bytes JMP 000000007ef36879 .text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[2556] C:\Windows\syswow64\KERNELBASE.dll!WriteProcessMemory 0000000075a3eca6 5 bytes JMP 000000007ef33601 .text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[2556] C:\Windows\syswow64\KERNELBASE.dll!ExitProcess 0000000075a3f206 5 bytes JMP 000000007ef32399 .text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[2556] C:\Windows\syswow64\KERNELBASE.dll!GetStartupInfoW 0000000075a3fa89 5 bytes JMP 000000007ef31e41 .text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[2556] C:\Windows\syswow64\KERNELBASE.dll!DefineDosDeviceW 0000000075a3fbb7 5 bytes JMP 000000007ef36289 .text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[2556] C:\Windows\syswow64\KERNELBASE.dll!CreateMutexW 0000000075a41358 5 bytes JMP 000000007ef33ac1 .text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[2556] C:\Windows\syswow64\KERNELBASE.dll!OpenMutexW 0000000075a4137f 5 bytes JMP 000000007ef33a29 .text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[2556] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000075a41d29 5 bytes JMP 000000007ef31981 .text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[2556] C:\Windows\syswow64\KERNELBASE.dll!GetProcAddress 0000000075a41e15 5 bytes JMP 000000007ef324c9 .text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[2556] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000075a42ab1 5 bytes JMP 000000007ef359a1 .text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[2556] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExA 0000000075a42cdf 5 bytes JMP 000000007ef35909 .text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[2556] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000075a42d1d 5 bytes JMP 000000007ef35a39 .text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[2556] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleA 0000000075a42e80 5 bytes JMP 000000007ef318e9 .text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[2556] C:\Windows\syswow64\KERNELBASE.dll!SleepEx 0000000075a43b76 5 bytes JMP 000000007ef32269 .text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[2556] C:\Windows\syswow64\KERNELBASE.dll!Sleep 0000000075a4449c 5 bytes JMP 000000007ef32431 .text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[2556] C:\Windows\syswow64\KERNELBASE.dll!CreateThread 0000000075a4460e 5 bytes JMP 000000007ef33569 .text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[2556] C:\Windows\syswow64\KERNELBASE.dll!CreateRemoteThread 0000000075a44637 5 bytes JMP 000000007ef32c81 .text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[2556] C:\Windows\syswow64\KERNELBASE.dll!FindNextFileW 0000000075a4a217 5 bytes JMP 000000007ef369a9 .text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[2556] C:\Windows\syswow64\KERNELBASE.dll!FindFirstFileExW 0000000075a4a500 5 bytes JMP 000000007ef36911 .text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[2556] C:\Windows\syswow64\KERNELBASE.dll!CreateFileA 0000000075a4c73a 5 bytes JMP 000000007ef327c1 .text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[2556] C:\Windows\syswow64\KERNELBASE.dll!CreateWellKnownSid 0000000075a4e2a4 5 bytes JMP 000000007ef37329 .text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[2556] C:\Windows\syswow64\msvcrt.dll!_lock + 41 0000000075b9a472 5 bytes JMP 000000007ef37751 .text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[2556] C:\Windows\syswow64\msvcrt.dll!__p__fmode 0000000075ba27ce 5 bytes JMP 000000007ef31be1 .text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[2556] C:\Windows\syswow64\msvcrt.dll!__p__environ 0000000075bae6cf 5 bytes JMP 000000007ef31b49 .text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[2556] C:\Windows\syswow64\GDI32.dll!TranslateCharsetInfo + 505 0000000076b4633b 5 bytes JMP 000000007ef377e9 .text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[2556] C:\Windows\syswow64\GDI32.dll!NamedEscape 0000000076b740e9 5 bytes JMP 000000007ef36f99 .text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[2556] C:\Windows\syswow64\USER32.dll!GetMessageW 0000000076e278e2 5 bytes JMP 000000007ef34441 .text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[2556] C:\Windows\syswow64\USER32.dll!GetMessageA 0000000076e27bd3 5 bytes JMP 000000007ef343a9 .text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[2556] C:\Windows\syswow64\USER32.dll!CreateWindowExW 0000000076e28a29 5 bytes JMP 000000007ef34f89 .text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[2556] C:\Windows\syswow64\USER32.dll!FindWindowW 0000000076e298fd 1 byte JMP 000000007ef35c01 .text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[2556] C:\Windows\syswow64\USER32.dll!FindWindowW + 2 0000000076e298ff 3 bytes {JMP 0x810c304} .text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[2556] C:\Windows\syswow64\USER32.dll!UserClientDllInitialize 0000000076e2b6ed 5 bytes JMP 000000007ef37881 .text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[2556] C:\Windows\syswow64\USER32.dll!CreateWindowExA 0000000076e2d22e 5 bytes JMP 000000007ef35021 .text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[2556] C:\Windows\syswow64\USER32.dll!SetWinEventHook 0000000076e2ee09 5 bytes JMP 000000007ef334d1 .text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[2556] C:\Windows\syswow64\USER32.dll!FindWindowA 0000000076e2ffe6 5 bytes JMP 000000007ef35ad1 .text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[2556] C:\Windows\syswow64\USER32.dll!FindWindowExA 0000000076e300d9 5 bytes JMP 000000007ef35b69 .text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[2556] C:\Windows\syswow64\USER32.dll!PeekMessageW 0000000076e305ba 5 bytes JMP 000000007ef34571 .text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[2556] C:\Windows\syswow64\USER32.dll!ShowWindow 0000000076e30dfb 5 bytes JMP 000000007ef350b9 .text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[2556] C:\Windows\syswow64\USER32.dll!PostMessageW 0000000076e312a5 5 bytes JMP 000000007ef376b9 .text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[2556] C:\Windows\syswow64\USER32.dll!SetWindowTextW 0000000076e320ec 5 bytes JMP 000000007ef35449 .text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[2556] C:\Windows\syswow64\USER32.dll!PostMessageA 0000000076e33baa 5 bytes JMP 000000007ef37621 .text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[2556] C:\Windows\syswow64\USER32.dll!PeekMessageA 0000000076e35f74 5 bytes JMP 000000007ef344d9 .text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[2556] C:\Windows\syswow64\USER32.dll!CallNextHookEx 0000000076e36285 5 bytes JMP 000000007ef34bf9 .text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[2556] C:\Windows\syswow64\USER32.dll!SetWindowsHookExW 0000000076e37603 5 bytes JMP 000000007ef32be9 .text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[2556] C:\Windows\syswow64\USER32.dll!SetWindowTextA 0000000076e37aee 5 bytes JMP 000000007ef353b1 .text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[2556] C:\Windows\syswow64\USER32.dll!SetWindowsHookExA 0000000076e3835c 5 bytes JMP 000000007ef32b51 .text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[2556] C:\Windows\syswow64\USER32.dll!DialogBoxIndirectParamAorW 0000000076e4ce54 5 bytes JMP 000000007ef351e9 .text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[2556] C:\Windows\syswow64\USER32.dll!UnhookWindowsHookEx 0000000076e4f52b 5 bytes JMP 000000007ef34c91 .text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[2556] C:\Windows\syswow64\USER32.dll!FindWindowExW 0000000076e4f588 5 bytes JMP 000000007ef35c99 .text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[2556] C:\Windows\syswow64\USER32.dll!CreateDialogIndirectParamAorW 0000000076e510a0 5 bytes JMP 000000007ef35151 .text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[2556] C:\Windows\syswow64\USER32.dll!MessageBoxExA 0000000076e7fcd6 2 bytes JMP 000000007ef35281 .text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[2556] C:\Windows\syswow64\USER32.dll!MessageBoxExA + 3 0000000076e7fcd9 2 bytes [0B, 08] .text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[2556] C:\Windows\syswow64\USER32.dll!MessageBoxExW 0000000076e7fcfa 5 bytes JMP 000000007ef35319 .text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[2556] C:\Windows\syswow64\ADVAPI32.dll!CryptGenKey 0000000075698e89 5 bytes JMP 000000007ef36b71 .text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[2556] C:\Windows\syswow64\ADVAPI32.dll!CryptAcquireContextA 0000000075699179 5 bytes JMP 000000007ef36a41 .text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[2556] C:\Windows\syswow64\ADVAPI32.dll!CryptExportKey 0000000075699186 5 bytes JMP 000000007ef370c9 .text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[2556] C:\Windows\syswow64\ADVAPI32.dll!CryptImportKey 000000007569c4d2 5 bytes JMP 000000007ef37291 .text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[2556] C:\Windows\syswow64\ADVAPI32.dll!OpenServiceW 000000007569c9ec 5 bytes JMP 000000007ef33c89 .text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[2556] C:\Windows\syswow64\ADVAPI32.dll!CryptAcquireContextW 000000007569deb4 5 bytes JMP 000000007ef36ad9 .text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[2556] C:\Windows\syswow64\ADVAPI32.dll!CryptHashData 000000007569ded6 5 bytes JMP 000000007ef371f9 .text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[2556] C:\Windows\syswow64\ADVAPI32.dll!CryptCreateHash 000000007569deee 5 bytes JMP 000000007ef37031 .text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[2556] C:\Windows\syswow64\ADVAPI32.dll!CryptGetHashParam 000000007569df1e 5 bytes JMP 000000007ef37161 .text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[2556] C:\Windows\syswow64\ADVAPI32.dll!OpenServiceA 00000000756a2b50 5 bytes JMP 000000007ef33bf1 .text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[2556] C:\Windows\syswow64\ADVAPI32.dll!CloseServiceHandle 00000000756a35fc 5 bytes JMP 000000007ef340b1 .text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[2556] C:\Windows\syswow64\ADVAPI32.dll!RegOpenKeyExA + 222 00000000756a494d 5 bytes JMP 000000007ef37919 .text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[2556] C:\Windows\syswow64\ADVAPI32.dll!CreateServiceW 00000000756b714c 5 bytes JMP 000000007ef34311 .text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[2556] C:\Windows\syswow64\ADVAPI32.dll!ControlService 00000000756b7164 5 bytes JMP 000000007ef33e51 .text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[2556] C:\Windows\syswow64\ADVAPI32.dll!DeleteService 00000000756b717c 5 bytes JMP 000000007ef33ee9 .text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[2556] C:\Windows\syswow64\ADVAPI32.dll!CryptEncrypt 00000000756b77c3 5 bytes JMP 000000007ef36c09 .text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[2556] C:\Windows\syswow64\ADVAPI32.dll!ChangeServiceConfigA 00000000756d3384 5 bytes JMP 000000007ef33f81 .text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[2556] C:\Windows\syswow64\ADVAPI32.dll!ChangeServiceConfigW 00000000756d3394 5 bytes JMP 000000007ef34019 .text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[2556] C:\Windows\syswow64\ADVAPI32.dll!ControlServiceExA 00000000756d33a4 5 bytes JMP 000000007ef33d21 .text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[2556] C:\Windows\syswow64\ADVAPI32.dll!ControlServiceExW 00000000756d33b4 5 bytes JMP 000000007ef33db9 .text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[2556] C:\Windows\syswow64\ADVAPI32.dll!CreateServiceA 00000000756d33f4 5 bytes JMP 000000007ef34279 .text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[2556] C:\Windows\syswow64\WS2_32.dll!closesocket 0000000077293918 5 bytes JMP 000000007ef35741 .text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[2556] C:\Windows\syswow64\WS2_32.dll!WSASocketW 0000000077293cd3 5 bytes JMP 000000007ef356a9 .text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[2556] C:\Windows\syswow64\WS2_32.dll!socket 0000000077293eb8 5 bytes JMP 000000007ef36ca1 .text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[2556] C:\Windows\syswow64\WS2_32.dll!WSASend 0000000077294406 5 bytes JMP 000000007ef32139 .text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[2556] C:\Windows\syswow64\WS2_32.dll!GetAddrInfoW 0000000077294889 5 bytes JMP 000000007ef34dc1 .text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[2556] C:\Windows\syswow64\WS2_32.dll!recv 0000000077296b0e 5 bytes JMP 000000007ef36e69 .text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[2556] C:\Windows\syswow64\WS2_32.dll!connect 0000000077296bdd 1 byte JMP 000000007ef341e1 .text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[2556] C:\Windows\syswow64\WS2_32.dll!connect + 2 0000000077296bdf 3 bytes {CALL RBP} .text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[2556] C:\Windows\syswow64\WS2_32.dll!send 0000000077296f01 5 bytes JMP 000000007ef320a1 .text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[2556] C:\Windows\syswow64\WS2_32.dll!WSARecv 0000000077297089 5 bytes JMP 000000007ef36f01 .text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[2556] C:\Windows\syswow64\WS2_32.dll!WSAConnect 000000007729cc3f 5 bytes JMP 000000007ef36dd1 .text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[2556] C:\Windows\syswow64\WS2_32.dll!GetAddrInfoExW 000000007729d1ea 5 bytes JMP 000000007ef34e59 .text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[2556] C:\Windows\syswow64\WS2_32.dll!gethostbyname 00000000772a7673 5 bytes JMP 000000007ef34ef1 .text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[2556] C:\Windows\syswow64\SHELL32.dll!Shell_NotifyIconW 0000000075dc01a9 5 bytes JMP 000000007ef34d29 .text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[2556] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000075681401 2 bytes JMP 75abb20b C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[2556] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000075681419 2 bytes JMP 75abb336 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[2556] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000075681431 2 bytes JMP 75b38f39 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[2556] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 000000007568144a 2 bytes CALL 75a94885 C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[2556] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000756814dd 2 bytes JMP 75b38832 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[2556] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000756814f5 2 bytes JMP 75b38a08 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[2556] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 000000007568150d 2 bytes JMP 75b38728 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[2556] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000075681525 2 bytes JMP 75b38af2 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[2556] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 000000007568153d 2 bytes JMP 75aafc98 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[2556] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000075681555 2 bytes JMP 75ab68df C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[2556] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 000000007568156d 2 bytes JMP 75b38ff1 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[2556] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000075681585 2 bytes JMP 75b38b52 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[2556] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 000000007568159d 2 bytes JMP 75b386ec C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[2556] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000756815b5 2 bytes JMP 75aafd31 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[2556] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000756815cd 2 bytes JMP 75abb2cc C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[2556] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000756816b2 2 bytes JMP 75b38eb4 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[2556] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000756816bd 2 bytes JMP 75b38681 C:\Windows\syswow64\kernel32.dll .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe[2592] C:\Windows\SYSTEM32\ntdll.dll!RtlEqualSid + 1 0000000077af85e1 11 bytes [B8, B9, 06, A5, 75, 00, 00, ...] .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe[2592] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateProcessParametersEx + 1 0000000077b06921 7 bytes [B8, 39, 69, A4, 75, 00, 00] .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe[2592] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateProcessParametersEx + 10 0000000077b0692a 2 bytes [50, C3] .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe[2592] C:\Windows\SYSTEM32\ntdll.dll!NtClose 0000000077b1daa0 6 bytes [48, B8, 79, C2, A4, 75] .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe[2592] C:\Windows\SYSTEM32\ntdll.dll!NtClose + 8 0000000077b1daa8 4 bytes [00, 00, 50, C3] .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe[2592] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess 0000000077b1db70 6 bytes [48, B8, 39, AF, A4, 75] .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe[2592] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess + 8 0000000077b1db78 4 bytes [00, 00, 50, C3] .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe[2592] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationToken 0000000077b1dbc0 6 bytes [48, B8, F9, 04, A5, 75] .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe[2592] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationToken + 8 0000000077b1dbc8 4 bytes [00, 00, 50, C3] .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe[2592] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077b1dc10 6 bytes [48, B8, F9, 32, A4, 75] .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe[2592] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess + 8 0000000077b1dc18 4 bytes [00, 00, 50, C3] .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe[2592] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 0000000077b1dc30 6 bytes [48, B8, 39, 1C, A4, 75] .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe[2592] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection + 8 0000000077b1dc38 4 bytes [00, 00, 50, C3] .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe[2592] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection 0000000077b1dc50 6 bytes [48, B8, F9, 1D, A4, 75] .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe[2592] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection + 8 0000000077b1dc58 4 bytes [00, 00, 50, C3] .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe[2592] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077b1dc70 6 bytes [48, B8, 79, AD, A4, 75] .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe[2592] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess + 8 0000000077b1dc78 4 bytes [00, 00, 50, C3] .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe[2592] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077b1dd50 6 bytes [48, B8, 79, 2F, A4, 75] .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe[2592] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory + 8 0000000077b1dd58 4 bytes [00, 00, 50, C3] .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe[2592] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077b1dd70 6 bytes [48, B8, 79, 36, A4, 75] .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe[2592] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject + 8 0000000077b1dd78 4 bytes [00, 00, 50, C3] .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe[2592] C:\Windows\SYSTEM32\ntdll.dll!NtAdjustPrivilegesToken 0000000077b1ddc0 6 bytes [48, B8, 79, DE, A4, 75] .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe[2592] C:\Windows\SYSTEM32\ntdll.dll!NtAdjustPrivilegesToken + 8 0000000077b1ddc8 4 bytes [00, 00, 50, C3] .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe[2592] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 0000000077b1de00 6 bytes [48, B8, B9, 34, A4, 75] .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe[2592] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread + 8 0000000077b1de08 4 bytes [00, 00, 50, C3] .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe[2592] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcessEx 0000000077b1de80 6 bytes [48, B8, 39, 2A, A4, 75] .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe[2592] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcessEx + 8 0000000077b1de88 4 bytes [00, 00, 50, C3] .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe[2592] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077b1de90 6 bytes [48, B8, B9, 26, A4, 75] .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe[2592] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread + 8 0000000077b1de98 4 bytes [00, 00, 50, C3] .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe[2592] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 0000000077b1df00 6 bytes [48, B8, 39, E0, A4, 75] .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe[2592] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile + 8 0000000077b1df08 4 bytes [00, 00, 50, C3] .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe[2592] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcess 0000000077b1e3d0 6 bytes [48, B8, 79, 28, A4, 75] .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe[2592] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcess + 8 0000000077b1e3d8 4 bytes [00, 00, 50, C3] .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe[2592] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077b1e430 6 bytes [48, B8, F9, 24, A4, 75] .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe[2592] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx + 8 0000000077b1e438 4 bytes [00, 00, 50, C3] .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe[2592] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077b1e7a0 6 bytes [48, B8, 39, C4, A4, 75] .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe[2592] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver + 8 0000000077b1e7a8 4 bytes [00, 00, 50, C3] .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe[2592] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcessToken 0000000077b1e970 6 bytes [48, B8, 39, 03, A5, 75] .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe[2592] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcessToken + 8 0000000077b1e978 4 bytes [00, 00, 50, C3] .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe[2592] C:\Windows\SYSTEM32\ntdll.dll!NtRaiseHardError 0000000077b1ece0 6 bytes [48, B8, 79, 83, A4, 75] .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe[2592] C:\Windows\SYSTEM32\ntdll.dll!NtRaiseHardError + 8 0000000077b1ece8 4 bytes [00, 00, 50, C3] .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe[2592] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077b1eee0 6 bytes [48, B8, 39, 31, A4, 75] .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe[2592] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread + 8 0000000077b1eee8 4 bytes [00, 00, 50, C3] .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe[2592] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077b1f0a0 6 bytes [48, B8, F9, C5, A4, 75] .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe[2592] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation + 8 0000000077b1f0a8 4 bytes [00, 00, 50, C3] .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe[2592] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077b1f180 6 bytes [48, B8, 79, 3D, A4, 75] .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe[2592] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess + 8 0000000077b1f188 4 bytes [00, 00, 50, C3] .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe[2592] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077b1f190 6 bytes [48, B8, B9, 3B, A4, 75] .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe[2592] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread + 8 0000000077b1f198 4 bytes [00, 00, 50, C3] .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe[2592] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077b1f280 6 bytes [48, B8, F9, 0B, A5, 75] .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe[2592] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl + 8 0000000077b1f288 4 bytes [00, 00, 50, C3] .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe[2592] C:\Windows\SYSTEM32\ntdll.dll!RtlReportException + 1 0000000077b8f0c1 11 bytes [B8, 39, 85, A4, 75, 00, 00, ...] .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe[2592] C:\Windows\system32\kernel32.dll!Process32NextW + 1 00000000779b1b21 11 bytes [B8, B9, C0, A4, 75, 00, 00, ...] .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe[2592] C:\Windows\system32\kernel32.dll!CreateToolhelp32Snapshot 00000000779b1c10 12 bytes [48, B8, F9, 39, A4, 75, 00, ...] .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe[2592] C:\Windows\system32\kernel32.dll!MoveFileExW + 1 00000000779b2b61 8 bytes [B8, B9, D5, A4, 75, 00, 00, ...] .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe[2592] C:\Windows\system32\kernel32.dll!MoveFileExW + 10 00000000779b2b6a 2 bytes [50, C3] .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe[2592] C:\Windows\system32\kernel32.dll!CreateProcessInternalW 00000000779cdb10 12 bytes [48, B8, B9, 2D, A4, 75, 00, ...] .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe[2592] C:\Windows\system32\kernel32.dll!GetStartupInfoA + 1 00000000779d0951 11 bytes [B8, 39, 0A, A5, 75, 00, 00, ...] .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe[2592] C:\Windows\system32\kernel32.dll!ReadConsoleInputW + 1 0000000077a052c1 11 bytes [B8, B9, 7A, A4, 75, 00, 00, ...] .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe[2592] C:\Windows\system32\kernel32.dll!ReadConsoleInputA + 1 0000000077a052e1 11 bytes [B8, 39, 77, A4, 75, 00, 00, ...] .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe[2592] C:\Windows\system32\kernel32.dll!ReadConsoleW 0000000077a1a630 12 bytes [48, B8, B9, 81, A4, 75, 00, ...] .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe[2592] C:\Windows\system32\kernel32.dll!ReadConsoleA 0000000077a1a740 12 bytes [48, B8, 39, 7E, A4, 75, 00, ...] .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe[2592] C:\Windows\system32\kernel32.dll!MoveFileWithProgressW + 1 0000000077a3f4e1 11 bytes [B8, B9, DC, A4, 75, 00, 00, ...] .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe[2592] C:\Windows\system32\kernel32.dll!MoveFileWithProgressA + 1 0000000077a3f6e1 11 bytes [B8, 39, D9, A4, 75, 00, 00, ...] .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe[2592] C:\Windows\system32\kernel32.dll!MoveFileExA + 1 0000000077a3f711 8 bytes [B8, 39, D2, A4, 75, 00, 00, ...] .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe[2592] C:\Windows\system32\kernel32.dll!MoveFileExA + 10 0000000077a3f71a 2 bytes [50, C3] .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe[2592] C:\Windows\system32\KERNELBASE.dll!CloseHandle + 1 000007fefd951861 11 bytes [B8, 79, 52, A4, 75, 00, 00, ...] .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe[2592] C:\Windows\system32\KERNELBASE.dll!GetProcAddress + 1 000007fefd9530f1 11 bytes [B8, 39, B6, A4, 75, 00, 00, ...] .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe[2592] C:\Windows\system32\KERNELBASE.dll!FindFirstFileExW 000007fefd954a20 12 bytes [48, B8, B9, E3, A4, 75, 00, ...] .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe[2592] C:\Windows\system32\KERNELBASE.dll!FindNextFileW + 1 000007fefd955501 11 bytes [B8, 79, E5, A4, 75, 00, 00, ...] .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe[2592] C:\Windows\system32\KERNELBASE.dll!CreateMutexW 000007fefd9585b0 12 bytes [48, B8, B9, 50, A4, 75, 00, ...] .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe[2592] C:\Windows\system32\KERNELBASE.dll!DeviceIoControl + 1 000007fefd9590a1 11 bytes [B8, F9, E1, A4, 75, 00, 00, ...] .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe[2592] C:\Windows\system32\KERNELBASE.dll!CreateWellKnownSid + 1 000007fefd95a881 11 bytes [B8, 79, 01, A5, 75, 00, 00, ...] .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe[2592] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd95ac50 12 bytes [48, B8, B9, B2, A4, 75, 00, ...] .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe[2592] C:\Windows\system32\KERNELBASE.dll!FreeLibrary + 1 000007fefd95b2c1 11 bytes [B8, 79, B4, A4, 75, 00, 00, ...] .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe[2592] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExA + 1 000007fefd95cec1 11 bytes [B8, F9, B0, A4, 75, 00, 00, ...] .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe[2592] C:\Windows\system32\KERNELBASE.dll!OpenMutexW + 1 000007fefd963c71 11 bytes [B8, F9, 4E, A4, 75, 00, 00, ...] .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe[2592] C:\Windows\system32\KERNELBASE.dll!WriteProcessMemory 000007fefd984300 12 bytes [48, B8, B9, 42, A4, 75, 00, ...] .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe[2592] C:\Windows\system32\KERNELBASE.dll!DefineDosDeviceW + 1 000007fefd990bc1 11 bytes [B8, B9, CE, A4, 75, 00, 00, ...] .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe[2592] C:\Windows\system32\KERNELBASE.dll!CreateRemoteThread + 1 000007fefd992821 8 bytes [B8, 39, 23, A4, 75, 00, 00, ...] .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe[2592] C:\Windows\system32\KERNELBASE.dll!CreateRemoteThread + 10 000007fefd99282a 2 bytes [50, C3] .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe[2592] C:\Windows\system32\KERNELBASE.dll!CreateThread + 1 000007fefd992861 11 bytes [B8, F9, 40, A4, 75, 00, 00, ...] .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe[2592] C:\Windows\system32\WS2_32.dll!WSASend + 1 000007feff9613b1 11 bytes [B8, B9, AB, A4, 75, 00, 00, ...] .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe[2592] C:\Windows\system32\WS2_32.dll!closesocket 000007feff9618e0 12 bytes [48, B8, F9, A9, A4, 75, 00, ...] .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe[2592] C:\Windows\system32\WS2_32.dll!WSASocketW + 1 000007feff961bd1 11 bytes [B8, 39, A8, A4, 75, 00, 00, ...] .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe[2592] C:\Windows\system32\WS2_32.dll!WSARecv + 1 000007feff962201 11 bytes [B8, 39, F5, A4, 75, 00, 00, ...] .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe[2592] C:\Windows\system32\WS2_32.dll!GetAddrInfoW 000007feff9623c0 12 bytes [48, B8, 39, 8C, A4, 75, 00, ...] .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe[2592] C:\Windows\system32\WS2_32.dll!connect 000007feff9645c0 12 bytes [48, B8, 79, 67, A4, 75, 00, ...] .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe[2592] C:\Windows\system32\WS2_32.dll!send + 1 000007feff968001 11 bytes [B8, 79, A6, A4, 75, 00, 00, ...] .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe[2592] C:\Windows\system32\WS2_32.dll!gethostbyname 000007feff968df0 7 bytes [48, B8, B9, 8F, A4, 75, 00] .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe[2592] C:\Windows\system32\WS2_32.dll!gethostbyname + 9 000007feff968df9 3 bytes [00, 50, C3] .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe[2592] C:\Windows\system32\WS2_32.dll!GetAddrInfoExW 000007feff96c090 12 bytes [48, B8, F9, 8D, A4, 75, 00, ...] .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe[2592] C:\Windows\system32\WS2_32.dll!socket + 1 000007feff96de91 11 bytes [B8, 39, EE, A4, 75, 00, 00, ...] .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe[2592] C:\Windows\system32\WS2_32.dll!recv + 1 000007feff96df41 11 bytes [B8, 79, F3, A4, 75, 00, 00, ...] .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe[2592] C:\Windows\system32\WS2_32.dll!WSAConnect + 1 000007feff98e0f1 11 bytes [B8, B9, F1, A4, 75, 00, 00, ...] .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe[2592] C:\Windows\system32\GDI32.dll!GdiDllInitialize + 349 000007feff8fb031 11 bytes [B8, F9, 12, A5, 75, 00, 00, ...] .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe[2592] C:\Windows\system32\GDI32.dll!NamedEscape + 1 000007feff929209 11 bytes [B8, F9, F6, A4, 75, 00, 00, ...] .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe[2592] C:\Windows\system32\ADVAPI32.dll!CryptExportKey + 1 000007fefe00ae81 11 bytes [B8, 79, FA, A4, 75, 00, 00, ...] .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe[2592] C:\Windows\system32\ADVAPI32.dll!CryptAcquireContextA + 1 000007fefe00aee1 11 bytes [B8, 39, E7, A4, 75, 00, 00, ...] .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe[2592] C:\Windows\system32\ADVAPI32.dll!CryptImportKey + 1 000007fefe00e6e9 11 bytes [B8, B9, FF, A4, 75, 00, 00, ...] .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe[2592] C:\Windows\system32\ADVAPI32.dll!CryptAcquireContextW + 1 000007fefe01048d 11 bytes [B8, F9, E8, A4, 75, 00, 00, ...] .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe[2592] C:\Windows\system32\ADVAPI32.dll!CryptCreateHash + 1 000007fefe010579 11 bytes [B8, B9, F8, A4, 75, 00, 00, ...] .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe[2592] C:\Windows\system32\ADVAPI32.dll!CryptGetHashParam + 1 000007fefe0105b1 11 bytes [B8, 39, FC, A4, 75, 00, 00, ...] .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe[2592] C:\Windows\system32\ADVAPI32.dll!CryptGetHashParam + 73 000007fefe0105f9 5 bytes [B8, F9, FD, A4, 75] .text ... * 2 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe[2592] C:\Windows\system32\ADVAPI32.dll!IsTextUnicode + 49 000007fefe024e21 11 bytes [B8, 39, 18, A5, 75, 00, 00, ...] .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe[2592] C:\Windows\system32\ADVAPI32.dll!CreateServiceW 000007fefe025538 12 bytes [48, B8, B9, 6C, A4, 75, 00, ...] .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe[2592] C:\Windows\system32\ADVAPI32.dll!CryptEncrypt + 1 000007fefe03b9c1 7 bytes [B8, 79, EC, A4, 75, 00, 00] .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe[2592] C:\Windows\system32\ADVAPI32.dll!CryptEncrypt + 10 000007fefe03b9ca 2 bytes [50, C3] .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe[2592] C:\Windows\system32\ADVAPI32.dll!CreateServiceA 000007fefe03ba4c 12 bytes [48, B8, F9, 6A, A4, 75, 00, ...] .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe[2592] C:\Windows\system32\ADVAPI32.dll!ChangeServiceConfigW 000007fefe03bbc0 12 bytes [48, B8, 79, 60, A4, 75, 00, ...] .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe[2592] C:\Windows\system32\ADVAPI32.dll!ChangeServiceConfigA 000007fefe03bc2c 12 bytes [48, B8, B9, 5E, A4, 75, 00, ...] .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe[2592] C:\Windows\SYSTEM32\sechost.dll!ControlService + 1 000007fefe88642d 11 bytes [B8, 39, 5B, A4, 75, 00, 00, ...] .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe[2592] C:\Windows\SYSTEM32\sechost.dll!OpenServiceW 000007fefe886484 12 bytes [48, B8, F9, 55, A4, 75, 00, ...] .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe[2592] C:\Windows\SYSTEM32\sechost.dll!CloseServiceHandle + 1 000007fefe886519 11 bytes [B8, 39, 62, A4, 75, 00, 00, ...] .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe[2592] C:\Windows\SYSTEM32\sechost.dll!OpenServiceA 000007fefe886c34 12 bytes [48, B8, 39, 54, A4, 75, 00, ...] .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe[2592] C:\Windows\SYSTEM32\sechost.dll!DeleteService + 1 000007fefe887ab5 11 bytes [B8, F9, 5C, A4, 75, 00, 00, ...] .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe[2592] C:\Windows\SYSTEM32\sechost.dll!ControlServiceExA + 1 000007fefe888b01 11 bytes [B8, B9, 57, A4, 75, 00, 00, ...] .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe[2592] C:\Windows\SYSTEM32\sechost.dll!ControlServiceExW + 1 000007fefe888c39 11 bytes [B8, 79, 59, A4, 75, 00, 00, ...] .text C:\Program Files\Bitdefender\Bitdefender\updatesrv.exe[2680] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077b1dc70 6 bytes [48, B8, F0, 12, 87, 01] .text C:\Program Files\Bitdefender\Bitdefender\updatesrv.exe[2680] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess + 8 0000000077b1dc78 4 bytes [00, 00, 50, C3] .text C:\Program Files\Bitdefender\Bitdefender\updatesrv.exe[2680] C:\Windows\system32\kernel32.dll!UnhandledExceptionFilter + 1 0000000077a4b831 11 bytes [B8, F0, 12, CF, 00, 00, 00, ...] .text C:\Windows\system32\svchost.exe[2992] C:\Windows\system32\kernel32.dll!Process32NextW + 1 00000000779b1b21 11 bytes [B8, B9, C0, A4, 75, 00, 00, ...] .text C:\Windows\system32\svchost.exe[2992] C:\Windows\system32\kernel32.dll!CreateToolhelp32Snapshot 00000000779b1c10 12 bytes [48, B8, F9, 39, A4, 75, 00, ...] .text C:\Windows\system32\svchost.exe[2992] C:\Windows\system32\kernel32.dll!MoveFileExW + 1 00000000779b2b61 8 bytes [B8, B9, D5, A4, 75, 00, 00, ...] .text C:\Windows\system32\svchost.exe[2992] C:\Windows\system32\kernel32.dll!MoveFileExW + 10 00000000779b2b6a 2 bytes [50, C3] .text C:\Windows\system32\svchost.exe[2992] C:\Windows\system32\kernel32.dll!CreateProcessInternalW 00000000779cdb10 12 bytes [48, B8, B9, 2D, A4, 75, 00, ...] .text C:\Windows\system32\svchost.exe[2992] C:\Windows\system32\kernel32.dll!GetStartupInfoA + 1 00000000779d0951 11 bytes [B8, 79, 08, A5, 75, 00, 00, ...] .text C:\Windows\system32\svchost.exe[2992] C:\Windows\system32\kernel32.dll!ReadConsoleInputW + 1 0000000077a052c1 11 bytes [B8, B9, 7A, A4, 75, 00, 00, ...] .text C:\Windows\system32\svchost.exe[2992] C:\Windows\system32\kernel32.dll!ReadConsoleInputA + 1 0000000077a052e1 11 bytes [B8, 39, 77, A4, 75, 00, 00, ...] .text C:\Windows\system32\svchost.exe[2992] C:\Windows\system32\kernel32.dll!ReadConsoleW 0000000077a1a630 12 bytes [48, B8, B9, 81, A4, 75, 00, ...] .text C:\Windows\system32\svchost.exe[2992] C:\Windows\system32\kernel32.dll!ReadConsoleA 0000000077a1a740 12 bytes [48, B8, 39, 7E, A4, 75, 00, ...] .text C:\Windows\system32\svchost.exe[2992] C:\Windows\system32\kernel32.dll!MoveFileWithProgressW + 1 0000000077a3f4e1 11 bytes [B8, B9, DC, A4, 75, 00, 00, ...] .text C:\Windows\system32\svchost.exe[2992] C:\Windows\system32\kernel32.dll!MoveFileWithProgressA + 1 0000000077a3f6e1 11 bytes [B8, 39, D9, A4, 75, 00, 00, ...] .text C:\Windows\system32\svchost.exe[2992] C:\Windows\system32\kernel32.dll!MoveFileExA + 1 0000000077a3f711 8 bytes [B8, 39, D2, A4, 75, 00, 00, ...] .text C:\Windows\system32\svchost.exe[2992] C:\Windows\system32\kernel32.dll!MoveFileExA + 10 0000000077a3f71a 2 bytes [50, C3] .text C:\Windows\system32\svchost.exe[2992] C:\Windows\system32\KERNELBASE.dll!CloseHandle + 1 000007fefd951861 11 bytes [B8, 79, 52, A4, 75, 00, 00, ...] .text C:\Windows\system32\svchost.exe[2992] C:\Windows\system32\KERNELBASE.dll!GetProcAddress + 1 000007fefd9530f1 11 bytes [B8, 39, B6, A4, 75, 00, 00, ...] .text C:\Windows\system32\svchost.exe[2992] C:\Windows\system32\KERNELBASE.dll!FindFirstFileExW 000007fefd954a20 12 bytes [48, B8, F9, E1, A4, 75, 00, ...] .text C:\Windows\system32\svchost.exe[2992] C:\Windows\system32\KERNELBASE.dll!FindNextFileW + 1 000007fefd955501 11 bytes [B8, B9, E3, A4, 75, 00, 00, ...] .text C:\Windows\system32\svchost.exe[2992] C:\Windows\system32\KERNELBASE.dll!CreateMutexW 000007fefd9585b0 12 bytes [48, B8, B9, 50, A4, 75, 00, ...] .text C:\Windows\system32\svchost.exe[2992] C:\Windows\system32\KERNELBASE.dll!DeviceIoControl + 1 000007fefd9590a1 11 bytes [B8, 39, E0, A4, 75, 00, 00, ...] .text C:\Windows\system32\svchost.exe[2992] C:\Windows\system32\KERNELBASE.dll!CreateWellKnownSid + 1 000007fefd95a881 11 bytes [B8, B9, FF, A4, 75, 00, 00, ...] .text C:\Windows\system32\svchost.exe[2992] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd95ac50 12 bytes [48, B8, B9, B2, A4, 75, 00, ...] .text C:\Windows\system32\svchost.exe[2992] C:\Windows\system32\KERNELBASE.dll!FreeLibrary + 1 000007fefd95b2c1 11 bytes [B8, 79, B4, A4, 75, 00, 00, ...] .text C:\Windows\system32\svchost.exe[2992] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExA + 1 000007fefd95cec1 11 bytes [B8, F9, B0, A4, 75, 00, 00, ...] .text C:\Windows\system32\svchost.exe[2992] C:\Windows\system32\KERNELBASE.dll!OpenMutexW + 1 000007fefd963c71 11 bytes [B8, F9, 4E, A4, 75, 00, 00, ...] .text C:\Windows\system32\svchost.exe[2992] C:\Windows\system32\KERNELBASE.dll!WriteProcessMemory 000007fefd984300 12 bytes [48, B8, B9, 42, A4, 75, 00, ...] .text C:\Windows\system32\svchost.exe[2992] C:\Windows\system32\KERNELBASE.dll!DefineDosDeviceW + 1 000007fefd990bc1 11 bytes [B8, B9, CE, A4, 75, 00, 00, ...] .text C:\Windows\system32\svchost.exe[2992] C:\Windows\system32\KERNELBASE.dll!CreateRemoteThread + 1 000007fefd992821 8 bytes [B8, 39, 23, A4, 75, 00, 00, ...] .text C:\Windows\system32\svchost.exe[2992] C:\Windows\system32\KERNELBASE.dll!CreateRemoteThread + 10 000007fefd99282a 2 bytes [50, C3] .text C:\Windows\system32\svchost.exe[2992] C:\Windows\system32\KERNELBASE.dll!CreateThread + 1 000007fefd992861 11 bytes [B8, F9, 40, A4, 75, 00, 00, ...] .text C:\Windows\system32\svchost.exe[2992] C:\Windows\SYSTEM32\sechost.dll!ControlService + 1 000007fefe88642d 11 bytes [B8, 39, 5B, A4, 75, 00, 00, ...] .text C:\Windows\system32\svchost.exe[2992] C:\Windows\SYSTEM32\sechost.dll!OpenServiceW 000007fefe886484 12 bytes [48, B8, F9, 55, A4, 75, 00, ...] .text C:\Windows\system32\svchost.exe[2992] C:\Windows\SYSTEM32\sechost.dll!CloseServiceHandle + 1 000007fefe886519 11 bytes [B8, 39, 62, A4, 75, 00, 00, ...] .text C:\Windows\system32\svchost.exe[2992] C:\Windows\SYSTEM32\sechost.dll!OpenServiceA 000007fefe886c34 12 bytes [48, B8, 39, 54, A4, 75, 00, ...] .text C:\Windows\system32\svchost.exe[2992] C:\Windows\SYSTEM32\sechost.dll!DeleteService + 1 000007fefe887ab5 11 bytes [B8, F9, 5C, A4, 75, 00, 00, ...] .text C:\Windows\system32\svchost.exe[2992] C:\Windows\SYSTEM32\sechost.dll!ControlServiceExA + 1 000007fefe888b01 11 bytes [B8, B9, 57, A4, 75, 00, 00, ...] .text C:\Windows\system32\svchost.exe[2992] C:\Windows\SYSTEM32\sechost.dll!ControlServiceExW + 1 000007fefe888c39 11 bytes [B8, 79, 59, A4, 75, 00, 00, ...] .text C:\Windows\system32\svchost.exe[2992] C:\Windows\system32\ADVAPI32.dll!CryptExportKey + 1 000007fefe00ae81 11 bytes [B8, B9, F8, A4, 75, 00, 00, ...] .text C:\Windows\system32\svchost.exe[2992] C:\Windows\system32\ADVAPI32.dll!CryptAcquireContextA + 1 000007fefe00aee1 11 bytes [B8, 79, E5, A4, 75, 00, 00, ...] .text C:\Windows\system32\svchost.exe[2992] C:\Windows\system32\ADVAPI32.dll!CryptImportKey + 1 000007fefe00e6e9 11 bytes [B8, F9, FD, A4, 75, 00, 00, ...] .text C:\Windows\system32\svchost.exe[2992] C:\Windows\system32\ADVAPI32.dll!CryptAcquireContextW + 1 000007fefe01048d 11 bytes [B8, 39, E7, A4, 75, 00, 00, ...] .text C:\Windows\system32\svchost.exe[2992] C:\Windows\system32\ADVAPI32.dll!CryptCreateHash + 1 000007fefe010579 11 bytes [B8, F9, F6, A4, 75, 00, 00, ...] .text C:\Windows\system32\svchost.exe[2992] C:\Windows\system32\ADVAPI32.dll!CryptGetHashParam + 1 000007fefe0105b1 11 bytes [B8, 79, FA, A4, 75, 00, 00, ...] .text C:\Windows\system32\svchost.exe[2992] C:\Windows\system32\ADVAPI32.dll!CryptGetHashParam + 73 000007fefe0105f9 5 bytes [B8, 39, FC, A4, 75] .text ... * 2 .text C:\Windows\system32\svchost.exe[2992] C:\Windows\system32\ADVAPI32.dll!IsTextUnicode + 49 000007fefe024e21 11 bytes [B8, 39, 0A, A5, 75, 00, 00, ...] .text C:\Windows\system32\svchost.exe[2992] C:\Windows\system32\ADVAPI32.dll!CreateServiceW 000007fefe025538 12 bytes [48, B8, B9, 6C, A4, 75, 00, ...] .text C:\Windows\system32\svchost.exe[2992] C:\Windows\system32\ADVAPI32.dll!CryptEncrypt + 1 000007fefe03b9c1 7 bytes [B8, B9, EA, A4, 75, 00, 00] .text C:\Windows\system32\svchost.exe[2992] C:\Windows\system32\ADVAPI32.dll!CryptEncrypt + 10 000007fefe03b9ca 2 bytes [50, C3] .text C:\Windows\system32\svchost.exe[2992] C:\Windows\system32\ADVAPI32.dll!CreateServiceA 000007fefe03ba4c 12 bytes [48, B8, F9, 6A, A4, 75, 00, ...] .text C:\Windows\system32\svchost.exe[2992] C:\Windows\system32\ADVAPI32.dll!ChangeServiceConfigW 000007fefe03bbc0 12 bytes [48, B8, 79, 60, A4, 75, 00, ...] .text C:\Windows\system32\svchost.exe[2992] C:\Windows\system32\ADVAPI32.dll!ChangeServiceConfigA 000007fefe03bc2c 12 bytes [48, B8, B9, 5E, A4, 75, 00, ...] .text C:\Windows\system32\svchost.exe[2992] C:\Windows\system32\GDI32.dll!GdiDllInitialize + 349 000007feff8fb031 11 bytes [B8, F9, 0B, A5, 75, 00, 00, ...] .text C:\Windows\system32\svchost.exe[2992] C:\Windows\system32\GDI32.dll!NamedEscape + 1 000007feff929209 11 bytes [B8, 39, F5, A4, 75, 00, 00, ...] .text C:\Windows\system32\svchost.exe[2992] C:\Windows\system32\WS2_32.dll!WSASend + 1 000007feff9613b1 11 bytes [B8, B9, AB, A4, 75, 00, 00, ...] .text C:\Windows\system32\svchost.exe[2992] C:\Windows\system32\WS2_32.dll!closesocket 000007feff9618e0 12 bytes [48, B8, F9, A9, A4, 75, 00, ...] .text C:\Windows\system32\svchost.exe[2992] C:\Windows\system32\WS2_32.dll!WSASocketW + 1 000007feff961bd1 11 bytes [B8, 39, A8, A4, 75, 00, 00, ...] .text C:\Windows\system32\svchost.exe[2992] C:\Windows\system32\WS2_32.dll!WSARecv + 1 000007feff962201 11 bytes [B8, 79, F3, A4, 75, 00, 00, ...] .text C:\Windows\system32\svchost.exe[2992] C:\Windows\system32\WS2_32.dll!GetAddrInfoW 000007feff9623c0 12 bytes [48, B8, 39, 8C, A4, 75, 00, ...] .text C:\Windows\system32\svchost.exe[2992] C:\Windows\system32\WS2_32.dll!connect 000007feff9645c0 12 bytes [48, B8, 79, 67, A4, 75, 00, ...] .text C:\Windows\system32\svchost.exe[2992] C:\Windows\system32\WS2_32.dll!send + 1 000007feff968001 11 bytes [B8, 79, A6, A4, 75, 00, 00, ...] .text C:\Windows\system32\svchost.exe[2992] C:\Windows\system32\WS2_32.dll!gethostbyname 000007feff968df0 7 bytes [48, B8, B9, 8F, A4, 75, 00] .text C:\Windows\system32\svchost.exe[2992] C:\Windows\system32\WS2_32.dll!gethostbyname + 9 000007feff968df9 3 bytes [00, 50, C3] .text C:\Windows\system32\svchost.exe[2992] C:\Windows\system32\WS2_32.dll!GetAddrInfoExW 000007feff96c090 12 bytes [48, B8, F9, 8D, A4, 75, 00, ...] .text C:\Windows\system32\svchost.exe[2992] C:\Windows\system32\WS2_32.dll!socket + 1 000007feff96de91 11 bytes [B8, 79, EC, A4, 75, 00, 00, ...] .text C:\Windows\system32\svchost.exe[2992] C:\Windows\system32\WS2_32.dll!recv + 1 000007feff96df41 11 bytes [B8, B9, F1, A4, 75, 00, 00, ...] .text C:\Windows\system32\svchost.exe[2992] C:\Windows\system32\WS2_32.dll!WSAConnect + 1 000007feff98e0f1 11 bytes [B8, F9, EF, A4, 75, 00, 00, ...] .text C:\Windows\System32\svchost.exe[3012] C:\Windows\system32\kernel32.dll!Process32NextW + 1 00000000779b1b21 11 bytes [B8, B9, C0, A4, 75, 00, 00, ...] .text C:\Windows\System32\svchost.exe[3012] C:\Windows\system32\kernel32.dll!CreateToolhelp32Snapshot 00000000779b1c10 12 bytes [48, B8, F9, 39, A4, 75, 00, ...] .text C:\Windows\System32\svchost.exe[3012] C:\Windows\system32\kernel32.dll!MoveFileExW + 1 00000000779b2b61 8 bytes [B8, B9, D5, A4, 75, 00, 00, ...] .text C:\Windows\System32\svchost.exe[3012] C:\Windows\system32\kernel32.dll!MoveFileExW + 10 00000000779b2b6a 2 bytes [50, C3] .text C:\Windows\System32\svchost.exe[3012] C:\Windows\system32\kernel32.dll!CreateProcessInternalW 00000000779cdb10 12 bytes [48, B8, B9, 2D, A4, 75, 00, ...] .text C:\Windows\System32\svchost.exe[3012] C:\Windows\system32\kernel32.dll!GetStartupInfoA + 1 00000000779d0951 11 bytes [B8, 79, 08, A5, 75, 00, 00, ...] .text C:\Windows\System32\svchost.exe[3012] C:\Windows\system32\kernel32.dll!ReadConsoleInputW + 1 0000000077a052c1 11 bytes [B8, B9, 7A, A4, 75, 00, 00, ...] .text C:\Windows\System32\svchost.exe[3012] C:\Windows\system32\kernel32.dll!ReadConsoleInputA + 1 0000000077a052e1 11 bytes [B8, 39, 77, A4, 75, 00, 00, ...] .text C:\Windows\System32\svchost.exe[3012] C:\Windows\system32\kernel32.dll!ReadConsoleW 0000000077a1a630 12 bytes [48, B8, B9, 81, A4, 75, 00, ...] .text C:\Windows\System32\svchost.exe[3012] C:\Windows\system32\kernel32.dll!ReadConsoleA 0000000077a1a740 12 bytes [48, B8, 39, 7E, A4, 75, 00, ...] .text C:\Windows\System32\svchost.exe[3012] C:\Windows\system32\kernel32.dll!MoveFileWithProgressW + 1 0000000077a3f4e1 11 bytes [B8, B9, DC, A4, 75, 00, 00, ...] .text C:\Windows\System32\svchost.exe[3012] C:\Windows\system32\kernel32.dll!MoveFileWithProgressA + 1 0000000077a3f6e1 11 bytes [B8, 39, D9, A4, 75, 00, 00, ...] .text C:\Windows\System32\svchost.exe[3012] C:\Windows\system32\kernel32.dll!MoveFileExA + 1 0000000077a3f711 8 bytes [B8, 39, D2, A4, 75, 00, 00, ...] .text C:\Windows\System32\svchost.exe[3012] C:\Windows\system32\kernel32.dll!MoveFileExA + 10 0000000077a3f71a 2 bytes [50, C3] .text C:\Windows\System32\svchost.exe[3012] C:\Windows\system32\KERNELBASE.dll!CloseHandle + 1 000007fefd951861 11 bytes [B8, 79, 52, A4, 75, 00, 00, ...] .text C:\Windows\System32\svchost.exe[3012] C:\Windows\system32\KERNELBASE.dll!GetProcAddress + 1 000007fefd9530f1 11 bytes [B8, 39, B6, A4, 75, 00, 00, ...] .text C:\Windows\System32\svchost.exe[3012] C:\Windows\system32\KERNELBASE.dll!FindFirstFileExW 000007fefd954a20 12 bytes [48, B8, F9, E1, A4, 75, 00, ...] .text C:\Windows\System32\svchost.exe[3012] C:\Windows\system32\KERNELBASE.dll!FindNextFileW + 1 000007fefd955501 11 bytes [B8, B9, E3, A4, 75, 00, 00, ...] .text C:\Windows\System32\svchost.exe[3012] C:\Windows\system32\KERNELBASE.dll!CreateMutexW 000007fefd9585b0 12 bytes [48, B8, B9, 50, A4, 75, 00, ...] .text C:\Windows\System32\svchost.exe[3012] C:\Windows\system32\KERNELBASE.dll!DeviceIoControl + 1 000007fefd9590a1 11 bytes [B8, 39, E0, A4, 75, 00, 00, ...] .text C:\Windows\System32\svchost.exe[3012] C:\Windows\system32\KERNELBASE.dll!CreateWellKnownSid + 1 000007fefd95a881 11 bytes [B8, B9, FF, A4, 75, 00, 00, ...] .text C:\Windows\System32\svchost.exe[3012] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd95ac50 12 bytes [48, B8, B9, B2, A4, 75, 00, ...] .text C:\Windows\System32\svchost.exe[3012] C:\Windows\system32\KERNELBASE.dll!FreeLibrary + 1 000007fefd95b2c1 11 bytes [B8, 79, B4, A4, 75, 00, 00, ...] .text C:\Windows\System32\svchost.exe[3012] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExA + 1 000007fefd95cec1 11 bytes [B8, F9, B0, A4, 75, 00, 00, ...] .text C:\Windows\System32\svchost.exe[3012] C:\Windows\system32\KERNELBASE.dll!OpenMutexW + 1 000007fefd963c71 11 bytes [B8, F9, 4E, A4, 75, 00, 00, ...] .text C:\Windows\System32\svchost.exe[3012] C:\Windows\system32\KERNELBASE.dll!WriteProcessMemory 000007fefd984300 12 bytes [48, B8, B9, 42, A4, 75, 00, ...] .text C:\Windows\System32\svchost.exe[3012] C:\Windows\system32\KERNELBASE.dll!DefineDosDeviceW + 1 000007fefd990bc1 11 bytes [B8, B9, CE, A4, 75, 00, 00, ...] .text C:\Windows\System32\svchost.exe[3012] C:\Windows\system32\KERNELBASE.dll!CreateRemoteThread + 1 000007fefd992821 8 bytes [B8, 39, 23, A4, 75, 00, 00, ...] .text C:\Windows\System32\svchost.exe[3012] C:\Windows\system32\KERNELBASE.dll!CreateRemoteThread + 10 000007fefd99282a 2 bytes [50, C3] .text C:\Windows\System32\svchost.exe[3012] C:\Windows\system32\KERNELBASE.dll!CreateThread + 1 000007fefd992861 11 bytes [B8, F9, 40, A4, 75, 00, 00, ...] .text C:\Windows\System32\svchost.exe[3012] C:\Windows\SYSTEM32\sechost.dll!ControlService + 1 000007fefe88642d 11 bytes [B8, 39, 5B, A4, 75, 00, 00, ...] .text C:\Windows\System32\svchost.exe[3012] C:\Windows\SYSTEM32\sechost.dll!OpenServiceW 000007fefe886484 12 bytes [48, B8, F9, 55, A4, 75, 00, ...] .text C:\Windows\System32\svchost.exe[3012] C:\Windows\SYSTEM32\sechost.dll!CloseServiceHandle + 1 000007fefe886519 11 bytes [B8, 39, 62, A4, 75, 00, 00, ...] .text C:\Windows\System32\svchost.exe[3012] C:\Windows\SYSTEM32\sechost.dll!OpenServiceA 000007fefe886c34 12 bytes [48, B8, 39, 54, A4, 75, 00, ...] .text C:\Windows\System32\svchost.exe[3012] C:\Windows\SYSTEM32\sechost.dll!DeleteService + 1 000007fefe887ab5 11 bytes [B8, F9, 5C, A4, 75, 00, 00, ...] .text C:\Windows\System32\svchost.exe[3012] C:\Windows\SYSTEM32\sechost.dll!ControlServiceExA + 1 000007fefe888b01 11 bytes [B8, B9, 57, A4, 75, 00, 00, ...] .text C:\Windows\System32\svchost.exe[3012] C:\Windows\SYSTEM32\sechost.dll!ControlServiceExW + 1 000007fefe888c39 11 bytes [B8, 79, 59, A4, 75, 00, 00, ...] .text C:\Windows\System32\svchost.exe[3012] C:\Windows\system32\ADVAPI32.dll!CryptExportKey + 1 000007fefe00ae81 11 bytes [B8, B9, F8, A4, 75, 00, 00, ...] .text C:\Windows\System32\svchost.exe[3012] C:\Windows\system32\ADVAPI32.dll!CryptAcquireContextA + 1 000007fefe00aee1 11 bytes [B8, 79, E5, A4, 75, 00, 00, ...] .text C:\Windows\System32\svchost.exe[3012] C:\Windows\system32\ADVAPI32.dll!CryptImportKey + 1 000007fefe00e6e9 11 bytes [B8, F9, FD, A4, 75, 00, 00, ...] .text C:\Windows\System32\svchost.exe[3012] C:\Windows\system32\ADVAPI32.dll!CryptAcquireContextW + 1 000007fefe01048d 11 bytes [B8, 39, E7, A4, 75, 00, 00, ...] .text C:\Windows\System32\svchost.exe[3012] C:\Windows\system32\ADVAPI32.dll!CryptCreateHash + 1 000007fefe010579 11 bytes [B8, F9, F6, A4, 75, 00, 00, ...] .text C:\Windows\System32\svchost.exe[3012] C:\Windows\system32\ADVAPI32.dll!CryptGetHashParam + 1 000007fefe0105b1 11 bytes [B8, 79, FA, A4, 75, 00, 00, ...] .text C:\Windows\System32\svchost.exe[3012] C:\Windows\system32\ADVAPI32.dll!CryptGetHashParam + 73 000007fefe0105f9 5 bytes [B8, 39, FC, A4, 75] .text ... * 2 .text C:\Windows\System32\svchost.exe[3012] C:\Windows\system32\ADVAPI32.dll!IsTextUnicode + 49 000007fefe024e21 11 bytes [B8, 39, 0A, A5, 75, 00, 00, ...] .text C:\Windows\System32\svchost.exe[3012] C:\Windows\system32\ADVAPI32.dll!CreateServiceW 000007fefe025538 12 bytes [48, B8, B9, 6C, A4, 75, 00, ...] .text C:\Windows\System32\svchost.exe[3012] C:\Windows\system32\ADVAPI32.dll!CryptEncrypt + 1 000007fefe03b9c1 7 bytes [B8, B9, EA, A4, 75, 00, 00] .text C:\Windows\System32\svchost.exe[3012] C:\Windows\system32\ADVAPI32.dll!CryptEncrypt + 10 000007fefe03b9ca 2 bytes [50, C3] .text C:\Windows\System32\svchost.exe[3012] C:\Windows\system32\ADVAPI32.dll!CreateServiceA 000007fefe03ba4c 12 bytes [48, B8, F9, 6A, A4, 75, 00, ...] .text C:\Windows\System32\svchost.exe[3012] C:\Windows\system32\ADVAPI32.dll!ChangeServiceConfigW 000007fefe03bbc0 12 bytes [48, B8, 79, 60, A4, 75, 00, ...] .text C:\Windows\System32\svchost.exe[3012] C:\Windows\system32\ADVAPI32.dll!ChangeServiceConfigA 000007fefe03bc2c 12 bytes [48, B8, B9, 5E, A4, 75, 00, ...] .text C:\Windows\System32\svchost.exe[3012] C:\Windows\system32\GDI32.dll!GdiDllInitialize + 349 000007feff8fb031 11 bytes [B8, F9, 0B, A5, 75, 00, 00, ...] .text C:\Windows\System32\svchost.exe[3012] C:\Windows\system32\GDI32.dll!NamedEscape + 1 000007feff929209 11 bytes [B8, 39, F5, A4, 75, 00, 00, ...] .text C:\Windows\System32\svchost.exe[3012] C:\Windows\system32\urlmon.dll!URLDownloadToCacheFileW 000007fefdd580b0 12 bytes [48, B8, B9, 65, A4, 75, 00, ...] .text C:\Windows\System32\svchost.exe[3012] C:\Windows\system32\urlmon.dll!URLDownloadToFileW + 1 000007fefdd59641 11 bytes [B8, F9, 63, A4, 75, 00, 00, ...] .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe[2476] C:\Windows\SYSTEM32\ntdll.dll!RtlEqualSid + 1 0000000077af85e1 11 bytes [B8, B9, 06, A5, 75, 00, 00, ...] .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe[2476] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateProcessParametersEx + 1 0000000077b06921 7 bytes [B8, 39, 69, A4, 75, 00, 00] .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe[2476] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateProcessParametersEx + 10 0000000077b0692a 2 bytes [50, C3] .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe[2476] C:\Windows\SYSTEM32\ntdll.dll!NtClose 0000000077b1daa0 6 bytes [48, B8, 79, C2, A4, 75] .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe[2476] C:\Windows\SYSTEM32\ntdll.dll!NtClose + 8 0000000077b1daa8 4 bytes [00, 00, 50, C3] .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe[2476] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess 0000000077b1db70 6 bytes [48, B8, 39, AF, A4, 75] .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe[2476] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess + 8 0000000077b1db78 4 bytes [00, 00, 50, C3] .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe[2476] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationToken 0000000077b1dbc0 6 bytes [48, B8, F9, 04, A5, 75] .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe[2476] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationToken + 8 0000000077b1dbc8 4 bytes [00, 00, 50, C3] .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe[2476] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077b1dc10 6 bytes [48, B8, F9, 32, A4, 75] .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe[2476] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess + 8 0000000077b1dc18 4 bytes [00, 00, 50, C3] .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe[2476] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 0000000077b1dc30 6 bytes [48, B8, 39, 1C, A4, 75] .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe[2476] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection + 8 0000000077b1dc38 4 bytes [00, 00, 50, C3] .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe[2476] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection 0000000077b1dc50 6 bytes [48, B8, F9, 1D, A4, 75] .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe[2476] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection + 8 0000000077b1dc58 4 bytes [00, 00, 50, C3] .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe[2476] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077b1dc70 6 bytes [48, B8, 79, AD, A4, 75] .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe[2476] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess + 8 0000000077b1dc78 4 bytes [00, 00, 50, C3] .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe[2476] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077b1dd50 6 bytes [48, B8, 79, 2F, A4, 75] .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe[2476] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory + 8 0000000077b1dd58 4 bytes [00, 00, 50, C3] .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe[2476] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077b1dd70 6 bytes [48, B8, 79, 36, A4, 75] .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe[2476] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject + 8 0000000077b1dd78 4 bytes [00, 00, 50, C3] .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe[2476] C:\Windows\SYSTEM32\ntdll.dll!NtAdjustPrivilegesToken 0000000077b1ddc0 6 bytes [48, B8, 79, DE, A4, 75] .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe[2476] C:\Windows\SYSTEM32\ntdll.dll!NtAdjustPrivilegesToken + 8 0000000077b1ddc8 4 bytes [00, 00, 50, C3] .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe[2476] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 0000000077b1de00 6 bytes [48, B8, B9, 34, A4, 75] .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe[2476] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread + 8 0000000077b1de08 4 bytes [00, 00, 50, C3] .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe[2476] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcessEx 0000000077b1de80 6 bytes [48, B8, 39, 2A, A4, 75] .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe[2476] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcessEx + 8 0000000077b1de88 4 bytes [00, 00, 50, C3] .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe[2476] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077b1de90 6 bytes [48, B8, B9, 26, A4, 75] .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe[2476] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread + 8 0000000077b1de98 4 bytes [00, 00, 50, C3] .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe[2476] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 0000000077b1df00 6 bytes [48, B8, 39, E0, A4, 75] .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe[2476] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile + 8 0000000077b1df08 4 bytes [00, 00, 50, C3] .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe[2476] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcess 0000000077b1e3d0 6 bytes [48, B8, 79, 28, A4, 75] .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe[2476] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcess + 8 0000000077b1e3d8 4 bytes [00, 00, 50, C3] .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe[2476] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077b1e430 6 bytes [48, B8, F9, 24, A4, 75] .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe[2476] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx + 8 0000000077b1e438 4 bytes [00, 00, 50, C3] .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe[2476] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077b1e7a0 6 bytes [48, B8, 39, C4, A4, 75] .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe[2476] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver + 8 0000000077b1e7a8 4 bytes [00, 00, 50, C3] .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe[2476] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcessToken 0000000077b1e970 6 bytes [48, B8, 39, 03, A5, 75] .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe[2476] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcessToken + 8 0000000077b1e978 4 bytes [00, 00, 50, C3] .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe[2476] C:\Windows\SYSTEM32\ntdll.dll!NtRaiseHardError 0000000077b1ece0 6 bytes [48, B8, 79, 83, A4, 75] .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe[2476] C:\Windows\SYSTEM32\ntdll.dll!NtRaiseHardError + 8 0000000077b1ece8 4 bytes [00, 00, 50, C3] .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe[2476] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077b1eee0 6 bytes [48, B8, 39, 31, A4, 75] .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe[2476] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread + 8 0000000077b1eee8 4 bytes [00, 00, 50, C3] .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe[2476] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077b1f0a0 6 bytes [48, B8, F9, C5, A4, 75] .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe[2476] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation + 8 0000000077b1f0a8 4 bytes [00, 00, 50, C3] .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe[2476] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077b1f180 6 bytes [48, B8, 79, 3D, A4, 75] .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe[2476] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess + 8 0000000077b1f188 4 bytes [00, 00, 50, C3] .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe[2476] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077b1f190 6 bytes [48, B8, B9, 3B, A4, 75] .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe[2476] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread + 8 0000000077b1f198 4 bytes [00, 00, 50, C3] .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe[2476] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077b1f280 6 bytes [48, B8, F9, 0B, A5, 75] .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe[2476] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl + 8 0000000077b1f288 4 bytes [00, 00, 50, C3] .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe[2476] C:\Windows\SYSTEM32\ntdll.dll!RtlReportException + 1 0000000077b8f0c1 11 bytes [B8, 39, 85, A4, 75, 00, 00, ...] .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe[2476] C:\Windows\system32\kernel32.dll!Process32NextW + 1 00000000779b1b21 11 bytes [B8, B9, C0, A4, 75, 00, 00, ...] .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe[2476] C:\Windows\system32\kernel32.dll!CreateToolhelp32Snapshot 00000000779b1c10 12 bytes [48, B8, F9, 39, A4, 75, 00, ...] .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe[2476] C:\Windows\system32\kernel32.dll!MoveFileExW + 1 00000000779b2b61 8 bytes [B8, B9, D5, A4, 75, 00, 00, ...] .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe[2476] C:\Windows\system32\kernel32.dll!MoveFileExW + 10 00000000779b2b6a 2 bytes [50, C3] .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe[2476] C:\Windows\system32\kernel32.dll!CreateProcessInternalW 00000000779cdb10 12 bytes [48, B8, B9, 2D, A4, 75, 00, ...] .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe[2476] C:\Windows\system32\kernel32.dll!GetStartupInfoA + 1 00000000779d0951 11 bytes [B8, 39, 0A, A5, 75, 00, 00, ...] .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe[2476] C:\Windows\system32\kernel32.dll!ReadConsoleInputW + 1 0000000077a052c1 11 bytes [B8, B9, 7A, A4, 75, 00, 00, ...] .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe[2476] C:\Windows\system32\kernel32.dll!ReadConsoleInputA + 1 0000000077a052e1 11 bytes [B8, 39, 77, A4, 75, 00, 00, ...] .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe[2476] C:\Windows\system32\kernel32.dll!ReadConsoleW 0000000077a1a630 12 bytes [48, B8, B9, 81, A4, 75, 00, ...] .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe[2476] C:\Windows\system32\kernel32.dll!ReadConsoleA 0000000077a1a740 12 bytes [48, B8, 39, 7E, A4, 75, 00, ...] .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe[2476] C:\Windows\system32\kernel32.dll!MoveFileWithProgressW + 1 0000000077a3f4e1 11 bytes [B8, B9, DC, A4, 75, 00, 00, ...] .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe[2476] C:\Windows\system32\kernel32.dll!MoveFileWithProgressA + 1 0000000077a3f6e1 11 bytes [B8, 39, D9, A4, 75, 00, 00, ...] .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe[2476] C:\Windows\system32\kernel32.dll!MoveFileExA + 1 0000000077a3f711 8 bytes [B8, 39, D2, A4, 75, 00, 00, ...] .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe[2476] C:\Windows\system32\kernel32.dll!MoveFileExA + 10 0000000077a3f71a 2 bytes [50, C3] .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe[2476] C:\Windows\system32\KERNELBASE.dll!CloseHandle + 1 000007fefd951861 11 bytes [B8, 79, 52, A4, 75, 00, 00, ...] .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe[2476] C:\Windows\system32\KERNELBASE.dll!GetProcAddress + 1 000007fefd9530f1 11 bytes [B8, 39, B6, A4, 75, 00, 00, ...] .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe[2476] C:\Windows\system32\KERNELBASE.dll!FindFirstFileExW 000007fefd954a20 12 bytes [48, B8, B9, E3, A4, 75, 00, ...] .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe[2476] C:\Windows\system32\KERNELBASE.dll!FindNextFileW + 1 000007fefd955501 11 bytes [B8, 79, E5, A4, 75, 00, 00, ...] .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe[2476] C:\Windows\system32\KERNELBASE.dll!CreateMutexW 000007fefd9585b0 12 bytes [48, B8, B9, 50, A4, 75, 00, ...] .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe[2476] C:\Windows\system32\KERNELBASE.dll!DeviceIoControl + 1 000007fefd9590a1 11 bytes [B8, F9, E1, A4, 75, 00, 00, ...] .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe[2476] C:\Windows\system32\KERNELBASE.dll!CreateWellKnownSid + 1 000007fefd95a881 11 bytes [B8, 79, 01, A5, 75, 00, 00, ...] .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe[2476] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd95ac50 12 bytes [48, B8, B9, B2, A4, 75, 00, ...] .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe[2476] C:\Windows\system32\KERNELBASE.dll!FreeLibrary + 1 000007fefd95b2c1 11 bytes [B8, 79, B4, A4, 75, 00, 00, ...] .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe[2476] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExA + 1 000007fefd95cec1 11 bytes [B8, F9, B0, A4, 75, 00, 00, ...] .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe[2476] C:\Windows\system32\KERNELBASE.dll!OpenMutexW + 1 000007fefd963c71 11 bytes [B8, F9, 4E, A4, 75, 00, 00, ...] .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe[2476] C:\Windows\system32\KERNELBASE.dll!WriteProcessMemory 000007fefd984300 12 bytes [48, B8, B9, 42, A4, 75, 00, ...] .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe[2476] C:\Windows\system32\KERNELBASE.dll!DefineDosDeviceW + 1 000007fefd990bc1 11 bytes [B8, B9, CE, A4, 75, 00, 00, ...] .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe[2476] C:\Windows\system32\KERNELBASE.dll!CreateRemoteThread + 1 000007fefd992821 8 bytes [B8, 39, 23, A4, 75, 00, 00, ...] .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe[2476] C:\Windows\system32\KERNELBASE.dll!CreateRemoteThread + 10 000007fefd99282a 2 bytes [50, C3] .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe[2476] C:\Windows\system32\KERNELBASE.dll!CreateThread + 1 000007fefd992861 11 bytes [B8, F9, 40, A4, 75, 00, 00, ...] .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe[2476] C:\Windows\system32\WS2_32.dll!WSASend + 1 000007feff9613b1 11 bytes [B8, B9, AB, A4, 75, 00, 00, ...] .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe[2476] C:\Windows\system32\WS2_32.dll!closesocket 000007feff9618e0 12 bytes [48, B8, F9, A9, A4, 75, 00, ...] .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe[2476] C:\Windows\system32\WS2_32.dll!WSASocketW + 1 000007feff961bd1 11 bytes [B8, 39, A8, A4, 75, 00, 00, ...] .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe[2476] C:\Windows\system32\WS2_32.dll!WSARecv + 1 000007feff962201 11 bytes [B8, 39, F5, A4, 75, 00, 00, ...] .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe[2476] C:\Windows\system32\WS2_32.dll!GetAddrInfoW 000007feff9623c0 12 bytes [48, B8, 39, 8C, A4, 75, 00, ...] .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe[2476] C:\Windows\system32\WS2_32.dll!connect 000007feff9645c0 12 bytes [48, B8, 79, 67, A4, 75, 00, ...] .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe[2476] C:\Windows\system32\WS2_32.dll!send + 1 000007feff968001 11 bytes [B8, 79, A6, A4, 75, 00, 00, ...] .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe[2476] C:\Windows\system32\WS2_32.dll!gethostbyname 000007feff968df0 7 bytes [48, B8, B9, 8F, A4, 75, 00] .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe[2476] C:\Windows\system32\WS2_32.dll!gethostbyname + 9 000007feff968df9 3 bytes [00, 50, C3] .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe[2476] C:\Windows\system32\WS2_32.dll!GetAddrInfoExW 000007feff96c090 12 bytes [48, B8, F9, 8D, A4, 75, 00, ...] .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe[2476] C:\Windows\system32\WS2_32.dll!socket + 1 000007feff96de91 11 bytes [B8, 39, EE, A4, 75, 00, 00, ...] .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe[2476] C:\Windows\system32\WS2_32.dll!recv + 1 000007feff96df41 11 bytes [B8, 79, F3, A4, 75, 00, 00, ...] .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe[2476] C:\Windows\system32\WS2_32.dll!WSAConnect + 1 000007feff98e0f1 11 bytes [B8, B9, F1, A4, 75, 00, 00, ...] .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe[2476] C:\Windows\system32\GDI32.dll!GdiDllInitialize + 349 000007feff8fb031 11 bytes [B8, F9, 12, A5, 75, 00, 00, ...] .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe[2476] C:\Windows\system32\GDI32.dll!NamedEscape + 1 000007feff929209 11 bytes [B8, F9, F6, A4, 75, 00, 00, ...] .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe[2476] C:\Windows\system32\ADVAPI32.dll!CryptExportKey + 1 000007fefe00ae81 11 bytes [B8, 79, FA, A4, 75, 00, 00, ...] .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe[2476] C:\Windows\system32\ADVAPI32.dll!CryptAcquireContextA + 1 000007fefe00aee1 11 bytes [B8, 39, E7, A4, 75, 00, 00, ...] .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe[2476] C:\Windows\system32\ADVAPI32.dll!CryptImportKey + 1 000007fefe00e6e9 11 bytes [B8, B9, FF, A4, 75, 00, 00, ...] .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe[2476] C:\Windows\system32\ADVAPI32.dll!CryptAcquireContextW + 1 000007fefe01048d 11 bytes [B8, F9, E8, A4, 75, 00, 00, ...] .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe[2476] C:\Windows\system32\ADVAPI32.dll!CryptCreateHash + 1 000007fefe010579 11 bytes [B8, B9, F8, A4, 75, 00, 00, ...] .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe[2476] C:\Windows\system32\ADVAPI32.dll!CryptGetHashParam + 1 000007fefe0105b1 11 bytes [B8, 39, FC, A4, 75, 00, 00, ...] .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe[2476] C:\Windows\system32\ADVAPI32.dll!CryptGetHashParam + 73 000007fefe0105f9 5 bytes [B8, F9, FD, A4, 75] .text ... * 2 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe[2476] C:\Windows\system32\ADVAPI32.dll!IsTextUnicode + 49 000007fefe024e21 11 bytes [B8, 39, 18, A5, 75, 00, 00, ...] .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe[2476] C:\Windows\system32\ADVAPI32.dll!CreateServiceW 000007fefe025538 12 bytes [48, B8, B9, 6C, A4, 75, 00, ...] .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe[2476] C:\Windows\system32\ADVAPI32.dll!CryptEncrypt + 1 000007fefe03b9c1 7 bytes [B8, 79, EC, A4, 75, 00, 00] .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe[2476] C:\Windows\system32\ADVAPI32.dll!CryptEncrypt + 10 000007fefe03b9ca 2 bytes [50, C3] .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe[2476] C:\Windows\system32\ADVAPI32.dll!CreateServiceA 000007fefe03ba4c 12 bytes [48, B8, F9, 6A, A4, 75, 00, ...] .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe[2476] C:\Windows\system32\ADVAPI32.dll!ChangeServiceConfigW 000007fefe03bbc0 12 bytes [48, B8, 79, 60, A4, 75, 00, ...] .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe[2476] C:\Windows\system32\ADVAPI32.dll!ChangeServiceConfigA 000007fefe03bc2c 12 bytes [48, B8, B9, 5E, A4, 75, 00, ...] .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe[2476] C:\Windows\SYSTEM32\sechost.dll!ControlService + 1 000007fefe88642d 11 bytes [B8, 39, 5B, A4, 75, 00, 00, ...] .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe[2476] C:\Windows\SYSTEM32\sechost.dll!OpenServiceW 000007fefe886484 12 bytes [48, B8, F9, 55, A4, 75, 00, ...] .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe[2476] C:\Windows\SYSTEM32\sechost.dll!CloseServiceHandle + 1 000007fefe886519 11 bytes [B8, 39, 62, A4, 75, 00, 00, ...] .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe[2476] C:\Windows\SYSTEM32\sechost.dll!OpenServiceA 000007fefe886c34 12 bytes [48, B8, 39, 54, A4, 75, 00, ...] .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe[2476] C:\Windows\SYSTEM32\sechost.dll!DeleteService + 1 000007fefe887ab5 11 bytes [B8, F9, 5C, A4, 75, 00, 00, ...] .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe[2476] C:\Windows\SYSTEM32\sechost.dll!ControlServiceExA + 1 000007fefe888b01 11 bytes [B8, B9, 57, A4, 75, 00, 00, ...] .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe[2476] C:\Windows\SYSTEM32\sechost.dll!ControlServiceExW + 1 000007fefe888c39 11 bytes [B8, 79, 59, A4, 75, 00, 00, ...] .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe[2476] C:\Windows\system32\WINHTTP.dll!WinHttpCloseHandle 000007fefc1b22e0 12 bytes [48, B8, F9, A2, A4, 75, 00, ...] .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe[2476] C:\Windows\system32\WINHTTP.dll!WinHttpOpenRequest 000007fefc1b45f8 12 bytes [48, B8, 39, A1, A4, 75, 00, ...] .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe[2476] C:\Windows\system32\WINHTTP.dll!WinHttpConnect 000007fefc1c3e3c 12 bytes [48, B8, B9, A4, A4, 75, 00, ...] .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe[2476] C:\Windows\system32\DNSAPI.dll!DnsQuery_UTF8 000007fefcea56e0 12 bytes [48, B8, 39, CB, A4, 75, 00, ...] .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe[2476] C:\Windows\system32\DNSAPI.dll!DnsQuery_W 000007fefceb010c 12 bytes [48, B8, 79, C9, A4, 75, 00, ...] .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe[2476] C:\Windows\system32\DNSAPI.dll!DnsQuery_A 000007fefcecdaa0 12 bytes [48, B8, B9, C7, A4, 75, 00, ...] .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[2572] C:\Windows\SYSTEM32\ntdll.dll!RtlEqualSid + 1 0000000077af85e1 11 bytes [B8, B9, 06, A5, 75, 00, 00, ...] .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[2572] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateProcessParametersEx + 1 0000000077b06921 7 bytes [B8, 39, 69, A4, 75, 00, 00] .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[2572] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateProcessParametersEx + 10 0000000077b0692a 2 bytes [50, C3] .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[2572] C:\Windows\SYSTEM32\ntdll.dll!NtClose 0000000077b1daa0 6 bytes [48, B8, 79, C2, A4, 75] .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[2572] C:\Windows\SYSTEM32\ntdll.dll!NtClose + 8 0000000077b1daa8 4 bytes [00, 00, 50, C3] .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[2572] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess 0000000077b1db70 6 bytes [48, B8, 39, AF, A4, 75] .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[2572] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess + 8 0000000077b1db78 4 bytes [00, 00, 50, C3] .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[2572] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationToken 0000000077b1dbc0 6 bytes [48, B8, F9, 04, A5, 75] .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[2572] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationToken + 8 0000000077b1dbc8 4 bytes [00, 00, 50, C3] .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[2572] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077b1dc10 6 bytes [48, B8, F9, 32, A4, 75] .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[2572] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess + 8 0000000077b1dc18 4 bytes [00, 00, 50, C3] .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[2572] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 0000000077b1dc30 6 bytes [48, B8, 39, 1C, A4, 75] .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[2572] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection + 8 0000000077b1dc38 4 bytes [00, 00, 50, C3] .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[2572] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection 0000000077b1dc50 6 bytes [48, B8, F9, 1D, A4, 75] .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[2572] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection + 8 0000000077b1dc58 4 bytes [00, 00, 50, C3] .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[2572] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077b1dc70 6 bytes [48, B8, 79, AD, A4, 75] .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[2572] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess + 8 0000000077b1dc78 4 bytes [00, 00, 50, C3] .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[2572] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077b1dd50 6 bytes [48, B8, 79, 2F, A4, 75] .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[2572] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory + 8 0000000077b1dd58 4 bytes [00, 00, 50, C3] .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[2572] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077b1dd70 6 bytes [48, B8, 79, 36, A4, 75] .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[2572] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject + 8 0000000077b1dd78 4 bytes [00, 00, 50, C3] .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[2572] C:\Windows\SYSTEM32\ntdll.dll!NtAdjustPrivilegesToken 0000000077b1ddc0 6 bytes [48, B8, 79, DE, A4, 75] .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[2572] C:\Windows\SYSTEM32\ntdll.dll!NtAdjustPrivilegesToken + 8 0000000077b1ddc8 4 bytes [00, 00, 50, C3] .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[2572] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 0000000077b1de00 6 bytes [48, B8, B9, 34, A4, 75] .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[2572] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread + 8 0000000077b1de08 4 bytes [00, 00, 50, C3] .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[2572] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcessEx 0000000077b1de80 6 bytes [48, B8, 39, 2A, A4, 75] .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[2572] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcessEx + 8 0000000077b1de88 4 bytes [00, 00, 50, C3] .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[2572] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077b1de90 6 bytes [48, B8, B9, 26, A4, 75] .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[2572] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread + 8 0000000077b1de98 4 bytes [00, 00, 50, C3] .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[2572] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 0000000077b1df00 6 bytes [48, B8, 39, E0, A4, 75] .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[2572] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile + 8 0000000077b1df08 4 bytes [00, 00, 50, C3] .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[2572] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcess 0000000077b1e3d0 6 bytes [48, B8, 79, 28, A4, 75] .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[2572] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcess + 8 0000000077b1e3d8 4 bytes [00, 00, 50, C3] .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[2572] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077b1e430 6 bytes [48, B8, F9, 24, A4, 75] .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[2572] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx + 8 0000000077b1e438 4 bytes [00, 00, 50, C3] .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[2572] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077b1e7a0 6 bytes [48, B8, 39, C4, A4, 75] .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[2572] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver + 8 0000000077b1e7a8 4 bytes [00, 00, 50, C3] .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[2572] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcessToken 0000000077b1e970 6 bytes [48, B8, 39, 03, A5, 75] .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[2572] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcessToken + 8 0000000077b1e978 4 bytes [00, 00, 50, C3] .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[2572] C:\Windows\SYSTEM32\ntdll.dll!NtRaiseHardError 0000000077b1ece0 6 bytes [48, B8, 79, 83, A4, 75] .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[2572] C:\Windows\SYSTEM32\ntdll.dll!NtRaiseHardError + 8 0000000077b1ece8 4 bytes [00, 00, 50, C3] .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[2572] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077b1eee0 6 bytes [48, B8, 39, 31, A4, 75] .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[2572] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread + 8 0000000077b1eee8 4 bytes [00, 00, 50, C3] .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[2572] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077b1f0a0 6 bytes [48, B8, F9, C5, A4, 75] .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[2572] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation + 8 0000000077b1f0a8 4 bytes [00, 00, 50, C3] .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[2572] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077b1f180 6 bytes [48, B8, 79, 3D, A4, 75] .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[2572] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess + 8 0000000077b1f188 4 bytes [00, 00, 50, C3] .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[2572] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077b1f190 6 bytes [48, B8, B9, 3B, A4, 75] .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[2572] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread + 8 0000000077b1f198 4 bytes [00, 00, 50, C3] .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[2572] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077b1f280 6 bytes [48, B8, F9, 0B, A5, 75] .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[2572] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl + 8 0000000077b1f288 4 bytes [00, 00, 50, C3] .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[2572] C:\Windows\SYSTEM32\ntdll.dll!RtlReportException + 1 0000000077b8f0c1 11 bytes [B8, 39, 85, A4, 75, 00, 00, ...] .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[2572] C:\Windows\system32\kernel32.dll!Process32NextW + 1 00000000779b1b21 11 bytes [B8, B9, C0, A4, 75, 00, 00, ...] .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[2572] C:\Windows\system32\kernel32.dll!CreateToolhelp32Snapshot 00000000779b1c10 12 bytes [48, B8, F9, 39, A4, 75, 00, ...] .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[2572] C:\Windows\system32\kernel32.dll!MoveFileExW + 1 00000000779b2b61 8 bytes [B8, B9, D5, A4, 75, 00, 00, ...] .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[2572] C:\Windows\system32\kernel32.dll!MoveFileExW + 10 00000000779b2b6a 2 bytes [50, C3] .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[2572] C:\Windows\system32\kernel32.dll!CreateProcessInternalW 00000000779cdb10 12 bytes [48, B8, B9, 2D, A4, 75, 00, ...] .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[2572] C:\Windows\system32\kernel32.dll!GetStartupInfoA + 1 00000000779d0951 11 bytes [B8, 39, 0A, A5, 75, 00, 00, ...] .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[2572] C:\Windows\system32\kernel32.dll!ReadConsoleInputW + 1 0000000077a052c1 11 bytes [B8, B9, 7A, A4, 75, 00, 00, ...] .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[2572] C:\Windows\system32\kernel32.dll!ReadConsoleInputA + 1 0000000077a052e1 11 bytes [B8, 39, 77, A4, 75, 00, 00, ...] .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[2572] C:\Windows\system32\kernel32.dll!ReadConsoleW 0000000077a1a630 12 bytes [48, B8, B9, 81, A4, 75, 00, ...] .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[2572] C:\Windows\system32\kernel32.dll!ReadConsoleA 0000000077a1a740 12 bytes [48, B8, 39, 7E, A4, 75, 00, ...] .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[2572] C:\Windows\system32\kernel32.dll!MoveFileWithProgressW + 1 0000000077a3f4e1 11 bytes [B8, B9, DC, A4, 75, 00, 00, ...] .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[2572] C:\Windows\system32\kernel32.dll!MoveFileWithProgressA + 1 0000000077a3f6e1 11 bytes [B8, 39, D9, A4, 75, 00, 00, ...] .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[2572] C:\Windows\system32\kernel32.dll!MoveFileExA + 1 0000000077a3f711 8 bytes [B8, 39, D2, A4, 75, 00, 00, ...] .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[2572] C:\Windows\system32\kernel32.dll!MoveFileExA + 10 0000000077a3f71a 2 bytes [50, C3] .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[2572] C:\Windows\system32\KERNELBASE.dll!CloseHandle + 1 000007fefd951861 11 bytes [B8, 79, 52, A4, 75, 00, 00, ...] .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[2572] C:\Windows\system32\KERNELBASE.dll!GetProcAddress + 1 000007fefd9530f1 11 bytes [B8, 39, B6, A4, 75, 00, 00, ...] .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[2572] C:\Windows\system32\KERNELBASE.dll!FindFirstFileExW 000007fefd954a20 12 bytes [48, B8, B9, E3, A4, 75, 00, ...] .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[2572] C:\Windows\system32\KERNELBASE.dll!FindNextFileW + 1 000007fefd955501 11 bytes [B8, 79, E5, A4, 75, 00, 00, ...] .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[2572] C:\Windows\system32\KERNELBASE.dll!CreateMutexW 000007fefd9585b0 12 bytes [48, B8, B9, 50, A4, 75, 00, ...] .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[2572] C:\Windows\system32\KERNELBASE.dll!DeviceIoControl + 1 000007fefd9590a1 11 bytes [B8, F9, E1, A4, 75, 00, 00, ...] .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[2572] C:\Windows\system32\KERNELBASE.dll!CreateWellKnownSid + 1 000007fefd95a881 11 bytes [B8, 79, 01, A5, 75, 00, 00, ...] .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[2572] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd95ac50 12 bytes [48, B8, B9, B2, A4, 75, 00, ...] .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[2572] C:\Windows\system32\KERNELBASE.dll!FreeLibrary + 1 000007fefd95b2c1 11 bytes [B8, 79, B4, A4, 75, 00, 00, ...] .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[2572] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExA + 1 000007fefd95cec1 11 bytes [B8, F9, B0, A4, 75, 00, 00, ...] .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[2572] C:\Windows\system32\KERNELBASE.dll!OpenMutexW + 1 000007fefd963c71 11 bytes [B8, F9, 4E, A4, 75, 00, 00, ...] .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[2572] C:\Windows\system32\KERNELBASE.dll!WriteProcessMemory 000007fefd984300 12 bytes [48, B8, B9, 42, A4, 75, 00, ...] .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[2572] C:\Windows\system32\KERNELBASE.dll!DefineDosDeviceW + 1 000007fefd990bc1 11 bytes [B8, B9, CE, A4, 75, 00, 00, ...] .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[2572] C:\Windows\system32\KERNELBASE.dll!CreateRemoteThread + 1 000007fefd992821 8 bytes [B8, 39, 23, A4, 75, 00, 00, ...] .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[2572] C:\Windows\system32\KERNELBASE.dll!CreateRemoteThread + 10 000007fefd99282a 2 bytes [50, C3] .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[2572] C:\Windows\system32\KERNELBASE.dll!CreateThread + 1 000007fefd992861 11 bytes [B8, F9, 40, A4, 75, 00, 00, ...] .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[2572] C:\Windows\system32\WS2_32.dll!WSASend + 1 000007feff9613b1 11 bytes [B8, B9, AB, A4, 75, 00, 00, ...] .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[2572] C:\Windows\system32\WS2_32.dll!closesocket 000007feff9618e0 12 bytes [48, B8, F9, A9, A4, 75, 00, ...] .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[2572] C:\Windows\system32\WS2_32.dll!WSASocketW + 1 000007feff961bd1 11 bytes [B8, 39, A8, A4, 75, 00, 00, ...] .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[2572] C:\Windows\system32\WS2_32.dll!WSARecv + 1 000007feff962201 11 bytes [B8, 39, F5, A4, 75, 00, 00, ...] .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[2572] C:\Windows\system32\WS2_32.dll!GetAddrInfoW 000007feff9623c0 12 bytes [48, B8, 39, 8C, A4, 75, 00, ...] .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[2572] C:\Windows\system32\WS2_32.dll!connect 000007feff9645c0 12 bytes [48, B8, 79, 67, A4, 75, 00, ...] .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[2572] C:\Windows\system32\WS2_32.dll!send + 1 000007feff968001 11 bytes [B8, 79, A6, A4, 75, 00, 00, ...] .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[2572] C:\Windows\system32\WS2_32.dll!gethostbyname 000007feff968df0 7 bytes [48, B8, B9, 8F, A4, 75, 00] .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[2572] C:\Windows\system32\WS2_32.dll!gethostbyname + 9 000007feff968df9 3 bytes [00, 50, C3] .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[2572] C:\Windows\system32\WS2_32.dll!GetAddrInfoExW 000007feff96c090 12 bytes [48, B8, F9, 8D, A4, 75, 00, ...] .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[2572] C:\Windows\system32\WS2_32.dll!socket + 1 000007feff96de91 11 bytes [B8, 39, EE, A4, 75, 00, 00, ...] .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[2572] C:\Windows\system32\WS2_32.dll!recv + 1 000007feff96df41 11 bytes [B8, 79, F3, A4, 75, 00, 00, ...] .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[2572] C:\Windows\system32\WS2_32.dll!WSAConnect + 1 000007feff98e0f1 11 bytes [B8, B9, F1, A4, 75, 00, 00, ...] .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[2572] C:\Windows\system32\GDI32.dll!GdiDllInitialize + 349 000007feff8fb031 11 bytes [B8, F9, 12, A5, 75, 00, 00, ...] .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[2572] C:\Windows\system32\GDI32.dll!NamedEscape + 1 000007feff929209 11 bytes [B8, F9, F6, A4, 75, 00, 00, ...] .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[2572] C:\Windows\SYSTEM32\sechost.dll!ControlService + 1 000007fefe88642d 11 bytes [B8, 39, 5B, A4, 75, 00, 00, ...] .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[2572] C:\Windows\SYSTEM32\sechost.dll!OpenServiceW 000007fefe886484 12 bytes [48, B8, F9, 55, A4, 75, 00, ...] .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[2572] C:\Windows\SYSTEM32\sechost.dll!CloseServiceHandle + 1 000007fefe886519 11 bytes [B8, 39, 62, A4, 75, 00, 00, ...] .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[2572] C:\Windows\SYSTEM32\sechost.dll!OpenServiceA 000007fefe886c34 12 bytes [48, B8, 39, 54, A4, 75, 00, ...] .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[2572] C:\Windows\SYSTEM32\sechost.dll!DeleteService + 1 000007fefe887ab5 11 bytes [B8, F9, 5C, A4, 75, 00, 00, ...] .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[2572] C:\Windows\SYSTEM32\sechost.dll!ControlServiceExA + 1 000007fefe888b01 11 bytes [B8, B9, 57, A4, 75, 00, 00, ...] .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[2572] C:\Windows\SYSTEM32\sechost.dll!ControlServiceExW + 1 000007fefe888c39 11 bytes [B8, 79, 59, A4, 75, 00, 00, ...] .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[2572] C:\Windows\system32\ADVAPI32.dll!CryptExportKey + 1 000007fefe00ae81 11 bytes [B8, 79, FA, A4, 75, 00, 00, ...] .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[2572] C:\Windows\system32\ADVAPI32.dll!CryptAcquireContextA + 1 000007fefe00aee1 11 bytes [B8, 39, E7, A4, 75, 00, 00, ...] .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[2572] C:\Windows\system32\ADVAPI32.dll!CryptImportKey + 1 000007fefe00e6e9 11 bytes [B8, B9, FF, A4, 75, 00, 00, ...] .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[2572] C:\Windows\system32\ADVAPI32.dll!CryptAcquireContextW + 1 000007fefe01048d 11 bytes [B8, F9, E8, A4, 75, 00, 00, ...] .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[2572] C:\Windows\system32\ADVAPI32.dll!CryptCreateHash + 1 000007fefe010579 11 bytes [B8, B9, F8, A4, 75, 00, 00, ...] .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[2572] C:\Windows\system32\ADVAPI32.dll!CryptGetHashParam + 1 000007fefe0105b1 11 bytes [B8, 39, FC, A4, 75, 00, 00, ...] .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[2572] C:\Windows\system32\ADVAPI32.dll!CryptGetHashParam + 73 000007fefe0105f9 5 bytes [B8, F9, FD, A4, 75] .text ... * 2 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[2572] C:\Windows\system32\ADVAPI32.dll!IsTextUnicode + 49 000007fefe024e21 11 bytes [B8, 39, 18, A5, 75, 00, 00, ...] .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[2572] C:\Windows\system32\ADVAPI32.dll!CreateServiceW 000007fefe025538 12 bytes [48, B8, B9, 6C, A4, 75, 00, ...] .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[2572] C:\Windows\system32\ADVAPI32.dll!CryptEncrypt + 1 000007fefe03b9c1 7 bytes [B8, 79, EC, A4, 75, 00, 00] .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[2572] C:\Windows\system32\ADVAPI32.dll!CryptEncrypt + 10 000007fefe03b9ca 2 bytes [50, C3] .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[2572] C:\Windows\system32\ADVAPI32.dll!CreateServiceA 000007fefe03ba4c 12 bytes [48, B8, F9, 6A, A4, 75, 00, ...] .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[2572] C:\Windows\system32\ADVAPI32.dll!ChangeServiceConfigW 000007fefe03bbc0 12 bytes [48, B8, 79, 60, A4, 75, 00, ...] .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[2572] C:\Windows\system32\ADVAPI32.dll!ChangeServiceConfigA 000007fefe03bc2c 12 bytes [48, B8, B9, 5E, A4, 75, 00, ...] .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[2572] C:\Windows\system32\DNSAPI.dll!DnsQuery_UTF8 000007fefcea56e0 12 bytes [48, B8, 39, CB, A4, 75, 00, ...] .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[2572] C:\Windows\system32\DNSAPI.dll!DnsQuery_W 000007fefceb010c 12 bytes [48, B8, 79, C9, A4, 75, 00, ...] .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[2572] C:\Windows\system32\DNSAPI.dll!DnsQuery_A 000007fefcecdaa0 12 bytes [48, B8, B9, C7, A4, 75, 00, ...] .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[2572] C:\Windows\system32\WINHTTP.dll!WinHttpCloseHandle 000007fefc1b22e0 12 bytes [48, B8, F9, A2, A4, 75, 00, ...] .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[2572] C:\Windows\system32\WINHTTP.dll!WinHttpOpenRequest 000007fefc1b45f8 12 bytes [48, B8, 39, A1, A4, 75, 00, ...] .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[2572] C:\Windows\system32\WINHTTP.dll!WinHttpConnect 000007fefc1c3e3c 12 bytes [48, B8, B9, A4, A4, 75, 00, ...] .text C:\Windows\system32\svchost.exe[2804] C:\Windows\system32\kernel32.dll!Process32NextW + 1 00000000779b1b21 11 bytes [B8, B9, C0, A4, 75, 00, 00, ...] .text C:\Windows\system32\svchost.exe[2804] C:\Windows\system32\kernel32.dll!CreateToolhelp32Snapshot 00000000779b1c10 12 bytes [48, B8, F9, 39, A4, 75, 00, ...] .text C:\Windows\system32\svchost.exe[2804] C:\Windows\system32\kernel32.dll!MoveFileExW + 1 00000000779b2b61 8 bytes [B8, B9, D5, A4, 75, 00, 00, ...] .text C:\Windows\system32\svchost.exe[2804] C:\Windows\system32\kernel32.dll!MoveFileExW + 10 00000000779b2b6a 2 bytes [50, C3] .text C:\Windows\system32\svchost.exe[2804] C:\Windows\system32\kernel32.dll!CreateProcessInternalW 00000000779cdb10 12 bytes [48, B8, B9, 2D, A4, 75, 00, ...] .text C:\Windows\system32\svchost.exe[2804] C:\Windows\system32\kernel32.dll!GetStartupInfoA + 1 00000000779d0951 11 bytes [B8, 79, 08, A5, 75, 00, 00, ...] .text C:\Windows\system32\svchost.exe[2804] C:\Windows\system32\kernel32.dll!ReadConsoleInputW + 1 0000000077a052c1 11 bytes [B8, B9, 7A, A4, 75, 00, 00, ...] .text C:\Windows\system32\svchost.exe[2804] C:\Windows\system32\kernel32.dll!ReadConsoleInputA + 1 0000000077a052e1 11 bytes [B8, 39, 77, A4, 75, 00, 00, ...] .text C:\Windows\system32\svchost.exe[2804] C:\Windows\system32\kernel32.dll!ReadConsoleW 0000000077a1a630 12 bytes [48, B8, B9, 81, A4, 75, 00, ...] .text C:\Windows\system32\svchost.exe[2804] C:\Windows\system32\kernel32.dll!ReadConsoleA 0000000077a1a740 12 bytes [48, B8, 39, 7E, A4, 75, 00, ...] .text C:\Windows\system32\svchost.exe[2804] C:\Windows\system32\kernel32.dll!MoveFileWithProgressW + 1 0000000077a3f4e1 11 bytes [B8, B9, DC, A4, 75, 00, 00, ...] .text C:\Windows\system32\svchost.exe[2804] C:\Windows\system32\kernel32.dll!MoveFileWithProgressA + 1 0000000077a3f6e1 11 bytes [B8, 39, D9, A4, 75, 00, 00, ...] .text C:\Windows\system32\svchost.exe[2804] C:\Windows\system32\kernel32.dll!MoveFileExA + 1 0000000077a3f711 8 bytes [B8, 39, D2, A4, 75, 00, 00, ...] .text C:\Windows\system32\svchost.exe[2804] C:\Windows\system32\kernel32.dll!MoveFileExA + 10 0000000077a3f71a 2 bytes [50, C3] .text C:\Windows\system32\svchost.exe[2804] C:\Windows\system32\KERNELBASE.dll!CloseHandle + 1 000007fefd951861 11 bytes [B8, 79, 52, A4, 75, 00, 00, ...] .text C:\Windows\system32\svchost.exe[2804] C:\Windows\system32\KERNELBASE.dll!GetProcAddress + 1 000007fefd9530f1 11 bytes [B8, 39, B6, A4, 75, 00, 00, ...] .text C:\Windows\system32\svchost.exe[2804] C:\Windows\system32\KERNELBASE.dll!FindFirstFileExW 000007fefd954a20 12 bytes [48, B8, F9, E1, A4, 75, 00, ...] .text C:\Windows\system32\svchost.exe[2804] C:\Windows\system32\KERNELBASE.dll!FindNextFileW + 1 000007fefd955501 11 bytes [B8, B9, E3, A4, 75, 00, 00, ...] .text C:\Windows\system32\svchost.exe[2804] C:\Windows\system32\KERNELBASE.dll!CreateMutexW 000007fefd9585b0 12 bytes [48, B8, B9, 50, A4, 75, 00, ...] .text C:\Windows\system32\svchost.exe[2804] C:\Windows\system32\KERNELBASE.dll!DeviceIoControl + 1 000007fefd9590a1 11 bytes [B8, 39, E0, A4, 75, 00, 00, ...] .text C:\Windows\system32\svchost.exe[2804] C:\Windows\system32\KERNELBASE.dll!CreateWellKnownSid + 1 000007fefd95a881 11 bytes [B8, B9, FF, A4, 75, 00, 00, ...] .text C:\Windows\system32\svchost.exe[2804] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd95ac50 12 bytes [48, B8, B9, B2, A4, 75, 00, ...] .text C:\Windows\system32\svchost.exe[2804] C:\Windows\system32\KERNELBASE.dll!FreeLibrary + 1 000007fefd95b2c1 11 bytes [B8, 79, B4, A4, 75, 00, 00, ...] .text C:\Windows\system32\svchost.exe[2804] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExA + 1 000007fefd95cec1 11 bytes [B8, F9, B0, A4, 75, 00, 00, ...] .text C:\Windows\system32\svchost.exe[2804] C:\Windows\system32\KERNELBASE.dll!OpenMutexW + 1 000007fefd963c71 11 bytes [B8, F9, 4E, A4, 75, 00, 00, ...] .text C:\Windows\system32\svchost.exe[2804] C:\Windows\system32\KERNELBASE.dll!WriteProcessMemory 000007fefd984300 12 bytes [48, B8, B9, 42, A4, 75, 00, ...] .text C:\Windows\system32\svchost.exe[2804] C:\Windows\system32\KERNELBASE.dll!DefineDosDeviceW + 1 000007fefd990bc1 11 bytes [B8, B9, CE, A4, 75, 00, 00, ...] .text C:\Windows\system32\svchost.exe[2804] C:\Windows\system32\KERNELBASE.dll!CreateRemoteThread + 1 000007fefd992821 8 bytes [B8, 39, 23, A4, 75, 00, 00, ...] .text C:\Windows\system32\svchost.exe[2804] C:\Windows\system32\KERNELBASE.dll!CreateRemoteThread + 10 000007fefd99282a 2 bytes [50, C3] .text C:\Windows\system32\svchost.exe[2804] C:\Windows\system32\KERNELBASE.dll!CreateThread + 1 000007fefd992861 11 bytes [B8, F9, 40, A4, 75, 00, 00, ...] .text C:\Windows\system32\svchost.exe[2804] C:\Windows\SYSTEM32\sechost.dll!ControlService + 1 000007fefe88642d 11 bytes [B8, 39, 5B, A4, 75, 00, 00, ...] .text C:\Windows\system32\svchost.exe[2804] C:\Windows\SYSTEM32\sechost.dll!OpenServiceW 000007fefe886484 12 bytes [48, B8, F9, 55, A4, 75, 00, ...] .text C:\Windows\system32\svchost.exe[2804] C:\Windows\SYSTEM32\sechost.dll!CloseServiceHandle + 1 000007fefe886519 11 bytes [B8, 39, 62, A4, 75, 00, 00, ...] .text C:\Windows\system32\svchost.exe[2804] C:\Windows\SYSTEM32\sechost.dll!OpenServiceA 000007fefe886c34 12 bytes [48, B8, 39, 54, A4, 75, 00, ...] .text C:\Windows\system32\svchost.exe[2804] C:\Windows\SYSTEM32\sechost.dll!DeleteService + 1 000007fefe887ab5 11 bytes [B8, F9, 5C, A4, 75, 00, 00, ...] .text C:\Windows\system32\svchost.exe[2804] C:\Windows\SYSTEM32\sechost.dll!ControlServiceExA + 1 000007fefe888b01 11 bytes [B8, B9, 57, A4, 75, 00, 00, ...] .text C:\Windows\system32\svchost.exe[2804] C:\Windows\SYSTEM32\sechost.dll!ControlServiceExW + 1 000007fefe888c39 11 bytes [B8, 79, 59, A4, 75, 00, 00, ...] .text C:\Windows\system32\svchost.exe[2804] C:\Windows\system32\GDI32.dll!GdiDllInitialize + 349 000007feff8fb031 11 bytes [B8, 39, 0A, A5, 75, 00, 00, ...] .text C:\Windows\system32\svchost.exe[2804] C:\Windows\system32\GDI32.dll!NamedEscape + 1 000007feff929209 11 bytes [B8, 39, F5, A4, 75, 00, 00, ...] .text C:\Windows\system32\svchost.exe[2804] C:\Windows\system32\ADVAPI32.dll!CryptExportKey + 1 000007fefe00ae81 11 bytes [B8, B9, F8, A4, 75, 00, 00, ...] .text C:\Windows\system32\svchost.exe[2804] C:\Windows\system32\ADVAPI32.dll!CryptAcquireContextA + 1 000007fefe00aee1 11 bytes [B8, 79, E5, A4, 75, 00, 00, ...] .text C:\Windows\system32\svchost.exe[2804] C:\Windows\system32\ADVAPI32.dll!CryptImportKey + 1 000007fefe00e6e9 11 bytes [B8, F9, FD, A4, 75, 00, 00, ...] .text C:\Windows\system32\svchost.exe[2804] C:\Windows\system32\ADVAPI32.dll!CryptAcquireContextW + 1 000007fefe01048d 11 bytes [B8, 39, E7, A4, 75, 00, 00, ...] .text C:\Windows\system32\svchost.exe[2804] C:\Windows\system32\ADVAPI32.dll!CryptCreateHash + 1 000007fefe010579 11 bytes [B8, F9, F6, A4, 75, 00, 00, ...] .text C:\Windows\system32\svchost.exe[2804] C:\Windows\system32\ADVAPI32.dll!CryptGetHashParam + 1 000007fefe0105b1 11 bytes [B8, 79, FA, A4, 75, 00, 00, ...] .text C:\Windows\system32\svchost.exe[2804] C:\Windows\system32\ADVAPI32.dll!CryptGetHashParam + 73 000007fefe0105f9 5 bytes [B8, 39, FC, A4, 75] .text ... * 2 .text C:\Windows\system32\svchost.exe[2804] C:\Windows\system32\ADVAPI32.dll!IsTextUnicode + 49 000007fefe024e21 11 bytes [B8, B9, 0D, A5, 75, 00, 00, ...] .text C:\Windows\system32\svchost.exe[2804] C:\Windows\system32\ADVAPI32.dll!CreateServiceW 000007fefe025538 12 bytes [48, B8, B9, 6C, A4, 75, 00, ...] .text C:\Windows\system32\svchost.exe[2804] C:\Windows\system32\ADVAPI32.dll!CryptEncrypt + 1 000007fefe03b9c1 7 bytes [B8, B9, EA, A4, 75, 00, 00] .text C:\Windows\system32\svchost.exe[2804] C:\Windows\system32\ADVAPI32.dll!CryptEncrypt + 10 000007fefe03b9ca 2 bytes [50, C3] .text C:\Windows\system32\svchost.exe[2804] C:\Windows\system32\ADVAPI32.dll!CreateServiceA 000007fefe03ba4c 12 bytes [48, B8, F9, 6A, A4, 75, 00, ...] .text C:\Windows\system32\svchost.exe[2804] C:\Windows\system32\ADVAPI32.dll!ChangeServiceConfigW 000007fefe03bbc0 12 bytes [48, B8, 79, 60, A4, 75, 00, ...] .text C:\Windows\system32\svchost.exe[2804] C:\Windows\system32\ADVAPI32.dll!ChangeServiceConfigA 000007fefe03bc2c 12 bytes [48, B8, B9, 5E, A4, 75, 00, ...] .text C:\Windows\system32\svchost.exe[2804] C:\Windows\system32\WS2_32.dll!WSASend + 1 000007feff9613b1 11 bytes [B8, B9, AB, A4, 75, 00, 00, ...] .text C:\Windows\system32\svchost.exe[2804] C:\Windows\system32\WS2_32.dll!closesocket 000007feff9618e0 12 bytes [48, B8, F9, A9, A4, 75, 00, ...] .text C:\Windows\system32\svchost.exe[2804] C:\Windows\system32\WS2_32.dll!WSASocketW + 1 000007feff961bd1 11 bytes [B8, 39, A8, A4, 75, 00, 00, ...] .text C:\Windows\system32\svchost.exe[2804] C:\Windows\system32\WS2_32.dll!WSARecv + 1 000007feff962201 11 bytes [B8, 79, F3, A4, 75, 00, 00, ...] .text C:\Windows\system32\svchost.exe[2804] C:\Windows\system32\WS2_32.dll!GetAddrInfoW 000007feff9623c0 12 bytes [48, B8, 39, 8C, A4, 75, 00, ...] .text C:\Windows\system32\svchost.exe[2804] C:\Windows\system32\WS2_32.dll!connect 000007feff9645c0 12 bytes [48, B8, 79, 67, A4, 75, 00, ...] .text C:\Windows\system32\svchost.exe[2804] C:\Windows\system32\WS2_32.dll!send + 1 000007feff968001 11 bytes [B8, 79, A6, A4, 75, 00, 00, ...] .text C:\Windows\system32\svchost.exe[2804] C:\Windows\system32\WS2_32.dll!gethostbyname 000007feff968df0 7 bytes [48, B8, B9, 8F, A4, 75, 00] .text C:\Windows\system32\svchost.exe[2804] C:\Windows\system32\WS2_32.dll!gethostbyname + 9 000007feff968df9 3 bytes [00, 50, C3] .text C:\Windows\system32\svchost.exe[2804] C:\Windows\system32\WS2_32.dll!GetAddrInfoExW 000007feff96c090 12 bytes [48, B8, F9, 8D, A4, 75, 00, ...] .text C:\Windows\system32\svchost.exe[2804] C:\Windows\system32\WS2_32.dll!socket + 1 000007feff96de91 11 bytes [B8, 79, EC, A4, 75, 00, 00, ...] .text C:\Windows\system32\svchost.exe[2804] C:\Windows\system32\WS2_32.dll!recv + 1 000007feff96df41 11 bytes [B8, B9, F1, A4, 75, 00, 00, ...] .text C:\Windows\system32\svchost.exe[2804] C:\Windows\system32\WS2_32.dll!WSAConnect + 1 000007feff98e0f1 11 bytes [B8, F9, EF, A4, 75, 00, 00, ...] .text C:\Windows\System32\rundll32.exe[3240] C:\Windows\SYSTEM32\ntdll.dll!RtlEqualSid + 1 0000000077af85e1 11 bytes [B8, B9, 06, A5, 75, 00, 00, ...] .text C:\Windows\System32\rundll32.exe[3240] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateProcessParametersEx + 1 0000000077b06921 7 bytes [B8, F9, 6A, A4, 75, 00, 00] .text C:\Windows\System32\rundll32.exe[3240] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateProcessParametersEx + 10 0000000077b0692a 2 bytes [50, C3] .text C:\Windows\System32\rundll32.exe[3240] C:\Windows\SYSTEM32\ntdll.dll!NtClose 0000000077b1daa0 6 bytes [48, B8, 79, C2, A4, 75] .text C:\Windows\System32\rundll32.exe[3240] C:\Windows\SYSTEM32\ntdll.dll!NtClose + 8 0000000077b1daa8 4 bytes [00, 00, 50, C3] .text C:\Windows\System32\rundll32.exe[3240] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess 0000000077b1db70 6 bytes [48, B8, F9, B0, A4, 75] .text C:\Windows\System32\rundll32.exe[3240] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess + 8 0000000077b1db78 4 bytes [00, 00, 50, C3] .text C:\Windows\System32\rundll32.exe[3240] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationToken 0000000077b1dbc0 6 bytes [48, B8, F9, 04, A5, 75] .text C:\Windows\System32\rundll32.exe[3240] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationToken + 8 0000000077b1dbc8 4 bytes [00, 00, 50, C3] .text C:\Windows\System32\rundll32.exe[3240] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077b1dc10 6 bytes [48, B8, B9, 34, A4, 75] .text C:\Windows\System32\rundll32.exe[3240] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess + 8 0000000077b1dc18 4 bytes [00, 00, 50, C3] .text C:\Windows\System32\rundll32.exe[3240] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 0000000077b1dc30 6 bytes [48, B8, 39, 1C, A4, 75] .text C:\Windows\System32\rundll32.exe[3240] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection + 8 0000000077b1dc38 4 bytes [00, 00, 50, C3] .text C:\Windows\System32\rundll32.exe[3240] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection 0000000077b1dc50 6 bytes [48, B8, F9, 1D, A4, 75] .text C:\Windows\System32\rundll32.exe[3240] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection + 8 0000000077b1dc58 4 bytes [00, 00, 50, C3] .text C:\Windows\System32\rundll32.exe[3240] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077b1dc70 6 bytes [48, B8, 39, AF, A4, 75] .text C:\Windows\System32\rundll32.exe[3240] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess + 8 0000000077b1dc78 4 bytes [00, 00, 50, C3] .text C:\Windows\System32\rundll32.exe[3240] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077b1dd50 6 bytes [48, B8, 39, 31, A4, 75] .text C:\Windows\System32\rundll32.exe[3240] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory + 8 0000000077b1dd58 4 bytes [00, 00, 50, C3] .text C:\Windows\System32\rundll32.exe[3240] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077b1dd70 6 bytes [48, B8, 39, 38, A4, 75] .text C:\Windows\System32\rundll32.exe[3240] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject + 8 0000000077b1dd78 4 bytes [00, 00, 50, C3] .text C:\Windows\System32\rundll32.exe[3240] C:\Windows\SYSTEM32\ntdll.dll!NtAdjustPrivilegesToken 0000000077b1ddc0 6 bytes [48, B8, 79, DE, A4, 75] .text C:\Windows\System32\rundll32.exe[3240] C:\Windows\SYSTEM32\ntdll.dll!NtAdjustPrivilegesToken + 8 0000000077b1ddc8 4 bytes [00, 00, 50, C3] .text C:\Windows\System32\rundll32.exe[3240] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 0000000077b1de00 6 bytes [48, B8, 79, 36, A4, 75] .text C:\Windows\System32\rundll32.exe[3240] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread + 8 0000000077b1de08 4 bytes [00, 00, 50, C3] .text C:\Windows\System32\rundll32.exe[3240] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcessEx 0000000077b1de80 6 bytes [48, B8, F9, 2B, A4, 75] .text C:\Windows\System32\rundll32.exe[3240] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcessEx + 8 0000000077b1de88 4 bytes [00, 00, 50, C3] .text C:\Windows\System32\rundll32.exe[3240] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077b1de90 6 bytes [48, B8, 79, 28, A4, 75] .text C:\Windows\System32\rundll32.exe[3240] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread + 8 0000000077b1de98 4 bytes [00, 00, 50, C3] .text C:\Windows\System32\rundll32.exe[3240] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 0000000077b1df00 6 bytes [48, B8, 39, E0, A4, 75] .text C:\Windows\System32\rundll32.exe[3240] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile + 8 0000000077b1df08 4 bytes [00, 00, 50, C3] .text C:\Windows\System32\rundll32.exe[3240] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcess 0000000077b1e3d0 6 bytes [48, B8, 39, 2A, A4, 75] .text C:\Windows\System32\rundll32.exe[3240] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcess + 8 0000000077b1e3d8 4 bytes [00, 00, 50, C3] .text C:\Windows\System32\rundll32.exe[3240] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077b1e430 6 bytes [48, B8, B9, 26, A4, 75] .text C:\Windows\System32\rundll32.exe[3240] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx + 8 0000000077b1e438 4 bytes [00, 00, 50, C3] .text C:\Windows\System32\rundll32.exe[3240] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077b1e7a0 6 bytes [48, B8, 39, C4, A4, 75] .text C:\Windows\System32\rundll32.exe[3240] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver + 8 0000000077b1e7a8 4 bytes [00, 00, 50, C3] .text C:\Windows\System32\rundll32.exe[3240] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcessToken 0000000077b1e970 6 bytes [48, B8, 39, 03, A5, 75] .text C:\Windows\System32\rundll32.exe[3240] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcessToken + 8 0000000077b1e978 4 bytes [00, 00, 50, C3] .text C:\Windows\System32\rundll32.exe[3240] C:\Windows\SYSTEM32\ntdll.dll!NtRaiseHardError 0000000077b1ece0 6 bytes [48, B8, 39, 85, A4, 75] .text C:\Windows\System32\rundll32.exe[3240] C:\Windows\SYSTEM32\ntdll.dll!NtRaiseHardError + 8 0000000077b1ece8 4 bytes [00, 00, 50, C3] .text C:\Windows\System32\rundll32.exe[3240] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077b1eee0 6 bytes [48, B8, F9, 32, A4, 75] .text C:\Windows\System32\rundll32.exe[3240] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread + 8 0000000077b1eee8 4 bytes [00, 00, 50, C3] .text C:\Windows\System32\rundll32.exe[3240] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077b1f0a0 6 bytes [48, B8, F9, C5, A4, 75] .text C:\Windows\System32\rundll32.exe[3240] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation + 8 0000000077b1f0a8 4 bytes [00, 00, 50, C3] .text C:\Windows\System32\rundll32.exe[3240] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077b1f180 6 bytes [48, B8, 39, 3F, A4, 75] .text C:\Windows\System32\rundll32.exe[3240] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess + 8 0000000077b1f188 4 bytes [00, 00, 50, C3] .text C:\Windows\System32\rundll32.exe[3240] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077b1f190 6 bytes [48, B8, 79, 3D, A4, 75] .text C:\Windows\System32\rundll32.exe[3240] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread + 8 0000000077b1f198 4 bytes [00, 00, 50, C3] .text C:\Windows\System32\rundll32.exe[3240] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077b1f280 6 bytes [48, B8, F9, 0B, A5, 75] .text C:\Windows\System32\rundll32.exe[3240] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl + 8 0000000077b1f288 4 bytes [00, 00, 50, C3] .text C:\Windows\System32\rundll32.exe[3240] C:\Windows\SYSTEM32\ntdll.dll!RtlReportException + 1 0000000077b8f0c1 11 bytes [B8, F9, 86, A4, 75, 00, 00, ...] .text C:\Windows\System32\rundll32.exe[3240] C:\Windows\system32\kernel32.dll!Process32NextW + 1 00000000779b1b21 11 bytes [B8, B9, C0, A4, 75, 00, 00, ...] .text C:\Windows\System32\rundll32.exe[3240] C:\Windows\system32\kernel32.dll!CreateToolhelp32Snapshot 00000000779b1c10 12 bytes [48, B8, B9, 3B, A4, 75, 00, ...] .text C:\Windows\System32\rundll32.exe[3240] C:\Windows\system32\kernel32.dll!MoveFileExW + 1 00000000779b2b61 8 bytes [B8, B9, D5, A4, 75, 00, 00, ...] .text C:\Windows\System32\rundll32.exe[3240] C:\Windows\system32\kernel32.dll!MoveFileExW + 10 00000000779b2b6a 2 bytes [50, C3] .text C:\Windows\System32\rundll32.exe[3240] C:\Windows\system32\kernel32.dll!CreateProcessInternalW 00000000779cdb10 12 bytes [48, B8, 79, 2F, A4, 75, 00, ...] .text C:\Windows\System32\rundll32.exe[3240] C:\Windows\system32\kernel32.dll!GetStartupInfoA + 1 00000000779d0951 11 bytes [B8, 39, 0A, A5, 75, 00, 00, ...] .text C:\Windows\System32\rundll32.exe[3240] C:\Windows\system32\kernel32.dll!ReadConsoleInputW + 1 0000000077a052c1 11 bytes [B8, 79, 7C, A4, 75, 00, 00, ...] .text C:\Windows\System32\rundll32.exe[3240] C:\Windows\system32\kernel32.dll!ReadConsoleInputA + 1 0000000077a052e1 11 bytes [B8, F9, 78, A4, 75, 00, 00, ...] .text C:\Windows\System32\rundll32.exe[3240] C:\Windows\system32\kernel32.dll!ReadConsoleW 0000000077a1a630 12 bytes [48, B8, 79, 83, A4, 75, 00, ...] .text C:\Windows\System32\rundll32.exe[3240] C:\Windows\system32\kernel32.dll!ReadConsoleA 0000000077a1a740 12 bytes [48, B8, F9, 7F, A4, 75, 00, ...] .text C:\Windows\System32\rundll32.exe[3240] C:\Windows\system32\kernel32.dll!MoveFileWithProgressW + 1 0000000077a3f4e1 11 bytes [B8, B9, DC, A4, 75, 00, 00, ...] .text C:\Windows\System32\rundll32.exe[3240] C:\Windows\system32\kernel32.dll!MoveFileWithProgressA + 1 0000000077a3f6e1 11 bytes [B8, 39, D9, A4, 75, 00, 00, ...] .text C:\Windows\System32\rundll32.exe[3240] C:\Windows\system32\kernel32.dll!MoveFileExA + 1 0000000077a3f711 8 bytes [B8, 39, D2, A4, 75, 00, 00, ...] .text C:\Windows\System32\rundll32.exe[3240] C:\Windows\system32\kernel32.dll!MoveFileExA + 10 0000000077a3f71a 2 bytes [50, C3] .text C:\Windows\System32\rundll32.exe[3240] C:\Windows\system32\KERNELBASE.dll!CloseHandle + 1 000007fefd951861 11 bytes [B8, 39, 54, A4, 75, 00, 00, ...] .text C:\Windows\System32\rundll32.exe[3240] C:\Windows\system32\KERNELBASE.dll!GetProcAddress + 1 000007fefd9530f1 11 bytes [B8, 39, B6, A4, 75, 00, 00, ...] .text C:\Windows\System32\rundll32.exe[3240] C:\Windows\system32\KERNELBASE.dll!FindFirstFileExW 000007fefd954a20 12 bytes [48, B8, B9, E3, A4, 75, 00, ...] .text C:\Windows\System32\rundll32.exe[3240] C:\Windows\system32\KERNELBASE.dll!FindNextFileW + 1 000007fefd955501 11 bytes [B8, 79, E5, A4, 75, 00, 00, ...] .text C:\Windows\System32\rundll32.exe[3240] C:\Windows\system32\KERNELBASE.dll!CreateMutexW 000007fefd9585b0 12 bytes [48, B8, 79, 52, A4, 75, 00, ...] .text C:\Windows\System32\rundll32.exe[3240] C:\Windows\system32\KERNELBASE.dll!DeviceIoControl + 1 000007fefd9590a1 11 bytes [B8, F9, E1, A4, 75, 00, 00, ...] .text C:\Windows\System32\rundll32.exe[3240] C:\Windows\system32\KERNELBASE.dll!CreateWellKnownSid + 1 000007fefd95a881 11 bytes [B8, 79, 01, A5, 75, 00, 00, ...] .text C:\Windows\System32\rundll32.exe[3240] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd95ac50 12 bytes [48, B8, B9, 1F, A4, 75, 00, ...] .text C:\Windows\System32\rundll32.exe[3240] C:\Windows\system32\KERNELBASE.dll!FreeLibrary + 1 000007fefd95b2c1 11 bytes [B8, 79, B4, A4, 75, 00, 00, ...] .text C:\Windows\System32\rundll32.exe[3240] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExA + 1 000007fefd95cec1 11 bytes [B8, B9, B2, A4, 75, 00, 00, ...] .text C:\Windows\System32\rundll32.exe[3240] C:\Windows\system32\KERNELBASE.dll!OpenMutexW + 1 000007fefd963c71 11 bytes [B8, B9, 50, A4, 75, 00, 00, ...] .text C:\Windows\System32\rundll32.exe[3240] C:\Windows\system32\KERNELBASE.dll!WriteProcessMemory 000007fefd984300 12 bytes [48, B8, 79, 44, A4, 75, 00, ...] .text C:\Windows\System32\rundll32.exe[3240] C:\Windows\system32\KERNELBASE.dll!DefineDosDeviceW + 1 000007fefd990bc1 11 bytes [B8, B9, CE, A4, 75, 00, 00, ...] .text C:\Windows\System32\rundll32.exe[3240] C:\Windows\system32\KERNELBASE.dll!CreateRemoteThread + 1 000007fefd992821 8 bytes [B8, F9, 24, A4, 75, 00, 00, ...] .text C:\Windows\System32\rundll32.exe[3240] C:\Windows\system32\KERNELBASE.dll!CreateRemoteThread + 10 000007fefd99282a 2 bytes [50, C3] .text C:\Windows\System32\rundll32.exe[3240] C:\Windows\system32\KERNELBASE.dll!CreateThread + 1 000007fefd992861 11 bytes [B8, B9, 42, A4, 75, 00, 00, ...] .text C:\Windows\System32\rundll32.exe[3240] C:\Windows\system32\GDI32.dll!GdiDllInitialize + 349 000007feff8fb031 11 bytes [B8, F9, 12, A5, 75, 00, 00, ...] .text C:\Windows\System32\rundll32.exe[3240] C:\Windows\system32\GDI32.dll!NamedEscape + 1 000007feff929209 11 bytes [B8, F9, F6, A4, 75, 00, 00, ...] .text C:\Windows\System32\rundll32.exe[3240] C:\Windows\system32\ADVAPI32.dll!CryptExportKey + 1 000007fefe00ae81 11 bytes [B8, 79, FA, A4, 75, 00, 00, ...] .text C:\Windows\System32\rundll32.exe[3240] C:\Windows\system32\ADVAPI32.dll!CryptAcquireContextA + 1 000007fefe00aee1 11 bytes [B8, 39, E7, A4, 75, 00, 00, ...] .text C:\Windows\System32\rundll32.exe[3240] C:\Windows\system32\ADVAPI32.dll!CryptImportKey + 1 000007fefe00e6e9 11 bytes [B8, B9, FF, A4, 75, 00, 00, ...] .text C:\Windows\System32\rundll32.exe[3240] C:\Windows\system32\ADVAPI32.dll!CryptAcquireContextW + 1 000007fefe01048d 11 bytes [B8, F9, E8, A4, 75, 00, 00, ...] .text C:\Windows\System32\rundll32.exe[3240] C:\Windows\system32\ADVAPI32.dll!CryptCreateHash + 1 000007fefe010579 11 bytes [B8, B9, F8, A4, 75, 00, 00, ...] .text C:\Windows\System32\rundll32.exe[3240] C:\Windows\system32\ADVAPI32.dll!CryptGetHashParam + 1 000007fefe0105b1 11 bytes [B8, 39, FC, A4, 75, 00, 00, ...] .text C:\Windows\System32\rundll32.exe[3240] C:\Windows\system32\ADVAPI32.dll!CryptGetHashParam + 73 000007fefe0105f9 5 bytes [B8, F9, FD, A4, 75] .text ... * 2 .text C:\Windows\System32\rundll32.exe[3240] C:\Windows\system32\ADVAPI32.dll!IsTextUnicode + 49 000007fefe024e21 11 bytes [B8, B9, 14, A5, 75, 00, 00, ...] .text C:\Windows\System32\rundll32.exe[3240] C:\Windows\system32\ADVAPI32.dll!CreateServiceW 000007fefe025538 12 bytes [48, B8, 79, 6E, A4, 75, 00, ...] .text C:\Windows\System32\rundll32.exe[3240] C:\Windows\system32\ADVAPI32.dll!CryptEncrypt + 1 000007fefe03b9c1 7 bytes [B8, 79, EC, A4, 75, 00, 00] .text C:\Windows\System32\rundll32.exe[3240] C:\Windows\system32\ADVAPI32.dll!CryptEncrypt + 10 000007fefe03b9ca 2 bytes [50, C3] .text C:\Windows\System32\rundll32.exe[3240] C:\Windows\system32\ADVAPI32.dll!CreateServiceA 000007fefe03ba4c 12 bytes [48, B8, B9, 6C, A4, 75, 00, ...] .text C:\Windows\System32\rundll32.exe[3240] C:\Windows\system32\ADVAPI32.dll!ChangeServiceConfigW 000007fefe03bbc0 12 bytes [48, B8, 39, 62, A4, 75, 00, ...] .text C:\Windows\System32\rundll32.exe[3240] C:\Windows\system32\ADVAPI32.dll!ChangeServiceConfigA 000007fefe03bc2c 12 bytes [48, B8, 79, 60, A4, 75, 00, ...] .text C:\Windows\System32\rundll32.exe[3240] C:\Windows\SYSTEM32\sechost.dll!ControlService + 1 000007fefe88642d 11 bytes [B8, F9, 5C, A4, 75, 00, 00, ...] .text C:\Windows\System32\rundll32.exe[3240] C:\Windows\SYSTEM32\sechost.dll!OpenServiceW 000007fefe886484 12 bytes [48, B8, B9, 57, A4, 75, 00, ...] .text C:\Windows\System32\rundll32.exe[3240] C:\Windows\SYSTEM32\sechost.dll!CloseServiceHandle + 1 000007fefe886519 11 bytes [B8, F9, 63, A4, 75, 00, 00, ...] .text C:\Windows\System32\rundll32.exe[3240] C:\Windows\SYSTEM32\sechost.dll!OpenServiceA 000007fefe886c34 12 bytes [48, B8, F9, 55, A4, 75, 00, ...] .text C:\Windows\System32\rundll32.exe[3240] C:\Windows\SYSTEM32\sechost.dll!DeleteService + 1 000007fefe887ab5 11 bytes [B8, B9, 5E, A4, 75, 00, 00, ...] .text C:\Windows\System32\rundll32.exe[3240] C:\Windows\SYSTEM32\sechost.dll!ControlServiceExA + 1 000007fefe888b01 11 bytes [B8, 79, 59, A4, 75, 00, 00, ...] .text C:\Windows\System32\rundll32.exe[3240] C:\Windows\SYSTEM32\sechost.dll!ControlServiceExW + 1 000007fefe888c39 11 bytes [B8, 39, 5B, A4, 75, 00, 00, ...] .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3408] C:\Windows\SysWOW64\ntdll.dll!NtClose 0000000077ccfa20 5 bytes JMP 000000007ef35e61 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3408] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationProcess 0000000077ccfb68 5 bytes JMP 000000007ef35871 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3408] C:\Windows\SysWOW64\ntdll.dll!NtQueryInformationToken 0000000077ccfbe8 5 bytes JMP 000000007ef37459 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3408] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess 0000000077ccfc60 5 bytes JMP 000000007ef331d9 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3408] C:\Windows\SysWOW64\ntdll.dll!NtMapViewOfSection 0000000077ccfc90 5 bytes JMP 000000007ef315f1 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3408] C:\Windows\SysWOW64\ntdll.dll!NtUnmapViewOfSection 0000000077ccfcc0 5 bytes JMP 000000007ef31689 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3408] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 0000000077ccfcf0 5 bytes JMP 000000007ef357d9 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3408] C:\Windows\SysWOW64\ntdll.dll!NtWriteVirtualMemory 0000000077ccfe54 5 bytes JMP 000000007ef330a9 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3408] C:\Windows\SysWOW64\ntdll.dll!NtDuplicateObject 0000000077ccfe84 5 bytes JMP 000000007ef33309 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3408] C:\Windows\SysWOW64\ntdll.dll!NtAdjustPrivilegesToken 0000000077ccff00 5 bytes JMP 000000007ef367e1 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3408] C:\Windows\SysWOW64\ntdll.dll!NtQueueApcThread 0000000077ccff64 5 bytes JMP 000000007ef33271 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3408] C:\Windows\SysWOW64\ntdll.dll!NtCreateProcessEx 0000000077cd002c 5 bytes JMP 000000007ef32ee1 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3408] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread 0000000077cd0044 5 bytes JMP 000000007ef32db1 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3408] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile 0000000077cd00f4 5 bytes JMP 000000007ef31ed9 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3408] C:\Windows\SysWOW64\ntdll.dll!NtSetValueKey 0000000077cd0204 5 bytes JMP 000000007ef32301 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3408] C:\Windows\SysWOW64\ntdll.dll!NtCreateProcess 0000000077cd0854 5 bytes JMP 000000007ef32e49 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3408] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx 0000000077cd08e4 5 bytes JMP 000000007ef32d19 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3408] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver 0000000077cd0e34 5 bytes JMP 000000007ef35ef9 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3408] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessToken 0000000077cd1100 5 bytes JMP 000000007ef373c1 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3408] C:\Windows\SysWOW64\ntdll.dll!NtRaiseHardError 0000000077cd1644 5 bytes JMP 000000007ef34ac9 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3408] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread 0000000077cd1960 5 bytes JMP 000000007ef33141 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3408] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation 0000000077cd1c24 5 bytes JMP 000000007ef35f91 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3408] C:\Windows\SysWOW64\ntdll.dll!NtSuspendProcess 0000000077cd1d94 5 bytes JMP 000000007ef33439 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3408] C:\Windows\SysWOW64\ntdll.dll!NtSuspendThread 0000000077cd1db0 5 bytes JMP 000000007ef333a1 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3408] C:\Windows\SysWOW64\ntdll.dll!NtVdmControl 0000000077cd1f28 5 bytes JMP 000000007ef37589 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3408] C:\Windows\SysWOW64\ntdll.dll!RtlQueryPerformanceCounter 0000000077ce28e4 5 bytes JMP 000000007ef31ab1 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3408] C:\Windows\SysWOW64\ntdll.dll!RtlEqualSid 0000000077ce8e61 5 bytes JMP 000000007ef374f1 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3408] C:\Windows\SysWOW64\ntdll.dll!RtlCreateProcessParametersEx 0000000077d10eab 5 bytes JMP 000000007ef32009 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3408] C:\Windows\SysWOW64\ntdll.dll!RtlReportException 0000000077d58b7f 5 bytes JMP 000000007ef34b61 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3408] C:\Windows\SysWOW64\ntdll.dll!RtlCreateProcessParameters 0000000077d5ee1b 5 bytes JMP 000000007ef31f71 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3408] C:\Windows\syswow64\kernel32.dll!GetStartupInfoA 0000000075a90e00 5 bytes JMP 000000007ef31da9 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3408] C:\Windows\syswow64\kernel32.dll!CreateProcessA 0000000075a91072 5 bytes JMP 000000007ef32a21 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3408] C:\Windows\syswow64\kernel32.dll!LoadLibraryA 0000000075a94977 5 bytes JMP 000000007ef325f9 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3408] C:\Windows\syswow64\kernel32.dll!CreateProcessInternalW 0000000075aa3b93 5 bytes JMP 000000007ef33011 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3408] C:\Windows\syswow64\kernel32.dll!MoveFileWithProgressW 0000000075aa9a8c 5 bytes JMP 000000007ef36749 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3408] C:\Windows\syswow64\kernel32.dll!MoveFileExW 0000000075aa9aed 5 bytes JMP 000000007ef364e9 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3408] C:\Windows\syswow64\kernel32.dll!CreateToolhelp32Snapshot 0000000075ab7317 5 bytes JMP 000000007ef32729 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3408] C:\Windows\syswow64\kernel32.dll!Process32NextW 0000000075ab88ca 5 bytes JMP 000000007ef35dc9 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3408] C:\Windows\syswow64\kernel32.dll!MoveFileExA 0000000075abccb1 5 bytes JMP 000000007ef363b9 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3408] C:\Windows\syswow64\kernel32.dll!MoveFileWithProgressA 0000000075abccd1 5 bytes JMP 000000007ef36619 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3408] C:\Windows\syswow64\kernel32.dll!WinExec 0000000075b13061 5 bytes JMP 000000007ef328f1 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3408] C:\Windows\syswow64\kernel32.dll!ReadConsoleInputA 0000000075b3752b 5 bytes JMP 000000007ef346a1 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3408] C:\Windows\syswow64\kernel32.dll!ReadConsoleInputW 0000000075b3754e 5 bytes JMP 000000007ef347d1 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3408] C:\Windows\syswow64\kernel32.dll!ReadConsoleA 0000000075b378f9 5 bytes JMP 000000007ef34901 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3408] C:\Windows\syswow64\kernel32.dll!ReadConsoleW 0000000075b37972 5 bytes JMP 000000007ef34a31 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3408] C:\Windows\syswow64\KERNELBASE.dll!GetSystemTimeAsFileTime 0000000075a38f8d 5 bytes JMP 000000007ef31a19 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3408] C:\Windows\syswow64\KERNELBASE.dll!CloseHandle 0000000075a3c436 5 bytes JMP 000000007ef33b59 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3408] C:\Windows\syswow64\KERNELBASE.dll!DeviceIoControl 0000000075a3d0af 5 bytes JMP 000000007ef36879 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3408] C:\Windows\syswow64\KERNELBASE.dll!WriteProcessMemory 0000000075a3eca6 5 bytes JMP 000000007ef33601 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3408] C:\Windows\syswow64\KERNELBASE.dll!ExitProcess 0000000075a3f206 5 bytes JMP 000000007ef32399 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3408] C:\Windows\syswow64\KERNELBASE.dll!GetStartupInfoW 0000000075a3fa89 5 bytes JMP 000000007ef31e41 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3408] C:\Windows\syswow64\KERNELBASE.dll!DefineDosDeviceW 0000000075a3fbb7 5 bytes JMP 000000007ef36289 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3408] C:\Windows\syswow64\KERNELBASE.dll!CreateMutexW 0000000075a41358 5 bytes JMP 000000007ef33ac1 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3408] C:\Windows\syswow64\KERNELBASE.dll!OpenMutexW 0000000075a4137f 5 bytes JMP 000000007ef33a29 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3408] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000075a41d29 5 bytes JMP 000000007ef31981 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3408] C:\Windows\syswow64\KERNELBASE.dll!GetProcAddress 0000000075a41e15 5 bytes JMP 000000007ef324c9 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3408] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000075a42ab1 5 bytes JMP 000000010017f63e .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3408] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExA 0000000075a42cdf 5 bytes JMP 000000007ef35909 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3408] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000075a42d1d 5 bytes JMP 000000007ef35a39 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3408] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleA 0000000075a42e80 5 bytes JMP 000000007ef318e9 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3408] C:\Windows\syswow64\KERNELBASE.dll!SleepEx 0000000075a43b76 5 bytes JMP 000000007ef32269 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3408] C:\Windows\syswow64\KERNELBASE.dll!Sleep 0000000075a4449c 5 bytes JMP 000000007ef32431 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3408] C:\Windows\syswow64\KERNELBASE.dll!CreateThread 0000000075a4460e 5 bytes JMP 000000007ef33569 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3408] C:\Windows\syswow64\KERNELBASE.dll!CreateRemoteThread 0000000075a44637 5 bytes JMP 000000007ef32c81 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3408] C:\Windows\syswow64\KERNELBASE.dll!FindNextFileW 0000000075a4a217 5 bytes JMP 000000007ef369a9 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3408] C:\Windows\syswow64\KERNELBASE.dll!FindFirstFileExW 0000000075a4a500 5 bytes JMP 000000007ef36911 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3408] C:\Windows\syswow64\KERNELBASE.dll!CreateFileA 0000000075a4c73a 5 bytes JMP 000000007ef327c1 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3408] C:\Windows\syswow64\KERNELBASE.dll!CreateWellKnownSid 0000000075a4e2a4 5 bytes JMP 000000007ef37329 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3408] C:\Windows\syswow64\msvcrt.dll!_lock + 41 0000000075b9a472 5 bytes JMP 000000007ef37751 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3408] C:\Windows\syswow64\msvcrt.dll!__p__fmode 0000000075ba27ce 5 bytes JMP 000000007ef31be1 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3408] C:\Windows\syswow64\msvcrt.dll!__p__environ 0000000075bae6cf 5 bytes JMP 000000007ef31b49 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3408] C:\Windows\syswow64\WS2_32.dll!closesocket 0000000077293918 5 bytes JMP 000000007ef35741 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3408] C:\Windows\syswow64\WS2_32.dll!WSASocketW 0000000077293cd3 5 bytes JMP 000000007ef356a9 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3408] C:\Windows\syswow64\WS2_32.dll!socket 0000000077293eb8 5 bytes JMP 000000007ef36ca1 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3408] C:\Windows\syswow64\WS2_32.dll!WSASend 0000000077294406 5 bytes JMP 000000007ef32139 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3408] C:\Windows\syswow64\WS2_32.dll!GetAddrInfoW 0000000077294889 5 bytes JMP 000000007ef34dc1 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3408] C:\Windows\syswow64\WS2_32.dll!recv 0000000077296b0e 5 bytes JMP 000000007ef36e69 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3408] C:\Windows\syswow64\WS2_32.dll!connect 0000000077296bdd 1 byte JMP 000000007ef341e1 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3408] C:\Windows\syswow64\WS2_32.dll!connect + 2 0000000077296bdf 3 bytes {CALL RBP} .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3408] C:\Windows\syswow64\WS2_32.dll!send 0000000077296f01 5 bytes JMP 000000007ef320a1 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3408] C:\Windows\syswow64\WS2_32.dll!WSARecv 0000000077297089 5 bytes JMP 000000007ef36f01 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3408] C:\Windows\syswow64\WS2_32.dll!WSAConnect 000000007729cc3f 5 bytes JMP 000000007ef36dd1 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3408] C:\Windows\syswow64\WS2_32.dll!GetAddrInfoExW 000000007729d1ea 5 bytes JMP 000000007ef34e59 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3408] C:\Windows\syswow64\WS2_32.dll!gethostbyname 00000000772a7673 5 bytes JMP 000000007ef34ef1 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3408] C:\Windows\syswow64\USER32.dll!GetMessageW 0000000076e278e2 5 bytes JMP 000000007ef34441 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3408] C:\Windows\syswow64\USER32.dll!GetMessageA 0000000076e27bd3 5 bytes JMP 000000007ef343a9 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3408] C:\Windows\syswow64\USER32.dll!CreateWindowExW 0000000076e28a29 5 bytes JMP 000000007ef34f89 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3408] C:\Windows\syswow64\USER32.dll!FindWindowW 0000000076e298fd 1 byte JMP 000000007ef35c01 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3408] C:\Windows\syswow64\USER32.dll!FindWindowW + 2 0000000076e298ff 3 bytes {JMP 0x810c304} .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3408] C:\Windows\syswow64\USER32.dll!UserClientDllInitialize 0000000076e2b6ed 5 bytes JMP 000000007ef37881 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3408] C:\Windows\syswow64\USER32.dll!CreateWindowExA 0000000076e2d22e 5 bytes JMP 000000007ef35021 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3408] C:\Windows\syswow64\USER32.dll!SetWinEventHook 0000000076e2ee09 5 bytes JMP 000000007ef334d1 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3408] C:\Windows\syswow64\USER32.dll!FindWindowA 0000000076e2ffe6 5 bytes JMP 000000007ef35ad1 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3408] C:\Windows\syswow64\USER32.dll!FindWindowExA 0000000076e300d9 5 bytes JMP 000000007ef35b69 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3408] C:\Windows\syswow64\USER32.dll!PeekMessageW 0000000076e305ba 5 bytes JMP 000000007ef34571 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3408] C:\Windows\syswow64\USER32.dll!ShowWindow 0000000076e30dfb 5 bytes JMP 000000007ef350b9 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3408] C:\Windows\syswow64\USER32.dll!PostMessageW 0000000076e312a5 5 bytes JMP 000000007ef376b9 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3408] C:\Windows\syswow64\USER32.dll!SetWindowTextW 0000000076e320ec 5 bytes JMP 000000007ef35449 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3408] C:\Windows\syswow64\USER32.dll!PostMessageA 0000000076e33baa 5 bytes JMP 000000007ef37621 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3408] C:\Windows\syswow64\USER32.dll!PeekMessageA 0000000076e35f74 5 bytes JMP 000000007ef344d9 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3408] C:\Windows\syswow64\USER32.dll!CallNextHookEx 0000000076e36285 5 bytes JMP 000000007ef34bf9 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3408] C:\Windows\syswow64\USER32.dll!SetWindowsHookExW 0000000076e37603 5 bytes JMP 000000007ef32be9 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3408] C:\Windows\syswow64\USER32.dll!SetWindowTextA 0000000076e37aee 5 bytes JMP 000000007ef353b1 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3408] C:\Windows\syswow64\USER32.dll!SetWindowsHookExA 0000000076e3835c 5 bytes JMP 000000007ef32b51 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3408] C:\Windows\syswow64\USER32.dll!DialogBoxIndirectParamAorW 0000000076e4ce54 5 bytes JMP 000000007ef351e9 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3408] C:\Windows\syswow64\USER32.dll!UnhookWindowsHookEx 0000000076e4f52b 5 bytes JMP 000000007ef34c91 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3408] C:\Windows\syswow64\USER32.dll!FindWindowExW 0000000076e4f588 5 bytes JMP 000000007ef35c99 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3408] C:\Windows\syswow64\USER32.dll!CreateDialogIndirectParamAorW 0000000076e510a0 5 bytes JMP 000000007ef35151 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3408] C:\Windows\syswow64\USER32.dll!MessageBoxExA 0000000076e7fcd6 2 bytes JMP 000000007ef35281 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3408] C:\Windows\syswow64\USER32.dll!MessageBoxExA + 3 0000000076e7fcd9 2 bytes [0B, 08] .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3408] C:\Windows\syswow64\USER32.dll!MessageBoxExW 0000000076e7fcfa 5 bytes JMP 000000007ef35319 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3408] C:\Windows\syswow64\GDI32.dll!TranslateCharsetInfo + 505 0000000076b4633b 5 bytes JMP 000000007ef37919 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3408] C:\Windows\syswow64\GDI32.dll!NamedEscape 0000000076b740e9 5 bytes JMP 000000007ef36f99 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3408] C:\Windows\syswow64\ADVAPI32.dll!CryptGenKey 0000000075698e89 5 bytes JMP 000000007ef36b71 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3408] C:\Windows\syswow64\ADVAPI32.dll!CryptAcquireContextA 0000000075699179 5 bytes JMP 000000007ef36a41 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3408] C:\Windows\syswow64\ADVAPI32.dll!CryptExportKey 0000000075699186 5 bytes JMP 000000007ef370c9 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3408] C:\Windows\syswow64\ADVAPI32.dll!CryptImportKey 000000007569c4d2 5 bytes JMP 000000007ef37291 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3408] C:\Windows\syswow64\ADVAPI32.dll!OpenServiceW 000000007569c9ec 5 bytes JMP 000000007ef33c89 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3408] C:\Windows\syswow64\ADVAPI32.dll!CryptAcquireContextW 000000007569deb4 5 bytes JMP 000000007ef36ad9 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3408] C:\Windows\syswow64\ADVAPI32.dll!CryptHashData 000000007569ded6 5 bytes JMP 000000007ef371f9 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3408] C:\Windows\syswow64\ADVAPI32.dll!CryptCreateHash 000000007569deee 5 bytes JMP 000000007ef37031 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3408] C:\Windows\syswow64\ADVAPI32.dll!CryptGetHashParam 000000007569df1e 5 bytes JMP 000000007ef37161 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3408] C:\Windows\syswow64\ADVAPI32.dll!OpenServiceA 00000000756a2b50 5 bytes JMP 000000007ef33bf1 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3408] C:\Windows\syswow64\ADVAPI32.dll!CloseServiceHandle 00000000756a35fc 5 bytes JMP 000000007ef340b1 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3408] C:\Windows\syswow64\ADVAPI32.dll!RegOpenKeyExA + 222 00000000756a494d 5 bytes JMP 000000007ef379b1 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3408] C:\Windows\syswow64\ADVAPI32.dll!CreateServiceW 00000000756b714c 5 bytes JMP 000000007ef34311 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3408] C:\Windows\syswow64\ADVAPI32.dll!ControlService 00000000756b7164 5 bytes JMP 000000007ef33e51 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3408] C:\Windows\syswow64\ADVAPI32.dll!DeleteService 00000000756b717c 5 bytes JMP 000000007ef33ee9 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3408] C:\Windows\syswow64\ADVAPI32.dll!CryptEncrypt 00000000756b77c3 5 bytes JMP 000000007ef36c09 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3408] C:\Windows\syswow64\ADVAPI32.dll!ChangeServiceConfigA 00000000756d3384 5 bytes JMP 000000007ef33f81 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3408] C:\Windows\syswow64\ADVAPI32.dll!ChangeServiceConfigW 00000000756d3394 5 bytes JMP 000000007ef34019 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3408] C:\Windows\syswow64\ADVAPI32.dll!ControlServiceExA 00000000756d33a4 5 bytes JMP 000000007ef33d21 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3408] C:\Windows\syswow64\ADVAPI32.dll!ControlServiceExW 00000000756d33b4 5 bytes JMP 000000007ef33db9 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3408] C:\Windows\syswow64\ADVAPI32.dll!CreateServiceA 00000000756d33f4 5 bytes JMP 000000007ef34279 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3408] C:\Windows\syswow64\SHELL32.dll!Shell_NotifyIconW 0000000075dc01a9 5 bytes JMP 000000007ef34d29 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3408] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000075681401 2 bytes JMP 75abb20b C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3408] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000075681419 2 bytes JMP 75abb336 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3408] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000075681431 2 bytes JMP 75b38f39 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3408] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 000000007568144a 2 bytes CALL 75a94885 C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3408] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000756814dd 2 bytes JMP 75b38832 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3408] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000756814f5 2 bytes JMP 75b38a08 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3408] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 000000007568150d 2 bytes JMP 75b38728 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3408] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000075681525 2 bytes JMP 75b38af2 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3408] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 000000007568153d 2 bytes JMP 75aafc98 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3408] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000075681555 2 bytes JMP 75ab68df C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3408] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 000000007568156d 2 bytes JMP 75b38ff1 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3408] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000075681585 2 bytes JMP 75b38b52 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3408] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 000000007568159d 2 bytes JMP 75b386ec C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3408] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000756815b5 2 bytes JMP 75aafd31 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3408] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000756815cd 2 bytes JMP 75abb2cc C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3408] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000756816b2 2 bytes JMP 75b38eb4 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3408] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000756816bd 2 bytes JMP 75b38681 C:\Windows\syswow64\kernel32.dll .text C:\Windows\Explorer.EXE[3520] C:\Windows\SYSTEM32\ntdll.dll!RtlEqualSid + 1 0000000077af85e1 11 bytes [B8, 79, 91, A4, 75, 00, 00, ...] .text C:\Windows\Explorer.EXE[3520] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateProcessParametersEx + 1 0000000077b06921 7 bytes [B8, F9, 55, A4, 75, 00, 00] .text C:\Windows\Explorer.EXE[3520] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateProcessParametersEx + 10 0000000077b0692a 2 bytes [50, C3] .text C:\Windows\Explorer.EXE[3520] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess 0000000077b1db70 6 bytes [48, B8, F9, 5C, A4, 75] .text C:\Windows\Explorer.EXE[3520] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess + 8 0000000077b1db78 4 bytes [00, 00, 50, C3] .text C:\Windows\Explorer.EXE[3520] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationToken 0000000077b1dbc0 6 bytes [48, B8, B9, 8F, A4, 75] .text C:\Windows\Explorer.EXE[3520] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationToken + 8 0000000077b1dbc8 4 bytes [00, 00, 50, C3] .text C:\Windows\Explorer.EXE[3520] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077b1dc10 6 bytes [48, B8, F9, 32, A4, 75] .text C:\Windows\Explorer.EXE[3520] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess + 8 0000000077b1dc18 4 bytes [00, 00, 50, C3] .text C:\Windows\Explorer.EXE[3520] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 0000000077b1dc30 6 bytes [48, B8, 39, 1C, A4, 75] .text C:\Windows\Explorer.EXE[3520] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection + 8 0000000077b1dc38 4 bytes [00, 00, 50, C3] .text C:\Windows\Explorer.EXE[3520] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection 0000000077b1dc50 6 bytes [48, B8, F9, 1D, A4, 75] .text C:\Windows\Explorer.EXE[3520] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection + 8 0000000077b1dc58 4 bytes [00, 00, 50, C3] .text C:\Windows\Explorer.EXE[3520] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077b1dc70 6 bytes [48, B8, 39, 5B, A4, 75] .text C:\Windows\Explorer.EXE[3520] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess + 8 0000000077b1dc78 4 bytes [00, 00, 50, C3] .text C:\Windows\Explorer.EXE[3520] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077b1dd50 6 bytes [48, B8, 79, 2F, A4, 75] .text C:\Windows\Explorer.EXE[3520] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory + 8 0000000077b1dd58 4 bytes [00, 00, 50, C3] .text C:\Windows\Explorer.EXE[3520] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077b1dd70 6 bytes [48, B8, 79, 36, A4, 75] .text C:\Windows\Explorer.EXE[3520] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject + 8 0000000077b1dd78 4 bytes [00, 00, 50, C3] .text C:\Windows\Explorer.EXE[3520] C:\Windows\SYSTEM32\ntdll.dll!NtAdjustPrivilegesToken 0000000077b1ddc0 6 bytes [48, B8, F9, 71, A4, 75] .text C:\Windows\Explorer.EXE[3520] C:\Windows\SYSTEM32\ntdll.dll!NtAdjustPrivilegesToken + 8 0000000077b1ddc8 4 bytes [00, 00, 50, C3] .text C:\Windows\Explorer.EXE[3520] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 0000000077b1de00 6 bytes [48, B8, B9, 34, A4, 75] .text C:\Windows\Explorer.EXE[3520] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread + 8 0000000077b1de08 4 bytes [00, 00, 50, C3] .text C:\Windows\Explorer.EXE[3520] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcessEx 0000000077b1de80 6 bytes [48, B8, 39, 2A, A4, 75] .text C:\Windows\Explorer.EXE[3520] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcessEx + 8 0000000077b1de88 4 bytes [00, 00, 50, C3] .text C:\Windows\Explorer.EXE[3520] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077b1de90 6 bytes [48, B8, B9, 26, A4, 75] .text C:\Windows\Explorer.EXE[3520] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread + 8 0000000077b1de98 4 bytes [00, 00, 50, C3] .text C:\Windows\Explorer.EXE[3520] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 0000000077b1df00 6 bytes [48, B8, B9, 73, A4, 75] .text C:\Windows\Explorer.EXE[3520] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile + 8 0000000077b1df08 4 bytes [00, 00, 50, C3] .text C:\Windows\Explorer.EXE[3520] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcess 0000000077b1e3d0 6 bytes [48, B8, 79, 28, A4, 75] .text C:\Windows\Explorer.EXE[3520] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcess + 8 0000000077b1e3d8 4 bytes [00, 00, 50, C3] .text C:\Windows\Explorer.EXE[3520] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077b1e430 6 bytes [48, B8, F9, 24, A4, 75] .text C:\Windows\Explorer.EXE[3520] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx + 8 0000000077b1e438 4 bytes [00, 00, 50, C3] .text C:\Windows\Explorer.EXE[3520] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077b1e7a0 6 bytes [48, B8, B9, 5E, A4, 75] .text C:\Windows\Explorer.EXE[3520] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver + 8 0000000077b1e7a8 4 bytes [00, 00, 50, C3] .text C:\Windows\Explorer.EXE[3520] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcessToken 0000000077b1e970 6 bytes [48, B8, F9, 8D, A4, 75] .text C:\Windows\Explorer.EXE[3520] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcessToken + 8 0000000077b1e978 4 bytes [00, 00, 50, C3] .text C:\Windows\Explorer.EXE[3520] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077b1eee0 6 bytes [48, B8, 39, 31, A4, 75] .text C:\Windows\Explorer.EXE[3520] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread + 8 0000000077b1eee8 4 bytes [00, 00, 50, C3] .text C:\Windows\Explorer.EXE[3520] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077b1f0a0 6 bytes [48, B8, 79, 60, A4, 75] .text C:\Windows\Explorer.EXE[3520] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation + 8 0000000077b1f0a8 4 bytes [00, 00, 50, C3] .text C:\Windows\Explorer.EXE[3520] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077b1f180 6 bytes [48, B8, 79, 3D, A4, 75] .text C:\Windows\Explorer.EXE[3520] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess + 8 0000000077b1f188 4 bytes [00, 00, 50, C3] .text C:\Windows\Explorer.EXE[3520] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077b1f190 6 bytes [48, B8, B9, 3B, A4, 75] .text C:\Windows\Explorer.EXE[3520] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread + 8 0000000077b1f198 4 bytes [00, 00, 50, C3] .text C:\Windows\Explorer.EXE[3520] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077b1f280 6 bytes [48, B8, B9, 96, A4, 75] .text C:\Windows\Explorer.EXE[3520] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl + 8 0000000077b1f288 4 bytes [00, 00, 50, C3] .text C:\Windows\Explorer.EXE[3520] C:\Windows\system32\kernel32.dll!CreateToolhelp32Snapshot 00000000779b1c10 12 bytes [48, B8, F9, 39, A4, 75, 00, ...] .text C:\Windows\Explorer.EXE[3520] C:\Windows\system32\kernel32.dll!MoveFileExW + 1 00000000779b2b61 8 bytes [B8, 39, 69, A4, 75, 00, 00, ...] .text C:\Windows\Explorer.EXE[3520] C:\Windows\system32\kernel32.dll!MoveFileExW + 10 00000000779b2b6a 2 bytes [50, C3] .text C:\Windows\Explorer.EXE[3520] C:\Windows\system32\kernel32.dll!CreateProcessInternalW 00000000779cdb10 12 bytes [48, B8, B9, 2D, A4, 75, 00, ...] .text C:\Windows\Explorer.EXE[3520] C:\Windows\system32\kernel32.dll!GetStartupInfoA + 1 00000000779d0951 11 bytes [B8, F9, 94, A4, 75, 00, 00, ...] .text C:\Windows\Explorer.EXE[3520] C:\Windows\system32\kernel32.dll!MoveFileWithProgressW + 1 0000000077a3f4e1 11 bytes [B8, 39, 70, A4, 75, 00, 00, ...] .text C:\Windows\Explorer.EXE[3520] C:\Windows\system32\kernel32.dll!MoveFileWithProgressA + 1 0000000077a3f6e1 11 bytes [B8, B9, 6C, A4, 75, 00, 00, ...] .text C:\Windows\Explorer.EXE[3520] C:\Windows\system32\kernel32.dll!MoveFileExA + 1 0000000077a3f711 8 bytes [B8, B9, 65, A4, 75, 00, 00, ...] .text C:\Windows\Explorer.EXE[3520] C:\Windows\system32\kernel32.dll!MoveFileExA + 10 0000000077a3f71a 2 bytes [50, C3] .text C:\Windows\Explorer.EXE[3520] C:\Windows\system32\KERNELBASE.dll!FindFirstFileExW 000007fefd954a20 12 bytes [48, B8, 39, 77, A4, 75, 00, ...] .text C:\Windows\Explorer.EXE[3520] C:\Windows\system32\KERNELBASE.dll!FindNextFileW + 1 000007fefd955501 11 bytes [B8, F9, 78, A4, 75, 00, 00, ...] .text C:\Windows\Explorer.EXE[3520] C:\Windows\system32\KERNELBASE.dll!DeviceIoControl + 1 000007fefd9590a1 11 bytes [B8, 79, 75, A4, 75, 00, 00, ...] .text C:\Windows\Explorer.EXE[3520] C:\Windows\system32\KERNELBASE.dll!CreateWellKnownSid + 1 000007fefd95a881 11 bytes [B8, 39, 8C, A4, 75, 00, 00, ...] .text C:\Windows\Explorer.EXE[3520] C:\Windows\system32\KERNELBASE.dll!WriteProcessMemory 000007fefd984300 12 bytes [48, B8, B9, 42, A4, 75, 00, ...] .text C:\Windows\Explorer.EXE[3520] C:\Windows\system32\KERNELBASE.dll!DefineDosDeviceW + 1 000007fefd990bc1 11 bytes [B8, 39, 62, A4, 75, 00, 00, ...] .text C:\Windows\Explorer.EXE[3520] C:\Windows\system32\KERNELBASE.dll!CreateRemoteThread + 1 000007fefd992821 8 bytes [B8, 39, 23, A4, 75, 00, 00, ...] .text C:\Windows\Explorer.EXE[3520] C:\Windows\system32\KERNELBASE.dll!CreateRemoteThread + 10 000007fefd99282a 2 bytes [50, C3] .text C:\Windows\Explorer.EXE[3520] C:\Windows\system32\KERNELBASE.dll!CreateThread + 1 000007fefd992861 11 bytes [B8, F9, 40, A4, 75, 00, 00, ...] .text C:\Windows\Explorer.EXE[3520] C:\Windows\system32\ADVAPI32.dll!CryptExportKey + 1 000007fefe00ae81 11 bytes [B8, 39, 85, A4, 75, 00, 00, ...] .text C:\Windows\Explorer.EXE[3520] C:\Windows\system32\ADVAPI32.dll!CryptAcquireContextA + 1 000007fefe00aee1 11 bytes [B8, B9, 7A, A4, 75, 00, 00, ...] .text C:\Windows\Explorer.EXE[3520] C:\Windows\system32\ADVAPI32.dll!CryptImportKey + 1 000007fefe00e6e9 11 bytes [B8, 79, 8A, A4, 75, 00, 00, ...] .text C:\Windows\Explorer.EXE[3520] C:\Windows\system32\ADVAPI32.dll!CryptAcquireContextW + 1 000007fefe01048d 11 bytes [B8, 79, 7C, A4, 75, 00, 00, ...] .text C:\Windows\Explorer.EXE[3520] C:\Windows\system32\ADVAPI32.dll!CryptCreateHash + 1 000007fefe010579 11 bytes [B8, 79, 83, A4, 75, 00, 00, ...] .text C:\Windows\Explorer.EXE[3520] C:\Windows\system32\ADVAPI32.dll!CryptGetHashParam + 1 000007fefe0105b1 11 bytes [B8, F9, 86, A4, 75, 00, 00, ...] .text C:\Windows\Explorer.EXE[3520] C:\Windows\system32\ADVAPI32.dll!CryptGetHashParam + 73 000007fefe0105f9 5 bytes [B8, B9, 88, A4, 75] .text ... * 2 .text C:\Windows\Explorer.EXE[3520] C:\Windows\system32\ADVAPI32.dll!IsTextUnicode + 49 000007fefe024e21 11 bytes [B8, 79, 9F, A4, 75, 00, 00, ...] .text C:\Windows\Explorer.EXE[3520] C:\Windows\system32\ADVAPI32.dll!CreateServiceW 000007fefe025538 12 bytes [48, B8, 79, 59, A4, 75, 00, ...] .text C:\Windows\Explorer.EXE[3520] C:\Windows\system32\ADVAPI32.dll!CryptEncrypt + 1 000007fefe03b9c1 7 bytes [B8, F9, 7F, A4, 75, 00, 00] .text C:\Windows\Explorer.EXE[3520] C:\Windows\system32\ADVAPI32.dll!CryptEncrypt + 10 000007fefe03b9ca 2 bytes [50, C3] .text C:\Windows\Explorer.EXE[3520] C:\Windows\system32\ADVAPI32.dll!CreateServiceA 000007fefe03ba4c 12 bytes [48, B8, B9, 57, A4, 75, 00, ...] .text C:\Windows\Explorer.EXE[3520] C:\Windows\system32\ADVAPI32.dll!ChangeServiceConfigW 000007fefe03bbc0 12 bytes [48, B8, B9, 50, A4, 75, 00, ...] .text C:\Windows\Explorer.EXE[3520] C:\Windows\system32\ADVAPI32.dll!ChangeServiceConfigA 000007fefe03bc2c 12 bytes [48, B8, F9, 4E, A4, 75, 00, ...] .text C:\Windows\Explorer.EXE[3520] C:\Windows\SYSTEM32\sechost.dll!ControlService + 1 000007fefe88642d 11 bytes [B8, 79, 4B, A4, 75, 00, 00, ...] .text C:\Windows\Explorer.EXE[3520] C:\Windows\SYSTEM32\sechost.dll!OpenServiceW 000007fefe886484 12 bytes [48, B8, 39, 46, A4, 75, 00, ...] .text C:\Windows\Explorer.EXE[3520] C:\Windows\SYSTEM32\sechost.dll!CloseServiceHandle + 1 000007fefe886519 11 bytes [B8, 79, 52, A4, 75, 00, 00, ...] .text C:\Windows\Explorer.EXE[3520] C:\Windows\SYSTEM32\sechost.dll!OpenServiceA 000007fefe886c34 12 bytes [48, B8, 79, 44, A4, 75, 00, ...] .text C:\Windows\Explorer.EXE[3520] C:\Windows\SYSTEM32\sechost.dll!DeleteService + 1 000007fefe887ab5 11 bytes [B8, 39, 4D, A4, 75, 00, 00, ...] .text C:\Windows\Explorer.EXE[3520] C:\Windows\SYSTEM32\sechost.dll!ControlServiceExA + 1 000007fefe888b01 11 bytes [B8, F9, 47, A4, 75, 00, 00, ...] .text C:\Windows\Explorer.EXE[3520] C:\Windows\SYSTEM32\sechost.dll!ControlServiceExW + 1 000007fefe888c39 11 bytes [B8, B9, 49, A4, 75, 00, 00, ...] .text C:\Windows\Explorer.EXE[3520] C:\Windows\system32\GDI32.dll!GdiDllInitialize + 349 000007feff8fb031 11 bytes [B8, 39, A1, A4, 75, 00, 00, ...] .text C:\Windows\Explorer.EXE[3520] C:\Windows\system32\GDI32.dll!NamedEscape + 1 000007feff929209 11 bytes [B8, B9, 81, A4, 75, 00, 00, ...] .text C:\Windows\Explorer.EXE[3520] C:\Windows\system32\WS2_32.dll!connect 000007feff9645c0 12 bytes [48, B8, 39, 54, A4, 75, 00, ...] .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3552] C:\Windows\SYSTEM32\ntdll.dll!RtlEqualSid + 1 0000000077af85e1 11 bytes [B8, B9, 22, A5, 75, 00, 00, ...] .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3552] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateProcessParametersEx + 1 0000000077b06921 7 bytes [B8, 39, 69, A4, 75, 00, 00] .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3552] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateProcessParametersEx + 10 0000000077b0692a 2 bytes [50, C3] .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3552] C:\Windows\SYSTEM32\ntdll.dll!NtClose 0000000077b1daa0 6 bytes [48, B8, 79, DE, A4, 75] .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3552] C:\Windows\SYSTEM32\ntdll.dll!NtClose + 8 0000000077b1daa8 4 bytes [00, 00, 50, C3] .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3552] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess 0000000077b1db70 6 bytes [48, B8, 39, CB, A4, 75] .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3552] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess + 8 0000000077b1db78 4 bytes [00, 00, 50, C3] .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3552] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationToken 0000000077b1dbc0 6 bytes [48, B8, F9, 20, A5, 75] .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3552] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationToken + 8 0000000077b1dbc8 4 bytes [00, 00, 50, C3] .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3552] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077b1dc10 6 bytes [48, B8, F9, 32, A4, 75] .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3552] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess + 8 0000000077b1dc18 4 bytes [00, 00, 50, C3] .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3552] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 0000000077b1dc30 6 bytes [48, B8, 39, 1C, A4, 75] .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3552] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection + 8 0000000077b1dc38 4 bytes [00, 00, 50, C3] .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3552] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection 0000000077b1dc50 6 bytes [48, B8, F9, 1D, A4, 75] .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3552] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection + 8 0000000077b1dc58 4 bytes [00, 00, 50, C3] .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3552] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077b1dc70 6 bytes [48, B8, 79, C9, A4, 75] .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3552] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess + 8 0000000077b1dc78 4 bytes [00, 00, 50, C3] .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3552] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077b1dd50 6 bytes [48, B8, 79, 2F, A4, 75] .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3552] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory + 8 0000000077b1dd58 4 bytes [00, 00, 50, C3] .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3552] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077b1dd70 6 bytes [48, B8, 79, 36, A4, 75] .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3552] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject + 8 0000000077b1dd78 4 bytes [00, 00, 50, C3] .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3552] C:\Windows\SYSTEM32\ntdll.dll!NtAdjustPrivilegesToken 0000000077b1ddc0 6 bytes [48, B8, 79, FA, A4, 75] .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3552] C:\Windows\SYSTEM32\ntdll.dll!NtAdjustPrivilegesToken + 8 0000000077b1ddc8 4 bytes [00, 00, 50, C3] .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3552] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 0000000077b1de00 6 bytes [48, B8, B9, 34, A4, 75] .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3552] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread + 8 0000000077b1de08 4 bytes [00, 00, 50, C3] .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3552] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcessEx 0000000077b1de80 6 bytes [48, B8, 39, 2A, A4, 75] .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3552] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcessEx + 8 0000000077b1de88 4 bytes [00, 00, 50, C3] .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3552] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077b1de90 6 bytes [48, B8, B9, 26, A4, 75] .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3552] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread + 8 0000000077b1de98 4 bytes [00, 00, 50, C3] .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3552] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 0000000077b1df00 6 bytes [48, B8, 39, FC, A4, 75] .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3552] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile + 8 0000000077b1df08 4 bytes [00, 00, 50, C3] .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3552] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcess 0000000077b1e3d0 6 bytes [48, B8, 79, 28, A4, 75] .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3552] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcess + 8 0000000077b1e3d8 4 bytes [00, 00, 50, C3] .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3552] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077b1e430 6 bytes [48, B8, F9, 24, A4, 75] .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3552] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx + 8 0000000077b1e438 4 bytes [00, 00, 50, C3] .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3552] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077b1e7a0 6 bytes [48, B8, 39, E0, A4, 75] .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3552] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver + 8 0000000077b1e7a8 4 bytes [00, 00, 50, C3] .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3552] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcessToken 0000000077b1e970 6 bytes [48, B8, 39, 1F, A5, 75] .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3552] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcessToken + 8 0000000077b1e978 4 bytes [00, 00, 50, C3] .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3552] C:\Windows\SYSTEM32\ntdll.dll!NtRaiseHardError 0000000077b1ece0 6 bytes [48, B8, 79, 83, A4, 75] .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3552] C:\Windows\SYSTEM32\ntdll.dll!NtRaiseHardError + 8 0000000077b1ece8 4 bytes [00, 00, 50, C3] .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3552] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077b1eee0 6 bytes [48, B8, 39, 31, A4, 75] .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3552] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread + 8 0000000077b1eee8 4 bytes [00, 00, 50, C3] .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3552] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077b1f0a0 6 bytes [48, B8, F9, E1, A4, 75] .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3552] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation + 8 0000000077b1f0a8 4 bytes [00, 00, 50, C3] .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3552] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077b1f180 6 bytes [48, B8, 79, 3D, A4, 75] .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3552] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess + 8 0000000077b1f188 4 bytes [00, 00, 50, C3] .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3552] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077b1f190 6 bytes [48, B8, B9, 3B, A4, 75] .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3552] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread + 8 0000000077b1f198 4 bytes [00, 00, 50, C3] .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3552] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077b1f280 6 bytes [48, B8, F9, 27, A5, 75] .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3552] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl + 8 0000000077b1f288 4 bytes [00, 00, 50, C3] .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3552] C:\Windows\SYSTEM32\ntdll.dll!RtlReportException + 1 0000000077b8f0c1 11 bytes [B8, 39, 85, A4, 75, 00, 00, ...] .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3552] C:\Windows\system32\kernel32.dll!Process32NextW + 1 00000000779b1b21 11 bytes [B8, B9, DC, A4, 75, 00, 00, ...] .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3552] C:\Windows\system32\kernel32.dll!CreateToolhelp32Snapshot 00000000779b1c10 12 bytes [48, B8, F9, 39, A4, 75, 00, ...] .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3552] C:\Windows\system32\kernel32.dll!MoveFileExW + 1 00000000779b2b61 8 bytes [B8, B9, F1, A4, 75, 00, 00, ...] .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3552] C:\Windows\system32\kernel32.dll!MoveFileExW + 10 00000000779b2b6a 2 bytes [50, C3] .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3552] C:\Windows\system32\kernel32.dll!CreateProcessInternalW 00000000779cdb10 12 bytes [48, B8, B9, 2D, A4, 75, 00, ...] .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3552] C:\Windows\system32\kernel32.dll!GetStartupInfoA + 1 00000000779d0951 11 bytes [B8, 39, 26, A5, 75, 00, 00, ...] .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3552] C:\Windows\system32\kernel32.dll!ReadConsoleInputW + 1 0000000077a052c1 11 bytes [B8, B9, 7A, A4, 75, 00, 00, ...] .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3552] C:\Windows\system32\kernel32.dll!ReadConsoleInputA + 1 0000000077a052e1 11 bytes [B8, 39, 77, A4, 75, 00, 00, ...] .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3552] C:\Windows\system32\kernel32.dll!ReadConsoleW 0000000077a1a630 12 bytes [48, B8, B9, 81, A4, 75, 00, ...] .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3552] C:\Windows\system32\kernel32.dll!ReadConsoleA 0000000077a1a740 12 bytes [48, B8, 39, 7E, A4, 75, 00, ...] .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3552] C:\Windows\system32\kernel32.dll!MoveFileWithProgressW + 1 0000000077a3f4e1 11 bytes [B8, B9, F8, A4, 75, 00, 00, ...] .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3552] C:\Windows\system32\kernel32.dll!MoveFileWithProgressA + 1 0000000077a3f6e1 11 bytes [B8, 39, F5, A4, 75, 00, 00, ...] .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3552] C:\Windows\system32\kernel32.dll!MoveFileExA + 1 0000000077a3f711 8 bytes [B8, 39, EE, A4, 75, 00, 00, ...] .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3552] C:\Windows\system32\kernel32.dll!MoveFileExA + 10 0000000077a3f71a 2 bytes [50, C3] .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3552] C:\Windows\system32\KERNELBASE.dll!CloseHandle + 1 000007fefd951861 11 bytes [B8, 79, 52, A4, 75, 00, 00, ...] .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3552] C:\Windows\system32\KERNELBASE.dll!GetProcAddress + 1 000007fefd9530f1 11 bytes [B8, 39, D2, A4, 75, 00, 00, ...] .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3552] C:\Windows\system32\KERNELBASE.dll!FindFirstFileExW 000007fefd954a20 12 bytes [48, B8, B9, FF, A4, 75, 00, ...] .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3552] C:\Windows\system32\KERNELBASE.dll!FindNextFileW + 1 000007fefd955501 11 bytes [B8, 79, 01, A5, 75, 00, 00, ...] .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3552] C:\Windows\system32\KERNELBASE.dll!CreateMutexW 000007fefd9585b0 12 bytes [48, B8, B9, 50, A4, 75, 00, ...] .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3552] C:\Windows\system32\KERNELBASE.dll!DeviceIoControl + 1 000007fefd9590a1 11 bytes [B8, F9, FD, A4, 75, 00, 00, ...] .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3552] C:\Windows\system32\KERNELBASE.dll!CreateWellKnownSid + 1 000007fefd95a881 11 bytes [B8, 79, 1D, A5, 75, 00, 00, ...] .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3552] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd95ac50 12 bytes [48, B8, B9, CE, A4, 75, 00, ...] .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3552] C:\Windows\system32\KERNELBASE.dll!FreeLibrary + 1 000007fefd95b2c1 11 bytes [B8, 79, D0, A4, 75, 00, 00, ...] .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3552] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExA + 1 000007fefd95cec1 11 bytes [B8, F9, CC, A4, 75, 00, 00, ...] .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3552] C:\Windows\system32\KERNELBASE.dll!OpenMutexW + 1 000007fefd963c71 11 bytes [B8, F9, 4E, A4, 75, 00, 00, ...] .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3552] C:\Windows\system32\KERNELBASE.dll!WriteProcessMemory 000007fefd984300 12 bytes [48, B8, B9, 42, A4, 75, 00, ...] .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3552] C:\Windows\system32\KERNELBASE.dll!DefineDosDeviceW + 1 000007fefd990bc1 11 bytes [B8, B9, EA, A4, 75, 00, 00, ...] .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3552] C:\Windows\system32\KERNELBASE.dll!CreateRemoteThread + 1 000007fefd992821 8 bytes [B8, 39, 23, A4, 75, 00, 00, ...] .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3552] C:\Windows\system32\KERNELBASE.dll!CreateRemoteThread + 10 000007fefd99282a 2 bytes [50, C3] .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3552] C:\Windows\system32\KERNELBASE.dll!CreateThread + 1 000007fefd992861 11 bytes [B8, F9, 40, A4, 75, 00, 00, ...] .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3552] C:\Windows\system32\ADVAPI32.dll!CryptExportKey + 1 000007fefe00ae81 11 bytes [B8, 79, 16, A5, 75, 00, 00, ...] .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3552] C:\Windows\system32\ADVAPI32.dll!CryptAcquireContextA + 1 000007fefe00aee1 11 bytes [B8, 39, 03, A5, 75, 00, 00, ...] .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3552] C:\Windows\system32\ADVAPI32.dll!CryptImportKey + 1 000007fefe00e6e9 11 bytes [B8, B9, 1B, A5, 75, 00, 00, ...] .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3552] C:\Windows\system32\ADVAPI32.dll!CryptAcquireContextW + 1 000007fefe01048d 11 bytes [B8, F9, 04, A5, 75, 00, 00, ...] .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3552] C:\Windows\system32\ADVAPI32.dll!CryptCreateHash + 1 000007fefe010579 11 bytes [B8, B9, 14, A5, 75, 00, 00, ...] .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3552] C:\Windows\system32\ADVAPI32.dll!CryptGetHashParam + 1 000007fefe0105b1 11 bytes [B8, 39, 18, A5, 75, 00, 00, ...] .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3552] C:\Windows\system32\ADVAPI32.dll!CryptGetHashParam + 73 000007fefe0105f9 5 bytes [B8, F9, 19, A5, 75] .text ... * 2 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3552] C:\Windows\system32\ADVAPI32.dll!IsTextUnicode + 49 000007fefe024e21 11 bytes [B8, 39, 2D, A5, 75, 00, 00, ...] .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3552] C:\Windows\system32\ADVAPI32.dll!CreateServiceW 000007fefe025538 12 bytes [48, B8, B9, 6C, A4, 75, 00, ...] .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3552] C:\Windows\system32\ADVAPI32.dll!CryptEncrypt + 1 000007fefe03b9c1 7 bytes [B8, 79, 08, A5, 75, 00, 00] .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3552] C:\Windows\system32\ADVAPI32.dll!CryptEncrypt + 10 000007fefe03b9ca 2 bytes [50, C3] .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3552] C:\Windows\system32\ADVAPI32.dll!CreateServiceA 000007fefe03ba4c 12 bytes [48, B8, F9, 6A, A4, 75, 00, ...] .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3552] C:\Windows\system32\ADVAPI32.dll!ChangeServiceConfigW 000007fefe03bbc0 12 bytes [48, B8, 79, 60, A4, 75, 00, ...] .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3552] C:\Windows\system32\ADVAPI32.dll!ChangeServiceConfigA 000007fefe03bc2c 12 bytes [48, B8, B9, 5E, A4, 75, 00, ...] .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3552] C:\Windows\SYSTEM32\sechost.dll!ControlService + 1 000007fefe88642d 11 bytes [B8, 39, 5B, A4, 75, 00, 00, ...] .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3552] C:\Windows\SYSTEM32\sechost.dll!OpenServiceW 000007fefe886484 12 bytes [48, B8, F9, 55, A4, 75, 00, ...] .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3552] C:\Windows\SYSTEM32\sechost.dll!CloseServiceHandle + 1 000007fefe886519 11 bytes [B8, 39, 62, A4, 75, 00, 00, ...] .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3552] C:\Windows\SYSTEM32\sechost.dll!OpenServiceA 000007fefe886c34 12 bytes [48, B8, 39, 54, A4, 75, 00, ...] .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3552] C:\Windows\SYSTEM32\sechost.dll!DeleteService + 1 000007fefe887ab5 11 bytes [B8, F9, 5C, A4, 75, 00, 00, ...] .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3552] C:\Windows\SYSTEM32\sechost.dll!ControlServiceExA + 1 000007fefe888b01 11 bytes [B8, B9, 57, A4, 75, 00, 00, ...] .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3552] C:\Windows\SYSTEM32\sechost.dll!ControlServiceExW + 1 000007fefe888c39 11 bytes [B8, 79, 59, A4, 75, 00, 00, ...] .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3552] C:\Windows\system32\GDI32.dll!GdiDllInitialize + 349 000007feff8fb031 11 bytes [B8, F9, 2E, A5, 75, 00, 00, ...] .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3552] C:\Windows\system32\GDI32.dll!NamedEscape + 1 000007feff929209 11 bytes [B8, F9, 12, A5, 75, 00, 00, ...] .text C:\Windows\System32\igfxpers.exe[3576] C:\Windows\SYSTEM32\ntdll.dll!RtlEqualSid + 1 0000000077af85e1 11 bytes [B8, B9, 06, A5, 75, 00, 00, ...] .text C:\Windows\System32\igfxpers.exe[3576] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateProcessParametersEx + 1 0000000077b06921 7 bytes [B8, 39, 69, A4, 75, 00, 00] .text C:\Windows\System32\igfxpers.exe[3576] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateProcessParametersEx + 10 0000000077b0692a 2 bytes [50, C3] .text C:\Windows\System32\igfxpers.exe[3576] C:\Windows\SYSTEM32\ntdll.dll!NtClose 0000000077b1daa0 6 bytes [48, B8, 79, C2, A4, 75] .text C:\Windows\System32\igfxpers.exe[3576] C:\Windows\SYSTEM32\ntdll.dll!NtClose + 8 0000000077b1daa8 4 bytes [00, 00, 50, C3] .text C:\Windows\System32\igfxpers.exe[3576] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess 0000000077b1db70 6 bytes [48, B8, 39, AF, A4, 75] .text C:\Windows\System32\igfxpers.exe[3576] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess + 8 0000000077b1db78 4 bytes [00, 00, 50, C3] .text C:\Windows\System32\igfxpers.exe[3576] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationToken 0000000077b1dbc0 6 bytes [48, B8, F9, 04, A5, 75] .text C:\Windows\System32\igfxpers.exe[3576] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationToken + 8 0000000077b1dbc8 4 bytes [00, 00, 50, C3] .text C:\Windows\System32\igfxpers.exe[3576] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077b1dc10 6 bytes [48, B8, F9, 32, A4, 75] .text C:\Windows\System32\igfxpers.exe[3576] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess + 8 0000000077b1dc18 4 bytes [00, 00, 50, C3] .text C:\Windows\System32\igfxpers.exe[3576] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 0000000077b1dc30 6 bytes [48, B8, 39, 1C, A4, 75] .text C:\Windows\System32\igfxpers.exe[3576] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection + 8 0000000077b1dc38 4 bytes [00, 00, 50, C3] .text C:\Windows\System32\igfxpers.exe[3576] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection 0000000077b1dc50 6 bytes [48, B8, F9, 1D, A4, 75] .text C:\Windows\System32\igfxpers.exe[3576] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection + 8 0000000077b1dc58 4 bytes [00, 00, 50, C3] .text C:\Windows\System32\igfxpers.exe[3576] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077b1dc70 6 bytes [48, B8, 79, AD, A4, 75] .text C:\Windows\System32\igfxpers.exe[3576] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess + 8 0000000077b1dc78 4 bytes [00, 00, 50, C3] .text C:\Windows\System32\igfxpers.exe[3576] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077b1dd50 6 bytes [48, B8, 79, 2F, A4, 75] .text C:\Windows\System32\igfxpers.exe[3576] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory + 8 0000000077b1dd58 4 bytes [00, 00, 50, C3] .text C:\Windows\System32\igfxpers.exe[3576] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077b1dd70 6 bytes [48, B8, 79, 36, A4, 75] .text C:\Windows\System32\igfxpers.exe[3576] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject + 8 0000000077b1dd78 4 bytes [00, 00, 50, C3] .text C:\Windows\System32\igfxpers.exe[3576] C:\Windows\SYSTEM32\ntdll.dll!NtAdjustPrivilegesToken 0000000077b1ddc0 6 bytes [48, B8, 79, DE, A4, 75] .text C:\Windows\System32\igfxpers.exe[3576] C:\Windows\SYSTEM32\ntdll.dll!NtAdjustPrivilegesToken + 8 0000000077b1ddc8 4 bytes [00, 00, 50, C3] .text C:\Windows\System32\igfxpers.exe[3576] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 0000000077b1de00 6 bytes [48, B8, B9, 34, A4, 75] .text C:\Windows\System32\igfxpers.exe[3576] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread + 8 0000000077b1de08 4 bytes [00, 00, 50, C3] .text C:\Windows\System32\igfxpers.exe[3576] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcessEx 0000000077b1de80 6 bytes [48, B8, 39, 2A, A4, 75] .text C:\Windows\System32\igfxpers.exe[3576] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcessEx + 8 0000000077b1de88 4 bytes [00, 00, 50, C3] .text C:\Windows\System32\igfxpers.exe[3576] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077b1de90 6 bytes [48, B8, B9, 26, A4, 75] .text C:\Windows\System32\igfxpers.exe[3576] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread + 8 0000000077b1de98 4 bytes [00, 00, 50, C3] .text C:\Windows\System32\igfxpers.exe[3576] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 0000000077b1df00 6 bytes [48, B8, 39, E0, A4, 75] .text C:\Windows\System32\igfxpers.exe[3576] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile + 8 0000000077b1df08 4 bytes [00, 00, 50, C3] .text C:\Windows\System32\igfxpers.exe[3576] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcess 0000000077b1e3d0 6 bytes [48, B8, 79, 28, A4, 75] .text C:\Windows\System32\igfxpers.exe[3576] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcess + 8 0000000077b1e3d8 4 bytes [00, 00, 50, C3] .text C:\Windows\System32\igfxpers.exe[3576] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077b1e430 6 bytes [48, B8, F9, 24, A4, 75] .text C:\Windows\System32\igfxpers.exe[3576] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx + 8 0000000077b1e438 4 bytes [00, 00, 50, C3] .text C:\Windows\System32\igfxpers.exe[3576] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077b1e7a0 6 bytes [48, B8, 39, C4, A4, 75] .text C:\Windows\System32\igfxpers.exe[3576] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver + 8 0000000077b1e7a8 4 bytes [00, 00, 50, C3] .text C:\Windows\System32\igfxpers.exe[3576] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcessToken 0000000077b1e970 6 bytes [48, B8, 39, 03, A5, 75] .text C:\Windows\System32\igfxpers.exe[3576] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcessToken + 8 0000000077b1e978 4 bytes [00, 00, 50, C3] .text C:\Windows\System32\igfxpers.exe[3576] C:\Windows\SYSTEM32\ntdll.dll!NtRaiseHardError 0000000077b1ece0 6 bytes [48, B8, 79, 83, A4, 75] .text C:\Windows\System32\igfxpers.exe[3576] C:\Windows\SYSTEM32\ntdll.dll!NtRaiseHardError + 8 0000000077b1ece8 4 bytes [00, 00, 50, C3] .text C:\Windows\System32\igfxpers.exe[3576] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077b1eee0 6 bytes [48, B8, 39, 31, A4, 75] .text C:\Windows\System32\igfxpers.exe[3576] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread + 8 0000000077b1eee8 4 bytes [00, 00, 50, C3] .text C:\Windows\System32\igfxpers.exe[3576] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077b1f0a0 6 bytes [48, B8, F9, C5, A4, 75] .text C:\Windows\System32\igfxpers.exe[3576] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation + 8 0000000077b1f0a8 4 bytes [00, 00, 50, C3] .text C:\Windows\System32\igfxpers.exe[3576] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077b1f180 6 bytes [48, B8, 79, 3D, A4, 75] .text C:\Windows\System32\igfxpers.exe[3576] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess + 8 0000000077b1f188 4 bytes [00, 00, 50, C3] .text C:\Windows\System32\igfxpers.exe[3576] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077b1f190 6 bytes [48, B8, B9, 3B, A4, 75] .text C:\Windows\System32\igfxpers.exe[3576] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread + 8 0000000077b1f198 4 bytes [00, 00, 50, C3] .text C:\Windows\System32\igfxpers.exe[3576] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077b1f280 6 bytes [48, B8, F9, 0B, A5, 75] .text C:\Windows\System32\igfxpers.exe[3576] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl + 8 0000000077b1f288 4 bytes [00, 00, 50, C3] .text C:\Windows\System32\igfxpers.exe[3576] C:\Windows\SYSTEM32\ntdll.dll!RtlReportException + 1 0000000077b8f0c1 11 bytes [B8, 39, 85, A4, 75, 00, 00, ...] .text C:\Windows\System32\igfxpers.exe[3576] C:\Windows\system32\kernel32.dll!Process32NextW + 1 00000000779b1b21 11 bytes [B8, B9, C0, A4, 75, 00, 00, ...] .text C:\Windows\System32\igfxpers.exe[3576] C:\Windows\system32\kernel32.dll!CreateToolhelp32Snapshot 00000000779b1c10 12 bytes [48, B8, F9, 39, A4, 75, 00, ...] .text C:\Windows\System32\igfxpers.exe[3576] C:\Windows\system32\kernel32.dll!MoveFileExW + 1 00000000779b2b61 8 bytes [B8, B9, D5, A4, 75, 00, 00, ...] .text C:\Windows\System32\igfxpers.exe[3576] C:\Windows\system32\kernel32.dll!MoveFileExW + 10 00000000779b2b6a 2 bytes [50, C3] .text C:\Windows\System32\igfxpers.exe[3576] C:\Windows\system32\kernel32.dll!CreateProcessInternalW 00000000779cdb10 12 bytes [48, B8, B9, 2D, A4, 75, 00, ...] .text C:\Windows\System32\igfxpers.exe[3576] C:\Windows\system32\kernel32.dll!GetStartupInfoA + 1 00000000779d0951 11 bytes [B8, 39, 0A, A5, 75, 00, 00, ...] .text C:\Windows\System32\igfxpers.exe[3576] C:\Windows\system32\kernel32.dll!ReadConsoleInputW + 1 0000000077a052c1 11 bytes [B8, B9, 7A, A4, 75, 00, 00, ...] .text C:\Windows\System32\igfxpers.exe[3576] C:\Windows\system32\kernel32.dll!ReadConsoleInputA + 1 0000000077a052e1 11 bytes [B8, 39, 77, A4, 75, 00, 00, ...] .text C:\Windows\System32\igfxpers.exe[3576] C:\Windows\system32\kernel32.dll!ReadConsoleW 0000000077a1a630 12 bytes [48, B8, B9, 81, A4, 75, 00, ...] .text C:\Windows\System32\igfxpers.exe[3576] C:\Windows\system32\kernel32.dll!ReadConsoleA 0000000077a1a740 12 bytes [48, B8, 39, 7E, A4, 75, 00, ...] .text C:\Windows\System32\igfxpers.exe[3576] C:\Windows\system32\kernel32.dll!MoveFileWithProgressW + 1 0000000077a3f4e1 11 bytes [B8, B9, DC, A4, 75, 00, 00, ...] .text C:\Windows\System32\igfxpers.exe[3576] C:\Windows\system32\kernel32.dll!MoveFileWithProgressA + 1 0000000077a3f6e1 11 bytes [B8, 39, D9, A4, 75, 00, 00, ...] .text C:\Windows\System32\igfxpers.exe[3576] C:\Windows\system32\kernel32.dll!MoveFileExA + 1 0000000077a3f711 8 bytes [B8, 39, D2, A4, 75, 00, 00, ...] .text C:\Windows\System32\igfxpers.exe[3576] C:\Windows\system32\kernel32.dll!MoveFileExA + 10 0000000077a3f71a 2 bytes [50, C3] .text C:\Windows\System32\igfxpers.exe[3576] C:\Windows\system32\KERNELBASE.dll!CloseHandle + 1 000007fefd951861 11 bytes [B8, 79, 52, A4, 75, 00, 00, ...] .text C:\Windows\System32\igfxpers.exe[3576] C:\Windows\system32\KERNELBASE.dll!GetProcAddress + 1 000007fefd9530f1 11 bytes [B8, 39, B6, A4, 75, 00, 00, ...] .text C:\Windows\System32\igfxpers.exe[3576] C:\Windows\system32\KERNELBASE.dll!FindFirstFileExW 000007fefd954a20 12 bytes [48, B8, B9, E3, A4, 75, 00, ...] .text C:\Windows\System32\igfxpers.exe[3576] C:\Windows\system32\KERNELBASE.dll!FindNextFileW + 1 000007fefd955501 11 bytes [B8, 79, E5, A4, 75, 00, 00, ...] .text C:\Windows\System32\igfxpers.exe[3576] C:\Windows\system32\KERNELBASE.dll!CreateMutexW 000007fefd9585b0 12 bytes [48, B8, B9, 50, A4, 75, 00, ...] .text C:\Windows\System32\igfxpers.exe[3576] C:\Windows\system32\KERNELBASE.dll!DeviceIoControl + 1 000007fefd9590a1 11 bytes [B8, F9, E1, A4, 75, 00, 00, ...] .text C:\Windows\System32\igfxpers.exe[3576] C:\Windows\system32\KERNELBASE.dll!CreateWellKnownSid + 1 000007fefd95a881 11 bytes [B8, 79, 01, A5, 75, 00, 00, ...] .text C:\Windows\System32\igfxpers.exe[3576] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd95ac50 12 bytes [48, B8, B9, B2, A4, 75, 00, ...] .text C:\Windows\System32\igfxpers.exe[3576] C:\Windows\system32\KERNELBASE.dll!FreeLibrary + 1 000007fefd95b2c1 11 bytes [B8, 79, B4, A4, 75, 00, 00, ...] .text C:\Windows\System32\igfxpers.exe[3576] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExA + 1 000007fefd95cec1 11 bytes [B8, F9, B0, A4, 75, 00, 00, ...] .text C:\Windows\System32\igfxpers.exe[3576] C:\Windows\system32\KERNELBASE.dll!OpenMutexW + 1 000007fefd963c71 11 bytes [B8, F9, 4E, A4, 75, 00, 00, ...] .text C:\Windows\System32\igfxpers.exe[3576] C:\Windows\system32\KERNELBASE.dll!WriteProcessMemory 000007fefd984300 12 bytes [48, B8, B9, 42, A4, 75, 00, ...] .text C:\Windows\System32\igfxpers.exe[3576] C:\Windows\system32\KERNELBASE.dll!DefineDosDeviceW + 1 000007fefd990bc1 11 bytes [B8, B9, CE, A4, 75, 00, 00, ...] .text C:\Windows\System32\igfxpers.exe[3576] C:\Windows\system32\KERNELBASE.dll!CreateRemoteThread + 1 000007fefd992821 8 bytes [B8, 39, 23, A4, 75, 00, 00, ...] .text C:\Windows\System32\igfxpers.exe[3576] C:\Windows\system32\KERNELBASE.dll!CreateRemoteThread + 10 000007fefd99282a 2 bytes [50, C3] .text C:\Windows\System32\igfxpers.exe[3576] C:\Windows\system32\KERNELBASE.dll!CreateThread + 1 000007fefd992861 11 bytes [B8, F9, 40, A4, 75, 00, 00, ...] .text C:\Windows\System32\igfxpers.exe[3576] C:\Windows\system32\GDI32.dll!GdiDllInitialize + 349 000007feff8fb031 11 bytes [B8, F9, 12, A5, 75, 00, 00, ...] .text C:\Windows\System32\igfxpers.exe[3576] C:\Windows\system32\GDI32.dll!NamedEscape + 1 000007feff929209 11 bytes [B8, F9, F6, A4, 75, 00, 00, ...] .text C:\Windows\System32\igfxpers.exe[3576] C:\Windows\system32\ADVAPI32.dll!CryptExportKey + 1 000007fefe00ae81 11 bytes [B8, 79, FA, A4, 75, 00, 00, ...] .text C:\Windows\System32\igfxpers.exe[3576] C:\Windows\system32\ADVAPI32.dll!CryptAcquireContextA + 1 000007fefe00aee1 11 bytes [B8, 39, E7, A4, 75, 00, 00, ...] .text C:\Windows\System32\igfxpers.exe[3576] C:\Windows\system32\ADVAPI32.dll!CryptImportKey + 1 000007fefe00e6e9 11 bytes [B8, B9, FF, A4, 75, 00, 00, ...] .text C:\Windows\System32\igfxpers.exe[3576] C:\Windows\system32\ADVAPI32.dll!CryptAcquireContextW + 1 000007fefe01048d 11 bytes [B8, F9, E8, A4, 75, 00, 00, ...] .text C:\Windows\System32\igfxpers.exe[3576] C:\Windows\system32\ADVAPI32.dll!CryptCreateHash + 1 000007fefe010579 11 bytes [B8, B9, F8, A4, 75, 00, 00, ...] .text C:\Windows\System32\igfxpers.exe[3576] C:\Windows\system32\ADVAPI32.dll!CryptGetHashParam + 1 000007fefe0105b1 11 bytes [B8, 39, FC, A4, 75, 00, 00, ...] .text C:\Windows\System32\igfxpers.exe[3576] C:\Windows\system32\ADVAPI32.dll!CryptGetHashParam + 73 000007fefe0105f9 5 bytes [B8, F9, FD, A4, 75] .text ... * 2 .text C:\Windows\System32\igfxpers.exe[3576] C:\Windows\system32\ADVAPI32.dll!IsTextUnicode + 49 000007fefe024e21 11 bytes [B8, B9, 14, A5, 75, 00, 00, ...] .text C:\Windows\System32\igfxpers.exe[3576] C:\Windows\system32\ADVAPI32.dll!CreateServiceW 000007fefe025538 12 bytes [48, B8, B9, 6C, A4, 75, 00, ...] .text C:\Windows\System32\igfxpers.exe[3576] C:\Windows\system32\ADVAPI32.dll!CryptEncrypt + 1 000007fefe03b9c1 7 bytes [B8, 79, EC, A4, 75, 00, 00] .text C:\Windows\System32\igfxpers.exe[3576] C:\Windows\system32\ADVAPI32.dll!CryptEncrypt + 10 000007fefe03b9ca 2 bytes [50, C3] .text C:\Windows\System32\igfxpers.exe[3576] C:\Windows\system32\ADVAPI32.dll!CreateServiceA 000007fefe03ba4c 12 bytes [48, B8, F9, 6A, A4, 75, 00, ...] .text C:\Windows\System32\igfxpers.exe[3576] C:\Windows\system32\ADVAPI32.dll!ChangeServiceConfigW 000007fefe03bbc0 12 bytes [48, B8, 79, 60, A4, 75, 00, ...] .text C:\Windows\System32\igfxpers.exe[3576] C:\Windows\system32\ADVAPI32.dll!ChangeServiceConfigA 000007fefe03bc2c 12 bytes [48, B8, B9, 5E, A4, 75, 00, ...] .text C:\Windows\System32\igfxpers.exe[3576] C:\Windows\SYSTEM32\sechost.dll!ControlService + 1 000007fefe88642d 11 bytes [B8, 39, 5B, A4, 75, 00, 00, ...] .text C:\Windows\System32\igfxpers.exe[3576] C:\Windows\SYSTEM32\sechost.dll!OpenServiceW 000007fefe886484 12 bytes [48, B8, F9, 55, A4, 75, 00, ...] .text C:\Windows\System32\igfxpers.exe[3576] C:\Windows\SYSTEM32\sechost.dll!CloseServiceHandle + 1 000007fefe886519 11 bytes [B8, 39, 62, A4, 75, 00, 00, ...] .text C:\Windows\System32\igfxpers.exe[3576] C:\Windows\SYSTEM32\sechost.dll!OpenServiceA 000007fefe886c34 12 bytes [48, B8, 39, 54, A4, 75, 00, ...] .text C:\Windows\System32\igfxpers.exe[3576] C:\Windows\SYSTEM32\sechost.dll!DeleteService + 1 000007fefe887ab5 11 bytes [B8, F9, 5C, A4, 75, 00, 00, ...] .text C:\Windows\System32\igfxpers.exe[3576] C:\Windows\SYSTEM32\sechost.dll!ControlServiceExA + 1 000007fefe888b01 11 bytes [B8, B9, 57, A4, 75, 00, 00, ...] .text C:\Windows\System32\igfxpers.exe[3576] C:\Windows\SYSTEM32\sechost.dll!ControlServiceExW + 1 000007fefe888c39 11 bytes [B8, 79, 59, A4, 75, 00, 00, ...] .text C:\Program Files (x86)\ScreenShooter\screenshooter.exe[3580] C:\Windows\SysWOW64\ntdll.dll!NtClose 0000000077ccfa20 5 bytes JMP 000000007ef367e1 .text C:\Program Files (x86)\ScreenShooter\screenshooter.exe[3580] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationProcess 0000000077ccfb68 5 bytes JMP 000000007ef361f1 .text C:\Program Files (x86)\ScreenShooter\screenshooter.exe[3580] C:\Windows\SysWOW64\ntdll.dll!NtQueryInformationToken 0000000077ccfbe8 5 bytes JMP 000000007ef37dd9 .text C:\Program Files (x86)\ScreenShooter\screenshooter.exe[3580] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess 0000000077ccfc60 5 bytes JMP 000000007ef331d9 .text C:\Program Files (x86)\ScreenShooter\screenshooter.exe[3580] C:\Windows\SysWOW64\ntdll.dll!NtMapViewOfSection 0000000077ccfc90 5 bytes JMP 000000007ef315f1 .text C:\Program Files (x86)\ScreenShooter\screenshooter.exe[3580] C:\Windows\SysWOW64\ntdll.dll!NtUnmapViewOfSection 0000000077ccfcc0 5 bytes JMP 000000007ef31689 .text C:\Program Files (x86)\ScreenShooter\screenshooter.exe[3580] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 0000000077ccfcf0 5 bytes JMP 000000007ef36159 .text C:\Program Files (x86)\ScreenShooter\screenshooter.exe[3580] C:\Windows\SysWOW64\ntdll.dll!NtWriteVirtualMemory 0000000077ccfe54 5 bytes JMP 000000007ef330a9 .text C:\Program Files (x86)\ScreenShooter\screenshooter.exe[3580] C:\Windows\SysWOW64\ntdll.dll!NtDuplicateObject 0000000077ccfe84 5 bytes JMP 000000007ef33309 .text C:\Program Files (x86)\ScreenShooter\screenshooter.exe[3580] C:\Windows\SysWOW64\ntdll.dll!NtAdjustPrivilegesToken 0000000077ccff00 5 bytes JMP 000000007ef37161 .text C:\Program Files (x86)\ScreenShooter\screenshooter.exe[3580] C:\Windows\SysWOW64\ntdll.dll!NtQueueApcThread 0000000077ccff64 5 bytes JMP 000000007ef33271 .text C:\Program Files (x86)\ScreenShooter\screenshooter.exe[3580] C:\Windows\SysWOW64\ntdll.dll!NtCreateProcessEx 0000000077cd002c 5 bytes JMP 000000007ef32ee1 .text C:\Program Files (x86)\ScreenShooter\screenshooter.exe[3580] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread 0000000077cd0044 5 bytes JMP 000000007ef32db1 .text C:\Program Files (x86)\ScreenShooter\screenshooter.exe[3580] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile 0000000077cd00f4 5 bytes JMP 000000007ef31ed9 .text C:\Program Files (x86)\ScreenShooter\screenshooter.exe[3580] C:\Windows\SysWOW64\ntdll.dll!NtSetValueKey 0000000077cd0204 5 bytes JMP 000000007ef32301 .text C:\Program Files (x86)\ScreenShooter\screenshooter.exe[3580] C:\Windows\SysWOW64\ntdll.dll!NtCreateProcess 0000000077cd0854 5 bytes JMP 000000007ef32e49 .text C:\Program Files (x86)\ScreenShooter\screenshooter.exe[3580] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx 0000000077cd08e4 5 bytes JMP 000000007ef32d19 .text C:\Program Files (x86)\ScreenShooter\screenshooter.exe[3580] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver 0000000077cd0e34 5 bytes JMP 000000007ef36879 .text C:\Program Files (x86)\ScreenShooter\screenshooter.exe[3580] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessToken 0000000077cd1100 5 bytes JMP 000000007ef37d41 .text C:\Program Files (x86)\ScreenShooter\screenshooter.exe[3580] C:\Windows\SysWOW64\ntdll.dll!NtRaiseHardError 0000000077cd1644 5 bytes JMP 000000007ef34ac9 .text C:\Program Files (x86)\ScreenShooter\screenshooter.exe[3580] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread 0000000077cd1960 5 bytes JMP 000000007ef33141 .text C:\Program Files (x86)\ScreenShooter\screenshooter.exe[3580] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation 0000000077cd1c24 5 bytes JMP 000000007ef36911 .text C:\Program Files (x86)\ScreenShooter\screenshooter.exe[3580] C:\Windows\SysWOW64\ntdll.dll!NtSuspendProcess 0000000077cd1d94 5 bytes JMP 000000007ef33439 .text C:\Program Files (x86)\ScreenShooter\screenshooter.exe[3580] C:\Windows\SysWOW64\ntdll.dll!NtSuspendThread 0000000077cd1db0 5 bytes JMP 000000007ef333a1 .text C:\Program Files (x86)\ScreenShooter\screenshooter.exe[3580] C:\Windows\SysWOW64\ntdll.dll!NtVdmControl 0000000077cd1f28 5 bytes JMP 000000007ef37f09 .text C:\Program Files (x86)\ScreenShooter\screenshooter.exe[3580] C:\Windows\SysWOW64\ntdll.dll!RtlQueryPerformanceCounter 0000000077ce28e4 5 bytes JMP 000000007ef31ab1 .text C:\Program Files (x86)\ScreenShooter\screenshooter.exe[3580] C:\Windows\SysWOW64\ntdll.dll!RtlEqualSid 0000000077ce8e61 5 bytes JMP 000000007ef37e71 .text C:\Program Files (x86)\ScreenShooter\screenshooter.exe[3580] C:\Windows\SysWOW64\ntdll.dll!RtlCreateProcessParametersEx 0000000077d10eab 5 bytes JMP 000000007ef32009 .text C:\Program Files (x86)\ScreenShooter\screenshooter.exe[3580] C:\Windows\SysWOW64\ntdll.dll!RtlReportException 0000000077d58b7f 5 bytes JMP 000000007ef34b61 .text C:\Program Files (x86)\ScreenShooter\screenshooter.exe[3580] C:\Windows\SysWOW64\ntdll.dll!RtlCreateProcessParameters 0000000077d5ee1b 5 bytes JMP 000000007ef31f71 .text C:\Program Files (x86)\ScreenShooter\screenshooter.exe[3580] C:\Windows\syswow64\kernel32.dll!GetStartupInfoA 0000000075a90e00 5 bytes JMP 000000007ef31da9 .text C:\Program Files (x86)\ScreenShooter\screenshooter.exe[3580] C:\Windows\syswow64\kernel32.dll!CreateProcessA 0000000075a91072 5 bytes JMP 000000007ef32a21 .text C:\Program Files (x86)\ScreenShooter\screenshooter.exe[3580] C:\Windows\syswow64\kernel32.dll!LoadLibraryA 0000000075a94977 5 bytes JMP 000000007ef325f9 .text C:\Program Files (x86)\ScreenShooter\screenshooter.exe[3580] C:\Windows\syswow64\kernel32.dll!CreateProcessInternalW 0000000075aa3b93 5 bytes JMP 000000007ef33011 .text C:\Program Files (x86)\ScreenShooter\screenshooter.exe[3580] C:\Windows\syswow64\kernel32.dll!MoveFileWithProgressW 0000000075aa9a8c 5 bytes JMP 000000007ef370c9 .text C:\Program Files (x86)\ScreenShooter\screenshooter.exe[3580] C:\Windows\syswow64\kernel32.dll!MoveFileExW 0000000075aa9aed 5 bytes JMP 000000007ef36e69 .text C:\Program Files (x86)\ScreenShooter\screenshooter.exe[3580] C:\Windows\syswow64\kernel32.dll!CreateToolhelp32Snapshot 0000000075ab7317 5 bytes JMP 000000007ef32729 .text C:\Program Files (x86)\ScreenShooter\screenshooter.exe[3580] C:\Windows\syswow64\kernel32.dll!Process32NextW 0000000075ab88ca 5 bytes JMP 000000007ef36749 .text C:\Program Files (x86)\ScreenShooter\screenshooter.exe[3580] C:\Windows\syswow64\kernel32.dll!MoveFileExA 0000000075abccb1 5 bytes JMP 000000007ef36d39 .text C:\Program Files (x86)\ScreenShooter\screenshooter.exe[3580] C:\Windows\syswow64\kernel32.dll!MoveFileWithProgressA 0000000075abccd1 5 bytes JMP 000000007ef36f99 .text C:\Program Files (x86)\ScreenShooter\screenshooter.exe[3580] C:\Windows\syswow64\kernel32.dll!WinExec 0000000075b13061 5 bytes JMP 000000007ef328f1 .text C:\Program Files (x86)\ScreenShooter\screenshooter.exe[3580] C:\Windows\syswow64\kernel32.dll!ReadConsoleInputA 0000000075b3752b 5 bytes JMP 000000007ef346a1 .text C:\Program Files (x86)\ScreenShooter\screenshooter.exe[3580] C:\Windows\syswow64\kernel32.dll!ReadConsoleInputW 0000000075b3754e 5 bytes JMP 000000007ef347d1 .text C:\Program Files (x86)\ScreenShooter\screenshooter.exe[3580] C:\Windows\syswow64\kernel32.dll!ReadConsoleA 0000000075b378f9 5 bytes JMP 000000007ef34901 .text C:\Program Files (x86)\ScreenShooter\screenshooter.exe[3580] C:\Windows\syswow64\kernel32.dll!ReadConsoleW 0000000075b37972 5 bytes JMP 000000007ef34a31 .text C:\Program Files (x86)\ScreenShooter\screenshooter.exe[3580] C:\Windows\syswow64\KERNELBASE.dll!GetSystemTimeAsFileTime 0000000075a38f8d 5 bytes JMP 000000007ef31a19 .text C:\Program Files (x86)\ScreenShooter\screenshooter.exe[3580] C:\Windows\syswow64\KERNELBASE.dll!CloseHandle 0000000075a3c436 5 bytes JMP 000000007ef33b59 .text C:\Program Files (x86)\ScreenShooter\screenshooter.exe[3580] C:\Windows\syswow64\KERNELBASE.dll!DeviceIoControl 0000000075a3d0af 5 bytes JMP 000000007ef371f9 .text C:\Program Files (x86)\ScreenShooter\screenshooter.exe[3580] C:\Windows\syswow64\KERNELBASE.dll!WriteProcessMemory 0000000075a3eca6 5 bytes JMP 000000007ef33601 .text C:\Program Files (x86)\ScreenShooter\screenshooter.exe[3580] C:\Windows\syswow64\KERNELBASE.dll!ExitProcess 0000000075a3f206 5 bytes JMP 000000007ef32399 .text C:\Program Files (x86)\ScreenShooter\screenshooter.exe[3580] C:\Windows\syswow64\KERNELBASE.dll!GetStartupInfoW 0000000075a3fa89 5 bytes JMP 000000007ef31e41 .text C:\Program Files (x86)\ScreenShooter\screenshooter.exe[3580] C:\Windows\syswow64\KERNELBASE.dll!DefineDosDeviceW 0000000075a3fbb7 5 bytes JMP 000000007ef36c09 .text C:\Program Files (x86)\ScreenShooter\screenshooter.exe[3580] C:\Windows\syswow64\KERNELBASE.dll!CreateMutexW 0000000075a41358 5 bytes JMP 000000007ef33ac1 .text C:\Program Files (x86)\ScreenShooter\screenshooter.exe[3580] C:\Windows\syswow64\KERNELBASE.dll!OpenMutexW 0000000075a4137f 5 bytes JMP 000000007ef33a29 .text C:\Program Files (x86)\ScreenShooter\screenshooter.exe[3580] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000075a41d29 5 bytes JMP 000000007ef31981 .text C:\Program Files (x86)\ScreenShooter\screenshooter.exe[3580] C:\Windows\syswow64\KERNELBASE.dll!GetProcAddress 0000000075a41e15 5 bytes JMP 000000007ef324c9 .text C:\Program Files (x86)\ScreenShooter\screenshooter.exe[3580] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000075a42ab1 5 bytes JMP 000000007ef36321 .text C:\Program Files (x86)\ScreenShooter\screenshooter.exe[3580] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExA 0000000075a42cdf 5 bytes JMP 000000007ef36289 .text C:\Program Files (x86)\ScreenShooter\screenshooter.exe[3580] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000075a42d1d 5 bytes JMP 000000007ef363b9 .text C:\Program Files (x86)\ScreenShooter\screenshooter.exe[3580] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleA 0000000075a42e80 5 bytes JMP 000000007ef318e9 .text C:\Program Files (x86)\ScreenShooter\screenshooter.exe[3580] C:\Windows\syswow64\KERNELBASE.dll!SleepEx 0000000075a43b76 5 bytes JMP 000000007ef32269 .text C:\Program Files (x86)\ScreenShooter\screenshooter.exe[3580] C:\Windows\syswow64\KERNELBASE.dll!Sleep 0000000075a4449c 5 bytes JMP 000000007ef32431 .text C:\Program Files (x86)\ScreenShooter\screenshooter.exe[3580] C:\Windows\syswow64\KERNELBASE.dll!CreateThread 0000000075a4460e 5 bytes JMP 000000007ef33569 .text C:\Program Files (x86)\ScreenShooter\screenshooter.exe[3580] C:\Windows\syswow64\KERNELBASE.dll!CreateRemoteThread 0000000075a44637 5 bytes JMP 000000007ef32c81 .text C:\Program Files (x86)\ScreenShooter\screenshooter.exe[3580] C:\Windows\syswow64\KERNELBASE.dll!FindNextFileW 0000000075a4a217 5 bytes JMP 000000007ef37329 .text C:\Program Files (x86)\ScreenShooter\screenshooter.exe[3580] C:\Windows\syswow64\KERNELBASE.dll!FindFirstFileExW 0000000075a4a500 5 bytes JMP 000000007ef37291 .text C:\Program Files (x86)\ScreenShooter\screenshooter.exe[3580] C:\Windows\syswow64\KERNELBASE.dll!CreateFileA 0000000075a4c73a 5 bytes JMP 000000007ef327c1 .text C:\Program Files (x86)\ScreenShooter\screenshooter.exe[3580] C:\Windows\syswow64\KERNELBASE.dll!CreateWellKnownSid 0000000075a4e2a4 5 bytes JMP 000000007ef37ca9 .text C:\Program Files (x86)\ScreenShooter\screenshooter.exe[3580] C:\Windows\syswow64\msvcrt.dll!_lock + 41 0000000075b9a472 5 bytes JMP 000000007ef380d1 .text C:\Program Files (x86)\ScreenShooter\screenshooter.exe[3580] C:\Windows\syswow64\msvcrt.dll!__p__fmode 0000000075ba27ce 5 bytes JMP 000000007ef31be1 .text C:\Program Files (x86)\ScreenShooter\screenshooter.exe[3580] C:\Windows\syswow64\msvcrt.dll!__p__environ 0000000075bae6cf 5 bytes JMP 000000007ef31b49 .text C:\Program Files (x86)\ScreenShooter\screenshooter.exe[3580] C:\Windows\syswow64\USER32.dll!GetMessageW 0000000076e278e2 5 bytes JMP 000000007ef34441 .text C:\Program Files (x86)\ScreenShooter\screenshooter.exe[3580] C:\Windows\syswow64\USER32.dll!GetMessageA 0000000076e27bd3 5 bytes JMP 000000007ef343a9 .text C:\Program Files (x86)\ScreenShooter\screenshooter.exe[3580] C:\Windows\syswow64\USER32.dll!CreateWindowExW 0000000076e28a29 5 bytes JMP 000000007ef35909 .text C:\Program Files (x86)\ScreenShooter\screenshooter.exe[3580] C:\Windows\syswow64\USER32.dll!FindWindowW 0000000076e298fd 5 bytes JMP 000000007ef36581 .text C:\Program Files (x86)\ScreenShooter\screenshooter.exe[3580] C:\Windows\syswow64\USER32.dll!UserClientDllInitialize 0000000076e2b6ed 5 bytes JMP 000000007ef38169 .text C:\Program Files (x86)\ScreenShooter\screenshooter.exe[3580] C:\Windows\syswow64\USER32.dll!CreateWindowExA 0000000076e2d22e 5 bytes JMP 000000007ef359a1 .text C:\Program Files (x86)\ScreenShooter\screenshooter.exe[3580] C:\Windows\syswow64\USER32.dll!SetWinEventHook 0000000076e2ee09 5 bytes JMP 000000007ef334d1 .text C:\Program Files (x86)\ScreenShooter\screenshooter.exe[3580] C:\Windows\syswow64\USER32.dll!FindWindowA 0000000076e2ffe6 5 bytes JMP 000000007ef36451 .text C:\Program Files (x86)\ScreenShooter\screenshooter.exe[3580] C:\Windows\syswow64\USER32.dll!FindWindowExA 0000000076e300d9 5 bytes JMP 000000007ef364e9 .text C:\Program Files (x86)\ScreenShooter\screenshooter.exe[3580] C:\Windows\syswow64\USER32.dll!PeekMessageW 0000000076e305ba 5 bytes JMP 000000007ef34571 .text C:\Program Files (x86)\ScreenShooter\screenshooter.exe[3580] C:\Windows\syswow64\USER32.dll!ShowWindow 0000000076e30dfb 5 bytes JMP 000000007ef35a39 .text C:\Program Files (x86)\ScreenShooter\screenshooter.exe[3580] C:\Windows\syswow64\USER32.dll!PostMessageW 0000000076e312a5 5 bytes JMP 000000007ef38039 .text C:\Program Files (x86)\ScreenShooter\screenshooter.exe[3580] C:\Windows\syswow64\USER32.dll!SetWindowTextW 0000000076e320ec 5 bytes JMP 000000007ef35dc9 .text C:\Program Files (x86)\ScreenShooter\screenshooter.exe[3580] C:\Windows\syswow64\USER32.dll!PostMessageA 0000000076e33baa 5 bytes JMP 000000007ef37fa1 .text C:\Program Files (x86)\ScreenShooter\screenshooter.exe[3580] C:\Windows\syswow64\USER32.dll!PeekMessageA 0000000076e35f74 5 bytes JMP 000000007ef344d9 .text C:\Program Files (x86)\ScreenShooter\screenshooter.exe[3580] C:\Windows\syswow64\USER32.dll!CallNextHookEx 0000000076e36285 5 bytes JMP 000000007ef34bf9 .text C:\Program Files (x86)\ScreenShooter\screenshooter.exe[3580] C:\Windows\syswow64\USER32.dll!SetWindowsHookExW 0000000076e37603 5 bytes JMP 000000007ef32be9 .text C:\Program Files (x86)\ScreenShooter\screenshooter.exe[3580] C:\Windows\syswow64\USER32.dll!SetWindowTextA 0000000076e37aee 5 bytes JMP 000000007ef35d31 .text C:\Program Files (x86)\ScreenShooter\screenshooter.exe[3580] C:\Windows\syswow64\USER32.dll!SetWindowsHookExA 0000000076e3835c 5 bytes JMP 000000007ef32b51 .text C:\Program Files (x86)\ScreenShooter\screenshooter.exe[3580] C:\Windows\syswow64\USER32.dll!DialogBoxIndirectParamAorW 0000000076e4ce54 5 bytes JMP 000000007ef35b69 .text C:\Program Files (x86)\ScreenShooter\screenshooter.exe[3580] C:\Windows\syswow64\USER32.dll!UnhookWindowsHookEx 0000000076e4f52b 5 bytes JMP 000000007ef34c91 .text C:\Program Files (x86)\ScreenShooter\screenshooter.exe[3580] C:\Windows\syswow64\USER32.dll!FindWindowExW 0000000076e4f588 5 bytes JMP 000000007ef36619 .text C:\Program Files (x86)\ScreenShooter\screenshooter.exe[3580] C:\Windows\syswow64\USER32.dll!CreateDialogIndirectParamAorW 0000000076e510a0 5 bytes JMP 000000007ef35ad1 .text C:\Program Files (x86)\ScreenShooter\screenshooter.exe[3580] C:\Windows\syswow64\USER32.dll!MessageBoxExA 0000000076e7fcd6 5 bytes JMP 000000007ef35c01 .text C:\Program Files (x86)\ScreenShooter\screenshooter.exe[3580] C:\Windows\syswow64\USER32.dll!MessageBoxExW 0000000076e7fcfa 5 bytes JMP 000000007ef35c99 .text C:\Program Files (x86)\ScreenShooter\screenshooter.exe[3580] C:\Windows\syswow64\GDI32.dll!TranslateCharsetInfo + 505 0000000076b4633b 5 bytes JMP 000000007ef38201 .text C:\Program Files (x86)\ScreenShooter\screenshooter.exe[3580] C:\Windows\syswow64\GDI32.dll!NamedEscape 0000000076b740e9 5 bytes JMP 000000007ef37919 .text C:\Program Files (x86)\ScreenShooter\screenshooter.exe[3580] C:\Windows\syswow64\ADVAPI32.dll!CryptGenKey 0000000075698e89 5 bytes JMP 000000007ef374f1 .text C:\Program Files (x86)\ScreenShooter\screenshooter.exe[3580] C:\Windows\syswow64\ADVAPI32.dll!CryptAcquireContextA 0000000075699179 5 bytes JMP 000000007ef373c1 .text C:\Program Files (x86)\ScreenShooter\screenshooter.exe[3580] C:\Windows\syswow64\ADVAPI32.dll!CryptExportKey 0000000075699186 5 bytes JMP 000000007ef37a49 .text C:\Program Files (x86)\ScreenShooter\screenshooter.exe[3580] C:\Windows\syswow64\ADVAPI32.dll!CryptImportKey 000000007569c4d2 5 bytes JMP 000000007ef37c11 .text C:\Program Files (x86)\ScreenShooter\screenshooter.exe[3580] C:\Windows\syswow64\ADVAPI32.dll!OpenServiceW 000000007569c9ec 5 bytes JMP 000000007ef33c89 .text C:\Program Files (x86)\ScreenShooter\screenshooter.exe[3580] C:\Windows\syswow64\ADVAPI32.dll!CryptAcquireContextW 000000007569deb4 5 bytes JMP 000000007ef37459 .text C:\Program Files (x86)\ScreenShooter\screenshooter.exe[3580] C:\Windows\syswow64\ADVAPI32.dll!CryptHashData 000000007569ded6 5 bytes JMP 000000007ef37b79 .text C:\Program Files (x86)\ScreenShooter\screenshooter.exe[3580] C:\Windows\syswow64\ADVAPI32.dll!CryptCreateHash 000000007569deee 5 bytes JMP 000000007ef379b1 .text C:\Program Files (x86)\ScreenShooter\screenshooter.exe[3580] C:\Windows\syswow64\ADVAPI32.dll!CryptGetHashParam 000000007569df1e 5 bytes JMP 000000007ef37ae1 .text C:\Program Files (x86)\ScreenShooter\screenshooter.exe[3580] C:\Windows\syswow64\ADVAPI32.dll!OpenServiceA 00000000756a2b50 5 bytes JMP 000000007ef33bf1 .text C:\Program Files (x86)\ScreenShooter\screenshooter.exe[3580] C:\Windows\syswow64\ADVAPI32.dll!CloseServiceHandle 00000000756a35fc 5 bytes JMP 000000007ef340b1 .text C:\Program Files (x86)\ScreenShooter\screenshooter.exe[3580] C:\Windows\syswow64\ADVAPI32.dll!RegOpenKeyExA + 222 00000000756a494d 5 bytes JMP 000000007ef38299 .text C:\Program Files (x86)\ScreenShooter\screenshooter.exe[3580] C:\Windows\syswow64\ADVAPI32.dll!CreateServiceW 00000000756b714c 5 bytes JMP 000000007ef34311 .text C:\Program Files (x86)\ScreenShooter\screenshooter.exe[3580] C:\Windows\syswow64\ADVAPI32.dll!ControlService 00000000756b7164 5 bytes JMP 000000007ef33e51 .text C:\Program Files (x86)\ScreenShooter\screenshooter.exe[3580] C:\Windows\syswow64\ADVAPI32.dll!DeleteService 00000000756b717c 5 bytes JMP 000000007ef33ee9 .text C:\Program Files (x86)\ScreenShooter\screenshooter.exe[3580] C:\Windows\syswow64\ADVAPI32.dll!CryptEncrypt 00000000756b77c3 5 bytes JMP 000000007ef37589 .text C:\Program Files (x86)\ScreenShooter\screenshooter.exe[3580] C:\Windows\syswow64\ADVAPI32.dll!ChangeServiceConfigA 00000000756d3384 5 bytes JMP 000000007ef33f81 .text C:\Program Files (x86)\ScreenShooter\screenshooter.exe[3580] C:\Windows\syswow64\ADVAPI32.dll!ChangeServiceConfigW 00000000756d3394 5 bytes JMP 000000007ef34019 .text C:\Program Files (x86)\ScreenShooter\screenshooter.exe[3580] C:\Windows\syswow64\ADVAPI32.dll!ControlServiceExA 00000000756d33a4 5 bytes JMP 000000007ef33d21 .text C:\Program Files (x86)\ScreenShooter\screenshooter.exe[3580] C:\Windows\syswow64\ADVAPI32.dll!ControlServiceExW 00000000756d33b4 5 bytes JMP 000000007ef33db9 .text C:\Program Files (x86)\ScreenShooter\screenshooter.exe[3580] C:\Windows\syswow64\ADVAPI32.dll!CreateServiceA 00000000756d33f4 5 bytes JMP 000000007ef34279 .text C:\Program Files (x86)\ScreenShooter\screenshooter.exe[3580] C:\Windows\syswow64\WS2_32.DLL!closesocket 0000000077293918 5 bytes JMP 000000007ef360c1 .text C:\Program Files (x86)\ScreenShooter\screenshooter.exe[3580] C:\Windows\syswow64\WS2_32.DLL!WSASocketW 0000000077293cd3 5 bytes JMP 000000007ef36029 .text C:\Program Files (x86)\ScreenShooter\screenshooter.exe[3580] C:\Windows\syswow64\WS2_32.DLL!socket 0000000077293eb8 5 bytes JMP 000000007ef37621 .text C:\Program Files (x86)\ScreenShooter\screenshooter.exe[3580] C:\Windows\syswow64\WS2_32.DLL!WSASend 0000000077294406 5 bytes JMP 000000007ef32139 .text C:\Program Files (x86)\ScreenShooter\screenshooter.exe[3580] C:\Windows\syswow64\WS2_32.DLL!GetAddrInfoW 0000000077294889 5 bytes JMP 000000007ef35741 .text C:\Program Files (x86)\ScreenShooter\screenshooter.exe[3580] C:\Windows\syswow64\WS2_32.DLL!recv 0000000077296b0e 5 bytes JMP 000000007ef377e9 .text C:\Program Files (x86)\ScreenShooter\screenshooter.exe[3580] C:\Windows\syswow64\WS2_32.DLL!connect 0000000077296bdd 1 byte JMP 000000007ef341e1 .text C:\Program Files (x86)\ScreenShooter\screenshooter.exe[3580] C:\Windows\syswow64\WS2_32.DLL!connect + 2 0000000077296bdf 3 bytes {CALL RBP} .text C:\Program Files (x86)\ScreenShooter\screenshooter.exe[3580] C:\Windows\syswow64\WS2_32.DLL!send 0000000077296f01 5 bytes JMP 000000007ef320a1 .text C:\Program Files (x86)\ScreenShooter\screenshooter.exe[3580] C:\Windows\syswow64\WS2_32.DLL!WSARecv 0000000077297089 5 bytes JMP 000000007ef37881 .text C:\Program Files (x86)\ScreenShooter\screenshooter.exe[3580] C:\Windows\syswow64\WS2_32.DLL!WSAConnect 000000007729cc3f 5 bytes JMP 000000007ef37751 .text C:\Program Files (x86)\ScreenShooter\screenshooter.exe[3580] C:\Windows\syswow64\WS2_32.DLL!GetAddrInfoExW 000000007729d1ea 5 bytes JMP 000000007ef357d9 .text C:\Program Files (x86)\ScreenShooter\screenshooter.exe[3580] C:\Windows\syswow64\WS2_32.DLL!gethostbyname 00000000772a7673 5 bytes JMP 000000007ef35871 .text C:\Program Files (x86)\ScreenShooter\screenshooter.exe[3580] C:\Windows\syswow64\SHELL32.dll!Shell_NotifyIconW 0000000075dc01a9 5 bytes JMP 000000007ef34d29 .text C:\Windows\system32\igfxsrvc.exe[3612] C:\Windows\SYSTEM32\ntdll.dll!RtlEqualSid + 1 0000000077af85e1 11 bytes [B8, B9, 06, A5, 75, 00, 00, ...] .text C:\Windows\system32\igfxsrvc.exe[3612] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateProcessParametersEx + 1 0000000077b06921 7 bytes [B8, 39, 69, A4, 75, 00, 00] .text C:\Windows\system32\igfxsrvc.exe[3612] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateProcessParametersEx + 10 0000000077b0692a 2 bytes [50, C3] .text C:\Windows\system32\igfxsrvc.exe[3612] C:\Windows\SYSTEM32\ntdll.dll!NtClose 0000000077b1daa0 6 bytes [48, B8, 79, C2, A4, 75] .text C:\Windows\system32\igfxsrvc.exe[3612] C:\Windows\SYSTEM32\ntdll.dll!NtClose + 8 0000000077b1daa8 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\igfxsrvc.exe[3612] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess 0000000077b1db70 6 bytes [48, B8, 39, AF, A4, 75] .text C:\Windows\system32\igfxsrvc.exe[3612] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess + 8 0000000077b1db78 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\igfxsrvc.exe[3612] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationToken 0000000077b1dbc0 6 bytes [48, B8, F9, 04, A5, 75] .text C:\Windows\system32\igfxsrvc.exe[3612] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationToken + 8 0000000077b1dbc8 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\igfxsrvc.exe[3612] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077b1dc10 6 bytes [48, B8, F9, 32, A4, 75] .text C:\Windows\system32\igfxsrvc.exe[3612] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess + 8 0000000077b1dc18 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\igfxsrvc.exe[3612] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 0000000077b1dc30 6 bytes [48, B8, 39, 1C, A4, 75] .text C:\Windows\system32\igfxsrvc.exe[3612] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection + 8 0000000077b1dc38 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\igfxsrvc.exe[3612] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection 0000000077b1dc50 6 bytes [48, B8, F9, 1D, A4, 75] .text C:\Windows\system32\igfxsrvc.exe[3612] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection + 8 0000000077b1dc58 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\igfxsrvc.exe[3612] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077b1dc70 6 bytes [48, B8, 79, AD, A4, 75] .text C:\Windows\system32\igfxsrvc.exe[3612] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess + 8 0000000077b1dc78 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\igfxsrvc.exe[3612] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077b1dd50 6 bytes [48, B8, 79, 2F, A4, 75] .text C:\Windows\system32\igfxsrvc.exe[3612] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory + 8 0000000077b1dd58 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\igfxsrvc.exe[3612] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077b1dd70 6 bytes [48, B8, 79, 36, A4, 75] .text C:\Windows\system32\igfxsrvc.exe[3612] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject + 8 0000000077b1dd78 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\igfxsrvc.exe[3612] C:\Windows\SYSTEM32\ntdll.dll!NtAdjustPrivilegesToken 0000000077b1ddc0 6 bytes [48, B8, 79, DE, A4, 75] .text C:\Windows\system32\igfxsrvc.exe[3612] C:\Windows\SYSTEM32\ntdll.dll!NtAdjustPrivilegesToken + 8 0000000077b1ddc8 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\igfxsrvc.exe[3612] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 0000000077b1de00 6 bytes [48, B8, B9, 34, A4, 75] .text C:\Windows\system32\igfxsrvc.exe[3612] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread + 8 0000000077b1de08 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\igfxsrvc.exe[3612] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcessEx 0000000077b1de80 6 bytes [48, B8, 39, 2A, A4, 75] .text C:\Windows\system32\igfxsrvc.exe[3612] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcessEx + 8 0000000077b1de88 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\igfxsrvc.exe[3612] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077b1de90 6 bytes [48, B8, B9, 26, A4, 75] .text C:\Windows\system32\igfxsrvc.exe[3612] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread + 8 0000000077b1de98 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\igfxsrvc.exe[3612] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 0000000077b1df00 6 bytes [48, B8, 39, E0, A4, 75] .text C:\Windows\system32\igfxsrvc.exe[3612] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile + 8 0000000077b1df08 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\igfxsrvc.exe[3612] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcess 0000000077b1e3d0 6 bytes [48, B8, 79, 28, A4, 75] .text C:\Windows\system32\igfxsrvc.exe[3612] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcess + 8 0000000077b1e3d8 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\igfxsrvc.exe[3612] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077b1e430 6 bytes [48, B8, F9, 24, A4, 75] .text C:\Windows\system32\igfxsrvc.exe[3612] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx + 8 0000000077b1e438 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\igfxsrvc.exe[3612] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077b1e7a0 6 bytes [48, B8, 39, C4, A4, 75] .text C:\Windows\system32\igfxsrvc.exe[3612] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver + 8 0000000077b1e7a8 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\igfxsrvc.exe[3612] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcessToken 0000000077b1e970 6 bytes [48, B8, 39, 03, A5, 75] .text C:\Windows\system32\igfxsrvc.exe[3612] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcessToken + 8 0000000077b1e978 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\igfxsrvc.exe[3612] C:\Windows\SYSTEM32\ntdll.dll!NtRaiseHardError 0000000077b1ece0 6 bytes [48, B8, 79, 83, A4, 75] .text C:\Windows\system32\igfxsrvc.exe[3612] C:\Windows\SYSTEM32\ntdll.dll!NtRaiseHardError + 8 0000000077b1ece8 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\igfxsrvc.exe[3612] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077b1eee0 6 bytes [48, B8, 39, 31, A4, 75] .text C:\Windows\system32\igfxsrvc.exe[3612] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread + 8 0000000077b1eee8 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\igfxsrvc.exe[3612] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077b1f0a0 6 bytes [48, B8, F9, C5, A4, 75] .text C:\Windows\system32\igfxsrvc.exe[3612] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation + 8 0000000077b1f0a8 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\igfxsrvc.exe[3612] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077b1f180 6 bytes [48, B8, 79, 3D, A4, 75] .text C:\Windows\system32\igfxsrvc.exe[3612] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess + 8 0000000077b1f188 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\igfxsrvc.exe[3612] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077b1f190 6 bytes [48, B8, B9, 3B, A4, 75] .text C:\Windows\system32\igfxsrvc.exe[3612] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread + 8 0000000077b1f198 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\igfxsrvc.exe[3612] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077b1f280 6 bytes [48, B8, F9, 0B, A5, 75] .text C:\Windows\system32\igfxsrvc.exe[3612] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl + 8 0000000077b1f288 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\igfxsrvc.exe[3612] C:\Windows\SYSTEM32\ntdll.dll!RtlReportException + 1 0000000077b8f0c1 11 bytes [B8, 39, 85, A4, 75, 00, 00, ...] .text C:\Windows\system32\igfxsrvc.exe[3612] C:\Windows\system32\kernel32.dll!Process32NextW + 1 00000000779b1b21 11 bytes [B8, B9, C0, A4, 75, 00, 00, ...] .text C:\Windows\system32\igfxsrvc.exe[3612] C:\Windows\system32\kernel32.dll!CreateToolhelp32Snapshot 00000000779b1c10 12 bytes [48, B8, F9, 39, A4, 75, 00, ...] .text C:\Windows\system32\igfxsrvc.exe[3612] C:\Windows\system32\kernel32.dll!MoveFileExW + 1 00000000779b2b61 8 bytes [B8, B9, D5, A4, 75, 00, 00, ...] .text C:\Windows\system32\igfxsrvc.exe[3612] C:\Windows\system32\kernel32.dll!MoveFileExW + 10 00000000779b2b6a 2 bytes [50, C3] .text C:\Windows\system32\igfxsrvc.exe[3612] C:\Windows\system32\kernel32.dll!CreateProcessInternalW 00000000779cdb10 12 bytes [48, B8, B9, 2D, A4, 75, 00, ...] .text C:\Windows\system32\igfxsrvc.exe[3612] C:\Windows\system32\kernel32.dll!GetStartupInfoA + 1 00000000779d0951 11 bytes [B8, 39, 0A, A5, 75, 00, 00, ...] .text C:\Windows\system32\igfxsrvc.exe[3612] C:\Windows\system32\kernel32.dll!ReadConsoleInputW + 1 0000000077a052c1 11 bytes [B8, B9, 7A, A4, 75, 00, 00, ...] .text C:\Windows\system32\igfxsrvc.exe[3612] C:\Windows\system32\kernel32.dll!ReadConsoleInputA + 1 0000000077a052e1 11 bytes [B8, 39, 77, A4, 75, 00, 00, ...] .text C:\Windows\system32\igfxsrvc.exe[3612] C:\Windows\system32\kernel32.dll!ReadConsoleW 0000000077a1a630 12 bytes [48, B8, B9, 81, A4, 75, 00, ...] .text C:\Windows\system32\igfxsrvc.exe[3612] C:\Windows\system32\kernel32.dll!ReadConsoleA 0000000077a1a740 12 bytes [48, B8, 39, 7E, A4, 75, 00, ...] .text C:\Windows\system32\igfxsrvc.exe[3612] C:\Windows\system32\kernel32.dll!MoveFileWithProgressW + 1 0000000077a3f4e1 11 bytes [B8, B9, DC, A4, 75, 00, 00, ...] .text C:\Windows\system32\igfxsrvc.exe[3612] C:\Windows\system32\kernel32.dll!MoveFileWithProgressA + 1 0000000077a3f6e1 11 bytes [B8, 39, D9, A4, 75, 00, 00, ...] .text C:\Windows\system32\igfxsrvc.exe[3612] C:\Windows\system32\kernel32.dll!MoveFileExA + 1 0000000077a3f711 8 bytes [B8, 39, D2, A4, 75, 00, 00, ...] .text C:\Windows\system32\igfxsrvc.exe[3612] C:\Windows\system32\kernel32.dll!MoveFileExA + 10 0000000077a3f71a 2 bytes [50, C3] .text C:\Windows\system32\igfxsrvc.exe[3612] C:\Windows\system32\KERNELBASE.dll!CloseHandle + 1 000007fefd951861 11 bytes [B8, 79, 52, A4, 75, 00, 00, ...] .text C:\Windows\system32\igfxsrvc.exe[3612] C:\Windows\system32\KERNELBASE.dll!GetProcAddress + 1 000007fefd9530f1 11 bytes [B8, 39, B6, A4, 75, 00, 00, ...] .text C:\Windows\system32\igfxsrvc.exe[3612] C:\Windows\system32\KERNELBASE.dll!FindFirstFileExW 000007fefd954a20 12 bytes [48, B8, B9, E3, A4, 75, 00, ...] .text C:\Windows\system32\igfxsrvc.exe[3612] C:\Windows\system32\KERNELBASE.dll!FindNextFileW + 1 000007fefd955501 11 bytes [B8, 79, E5, A4, 75, 00, 00, ...] .text C:\Windows\system32\igfxsrvc.exe[3612] C:\Windows\system32\KERNELBASE.dll!CreateMutexW 000007fefd9585b0 12 bytes [48, B8, B9, 50, A4, 75, 00, ...] .text C:\Windows\system32\igfxsrvc.exe[3612] C:\Windows\system32\KERNELBASE.dll!DeviceIoControl + 1 000007fefd9590a1 11 bytes [B8, F9, E1, A4, 75, 00, 00, ...] .text C:\Windows\system32\igfxsrvc.exe[3612] C:\Windows\system32\KERNELBASE.dll!CreateWellKnownSid + 1 000007fefd95a881 11 bytes [B8, 79, 01, A5, 75, 00, 00, ...] .text C:\Windows\system32\igfxsrvc.exe[3612] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd95ac50 12 bytes [48, B8, B9, B2, A4, 75, 00, ...] .text C:\Windows\system32\igfxsrvc.exe[3612] C:\Windows\system32\KERNELBASE.dll!FreeLibrary + 1 000007fefd95b2c1 11 bytes [B8, 79, B4, A4, 75, 00, 00, ...] .text C:\Windows\system32\igfxsrvc.exe[3612] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExA + 1 000007fefd95cec1 11 bytes [B8, F9, B0, A4, 75, 00, 00, ...] .text C:\Windows\system32\igfxsrvc.exe[3612] C:\Windows\system32\KERNELBASE.dll!OpenMutexW + 1 000007fefd963c71 11 bytes [B8, F9, 4E, A4, 75, 00, 00, ...] .text C:\Windows\system32\igfxsrvc.exe[3612] C:\Windows\system32\KERNELBASE.dll!WriteProcessMemory 000007fefd984300 12 bytes [48, B8, B9, 42, A4, 75, 00, ...] .text C:\Windows\system32\igfxsrvc.exe[3612] C:\Windows\system32\KERNELBASE.dll!DefineDosDeviceW + 1 000007fefd990bc1 11 bytes [B8, B9, CE, A4, 75, 00, 00, ...] .text C:\Windows\system32\igfxsrvc.exe[3612] C:\Windows\system32\KERNELBASE.dll!CreateRemoteThread + 1 000007fefd992821 8 bytes [B8, 39, 23, A4, 75, 00, 00, ...] .text C:\Windows\system32\igfxsrvc.exe[3612] C:\Windows\system32\KERNELBASE.dll!CreateRemoteThread + 10 000007fefd99282a 2 bytes [50, C3] .text C:\Windows\system32\igfxsrvc.exe[3612] C:\Windows\system32\KERNELBASE.dll!CreateThread + 1 000007fefd992861 11 bytes [B8, F9, 40, A4, 75, 00, 00, ...] .text C:\Windows\system32\igfxsrvc.exe[3612] C:\Windows\system32\GDI32.dll!GdiDllInitialize + 349 000007feff8fb031 11 bytes [B8, F9, 12, A5, 75, 00, 00, ...] .text C:\Windows\system32\igfxsrvc.exe[3612] C:\Windows\system32\GDI32.dll!NamedEscape + 1 000007feff929209 11 bytes [B8, F9, F6, A4, 75, 00, 00, ...] .text C:\Windows\system32\igfxsrvc.exe[3612] C:\Windows\system32\ADVAPI32.dll!CryptExportKey + 1 000007fefe00ae81 11 bytes [B8, 79, FA, A4, 75, 00, 00, ...] .text C:\Windows\system32\igfxsrvc.exe[3612] C:\Windows\system32\ADVAPI32.dll!CryptAcquireContextA + 1 000007fefe00aee1 11 bytes [B8, 39, E7, A4, 75, 00, 00, ...] .text C:\Windows\system32\igfxsrvc.exe[3612] C:\Windows\system32\ADVAPI32.dll!CryptImportKey + 1 000007fefe00e6e9 11 bytes [B8, B9, FF, A4, 75, 00, 00, ...] .text C:\Windows\system32\igfxsrvc.exe[3612] C:\Windows\system32\ADVAPI32.dll!CryptAcquireContextW + 1 000007fefe01048d 11 bytes [B8, F9, E8, A4, 75, 00, 00, ...] .text C:\Windows\system32\igfxsrvc.exe[3612] C:\Windows\system32\ADVAPI32.dll!CryptCreateHash + 1 000007fefe010579 11 bytes [B8, B9, F8, A4, 75, 00, 00, ...] .text C:\Windows\system32\igfxsrvc.exe[3612] C:\Windows\system32\ADVAPI32.dll!CryptGetHashParam + 1 000007fefe0105b1 11 bytes [B8, 39, FC, A4, 75, 00, 00, ...] .text C:\Windows\system32\igfxsrvc.exe[3612] C:\Windows\system32\ADVAPI32.dll!CryptGetHashParam + 73 000007fefe0105f9 5 bytes [B8, F9, FD, A4, 75] .text ... * 2 .text C:\Windows\system32\igfxsrvc.exe[3612] C:\Windows\system32\ADVAPI32.dll!IsTextUnicode + 49 000007fefe024e21 11 bytes [B8, B9, 14, A5, 75, 00, 00, ...] .text C:\Windows\system32\igfxsrvc.exe[3612] C:\Windows\system32\ADVAPI32.dll!CreateServiceW 000007fefe025538 12 bytes [48, B8, B9, 6C, A4, 75, 00, ...] .text C:\Windows\system32\igfxsrvc.exe[3612] C:\Windows\system32\ADVAPI32.dll!CryptEncrypt + 1 000007fefe03b9c1 7 bytes [B8, 79, EC, A4, 75, 00, 00] .text C:\Windows\system32\igfxsrvc.exe[3612] C:\Windows\system32\ADVAPI32.dll!CryptEncrypt + 10 000007fefe03b9ca 2 bytes [50, C3] .text C:\Windows\system32\igfxsrvc.exe[3612] C:\Windows\system32\ADVAPI32.dll!CreateServiceA 000007fefe03ba4c 12 bytes [48, B8, F9, 6A, A4, 75, 00, ...] .text C:\Windows\system32\igfxsrvc.exe[3612] C:\Windows\system32\ADVAPI32.dll!ChangeServiceConfigW 000007fefe03bbc0 12 bytes [48, B8, 79, 60, A4, 75, 00, ...] .text C:\Windows\system32\igfxsrvc.exe[3612] C:\Windows\system32\ADVAPI32.dll!ChangeServiceConfigA 000007fefe03bc2c 12 bytes [48, B8, B9, 5E, A4, 75, 00, ...] .text C:\Windows\system32\igfxsrvc.exe[3612] C:\Windows\SYSTEM32\sechost.dll!ControlService + 1 000007fefe88642d 11 bytes [B8, 39, 5B, A4, 75, 00, 00, ...] .text C:\Windows\system32\igfxsrvc.exe[3612] C:\Windows\SYSTEM32\sechost.dll!OpenServiceW 000007fefe886484 12 bytes [48, B8, F9, 55, A4, 75, 00, ...] .text C:\Windows\system32\igfxsrvc.exe[3612] C:\Windows\SYSTEM32\sechost.dll!CloseServiceHandle + 1 000007fefe886519 11 bytes [B8, 39, 62, A4, 75, 00, 00, ...] .text C:\Windows\system32\igfxsrvc.exe[3612] C:\Windows\SYSTEM32\sechost.dll!OpenServiceA 000007fefe886c34 12 bytes [48, B8, 39, 54, A4, 75, 00, ...] .text C:\Windows\system32\igfxsrvc.exe[3612] C:\Windows\SYSTEM32\sechost.dll!DeleteService + 1 000007fefe887ab5 11 bytes [B8, F9, 5C, A4, 75, 00, 00, ...] .text C:\Windows\system32\igfxsrvc.exe[3612] C:\Windows\SYSTEM32\sechost.dll!ControlServiceExA + 1 000007fefe888b01 11 bytes [B8, B9, 57, A4, 75, 00, 00, ...] .text C:\Windows\system32\igfxsrvc.exe[3612] C:\Windows\SYSTEM32\sechost.dll!ControlServiceExW + 1 000007fefe888c39 11 bytes [B8, 79, 59, A4, 75, 00, 00, ...] .text C:\Program Files (x86)\IObit\Advanced SystemCare 8\ASCTray.exe[4180] C:\Windows\SysWOW64\ntdll.dll!NtClose 0000000077ccfa20 5 bytes JMP 000000007ef35e61 .text C:\Program Files (x86)\IObit\Advanced SystemCare 8\ASCTray.exe[4180] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationProcess 0000000077ccfb68 5 bytes JMP 000000007ef35871 .text C:\Program Files (x86)\IObit\Advanced SystemCare 8\ASCTray.exe[4180] C:\Windows\SysWOW64\ntdll.dll!NtQueryInformationToken 0000000077ccfbe8 5 bytes JMP 000000007ef37459 .text C:\Program Files (x86)\IObit\Advanced SystemCare 8\ASCTray.exe[4180] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess 0000000077ccfc60 5 bytes JMP 000000007ef331d9 .text C:\Program Files (x86)\IObit\Advanced SystemCare 8\ASCTray.exe[4180] C:\Windows\SysWOW64\ntdll.dll!NtMapViewOfSection 0000000077ccfc90 5 bytes JMP 000000007ef315f1 .text C:\Program Files (x86)\IObit\Advanced SystemCare 8\ASCTray.exe[4180] C:\Windows\SysWOW64\ntdll.dll!NtUnmapViewOfSection 0000000077ccfcc0 5 bytes JMP 000000007ef31689 .text C:\Program Files (x86)\IObit\Advanced SystemCare 8\ASCTray.exe[4180] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 0000000077ccfcf0 5 bytes JMP 000000007ef357d9 .text C:\Program Files (x86)\IObit\Advanced SystemCare 8\ASCTray.exe[4180] C:\Windows\SysWOW64\ntdll.dll!NtWriteVirtualMemory 0000000077ccfe54 5 bytes JMP 000000007ef330a9 .text C:\Program Files (x86)\IObit\Advanced SystemCare 8\ASCTray.exe[4180] C:\Windows\SysWOW64\ntdll.dll!NtDuplicateObject 0000000077ccfe84 5 bytes JMP 000000007ef33309 .text C:\Program Files (x86)\IObit\Advanced SystemCare 8\ASCTray.exe[4180] C:\Windows\SysWOW64\ntdll.dll!NtAdjustPrivilegesToken 0000000077ccff00 5 bytes JMP 000000007ef367e1 .text C:\Program Files (x86)\IObit\Advanced SystemCare 8\ASCTray.exe[4180] C:\Windows\SysWOW64\ntdll.dll!NtQueueApcThread 0000000077ccff64 5 bytes JMP 000000007ef33271 .text C:\Program Files (x86)\IObit\Advanced SystemCare 8\ASCTray.exe[4180] C:\Windows\SysWOW64\ntdll.dll!NtCreateProcessEx 0000000077cd002c 5 bytes JMP 000000007ef32ee1 .text C:\Program Files (x86)\IObit\Advanced SystemCare 8\ASCTray.exe[4180] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread 0000000077cd0044 5 bytes JMP 000000007ef32db1 .text C:\Program Files (x86)\IObit\Advanced SystemCare 8\ASCTray.exe[4180] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile 0000000077cd00f4 5 bytes JMP 000000007ef31ed9 .text C:\Program Files (x86)\IObit\Advanced SystemCare 8\ASCTray.exe[4180] C:\Windows\SysWOW64\ntdll.dll!NtSetValueKey 0000000077cd0204 5 bytes JMP 000000007ef32301 .text C:\Program Files (x86)\IObit\Advanced SystemCare 8\ASCTray.exe[4180] C:\Windows\SysWOW64\ntdll.dll!NtCreateProcess 0000000077cd0854 5 bytes JMP 000000007ef32e49 .text C:\Program Files (x86)\IObit\Advanced SystemCare 8\ASCTray.exe[4180] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx 0000000077cd08e4 5 bytes JMP 000000007ef32d19 .text C:\Program Files (x86)\IObit\Advanced SystemCare 8\ASCTray.exe[4180] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver 0000000077cd0e34 5 bytes JMP 000000007ef35ef9 .text C:\Program Files (x86)\IObit\Advanced SystemCare 8\ASCTray.exe[4180] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessToken 0000000077cd1100 5 bytes JMP 000000007ef373c1 .text C:\Program Files (x86)\IObit\Advanced SystemCare 8\ASCTray.exe[4180] C:\Windows\SysWOW64\ntdll.dll!NtRaiseHardError 0000000077cd1644 5 bytes JMP 000000007ef34ac9 .text C:\Program Files (x86)\IObit\Advanced SystemCare 8\ASCTray.exe[4180] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread 0000000077cd1960 5 bytes JMP 000000007ef33141 .text C:\Program Files (x86)\IObit\Advanced SystemCare 8\ASCTray.exe[4180] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation 0000000077cd1c24 5 bytes JMP 000000007ef35f91 .text C:\Program Files (x86)\IObit\Advanced SystemCare 8\ASCTray.exe[4180] C:\Windows\SysWOW64\ntdll.dll!NtSuspendProcess 0000000077cd1d94 5 bytes JMP 000000007ef33439 .text C:\Program Files (x86)\IObit\Advanced SystemCare 8\ASCTray.exe[4180] C:\Windows\SysWOW64\ntdll.dll!NtSuspendThread 0000000077cd1db0 5 bytes JMP 000000007ef333a1 .text C:\Program Files (x86)\IObit\Advanced SystemCare 8\ASCTray.exe[4180] C:\Windows\SysWOW64\ntdll.dll!NtVdmControl 0000000077cd1f28 5 bytes JMP 000000007ef37589 .text C:\Program Files (x86)\IObit\Advanced SystemCare 8\ASCTray.exe[4180] C:\Windows\SysWOW64\ntdll.dll!RtlQueryPerformanceCounter 0000000077ce28e4 5 bytes JMP 000000007ef31ab1 .text C:\Program Files (x86)\IObit\Advanced SystemCare 8\ASCTray.exe[4180] C:\Windows\SysWOW64\ntdll.dll!RtlEqualSid 0000000077ce8e61 5 bytes JMP 000000007ef374f1 .text C:\Program Files (x86)\IObit\Advanced SystemCare 8\ASCTray.exe[4180] C:\Windows\SysWOW64\ntdll.dll!RtlCreateProcessParametersEx 0000000077d10eab 5 bytes JMP 000000007ef32009 .text C:\Program Files (x86)\IObit\Advanced SystemCare 8\ASCTray.exe[4180] C:\Windows\SysWOW64\ntdll.dll!RtlReportException 0000000077d58b7f 5 bytes JMP 000000007ef34b61 .text C:\Program Files (x86)\IObit\Advanced SystemCare 8\ASCTray.exe[4180] C:\Windows\SysWOW64\ntdll.dll!RtlCreateProcessParameters 0000000077d5ee1b 5 bytes JMP 000000007ef31f71 .text C:\Program Files (x86)\IObit\Advanced SystemCare 8\ASCTray.exe[4180] C:\Windows\syswow64\kernel32.dll!GetStartupInfoA 0000000075a90e00 5 bytes JMP 000000007ef31da9 .text C:\Program Files (x86)\IObit\Advanced SystemCare 8\ASCTray.exe[4180] C:\Windows\syswow64\kernel32.dll!CreateProcessA 0000000075a91072 5 bytes JMP 000000007ef32a21 .text C:\Program Files (x86)\IObit\Advanced SystemCare 8\ASCTray.exe[4180] C:\Windows\syswow64\kernel32.dll!LoadLibraryA 0000000075a94977 5 bytes JMP 000000007ef325f9 .text C:\Program Files (x86)\IObit\Advanced SystemCare 8\ASCTray.exe[4180] C:\Windows\syswow64\kernel32.dll!CreateProcessInternalW 0000000075aa3b93 5 bytes JMP 000000007ef33011 .text C:\Program Files (x86)\IObit\Advanced SystemCare 8\ASCTray.exe[4180] C:\Windows\syswow64\kernel32.dll!MoveFileWithProgressW 0000000075aa9a8c 5 bytes JMP 000000007ef36749 .text C:\Program Files (x86)\IObit\Advanced SystemCare 8\ASCTray.exe[4180] C:\Windows\syswow64\kernel32.dll!MoveFileExW 0000000075aa9aed 5 bytes JMP 000000007ef364e9 .text C:\Program Files (x86)\IObit\Advanced SystemCare 8\ASCTray.exe[4180] C:\Windows\syswow64\kernel32.dll!CreateToolhelp32Snapshot 0000000075ab7317 5 bytes JMP 000000007ef32729 .text C:\Program Files (x86)\IObit\Advanced SystemCare 8\ASCTray.exe[4180] C:\Windows\syswow64\kernel32.dll!Process32NextW 0000000075ab88ca 5 bytes JMP 000000007ef35dc9 .text C:\Program Files (x86)\IObit\Advanced SystemCare 8\ASCTray.exe[4180] C:\Windows\syswow64\kernel32.dll!MoveFileExA 0000000075abccb1 5 bytes JMP 000000007ef363b9 .text C:\Program Files (x86)\IObit\Advanced SystemCare 8\ASCTray.exe[4180] C:\Windows\syswow64\kernel32.dll!MoveFileWithProgressA 0000000075abccd1 5 bytes JMP 000000007ef36619 .text C:\Program Files (x86)\IObit\Advanced SystemCare 8\ASCTray.exe[4180] C:\Windows\syswow64\kernel32.dll!WinExec 0000000075b13061 5 bytes JMP 000000007ef328f1 .text C:\Program Files (x86)\IObit\Advanced SystemCare 8\ASCTray.exe[4180] C:\Windows\syswow64\kernel32.dll!ReadConsoleInputA 0000000075b3752b 5 bytes JMP 000000007ef346a1 .text C:\Program Files (x86)\IObit\Advanced SystemCare 8\ASCTray.exe[4180] C:\Windows\syswow64\kernel32.dll!ReadConsoleInputW 0000000075b3754e 5 bytes JMP 000000007ef347d1 .text C:\Program Files (x86)\IObit\Advanced SystemCare 8\ASCTray.exe[4180] C:\Windows\syswow64\kernel32.dll!ReadConsoleA 0000000075b378f9 5 bytes JMP 000000007ef34901 .text C:\Program Files (x86)\IObit\Advanced SystemCare 8\ASCTray.exe[4180] C:\Windows\syswow64\kernel32.dll!ReadConsoleW 0000000075b37972 5 bytes JMP 000000007ef34a31 .text C:\Program Files (x86)\IObit\Advanced SystemCare 8\ASCTray.exe[4180] C:\Windows\syswow64\KERNELBASE.dll!GetSystemTimeAsFileTime 0000000075a38f8d 5 bytes JMP 000000007ef31a19 .text C:\Program Files (x86)\IObit\Advanced SystemCare 8\ASCTray.exe[4180] C:\Windows\syswow64\KERNELBASE.dll!CloseHandle 0000000075a3c436 5 bytes JMP 000000007ef33b59 .text C:\Program Files (x86)\IObit\Advanced SystemCare 8\ASCTray.exe[4180] C:\Windows\syswow64\KERNELBASE.dll!DeviceIoControl 0000000075a3d0af 5 bytes JMP 000000007ef36879 .text C:\Program Files (x86)\IObit\Advanced SystemCare 8\ASCTray.exe[4180] C:\Windows\syswow64\KERNELBASE.dll!WriteProcessMemory 0000000075a3eca6 5 bytes JMP 000000007ef33601 .text C:\Program Files (x86)\IObit\Advanced SystemCare 8\ASCTray.exe[4180] C:\Windows\syswow64\KERNELBASE.dll!ExitProcess 0000000075a3f206 5 bytes JMP 000000007ef32399 .text C:\Program Files (x86)\IObit\Advanced SystemCare 8\ASCTray.exe[4180] C:\Windows\syswow64\KERNELBASE.dll!GetStartupInfoW 0000000075a3fa89 5 bytes JMP 000000007ef31e41 .text C:\Program Files (x86)\IObit\Advanced SystemCare 8\ASCTray.exe[4180] C:\Windows\syswow64\KERNELBASE.dll!DefineDosDeviceW 0000000075a3fbb7 5 bytes JMP 000000007ef36289 .text C:\Program Files (x86)\IObit\Advanced SystemCare 8\ASCTray.exe[4180] C:\Windows\syswow64\KERNELBASE.dll!CreateMutexW 0000000075a41358 5 bytes JMP 000000007ef33ac1 .text C:\Program Files (x86)\IObit\Advanced SystemCare 8\ASCTray.exe[4180] C:\Windows\syswow64\KERNELBASE.dll!OpenMutexW 0000000075a4137f 5 bytes JMP 000000007ef33a29 .text C:\Program Files (x86)\IObit\Advanced SystemCare 8\ASCTray.exe[4180] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000075a41d29 5 bytes JMP 000000007ef31981 .text C:\Program Files (x86)\IObit\Advanced SystemCare 8\ASCTray.exe[4180] C:\Windows\syswow64\KERNELBASE.dll!GetProcAddress 0000000075a41e15 5 bytes JMP 000000007ef324c9 .text C:\Program Files (x86)\IObit\Advanced SystemCare 8\ASCTray.exe[4180] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000075a42ab1 5 bytes JMP 000000007ef359a1 .text C:\Program Files (x86)\IObit\Advanced SystemCare 8\ASCTray.exe[4180] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExA 0000000075a42cdf 5 bytes JMP 000000007ef35909 .text C:\Program Files (x86)\IObit\Advanced SystemCare 8\ASCTray.exe[4180] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000075a42d1d 5 bytes JMP 000000007ef35a39 .text C:\Program Files (x86)\IObit\Advanced SystemCare 8\ASCTray.exe[4180] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleA 0000000075a42e80 5 bytes JMP 000000007ef318e9 .text C:\Program Files (x86)\IObit\Advanced SystemCare 8\ASCTray.exe[4180] C:\Windows\syswow64\KERNELBASE.dll!SleepEx 0000000075a43b76 5 bytes JMP 000000007ef32269 .text C:\Program Files (x86)\IObit\Advanced SystemCare 8\ASCTray.exe[4180] C:\Windows\syswow64\KERNELBASE.dll!Sleep 0000000075a4449c 5 bytes JMP 000000007ef32431 .text C:\Program Files (x86)\IObit\Advanced SystemCare 8\ASCTray.exe[4180] C:\Windows\syswow64\KERNELBASE.dll!CreateThread 0000000075a4460e 5 bytes JMP 000000007ef33569 .text C:\Program Files (x86)\IObit\Advanced SystemCare 8\ASCTray.exe[4180] C:\Windows\syswow64\KERNELBASE.dll!CreateRemoteThread 0000000075a44637 5 bytes JMP 000000007ef32c81 .text C:\Program Files (x86)\IObit\Advanced SystemCare 8\ASCTray.exe[4180] C:\Windows\syswow64\KERNELBASE.dll!FindNextFileW 0000000075a4a217 5 bytes JMP 000000007ef369a9 .text C:\Program Files (x86)\IObit\Advanced SystemCare 8\ASCTray.exe[4180] C:\Windows\syswow64\KERNELBASE.dll!FindFirstFileExW 0000000075a4a500 5 bytes JMP 000000007ef36911 .text C:\Program Files (x86)\IObit\Advanced SystemCare 8\ASCTray.exe[4180] C:\Windows\syswow64\KERNELBASE.dll!CreateFileA 0000000075a4c73a 5 bytes JMP 000000007ef327c1 .text C:\Program Files (x86)\IObit\Advanced SystemCare 8\ASCTray.exe[4180] C:\Windows\syswow64\KERNELBASE.dll!CreateWellKnownSid 0000000075a4e2a4 5 bytes JMP 000000007ef37329 .text C:\Program Files (x86)\IObit\Advanced SystemCare 8\ASCTray.exe[4180] C:\Windows\syswow64\msvcrt.dll!_lock + 41 0000000075b9a472 5 bytes JMP 000000007ef37751 .text C:\Program Files (x86)\IObit\Advanced SystemCare 8\ASCTray.exe[4180] C:\Windows\syswow64\msvcrt.dll!__p__fmode 0000000075ba27ce 5 bytes JMP 000000007ef31be1 .text C:\Program Files (x86)\IObit\Advanced SystemCare 8\ASCTray.exe[4180] C:\Windows\syswow64\msvcrt.dll!__p__environ 0000000075bae6cf 5 bytes JMP 000000007ef31b49 .text C:\Program Files (x86)\IObit\Advanced SystemCare 8\ASCTray.exe[4180] C:\Windows\syswow64\GDI32.dll!TranslateCharsetInfo + 505 0000000076b4633b 5 bytes JMP 000000007ef377e9 .text C:\Program Files (x86)\IObit\Advanced SystemCare 8\ASCTray.exe[4180] C:\Windows\syswow64\GDI32.dll!NamedEscape 0000000076b740e9 5 bytes JMP 000000007ef36f99 .text C:\Program Files (x86)\IObit\Advanced SystemCare 8\ASCTray.exe[4180] C:\Windows\syswow64\USER32.dll!GetMessageW 0000000076e278e2 5 bytes JMP 000000007ef34441 .text C:\Program Files (x86)\IObit\Advanced SystemCare 8\ASCTray.exe[4180] C:\Windows\syswow64\USER32.dll!GetMessageA 0000000076e27bd3 5 bytes JMP 000000007ef343a9 .text C:\Program Files (x86)\IObit\Advanced SystemCare 8\ASCTray.exe[4180] C:\Windows\syswow64\USER32.dll!CreateWindowExW 0000000076e28a29 5 bytes JMP 000000007ef34f89 .text C:\Program Files (x86)\IObit\Advanced SystemCare 8\ASCTray.exe[4180] C:\Windows\syswow64\USER32.dll!FindWindowW 0000000076e298fd 1 byte JMP 000000007ef35c01 .text C:\Program Files (x86)\IObit\Advanced SystemCare 8\ASCTray.exe[4180] C:\Windows\syswow64\USER32.dll!FindWindowW + 2 0000000076e298ff 3 bytes {JMP 0x810c304} .text C:\Program Files (x86)\IObit\Advanced SystemCare 8\ASCTray.exe[4180] C:\Windows\syswow64\USER32.dll!UserClientDllInitialize 0000000076e2b6ed 5 bytes JMP 000000007ef37881 .text C:\Program Files (x86)\IObit\Advanced SystemCare 8\ASCTray.exe[4180] C:\Windows\syswow64\USER32.dll!CreateWindowExA 0000000076e2d22e 5 bytes JMP 000000007ef35021 .text C:\Program Files (x86)\IObit\Advanced SystemCare 8\ASCTray.exe[4180] C:\Windows\syswow64\USER32.dll!SetWinEventHook 0000000076e2ee09 5 bytes JMP 000000007ef334d1 .text C:\Program Files (x86)\IObit\Advanced SystemCare 8\ASCTray.exe[4180] C:\Windows\syswow64\USER32.dll!FindWindowA 0000000076e2ffe6 5 bytes JMP 000000007ef35ad1 .text C:\Program Files (x86)\IObit\Advanced SystemCare 8\ASCTray.exe[4180] C:\Windows\syswow64\USER32.dll!FindWindowExA 0000000076e300d9 5 bytes JMP 000000007ef35b69 .text C:\Program Files (x86)\IObit\Advanced SystemCare 8\ASCTray.exe[4180] C:\Windows\syswow64\USER32.dll!PeekMessageW 0000000076e305ba 5 bytes JMP 000000007ef34571 .text C:\Program Files (x86)\IObit\Advanced SystemCare 8\ASCTray.exe[4180] C:\Windows\syswow64\USER32.dll!ShowWindow 0000000076e30dfb 5 bytes JMP 000000007ef350b9 .text C:\Program Files (x86)\IObit\Advanced SystemCare 8\ASCTray.exe[4180] C:\Windows\syswow64\USER32.dll!PostMessageW 0000000076e312a5 5 bytes JMP 000000007ef376b9 .text C:\Program Files (x86)\IObit\Advanced SystemCare 8\ASCTray.exe[4180] C:\Windows\syswow64\USER32.dll!SetWindowTextW 0000000076e320ec 5 bytes JMP 000000007ef35449 .text C:\Program Files (x86)\IObit\Advanced SystemCare 8\ASCTray.exe[4180] C:\Windows\syswow64\USER32.dll!PostMessageA 0000000076e33baa 5 bytes JMP 000000007ef37621 .text C:\Program Files (x86)\IObit\Advanced SystemCare 8\ASCTray.exe[4180] C:\Windows\syswow64\USER32.dll!PeekMessageA 0000000076e35f74 5 bytes JMP 000000007ef344d9 .text C:\Program Files (x86)\IObit\Advanced SystemCare 8\ASCTray.exe[4180] C:\Windows\syswow64\USER32.dll!CallNextHookEx 0000000076e36285 5 bytes JMP 000000007ef34bf9 .text C:\Program Files (x86)\IObit\Advanced SystemCare 8\ASCTray.exe[4180] C:\Windows\syswow64\USER32.dll!SetWindowsHookExW 0000000076e37603 5 bytes JMP 000000007ef32be9 .text C:\Program Files (x86)\IObit\Advanced SystemCare 8\ASCTray.exe[4180] C:\Windows\syswow64\USER32.dll!SetWindowTextA 0000000076e37aee 5 bytes JMP 000000007ef353b1 .text C:\Program Files (x86)\IObit\Advanced SystemCare 8\ASCTray.exe[4180] C:\Windows\syswow64\USER32.dll!SetWindowsHookExA 0000000076e3835c 5 bytes JMP 000000007ef32b51 .text C:\Program Files (x86)\IObit\Advanced SystemCare 8\ASCTray.exe[4180] C:\Windows\syswow64\USER32.dll!DialogBoxIndirectParamAorW 0000000076e4ce54 5 bytes JMP 000000007ef351e9 .text C:\Program Files (x86)\IObit\Advanced SystemCare 8\ASCTray.exe[4180] C:\Windows\syswow64\USER32.dll!UnhookWindowsHookEx 0000000076e4f52b 5 bytes JMP 000000007ef34c91 .text C:\Program Files (x86)\IObit\Advanced SystemCare 8\ASCTray.exe[4180] C:\Windows\syswow64\USER32.dll!FindWindowExW 0000000076e4f588 5 bytes JMP 000000007ef35c99 .text C:\Program Files (x86)\IObit\Advanced SystemCare 8\ASCTray.exe[4180] C:\Windows\syswow64\USER32.dll!CreateDialogIndirectParamAorW 0000000076e510a0 5 bytes JMP 000000007ef35151 .text C:\Program Files (x86)\IObit\Advanced SystemCare 8\ASCTray.exe[4180] C:\Windows\syswow64\USER32.dll!MessageBoxExA 0000000076e7fcd6 2 bytes JMP 000000007ef35281 .text C:\Program Files (x86)\IObit\Advanced SystemCare 8\ASCTray.exe[4180] C:\Windows\syswow64\USER32.dll!MessageBoxExA + 3 0000000076e7fcd9 2 bytes [0B, 08] .text C:\Program Files (x86)\IObit\Advanced SystemCare 8\ASCTray.exe[4180] C:\Windows\syswow64\USER32.dll!MessageBoxExW 0000000076e7fcfa 5 bytes JMP 000000007ef35319 .text C:\Program Files (x86)\IObit\Advanced SystemCare 8\ASCTray.exe[4180] C:\Windows\syswow64\ADVAPI32.dll!CryptGenKey 0000000075698e89 5 bytes JMP 000000007ef36b71 .text C:\Program Files (x86)\IObit\Advanced SystemCare 8\ASCTray.exe[4180] C:\Windows\syswow64\ADVAPI32.dll!CryptAcquireContextA 0000000075699179 5 bytes JMP 000000007ef36a41 .text C:\Program Files (x86)\IObit\Advanced SystemCare 8\ASCTray.exe[4180] C:\Windows\syswow64\ADVAPI32.dll!CryptExportKey 0000000075699186 5 bytes JMP 000000007ef370c9 .text C:\Program Files (x86)\IObit\Advanced SystemCare 8\ASCTray.exe[4180] C:\Windows\syswow64\ADVAPI32.dll!CryptImportKey 000000007569c4d2 5 bytes JMP 000000007ef37291 .text C:\Program Files (x86)\IObit\Advanced SystemCare 8\ASCTray.exe[4180] C:\Windows\syswow64\ADVAPI32.dll!OpenServiceW 000000007569c9ec 5 bytes JMP 000000007ef33c89 .text C:\Program Files (x86)\IObit\Advanced SystemCare 8\ASCTray.exe[4180] C:\Windows\syswow64\ADVAPI32.dll!CryptAcquireContextW 000000007569deb4 5 bytes JMP 000000007ef36ad9 .text C:\Program Files (x86)\IObit\Advanced SystemCare 8\ASCTray.exe[4180] C:\Windows\syswow64\ADVAPI32.dll!CryptHashData 000000007569ded6 5 bytes JMP 000000007ef371f9 .text C:\Program Files (x86)\IObit\Advanced SystemCare 8\ASCTray.exe[4180] C:\Windows\syswow64\ADVAPI32.dll!CryptCreateHash 000000007569deee 5 bytes JMP 000000007ef37031 .text C:\Program Files (x86)\IObit\Advanced SystemCare 8\ASCTray.exe[4180] C:\Windows\syswow64\ADVAPI32.dll!CryptGetHashParam 000000007569df1e 5 bytes JMP 000000007ef37161 .text C:\Program Files (x86)\IObit\Advanced SystemCare 8\ASCTray.exe[4180] C:\Windows\syswow64\ADVAPI32.dll!OpenServiceA 00000000756a2b50 5 bytes JMP 000000007ef33bf1 .text C:\Program Files (x86)\IObit\Advanced SystemCare 8\ASCTray.exe[4180] C:\Windows\syswow64\ADVAPI32.dll!CloseServiceHandle 00000000756a35fc 5 bytes JMP 000000007ef340b1 .text C:\Program Files (x86)\IObit\Advanced SystemCare 8\ASCTray.exe[4180] C:\Windows\syswow64\ADVAPI32.dll!RegOpenKeyExA + 222 00000000756a494d 5 bytes JMP 000000007ef37919 .text C:\Program Files (x86)\IObit\Advanced SystemCare 8\ASCTray.exe[4180] C:\Windows\syswow64\ADVAPI32.dll!CreateServiceW 00000000756b714c 5 bytes JMP 000000007ef34311 .text C:\Program Files (x86)\IObit\Advanced SystemCare 8\ASCTray.exe[4180] C:\Windows\syswow64\ADVAPI32.dll!ControlService 00000000756b7164 5 bytes JMP 000000007ef33e51 .text C:\Program Files (x86)\IObit\Advanced SystemCare 8\ASCTray.exe[4180] C:\Windows\syswow64\ADVAPI32.dll!DeleteService 00000000756b717c 5 bytes JMP 000000007ef33ee9 .text C:\Program Files (x86)\IObit\Advanced SystemCare 8\ASCTray.exe[4180] C:\Windows\syswow64\ADVAPI32.dll!CryptEncrypt 00000000756b77c3 5 bytes JMP 000000007ef36c09 .text C:\Program Files (x86)\IObit\Advanced SystemCare 8\ASCTray.exe[4180] C:\Windows\syswow64\ADVAPI32.dll!ChangeServiceConfigA 00000000756d3384 5 bytes JMP 000000007ef33f81 .text C:\Program Files (x86)\IObit\Advanced SystemCare 8\ASCTray.exe[4180] C:\Windows\syswow64\ADVAPI32.dll!ChangeServiceConfigW 00000000756d3394 5 bytes JMP 000000007ef34019 .text C:\Program Files (x86)\IObit\Advanced SystemCare 8\ASCTray.exe[4180] C:\Windows\syswow64\ADVAPI32.dll!ControlServiceExA 00000000756d33a4 5 bytes JMP 000000007ef33d21 .text C:\Program Files (x86)\IObit\Advanced SystemCare 8\ASCTray.exe[4180] C:\Windows\syswow64\ADVAPI32.dll!ControlServiceExW 00000000756d33b4 5 bytes JMP 000000007ef33db9 .text C:\Program Files (x86)\IObit\Advanced SystemCare 8\ASCTray.exe[4180] C:\Windows\syswow64\ADVAPI32.dll!CreateServiceA 00000000756d33f4 5 bytes JMP 000000007ef34279 .text C:\Program Files (x86)\IObit\Advanced SystemCare 8\ASCTray.exe[4180] C:\Windows\syswow64\WS2_32.dll!closesocket 0000000077293918 5 bytes JMP 000000007ef35741 .text C:\Program Files (x86)\IObit\Advanced SystemCare 8\ASCTray.exe[4180] C:\Windows\syswow64\WS2_32.dll!WSASocketW 0000000077293cd3 5 bytes JMP 000000007ef356a9 .text C:\Program Files (x86)\IObit\Advanced SystemCare 8\ASCTray.exe[4180] C:\Windows\syswow64\WS2_32.dll!socket 0000000077293eb8 5 bytes JMP 000000007ef36ca1 .text C:\Program Files (x86)\IObit\Advanced SystemCare 8\ASCTray.exe[4180] C:\Windows\syswow64\WS2_32.dll!WSASend 0000000077294406 5 bytes JMP 000000007ef32139 .text C:\Program Files (x86)\IObit\Advanced SystemCare 8\ASCTray.exe[4180] C:\Windows\syswow64\WS2_32.dll!GetAddrInfoW 0000000077294889 5 bytes JMP 000000007ef34dc1 .text C:\Program Files (x86)\IObit\Advanced SystemCare 8\ASCTray.exe[4180] C:\Windows\syswow64\WS2_32.dll!recv 0000000077296b0e 5 bytes JMP 000000007ef36e69 .text C:\Program Files (x86)\IObit\Advanced SystemCare 8\ASCTray.exe[4180] C:\Windows\syswow64\WS2_32.dll!connect 0000000077296bdd 1 byte JMP 000000007ef341e1 .text C:\Program Files (x86)\IObit\Advanced SystemCare 8\ASCTray.exe[4180] C:\Windows\syswow64\WS2_32.dll!connect + 2 0000000077296bdf 3 bytes {CALL RBP} .text C:\Program Files (x86)\IObit\Advanced SystemCare 8\ASCTray.exe[4180] C:\Windows\syswow64\WS2_32.dll!send 0000000077296f01 5 bytes JMP 000000007ef320a1 .text C:\Program Files (x86)\IObit\Advanced SystemCare 8\ASCTray.exe[4180] C:\Windows\syswow64\WS2_32.dll!WSARecv 0000000077297089 5 bytes JMP 000000007ef36f01 .text C:\Program Files (x86)\IObit\Advanced SystemCare 8\ASCTray.exe[4180] C:\Windows\syswow64\WS2_32.dll!WSAConnect 000000007729cc3f 5 bytes JMP 000000007ef36dd1 .text C:\Program Files (x86)\IObit\Advanced SystemCare 8\ASCTray.exe[4180] C:\Windows\syswow64\WS2_32.dll!GetAddrInfoExW 000000007729d1ea 5 bytes JMP 000000007ef34e59 .text C:\Program Files (x86)\IObit\Advanced SystemCare 8\ASCTray.exe[4180] C:\Windows\syswow64\WS2_32.dll!gethostbyname 00000000772a7673 5 bytes JMP 000000007ef34ef1 .text C:\Program Files (x86)\IObit\Advanced SystemCare 8\ASCTray.exe[4180] C:\Windows\syswow64\shell32.dll!Shell_NotifyIconW 0000000075dc01a9 5 bytes JMP 000000007ef34d29 .text C:\Windows\system32\SearchIndexer.exe[4404] C:\Windows\SYSTEM32\ntdll.dll!RtlEqualSid + 1 0000000077af85e1 11 bytes [B8, B9, 06, A5, 75, 00, 00, ...] .text C:\Windows\system32\SearchIndexer.exe[4404] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateProcessParametersEx + 1 0000000077b06921 7 bytes [B8, 39, 69, A4, 75, 00, 00] .text C:\Windows\system32\SearchIndexer.exe[4404] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateProcessParametersEx + 10 0000000077b0692a 2 bytes [50, C3] .text C:\Windows\system32\SearchIndexer.exe[4404] C:\Windows\SYSTEM32\ntdll.dll!NtClose 0000000077b1daa0 6 bytes [48, B8, 79, C2, A4, 75] .text C:\Windows\system32\SearchIndexer.exe[4404] C:\Windows\SYSTEM32\ntdll.dll!NtClose + 8 0000000077b1daa8 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\SearchIndexer.exe[4404] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess 0000000077b1db70 6 bytes [48, B8, 39, AF, A4, 75] .text C:\Windows\system32\SearchIndexer.exe[4404] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess + 8 0000000077b1db78 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\SearchIndexer.exe[4404] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationToken 0000000077b1dbc0 6 bytes [48, B8, F9, 04, A5, 75] .text C:\Windows\system32\SearchIndexer.exe[4404] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationToken + 8 0000000077b1dbc8 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\SearchIndexer.exe[4404] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077b1dc10 6 bytes [48, B8, F9, 32, A4, 75] .text C:\Windows\system32\SearchIndexer.exe[4404] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess + 8 0000000077b1dc18 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\SearchIndexer.exe[4404] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 0000000077b1dc30 6 bytes [48, B8, 39, 1C, A4, 75] .text C:\Windows\system32\SearchIndexer.exe[4404] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection + 8 0000000077b1dc38 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\SearchIndexer.exe[4404] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection 0000000077b1dc50 6 bytes [48, B8, F9, 1D, A4, 75] .text C:\Windows\system32\SearchIndexer.exe[4404] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection + 8 0000000077b1dc58 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\SearchIndexer.exe[4404] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077b1dc70 6 bytes [48, B8, 79, AD, A4, 75] .text C:\Windows\system32\SearchIndexer.exe[4404] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess + 8 0000000077b1dc78 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\SearchIndexer.exe[4404] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077b1dd50 6 bytes [48, B8, 79, 2F, A4, 75] .text C:\Windows\system32\SearchIndexer.exe[4404] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory + 8 0000000077b1dd58 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\SearchIndexer.exe[4404] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077b1dd70 6 bytes [48, B8, 79, 36, A4, 75] .text C:\Windows\system32\SearchIndexer.exe[4404] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject + 8 0000000077b1dd78 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\SearchIndexer.exe[4404] C:\Windows\SYSTEM32\ntdll.dll!NtAdjustPrivilegesToken 0000000077b1ddc0 6 bytes [48, B8, 79, DE, A4, 75] .text C:\Windows\system32\SearchIndexer.exe[4404] C:\Windows\SYSTEM32\ntdll.dll!NtAdjustPrivilegesToken + 8 0000000077b1ddc8 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\SearchIndexer.exe[4404] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 0000000077b1de00 6 bytes [48, B8, B9, 34, A4, 75] .text C:\Windows\system32\SearchIndexer.exe[4404] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread + 8 0000000077b1de08 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\SearchIndexer.exe[4404] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcessEx 0000000077b1de80 6 bytes [48, B8, 39, 2A, A4, 75] .text C:\Windows\system32\SearchIndexer.exe[4404] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcessEx + 8 0000000077b1de88 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\SearchIndexer.exe[4404] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077b1de90 6 bytes [48, B8, B9, 26, A4, 75] .text C:\Windows\system32\SearchIndexer.exe[4404] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread + 8 0000000077b1de98 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\SearchIndexer.exe[4404] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 0000000077b1df00 6 bytes [48, B8, 39, E0, A4, 75] .text C:\Windows\system32\SearchIndexer.exe[4404] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile + 8 0000000077b1df08 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\SearchIndexer.exe[4404] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcess 0000000077b1e3d0 6 bytes [48, B8, 79, 28, A4, 75] .text C:\Windows\system32\SearchIndexer.exe[4404] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcess + 8 0000000077b1e3d8 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\SearchIndexer.exe[4404] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077b1e430 6 bytes [48, B8, F9, 24, A4, 75] .text C:\Windows\system32\SearchIndexer.exe[4404] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx + 8 0000000077b1e438 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\SearchIndexer.exe[4404] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077b1e7a0 6 bytes [48, B8, 39, C4, A4, 75] .text C:\Windows\system32\SearchIndexer.exe[4404] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver + 8 0000000077b1e7a8 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\SearchIndexer.exe[4404] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcessToken 0000000077b1e970 6 bytes [48, B8, 39, 03, A5, 75] .text C:\Windows\system32\SearchIndexer.exe[4404] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcessToken + 8 0000000077b1e978 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\SearchIndexer.exe[4404] C:\Windows\SYSTEM32\ntdll.dll!NtRaiseHardError 0000000077b1ece0 6 bytes [48, B8, 79, 83, A4, 75] .text C:\Windows\system32\SearchIndexer.exe[4404] C:\Windows\SYSTEM32\ntdll.dll!NtRaiseHardError + 8 0000000077b1ece8 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\SearchIndexer.exe[4404] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077b1eee0 6 bytes [48, B8, 39, 31, A4, 75] .text C:\Windows\system32\SearchIndexer.exe[4404] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread + 8 0000000077b1eee8 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\SearchIndexer.exe[4404] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077b1f0a0 6 bytes [48, B8, F9, C5, A4, 75] .text C:\Windows\system32\SearchIndexer.exe[4404] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation + 8 0000000077b1f0a8 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\SearchIndexer.exe[4404] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077b1f180 6 bytes [48, B8, 79, 3D, A4, 75] .text C:\Windows\system32\SearchIndexer.exe[4404] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess + 8 0000000077b1f188 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\SearchIndexer.exe[4404] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077b1f190 6 bytes [48, B8, B9, 3B, A4, 75] .text C:\Windows\system32\SearchIndexer.exe[4404] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread + 8 0000000077b1f198 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\SearchIndexer.exe[4404] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077b1f280 6 bytes [48, B8, F9, 0B, A5, 75] .text C:\Windows\system32\SearchIndexer.exe[4404] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl + 8 0000000077b1f288 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\SearchIndexer.exe[4404] C:\Windows\SYSTEM32\ntdll.dll!RtlReportException + 1 0000000077b8f0c1 11 bytes [B8, 39, 85, A4, 75, 00, 00, ...] .text C:\Windows\system32\SearchIndexer.exe[4404] C:\Windows\system32\KERNELBASE.dll!CloseHandle + 1 000007fefd951861 11 bytes [B8, 79, 52, A4, 75, 00, 00, ...] .text C:\Windows\system32\SearchIndexer.exe[4404] C:\Windows\system32\KERNELBASE.dll!GetProcAddress + 1 000007fefd9530f1 11 bytes [B8, 39, B6, A4, 75, 00, 00, ...] .text C:\Windows\system32\SearchIndexer.exe[4404] C:\Windows\system32\KERNELBASE.dll!FindFirstFileExW 000007fefd954a20 12 bytes [48, B8, B9, E3, A4, 75, 00, ...] .text C:\Windows\system32\SearchIndexer.exe[4404] C:\Windows\system32\KERNELBASE.dll!FindNextFileW + 1 000007fefd955501 11 bytes [B8, 79, E5, A4, 75, 00, 00, ...] .text C:\Windows\system32\SearchIndexer.exe[4404] C:\Windows\system32\KERNELBASE.dll!CreateMutexW 000007fefd9585b0 12 bytes [48, B8, B9, 50, A4, 75, 00, ...] .text C:\Windows\system32\SearchIndexer.exe[4404] C:\Windows\system32\KERNELBASE.dll!DeviceIoControl + 1 000007fefd9590a1 11 bytes [B8, F9, E1, A4, 75, 00, 00, ...] .text C:\Windows\system32\SearchIndexer.exe[4404] C:\Windows\system32\KERNELBASE.dll!CreateWellKnownSid + 1 000007fefd95a881 11 bytes [B8, 79, 01, A5, 75, 00, 00, ...] .text C:\Windows\system32\SearchIndexer.exe[4404] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd95ac50 12 bytes [48, B8, B9, B2, A4, 75, 00, ...] .text C:\Windows\system32\SearchIndexer.exe[4404] C:\Windows\system32\KERNELBASE.dll!FreeLibrary + 1 000007fefd95b2c1 11 bytes [B8, 79, B4, A4, 75, 00, 00, ...] .text C:\Windows\system32\SearchIndexer.exe[4404] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExA + 1 000007fefd95cec1 11 bytes [B8, F9, B0, A4, 75, 00, 00, ...] .text C:\Windows\system32\SearchIndexer.exe[4404] C:\Windows\system32\KERNELBASE.dll!OpenMutexW + 1 000007fefd963c71 11 bytes [B8, F9, 4E, A4, 75, 00, 00, ...] .text C:\Windows\system32\SearchIndexer.exe[4404] C:\Windows\system32\KERNELBASE.dll!WriteProcessMemory 000007fefd984300 12 bytes [48, B8, B9, 42, A4, 75, 00, ...] .text C:\Windows\system32\SearchIndexer.exe[4404] C:\Windows\system32\KERNELBASE.dll!DefineDosDeviceW + 1 000007fefd990bc1 11 bytes [B8, B9, CE, A4, 75, 00, 00, ...] .text C:\Windows\system32\SearchIndexer.exe[4404] C:\Windows\system32\KERNELBASE.dll!CreateRemoteThread + 1 000007fefd992821 8 bytes [B8, 39, 23, A4, 75, 00, 00, ...] .text C:\Windows\system32\SearchIndexer.exe[4404] C:\Windows\system32\KERNELBASE.dll!CreateRemoteThread + 10 000007fefd99282a 2 bytes [50, C3] .text C:\Windows\system32\SearchIndexer.exe[4404] C:\Windows\system32\KERNELBASE.dll!CreateThread + 1 000007fefd992861 11 bytes [B8, F9, 40, A4, 75, 00, 00, ...] .text C:\Windows\system32\SearchIndexer.exe[4404] C:\Windows\SYSTEM32\sechost.dll!ControlService + 1 000007fefe88642d 11 bytes [B8, 39, 5B, A4, 75, 00, 00, ...] .text C:\Windows\system32\SearchIndexer.exe[4404] C:\Windows\SYSTEM32\sechost.dll!OpenServiceW 000007fefe886484 12 bytes [48, B8, F9, 55, A4, 75, 00, ...] .text C:\Windows\system32\SearchIndexer.exe[4404] C:\Windows\SYSTEM32\sechost.dll!CloseServiceHandle + 1 000007fefe886519 11 bytes [B8, 39, 62, A4, 75, 00, 00, ...] .text C:\Windows\system32\SearchIndexer.exe[4404] C:\Windows\SYSTEM32\sechost.dll!OpenServiceA 000007fefe886c34 12 bytes [48, B8, 39, 54, A4, 75, 00, ...] .text C:\Windows\system32\SearchIndexer.exe[4404] C:\Windows\SYSTEM32\sechost.dll!DeleteService + 1 000007fefe887ab5 11 bytes [B8, F9, 5C, A4, 75, 00, 00, ...] .text C:\Windows\system32\SearchIndexer.exe[4404] C:\Windows\SYSTEM32\sechost.dll!ControlServiceExA + 1 000007fefe888b01 11 bytes [B8, B9, 57, A4, 75, 00, 00, ...] .text C:\Windows\system32\SearchIndexer.exe[4404] C:\Windows\SYSTEM32\sechost.dll!ControlServiceExW + 1 000007fefe888c39 11 bytes [B8, 79, 59, A4, 75, 00, 00, ...] .text C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallMonitor.exe[2964] C:\Windows\SysWOW64\ntdll.dll!NtClose 0000000077ccfa20 5 bytes JMP 000000007ef35e61 .text C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallMonitor.exe[2964] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationProcess 0000000077ccfb68 5 bytes JMP 000000007ef35871 .text C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallMonitor.exe[2964] C:\Windows\SysWOW64\ntdll.dll!NtQueryInformationToken 0000000077ccfbe8 5 bytes JMP 000000007ef37459 .text C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallMonitor.exe[2964] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess 0000000077ccfc60 5 bytes JMP 000000007ef331d9 .text C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallMonitor.exe[2964] C:\Windows\SysWOW64\ntdll.dll!NtMapViewOfSection 0000000077ccfc90 5 bytes JMP 000000007ef315f1 .text C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallMonitor.exe[2964] C:\Windows\SysWOW64\ntdll.dll!NtUnmapViewOfSection 0000000077ccfcc0 5 bytes JMP 000000007ef31689 .text C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallMonitor.exe[2964] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 0000000077ccfcf0 5 bytes JMP 000000007ef357d9 .text C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallMonitor.exe[2964] C:\Windows\SysWOW64\ntdll.dll!NtWriteVirtualMemory 0000000077ccfe54 5 bytes JMP 000000007ef330a9 .text C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallMonitor.exe[2964] C:\Windows\SysWOW64\ntdll.dll!NtDuplicateObject 0000000077ccfe84 5 bytes JMP 000000007ef33309 .text C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallMonitor.exe[2964] C:\Windows\SysWOW64\ntdll.dll!NtAdjustPrivilegesToken 0000000077ccff00 5 bytes JMP 000000007ef367e1 .text C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallMonitor.exe[2964] C:\Windows\SysWOW64\ntdll.dll!NtQueueApcThread 0000000077ccff64 5 bytes JMP 000000007ef33271 .text C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallMonitor.exe[2964] C:\Windows\SysWOW64\ntdll.dll!NtCreateProcessEx 0000000077cd002c 5 bytes JMP 000000007ef32ee1 .text C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallMonitor.exe[2964] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread 0000000077cd0044 5 bytes JMP 000000007ef32db1 .text C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallMonitor.exe[2964] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile 0000000077cd00f4 5 bytes JMP 000000007ef31ed9 .text C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallMonitor.exe[2964] C:\Windows\SysWOW64\ntdll.dll!NtSetValueKey 0000000077cd0204 5 bytes JMP 000000007ef32301 .text C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallMonitor.exe[2964] C:\Windows\SysWOW64\ntdll.dll!NtCreateProcess 0000000077cd0854 5 bytes JMP 000000007ef32e49 .text C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallMonitor.exe[2964] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx 0000000077cd08e4 5 bytes JMP 000000007ef32d19 .text C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallMonitor.exe[2964] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver 0000000077cd0e34 5 bytes JMP 000000007ef35ef9 .text C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallMonitor.exe[2964] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessToken 0000000077cd1100 5 bytes JMP 000000007ef373c1 .text C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallMonitor.exe[2964] C:\Windows\SysWOW64\ntdll.dll!NtRaiseHardError 0000000077cd1644 5 bytes JMP 000000007ef34ac9 .text C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallMonitor.exe[2964] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread 0000000077cd1960 5 bytes JMP 000000007ef33141 .text C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallMonitor.exe[2964] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation 0000000077cd1c24 5 bytes JMP 000000007ef35f91 .text C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallMonitor.exe[2964] C:\Windows\SysWOW64\ntdll.dll!NtSuspendProcess 0000000077cd1d94 5 bytes JMP 000000007ef33439 .text C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallMonitor.exe[2964] C:\Windows\SysWOW64\ntdll.dll!NtSuspendThread 0000000077cd1db0 5 bytes JMP 000000007ef333a1 .text C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallMonitor.exe[2964] C:\Windows\SysWOW64\ntdll.dll!NtVdmControl 0000000077cd1f28 5 bytes JMP 000000007ef37589 .text C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallMonitor.exe[2964] C:\Windows\SysWOW64\ntdll.dll!RtlQueryPerformanceCounter 0000000077ce28e4 5 bytes JMP 000000007ef31ab1 .text C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallMonitor.exe[2964] C:\Windows\SysWOW64\ntdll.dll!RtlEqualSid 0000000077ce8e61 5 bytes JMP 000000007ef374f1 .text C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallMonitor.exe[2964] C:\Windows\SysWOW64\ntdll.dll!RtlCreateProcessParametersEx 0000000077d10eab 5 bytes JMP 000000007ef32009 .text C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallMonitor.exe[2964] C:\Windows\SysWOW64\ntdll.dll!RtlReportException 0000000077d58b7f 5 bytes JMP 000000007ef34b61 .text C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallMonitor.exe[2964] C:\Windows\SysWOW64\ntdll.dll!RtlCreateProcessParameters 0000000077d5ee1b 5 bytes JMP 000000007ef31f71 .text C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallMonitor.exe[2964] C:\Windows\syswow64\kernel32.dll!GetStartupInfoA 0000000075a90e00 5 bytes JMP 000000007ef31da9 .text C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallMonitor.exe[2964] C:\Windows\syswow64\kernel32.dll!CreateProcessA 0000000075a91072 5 bytes JMP 000000007ef32a21 .text C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallMonitor.exe[2964] C:\Windows\syswow64\kernel32.dll!LoadLibraryA 0000000075a94977 5 bytes JMP 000000007ef325f9 .text C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallMonitor.exe[2964] C:\Windows\syswow64\kernel32.dll!CreateProcessInternalW 0000000075aa3b93 5 bytes JMP 000000007ef33011 .text C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallMonitor.exe[2964] C:\Windows\syswow64\kernel32.dll!MoveFileWithProgressW 0000000075aa9a8c 5 bytes JMP 000000007ef36749 .text C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallMonitor.exe[2964] C:\Windows\syswow64\kernel32.dll!MoveFileExW 0000000075aa9aed 5 bytes JMP 000000007ef364e9 .text C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallMonitor.exe[2964] C:\Windows\syswow64\kernel32.dll!CreateToolhelp32Snapshot 0000000075ab7317 5 bytes JMP 000000007ef32729 .text C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallMonitor.exe[2964] C:\Windows\syswow64\kernel32.dll!Process32NextW 0000000075ab88ca 5 bytes JMP 000000007ef35dc9 .text C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallMonitor.exe[2964] C:\Windows\syswow64\kernel32.dll!MoveFileExA 0000000075abccb1 5 bytes JMP 000000007ef363b9 .text C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallMonitor.exe[2964] C:\Windows\syswow64\kernel32.dll!MoveFileWithProgressA 0000000075abccd1 5 bytes JMP 000000007ef36619 .text C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallMonitor.exe[2964] C:\Windows\syswow64\kernel32.dll!WinExec 0000000075b13061 5 bytes JMP 000000007ef328f1 .text C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallMonitor.exe[2964] C:\Windows\syswow64\kernel32.dll!ReadConsoleInputA 0000000075b3752b 5 bytes JMP 000000007ef346a1 .text C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallMonitor.exe[2964] C:\Windows\syswow64\kernel32.dll!ReadConsoleInputW 0000000075b3754e 5 bytes JMP 000000007ef347d1 .text C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallMonitor.exe[2964] C:\Windows\syswow64\kernel32.dll!ReadConsoleA 0000000075b378f9 5 bytes JMP 000000007ef34901 .text C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallMonitor.exe[2964] C:\Windows\syswow64\kernel32.dll!ReadConsoleW 0000000075b37972 5 bytes JMP 000000007ef34a31 .text C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallMonitor.exe[2964] C:\Windows\syswow64\KERNELBASE.dll!GetSystemTimeAsFileTime 0000000075a38f8d 5 bytes JMP 000000007ef31a19 .text C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallMonitor.exe[2964] C:\Windows\syswow64\KERNELBASE.dll!CloseHandle 0000000075a3c436 5 bytes JMP 000000007ef33b59 .text C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallMonitor.exe[2964] C:\Windows\syswow64\KERNELBASE.dll!DeviceIoControl 0000000075a3d0af 5 bytes JMP 000000007ef36879 .text C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallMonitor.exe[2964] C:\Windows\syswow64\KERNELBASE.dll!WriteProcessMemory 0000000075a3eca6 5 bytes JMP 000000007ef33601 .text C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallMonitor.exe[2964] C:\Windows\syswow64\KERNELBASE.dll!ExitProcess 0000000075a3f206 5 bytes JMP 000000007ef32399 .text C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallMonitor.exe[2964] C:\Windows\syswow64\KERNELBASE.dll!GetStartupInfoW 0000000075a3fa89 5 bytes JMP 000000007ef31e41 .text C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallMonitor.exe[2964] C:\Windows\syswow64\KERNELBASE.dll!DefineDosDeviceW 0000000075a3fbb7 5 bytes JMP 000000007ef36289 .text C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallMonitor.exe[2964] C:\Windows\syswow64\KERNELBASE.dll!CreateMutexW 0000000075a41358 5 bytes JMP 000000007ef33ac1 .text C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallMonitor.exe[2964] C:\Windows\syswow64\KERNELBASE.dll!OpenMutexW 0000000075a4137f 5 bytes JMP 000000007ef33a29 .text C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallMonitor.exe[2964] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000075a41d29 5 bytes JMP 000000007ef31981 .text C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallMonitor.exe[2964] C:\Windows\syswow64\KERNELBASE.dll!GetProcAddress 0000000075a41e15 5 bytes JMP 000000007ef324c9 .text C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallMonitor.exe[2964] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000075a42ab1 5 bytes JMP 000000007ef359a1 .text C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallMonitor.exe[2964] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExA 0000000075a42cdf 5 bytes JMP 000000007ef35909 .text C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallMonitor.exe[2964] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000075a42d1d 5 bytes JMP 000000007ef35a39 .text C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallMonitor.exe[2964] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleA 0000000075a42e80 5 bytes JMP 000000007ef318e9 .text C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallMonitor.exe[2964] C:\Windows\syswow64\KERNELBASE.dll!SleepEx 0000000075a43b76 5 bytes JMP 000000007ef32269 .text C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallMonitor.exe[2964] C:\Windows\syswow64\KERNELBASE.dll!Sleep 0000000075a4449c 5 bytes JMP 000000007ef32431 .text C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallMonitor.exe[2964] C:\Windows\syswow64\KERNELBASE.dll!CreateThread 0000000075a4460e 5 bytes JMP 000000007ef33569 .text C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallMonitor.exe[2964] C:\Windows\syswow64\KERNELBASE.dll!CreateRemoteThread 0000000075a44637 5 bytes JMP 000000007ef32c81 .text C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallMonitor.exe[2964] C:\Windows\syswow64\KERNELBASE.dll!FindNextFileW 0000000075a4a217 5 bytes JMP 000000007ef369a9 .text C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallMonitor.exe[2964] C:\Windows\syswow64\KERNELBASE.dll!FindFirstFileExW 0000000075a4a500 5 bytes JMP 000000007ef36911 .text C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallMonitor.exe[2964] C:\Windows\syswow64\KERNELBASE.dll!CreateFileA 0000000075a4c73a 5 bytes JMP 000000007ef327c1 .text C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallMonitor.exe[2964] C:\Windows\syswow64\KERNELBASE.dll!CreateWellKnownSid 0000000075a4e2a4 5 bytes JMP 000000007ef37329 .text C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallMonitor.exe[2964] C:\Windows\syswow64\msvcrt.dll!_lock + 41 0000000075b9a472 5 bytes JMP 000000007ef37751 .text C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallMonitor.exe[2964] C:\Windows\syswow64\msvcrt.dll!__p__fmode 0000000075ba27ce 5 bytes JMP 000000007ef31be1 .text C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallMonitor.exe[2964] C:\Windows\syswow64\msvcrt.dll!__p__environ 0000000075bae6cf 5 bytes JMP 000000007ef31b49 .text C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallMonitor.exe[2964] C:\Windows\syswow64\GDI32.dll!TranslateCharsetInfo + 505 0000000076b4633b 5 bytes JMP 000000007ef377e9 .text C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallMonitor.exe[2964] C:\Windows\syswow64\GDI32.dll!NamedEscape 0000000076b740e9 5 bytes JMP 000000007ef36f99 .text C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallMonitor.exe[2964] C:\Windows\syswow64\USER32.dll!GetMessageW 0000000076e278e2 5 bytes JMP 000000007ef34441 .text C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallMonitor.exe[2964] C:\Windows\syswow64\USER32.dll!GetMessageA 0000000076e27bd3 5 bytes JMP 000000007ef343a9 .text C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallMonitor.exe[2964] C:\Windows\syswow64\USER32.dll!CreateWindowExW 0000000076e28a29 5 bytes JMP 000000007ef34f89 .text C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallMonitor.exe[2964] C:\Windows\syswow64\USER32.dll!FindWindowW 0000000076e298fd 1 byte JMP 000000007ef35c01 .text C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallMonitor.exe[2964] C:\Windows\syswow64\USER32.dll!FindWindowW + 2 0000000076e298ff 3 bytes {JMP 0x810c304} .text C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallMonitor.exe[2964] C:\Windows\syswow64\USER32.dll!UserClientDllInitialize 0000000076e2b6ed 5 bytes JMP 000000007ef37881 .text C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallMonitor.exe[2964] C:\Windows\syswow64\USER32.dll!CreateWindowExA 0000000076e2d22e 5 bytes JMP 000000007ef35021 .text C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallMonitor.exe[2964] C:\Windows\syswow64\USER32.dll!SetWinEventHook 0000000076e2ee09 5 bytes JMP 000000007ef334d1 .text C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallMonitor.exe[2964] C:\Windows\syswow64\USER32.dll!FindWindowA 0000000076e2ffe6 5 bytes JMP 000000007ef35ad1 .text C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallMonitor.exe[2964] C:\Windows\syswow64\USER32.dll!FindWindowExA 0000000076e300d9 5 bytes JMP 000000007ef35b69 .text C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallMonitor.exe[2964] C:\Windows\syswow64\USER32.dll!PeekMessageW 0000000076e305ba 5 bytes JMP 000000007ef34571 .text C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallMonitor.exe[2964] C:\Windows\syswow64\USER32.dll!ShowWindow 0000000076e30dfb 5 bytes JMP 000000007ef350b9 .text C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallMonitor.exe[2964] C:\Windows\syswow64\USER32.dll!PostMessageW 0000000076e312a5 5 bytes JMP 000000007ef376b9 .text C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallMonitor.exe[2964] C:\Windows\syswow64\USER32.dll!SetWindowTextW 0000000076e320ec 5 bytes JMP 000000007ef35449 .text C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallMonitor.exe[2964] C:\Windows\syswow64\USER32.dll!PostMessageA 0000000076e33baa 5 bytes JMP 000000007ef37621 .text C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallMonitor.exe[2964] C:\Windows\syswow64\USER32.dll!PeekMessageA 0000000076e35f74 5 bytes JMP 000000007ef344d9 .text C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallMonitor.exe[2964] C:\Windows\syswow64\USER32.dll!CallNextHookEx 0000000076e36285 5 bytes JMP 000000007ef34bf9 .text C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallMonitor.exe[2964] C:\Windows\syswow64\USER32.dll!SetWindowsHookExW 0000000076e37603 5 bytes JMP 000000007ef32be9 .text C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallMonitor.exe[2964] C:\Windows\syswow64\USER32.dll!SetWindowTextA 0000000076e37aee 5 bytes JMP 000000007ef353b1 .text C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallMonitor.exe[2964] C:\Windows\syswow64\USER32.dll!SetWindowsHookExA 0000000076e3835c 5 bytes JMP 000000007ef32b51 .text C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallMonitor.exe[2964] C:\Windows\syswow64\USER32.dll!DialogBoxIndirectParamAorW 0000000076e4ce54 5 bytes JMP 000000007ef351e9 .text C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallMonitor.exe[2964] C:\Windows\syswow64\USER32.dll!UnhookWindowsHookEx 0000000076e4f52b 5 bytes JMP 000000007ef34c91 .text C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallMonitor.exe[2964] C:\Windows\syswow64\USER32.dll!FindWindowExW 0000000076e4f588 5 bytes JMP 000000007ef35c99 .text C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallMonitor.exe[2964] C:\Windows\syswow64\USER32.dll!CreateDialogIndirectParamAorW 0000000076e510a0 5 bytes JMP 000000007ef35151 .text C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallMonitor.exe[2964] C:\Windows\syswow64\USER32.dll!MessageBoxExA 0000000076e7fcd6 2 bytes JMP 000000007ef35281 .text C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallMonitor.exe[2964] C:\Windows\syswow64\USER32.dll!MessageBoxExA + 3 0000000076e7fcd9 2 bytes [0B, 08] .text C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallMonitor.exe[2964] C:\Windows\syswow64\USER32.dll!MessageBoxExW 0000000076e7fcfa 5 bytes JMP 000000007ef35319 .text C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallMonitor.exe[2964] C:\Windows\syswow64\ADVAPI32.dll!CryptGenKey 0000000075698e89 5 bytes JMP 000000007ef36b71 .text C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallMonitor.exe[2964] C:\Windows\syswow64\ADVAPI32.dll!CryptAcquireContextA 0000000075699179 5 bytes JMP 000000007ef36a41 .text C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallMonitor.exe[2964] C:\Windows\syswow64\ADVAPI32.dll!CryptExportKey 0000000075699186 5 bytes JMP 000000007ef370c9 .text C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallMonitor.exe[2964] C:\Windows\syswow64\ADVAPI32.dll!CryptImportKey 000000007569c4d2 5 bytes JMP 000000007ef37291 .text C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallMonitor.exe[2964] C:\Windows\syswow64\ADVAPI32.dll!OpenServiceW 000000007569c9ec 5 bytes JMP 000000007ef33c89 .text C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallMonitor.exe[2964] C:\Windows\syswow64\ADVAPI32.dll!CryptAcquireContextW 000000007569deb4 5 bytes JMP 000000007ef36ad9 .text C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallMonitor.exe[2964] C:\Windows\syswow64\ADVAPI32.dll!CryptHashData 000000007569ded6 5 bytes JMP 000000007ef371f9 .text C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallMonitor.exe[2964] C:\Windows\syswow64\ADVAPI32.dll!CryptCreateHash 000000007569deee 5 bytes JMP 000000007ef37031 .text C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallMonitor.exe[2964] C:\Windows\syswow64\ADVAPI32.dll!CryptGetHashParam 000000007569df1e 5 bytes JMP 000000007ef37161 .text C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallMonitor.exe[2964] C:\Windows\syswow64\ADVAPI32.dll!OpenServiceA 00000000756a2b50 5 bytes JMP 000000007ef33bf1 .text C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallMonitor.exe[2964] C:\Windows\syswow64\ADVAPI32.dll!CloseServiceHandle 00000000756a35fc 5 bytes JMP 000000007ef340b1 .text C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallMonitor.exe[2964] C:\Windows\syswow64\ADVAPI32.dll!RegOpenKeyExA + 222 00000000756a494d 5 bytes JMP 000000007ef37919 .text C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallMonitor.exe[2964] C:\Windows\syswow64\ADVAPI32.dll!CreateServiceW 00000000756b714c 5 bytes JMP 000000007ef34311 .text C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallMonitor.exe[2964] C:\Windows\syswow64\ADVAPI32.dll!ControlService 00000000756b7164 5 bytes JMP 000000007ef33e51 .text C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallMonitor.exe[2964] C:\Windows\syswow64\ADVAPI32.dll!DeleteService 00000000756b717c 5 bytes JMP 000000007ef33ee9 .text C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallMonitor.exe[2964] C:\Windows\syswow64\ADVAPI32.dll!CryptEncrypt 00000000756b77c3 5 bytes JMP 000000007ef36c09 .text C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallMonitor.exe[2964] C:\Windows\syswow64\ADVAPI32.dll!ChangeServiceConfigA 00000000756d3384 5 bytes JMP 000000007ef33f81 .text C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallMonitor.exe[2964] C:\Windows\syswow64\ADVAPI32.dll!ChangeServiceConfigW 00000000756d3394 5 bytes JMP 000000007ef34019 .text C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallMonitor.exe[2964] C:\Windows\syswow64\ADVAPI32.dll!ControlServiceExA 00000000756d33a4 5 bytes JMP 000000007ef33d21 .text C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallMonitor.exe[2964] C:\Windows\syswow64\ADVAPI32.dll!ControlServiceExW 00000000756d33b4 5 bytes JMP 000000007ef33db9 .text C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallMonitor.exe[2964] C:\Windows\syswow64\ADVAPI32.dll!CreateServiceA 00000000756d33f4 5 bytes JMP 000000007ef34279 .text C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallMonitor.exe[2964] C:\Windows\syswow64\WS2_32.dll!closesocket 0000000077293918 5 bytes JMP 000000007ef35741 .text C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallMonitor.exe[2964] C:\Windows\syswow64\WS2_32.dll!WSASocketW 0000000077293cd3 5 bytes JMP 000000007ef356a9 .text C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallMonitor.exe[2964] C:\Windows\syswow64\WS2_32.dll!socket 0000000077293eb8 5 bytes JMP 000000007ef36ca1 .text C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallMonitor.exe[2964] C:\Windows\syswow64\WS2_32.dll!WSASend 0000000077294406 5 bytes JMP 000000007ef32139 .text C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallMonitor.exe[2964] C:\Windows\syswow64\WS2_32.dll!GetAddrInfoW 0000000077294889 5 bytes JMP 000000007ef34dc1 .text C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallMonitor.exe[2964] C:\Windows\syswow64\WS2_32.dll!recv 0000000077296b0e 5 bytes JMP 000000007ef36e69 .text C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallMonitor.exe[2964] C:\Windows\syswow64\WS2_32.dll!connect 0000000077296bdd 1 byte JMP 000000007ef341e1 .text C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallMonitor.exe[2964] C:\Windows\syswow64\WS2_32.dll!connect + 2 0000000077296bdf 3 bytes {CALL RBP} .text C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallMonitor.exe[2964] C:\Windows\syswow64\WS2_32.dll!send 0000000077296f01 5 bytes JMP 000000007ef320a1 .text C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallMonitor.exe[2964] C:\Windows\syswow64\WS2_32.dll!WSARecv 0000000077297089 5 bytes JMP 000000007ef36f01 .text C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallMonitor.exe[2964] C:\Windows\syswow64\WS2_32.dll!WSAConnect 000000007729cc3f 5 bytes JMP 000000007ef36dd1 .text C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallMonitor.exe[2964] C:\Windows\syswow64\WS2_32.dll!GetAddrInfoExW 000000007729d1ea 5 bytes JMP 000000007ef34e59 .text C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallMonitor.exe[2964] C:\Windows\syswow64\WS2_32.dll!gethostbyname 00000000772a7673 5 bytes JMP 000000007ef34ef1 .text C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallMonitor.exe[2964] C:\Windows\syswow64\shell32.dll!Shell_NotifyIconW 0000000075dc01a9 5 bytes JMP 000000007ef34d29 .text C:\Program Files (x86)\IObit\Advanced SystemCare 8\RealTimeProtector.exe[4232] C:\Windows\SysWOW64\ntdll.dll!NtClose 0000000077ccfa20 5 bytes JMP 000000007ef367e1 .text C:\Program Files (x86)\IObit\Advanced SystemCare 8\RealTimeProtector.exe[4232] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationProcess 0000000077ccfb68 5 bytes JMP 000000007ef361f1 .text C:\Program Files (x86)\IObit\Advanced SystemCare 8\RealTimeProtector.exe[4232] C:\Windows\SysWOW64\ntdll.dll!NtQueryInformationToken 0000000077ccfbe8 5 bytes JMP 000000007ef37dd9 .text C:\Program Files (x86)\IObit\Advanced SystemCare 8\RealTimeProtector.exe[4232] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess 0000000077ccfc60 5 bytes JMP 000000007ef331d9 .text C:\Program Files (x86)\IObit\Advanced SystemCare 8\RealTimeProtector.exe[4232] C:\Windows\SysWOW64\ntdll.dll!NtMapViewOfSection 0000000077ccfc90 5 bytes JMP 000000007ef315f1 .text C:\Program Files (x86)\IObit\Advanced SystemCare 8\RealTimeProtector.exe[4232] C:\Windows\SysWOW64\ntdll.dll!NtUnmapViewOfSection 0000000077ccfcc0 5 bytes JMP 000000007ef31689 .text C:\Program Files (x86)\IObit\Advanced SystemCare 8\RealTimeProtector.exe[4232] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 0000000077ccfcf0 5 bytes JMP 000000007ef36159 .text C:\Program Files (x86)\IObit\Advanced SystemCare 8\RealTimeProtector.exe[4232] C:\Windows\SysWOW64\ntdll.dll!NtWriteVirtualMemory 0000000077ccfe54 5 bytes JMP 000000007ef330a9 .text C:\Program Files (x86)\IObit\Advanced SystemCare 8\RealTimeProtector.exe[4232] C:\Windows\SysWOW64\ntdll.dll!NtDuplicateObject 0000000077ccfe84 5 bytes JMP 000000007ef33309 .text C:\Program Files (x86)\IObit\Advanced SystemCare 8\RealTimeProtector.exe[4232] C:\Windows\SysWOW64\ntdll.dll!NtAdjustPrivilegesToken 0000000077ccff00 5 bytes JMP 000000007ef37161 .text C:\Program Files (x86)\IObit\Advanced SystemCare 8\RealTimeProtector.exe[4232] C:\Windows\SysWOW64\ntdll.dll!NtQueueApcThread 0000000077ccff64 5 bytes JMP 000000007ef33271 .text C:\Program Files (x86)\IObit\Advanced SystemCare 8\RealTimeProtector.exe[4232] C:\Windows\SysWOW64\ntdll.dll!NtCreateProcessEx 0000000077cd002c 5 bytes JMP 000000007ef32ee1 .text C:\Program Files (x86)\IObit\Advanced SystemCare 8\RealTimeProtector.exe[4232] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread 0000000077cd0044 5 bytes JMP 000000007ef32db1 .text C:\Program Files (x86)\IObit\Advanced SystemCare 8\RealTimeProtector.exe[4232] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile 0000000077cd00f4 5 bytes JMP 000000007ef31ed9 .text C:\Program Files (x86)\IObit\Advanced SystemCare 8\RealTimeProtector.exe[4232] C:\Windows\SysWOW64\ntdll.dll!NtSetValueKey 0000000077cd0204 5 bytes JMP 000000007ef32301 .text C:\Program Files (x86)\IObit\Advanced SystemCare 8\RealTimeProtector.exe[4232] C:\Windows\SysWOW64\ntdll.dll!NtCreateProcess 0000000077cd0854 5 bytes JMP 000000007ef32e49 .text C:\Program Files (x86)\IObit\Advanced SystemCare 8\RealTimeProtector.exe[4232] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx 0000000077cd08e4 5 bytes JMP 000000007ef32d19 .text C:\Program Files (x86)\IObit\Advanced SystemCare 8\RealTimeProtector.exe[4232] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver 0000000077cd0e34 5 bytes JMP 000000007ef36879 .text C:\Program Files (x86)\IObit\Advanced SystemCare 8\RealTimeProtector.exe[4232] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessToken 0000000077cd1100 5 bytes JMP 000000007ef37d41 .text C:\Program Files (x86)\IObit\Advanced SystemCare 8\RealTimeProtector.exe[4232] C:\Windows\SysWOW64\ntdll.dll!NtRaiseHardError 0000000077cd1644 5 bytes JMP 000000007ef34ac9 .text C:\Program Files (x86)\IObit\Advanced SystemCare 8\RealTimeProtector.exe[4232] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread 0000000077cd1960 5 bytes JMP 000000007ef33141 .text C:\Program Files (x86)\IObit\Advanced SystemCare 8\RealTimeProtector.exe[4232] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation 0000000077cd1c24 5 bytes JMP 000000007ef36911 .text C:\Program Files (x86)\IObit\Advanced SystemCare 8\RealTimeProtector.exe[4232] C:\Windows\SysWOW64\ntdll.dll!NtSuspendProcess 0000000077cd1d94 5 bytes JMP 000000007ef33439 .text C:\Program Files (x86)\IObit\Advanced SystemCare 8\RealTimeProtector.exe[4232] C:\Windows\SysWOW64\ntdll.dll!NtSuspendThread 0000000077cd1db0 5 bytes JMP 000000007ef333a1 .text C:\Program Files (x86)\IObit\Advanced SystemCare 8\RealTimeProtector.exe[4232] C:\Windows\SysWOW64\ntdll.dll!NtVdmControl 0000000077cd1f28 5 bytes JMP 000000007ef37f09 .text C:\Program Files (x86)\IObit\Advanced SystemCare 8\RealTimeProtector.exe[4232] C:\Windows\SysWOW64\ntdll.dll!RtlQueryPerformanceCounter 0000000077ce28e4 5 bytes JMP 000000007ef31ab1 .text C:\Program Files (x86)\IObit\Advanced SystemCare 8\RealTimeProtector.exe[4232] C:\Windows\SysWOW64\ntdll.dll!RtlEqualSid 0000000077ce8e61 5 bytes JMP 000000007ef37e71 .text C:\Program Files (x86)\IObit\Advanced SystemCare 8\RealTimeProtector.exe[4232] C:\Windows\SysWOW64\ntdll.dll!RtlCreateProcessParametersEx 0000000077d10eab 5 bytes JMP 000000007ef32009 .text C:\Program Files (x86)\IObit\Advanced SystemCare 8\RealTimeProtector.exe[4232] C:\Windows\SysWOW64\ntdll.dll!RtlReportException 0000000077d58b7f 5 bytes JMP 000000007ef34b61 .text C:\Program Files (x86)\IObit\Advanced SystemCare 8\RealTimeProtector.exe[4232] C:\Windows\SysWOW64\ntdll.dll!RtlCreateProcessParameters 0000000077d5ee1b 5 bytes JMP 000000007ef31f71 .text C:\Program Files (x86)\IObit\Advanced SystemCare 8\RealTimeProtector.exe[4232] C:\Windows\syswow64\kernel32.dll!GetStartupInfoA 0000000075a90e00 5 bytes JMP 000000007ef31da9 .text C:\Program Files (x86)\IObit\Advanced SystemCare 8\RealTimeProtector.exe[4232] C:\Windows\syswow64\kernel32.dll!CreateProcessA 0000000075a91072 5 bytes JMP 000000007ef32a21 .text C:\Program Files (x86)\IObit\Advanced SystemCare 8\RealTimeProtector.exe[4232] C:\Windows\syswow64\kernel32.dll!LoadLibraryA 0000000075a94977 5 bytes JMP 000000007ef325f9 .text C:\Program Files (x86)\IObit\Advanced SystemCare 8\RealTimeProtector.exe[4232] C:\Windows\syswow64\kernel32.dll!CreateProcessInternalW 0000000075aa3b93 5 bytes JMP 000000007ef33011 .text C:\Program Files (x86)\IObit\Advanced SystemCare 8\RealTimeProtector.exe[4232] C:\Windows\syswow64\kernel32.dll!MoveFileWithProgressW 0000000075aa9a8c 5 bytes JMP 000000007ef370c9 .text C:\Program Files (x86)\IObit\Advanced SystemCare 8\RealTimeProtector.exe[4232] C:\Windows\syswow64\kernel32.dll!MoveFileExW 0000000075aa9aed 5 bytes JMP 000000007ef36e69 .text C:\Program Files (x86)\IObit\Advanced SystemCare 8\RealTimeProtector.exe[4232] C:\Windows\syswow64\kernel32.dll!CreateToolhelp32Snapshot 0000000075ab7317 5 bytes JMP 000000007ef32729 .text C:\Program Files (x86)\IObit\Advanced SystemCare 8\RealTimeProtector.exe[4232] C:\Windows\syswow64\kernel32.dll!Process32NextW 0000000075ab88ca 5 bytes JMP 000000007ef36749 .text C:\Program Files (x86)\IObit\Advanced SystemCare 8\RealTimeProtector.exe[4232] C:\Windows\syswow64\kernel32.dll!MoveFileExA 0000000075abccb1 5 bytes JMP 000000007ef36d39 .text C:\Program Files (x86)\IObit\Advanced SystemCare 8\RealTimeProtector.exe[4232] C:\Windows\syswow64\kernel32.dll!MoveFileWithProgressA 0000000075abccd1 5 bytes JMP 000000007ef36f99 .text C:\Program Files (x86)\IObit\Advanced SystemCare 8\RealTimeProtector.exe[4232] C:\Windows\syswow64\kernel32.dll!WinExec 0000000075b13061 5 bytes JMP 000000007ef328f1 .text C:\Program Files (x86)\IObit\Advanced SystemCare 8\RealTimeProtector.exe[4232] C:\Windows\syswow64\kernel32.dll!ReadConsoleInputA 0000000075b3752b 5 bytes JMP 000000007ef346a1 .text C:\Program Files (x86)\IObit\Advanced SystemCare 8\RealTimeProtector.exe[4232] C:\Windows\syswow64\kernel32.dll!ReadConsoleInputW 0000000075b3754e 5 bytes JMP 000000007ef347d1 .text C:\Program Files (x86)\IObit\Advanced SystemCare 8\RealTimeProtector.exe[4232] C:\Windows\syswow64\kernel32.dll!ReadConsoleA 0000000075b378f9 5 bytes JMP 000000007ef34901 .text C:\Program Files (x86)\IObit\Advanced SystemCare 8\RealTimeProtector.exe[4232] C:\Windows\syswow64\kernel32.dll!ReadConsoleW 0000000075b37972 5 bytes JMP 000000007ef34a31 .text C:\Program Files (x86)\IObit\Advanced SystemCare 8\RealTimeProtector.exe[4232] C:\Windows\syswow64\KERNELBASE.dll!GetSystemTimeAsFileTime 0000000075a38f8d 5 bytes JMP 000000007ef31a19 .text C:\Program Files (x86)\IObit\Advanced SystemCare 8\RealTimeProtector.exe[4232] C:\Windows\syswow64\KERNELBASE.dll!CloseHandle 0000000075a3c436 5 bytes JMP 000000007ef33b59 .text C:\Program Files (x86)\IObit\Advanced SystemCare 8\RealTimeProtector.exe[4232] C:\Windows\syswow64\KERNELBASE.dll!DeviceIoControl 0000000075a3d0af 5 bytes JMP 000000007ef371f9 .text C:\Program Files (x86)\IObit\Advanced SystemCare 8\RealTimeProtector.exe[4232] C:\Windows\syswow64\KERNELBASE.dll!WriteProcessMemory 0000000075a3eca6 5 bytes JMP 000000007ef33601 .text C:\Program Files (x86)\IObit\Advanced SystemCare 8\RealTimeProtector.exe[4232] C:\Windows\syswow64\KERNELBASE.dll!ExitProcess 0000000075a3f206 5 bytes JMP 000000007ef32399 .text C:\Program Files (x86)\IObit\Advanced SystemCare 8\RealTimeProtector.exe[4232] C:\Windows\syswow64\KERNELBASE.dll!GetStartupInfoW 0000000075a3fa89 5 bytes JMP 000000007ef31e41 .text C:\Program Files (x86)\IObit\Advanced SystemCare 8\RealTimeProtector.exe[4232] C:\Windows\syswow64\KERNELBASE.dll!DefineDosDeviceW 0000000075a3fbb7 5 bytes JMP 000000007ef36c09 .text C:\Program Files (x86)\IObit\Advanced SystemCare 8\RealTimeProtector.exe[4232] C:\Windows\syswow64\KERNELBASE.dll!CreateMutexW 0000000075a41358 5 bytes JMP 000000007ef33ac1 .text C:\Program Files (x86)\IObit\Advanced SystemCare 8\RealTimeProtector.exe[4232] C:\Windows\syswow64\KERNELBASE.dll!OpenMutexW 0000000075a4137f 5 bytes JMP 000000007ef33a29 .text C:\Program Files (x86)\IObit\Advanced SystemCare 8\RealTimeProtector.exe[4232] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000075a41d29 5 bytes JMP 000000007ef31981 .text C:\Program Files (x86)\IObit\Advanced SystemCare 8\RealTimeProtector.exe[4232] C:\Windows\syswow64\KERNELBASE.dll!GetProcAddress 0000000075a41e15 5 bytes JMP 000000007ef324c9 .text C:\Program Files (x86)\IObit\Advanced SystemCare 8\RealTimeProtector.exe[4232] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000075a42ab1 5 bytes JMP 000000007ef36321 .text C:\Program Files (x86)\IObit\Advanced SystemCare 8\RealTimeProtector.exe[4232] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExA 0000000075a42cdf 5 bytes JMP 000000007ef36289 .text C:\Program Files (x86)\IObit\Advanced SystemCare 8\RealTimeProtector.exe[4232] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000075a42d1d 5 bytes JMP 000000007ef363b9 .text C:\Program Files (x86)\IObit\Advanced SystemCare 8\RealTimeProtector.exe[4232] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleA 0000000075a42e80 5 bytes JMP 000000007ef318e9 .text C:\Program Files (x86)\IObit\Advanced SystemCare 8\RealTimeProtector.exe[4232] C:\Windows\syswow64\KERNELBASE.dll!SleepEx 0000000075a43b76 5 bytes JMP 000000007ef32269 .text C:\Program Files (x86)\IObit\Advanced SystemCare 8\RealTimeProtector.exe[4232] C:\Windows\syswow64\KERNELBASE.dll!Sleep 0000000075a4449c 5 bytes JMP 000000007ef32431 .text C:\Program Files (x86)\IObit\Advanced SystemCare 8\RealTimeProtector.exe[4232] C:\Windows\syswow64\KERNELBASE.dll!CreateThread 0000000075a4460e 5 bytes JMP 000000007ef33569 .text C:\Program Files (x86)\IObit\Advanced SystemCare 8\RealTimeProtector.exe[4232] C:\Windows\syswow64\KERNELBASE.dll!CreateRemoteThread 0000000075a44637 5 bytes JMP 000000007ef32c81 .text C:\Program Files (x86)\IObit\Advanced SystemCare 8\RealTimeProtector.exe[4232] C:\Windows\syswow64\KERNELBASE.dll!FindNextFileW 0000000075a4a217 5 bytes JMP 000000007ef37329 .text C:\Program Files (x86)\IObit\Advanced SystemCare 8\RealTimeProtector.exe[4232] C:\Windows\syswow64\KERNELBASE.dll!FindFirstFileExW 0000000075a4a500 5 bytes JMP 000000007ef37291 .text C:\Program Files (x86)\IObit\Advanced SystemCare 8\RealTimeProtector.exe[4232] C:\Windows\syswow64\KERNELBASE.dll!CreateFileA 0000000075a4c73a 5 bytes JMP 000000007ef327c1 .text C:\Program Files (x86)\IObit\Advanced SystemCare 8\RealTimeProtector.exe[4232] C:\Windows\syswow64\KERNELBASE.dll!CreateWellKnownSid 0000000075a4e2a4 5 bytes JMP 000000007ef37ca9 .text C:\Program Files (x86)\IObit\Advanced SystemCare 8\RealTimeProtector.exe[4232] C:\Windows\syswow64\msvcrt.dll!_lock + 41 0000000075b9a472 5 bytes JMP 000000007ef380d1 .text C:\Program Files (x86)\IObit\Advanced SystemCare 8\RealTimeProtector.exe[4232] C:\Windows\syswow64\msvcrt.dll!__p__fmode 0000000075ba27ce 5 bytes JMP 000000007ef31be1 .text C:\Program Files (x86)\IObit\Advanced SystemCare 8\RealTimeProtector.exe[4232] C:\Windows\syswow64\msvcrt.dll!__p__environ 0000000075bae6cf 5 bytes JMP 000000007ef31b49 .text C:\Program Files (x86)\IObit\Advanced SystemCare 8\RealTimeProtector.exe[4232] C:\Windows\syswow64\GDI32.dll!TranslateCharsetInfo + 505 0000000076b4633b 5 bytes JMP 000000007ef38169 .text C:\Program Files (x86)\IObit\Advanced SystemCare 8\RealTimeProtector.exe[4232] C:\Windows\syswow64\GDI32.dll!NamedEscape 0000000076b740e9 5 bytes JMP 000000007ef37919 .text C:\Program Files (x86)\IObit\Advanced SystemCare 8\RealTimeProtector.exe[4232] C:\Windows\syswow64\USER32.dll!GetMessageW 0000000076e278e2 5 bytes JMP 000000007ef34441 .text C:\Program Files (x86)\IObit\Advanced SystemCare 8\RealTimeProtector.exe[4232] C:\Windows\syswow64\USER32.dll!GetMessageA 0000000076e27bd3 5 bytes JMP 000000007ef343a9 .text C:\Program Files (x86)\IObit\Advanced SystemCare 8\RealTimeProtector.exe[4232] C:\Windows\syswow64\USER32.dll!CreateWindowExW 0000000076e28a29 5 bytes JMP 000000007ef35909 .text C:\Program Files (x86)\IObit\Advanced SystemCare 8\RealTimeProtector.exe[4232] C:\Windows\syswow64\USER32.dll!FindWindowW 0000000076e298fd 5 bytes JMP 000000007ef36581 .text C:\Program Files (x86)\IObit\Advanced SystemCare 8\RealTimeProtector.exe[4232] C:\Windows\syswow64\USER32.dll!UserClientDllInitialize 0000000076e2b6ed 5 bytes JMP 000000007ef38201 .text C:\Program Files (x86)\IObit\Advanced SystemCare 8\RealTimeProtector.exe[4232] C:\Windows\syswow64\USER32.dll!CreateWindowExA 0000000076e2d22e 5 bytes JMP 000000007ef359a1 .text C:\Program Files (x86)\IObit\Advanced SystemCare 8\RealTimeProtector.exe[4232] C:\Windows\syswow64\USER32.dll!SetWinEventHook 0000000076e2ee09 5 bytes JMP 000000007ef334d1 .text C:\Program Files (x86)\IObit\Advanced SystemCare 8\RealTimeProtector.exe[4232] C:\Windows\syswow64\USER32.dll!FindWindowA 0000000076e2ffe6 5 bytes JMP 000000007ef36451 .text C:\Program Files (x86)\IObit\Advanced SystemCare 8\RealTimeProtector.exe[4232] C:\Windows\syswow64\USER32.dll!FindWindowExA 0000000076e300d9 5 bytes JMP 000000007ef364e9 .text C:\Program Files (x86)\IObit\Advanced SystemCare 8\RealTimeProtector.exe[4232] C:\Windows\syswow64\USER32.dll!PeekMessageW 0000000076e305ba 5 bytes JMP 000000007ef34571 .text C:\Program Files (x86)\IObit\Advanced SystemCare 8\RealTimeProtector.exe[4232] C:\Windows\syswow64\USER32.dll!ShowWindow 0000000076e30dfb 5 bytes JMP 000000007ef35a39 .text C:\Program Files (x86)\IObit\Advanced SystemCare 8\RealTimeProtector.exe[4232] C:\Windows\syswow64\USER32.dll!PostMessageW 0000000076e312a5 5 bytes JMP 000000007ef38039 .text C:\Program Files (x86)\IObit\Advanced SystemCare 8\RealTimeProtector.exe[4232] C:\Windows\syswow64\USER32.dll!SetWindowTextW 0000000076e320ec 5 bytes JMP 000000007ef35dc9 .text C:\Program Files (x86)\IObit\Advanced SystemCare 8\RealTimeProtector.exe[4232] C:\Windows\syswow64\USER32.dll!PostMessageA 0000000076e33baa 5 bytes JMP 000000007ef37fa1 .text C:\Program Files (x86)\IObit\Advanced SystemCare 8\RealTimeProtector.exe[4232] C:\Windows\syswow64\USER32.dll!PeekMessageA 0000000076e35f74 5 bytes JMP 000000007ef344d9 .text C:\Program Files (x86)\IObit\Advanced SystemCare 8\RealTimeProtector.exe[4232] C:\Windows\syswow64\USER32.dll!CallNextHookEx 0000000076e36285 5 bytes JMP 000000007ef34bf9 .text C:\Program Files (x86)\IObit\Advanced SystemCare 8\RealTimeProtector.exe[4232] C:\Windows\syswow64\USER32.dll!SetWindowsHookExW 0000000076e37603 5 bytes JMP 000000007ef32be9 .text C:\Program Files (x86)\IObit\Advanced SystemCare 8\RealTimeProtector.exe[4232] C:\Windows\syswow64\USER32.dll!SetWindowTextA 0000000076e37aee 5 bytes JMP 000000007ef35d31 .text C:\Program Files (x86)\IObit\Advanced SystemCare 8\RealTimeProtector.exe[4232] C:\Windows\syswow64\USER32.dll!SetWindowsHookExA 0000000076e3835c 5 bytes JMP 000000007ef32b51 .text C:\Program Files (x86)\IObit\Advanced SystemCare 8\RealTimeProtector.exe[4232] C:\Windows\syswow64\USER32.dll!DialogBoxIndirectParamAorW 0000000076e4ce54 5 bytes JMP 000000007ef35b69 .text C:\Program Files (x86)\IObit\Advanced SystemCare 8\RealTimeProtector.exe[4232] C:\Windows\syswow64\USER32.dll!UnhookWindowsHookEx 0000000076e4f52b 5 bytes JMP 000000007ef34c91 .text C:\Program Files (x86)\IObit\Advanced SystemCare 8\RealTimeProtector.exe[4232] C:\Windows\syswow64\USER32.dll!FindWindowExW 0000000076e4f588 5 bytes JMP 000000007ef36619 .text C:\Program Files (x86)\IObit\Advanced SystemCare 8\RealTimeProtector.exe[4232] C:\Windows\syswow64\USER32.dll!CreateDialogIndirectParamAorW 0000000076e510a0 5 bytes JMP 000000007ef35ad1 .text C:\Program Files (x86)\IObit\Advanced SystemCare 8\RealTimeProtector.exe[4232] C:\Windows\syswow64\USER32.dll!MessageBoxExA 0000000076e7fcd6 5 bytes JMP 000000007ef35c01 .text C:\Program Files (x86)\IObit\Advanced SystemCare 8\RealTimeProtector.exe[4232] C:\Windows\syswow64\USER32.dll!MessageBoxExW 0000000076e7fcfa 5 bytes JMP 000000007ef35c99 .text C:\Program Files (x86)\IObit\Advanced SystemCare 8\RealTimeProtector.exe[4232] C:\Windows\syswow64\ADVAPI32.dll!CryptGenKey 0000000075698e89 5 bytes JMP 000000007ef374f1 .text C:\Program Files (x86)\IObit\Advanced SystemCare 8\RealTimeProtector.exe[4232] C:\Windows\syswow64\ADVAPI32.dll!CryptAcquireContextA 0000000075699179 5 bytes JMP 000000007ef373c1 .text C:\Program Files (x86)\IObit\Advanced SystemCare 8\RealTimeProtector.exe[4232] C:\Windows\syswow64\ADVAPI32.dll!CryptExportKey 0000000075699186 5 bytes JMP 000000007ef37a49 .text C:\Program Files (x86)\IObit\Advanced SystemCare 8\RealTimeProtector.exe[4232] C:\Windows\syswow64\ADVAPI32.dll!CryptImportKey 000000007569c4d2 5 bytes JMP 000000007ef37c11 .text C:\Program Files (x86)\IObit\Advanced SystemCare 8\RealTimeProtector.exe[4232] C:\Windows\syswow64\ADVAPI32.dll!OpenServiceW 000000007569c9ec 5 bytes JMP 000000007ef33c89 .text C:\Program Files (x86)\IObit\Advanced SystemCare 8\RealTimeProtector.exe[4232] C:\Windows\syswow64\ADVAPI32.dll!CryptAcquireContextW 000000007569deb4 5 bytes JMP 000000007ef37459 .text C:\Program Files (x86)\IObit\Advanced SystemCare 8\RealTimeProtector.exe[4232] C:\Windows\syswow64\ADVAPI32.dll!CryptHashData 000000007569ded6 5 bytes JMP 000000007ef37b79 .text C:\Program Files (x86)\IObit\Advanced SystemCare 8\RealTimeProtector.exe[4232] C:\Windows\syswow64\ADVAPI32.dll!CryptCreateHash 000000007569deee 5 bytes JMP 000000007ef379b1 .text C:\Program Files (x86)\IObit\Advanced SystemCare 8\RealTimeProtector.exe[4232] C:\Windows\syswow64\ADVAPI32.dll!CryptGetHashParam 000000007569df1e 5 bytes JMP 000000007ef37ae1 .text C:\Program Files (x86)\IObit\Advanced SystemCare 8\RealTimeProtector.exe[4232] C:\Windows\syswow64\ADVAPI32.dll!OpenServiceA 00000000756a2b50 5 bytes JMP 000000007ef33bf1 .text C:\Program Files (x86)\IObit\Advanced SystemCare 8\RealTimeProtector.exe[4232] C:\Windows\syswow64\ADVAPI32.dll!CloseServiceHandle 00000000756a35fc 5 bytes JMP 000000007ef340b1 .text C:\Program Files (x86)\IObit\Advanced SystemCare 8\RealTimeProtector.exe[4232] C:\Windows\syswow64\ADVAPI32.dll!RegOpenKeyExA + 222 00000000756a494d 5 bytes JMP 000000007ef38299 .text C:\Program Files (x86)\IObit\Advanced SystemCare 8\RealTimeProtector.exe[4232] C:\Windows\syswow64\ADVAPI32.dll!CreateServiceW 00000000756b714c 5 bytes JMP 000000007ef34311 .text C:\Program Files (x86)\IObit\Advanced SystemCare 8\RealTimeProtector.exe[4232] C:\Windows\syswow64\ADVAPI32.dll!ControlService 00000000756b7164 5 bytes JMP 000000007ef33e51 .text C:\Program Files (x86)\IObit\Advanced SystemCare 8\RealTimeProtector.exe[4232] C:\Windows\syswow64\ADVAPI32.dll!DeleteService 00000000756b717c 5 bytes JMP 000000007ef33ee9 .text C:\Program Files (x86)\IObit\Advanced SystemCare 8\RealTimeProtector.exe[4232] C:\Windows\syswow64\ADVAPI32.dll!CryptEncrypt 00000000756b77c3 5 bytes JMP 000000007ef37589 .text C:\Program Files (x86)\IObit\Advanced SystemCare 8\RealTimeProtector.exe[4232] C:\Windows\syswow64\ADVAPI32.dll!ChangeServiceConfigA 00000000756d3384 5 bytes JMP 000000007ef33f81 .text C:\Program Files (x86)\IObit\Advanced SystemCare 8\RealTimeProtector.exe[4232] C:\Windows\syswow64\ADVAPI32.dll!ChangeServiceConfigW 00000000756d3394 5 bytes JMP 000000007ef34019 .text C:\Program Files (x86)\IObit\Advanced SystemCare 8\RealTimeProtector.exe[4232] C:\Windows\syswow64\ADVAPI32.dll!ControlServiceExA 00000000756d33a4 5 bytes JMP 000000007ef33d21 .text C:\Program Files (x86)\IObit\Advanced SystemCare 8\RealTimeProtector.exe[4232] C:\Windows\syswow64\ADVAPI32.dll!ControlServiceExW 00000000756d33b4 5 bytes JMP 000000007ef33db9 .text C:\Program Files (x86)\IObit\Advanced SystemCare 8\RealTimeProtector.exe[4232] C:\Windows\syswow64\ADVAPI32.dll!CreateServiceA 00000000756d33f4 5 bytes JMP 000000007ef34279 .text C:\Program Files (x86)\IObit\Advanced SystemCare 8\RealTimeProtector.exe[4232] C:\Windows\syswow64\WS2_32.dll!closesocket 0000000077293918 5 bytes JMP 000000007ef360c1 .text C:\Program Files (x86)\IObit\Advanced SystemCare 8\RealTimeProtector.exe[4232] C:\Windows\syswow64\WS2_32.dll!WSASocketW 0000000077293cd3 5 bytes JMP 000000007ef36029 .text C:\Program Files (x86)\IObit\Advanced SystemCare 8\RealTimeProtector.exe[4232] C:\Windows\syswow64\WS2_32.dll!socket 0000000077293eb8 5 bytes JMP 000000007ef37621 .text C:\Program Files (x86)\IObit\Advanced SystemCare 8\RealTimeProtector.exe[4232] C:\Windows\syswow64\WS2_32.dll!WSASend 0000000077294406 5 bytes JMP 000000007ef32139 .text C:\Program Files (x86)\IObit\Advanced SystemCare 8\RealTimeProtector.exe[4232] C:\Windows\syswow64\WS2_32.dll!GetAddrInfoW 0000000077294889 5 bytes JMP 000000007ef35741 .text C:\Program Files (x86)\IObit\Advanced SystemCare 8\RealTimeProtector.exe[4232] C:\Windows\syswow64\WS2_32.dll!recv 0000000077296b0e 5 bytes JMP 000000007ef377e9 .text C:\Program Files (x86)\IObit\Advanced SystemCare 8\RealTimeProtector.exe[4232] C:\Windows\syswow64\WS2_32.dll!connect 0000000077296bdd 1 byte JMP 000000007ef341e1 .text C:\Program Files (x86)\IObit\Advanced SystemCare 8\RealTimeProtector.exe[4232] C:\Windows\syswow64\WS2_32.dll!connect + 2 0000000077296bdf 3 bytes {CALL RBP} .text C:\Program Files (x86)\IObit\Advanced SystemCare 8\RealTimeProtector.exe[4232] C:\Windows\syswow64\WS2_32.dll!send 0000000077296f01 5 bytes JMP 000000007ef320a1 .text C:\Program Files (x86)\IObit\Advanced SystemCare 8\RealTimeProtector.exe[4232] C:\Windows\syswow64\WS2_32.dll!WSARecv 0000000077297089 5 bytes JMP 000000007ef37881 .text C:\Program Files (x86)\IObit\Advanced SystemCare 8\RealTimeProtector.exe[4232] C:\Windows\syswow64\WS2_32.dll!WSAConnect 000000007729cc3f 5 bytes JMP 000000007ef37751 .text C:\Program Files (x86)\IObit\Advanced SystemCare 8\RealTimeProtector.exe[4232] C:\Windows\syswow64\WS2_32.dll!GetAddrInfoExW 000000007729d1ea 5 bytes JMP 000000007ef357d9 .text C:\Program Files (x86)\IObit\Advanced SystemCare 8\RealTimeProtector.exe[4232] C:\Windows\syswow64\WS2_32.dll!gethostbyname 00000000772a7673 5 bytes JMP 000000007ef35871 .text C:\Program Files (x86)\IObit\Advanced SystemCare 8\RealTimeProtector.exe[4232] C:\Windows\syswow64\shell32.dll!Shell_NotifyIconW 0000000075dc01a9 5 bytes JMP 000000007ef34d29 .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[4104] C:\Windows\SysWOW64\ntdll.dll!NtClose 0000000077ccfa20 5 bytes JMP 000000007ef367e1 .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[4104] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationProcess 0000000077ccfb68 5 bytes JMP 000000007ef361f1 .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[4104] C:\Windows\SysWOW64\ntdll.dll!NtQueryInformationToken 0000000077ccfbe8 5 bytes JMP 000000007ef37dd9 .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[4104] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess 0000000077ccfc60 5 bytes JMP 000000007ef331d9 .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[4104] C:\Windows\SysWOW64\ntdll.dll!NtMapViewOfSection 0000000077ccfc90 5 bytes JMP 000000007ef315f1 .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[4104] C:\Windows\SysWOW64\ntdll.dll!NtUnmapViewOfSection 0000000077ccfcc0 5 bytes JMP 000000007ef31689 .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[4104] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 0000000077ccfcf0 5 bytes JMP 000000007ef36159 .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[4104] C:\Windows\SysWOW64\ntdll.dll!NtWriteVirtualMemory 0000000077ccfe54 5 bytes JMP 000000007ef330a9 .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[4104] C:\Windows\SysWOW64\ntdll.dll!NtDuplicateObject 0000000077ccfe84 5 bytes JMP 000000007ef33309 .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[4104] C:\Windows\SysWOW64\ntdll.dll!NtAdjustPrivilegesToken 0000000077ccff00 5 bytes JMP 000000007ef37161 .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[4104] C:\Windows\SysWOW64\ntdll.dll!NtQueueApcThread 0000000077ccff64 5 bytes JMP 000000007ef33271 .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[4104] C:\Windows\SysWOW64\ntdll.dll!NtCreateProcessEx 0000000077cd002c 5 bytes JMP 000000007ef32ee1 .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[4104] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread 0000000077cd0044 5 bytes JMP 000000007ef32db1 .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[4104] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile 0000000077cd00f4 5 bytes JMP 000000007ef31ed9 .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[4104] C:\Windows\SysWOW64\ntdll.dll!NtSetValueKey 0000000077cd0204 5 bytes JMP 000000007ef32301 .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[4104] C:\Windows\SysWOW64\ntdll.dll!NtCreateProcess 0000000077cd0854 5 bytes JMP 000000007ef32e49 .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[4104] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx 0000000077cd08e4 5 bytes JMP 000000007ef32d19 .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[4104] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver 0000000077cd0e34 5 bytes JMP 000000007ef36879 .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[4104] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessToken 0000000077cd1100 5 bytes JMP 000000007ef37d41 .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[4104] C:\Windows\SysWOW64\ntdll.dll!NtRaiseHardError 0000000077cd1644 5 bytes JMP 000000007ef34ac9 .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[4104] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread 0000000077cd1960 5 bytes JMP 000000007ef33141 .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[4104] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation 0000000077cd1c24 5 bytes JMP 000000007ef36911 .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[4104] C:\Windows\SysWOW64\ntdll.dll!NtSuspendProcess 0000000077cd1d94 5 bytes JMP 000000007ef33439 .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[4104] C:\Windows\SysWOW64\ntdll.dll!NtSuspendThread 0000000077cd1db0 5 bytes JMP 000000007ef333a1 .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[4104] C:\Windows\SysWOW64\ntdll.dll!NtVdmControl 0000000077cd1f28 5 bytes JMP 000000007ef37f09 .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[4104] C:\Windows\SysWOW64\ntdll.dll!RtlQueryPerformanceCounter 0000000077ce28e4 5 bytes JMP 000000007ef31ab1 .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[4104] C:\Windows\SysWOW64\ntdll.dll!RtlEqualSid 0000000077ce8e61 5 bytes JMP 000000007ef37e71 .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[4104] C:\Windows\SysWOW64\ntdll.dll!RtlCreateProcessParametersEx 0000000077d10eab 5 bytes JMP 000000007ef32009 .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[4104] C:\Windows\SysWOW64\ntdll.dll!RtlReportException 0000000077d58b7f 5 bytes JMP 000000007ef34b61 .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[4104] C:\Windows\SysWOW64\ntdll.dll!RtlCreateProcessParameters 0000000077d5ee1b 5 bytes JMP 000000007ef31f71 .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[4104] C:\Windows\syswow64\KERNEL32.dll!GetStartupInfoA 0000000075a90e00 5 bytes JMP 000000007ef31da9 .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[4104] C:\Windows\syswow64\KERNEL32.dll!CreateProcessA 0000000075a91072 5 bytes JMP 000000007ef32a21 .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[4104] C:\Windows\syswow64\KERNEL32.dll!LoadLibraryA 0000000075a94977 5 bytes JMP 000000007ef325f9 .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[4104] C:\Windows\syswow64\KERNEL32.dll!CreateProcessInternalW 0000000075aa3b93 5 bytes JMP 000000007ef33011 .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[4104] C:\Windows\syswow64\KERNEL32.dll!MoveFileWithProgressW 0000000075aa9a8c 5 bytes JMP 000000007ef370c9 .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[4104] C:\Windows\syswow64\KERNEL32.dll!MoveFileExW 0000000075aa9aed 5 bytes JMP 000000007ef36e69 .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[4104] C:\Windows\syswow64\KERNEL32.dll!CreateToolhelp32Snapshot 0000000075ab7317 5 bytes JMP 000000007ef32729 .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[4104] C:\Windows\syswow64\KERNEL32.dll!Process32NextW 0000000075ab88ca 5 bytes JMP 000000007ef36749 .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[4104] C:\Windows\syswow64\KERNEL32.dll!MoveFileExA 0000000075abccb1 5 bytes JMP 000000007ef36d39 .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[4104] C:\Windows\syswow64\KERNEL32.dll!MoveFileWithProgressA 0000000075abccd1 5 bytes JMP 000000007ef36f99 .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[4104] C:\Windows\syswow64\KERNEL32.dll!WinExec 0000000075b13061 5 bytes JMP 000000007ef328f1 .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[4104] C:\Windows\syswow64\KERNEL32.dll!ReadConsoleInputA 0000000075b3752b 5 bytes JMP 000000007ef346a1 .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[4104] C:\Windows\syswow64\KERNEL32.dll!ReadConsoleInputW 0000000075b3754e 5 bytes JMP 000000007ef347d1 .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[4104] C:\Windows\syswow64\KERNEL32.dll!ReadConsoleA 0000000075b378f9 5 bytes JMP 000000007ef34901 .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[4104] C:\Windows\syswow64\KERNEL32.dll!ReadConsoleW 0000000075b37972 5 bytes JMP 000000007ef34a31 .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[4104] C:\Windows\syswow64\KERNELBASE.dll!GetSystemTimeAsFileTime 0000000075a38f8d 5 bytes JMP 000000007ef31a19 .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[4104] C:\Windows\syswow64\KERNELBASE.dll!CloseHandle 0000000075a3c436 5 bytes JMP 000000007ef33b59 .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[4104] C:\Windows\syswow64\KERNELBASE.dll!DeviceIoControl 0000000075a3d0af 5 bytes JMP 000000007ef371f9 .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[4104] C:\Windows\syswow64\KERNELBASE.dll!WriteProcessMemory 0000000075a3eca6 5 bytes JMP 000000007ef33601 .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[4104] C:\Windows\syswow64\KERNELBASE.dll!ExitProcess 0000000075a3f206 5 bytes JMP 000000007ef32399 .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[4104] C:\Windows\syswow64\KERNELBASE.dll!GetStartupInfoW 0000000075a3fa89 5 bytes JMP 000000007ef31e41 .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[4104] C:\Windows\syswow64\KERNELBASE.dll!DefineDosDeviceW 0000000075a3fbb7 5 bytes JMP 000000007ef36c09 .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[4104] C:\Windows\syswow64\KERNELBASE.dll!CreateMutexW 0000000075a41358 5 bytes JMP 000000007ef33ac1 .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[4104] C:\Windows\syswow64\KERNELBASE.dll!OpenMutexW 0000000075a4137f 5 bytes JMP 000000007ef33a29 .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[4104] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000075a41d29 5 bytes JMP 000000007ef31981 .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[4104] C:\Windows\syswow64\KERNELBASE.dll!GetProcAddress 0000000075a41e15 5 bytes JMP 000000007ef324c9 .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[4104] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000075a42ab1 5 bytes JMP 000000007ef36321 .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[4104] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExA 0000000075a42cdf 5 bytes JMP 000000007ef36289 .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[4104] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000075a42d1d 5 bytes JMP 000000007ef363b9 .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[4104] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleA 0000000075a42e80 5 bytes JMP 000000007ef318e9 .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[4104] C:\Windows\syswow64\KERNELBASE.dll!SleepEx 0000000075a43b76 5 bytes JMP 000000007ef32269 .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[4104] C:\Windows\syswow64\KERNELBASE.dll!Sleep 0000000075a4449c 5 bytes JMP 000000007ef32431 .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[4104] C:\Windows\syswow64\KERNELBASE.dll!CreateThread 0000000075a4460e 5 bytes JMP 000000007ef33569 .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[4104] C:\Windows\syswow64\KERNELBASE.dll!CreateRemoteThread 0000000075a44637 5 bytes JMP 000000007ef32c81 .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[4104] C:\Windows\syswow64\KERNELBASE.dll!FindNextFileW 0000000075a4a217 5 bytes JMP 000000007ef37329 .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[4104] C:\Windows\syswow64\KERNELBASE.dll!FindFirstFileExW 0000000075a4a500 5 bytes JMP 000000007ef37291 .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[4104] C:\Windows\syswow64\KERNELBASE.dll!CreateFileA 0000000075a4c73a 5 bytes JMP 000000007ef327c1 .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[4104] C:\Windows\syswow64\KERNELBASE.dll!CreateWellKnownSid 0000000075a4e2a4 5 bytes JMP 000000007ef37ca9 .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[4104] C:\Windows\syswow64\ADVAPI32.dll!CryptGenKey 0000000075698e89 5 bytes JMP 000000007ef374f1 .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[4104] C:\Windows\syswow64\ADVAPI32.dll!CryptAcquireContextA 0000000075699179 5 bytes JMP 000000007ef373c1 .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[4104] C:\Windows\syswow64\ADVAPI32.dll!CryptExportKey 0000000075699186 5 bytes JMP 000000007ef37a49 .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[4104] C:\Windows\syswow64\ADVAPI32.dll!CryptImportKey 000000007569c4d2 5 bytes JMP 000000007ef37c11 .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[4104] C:\Windows\syswow64\ADVAPI32.dll!OpenServiceW 000000007569c9ec 5 bytes JMP 000000007ef33c89 .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[4104] C:\Windows\syswow64\ADVAPI32.dll!CryptAcquireContextW 000000007569deb4 5 bytes JMP 000000007ef37459 .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[4104] C:\Windows\syswow64\ADVAPI32.dll!CryptHashData 000000007569ded6 5 bytes JMP 000000007ef37b79 .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[4104] C:\Windows\syswow64\ADVAPI32.dll!CryptCreateHash 000000007569deee 5 bytes JMP 000000007ef379b1 .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[4104] C:\Windows\syswow64\ADVAPI32.dll!CryptGetHashParam 000000007569df1e 5 bytes JMP 000000007ef37ae1 .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[4104] C:\Windows\syswow64\ADVAPI32.dll!OpenServiceA 00000000756a2b50 5 bytes JMP 000000007ef33bf1 .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[4104] C:\Windows\syswow64\ADVAPI32.dll!CloseServiceHandle 00000000756a35fc 5 bytes JMP 000000007ef340b1 .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[4104] C:\Windows\syswow64\ADVAPI32.dll!RegOpenKeyExA + 222 00000000756a494d 5 bytes JMP 000000007ef380d1 .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[4104] C:\Windows\syswow64\ADVAPI32.dll!CreateServiceW 00000000756b714c 5 bytes JMP 000000007ef34311 .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[4104] C:\Windows\syswow64\ADVAPI32.dll!ControlService 00000000756b7164 5 bytes JMP 000000007ef33e51 .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[4104] C:\Windows\syswow64\ADVAPI32.dll!DeleteService 00000000756b717c 5 bytes JMP 000000007ef33ee9 .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[4104] C:\Windows\syswow64\ADVAPI32.dll!CryptEncrypt 00000000756b77c3 5 bytes JMP 000000007ef37589 .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[4104] C:\Windows\syswow64\ADVAPI32.dll!ChangeServiceConfigA 00000000756d3384 5 bytes JMP 000000007ef33f81 .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[4104] C:\Windows\syswow64\ADVAPI32.dll!ChangeServiceConfigW 00000000756d3394 5 bytes JMP 000000007ef34019 .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[4104] C:\Windows\syswow64\ADVAPI32.dll!ControlServiceExA 00000000756d33a4 5 bytes JMP 000000007ef33d21 .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[4104] C:\Windows\syswow64\ADVAPI32.dll!ControlServiceExW 00000000756d33b4 5 bytes JMP 000000007ef33db9 .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[4104] C:\Windows\syswow64\ADVAPI32.dll!CreateServiceA 00000000756d33f4 5 bytes JMP 000000007ef34279 .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[4104] C:\Windows\syswow64\msvcrt.dll!_lock + 41 0000000075b9a472 5 bytes JMP 000000007ef38169 .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[4104] C:\Windows\syswow64\msvcrt.dll!__p__fmode 0000000075ba27ce 5 bytes JMP 000000007ef31be1 .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[4104] C:\Windows\syswow64\msvcrt.dll!__p__environ 0000000075bae6cf 5 bytes JMP 000000007ef31b49 .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[4104] C:\Windows\syswow64\GDI32.dll!TranslateCharsetInfo + 505 0000000076b4633b 5 bytes JMP 000000007ef38201 .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[4104] C:\Windows\syswow64\GDI32.dll!NamedEscape 0000000076b740e9 5 bytes JMP 000000007ef37919 .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[4104] C:\Windows\syswow64\USER32.dll!GetMessageW 0000000076e278e2 5 bytes JMP 000000007ef34441 .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[4104] C:\Windows\syswow64\USER32.dll!GetMessageA 0000000076e27bd3 5 bytes JMP 000000007ef343a9 .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[4104] C:\Windows\syswow64\USER32.dll!CreateWindowExW 0000000076e28a29 5 bytes JMP 000000007ef35909 .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[4104] C:\Windows\syswow64\USER32.dll!FindWindowW 0000000076e298fd 5 bytes JMP 000000007ef36581 .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[4104] C:\Windows\syswow64\USER32.dll!UserClientDllInitialize 0000000076e2b6ed 5 bytes JMP 000000007ef38299 .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[4104] C:\Windows\syswow64\USER32.dll!CreateWindowExA 0000000076e2d22e 5 bytes JMP 000000007ef359a1 .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[4104] C:\Windows\syswow64\USER32.dll!SetWinEventHook 0000000076e2ee09 5 bytes JMP 000000007ef334d1 .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[4104] C:\Windows\syswow64\USER32.dll!FindWindowA 0000000076e2ffe6 5 bytes JMP 000000007ef36451 .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[4104] C:\Windows\syswow64\USER32.dll!FindWindowExA 0000000076e300d9 5 bytes JMP 000000007ef364e9 .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[4104] C:\Windows\syswow64\USER32.dll!PeekMessageW 0000000076e305ba 5 bytes JMP 000000007ef34571 .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[4104] C:\Windows\syswow64\USER32.dll!ShowWindow 0000000076e30dfb 5 bytes JMP 000000007ef35a39 .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[4104] C:\Windows\syswow64\USER32.dll!PostMessageW 0000000076e312a5 5 bytes JMP 000000007ef38039 .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[4104] C:\Windows\syswow64\USER32.dll!SetWindowTextW 0000000076e320ec 5 bytes JMP 000000007ef35dc9 .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[4104] C:\Windows\syswow64\USER32.dll!PostMessageA 0000000076e33baa 5 bytes JMP 000000007ef37fa1 .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[4104] C:\Windows\syswow64\USER32.dll!PeekMessageA 0000000076e35f74 5 bytes JMP 000000007ef344d9 .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[4104] C:\Windows\syswow64\USER32.dll!CallNextHookEx 0000000076e36285 5 bytes JMP 000000007ef34bf9 .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[4104] C:\Windows\syswow64\USER32.dll!SetWindowsHookExW 0000000076e37603 5 bytes JMP 000000007ef32be9 .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[4104] C:\Windows\syswow64\USER32.dll!SetWindowTextA 0000000076e37aee 5 bytes JMP 000000007ef35d31 .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[4104] C:\Windows\syswow64\USER32.dll!SetWindowsHookExA 0000000076e3835c 5 bytes JMP 000000007ef32b51 .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[4104] C:\Windows\syswow64\USER32.dll!DialogBoxIndirectParamAorW 0000000076e4ce54 5 bytes JMP 000000007ef35b69 .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[4104] C:\Windows\syswow64\USER32.dll!UnhookWindowsHookEx 0000000076e4f52b 5 bytes JMP 000000007ef34c91 .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[4104] C:\Windows\syswow64\USER32.dll!FindWindowExW 0000000076e4f588 5 bytes JMP 000000007ef36619 .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[4104] C:\Windows\syswow64\USER32.dll!CreateDialogIndirectParamAorW 0000000076e510a0 5 bytes JMP 000000007ef35ad1 .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[4104] C:\Windows\syswow64\USER32.dll!MessageBoxExA 0000000076e7fcd6 5 bytes JMP 000000007ef35c01 .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[4104] C:\Windows\syswow64\USER32.dll!MessageBoxExW 0000000076e7fcfa 5 bytes JMP 000000007ef35c99 .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[4104] C:\Windows\syswow64\WS2_32.dll!closesocket 0000000077293918 5 bytes JMP 000000007ef360c1 .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[4104] C:\Windows\syswow64\WS2_32.dll!WSASocketW 0000000077293cd3 5 bytes JMP 000000007ef36029 .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[4104] C:\Windows\syswow64\WS2_32.dll!socket 0000000077293eb8 5 bytes JMP 000000007ef37621 .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[4104] C:\Windows\syswow64\WS2_32.dll!WSASend 0000000077294406 5 bytes JMP 000000007ef32139 .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[4104] C:\Windows\syswow64\WS2_32.dll!GetAddrInfoW 0000000077294889 5 bytes JMP 000000007ef35741 .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[4104] C:\Windows\syswow64\WS2_32.dll!recv 0000000077296b0e 5 bytes JMP 000000007ef377e9 .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[4104] C:\Windows\syswow64\WS2_32.dll!connect 0000000077296bdd 1 byte JMP 000000007ef341e1 .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[4104] C:\Windows\syswow64\WS2_32.dll!connect + 2 0000000077296bdf 3 bytes {CALL RBP} .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[4104] C:\Windows\syswow64\WS2_32.dll!send 0000000077296f01 5 bytes JMP 000000007ef320a1 .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[4104] C:\Windows\syswow64\WS2_32.dll!WSARecv 0000000077297089 5 bytes JMP 000000007ef37881 .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[4104] C:\Windows\syswow64\WS2_32.dll!WSAConnect 000000007729cc3f 5 bytes JMP 000000007ef37751 .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[4104] C:\Windows\syswow64\WS2_32.dll!GetAddrInfoExW 000000007729d1ea 5 bytes JMP 000000007ef357d9 .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[4104] C:\Windows\syswow64\WS2_32.dll!gethostbyname 00000000772a7673 5 bytes JMP 000000007ef35871 .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[4104] C:\Windows\syswow64\urlmon.dll!CreateUri + 128 0000000075c52b50 5 bytes JMP 000000007ef383c9 .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[4104] C:\Windows\syswow64\urlmon.dll!URLDownloadToCacheFileW 0000000075c91130 5 bytes JMP 000000007ef34149 .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[4104] C:\Windows\syswow64\urlmon.dll!URLDownloadToFileW 0000000075c91910 5 bytes JMP 000000007ef321d1 .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[4104] C:\Windows\syswow64\urlmon.dll!URLDownloadToFileA 0000000075d0e7a0 5 bytes JMP 000000007ef32ab9 .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[4104] C:\Windows\syswow64\SHELL32.dll!Shell_NotifyIconW 0000000075dc01a9 5 bytes JMP 000000007ef34d29 .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[4104] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000075681401 2 bytes JMP 75abb20b C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[4104] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000075681419 2 bytes JMP 75abb336 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[4104] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000075681431 2 bytes JMP 75b38f39 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[4104] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 000000007568144a 2 bytes CALL 75a94885 C:\Windows\syswow64\KERNEL32.dll .text ... * 9 .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[4104] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000756814dd 2 bytes JMP 75b38832 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[4104] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000756814f5 2 bytes JMP 75b38a08 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[4104] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 000000007568150d 2 bytes JMP 75b38728 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[4104] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000075681525 2 bytes JMP 75b38af2 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[4104] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 000000007568153d 2 bytes JMP 75aafc98 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[4104] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000075681555 2 bytes JMP 75ab68df C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[4104] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 000000007568156d 2 bytes JMP 75b38ff1 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[4104] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000075681585 2 bytes JMP 75b38b52 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[4104] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 000000007568159d 2 bytes JMP 75b386ec C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[4104] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000756815b5 2 bytes JMP 75aafd31 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[4104] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000756815cd 2 bytes JMP 75abb2cc C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[4104] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000756816b2 2 bytes JMP 75b38eb4 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[4104] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000756816bd 2 bytes JMP 75b38681 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[976] C:\Windows\SysWOW64\ntdll.dll!NtClose 0000000077ccfa20 5 bytes JMP 000000007ef367e1 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[976] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationProcess 0000000077ccfb68 5 bytes JMP 000000007ef361f1 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[976] C:\Windows\SysWOW64\ntdll.dll!NtQueryInformationToken 0000000077ccfbe8 5 bytes JMP 000000007ef37dd9 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[976] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess 0000000077ccfc60 5 bytes JMP 000000007ef331d9 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[976] C:\Windows\SysWOW64\ntdll.dll!NtMapViewOfSection 0000000077ccfc90 5 bytes JMP 000000007ef315f1 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[976] C:\Windows\SysWOW64\ntdll.dll!NtUnmapViewOfSection 0000000077ccfcc0 5 bytes JMP 000000007ef31689 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[976] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 0000000077ccfcf0 5 bytes JMP 000000007ef36159 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[976] C:\Windows\SysWOW64\ntdll.dll!NtWriteVirtualMemory 0000000077ccfe54 5 bytes JMP 000000007ef330a9 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[976] C:\Windows\SysWOW64\ntdll.dll!NtDuplicateObject 0000000077ccfe84 5 bytes JMP 000000007ef33309 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[976] C:\Windows\SysWOW64\ntdll.dll!NtAdjustPrivilegesToken 0000000077ccff00 5 bytes JMP 000000007ef37161 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[976] C:\Windows\SysWOW64\ntdll.dll!NtQueueApcThread 0000000077ccff64 5 bytes JMP 000000007ef33271 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[976] C:\Windows\SysWOW64\ntdll.dll!NtCreateProcessEx 0000000077cd002c 5 bytes JMP 000000007ef32ee1 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[976] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread 0000000077cd0044 5 bytes JMP 000000007ef32db1 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[976] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile 0000000077cd00f4 5 bytes JMP 000000007ef31ed9 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[976] C:\Windows\SysWOW64\ntdll.dll!NtSetValueKey 0000000077cd0204 5 bytes JMP 000000007ef32301 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[976] C:\Windows\SysWOW64\ntdll.dll!NtCreateProcess 0000000077cd0854 5 bytes JMP 000000007ef32e49 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[976] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx 0000000077cd08e4 5 bytes JMP 000000007ef32d19 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[976] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver 0000000077cd0e34 5 bytes JMP 000000007ef36879 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[976] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessToken 0000000077cd1100 5 bytes JMP 000000007ef37d41 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[976] C:\Windows\SysWOW64\ntdll.dll!NtRaiseHardError 0000000077cd1644 5 bytes JMP 000000007ef34ac9 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[976] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread 0000000077cd1960 5 bytes JMP 000000007ef33141 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[976] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation 0000000077cd1c24 5 bytes JMP 000000007ef36911 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[976] C:\Windows\SysWOW64\ntdll.dll!NtSuspendProcess 0000000077cd1d94 5 bytes JMP 000000007ef33439 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[976] C:\Windows\SysWOW64\ntdll.dll!NtSuspendThread 0000000077cd1db0 5 bytes JMP 000000007ef333a1 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[976] C:\Windows\SysWOW64\ntdll.dll!NtVdmControl 0000000077cd1f28 5 bytes JMP 000000007ef37f09 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[976] C:\Windows\SysWOW64\ntdll.dll!RtlQueryPerformanceCounter 0000000077ce28e4 5 bytes JMP 000000007ef31ab1 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[976] C:\Windows\SysWOW64\ntdll.dll!RtlEqualSid 0000000077ce8e61 5 bytes JMP 000000007ef37e71 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[976] C:\Windows\SysWOW64\ntdll.dll!RtlCreateProcessParametersEx 0000000077d10eab 5 bytes JMP 000000007ef32009 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[976] C:\Windows\SysWOW64\ntdll.dll!RtlReportException 0000000077d58b7f 5 bytes JMP 000000007ef34b61 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[976] C:\Windows\SysWOW64\ntdll.dll!RtlCreateProcessParameters 0000000077d5ee1b 5 bytes JMP 000000007ef31f71 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[976] C:\Windows\syswow64\kernel32.dll!GetStartupInfoA 0000000075a90e00 5 bytes JMP 000000007ef31da9 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[976] C:\Windows\syswow64\kernel32.dll!CreateProcessA 0000000075a91072 5 bytes JMP 000000007ef32a21 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[976] C:\Windows\syswow64\kernel32.dll!LoadLibraryA 0000000075a94977 5 bytes JMP 000000007ef325f9 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[976] C:\Windows\syswow64\kernel32.dll!CreateProcessInternalW 0000000075aa3b93 5 bytes JMP 000000007ef33011 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[976] C:\Windows\syswow64\kernel32.dll!MoveFileWithProgressW 0000000075aa9a8c 5 bytes JMP 000000007ef370c9 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[976] C:\Windows\syswow64\kernel32.dll!MoveFileExW 0000000075aa9aed 5 bytes JMP 000000007ef36e69 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[976] C:\Windows\syswow64\kernel32.dll!CreateToolhelp32Snapshot 0000000075ab7317 5 bytes JMP 000000007ef32729 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[976] C:\Windows\syswow64\kernel32.dll!Process32NextW 0000000075ab88ca 5 bytes JMP 000000007ef36749 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[976] C:\Windows\syswow64\kernel32.dll!MoveFileExA 0000000075abccb1 5 bytes JMP 000000007ef36d39 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[976] C:\Windows\syswow64\kernel32.dll!MoveFileWithProgressA 0000000075abccd1 5 bytes JMP 000000007ef36f99 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[976] C:\Windows\syswow64\kernel32.dll!WinExec 0000000075b13061 5 bytes JMP 000000007ef328f1 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[976] C:\Windows\syswow64\kernel32.dll!ReadConsoleInputA 0000000075b3752b 5 bytes JMP 000000007ef346a1 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[976] C:\Windows\syswow64\kernel32.dll!ReadConsoleInputW 0000000075b3754e 5 bytes JMP 000000007ef347d1 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[976] C:\Windows\syswow64\kernel32.dll!ReadConsoleA 0000000075b378f9 5 bytes JMP 000000007ef34901 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[976] C:\Windows\syswow64\kernel32.dll!ReadConsoleW 0000000075b37972 5 bytes JMP 000000007ef34a31 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[976] C:\Windows\syswow64\KERNELBASE.dll!GetSystemTimeAsFileTime 0000000075a38f8d 5 bytes JMP 000000007ef31a19 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[976] C:\Windows\syswow64\KERNELBASE.dll!CloseHandle 0000000075a3c436 5 bytes JMP 000000007ef33b59 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[976] C:\Windows\syswow64\KERNELBASE.dll!DeviceIoControl 0000000075a3d0af 5 bytes JMP 000000007ef371f9 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[976] C:\Windows\syswow64\KERNELBASE.dll!WriteProcessMemory 0000000075a3eca6 5 bytes JMP 000000007ef33601 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[976] C:\Windows\syswow64\KERNELBASE.dll!ExitProcess 0000000075a3f206 5 bytes JMP 000000007ef32399 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[976] C:\Windows\syswow64\KERNELBASE.dll!GetStartupInfoW 0000000075a3fa89 5 bytes JMP 000000007ef31e41 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[976] C:\Windows\syswow64\KERNELBASE.dll!DefineDosDeviceW 0000000075a3fbb7 5 bytes JMP 000000007ef36c09 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[976] C:\Windows\syswow64\KERNELBASE.dll!CreateMutexW 0000000075a41358 5 bytes JMP 000000007ef33ac1 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[976] C:\Windows\syswow64\KERNELBASE.dll!OpenMutexW 0000000075a4137f 5 bytes JMP 000000007ef33a29 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[976] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000075a41d29 5 bytes JMP 000000007ef31981 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[976] C:\Windows\syswow64\KERNELBASE.dll!GetProcAddress 0000000075a41e15 5 bytes JMP 000000007ef324c9 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[976] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000075a42ab1 5 bytes JMP 000000007ef36321 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[976] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExA 0000000075a42cdf 5 bytes JMP 000000007ef36289 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[976] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000075a42d1d 5 bytes JMP 000000007ef363b9 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[976] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleA 0000000075a42e80 5 bytes JMP 000000007ef318e9 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[976] C:\Windows\syswow64\KERNELBASE.dll!SleepEx 0000000075a43b76 5 bytes JMP 000000007ef32269 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[976] C:\Windows\syswow64\KERNELBASE.dll!Sleep 0000000075a4449c 5 bytes JMP 000000007ef32431 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[976] C:\Windows\syswow64\KERNELBASE.dll!CreateThread 0000000075a4460e 5 bytes JMP 000000007ef33569 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[976] C:\Windows\syswow64\KERNELBASE.dll!CreateRemoteThread 0000000075a44637 5 bytes JMP 000000007ef32c81 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[976] C:\Windows\syswow64\KERNELBASE.dll!FindNextFileW 0000000075a4a217 5 bytes JMP 000000007ef37329 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[976] C:\Windows\syswow64\KERNELBASE.dll!FindFirstFileExW 0000000075a4a500 5 bytes JMP 000000007ef37291 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[976] C:\Windows\syswow64\KERNELBASE.dll!CreateFileA 0000000075a4c73a 5 bytes JMP 000000007ef327c1 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[976] C:\Windows\syswow64\KERNELBASE.dll!CreateWellKnownSid 0000000075a4e2a4 5 bytes JMP 000000007ef37ca9 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[976] C:\Windows\syswow64\USER32.dll!GetMessageW 0000000076e278e2 5 bytes JMP 000000007ef34441 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[976] C:\Windows\syswow64\USER32.dll!GetMessageA 0000000076e27bd3 5 bytes JMP 000000007ef343a9 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[976] C:\Windows\syswow64\USER32.dll!CreateWindowExW 0000000076e28a29 5 bytes JMP 000000007ef35909 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[976] C:\Windows\syswow64\USER32.dll!FindWindowW 0000000076e298fd 5 bytes JMP 000000007ef36581 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[976] C:\Windows\syswow64\USER32.dll!UserClientDllInitialize 0000000076e2b6ed 5 bytes JMP 000000007ef380d1 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[976] C:\Windows\syswow64\USER32.dll!CreateWindowExA 0000000076e2d22e 5 bytes JMP 000000007ef359a1 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[976] C:\Windows\syswow64\USER32.dll!SetWinEventHook 0000000076e2ee09 5 bytes JMP 000000007ef334d1 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[976] C:\Windows\syswow64\USER32.dll!FindWindowA 0000000076e2ffe6 5 bytes JMP 000000007ef36451 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[976] C:\Windows\syswow64\USER32.dll!FindWindowExA 0000000076e300d9 5 bytes JMP 000000007ef364e9 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[976] C:\Windows\syswow64\USER32.dll!PeekMessageW 0000000076e305ba 5 bytes JMP 000000007ef34571 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[976] C:\Windows\syswow64\USER32.dll!ShowWindow 0000000076e30dfb 5 bytes JMP 000000007ef35a39 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[976] C:\Windows\syswow64\USER32.dll!PostMessageW 0000000076e312a5 5 bytes JMP 000000007ef38039 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[976] C:\Windows\syswow64\USER32.dll!SetWindowTextW 0000000076e320ec 5 bytes JMP 000000007ef35dc9 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[976] C:\Windows\syswow64\USER32.dll!PostMessageA 0000000076e33baa 5 bytes JMP 000000007ef37fa1 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[976] C:\Windows\syswow64\USER32.dll!PeekMessageA 0000000076e35f74 5 bytes JMP 000000007ef344d9 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[976] C:\Windows\syswow64\USER32.dll!CallNextHookEx 0000000076e36285 5 bytes JMP 000000007ef34bf9 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[976] C:\Windows\syswow64\USER32.dll!SetWindowsHookExW 0000000076e37603 5 bytes JMP 000000007ef32be9 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[976] C:\Windows\syswow64\USER32.dll!SetWindowTextA 0000000076e37aee 5 bytes JMP 000000007ef35d31 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[976] C:\Windows\syswow64\USER32.dll!SetWindowsHookExA 0000000076e3835c 5 bytes JMP 000000007ef32b51 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[976] C:\Windows\syswow64\USER32.dll!DialogBoxIndirectParamAorW 0000000076e4ce54 5 bytes JMP 000000007ef35b69 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[976] C:\Windows\syswow64\USER32.dll!UnhookWindowsHookEx 0000000076e4f52b 5 bytes JMP 000000007ef34c91 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[976] C:\Windows\syswow64\USER32.dll!FindWindowExW 0000000076e4f588 5 bytes JMP 000000007ef36619 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[976] C:\Windows\syswow64\USER32.dll!CreateDialogIndirectParamAorW 0000000076e510a0 5 bytes JMP 000000007ef35ad1 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[976] C:\Windows\syswow64\USER32.dll!MessageBoxExA 0000000076e7fcd6 5 bytes JMP 000000007ef35c01 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[976] C:\Windows\syswow64\USER32.dll!MessageBoxExW 0000000076e7fcfa 5 bytes JMP 000000007ef35c99 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[976] C:\Windows\syswow64\GDI32.dll!TranslateCharsetInfo + 505 0000000076b4633b 5 bytes JMP 000000007ef38169 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[976] C:\Windows\syswow64\GDI32.dll!NamedEscape 0000000076b740e9 5 bytes JMP 000000007ef37919 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[976] C:\Windows\syswow64\msvcrt.dll!_lock + 41 0000000075b9a472 5 bytes JMP 000000007ef38201 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[976] C:\Windows\syswow64\msvcrt.dll!__p__fmode 0000000075ba27ce 5 bytes JMP 000000007ef31be1 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[976] C:\Windows\syswow64\msvcrt.dll!__p__environ 0000000075bae6cf 5 bytes JMP 000000007ef31b49 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[976] C:\Windows\syswow64\ADVAPI32.dll!CryptGenKey 0000000075698e89 5 bytes JMP 000000007ef374f1 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[976] C:\Windows\syswow64\ADVAPI32.dll!CryptAcquireContextA 0000000075699179 5 bytes JMP 000000007ef373c1 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[976] C:\Windows\syswow64\ADVAPI32.dll!CryptExportKey 0000000075699186 5 bytes JMP 000000007ef37a49 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[976] C:\Windows\syswow64\ADVAPI32.dll!CryptImportKey 000000007569c4d2 5 bytes JMP 000000007ef37c11 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[976] C:\Windows\syswow64\ADVAPI32.dll!OpenServiceW 000000007569c9ec 5 bytes JMP 000000007ef33c89 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[976] C:\Windows\syswow64\ADVAPI32.dll!CryptAcquireContextW 000000007569deb4 5 bytes JMP 000000007ef37459 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[976] C:\Windows\syswow64\ADVAPI32.dll!CryptHashData 000000007569ded6 5 bytes JMP 000000007ef37b79 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[976] C:\Windows\syswow64\ADVAPI32.dll!CryptCreateHash 000000007569deee 5 bytes JMP 000000007ef379b1 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[976] C:\Windows\syswow64\ADVAPI32.dll!CryptGetHashParam 000000007569df1e 5 bytes JMP 000000007ef37ae1 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[976] C:\Windows\syswow64\ADVAPI32.dll!OpenServiceA 00000000756a2b50 5 bytes JMP 000000007ef33bf1 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[976] C:\Windows\syswow64\ADVAPI32.dll!CloseServiceHandle 00000000756a35fc 5 bytes JMP 000000007ef340b1 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[976] C:\Windows\syswow64\ADVAPI32.dll!RegOpenKeyExA + 222 00000000756a494d 5 bytes JMP 000000007ef38299 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[976] C:\Windows\syswow64\ADVAPI32.dll!CreateServiceW 00000000756b714c 5 bytes JMP 000000007ef34311 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[976] C:\Windows\syswow64\ADVAPI32.dll!ControlService 00000000756b7164 5 bytes JMP 000000007ef33e51 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[976] C:\Windows\syswow64\ADVAPI32.dll!DeleteService 00000000756b717c 5 bytes JMP 000000007ef33ee9 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[976] C:\Windows\syswow64\ADVAPI32.dll!CryptEncrypt 00000000756b77c3 5 bytes JMP 000000007ef37589 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[976] C:\Windows\syswow64\ADVAPI32.dll!ChangeServiceConfigA 00000000756d3384 5 bytes JMP 000000007ef33f81 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[976] C:\Windows\syswow64\ADVAPI32.dll!ChangeServiceConfigW 00000000756d3394 5 bytes JMP 000000007ef34019 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[976] C:\Windows\syswow64\ADVAPI32.dll!ControlServiceExA 00000000756d33a4 5 bytes JMP 000000007ef33d21 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[976] C:\Windows\syswow64\ADVAPI32.dll!ControlServiceExW 00000000756d33b4 5 bytes JMP 000000007ef33db9 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[976] C:\Windows\syswow64\ADVAPI32.dll!CreateServiceA 00000000756d33f4 5 bytes JMP 000000007ef34279 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[976] C:\Windows\syswow64\WS2_32.dll!closesocket 0000000077293918 5 bytes JMP 000000007ef360c1 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[976] C:\Windows\syswow64\WS2_32.dll!WSASocketW 0000000077293cd3 5 bytes JMP 000000007ef36029 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[976] C:\Windows\syswow64\WS2_32.dll!socket 0000000077293eb8 5 bytes JMP 000000007ef37621 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[976] C:\Windows\syswow64\WS2_32.dll!WSASend 0000000077294406 5 bytes JMP 000000007ef32139 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[976] C:\Windows\syswow64\WS2_32.dll!GetAddrInfoW 0000000077294889 5 bytes JMP 000000007ef35741 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[976] C:\Windows\syswow64\WS2_32.dll!recv 0000000077296b0e 5 bytes JMP 000000007ef377e9 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[976] C:\Windows\syswow64\WS2_32.dll!connect 0000000077296bdd 1 byte JMP 000000007ef341e1 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[976] C:\Windows\syswow64\WS2_32.dll!connect + 2 0000000077296bdf 3 bytes {CALL RBP} .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[976] C:\Windows\syswow64\WS2_32.dll!send 0000000077296f01 5 bytes JMP 000000007ef320a1 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[976] C:\Windows\syswow64\WS2_32.dll!WSARecv 0000000077297089 5 bytes JMP 000000007ef37881 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[976] C:\Windows\syswow64\WS2_32.dll!WSAConnect 000000007729cc3f 5 bytes JMP 000000007ef37751 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[976] C:\Windows\syswow64\WS2_32.dll!GetAddrInfoExW 000000007729d1ea 5 bytes JMP 000000007ef357d9 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[976] C:\Windows\syswow64\WS2_32.dll!gethostbyname 00000000772a7673 5 bytes JMP 000000007ef35871 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[976] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000075681401 2 bytes JMP 75abb20b C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[976] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000075681419 2 bytes JMP 75abb336 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[976] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000075681431 2 bytes JMP 75b38f39 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[976] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 000000007568144a 2 bytes CALL 75a94885 C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[976] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000756814dd 2 bytes JMP 75b38832 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[976] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000756814f5 2 bytes JMP 75b38a08 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[976] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 000000007568150d 2 bytes JMP 75b38728 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[976] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000075681525 2 bytes JMP 75b38af2 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[976] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 000000007568153d 2 bytes JMP 75aafc98 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[976] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000075681555 2 bytes JMP 75ab68df C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[976] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 000000007568156d 2 bytes JMP 75b38ff1 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[976] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000075681585 2 bytes JMP 75b38b52 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[976] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 000000007568159d 2 bytes JMP 75b386ec C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[976] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000756815b5 2 bytes JMP 75aafd31 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[976] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000756815cd 2 bytes JMP 75abb2cc C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[976] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000756816b2 2 bytes JMP 75b38eb4 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[976] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000756816bd 2 bytes JMP 75b38681 C:\Windows\syswow64\kernel32.dll .text C:\Windows\system32\svchost.exe[3692] C:\Windows\SYSTEM32\ntdll.dll!RtlEqualSid + 1 0000000077af85e1 11 bytes [B8, F9, 04, A5, 75, 00, 00, ...] .text C:\Windows\system32\svchost.exe[3692] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateProcessParametersEx + 1 0000000077b06921 7 bytes [B8, 39, 69, A4, 75, 00, 00] .text C:\Windows\system32\svchost.exe[3692] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateProcessParametersEx + 10 0000000077b0692a 2 bytes [50, C3] .text C:\Windows\system32\svchost.exe[3692] C:\Windows\SYSTEM32\ntdll.dll!NtClose 0000000077b1daa0 6 bytes [48, B8, 79, C2, A4, 75] .text C:\Windows\system32\svchost.exe[3692] C:\Windows\SYSTEM32\ntdll.dll!NtClose + 8 0000000077b1daa8 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\svchost.exe[3692] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess 0000000077b1db70 6 bytes [48, B8, 39, AF, A4, 75] .text C:\Windows\system32\svchost.exe[3692] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess + 8 0000000077b1db78 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\svchost.exe[3692] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationToken 0000000077b1dbc0 6 bytes [48, B8, 39, 03, A5, 75] .text C:\Windows\system32\svchost.exe[3692] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationToken + 8 0000000077b1dbc8 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\svchost.exe[3692] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077b1dc10 6 bytes [48, B8, F9, 32, A4, 75] .text C:\Windows\system32\svchost.exe[3692] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess + 8 0000000077b1dc18 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\svchost.exe[3692] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 0000000077b1dc30 6 bytes [48, B8, 39, 1C, A4, 75] .text C:\Windows\system32\svchost.exe[3692] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection + 8 0000000077b1dc38 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\svchost.exe[3692] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection 0000000077b1dc50 6 bytes [48, B8, F9, 1D, A4, 75] .text C:\Windows\system32\svchost.exe[3692] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection + 8 0000000077b1dc58 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\svchost.exe[3692] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077b1dc70 6 bytes [48, B8, 79, AD, A4, 75] .text C:\Windows\system32\svchost.exe[3692] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess + 8 0000000077b1dc78 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\svchost.exe[3692] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077b1dd50 6 bytes [48, B8, 79, 2F, A4, 75] .text C:\Windows\system32\svchost.exe[3692] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory + 8 0000000077b1dd58 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\svchost.exe[3692] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077b1dd70 6 bytes [48, B8, 79, 36, A4, 75] .text C:\Windows\system32\svchost.exe[3692] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject + 8 0000000077b1dd78 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\svchost.exe[3692] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 0000000077b1de00 6 bytes [48, B8, B9, 34, A4, 75] .text C:\Windows\system32\svchost.exe[3692] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread + 8 0000000077b1de08 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\svchost.exe[3692] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcessEx 0000000077b1de80 6 bytes [48, B8, 39, 2A, A4, 75] .text C:\Windows\system32\svchost.exe[3692] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcessEx + 8 0000000077b1de88 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\svchost.exe[3692] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077b1de90 6 bytes [48, B8, B9, 26, A4, 75] .text C:\Windows\system32\svchost.exe[3692] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread + 8 0000000077b1de98 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\svchost.exe[3692] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 0000000077b1df00 6 bytes [48, B8, 79, DE, A4, 75] .text C:\Windows\system32\svchost.exe[3692] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile + 8 0000000077b1df08 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\svchost.exe[3692] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcess 0000000077b1e3d0 6 bytes [48, B8, 79, 28, A4, 75] .text C:\Windows\system32\svchost.exe[3692] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcess + 8 0000000077b1e3d8 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\svchost.exe[3692] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077b1e430 6 bytes [48, B8, F9, 24, A4, 75] .text C:\Windows\system32\svchost.exe[3692] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx + 8 0000000077b1e438 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\svchost.exe[3692] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077b1e7a0 6 bytes [48, B8, 39, C4, A4, 75] .text C:\Windows\system32\svchost.exe[3692] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver + 8 0000000077b1e7a8 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\svchost.exe[3692] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcessToken 0000000077b1e970 6 bytes [48, B8, 79, 01, A5, 75] .text C:\Windows\system32\svchost.exe[3692] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcessToken + 8 0000000077b1e978 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\svchost.exe[3692] C:\Windows\SYSTEM32\ntdll.dll!NtRaiseHardError 0000000077b1ece0 6 bytes [48, B8, 79, 83, A4, 75] .text C:\Windows\system32\svchost.exe[3692] C:\Windows\SYSTEM32\ntdll.dll!NtRaiseHardError + 8 0000000077b1ece8 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\svchost.exe[3692] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077b1eee0 6 bytes [48, B8, 39, 31, A4, 75] .text C:\Windows\system32\svchost.exe[3692] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread + 8 0000000077b1eee8 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\svchost.exe[3692] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077b1f0a0 6 bytes [48, B8, F9, C5, A4, 75] .text C:\Windows\system32\svchost.exe[3692] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation + 8 0000000077b1f0a8 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\svchost.exe[3692] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077b1f180 6 bytes [48, B8, 79, 3D, A4, 75] .text C:\Windows\system32\svchost.exe[3692] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess + 8 0000000077b1f188 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\svchost.exe[3692] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077b1f190 6 bytes [48, B8, B9, 3B, A4, 75] .text C:\Windows\system32\svchost.exe[3692] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread + 8 0000000077b1f198 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\svchost.exe[3692] C:\Windows\SYSTEM32\ntdll.dll!RtlReportException + 1 0000000077b8f0c1 11 bytes [B8, 39, 85, A4, 75, 00, 00, ...] .text C:\Windows\system32\svchost.exe[3692] C:\Windows\system32\kernel32.dll!Process32NextW + 1 00000000779b1b21 11 bytes [B8, B9, C0, A4, 75, 00, 00, ...] .text C:\Windows\system32\svchost.exe[3692] C:\Windows\system32\kernel32.dll!CreateToolhelp32Snapshot 00000000779b1c10 12 bytes [48, B8, F9, 39, A4, 75, 00, ...] .text C:\Windows\system32\svchost.exe[3692] C:\Windows\system32\kernel32.dll!MoveFileExW + 1 00000000779b2b61 8 bytes [B8, B9, D5, A4, 75, 00, 00, ...] .text C:\Windows\system32\svchost.exe[3692] C:\Windows\system32\kernel32.dll!MoveFileExW + 10 00000000779b2b6a 2 bytes [50, C3] .text C:\Windows\system32\svchost.exe[3692] C:\Windows\system32\kernel32.dll!CreateProcessInternalW 00000000779cdb10 12 bytes [48, B8, B9, 2D, A4, 75, 00, ...] .text C:\Windows\system32\svchost.exe[3692] C:\Windows\system32\kernel32.dll!GetStartupInfoA + 1 00000000779d0951 11 bytes [B8, 79, 08, A5, 75, 00, 00, ...] .text C:\Windows\system32\svchost.exe[3692] C:\Windows\system32\kernel32.dll!ReadConsoleInputW + 1 0000000077a052c1 11 bytes [B8, B9, 7A, A4, 75, 00, 00, ...] .text C:\Windows\system32\svchost.exe[3692] C:\Windows\system32\kernel32.dll!ReadConsoleInputA + 1 0000000077a052e1 11 bytes [B8, 39, 77, A4, 75, 00, 00, ...] .text C:\Windows\system32\svchost.exe[3692] C:\Windows\system32\kernel32.dll!ReadConsoleW 0000000077a1a630 12 bytes [48, B8, B9, 81, A4, 75, 00, ...] .text C:\Windows\system32\svchost.exe[3692] C:\Windows\system32\kernel32.dll!ReadConsoleA 0000000077a1a740 12 bytes [48, B8, 39, 7E, A4, 75, 00, ...] .text C:\Windows\system32\svchost.exe[3692] C:\Windows\system32\kernel32.dll!MoveFileWithProgressW + 1 0000000077a3f4e1 11 bytes [B8, B9, DC, A4, 75, 00, 00, ...] .text C:\Windows\system32\svchost.exe[3692] C:\Windows\system32\kernel32.dll!MoveFileWithProgressA + 1 0000000077a3f6e1 11 bytes [B8, 39, D9, A4, 75, 00, 00, ...] .text C:\Windows\system32\svchost.exe[3692] C:\Windows\system32\kernel32.dll!MoveFileExA + 1 0000000077a3f711 8 bytes [B8, 39, D2, A4, 75, 00, 00, ...] .text C:\Windows\system32\svchost.exe[3692] C:\Windows\system32\kernel32.dll!MoveFileExA + 10 0000000077a3f71a 2 bytes [50, C3] .text C:\Windows\system32\svchost.exe[3692] C:\Windows\system32\KERNELBASE.dll!CloseHandle + 1 000007fefd951861 11 bytes [B8, 79, 52, A4, 75, 00, 00, ...] .text C:\Windows\system32\svchost.exe[3692] C:\Windows\system32\KERNELBASE.dll!GetProcAddress + 1 000007fefd9530f1 11 bytes [B8, 39, B6, A4, 75, 00, 00, ...] .text C:\Windows\system32\svchost.exe[3692] C:\Windows\system32\KERNELBASE.dll!FindFirstFileExW 000007fefd954a20 12 bytes [48, B8, F9, E1, A4, 75, 00, ...] .text C:\Windows\system32\svchost.exe[3692] C:\Windows\system32\KERNELBASE.dll!FindNextFileW + 1 000007fefd955501 11 bytes [B8, B9, E3, A4, 75, 00, 00, ...] .text C:\Windows\system32\svchost.exe[3692] C:\Windows\system32\KERNELBASE.dll!CreateMutexW 000007fefd9585b0 12 bytes [48, B8, B9, 50, A4, 75, 00, ...] .text C:\Windows\system32\svchost.exe[3692] C:\Windows\system32\KERNELBASE.dll!DeviceIoControl + 1 000007fefd9590a1 11 bytes [B8, 39, E0, A4, 75, 00, 00, ...] .text C:\Windows\system32\svchost.exe[3692] C:\Windows\system32\KERNELBASE.dll!CreateWellKnownSid + 1 000007fefd95a881 11 bytes [B8, B9, FF, A4, 75, 00, 00, ...] .text C:\Windows\system32\svchost.exe[3692] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd95ac50 12 bytes [48, B8, B9, B2, A4, 75, 00, ...] .text C:\Windows\system32\svchost.exe[3692] C:\Windows\system32\KERNELBASE.dll!FreeLibrary + 1 000007fefd95b2c1 11 bytes [B8, 79, B4, A4, 75, 00, 00, ...] .text C:\Windows\system32\svchost.exe[3692] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExA + 1 000007fefd95cec1 11 bytes [B8, F9, B0, A4, 75, 00, 00, ...] .text C:\Windows\system32\svchost.exe[3692] C:\Windows\system32\KERNELBASE.dll!OpenMutexW + 1 000007fefd963c71 11 bytes [B8, F9, 4E, A4, 75, 00, 00, ...] .text C:\Windows\system32\svchost.exe[3692] C:\Windows\system32\KERNELBASE.dll!WriteProcessMemory 000007fefd984300 12 bytes [48, B8, B9, 42, A4, 75, 00, ...] .text C:\Windows\system32\svchost.exe[3692] C:\Windows\system32\KERNELBASE.dll!DefineDosDeviceW + 1 000007fefd990bc1 11 bytes [B8, B9, CE, A4, 75, 00, 00, ...] .text C:\Windows\system32\svchost.exe[3692] C:\Windows\system32\KERNELBASE.dll!CreateRemoteThread + 1 000007fefd992821 8 bytes [B8, 39, 23, A4, 75, 00, 00, ...] .text C:\Windows\system32\svchost.exe[3692] C:\Windows\system32\KERNELBASE.dll!CreateRemoteThread + 10 000007fefd99282a 2 bytes [50, C3] .text C:\Windows\system32\svchost.exe[3692] C:\Windows\system32\KERNELBASE.dll!CreateThread + 1 000007fefd992861 11 bytes [B8, F9, 40, A4, 75, 00, 00, ...] .text C:\Windows\system32\svchost.exe[3692] C:\Windows\SYSTEM32\sechost.dll!ControlService + 1 000007fefe88642d 11 bytes [B8, 39, 5B, A4, 75, 00, 00, ...] .text C:\Windows\system32\svchost.exe[3692] C:\Windows\SYSTEM32\sechost.dll!OpenServiceW 000007fefe886484 12 bytes [48, B8, F9, 55, A4, 75, 00, ...] .text C:\Windows\system32\svchost.exe[3692] C:\Windows\SYSTEM32\sechost.dll!CloseServiceHandle + 1 000007fefe886519 11 bytes [B8, 39, 62, A4, 75, 00, 00, ...] .text C:\Windows\system32\svchost.exe[3692] C:\Windows\SYSTEM32\sechost.dll!OpenServiceA 000007fefe886c34 12 bytes [48, B8, 39, 54, A4, 75, 00, ...] .text C:\Windows\system32\svchost.exe[3692] C:\Windows\SYSTEM32\sechost.dll!DeleteService + 1 000007fefe887ab5 11 bytes [B8, F9, 5C, A4, 75, 00, 00, ...] .text C:\Windows\system32\svchost.exe[3692] C:\Windows\SYSTEM32\sechost.dll!ControlServiceExA + 1 000007fefe888b01 11 bytes [B8, B9, 57, A4, 75, 00, 00, ...] .text C:\Windows\system32\svchost.exe[3692] C:\Windows\SYSTEM32\sechost.dll!ControlServiceExW + 1 000007fefe888c39 11 bytes [B8, 79, 59, A4, 75, 00, 00, ...] .text C:\Windows\system32\svchost.exe[3692] C:\Windows\system32\GDI32.dll!GdiDllInitialize + 349 000007feff8fb031 11 bytes [B8, 39, 0A, A5, 75, 00, 00, ...] .text C:\Windows\system32\svchost.exe[3692] C:\Windows\system32\GDI32.dll!NamedEscape + 1 000007feff929209 11 bytes [B8, 39, F5, A4, 75, 00, 00, ...] .text C:\Windows\system32\svchost.exe[3692] C:\Windows\system32\ADVAPI32.dll!CryptExportKey + 1 000007fefe00ae81 11 bytes [B8, B9, F8, A4, 75, 00, 00, ...] .text C:\Windows\system32\svchost.exe[3692] C:\Windows\system32\ADVAPI32.dll!CryptAcquireContextA + 1 000007fefe00aee1 11 bytes [B8, 79, E5, A4, 75, 00, 00, ...] .text C:\Windows\system32\svchost.exe[3692] C:\Windows\system32\ADVAPI32.dll!CryptImportKey + 1 000007fefe00e6e9 11 bytes [B8, F9, FD, A4, 75, 00, 00, ...] .text C:\Windows\system32\svchost.exe[3692] C:\Windows\system32\ADVAPI32.dll!CryptAcquireContextW + 1 000007fefe01048d 11 bytes [B8, 39, E7, A4, 75, 00, 00, ...] .text C:\Windows\system32\svchost.exe[3692] C:\Windows\system32\ADVAPI32.dll!CryptCreateHash + 1 000007fefe010579 11 bytes [B8, F9, F6, A4, 75, 00, 00, ...] .text C:\Windows\system32\svchost.exe[3692] C:\Windows\system32\ADVAPI32.dll!CryptGetHashParam + 1 000007fefe0105b1 11 bytes [B8, 79, FA, A4, 75, 00, 00, ...] .text C:\Windows\system32\svchost.exe[3692] C:\Windows\system32\ADVAPI32.dll!CryptGetHashParam + 73 000007fefe0105f9 5 bytes [B8, 39, FC, A4, 75] .text ... * 2 .text C:\Windows\system32\svchost.exe[3692] C:\Windows\system32\ADVAPI32.dll!IsTextUnicode + 49 000007fefe024e21 11 bytes [B8, B9, 0D, A5, 75, 00, 00, ...] .text C:\Windows\system32\svchost.exe[3692] C:\Windows\system32\ADVAPI32.dll!CreateServiceW 000007fefe025538 12 bytes [48, B8, B9, 6C, A4, 75, 00, ...] .text C:\Windows\system32\svchost.exe[3692] C:\Windows\system32\ADVAPI32.dll!CryptEncrypt + 1 000007fefe03b9c1 7 bytes [B8, B9, EA, A4, 75, 00, 00] .text C:\Windows\system32\svchost.exe[3692] C:\Windows\system32\ADVAPI32.dll!CryptEncrypt + 10 000007fefe03b9ca 2 bytes [50, C3] .text C:\Windows\system32\svchost.exe[3692] C:\Windows\system32\ADVAPI32.dll!CreateServiceA 000007fefe03ba4c 12 bytes [48, B8, F9, 6A, A4, 75, 00, ...] .text C:\Windows\system32\svchost.exe[3692] C:\Windows\system32\ADVAPI32.dll!ChangeServiceConfigW 000007fefe03bbc0 12 bytes [48, B8, 79, 60, A4, 75, 00, ...] .text C:\Windows\system32\svchost.exe[3692] C:\Windows\system32\ADVAPI32.dll!ChangeServiceConfigA 000007fefe03bc2c 12 bytes [48, B8, B9, 5E, A4, 75, 00, ...] .text C:\Windows\system32\DllHost.exe[2884] C:\Windows\SYSTEM32\ntdll.dll!RtlEqualSid + 1 0000000077af85e1 11 bytes [B8, B9, 06, A5, 75, 00, 00, ...] .text C:\Windows\system32\DllHost.exe[2884] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateProcessParametersEx + 1 0000000077b06921 7 bytes [B8, 39, 69, A4, 75, 00, 00] .text C:\Windows\system32\DllHost.exe[2884] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateProcessParametersEx + 10 0000000077b0692a 2 bytes [50, C3] .text C:\Windows\system32\DllHost.exe[2884] C:\Windows\SYSTEM32\ntdll.dll!NtClose 0000000077b1daa0 6 bytes [48, B8, 79, C2, A4, 75] .text C:\Windows\system32\DllHost.exe[2884] C:\Windows\SYSTEM32\ntdll.dll!NtClose + 8 0000000077b1daa8 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\DllHost.exe[2884] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess 0000000077b1db70 6 bytes [48, B8, 39, AF, A4, 75] .text C:\Windows\system32\DllHost.exe[2884] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess + 8 0000000077b1db78 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\DllHost.exe[2884] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationToken 0000000077b1dbc0 6 bytes [48, B8, F9, 04, A5, 75] .text C:\Windows\system32\DllHost.exe[2884] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationToken + 8 0000000077b1dbc8 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\DllHost.exe[2884] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077b1dc10 6 bytes [48, B8, F9, 32, A4, 75] .text C:\Windows\system32\DllHost.exe[2884] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess + 8 0000000077b1dc18 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\DllHost.exe[2884] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 0000000077b1dc30 6 bytes [48, B8, 39, 1C, A4, 75] .text C:\Windows\system32\DllHost.exe[2884] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection + 8 0000000077b1dc38 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\DllHost.exe[2884] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection 0000000077b1dc50 6 bytes [48, B8, F9, 1D, A4, 75] .text C:\Windows\system32\DllHost.exe[2884] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection + 8 0000000077b1dc58 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\DllHost.exe[2884] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077b1dc70 6 bytes [48, B8, 79, AD, A4, 75] .text C:\Windows\system32\DllHost.exe[2884] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess + 8 0000000077b1dc78 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\DllHost.exe[2884] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077b1dd50 6 bytes [48, B8, 79, 2F, A4, 75] .text C:\Windows\system32\DllHost.exe[2884] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory + 8 0000000077b1dd58 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\DllHost.exe[2884] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077b1dd70 6 bytes [48, B8, 79, 36, A4, 75] .text C:\Windows\system32\DllHost.exe[2884] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject + 8 0000000077b1dd78 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\DllHost.exe[2884] C:\Windows\SYSTEM32\ntdll.dll!NtAdjustPrivilegesToken 0000000077b1ddc0 6 bytes [48, B8, 79, DE, A4, 75] .text C:\Windows\system32\DllHost.exe[2884] C:\Windows\SYSTEM32\ntdll.dll!NtAdjustPrivilegesToken + 8 0000000077b1ddc8 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\DllHost.exe[2884] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 0000000077b1de00 6 bytes [48, B8, B9, 34, A4, 75] .text C:\Windows\system32\DllHost.exe[2884] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread + 8 0000000077b1de08 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\DllHost.exe[2884] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcessEx 0000000077b1de80 6 bytes [48, B8, 39, 2A, A4, 75] .text C:\Windows\system32\DllHost.exe[2884] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcessEx + 8 0000000077b1de88 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\DllHost.exe[2884] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077b1de90 6 bytes [48, B8, B9, 26, A4, 75] .text C:\Windows\system32\DllHost.exe[2884] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread + 8 0000000077b1de98 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\DllHost.exe[2884] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 0000000077b1df00 6 bytes [48, B8, 39, E0, A4, 75] .text C:\Windows\system32\DllHost.exe[2884] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile + 8 0000000077b1df08 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\DllHost.exe[2884] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcess 0000000077b1e3d0 6 bytes [48, B8, 79, 28, A4, 75] .text C:\Windows\system32\DllHost.exe[2884] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcess + 8 0000000077b1e3d8 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\DllHost.exe[2884] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077b1e430 6 bytes [48, B8, F9, 24, A4, 75] .text C:\Windows\system32\DllHost.exe[2884] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx + 8 0000000077b1e438 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\DllHost.exe[2884] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077b1e7a0 6 bytes [48, B8, 39, C4, A4, 75] .text C:\Windows\system32\DllHost.exe[2884] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver + 8 0000000077b1e7a8 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\DllHost.exe[2884] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcessToken 0000000077b1e970 6 bytes [48, B8, 39, 03, A5, 75] .text C:\Windows\system32\DllHost.exe[2884] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcessToken + 8 0000000077b1e978 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\DllHost.exe[2884] C:\Windows\SYSTEM32\ntdll.dll!NtRaiseHardError 0000000077b1ece0 6 bytes [48, B8, 79, 83, A4, 75] .text C:\Windows\system32\DllHost.exe[2884] C:\Windows\SYSTEM32\ntdll.dll!NtRaiseHardError + 8 0000000077b1ece8 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\DllHost.exe[2884] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077b1eee0 6 bytes [48, B8, 39, 31, A4, 75] .text C:\Windows\system32\DllHost.exe[2884] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread + 8 0000000077b1eee8 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\DllHost.exe[2884] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077b1f0a0 6 bytes [48, B8, F9, C5, A4, 75] .text C:\Windows\system32\DllHost.exe[2884] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation + 8 0000000077b1f0a8 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\DllHost.exe[2884] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077b1f180 6 bytes [48, B8, 79, 3D, A4, 75] .text C:\Windows\system32\DllHost.exe[2884] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess + 8 0000000077b1f188 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\DllHost.exe[2884] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077b1f190 6 bytes [48, B8, B9, 3B, A4, 75] .text C:\Windows\system32\DllHost.exe[2884] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread + 8 0000000077b1f198 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\DllHost.exe[2884] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077b1f280 6 bytes [48, B8, F9, 0B, A5, 75] .text C:\Windows\system32\DllHost.exe[2884] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl + 8 0000000077b1f288 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\DllHost.exe[2884] C:\Windows\SYSTEM32\ntdll.dll!RtlReportException + 1 0000000077b8f0c1 11 bytes [B8, 39, 85, A4, 75, 00, 00, ...] .text C:\Windows\system32\DllHost.exe[2884] C:\Windows\system32\kernel32.dll!Process32NextW + 1 00000000779b1b21 11 bytes [B8, B9, C0, A4, 75, 00, 00, ...] .text C:\Windows\system32\DllHost.exe[2884] C:\Windows\system32\kernel32.dll!CreateToolhelp32Snapshot 00000000779b1c10 12 bytes [48, B8, F9, 39, A4, 75, 00, ...] .text C:\Windows\system32\DllHost.exe[2884] C:\Windows\system32\kernel32.dll!MoveFileExW + 1 00000000779b2b61 8 bytes [B8, B9, D5, A4, 75, 00, 00, ...] .text C:\Windows\system32\DllHost.exe[2884] C:\Windows\system32\kernel32.dll!MoveFileExW + 10 00000000779b2b6a 2 bytes [50, C3] .text C:\Windows\system32\DllHost.exe[2884] C:\Windows\system32\kernel32.dll!CreateProcessInternalW 00000000779cdb10 12 bytes [48, B8, B9, 2D, A4, 75, 00, ...] .text C:\Windows\system32\DllHost.exe[2884] C:\Windows\system32\kernel32.dll!GetStartupInfoA + 1 00000000779d0951 11 bytes [B8, 39, 0A, A5, 75, 00, 00, ...] .text C:\Windows\system32\DllHost.exe[2884] C:\Windows\system32\kernel32.dll!ReadConsoleInputW + 1 0000000077a052c1 11 bytes [B8, B9, 7A, A4, 75, 00, 00, ...] .text C:\Windows\system32\DllHost.exe[2884] C:\Windows\system32\kernel32.dll!ReadConsoleInputA + 1 0000000077a052e1 11 bytes [B8, 39, 77, A4, 75, 00, 00, ...] .text C:\Windows\system32\DllHost.exe[2884] C:\Windows\system32\kernel32.dll!ReadConsoleW 0000000077a1a630 12 bytes [48, B8, B9, 81, A4, 75, 00, ...] .text C:\Windows\system32\DllHost.exe[2884] C:\Windows\system32\kernel32.dll!ReadConsoleA 0000000077a1a740 12 bytes [48, B8, 39, 7E, A4, 75, 00, ...] .text C:\Windows\system32\DllHost.exe[2884] C:\Windows\system32\kernel32.dll!MoveFileWithProgressW + 1 0000000077a3f4e1 11 bytes [B8, B9, DC, A4, 75, 00, 00, ...] .text C:\Windows\system32\DllHost.exe[2884] C:\Windows\system32\kernel32.dll!MoveFileWithProgressA + 1 0000000077a3f6e1 11 bytes [B8, 39, D9, A4, 75, 00, 00, ...] .text C:\Windows\system32\DllHost.exe[2884] C:\Windows\system32\kernel32.dll!MoveFileExA + 1 0000000077a3f711 8 bytes [B8, 39, D2, A4, 75, 00, 00, ...] .text C:\Windows\system32\DllHost.exe[2884] C:\Windows\system32\kernel32.dll!MoveFileExA + 10 0000000077a3f71a 2 bytes [50, C3] .text C:\Windows\system32\DllHost.exe[2884] C:\Windows\system32\KERNELBASE.dll!CloseHandle + 1 000007fefd951861 11 bytes [B8, 79, 52, A4, 75, 00, 00, ...] .text C:\Windows\system32\DllHost.exe[2884] C:\Windows\system32\KERNELBASE.dll!GetProcAddress + 1 000007fefd9530f1 11 bytes [B8, 39, B6, A4, 75, 00, 00, ...] .text C:\Windows\system32\DllHost.exe[2884] C:\Windows\system32\KERNELBASE.dll!FindFirstFileExW 000007fefd954a20 12 bytes [48, B8, B9, E3, A4, 75, 00, ...] .text C:\Windows\system32\DllHost.exe[2884] C:\Windows\system32\KERNELBASE.dll!FindNextFileW + 1 000007fefd955501 11 bytes [B8, 79, E5, A4, 75, 00, 00, ...] .text C:\Windows\system32\DllHost.exe[2884] C:\Windows\system32\KERNELBASE.dll!CreateMutexW 000007fefd9585b0 12 bytes [48, B8, B9, 50, A4, 75, 00, ...] .text C:\Windows\system32\DllHost.exe[2884] C:\Windows\system32\KERNELBASE.dll!DeviceIoControl + 1 000007fefd9590a1 11 bytes [B8, F9, E1, A4, 75, 00, 00, ...] .text C:\Windows\system32\DllHost.exe[2884] C:\Windows\system32\KERNELBASE.dll!CreateWellKnownSid + 1 000007fefd95a881 11 bytes [B8, 79, 01, A5, 75, 00, 00, ...] .text C:\Windows\system32\DllHost.exe[2884] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd95ac50 12 bytes [48, B8, B9, B2, A4, 75, 00, ...] .text C:\Windows\system32\DllHost.exe[2884] C:\Windows\system32\KERNELBASE.dll!FreeLibrary + 1 000007fefd95b2c1 11 bytes [B8, 79, B4, A4, 75, 00, 00, ...] .text C:\Windows\system32\DllHost.exe[2884] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExA + 1 000007fefd95cec1 11 bytes [B8, F9, B0, A4, 75, 00, 00, ...] .text C:\Windows\system32\DllHost.exe[2884] C:\Windows\system32\KERNELBASE.dll!OpenMutexW + 1 000007fefd963c71 11 bytes [B8, F9, 4E, A4, 75, 00, 00, ...] .text C:\Windows\system32\DllHost.exe[2884] C:\Windows\system32\KERNELBASE.dll!WriteProcessMemory 000007fefd984300 12 bytes [48, B8, B9, 42, A4, 75, 00, ...] .text C:\Windows\system32\DllHost.exe[2884] C:\Windows\system32\KERNELBASE.dll!DefineDosDeviceW + 1 000007fefd990bc1 11 bytes [B8, B9, CE, A4, 75, 00, 00, ...] .text C:\Windows\system32\DllHost.exe[2884] C:\Windows\system32\KERNELBASE.dll!CreateRemoteThread + 1 000007fefd992821 8 bytes [B8, 39, 23, A4, 75, 00, 00, ...] .text C:\Windows\system32\DllHost.exe[2884] C:\Windows\system32\KERNELBASE.dll!CreateRemoteThread + 10 000007fefd99282a 2 bytes [50, C3] .text C:\Windows\system32\DllHost.exe[2884] C:\Windows\system32\KERNELBASE.dll!CreateThread + 1 000007fefd992861 11 bytes [B8, F9, 40, A4, 75, 00, 00, ...] .text C:\Windows\system32\DllHost.exe[2884] C:\Windows\system32\GDI32.dll!GdiDllInitialize + 349 000007feff8fb031 11 bytes [B8, 39, 11, A5, 75, 00, 00, ...] .text C:\Windows\system32\DllHost.exe[2884] C:\Windows\system32\GDI32.dll!NamedEscape + 1 000007feff929209 11 bytes [B8, F9, F6, A4, 75, 00, 00, ...] .text C:\Windows\system32\DllHost.exe[2884] C:\Windows\system32\ADVAPI32.dll!CryptExportKey + 1 000007fefe00ae81 11 bytes [B8, 79, FA, A4, 75, 00, 00, ...] .text C:\Windows\system32\DllHost.exe[2884] C:\Windows\system32\ADVAPI32.dll!CryptAcquireContextA + 1 000007fefe00aee1 11 bytes [B8, 39, E7, A4, 75, 00, 00, ...] .text C:\Windows\system32\DllHost.exe[2884] C:\Windows\system32\ADVAPI32.dll!CryptImportKey + 1 000007fefe00e6e9 11 bytes [B8, B9, FF, A4, 75, 00, 00, ...] .text C:\Windows\system32\DllHost.exe[2884] C:\Windows\system32\ADVAPI32.dll!CryptAcquireContextW + 1 000007fefe01048d 11 bytes [B8, F9, E8, A4, 75, 00, 00, ...] .text C:\Windows\system32\DllHost.exe[2884] C:\Windows\system32\ADVAPI32.dll!CryptCreateHash + 1 000007fefe010579 11 bytes [B8, B9, F8, A4, 75, 00, 00, ...] .text C:\Windows\system32\DllHost.exe[2884] C:\Windows\system32\ADVAPI32.dll!CryptGetHashParam + 1 000007fefe0105b1 11 bytes [B8, 39, FC, A4, 75, 00, 00, ...] .text C:\Windows\system32\DllHost.exe[2884] C:\Windows\system32\ADVAPI32.dll!CryptGetHashParam + 73 000007fefe0105f9 5 bytes [B8, F9, FD, A4, 75] .text ... * 2 .text C:\Windows\system32\DllHost.exe[2884] C:\Windows\system32\ADVAPI32.dll!IsTextUnicode + 49 000007fefe024e21 11 bytes [B8, B9, 14, A5, 75, 00, 00, ...] .text C:\Windows\system32\DllHost.exe[2884] C:\Windows\system32\ADVAPI32.dll!CreateServiceW 000007fefe025538 12 bytes [48, B8, B9, 6C, A4, 75, 00, ...] .text C:\Windows\system32\DllHost.exe[2884] C:\Windows\system32\ADVAPI32.dll!CryptEncrypt + 1 000007fefe03b9c1 7 bytes [B8, 79, EC, A4, 75, 00, 00] .text C:\Windows\system32\DllHost.exe[2884] C:\Windows\system32\ADVAPI32.dll!CryptEncrypt + 10 000007fefe03b9ca 2 bytes [50, C3] .text C:\Windows\system32\DllHost.exe[2884] C:\Windows\system32\ADVAPI32.dll!CreateServiceA 000007fefe03ba4c 12 bytes [48, B8, F9, 6A, A4, 75, 00, ...] .text C:\Windows\system32\DllHost.exe[2884] C:\Windows\system32\ADVAPI32.dll!ChangeServiceConfigW 000007fefe03bbc0 12 bytes [48, B8, 79, 60, A4, 75, 00, ...] .text C:\Windows\system32\DllHost.exe[2884] C:\Windows\system32\ADVAPI32.dll!ChangeServiceConfigA 000007fefe03bc2c 12 bytes [48, B8, B9, 5E, A4, 75, 00, ...] .text C:\Windows\system32\DllHost.exe[2884] C:\Windows\SYSTEM32\sechost.dll!ControlService + 1 000007fefe88642d 11 bytes [B8, 39, 5B, A4, 75, 00, 00, ...] .text C:\Windows\system32\DllHost.exe[2884] C:\Windows\SYSTEM32\sechost.dll!OpenServiceW 000007fefe886484 12 bytes [48, B8, F9, 55, A4, 75, 00, ...] .text C:\Windows\system32\DllHost.exe[2884] C:\Windows\SYSTEM32\sechost.dll!CloseServiceHandle + 1 000007fefe886519 11 bytes [B8, 39, 62, A4, 75, 00, 00, ...] .text C:\Windows\system32\DllHost.exe[2884] C:\Windows\SYSTEM32\sechost.dll!OpenServiceA 000007fefe886c34 12 bytes [48, B8, 39, 54, A4, 75, 00, ...] .text C:\Windows\system32\DllHost.exe[2884] C:\Windows\SYSTEM32\sechost.dll!DeleteService + 1 000007fefe887ab5 11 bytes [B8, F9, 5C, A4, 75, 00, 00, ...] .text C:\Windows\system32\DllHost.exe[2884] C:\Windows\SYSTEM32\sechost.dll!ControlServiceExA + 1 000007fefe888b01 11 bytes [B8, B9, 57, A4, 75, 00, 00, ...] .text C:\Windows\system32\DllHost.exe[2884] C:\Windows\SYSTEM32\sechost.dll!ControlServiceExW + 1 000007fefe888c39 11 bytes [B8, 79, 59, A4, 75, 00, 00, ...] .text C:\Users\Ziggy\Desktop\6d96ye29.exe[4244] C:\Windows\SysWOW64\ntdll.dll!NtReadFile 0000000077ccf930 5 bytes JMP 000000007ef36911 .text C:\Users\Ziggy\Desktop\6d96ye29.exe[4244] C:\Windows\SysWOW64\ntdll.dll!NtClose 0000000077ccfa20 5 bytes JMP 000000007ef35e61 .text C:\Users\Ziggy\Desktop\6d96ye29.exe[4244] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationProcess 0000000077ccfb68 5 bytes JMP 000000007ef35871 .text C:\Users\Ziggy\Desktop\6d96ye29.exe[4244] C:\Windows\SysWOW64\ntdll.dll!NtQueryInformationToken 0000000077ccfbe8 5 bytes JMP 000000007ef374f1 .text C:\Users\Ziggy\Desktop\6d96ye29.exe[4244] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess 0000000077ccfc60 5 bytes JMP 000000007ef331d9 .text C:\Users\Ziggy\Desktop\6d96ye29.exe[4244] C:\Windows\SysWOW64\ntdll.dll!NtMapViewOfSection 0000000077ccfc90 5 bytes JMP 000000007ef315f1 .text C:\Users\Ziggy\Desktop\6d96ye29.exe[4244] C:\Windows\SysWOW64\ntdll.dll!NtUnmapViewOfSection 0000000077ccfcc0 5 bytes JMP 000000007ef31689 .text C:\Users\Ziggy\Desktop\6d96ye29.exe[4244] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 0000000077ccfcf0 5 bytes JMP 000000007ef357d9 .text C:\Users\Ziggy\Desktop\6d96ye29.exe[4244] C:\Windows\SysWOW64\ntdll.dll!NtWriteVirtualMemory 0000000077ccfe54 5 bytes JMP 000000007ef330a9 .text C:\Users\Ziggy\Desktop\6d96ye29.exe[4244] C:\Windows\SysWOW64\ntdll.dll!NtDuplicateObject 0000000077ccfe84 5 bytes JMP 000000007ef33309 .text C:\Users\Ziggy\Desktop\6d96ye29.exe[4244] C:\Windows\SysWOW64\ntdll.dll!NtAdjustPrivilegesToken 0000000077ccff00 5 bytes JMP 000000007ef367e1 .text C:\Users\Ziggy\Desktop\6d96ye29.exe[4244] C:\Windows\SysWOW64\ntdll.dll!NtQueueApcThread 0000000077ccff64 5 bytes JMP 000000007ef33271 .text C:\Users\Ziggy\Desktop\6d96ye29.exe[4244] C:\Windows\SysWOW64\ntdll.dll!NtCreateProcessEx 0000000077cd002c 5 bytes JMP 000000007ef32ee1 .text C:\Users\Ziggy\Desktop\6d96ye29.exe[4244] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread 0000000077cd0044 5 bytes JMP 000000007ef32db1 .text C:\Users\Ziggy\Desktop\6d96ye29.exe[4244] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile 0000000077cd00f4 5 bytes JMP 000000007ef31ed9 .text C:\Users\Ziggy\Desktop\6d96ye29.exe[4244] C:\Windows\SysWOW64\ntdll.dll!NtSetValueKey 0000000077cd0204 5 bytes JMP 000000007ef32301 .text C:\Users\Ziggy\Desktop\6d96ye29.exe[4244] C:\Windows\SysWOW64\ntdll.dll!NtCreateProcess 0000000077cd0854 5 bytes JMP 000000007ef32e49 .text C:\Users\Ziggy\Desktop\6d96ye29.exe[4244] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx 0000000077cd08e4 5 bytes JMP 000000007ef32d19 .text C:\Users\Ziggy\Desktop\6d96ye29.exe[4244] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver 0000000077cd0e34 5 bytes JMP 000000007ef35ef9 .text C:\Users\Ziggy\Desktop\6d96ye29.exe[4244] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessToken 0000000077cd1100 5 bytes JMP 000000007ef37459 .text C:\Users\Ziggy\Desktop\6d96ye29.exe[4244] C:\Windows\SysWOW64\ntdll.dll!NtRaiseHardError 0000000077cd1644 5 bytes JMP 000000007ef34ac9 .text C:\Users\Ziggy\Desktop\6d96ye29.exe[4244] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread 0000000077cd1960 5 bytes JMP 000000007ef33141 .text C:\Users\Ziggy\Desktop\6d96ye29.exe[4244] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation 0000000077cd1c24 5 bytes JMP 000000007ef35f91 .text C:\Users\Ziggy\Desktop\6d96ye29.exe[4244] C:\Windows\SysWOW64\ntdll.dll!NtSuspendProcess 0000000077cd1d94 5 bytes JMP 000000007ef33439 .text C:\Users\Ziggy\Desktop\6d96ye29.exe[4244] C:\Windows\SysWOW64\ntdll.dll!NtSuspendThread 0000000077cd1db0 5 bytes JMP 000000007ef333a1 .text C:\Users\Ziggy\Desktop\6d96ye29.exe[4244] C:\Windows\SysWOW64\ntdll.dll!NtVdmControl 0000000077cd1f28 5 bytes JMP 000000007ef37621 .text C:\Users\Ziggy\Desktop\6d96ye29.exe[4244] C:\Windows\SysWOW64\ntdll.dll!RtlQueryPerformanceCounter 0000000077ce28e4 5 bytes JMP 000000007ef31ab1 .text C:\Users\Ziggy\Desktop\6d96ye29.exe[4244] C:\Windows\SysWOW64\ntdll.dll!RtlEqualSid 0000000077ce8e61 5 bytes JMP 000000007ef37589 .text C:\Users\Ziggy\Desktop\6d96ye29.exe[4244] C:\Windows\SysWOW64\ntdll.dll!RtlCreateProcessParametersEx 0000000077d10eab 5 bytes JMP 000000007ef32009 .text C:\Users\Ziggy\Desktop\6d96ye29.exe[4244] C:\Windows\SysWOW64\ntdll.dll!RtlReportException 0000000077d58b7f 5 bytes JMP 000000007ef34b61 .text C:\Users\Ziggy\Desktop\6d96ye29.exe[4244] C:\Windows\SysWOW64\ntdll.dll!RtlCreateProcessParameters 0000000077d5ee1b 5 bytes JMP 000000007ef31f71 .text C:\Users\Ziggy\Desktop\6d96ye29.exe[4244] C:\Windows\syswow64\kernel32.dll!GetStartupInfoA 0000000075a90e00 5 bytes JMP 000000007ef31da9 .text C:\Users\Ziggy\Desktop\6d96ye29.exe[4244] C:\Windows\syswow64\kernel32.dll!CreateProcessA 0000000075a91072 5 bytes JMP 000000007ef32a21 .text C:\Users\Ziggy\Desktop\6d96ye29.exe[4244] C:\Windows\syswow64\kernel32.dll!LoadLibraryA 0000000075a94977 5 bytes JMP 000000007ef325f9 .text C:\Users\Ziggy\Desktop\6d96ye29.exe[4244] C:\Windows\syswow64\kernel32.dll!CreateProcessInternalW 0000000075aa3b93 5 bytes JMP 000000007ef33011 .text C:\Users\Ziggy\Desktop\6d96ye29.exe[4244] C:\Windows\syswow64\kernel32.dll!MoveFileWithProgressW 0000000075aa9a8c 5 bytes JMP 000000007ef36749 .text C:\Users\Ziggy\Desktop\6d96ye29.exe[4244] C:\Windows\syswow64\kernel32.dll!MoveFileExW 0000000075aa9aed 5 bytes JMP 000000007ef364e9 .text C:\Users\Ziggy\Desktop\6d96ye29.exe[4244] C:\Windows\syswow64\kernel32.dll!CreateToolhelp32Snapshot 0000000075ab7317 5 bytes JMP 000000007ef32729 .text C:\Users\Ziggy\Desktop\6d96ye29.exe[4244] C:\Windows\syswow64\kernel32.dll!Process32NextW 0000000075ab88ca 5 bytes JMP 000000007ef35dc9 .text C:\Users\Ziggy\Desktop\6d96ye29.exe[4244] C:\Windows\syswow64\kernel32.dll!MoveFileExA 0000000075abccb1 5 bytes JMP 000000007ef363b9 .text C:\Users\Ziggy\Desktop\6d96ye29.exe[4244] C:\Windows\syswow64\kernel32.dll!MoveFileWithProgressA 0000000075abccd1 5 bytes JMP 000000007ef36619 .text C:\Users\Ziggy\Desktop\6d96ye29.exe[4244] C:\Windows\syswow64\kernel32.dll!WinExec 0000000075b13061 5 bytes JMP 000000007ef328f1 .text C:\Users\Ziggy\Desktop\6d96ye29.exe[4244] C:\Windows\syswow64\kernel32.dll!ReadConsoleInputA 0000000075b3752b 5 bytes JMP 000000007ef346a1 .text C:\Users\Ziggy\Desktop\6d96ye29.exe[4244] C:\Windows\syswow64\kernel32.dll!ReadConsoleInputW 0000000075b3754e 5 bytes JMP 000000007ef347d1 .text C:\Users\Ziggy\Desktop\6d96ye29.exe[4244] C:\Windows\syswow64\kernel32.dll!ReadConsoleA 0000000075b378f9 5 bytes JMP 000000007ef34901 .text C:\Users\Ziggy\Desktop\6d96ye29.exe[4244] C:\Windows\syswow64\kernel32.dll!ReadConsoleW 0000000075b37972 5 bytes JMP 000000007ef34a31 .text C:\Users\Ziggy\Desktop\6d96ye29.exe[4244] C:\Windows\syswow64\KERNELBASE.dll!GetSystemTimeAsFileTime 0000000075a38f8d 5 bytes JMP 000000007ef31a19 .text C:\Users\Ziggy\Desktop\6d96ye29.exe[4244] C:\Windows\syswow64\KERNELBASE.dll!CloseHandle 0000000075a3c436 5 bytes JMP 000000007ef33b59 .text C:\Users\Ziggy\Desktop\6d96ye29.exe[4244] C:\Windows\syswow64\KERNELBASE.dll!DeviceIoControl 0000000075a3d0af 5 bytes JMP 000000007ef36879 .text C:\Users\Ziggy\Desktop\6d96ye29.exe[4244] C:\Windows\syswow64\KERNELBASE.dll!WriteProcessMemory 0000000075a3eca6 5 bytes JMP 000000007ef33601 .text C:\Users\Ziggy\Desktop\6d96ye29.exe[4244] C:\Windows\syswow64\KERNELBASE.dll!ExitProcess 0000000075a3f206 5 bytes JMP 000000007ef32399 .text C:\Users\Ziggy\Desktop\6d96ye29.exe[4244] C:\Windows\syswow64\KERNELBASE.dll!GetStartupInfoW 0000000075a3fa89 5 bytes JMP 000000007ef31e41 .text C:\Users\Ziggy\Desktop\6d96ye29.exe[4244] C:\Windows\syswow64\KERNELBASE.dll!DefineDosDeviceW 0000000075a3fbb7 5 bytes JMP 000000007ef36289 .text C:\Users\Ziggy\Desktop\6d96ye29.exe[4244] C:\Windows\syswow64\KERNELBASE.dll!CreateMutexW 0000000075a41358 5 bytes JMP 000000007ef33ac1 .text C:\Users\Ziggy\Desktop\6d96ye29.exe[4244] C:\Windows\syswow64\KERNELBASE.dll!OpenMutexW 0000000075a4137f 5 bytes JMP 000000007ef33a29 .text C:\Users\Ziggy\Desktop\6d96ye29.exe[4244] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000075a41d29 5 bytes JMP 000000007ef31981 .text C:\Users\Ziggy\Desktop\6d96ye29.exe[4244] C:\Windows\syswow64\KERNELBASE.dll!GetProcAddress 0000000075a41e15 5 bytes JMP 000000007ef324c9 .text C:\Users\Ziggy\Desktop\6d96ye29.exe[4244] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000075a42ab1 5 bytes JMP 000000007ef359a1 .text C:\Users\Ziggy\Desktop\6d96ye29.exe[4244] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExA 0000000075a42cdf 5 bytes JMP 000000007ef35909 .text C:\Users\Ziggy\Desktop\6d96ye29.exe[4244] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000075a42d1d 5 bytes JMP 000000007ef35a39 .text C:\Users\Ziggy\Desktop\6d96ye29.exe[4244] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleA 0000000075a42e80 5 bytes JMP 000000007ef318e9 .text C:\Users\Ziggy\Desktop\6d96ye29.exe[4244] C:\Windows\syswow64\KERNELBASE.dll!SleepEx 0000000075a43b76 5 bytes JMP 000000007ef32269 .text C:\Users\Ziggy\Desktop\6d96ye29.exe[4244] C:\Windows\syswow64\KERNELBASE.dll!Sleep 0000000075a4449c 5 bytes JMP 000000007ef32431 .text C:\Users\Ziggy\Desktop\6d96ye29.exe[4244] C:\Windows\syswow64\KERNELBASE.dll!CreateThread 0000000075a4460e 5 bytes JMP 000000007ef33569 .text C:\Users\Ziggy\Desktop\6d96ye29.exe[4244] C:\Windows\syswow64\KERNELBASE.dll!CreateRemoteThread 0000000075a44637 5 bytes JMP 000000007ef32c81 .text C:\Users\Ziggy\Desktop\6d96ye29.exe[4244] C:\Windows\syswow64\KERNELBASE.dll!FindNextFileW 0000000075a4a217 5 bytes JMP 000000007ef36a41 .text C:\Users\Ziggy\Desktop\6d96ye29.exe[4244] C:\Windows\syswow64\KERNELBASE.dll!FindFirstFileExW 0000000075a4a500 5 bytes JMP 000000007ef369a9 .text C:\Users\Ziggy\Desktop\6d96ye29.exe[4244] C:\Windows\syswow64\KERNELBASE.dll!CreateFileA 0000000075a4c73a 5 bytes JMP 000000007ef327c1 .text C:\Users\Ziggy\Desktop\6d96ye29.exe[4244] C:\Windows\syswow64\KERNELBASE.dll!CreateWellKnownSid 0000000075a4e2a4 5 bytes JMP 000000007ef373c1 .text C:\Users\Ziggy\Desktop\6d96ye29.exe[4244] C:\Windows\syswow64\ADVAPI32.dll!CryptGenKey 0000000075698e89 5 bytes JMP 000000007ef36c09 .text C:\Users\Ziggy\Desktop\6d96ye29.exe[4244] C:\Windows\syswow64\ADVAPI32.dll!CryptAcquireContextA 0000000075699179 5 bytes JMP 000000007ef36ad9 .text C:\Users\Ziggy\Desktop\6d96ye29.exe[4244] C:\Windows\syswow64\ADVAPI32.dll!CryptExportKey 0000000075699186 5 bytes JMP 000000007ef37161 .text C:\Users\Ziggy\Desktop\6d96ye29.exe[4244] C:\Windows\syswow64\ADVAPI32.dll!CryptImportKey 000000007569c4d2 5 bytes JMP 000000007ef37329 .text C:\Users\Ziggy\Desktop\6d96ye29.exe[4244] C:\Windows\syswow64\ADVAPI32.dll!OpenServiceW 000000007569c9ec 5 bytes JMP 000000007ef33c89 .text C:\Users\Ziggy\Desktop\6d96ye29.exe[4244] C:\Windows\syswow64\ADVAPI32.dll!CryptAcquireContextW 000000007569deb4 5 bytes JMP 000000007ef36b71 .text C:\Users\Ziggy\Desktop\6d96ye29.exe[4244] C:\Windows\syswow64\ADVAPI32.dll!CryptHashData 000000007569ded6 5 bytes JMP 000000007ef37291 .text C:\Users\Ziggy\Desktop\6d96ye29.exe[4244] C:\Windows\syswow64\ADVAPI32.dll!CryptCreateHash 000000007569deee 5 bytes JMP 000000007ef370c9 .text C:\Users\Ziggy\Desktop\6d96ye29.exe[4244] C:\Windows\syswow64\ADVAPI32.dll!CryptGetHashParam 000000007569df1e 5 bytes JMP 000000007ef371f9 .text C:\Users\Ziggy\Desktop\6d96ye29.exe[4244] C:\Windows\syswow64\ADVAPI32.dll!OpenServiceA 00000000756a2b50 5 bytes JMP 000000007ef33bf1 .text C:\Users\Ziggy\Desktop\6d96ye29.exe[4244] C:\Windows\syswow64\ADVAPI32.dll!CloseServiceHandle 00000000756a35fc 5 bytes JMP 000000007ef340b1 .text C:\Users\Ziggy\Desktop\6d96ye29.exe[4244] C:\Windows\syswow64\ADVAPI32.dll!RegOpenKeyExA + 222 00000000756a494d 5 bytes JMP 000000007ef377e9 .text C:\Users\Ziggy\Desktop\6d96ye29.exe[4244] C:\Windows\syswow64\ADVAPI32.dll!CreateServiceW 00000000756b714c 5 bytes JMP 000000007ef34311 .text C:\Users\Ziggy\Desktop\6d96ye29.exe[4244] C:\Windows\syswow64\ADVAPI32.dll!ControlService 00000000756b7164 5 bytes JMP 000000007ef33e51 .text C:\Users\Ziggy\Desktop\6d96ye29.exe[4244] C:\Windows\syswow64\ADVAPI32.dll!DeleteService 00000000756b717c 5 bytes JMP 000000007ef33ee9 .text C:\Users\Ziggy\Desktop\6d96ye29.exe[4244] C:\Windows\syswow64\ADVAPI32.dll!CryptEncrypt 00000000756b77c3 5 bytes JMP 000000007ef36ca1 .text C:\Users\Ziggy\Desktop\6d96ye29.exe[4244] C:\Windows\syswow64\ADVAPI32.dll!ChangeServiceConfigA 00000000756d3384 5 bytes JMP 000000007ef33f81 .text C:\Users\Ziggy\Desktop\6d96ye29.exe[4244] C:\Windows\syswow64\ADVAPI32.dll!ChangeServiceConfigW 00000000756d3394 5 bytes JMP 000000007ef34019 .text C:\Users\Ziggy\Desktop\6d96ye29.exe[4244] C:\Windows\syswow64\ADVAPI32.dll!ControlServiceExA 00000000756d33a4 5 bytes JMP 000000007ef33d21 .text C:\Users\Ziggy\Desktop\6d96ye29.exe[4244] C:\Windows\syswow64\ADVAPI32.dll!ControlServiceExW 00000000756d33b4 5 bytes JMP 000000007ef33db9 .text C:\Users\Ziggy\Desktop\6d96ye29.exe[4244] C:\Windows\syswow64\ADVAPI32.dll!CreateServiceA 00000000756d33f4 5 bytes JMP 000000007ef34279 .text C:\Users\Ziggy\Desktop\6d96ye29.exe[4244] C:\Windows\syswow64\msvcrt.dll!_lock + 41 0000000075b9a472 5 bytes JMP 000000007ef37881 .text C:\Users\Ziggy\Desktop\6d96ye29.exe[4244] C:\Windows\syswow64\msvcrt.dll!__p__fmode 0000000075ba27ce 5 bytes JMP 000000007ef31be1 .text C:\Users\Ziggy\Desktop\6d96ye29.exe[4244] C:\Windows\syswow64\msvcrt.dll!__p__environ 0000000075bae6cf 5 bytes JMP 000000007ef31b49 .text C:\Users\Ziggy\Desktop\6d96ye29.exe[4244] C:\Windows\syswow64\GDI32.dll!TranslateCharsetInfo + 505 0000000076b4633b 5 bytes JMP 000000007ef37919 .text C:\Users\Ziggy\Desktop\6d96ye29.exe[4244] C:\Windows\syswow64\GDI32.dll!NamedEscape 0000000076b740e9 5 bytes JMP 000000007ef37031 .text C:\Users\Ziggy\Desktop\6d96ye29.exe[4244] C:\Windows\syswow64\USER32.dll!GetMessageW 0000000076e278e2 5 bytes JMP 000000007ef34441 .text C:\Users\Ziggy\Desktop\6d96ye29.exe[4244] C:\Windows\syswow64\USER32.dll!GetMessageA 0000000076e27bd3 5 bytes JMP 000000007ef343a9 .text C:\Users\Ziggy\Desktop\6d96ye29.exe[4244] C:\Windows\syswow64\USER32.dll!CreateWindowExW 0000000076e28a29 5 bytes JMP 000000007ef34f89 .text C:\Users\Ziggy\Desktop\6d96ye29.exe[4244] C:\Windows\syswow64\USER32.dll!FindWindowW 0000000076e298fd 1 byte JMP 000000007ef35c01 .text C:\Users\Ziggy\Desktop\6d96ye29.exe[4244] C:\Windows\syswow64\USER32.dll!FindWindowW + 2 0000000076e298ff 3 bytes {JMP 0x810c304} .text C:\Users\Ziggy\Desktop\6d96ye29.exe[4244] C:\Windows\syswow64\USER32.dll!UserClientDllInitialize 0000000076e2b6ed 5 bytes JMP 000000007ef379b1 .text C:\Users\Ziggy\Desktop\6d96ye29.exe[4244] C:\Windows\syswow64\USER32.dll!CreateWindowExA 0000000076e2d22e 5 bytes JMP 000000007ef35021 .text C:\Users\Ziggy\Desktop\6d96ye29.exe[4244] C:\Windows\syswow64\USER32.dll!SetWinEventHook 0000000076e2ee09 5 bytes JMP 000000007ef334d1 .text C:\Users\Ziggy\Desktop\6d96ye29.exe[4244] C:\Windows\syswow64\USER32.dll!FindWindowA 0000000076e2ffe6 5 bytes JMP 000000007ef35ad1 .text C:\Users\Ziggy\Desktop\6d96ye29.exe[4244] C:\Windows\syswow64\USER32.dll!FindWindowExA 0000000076e300d9 5 bytes JMP 000000007ef35b69 .text C:\Users\Ziggy\Desktop\6d96ye29.exe[4244] C:\Windows\syswow64\USER32.dll!PeekMessageW 0000000076e305ba 5 bytes JMP 000000007ef34571 .text C:\Users\Ziggy\Desktop\6d96ye29.exe[4244] C:\Windows\syswow64\USER32.dll!ShowWindow 0000000076e30dfb 5 bytes JMP 000000007ef350b9 .text C:\Users\Ziggy\Desktop\6d96ye29.exe[4244] C:\Windows\syswow64\USER32.dll!PostMessageW 0000000076e312a5 5 bytes JMP 000000007ef37751 .text C:\Users\Ziggy\Desktop\6d96ye29.exe[4244] C:\Windows\syswow64\USER32.dll!SetWindowTextW 0000000076e320ec 5 bytes JMP 000000007ef35449 .text C:\Users\Ziggy\Desktop\6d96ye29.exe[4244] C:\Windows\syswow64\USER32.dll!PostMessageA 0000000076e33baa 5 bytes JMP 000000007ef376b9 .text C:\Users\Ziggy\Desktop\6d96ye29.exe[4244] C:\Windows\syswow64\USER32.dll!PeekMessageA 0000000076e35f74 5 bytes JMP 000000007ef344d9 .text C:\Users\Ziggy\Desktop\6d96ye29.exe[4244] C:\Windows\syswow64\USER32.dll!CallNextHookEx 0000000076e36285 5 bytes JMP 000000007ef34bf9 .text C:\Users\Ziggy\Desktop\6d96ye29.exe[4244] C:\Windows\syswow64\USER32.dll!SetWindowsHookExW 0000000076e37603 5 bytes JMP 000000007ef32be9 .text C:\Users\Ziggy\Desktop\6d96ye29.exe[4244] C:\Windows\syswow64\USER32.dll!SetWindowTextA 0000000076e37aee 5 bytes JMP 000000007ef353b1 .text C:\Users\Ziggy\Desktop\6d96ye29.exe[4244] C:\Windows\syswow64\USER32.dll!SetWindowsHookExA 0000000076e3835c 5 bytes JMP 000000007ef32b51 .text C:\Users\Ziggy\Desktop\6d96ye29.exe[4244] C:\Windows\syswow64\USER32.dll!DialogBoxIndirectParamAorW 0000000076e4ce54 5 bytes JMP 000000007ef351e9 .text C:\Users\Ziggy\Desktop\6d96ye29.exe[4244] C:\Windows\syswow64\USER32.dll!UnhookWindowsHookEx 0000000076e4f52b 5 bytes JMP 000000007ef34c91 .text C:\Users\Ziggy\Desktop\6d96ye29.exe[4244] C:\Windows\syswow64\USER32.dll!FindWindowExW 0000000076e4f588 5 bytes JMP 000000007ef35c99 .text C:\Users\Ziggy\Desktop\6d96ye29.exe[4244] C:\Windows\syswow64\USER32.dll!CreateDialogIndirectParamAorW 0000000076e510a0 5 bytes JMP 000000007ef35151 .text C:\Users\Ziggy\Desktop\6d96ye29.exe[4244] C:\Windows\syswow64\USER32.dll!MessageBoxExA 0000000076e7fcd6 2 bytes JMP 000000007ef35281 .text C:\Users\Ziggy\Desktop\6d96ye29.exe[4244] C:\Windows\syswow64\USER32.dll!MessageBoxExA + 3 0000000076e7fcd9 2 bytes [0B, 08] .text C:\Users\Ziggy\Desktop\6d96ye29.exe[4244] C:\Windows\syswow64\USER32.dll!MessageBoxExW 0000000076e7fcfa 5 bytes JMP 000000007ef35319 ---- EOF - GMER 2.1 ----