GMER 2.1.19357 - http://www.gmer.net Rootkit scan 2015-11-16 20:58:54 Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 SAMSUNG_HD502HJ rev.1AJ10001 465,76GB Running: gmer.exe; Driver: C:\Users\Primol\AppData\Local\Temp\awrdipob.sys ---- User code sections - GMER 2.1 ---- .text C:\Windows\SysWOW64\HsMgr.exe[1524] C:\Windows\syswow64\ole32.dll!CoCreateInstance 00000000771e9d0b 5 bytes JMP 000000011000a4d0 .text C:\Windows\SysWOW64\HsMgr.exe[1524] C:\Windows\syswow64\ole32.dll!CoCreateInstanceEx 00000000771e9d4e 5 bytes JMP 000000011000a630 .text C:\Windows\SysWOW64\HsMgr.exe[1524] C:\Windows\SysWOW64\WINMM.dll!waveOutOpen 00000000742c451e 5 bytes JMP 000000011000ab40 .text C:\Windows\SysWOW64\HsMgr.exe[1524] C:\Windows\SysWOW64\WINMM.dll!waveOutClose 00000000742c4b6d 5 bytes JMP 000000011000abb0 .text C:\Windows\SysWOW64\HsMgr.exe[1524] C:\Windows\SysWOW64\WINMM.dll!waveOutUnprepareHeader 00000000742c4bf2 5 bytes JMP 000000011000ac90 .text C:\Windows\SysWOW64\HsMgr.exe[1524] C:\Windows\SysWOW64\WINMM.dll!waveOutPrepareHeader 00000000742c4f0f 5 bytes JMP 000000011000ac50 .text C:\Windows\SysWOW64\HsMgr.exe[1524] C:\Windows\SysWOW64\WINMM.dll!waveOutWrite 00000000742c4f7b 5 bytes JMP 000000011000ac10 .text C:\Windows\SysWOW64\HsMgr.exe[1524] C:\Windows\SysWOW64\WINMM.dll!waveInOpen 00000000742c9054 5 bytes JMP 000000011000ad10 .text C:\Windows\SysWOW64\HsMgr.exe[1524] C:\Windows\SysWOW64\WINMM.dll!waveOutReset 00000000742cadf9 5 bytes JMP 000000011000abe0 .text C:\Windows\SysWOW64\HsMgr.exe[1524] C:\Windows\SysWOW64\WINMM.dll!waveOutGetVolume 00000000742e52e8 5 bytes JMP 000000011000acd0 .text C:\Windows\SysWOW64\HsMgr.exe[1524] C:\Windows\SysWOW64\WINMM.dll!waveOutSetVolume 00000000742e535f 5 bytes JMP 000000011000acf0 .text C:\Windows\SysWOW64\HsMgr.exe[1524] C:\Windows\SysWOW64\WINMM.dll!waveInClose 00000000742e59cc 5 bytes JMP 000000011000ae40 .text C:\Windows\SysWOW64\HsMgr.exe[1524] C:\Windows\SysWOW64\WINMM.dll!waveInPrepareHeader 00000000742e5a6a 5 bytes JMP 000000011000aec0 .text C:\Windows\SysWOW64\HsMgr.exe[1524] C:\Windows\SysWOW64\WINMM.dll!waveInUnprepareHeader 00000000742e5ad7 5 bytes JMP 000000011000af00 .text C:\Windows\SysWOW64\HsMgr.exe[1524] C:\Windows\SysWOW64\WINMM.dll!waveInAddBuffer 00000000742e5b5b 5 bytes JMP 000000011000af40 .text C:\Windows\SysWOW64\HsMgr.exe[1524] C:\Windows\SysWOW64\WINMM.dll!waveInStart 00000000742e5bba 5 bytes JMP 000000011000af80 .text C:\Windows\SysWOW64\HsMgr.exe[1524] C:\Windows\SysWOW64\WINMM.dll!waveInStop 00000000742e5bee 5 bytes JMP 000000011000b000 .text C:\Windows\SysWOW64\HsMgr.exe[1524] C:\Windows\SysWOW64\WINMM.dll!waveInReset 00000000742e5c22 5 bytes JMP 000000011000b060 .text C:\Windows\SysWOW64\HsMgr.exe[1524] C:\Windows\SysWOW64\WINMM.dll!waveInGetPosition 00000000742e5c67 5 bytes JMP 000000011000b0d0 .text C:\Windows\SysWOW64\HsMgr.exe[1524] C:\Windows\SysWOW64\DSOUND.dll!DirectSoundCreate 0000000073f97e3d 5 bytes JMP 000000011000a690 .text C:\Windows\SysWOW64\HsMgr.exe[1524] C:\Windows\SysWOW64\DSOUND.dll!DirectSoundCreate8 0000000073fcde69 5 bytes JMP 000000011000a770 .text C:\Windows\SysWOW64\HsMgr.exe[1524] C:\Windows\SysWOW64\DSOUND.dll!DirectSoundCaptureCreate 0000000073fdd2c5 5 bytes JMP 000000011000a8a0 .text C:\Windows\SysWOW64\HsMgr.exe[1524] C:\Windows\SysWOW64\DSOUND.dll!DirectSoundCaptureCreate8 0000000073fdd371 5 bytes JMP 000000011000a990 .text C:\Windows\SysWOW64\HsMgr.exe[1524] C:\Windows\SysWOW64\DSOUND.dll!DirectSoundFullDuplexCreate 0000000073fdd429 5 bytes JMP 000000011000aa80 .text C:\Windows\system\HsMgr64.exe[1608] C:\Windows\system32\ole32.dll!CoCreateInstanceEx 000007fefe9bde90 5 bytes JMP 000007fffe890110 .text C:\Windows\system\HsMgr64.exe[1608] C:\Windows\system32\ole32.dll!CoCreateInstance 000007fefe9d74a0 11 bytes JMP 000007fffe8900d8 .text C:\Windows\system\HsMgr64.exe[1608] C:\Windows\system32\WINMM.dll!waveOutClose 000007fefa0136ac 5 bytes JMP 000007fefe8901f0 .text C:\Windows\system\HsMgr64.exe[1608] C:\Windows\system32\WINMM.dll!waveOutUnprepareHeader 000007fefa013770 5 bytes JMP 000007fefe890298 .text C:\Windows\system\HsMgr64.exe[1608] C:\Windows\system32\WINMM.dll!waveOutOpen 000007fefa0138d0 5 bytes JMP 000007fefe8901b8 .text C:\Windows\system\HsMgr64.exe[1608] C:\Windows\system32\WINMM.dll!waveOutPrepareHeader 000007fefa013ca4 5 bytes JMP 000007fefe890260 .text C:\Windows\system\HsMgr64.exe[1608] C:\Windows\system32\WINMM.dll!waveOutWrite 000007fefa013d40 5 bytes JMP 000007fefe890228 .text C:\Windows\system\HsMgr64.exe[1608] C:\Windows\system32\WINMM.dll!waveInOpen 000007fefa017fe0 7 bytes JMP 000007fefe890378 .text C:\Windows\system\HsMgr64.exe[1608] C:\Windows\system32\WINMM.dll!waveOutReset 000007fefa01a38c 5 bytes JMP 000007fefe8902d0 .text C:\Windows\system\HsMgr64.exe[1608] C:\Windows\system32\WINMM.dll!waveOutGetVolume 000007fefa0349f0 5 bytes JMP 000007fefe890308 .text C:\Windows\system\HsMgr64.exe[1608] C:\Windows\system32\WINMM.dll!waveOutSetVolume 000007fefa034ab0 5 bytes JMP 000007fefe890340 .text C:\Windows\system\HsMgr64.exe[1608] C:\Windows\system32\WINMM.dll!waveInClose 000007fefa0352e0 5 bytes JMP 000007fefe8903b0 .text C:\Windows\system\HsMgr64.exe[1608] C:\Windows\system32\WINMM.dll!waveInPrepareHeader 000007fefa0353c0 5 bytes JMP 000007fefe890490 .text C:\Windows\system\HsMgr64.exe[1608] C:\Windows\system32\WINMM.dll!waveInUnprepareHeader 000007fefa035454 5 bytes JMP 000007fefe8904c8 .text C:\Windows\system\HsMgr64.exe[1608] C:\Windows\system32\WINMM.dll!waveInAddBuffer 000007fefa035514 5 bytes JMP 000007fefe890500 .text C:\Windows\system\HsMgr64.exe[1608] C:\Windows\system32\WINMM.dll!waveInStart 000007fefa0355a4 6 bytes JMP 000007fefe8903e8 .text C:\Windows\system\HsMgr64.exe[1608] C:\Windows\system32\WINMM.dll!waveInStop 000007fefa0355e4 6 bytes JMP 000007fefe890420 .text C:\Windows\system\HsMgr64.exe[1608] C:\Windows\system32\WINMM.dll!waveInReset 000007fefa035624 5 bytes JMP 000007fefe890458 .text C:\Windows\system\HsMgr64.exe[1608] C:\Windows\system32\WINMM.dll!waveInGetPosition 000007fefa03567c 5 bytes JMP 000007fefe890538 .text C:\Windows\system\HsMgr64.exe[1608] C:\Windows\system32\DSOUND.dll!DirectSoundCreate8 000007fef4bb6944 7 bytes JMP 000007fefe890180 .text C:\Windows\system\HsMgr64.exe[1608] C:\Windows\system32\DSOUND.dll!DirectSoundCreate 000007fef4bd5a84 7 bytes JMP 000007fefe890148 .text C:\Windows\system\HsMgr64.exe[1608] C:\Windows\system32\DSOUND.dll!DirectSoundCaptureCreate 000007fef4bd5b90 7 bytes JMP 000007fefe890570 .text C:\Windows\system\HsMgr64.exe[1608] C:\Windows\system32\DSOUND.dll!DirectSoundCaptureCreate8 000007fef4bd5c94 7 bytes JMP 000007fefe8905a8 .text C:\Windows\system\HsMgr64.exe[1608] C:\Windows\system32\DSOUND.dll!DirectSoundFullDuplexCreate 000007fef4bd5da8 5 bytes JMP 000007fefe8905e0 .text C:\Users\Primol\AppData\Local\Akamai\netsession_win.exe[1728] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000077811401 2 bytes JMP 7733b21b C:\Windows\syswow64\kernel32.dll .text C:\Users\Primol\AppData\Local\Akamai\netsession_win.exe[1728] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000077811419 2 bytes JMP 7733b346 C:\Windows\syswow64\kernel32.dll .text C:\Users\Primol\AppData\Local\Akamai\netsession_win.exe[1728] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000077811431 2 bytes JMP 773b8f29 C:\Windows\syswow64\kernel32.dll .text C:\Users\Primol\AppData\Local\Akamai\netsession_win.exe[1728] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 000000007781144a 2 bytes CALL 7731489d C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Users\Primol\AppData\Local\Akamai\netsession_win.exe[1728] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000778114dd 2 bytes JMP 773b8822 C:\Windows\syswow64\kernel32.dll .text C:\Users\Primol\AppData\Local\Akamai\netsession_win.exe[1728] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000778114f5 2 bytes JMP 773b89f8 C:\Windows\syswow64\kernel32.dll .text C:\Users\Primol\AppData\Local\Akamai\netsession_win.exe[1728] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 000000007781150d 2 bytes JMP 773b8718 C:\Windows\syswow64\kernel32.dll .text C:\Users\Primol\AppData\Local\Akamai\netsession_win.exe[1728] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000077811525 2 bytes JMP 773b8ae2 C:\Windows\syswow64\kernel32.dll .text C:\Users\Primol\AppData\Local\Akamai\netsession_win.exe[1728] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 000000007781153d 2 bytes JMP 7732fca8 C:\Windows\syswow64\kernel32.dll .text C:\Users\Primol\AppData\Local\Akamai\netsession_win.exe[1728] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000077811555 2 bytes JMP 773368ef C:\Windows\syswow64\kernel32.dll .text C:\Users\Primol\AppData\Local\Akamai\netsession_win.exe[1728] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 000000007781156d 2 bytes JMP 773b8fe3 C:\Windows\syswow64\kernel32.dll .text C:\Users\Primol\AppData\Local\Akamai\netsession_win.exe[1728] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000077811585 2 bytes JMP 773b8b42 C:\Windows\syswow64\kernel32.dll .text C:\Users\Primol\AppData\Local\Akamai\netsession_win.exe[1728] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 000000007781159d 2 bytes JMP 773b86dc C:\Windows\syswow64\kernel32.dll .text C:\Users\Primol\AppData\Local\Akamai\netsession_win.exe[1728] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000778115b5 2 bytes JMP 7732fd41 C:\Windows\syswow64\kernel32.dll .text C:\Users\Primol\AppData\Local\Akamai\netsession_win.exe[1728] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000778115cd 2 bytes JMP 7733b2dc C:\Windows\syswow64\kernel32.dll .text C:\Users\Primol\AppData\Local\Akamai\netsession_win.exe[1728] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000778116b2 2 bytes JMP 773b8ea4 C:\Windows\syswow64\kernel32.dll .text C:\Users\Primol\AppData\Local\Akamai\netsession_win.exe[1728] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000778116bd 2 bytes JMP 773b8671 C:\Windows\syswow64\kernel32.dll .text C:\Users\Primol\AppData\Local\Akamai\netsession_win.exe[1728] C:\Windows\syswow64\ole32.dll!CoCreateInstance 00000000771e9d0b 5 bytes JMP 000000011000a4d0 .text C:\Users\Primol\AppData\Local\Akamai\netsession_win.exe[1728] C:\Windows\syswow64\ole32.dll!CoCreateInstanceEx 00000000771e9d4e 5 bytes JMP 000000011000a630 .text C:\Users\Primol\AppData\Local\Akamai\netsession_win.exe[1728] C:\Windows\SysWOW64\WINMM.dll!waveOutOpen 00000000742c451e 5 bytes JMP 000000011000ab40 .text C:\Users\Primol\AppData\Local\Akamai\netsession_win.exe[1728] C:\Windows\SysWOW64\WINMM.dll!waveOutClose 00000000742c4b6d 5 bytes JMP 000000011000abb0 .text C:\Users\Primol\AppData\Local\Akamai\netsession_win.exe[1728] C:\Windows\SysWOW64\WINMM.dll!waveOutUnprepareHeader 00000000742c4bf2 5 bytes JMP 000000011000ac90 .text C:\Users\Primol\AppData\Local\Akamai\netsession_win.exe[1728] C:\Windows\SysWOW64\WINMM.dll!waveOutPrepareHeader 00000000742c4f0f 5 bytes JMP 000000011000ac50 .text C:\Users\Primol\AppData\Local\Akamai\netsession_win.exe[1728] C:\Windows\SysWOW64\WINMM.dll!waveOutWrite 00000000742c4f7b 5 bytes JMP 000000011000ac10 .text C:\Users\Primol\AppData\Local\Akamai\netsession_win.exe[1728] C:\Windows\SysWOW64\WINMM.dll!waveInOpen 00000000742c9054 5 bytes JMP 000000011000ad10 .text C:\Users\Primol\AppData\Local\Akamai\netsession_win.exe[1728] C:\Windows\SysWOW64\WINMM.dll!waveOutReset 00000000742cadf9 5 bytes JMP 000000011000abe0 .text C:\Users\Primol\AppData\Local\Akamai\netsession_win.exe[1728] C:\Windows\SysWOW64\WINMM.dll!waveOutGetVolume 00000000742e52e8 5 bytes JMP 000000011000acd0 .text C:\Users\Primol\AppData\Local\Akamai\netsession_win.exe[1728] C:\Windows\SysWOW64\WINMM.dll!waveOutSetVolume 00000000742e535f 5 bytes JMP 000000011000acf0 .text C:\Users\Primol\AppData\Local\Akamai\netsession_win.exe[1728] C:\Windows\SysWOW64\WINMM.dll!waveInClose 00000000742e59cc 5 bytes JMP 000000011000ae40 .text C:\Users\Primol\AppData\Local\Akamai\netsession_win.exe[1728] C:\Windows\SysWOW64\WINMM.dll!waveInPrepareHeader 00000000742e5a6a 5 bytes JMP 000000011000aec0 .text C:\Users\Primol\AppData\Local\Akamai\netsession_win.exe[1728] C:\Windows\SysWOW64\WINMM.dll!waveInUnprepareHeader 00000000742e5ad7 5 bytes JMP 000000011000af00 .text C:\Users\Primol\AppData\Local\Akamai\netsession_win.exe[1728] C:\Windows\SysWOW64\WINMM.dll!waveInAddBuffer 00000000742e5b5b 5 bytes JMP 000000011000af40 .text C:\Users\Primol\AppData\Local\Akamai\netsession_win.exe[1728] C:\Windows\SysWOW64\WINMM.dll!waveInStart 00000000742e5bba 5 bytes JMP 000000011000af80 .text C:\Users\Primol\AppData\Local\Akamai\netsession_win.exe[1728] C:\Windows\SysWOW64\WINMM.dll!waveInStop 00000000742e5bee 5 bytes JMP 000000011000b000 .text C:\Users\Primol\AppData\Local\Akamai\netsession_win.exe[1728] C:\Windows\SysWOW64\WINMM.dll!waveInReset 00000000742e5c22 5 bytes JMP 000000011000b060 .text C:\Users\Primol\AppData\Local\Akamai\netsession_win.exe[1728] C:\Windows\SysWOW64\WINMM.dll!waveInGetPosition 00000000742e5c67 5 bytes JMP 000000011000b0d0 .text C:\Users\Primol\AppData\Local\Akamai\netsession_win.exe[1728] C:\Windows\SysWOW64\DSOUND.dll!DirectSoundCreate 0000000073f97e3d 5 bytes JMP 000000011000a690 .text C:\Users\Primol\AppData\Local\Akamai\netsession_win.exe[1728] C:\Windows\SysWOW64\DSOUND.dll!DirectSoundCreate8 0000000073fcde69 5 bytes JMP 000000011000a770 .text C:\Users\Primol\AppData\Local\Akamai\netsession_win.exe[1728] C:\Windows\SysWOW64\DSOUND.dll!DirectSoundCaptureCreate 0000000073fdd2c5 5 bytes JMP 000000011000a8a0 .text C:\Users\Primol\AppData\Local\Akamai\netsession_win.exe[1728] C:\Windows\SysWOW64\DSOUND.dll!DirectSoundCaptureCreate8 0000000073fdd371 5 bytes JMP 000000011000a990 .text C:\Users\Primol\AppData\Local\Akamai\netsession_win.exe[1728] C:\Windows\SysWOW64\DSOUND.dll!DirectSoundFullDuplexCreate 0000000073fdd429 5 bytes JMP 000000011000aa80 .text C:\Users\Primol\AppData\Local\Akamai\netsession_win.exe[2132] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000077811401 2 bytes JMP 7733b21b C:\Windows\syswow64\kernel32.dll .text C:\Users\Primol\AppData\Local\Akamai\netsession_win.exe[2132] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000077811419 2 bytes JMP 7733b346 C:\Windows\syswow64\kernel32.dll .text C:\Users\Primol\AppData\Local\Akamai\netsession_win.exe[2132] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000077811431 2 bytes JMP 773b8f29 C:\Windows\syswow64\kernel32.dll .text C:\Users\Primol\AppData\Local\Akamai\netsession_win.exe[2132] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 000000007781144a 2 bytes CALL 7731489d C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Users\Primol\AppData\Local\Akamai\netsession_win.exe[2132] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000778114dd 2 bytes JMP 773b8822 C:\Windows\syswow64\kernel32.dll .text C:\Users\Primol\AppData\Local\Akamai\netsession_win.exe[2132] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000778114f5 2 bytes JMP 773b89f8 C:\Windows\syswow64\kernel32.dll .text C:\Users\Primol\AppData\Local\Akamai\netsession_win.exe[2132] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 000000007781150d 2 bytes JMP 773b8718 C:\Windows\syswow64\kernel32.dll .text C:\Users\Primol\AppData\Local\Akamai\netsession_win.exe[2132] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000077811525 2 bytes JMP 773b8ae2 C:\Windows\syswow64\kernel32.dll .text C:\Users\Primol\AppData\Local\Akamai\netsession_win.exe[2132] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 000000007781153d 2 bytes JMP 7732fca8 C:\Windows\syswow64\kernel32.dll .text C:\Users\Primol\AppData\Local\Akamai\netsession_win.exe[2132] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000077811555 2 bytes JMP 773368ef C:\Windows\syswow64\kernel32.dll .text C:\Users\Primol\AppData\Local\Akamai\netsession_win.exe[2132] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 000000007781156d 2 bytes JMP 773b8fe3 C:\Windows\syswow64\kernel32.dll .text C:\Users\Primol\AppData\Local\Akamai\netsession_win.exe[2132] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000077811585 2 bytes JMP 773b8b42 C:\Windows\syswow64\kernel32.dll .text C:\Users\Primol\AppData\Local\Akamai\netsession_win.exe[2132] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 000000007781159d 2 bytes JMP 773b86dc C:\Windows\syswow64\kernel32.dll .text C:\Users\Primol\AppData\Local\Akamai\netsession_win.exe[2132] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000778115b5 2 bytes JMP 7732fd41 C:\Windows\syswow64\kernel32.dll .text C:\Users\Primol\AppData\Local\Akamai\netsession_win.exe[2132] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000778115cd 2 bytes JMP 7733b2dc C:\Windows\syswow64\kernel32.dll .text C:\Users\Primol\AppData\Local\Akamai\netsession_win.exe[2132] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000778116b2 2 bytes JMP 773b8ea4 C:\Windows\syswow64\kernel32.dll .text C:\Users\Primol\AppData\Local\Akamai\netsession_win.exe[2132] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000778116bd 2 bytes JMP 773b8671 C:\Windows\syswow64\kernel32.dll .text C:\Users\Primol\AppData\Local\Akamai\netsession_win.exe[2132] C:\Windows\syswow64\ole32.dll!CoCreateInstance 00000000771e9d0b 5 bytes JMP 000000011000a4d0 .text C:\Users\Primol\AppData\Local\Akamai\netsession_win.exe[2132] C:\Windows\syswow64\ole32.dll!CoCreateInstanceEx 00000000771e9d4e 5 bytes JMP 000000011000a630 .text C:\Users\Primol\AppData\Local\Akamai\netsession_win.exe[2132] C:\Windows\SysWOW64\WINMM.dll!waveOutOpen 00000000742c451e 5 bytes JMP 000000011000ab40 .text C:\Users\Primol\AppData\Local\Akamai\netsession_win.exe[2132] C:\Windows\SysWOW64\WINMM.dll!waveOutClose 00000000742c4b6d 5 bytes JMP 000000011000abb0 .text C:\Users\Primol\AppData\Local\Akamai\netsession_win.exe[2132] C:\Windows\SysWOW64\WINMM.dll!waveOutUnprepareHeader 00000000742c4bf2 5 bytes JMP 000000011000ac90 .text C:\Users\Primol\AppData\Local\Akamai\netsession_win.exe[2132] C:\Windows\SysWOW64\WINMM.dll!waveOutPrepareHeader 00000000742c4f0f 5 bytes JMP 000000011000ac50 .text C:\Users\Primol\AppData\Local\Akamai\netsession_win.exe[2132] C:\Windows\SysWOW64\WINMM.dll!waveOutWrite 00000000742c4f7b 5 bytes JMP 000000011000ac10 .text C:\Users\Primol\AppData\Local\Akamai\netsession_win.exe[2132] C:\Windows\SysWOW64\WINMM.dll!waveInOpen 00000000742c9054 5 bytes JMP 000000011000ad10 .text C:\Users\Primol\AppData\Local\Akamai\netsession_win.exe[2132] C:\Windows\SysWOW64\WINMM.dll!waveOutReset 00000000742cadf9 5 bytes JMP 000000011000abe0 .text C:\Users\Primol\AppData\Local\Akamai\netsession_win.exe[2132] C:\Windows\SysWOW64\WINMM.dll!waveOutGetVolume 00000000742e52e8 5 bytes JMP 000000011000acd0 .text C:\Users\Primol\AppData\Local\Akamai\netsession_win.exe[2132] C:\Windows\SysWOW64\WINMM.dll!waveOutSetVolume 00000000742e535f 5 bytes JMP 000000011000acf0 .text C:\Users\Primol\AppData\Local\Akamai\netsession_win.exe[2132] C:\Windows\SysWOW64\WINMM.dll!waveInClose 00000000742e59cc 5 bytes JMP 000000011000ae40 .text C:\Users\Primol\AppData\Local\Akamai\netsession_win.exe[2132] C:\Windows\SysWOW64\WINMM.dll!waveInPrepareHeader 00000000742e5a6a 5 bytes JMP 000000011000aec0 .text C:\Users\Primol\AppData\Local\Akamai\netsession_win.exe[2132] C:\Windows\SysWOW64\WINMM.dll!waveInUnprepareHeader 00000000742e5ad7 5 bytes JMP 000000011000af00 .text C:\Users\Primol\AppData\Local\Akamai\netsession_win.exe[2132] C:\Windows\SysWOW64\WINMM.dll!waveInAddBuffer 00000000742e5b5b 5 bytes JMP 000000011000af40 .text C:\Users\Primol\AppData\Local\Akamai\netsession_win.exe[2132] C:\Windows\SysWOW64\WINMM.dll!waveInStart 00000000742e5bba 5 bytes JMP 000000011000af80 .text C:\Users\Primol\AppData\Local\Akamai\netsession_win.exe[2132] C:\Windows\SysWOW64\WINMM.dll!waveInStop 00000000742e5bee 5 bytes JMP 000000011000b000 .text C:\Users\Primol\AppData\Local\Akamai\netsession_win.exe[2132] C:\Windows\SysWOW64\WINMM.dll!waveInReset 00000000742e5c22 5 bytes JMP 000000011000b060 .text C:\Users\Primol\AppData\Local\Akamai\netsession_win.exe[2132] C:\Windows\SysWOW64\WINMM.dll!waveInGetPosition 00000000742e5c67 5 bytes JMP 000000011000b0d0 .text C:\Users\Primol\AppData\Local\Akamai\netsession_win.exe[2132] C:\Windows\SysWOW64\DSOUND.dll!DirectSoundCreate 0000000073f97e3d 5 bytes JMP 000000011000a690 .text C:\Users\Primol\AppData\Local\Akamai\netsession_win.exe[2132] C:\Windows\SysWOW64\DSOUND.dll!DirectSoundCreate8 0000000073fcde69 5 bytes JMP 000000011000a770 .text C:\Users\Primol\AppData\Local\Akamai\netsession_win.exe[2132] C:\Windows\SysWOW64\DSOUND.dll!DirectSoundCaptureCreate 0000000073fdd2c5 5 bytes JMP 000000011000a8a0 .text C:\Users\Primol\AppData\Local\Akamai\netsession_win.exe[2132] C:\Windows\SysWOW64\DSOUND.dll!DirectSoundCaptureCreate8 0000000073fdd371 5 bytes JMP 000000011000a990 .text C:\Users\Primol\AppData\Local\Akamai\netsession_win.exe[2132] C:\Windows\SysWOW64\DSOUND.dll!DirectSoundFullDuplexCreate 0000000073fdd429 5 bytes JMP 000000011000aa80 .text D:\Gmail Notifier\gnotify.exe[2452] C:\Windows\syswow64\ole32.dll!CoCreateInstance 00000000771e9d0b 5 bytes JMP 000000011000a4d0 .text D:\Gmail Notifier\gnotify.exe[2452] C:\Windows\syswow64\ole32.dll!CoCreateInstanceEx 00000000771e9d4e 5 bytes JMP 000000011000a630 .text D:\Gmail Notifier\gnotify.exe[2452] C:\Windows\SysWOW64\DSOUND.dll!DirectSoundCreate 0000000073f97e3d 5 bytes JMP 000000011000a690 .text D:\Gmail Notifier\gnotify.exe[2452] C:\Windows\SysWOW64\DSOUND.dll!DirectSoundCreate8 0000000073fcde69 5 bytes JMP 000000011000a770 .text D:\Gmail Notifier\gnotify.exe[2452] C:\Windows\SysWOW64\DSOUND.dll!DirectSoundCaptureCreate 0000000073fdd2c5 5 bytes JMP 000000011000a8a0 .text D:\Gmail Notifier\gnotify.exe[2452] C:\Windows\SysWOW64\DSOUND.dll!DirectSoundCaptureCreate8 0000000073fdd371 5 bytes JMP 000000011000a990 .text D:\Gmail Notifier\gnotify.exe[2452] C:\Windows\SysWOW64\DSOUND.dll!DirectSoundFullDuplexCreate 0000000073fdd429 5 bytes JMP 000000011000aa80 .text D:\Gmail Notifier\gnotify.exe[2452] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000077811401 2 bytes JMP 7733b21b C:\Windows\syswow64\kernel32.dll .text D:\Gmail Notifier\gnotify.exe[2452] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000077811419 2 bytes JMP 7733b346 C:\Windows\syswow64\kernel32.dll .text D:\Gmail Notifier\gnotify.exe[2452] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000077811431 2 bytes JMP 773b8f29 C:\Windows\syswow64\kernel32.dll .text D:\Gmail Notifier\gnotify.exe[2452] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 000000007781144a 2 bytes CALL 7731489d C:\Windows\syswow64\kernel32.dll .text ... * 9 .text D:\Gmail Notifier\gnotify.exe[2452] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000778114dd 2 bytes JMP 773b8822 C:\Windows\syswow64\kernel32.dll .text D:\Gmail Notifier\gnotify.exe[2452] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000778114f5 2 bytes JMP 773b89f8 C:\Windows\syswow64\kernel32.dll .text D:\Gmail Notifier\gnotify.exe[2452] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 000000007781150d 2 bytes JMP 773b8718 C:\Windows\syswow64\kernel32.dll .text D:\Gmail Notifier\gnotify.exe[2452] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000077811525 2 bytes JMP 773b8ae2 C:\Windows\syswow64\kernel32.dll .text D:\Gmail Notifier\gnotify.exe[2452] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 000000007781153d 2 bytes JMP 7732fca8 C:\Windows\syswow64\kernel32.dll .text D:\Gmail Notifier\gnotify.exe[2452] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000077811555 2 bytes JMP 773368ef C:\Windows\syswow64\kernel32.dll .text D:\Gmail Notifier\gnotify.exe[2452] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 000000007781156d 2 bytes JMP 773b8fe3 C:\Windows\syswow64\kernel32.dll .text D:\Gmail Notifier\gnotify.exe[2452] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000077811585 2 bytes JMP 773b8b42 C:\Windows\syswow64\kernel32.dll .text D:\Gmail Notifier\gnotify.exe[2452] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 000000007781159d 2 bytes JMP 773b86dc C:\Windows\syswow64\kernel32.dll .text D:\Gmail Notifier\gnotify.exe[2452] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000778115b5 2 bytes JMP 7732fd41 C:\Windows\syswow64\kernel32.dll .text D:\Gmail Notifier\gnotify.exe[2452] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000778115cd 2 bytes JMP 7733b2dc C:\Windows\syswow64\kernel32.dll .text D:\Gmail Notifier\gnotify.exe[2452] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000778116b2 2 bytes JMP 773b8ea4 C:\Windows\syswow64\kernel32.dll .text D:\Gmail Notifier\gnotify.exe[2452] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000778116bd 2 bytes JMP 773b8671 C:\Windows\syswow64\kernel32.dll .text D:\DeathAdderBlackEdition\razerhid.exe[2460] C:\Windows\syswow64\ole32.dll!CoCreateInstance 00000000771e9d0b 5 bytes JMP 000000011000a4d0 .text D:\DeathAdderBlackEdition\razerhid.exe[2460] C:\Windows\syswow64\ole32.dll!CoCreateInstanceEx 00000000771e9d4e 5 bytes JMP 000000011000a630 .text D:\DeathAdderBlackEdition\razerhid.exe[2460] C:\Windows\SysWOW64\WINMM.dll!waveOutOpen 00000000742c451e 5 bytes JMP 000000011000ab40 .text D:\DeathAdderBlackEdition\razerhid.exe[2460] C:\Windows\SysWOW64\WINMM.dll!waveOutClose 00000000742c4b6d 5 bytes JMP 000000011000abb0 .text D:\DeathAdderBlackEdition\razerhid.exe[2460] C:\Windows\SysWOW64\WINMM.dll!waveOutUnprepareHeader 00000000742c4bf2 5 bytes JMP 000000011000ac90 .text D:\DeathAdderBlackEdition\razerhid.exe[2460] C:\Windows\SysWOW64\WINMM.dll!waveOutPrepareHeader 00000000742c4f0f 5 bytes JMP 000000011000ac50 .text D:\DeathAdderBlackEdition\razerhid.exe[2460] C:\Windows\SysWOW64\WINMM.dll!waveOutWrite 00000000742c4f7b 5 bytes JMP 000000011000ac10 .text D:\DeathAdderBlackEdition\razerhid.exe[2460] C:\Windows\SysWOW64\WINMM.dll!waveInOpen 00000000742c9054 5 bytes JMP 000000011000ad10 .text D:\DeathAdderBlackEdition\razerhid.exe[2460] C:\Windows\SysWOW64\WINMM.dll!waveOutReset 00000000742cadf9 5 bytes JMP 000000011000abe0 .text D:\DeathAdderBlackEdition\razerhid.exe[2460] C:\Windows\SysWOW64\WINMM.dll!waveOutGetVolume 00000000742e52e8 5 bytes JMP 000000011000acd0 .text D:\DeathAdderBlackEdition\razerhid.exe[2460] C:\Windows\SysWOW64\WINMM.dll!waveOutSetVolume 00000000742e535f 5 bytes JMP 000000011000acf0 .text D:\DeathAdderBlackEdition\razerhid.exe[2460] C:\Windows\SysWOW64\WINMM.dll!waveInClose 00000000742e59cc 5 bytes JMP 000000011000ae40 .text D:\DeathAdderBlackEdition\razerhid.exe[2460] C:\Windows\SysWOW64\WINMM.dll!waveInPrepareHeader 00000000742e5a6a 5 bytes JMP 000000011000aec0 .text D:\DeathAdderBlackEdition\razerhid.exe[2460] C:\Windows\SysWOW64\WINMM.dll!waveInUnprepareHeader 00000000742e5ad7 5 bytes JMP 000000011000af00 .text D:\DeathAdderBlackEdition\razerhid.exe[2460] C:\Windows\SysWOW64\WINMM.dll!waveInAddBuffer 00000000742e5b5b 5 bytes JMP 000000011000af40 .text D:\DeathAdderBlackEdition\razerhid.exe[2460] C:\Windows\SysWOW64\WINMM.dll!waveInStart 00000000742e5bba 5 bytes JMP 000000011000af80 .text D:\DeathAdderBlackEdition\razerhid.exe[2460] C:\Windows\SysWOW64\WINMM.dll!waveInStop 00000000742e5bee 5 bytes JMP 000000011000b000 .text D:\DeathAdderBlackEdition\razerhid.exe[2460] C:\Windows\SysWOW64\WINMM.dll!waveInReset 00000000742e5c22 5 bytes JMP 000000011000b060 .text D:\DeathAdderBlackEdition\razerhid.exe[2460] C:\Windows\SysWOW64\WINMM.dll!waveInGetPosition 00000000742e5c67 5 bytes JMP 000000011000b0d0 .text D:\DeathAdderBlackEdition\razerhid.exe[2460] C:\Windows\SysWOW64\DSOUND.dll!DirectSoundCreate 0000000073f97e3d 5 bytes JMP 000000011000a690 .text D:\DeathAdderBlackEdition\razerhid.exe[2460] C:\Windows\SysWOW64\DSOUND.dll!DirectSoundCreate8 0000000073fcde69 5 bytes JMP 000000011000a770 .text D:\DeathAdderBlackEdition\razerhid.exe[2460] C:\Windows\SysWOW64\DSOUND.dll!DirectSoundCaptureCreate 0000000073fdd2c5 5 bytes JMP 000000011000a8a0 .text D:\DeathAdderBlackEdition\razerhid.exe[2460] C:\Windows\SysWOW64\DSOUND.dll!DirectSoundCaptureCreate8 0000000073fdd371 5 bytes JMP 000000011000a990 .text D:\DeathAdderBlackEdition\razerhid.exe[2460] C:\Windows\SysWOW64\DSOUND.dll!DirectSoundFullDuplexCreate 0000000073fdd429 5 bytes JMP 000000011000aa80 .text C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe[2520] C:\Windows\syswow64\ole32.dll!CoCreateInstance 00000000771e9d0b 5 bytes JMP 000000010069a4d0 .text C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe[2520] C:\Windows\syswow64\ole32.dll!CoCreateInstanceEx 00000000771e9d4e 5 bytes JMP 000000010069a630 .text C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe[2520] C:\Windows\SysWOW64\DSOUND.dll!DirectSoundCreate 0000000073f97e3d 5 bytes JMP 000000010069a690 .text C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe[2520] C:\Windows\SysWOW64\DSOUND.dll!DirectSoundCreate8 0000000073fcde69 5 bytes JMP 000000010069a770 .text C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe[2520] C:\Windows\SysWOW64\DSOUND.dll!DirectSoundCaptureCreate 0000000073fdd2c5 5 bytes JMP 000000010069a8a0 .text C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe[2520] C:\Windows\SysWOW64\DSOUND.dll!DirectSoundCaptureCreate8 0000000073fdd371 5 bytes JMP 000000010069a990 .text C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe[2520] C:\Windows\SysWOW64\DSOUND.dll!DirectSoundFullDuplexCreate 0000000073fdd429 5 bytes JMP 000000010069aa80 .text C:\Program Files (x86)\Common Files\Autodesk Shared\Autodesk Download Manager\DLMSession.exe[2560] C:\Windows\syswow64\ole32.dll!CoCreateInstance 00000000771e9d0b 5 bytes JMP 000000011000a4d0 .text C:\Program Files (x86)\Common Files\Autodesk Shared\Autodesk Download Manager\DLMSession.exe[2560] C:\Windows\syswow64\ole32.dll!CoCreateInstanceEx 00000000771e9d4e 5 bytes JMP 000000011000a630 .text C:\Program Files (x86)\Common Files\Autodesk Shared\Autodesk Download Manager\DLMSession.exe[2560] C:\Windows\SysWOW64\WINMM.dll!waveOutOpen 00000000742c451e 5 bytes JMP 000000011000ab40 .text C:\Program Files (x86)\Common Files\Autodesk Shared\Autodesk Download Manager\DLMSession.exe[2560] C:\Windows\SysWOW64\WINMM.dll!waveOutClose 00000000742c4b6d 5 bytes JMP 000000011000abb0 .text C:\Program Files (x86)\Common Files\Autodesk Shared\Autodesk Download Manager\DLMSession.exe[2560] C:\Windows\SysWOW64\WINMM.dll!waveOutUnprepareHeader 00000000742c4bf2 5 bytes JMP 000000011000ac90 .text C:\Program Files (x86)\Common Files\Autodesk Shared\Autodesk Download Manager\DLMSession.exe[2560] C:\Windows\SysWOW64\WINMM.dll!waveOutPrepareHeader 00000000742c4f0f 5 bytes JMP 000000011000ac50 .text C:\Program Files (x86)\Common Files\Autodesk Shared\Autodesk Download Manager\DLMSession.exe[2560] C:\Windows\SysWOW64\WINMM.dll!waveOutWrite 00000000742c4f7b 5 bytes JMP 000000011000ac10 .text C:\Program Files (x86)\Common Files\Autodesk Shared\Autodesk Download Manager\DLMSession.exe[2560] C:\Windows\SysWOW64\WINMM.dll!waveInOpen 00000000742c9054 5 bytes JMP 000000011000ad10 .text C:\Program Files (x86)\Common Files\Autodesk Shared\Autodesk Download Manager\DLMSession.exe[2560] C:\Windows\SysWOW64\WINMM.dll!waveOutReset 00000000742cadf9 5 bytes JMP 000000011000abe0 .text C:\Program Files (x86)\Common Files\Autodesk Shared\Autodesk Download Manager\DLMSession.exe[2560] C:\Windows\SysWOW64\WINMM.dll!waveOutGetVolume 00000000742e52e8 5 bytes JMP 000000011000acd0 .text C:\Program Files (x86)\Common Files\Autodesk Shared\Autodesk Download Manager\DLMSession.exe[2560] C:\Windows\SysWOW64\WINMM.dll!waveOutSetVolume 00000000742e535f 5 bytes JMP 000000011000acf0 .text C:\Program Files (x86)\Common Files\Autodesk Shared\Autodesk Download Manager\DLMSession.exe[2560] C:\Windows\SysWOW64\WINMM.dll!waveInClose 00000000742e59cc 5 bytes JMP 000000011000ae40 .text C:\Program Files (x86)\Common Files\Autodesk Shared\Autodesk Download Manager\DLMSession.exe[2560] C:\Windows\SysWOW64\WINMM.dll!waveInPrepareHeader 00000000742e5a6a 5 bytes JMP 000000011000aec0 .text C:\Program Files (x86)\Common Files\Autodesk Shared\Autodesk Download Manager\DLMSession.exe[2560] C:\Windows\SysWOW64\WINMM.dll!waveInUnprepareHeader 00000000742e5ad7 5 bytes JMP 000000011000af00 .text C:\Program Files (x86)\Common Files\Autodesk Shared\Autodesk Download Manager\DLMSession.exe[2560] C:\Windows\SysWOW64\WINMM.dll!waveInAddBuffer 00000000742e5b5b 5 bytes JMP 000000011000af40 .text C:\Program Files (x86)\Common Files\Autodesk Shared\Autodesk Download Manager\DLMSession.exe[2560] C:\Windows\SysWOW64\WINMM.dll!waveInStart 00000000742e5bba 5 bytes JMP 000000011000af80 .text C:\Program Files (x86)\Common Files\Autodesk Shared\Autodesk Download Manager\DLMSession.exe[2560] C:\Windows\SysWOW64\WINMM.dll!waveInStop 00000000742e5bee 5 bytes JMP 000000011000b000 .text C:\Program Files (x86)\Common Files\Autodesk Shared\Autodesk Download Manager\DLMSession.exe[2560] C:\Windows\SysWOW64\WINMM.dll!waveInReset 00000000742e5c22 5 bytes JMP 000000011000b060 .text C:\Program Files (x86)\Common Files\Autodesk Shared\Autodesk Download Manager\DLMSession.exe[2560] C:\Windows\SysWOW64\WINMM.dll!waveInGetPosition 00000000742e5c67 5 bytes JMP 000000011000b0d0 .text C:\Program Files (x86)\Common Files\Autodesk Shared\Autodesk Download Manager\DLMSession.exe[2560] C:\Windows\SysWOW64\DSOUND.dll!DirectSoundCreate 0000000073f97e3d 5 bytes JMP 000000011000a690 .text C:\Program Files (x86)\Common Files\Autodesk Shared\Autodesk Download Manager\DLMSession.exe[2560] C:\Windows\SysWOW64\DSOUND.dll!DirectSoundCreate8 0000000073fcde69 5 bytes JMP 000000011000a770 .text C:\Program Files (x86)\Common Files\Autodesk Shared\Autodesk Download Manager\DLMSession.exe[2560] C:\Windows\SysWOW64\DSOUND.dll!DirectSoundCaptureCreate 0000000073fdd2c5 5 bytes JMP 000000011000a8a0 .text C:\Program Files (x86)\Common Files\Autodesk Shared\Autodesk Download Manager\DLMSession.exe[2560] C:\Windows\SysWOW64\DSOUND.dll!DirectSoundCaptureCreate8 0000000073fdd371 5 bytes JMP 000000011000a990 .text C:\Program Files (x86)\Common Files\Autodesk Shared\Autodesk Download Manager\DLMSession.exe[2560] C:\Windows\SysWOW64\DSOUND.dll!DirectSoundFullDuplexCreate 0000000073fdd429 5 bytes JMP 000000011000aa80 .text C:\Program Files (x86)\Common Files\Autodesk Shared\Autodesk Download Manager\DLMSession.exe[2560] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000077811401 2 bytes JMP 7733b21b C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Autodesk Shared\Autodesk Download Manager\DLMSession.exe[2560] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000077811419 2 bytes JMP 7733b346 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Autodesk Shared\Autodesk Download Manager\DLMSession.exe[2560] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000077811431 2 bytes JMP 773b8f29 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Autodesk Shared\Autodesk Download Manager\DLMSession.exe[2560] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 000000007781144a 2 bytes CALL 7731489d C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files (x86)\Common Files\Autodesk Shared\Autodesk Download Manager\DLMSession.exe[2560] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000778114dd 2 bytes JMP 773b8822 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Autodesk Shared\Autodesk Download Manager\DLMSession.exe[2560] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000778114f5 2 bytes JMP 773b89f8 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Autodesk Shared\Autodesk Download Manager\DLMSession.exe[2560] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 000000007781150d 2 bytes JMP 773b8718 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Autodesk Shared\Autodesk Download Manager\DLMSession.exe[2560] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000077811525 2 bytes JMP 773b8ae2 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Autodesk Shared\Autodesk Download Manager\DLMSession.exe[2560] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 000000007781153d 2 bytes JMP 7732fca8 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Autodesk Shared\Autodesk Download Manager\DLMSession.exe[2560] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000077811555 2 bytes JMP 773368ef C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Autodesk Shared\Autodesk Download Manager\DLMSession.exe[2560] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 000000007781156d 2 bytes JMP 773b8fe3 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Autodesk Shared\Autodesk Download Manager\DLMSession.exe[2560] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000077811585 2 bytes JMP 773b8b42 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Autodesk Shared\Autodesk Download Manager\DLMSession.exe[2560] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 000000007781159d 2 bytes JMP 773b86dc C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Autodesk Shared\Autodesk Download Manager\DLMSession.exe[2560] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000778115b5 2 bytes JMP 7732fd41 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Autodesk Shared\Autodesk Download Manager\DLMSession.exe[2560] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000778115cd 2 bytes JMP 7733b2dc C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Autodesk Shared\Autodesk Download Manager\DLMSession.exe[2560] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000778116b2 2 bytes JMP 773b8ea4 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Autodesk Shared\Autodesk Download Manager\DLMSession.exe[2560] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000778116bd 2 bytes JMP 773b8671 C:\Windows\syswow64\kernel32.dll .text D:\USB-N10 WLAN Card Utilities\Wireless.exe[2588] C:\Windows\syswow64\ole32.dll!CoCreateInstance 00000000771e9d0b 5 bytes JMP 00000001004ea4d0 .text D:\USB-N10 WLAN Card Utilities\Wireless.exe[2588] C:\Windows\syswow64\ole32.dll!CoCreateInstanceEx 00000000771e9d4e 5 bytes JMP 00000001004ea630 .text D:\USB-N10 WLAN Card Utilities\Wireless.exe[2588] C:\Windows\SysWOW64\DSOUND.dll!DirectSoundCreate 0000000073f97e3d 5 bytes JMP 00000001004ea690 .text D:\USB-N10 WLAN Card Utilities\Wireless.exe[2588] C:\Windows\SysWOW64\DSOUND.dll!DirectSoundCreate8 0000000073fcde69 5 bytes JMP 00000001004ea770 .text D:\USB-N10 WLAN Card Utilities\Wireless.exe[2588] C:\Windows\SysWOW64\DSOUND.dll!DirectSoundCaptureCreate 0000000073fdd2c5 5 bytes JMP 00000001004ea8a0 .text D:\USB-N10 WLAN Card Utilities\Wireless.exe[2588] C:\Windows\SysWOW64\DSOUND.dll!DirectSoundCaptureCreate8 0000000073fdd371 5 bytes JMP 00000001004ea990 .text D:\USB-N10 WLAN Card Utilities\Wireless.exe[2588] C:\Windows\SysWOW64\DSOUND.dll!DirectSoundFullDuplexCreate 0000000073fdd429 5 bytes JMP 00000001004eaa80 .text D:\DeathAdderBlackEdition\razertra.exe[2604] C:\Windows\syswow64\ole32.dll!CoCreateInstance 00000000771e9d0b 5 bytes JMP 000000011000a4d0 .text D:\DeathAdderBlackEdition\razertra.exe[2604] C:\Windows\syswow64\ole32.dll!CoCreateInstanceEx 00000000771e9d4e 5 bytes JMP 000000011000a630 .text D:\DeathAdderBlackEdition\razertra.exe[2604] C:\Windows\SysWOW64\WINMM.dll!waveOutOpen 00000000742c451e 5 bytes JMP 000000011000ab40 .text D:\DeathAdderBlackEdition\razertra.exe[2604] C:\Windows\SysWOW64\WINMM.dll!waveOutClose 00000000742c4b6d 5 bytes JMP 000000011000abb0 .text D:\DeathAdderBlackEdition\razertra.exe[2604] C:\Windows\SysWOW64\WINMM.dll!waveOutUnprepareHeader 00000000742c4bf2 5 bytes JMP 000000011000ac90 .text D:\DeathAdderBlackEdition\razertra.exe[2604] C:\Windows\SysWOW64\WINMM.dll!waveOutPrepareHeader 00000000742c4f0f 5 bytes JMP 000000011000ac50 .text D:\DeathAdderBlackEdition\razertra.exe[2604] C:\Windows\SysWOW64\WINMM.dll!waveOutWrite 00000000742c4f7b 5 bytes JMP 000000011000ac10 .text D:\DeathAdderBlackEdition\razertra.exe[2604] C:\Windows\SysWOW64\WINMM.dll!waveInOpen 00000000742c9054 5 bytes JMP 000000011000ad10 .text D:\DeathAdderBlackEdition\razertra.exe[2604] C:\Windows\SysWOW64\WINMM.dll!waveOutReset 00000000742cadf9 5 bytes JMP 000000011000abe0 .text D:\DeathAdderBlackEdition\razertra.exe[2604] C:\Windows\SysWOW64\WINMM.dll!waveOutGetVolume 00000000742e52e8 5 bytes JMP 000000011000acd0 .text D:\DeathAdderBlackEdition\razertra.exe[2604] C:\Windows\SysWOW64\WINMM.dll!waveOutSetVolume 00000000742e535f 5 bytes JMP 000000011000acf0 .text D:\DeathAdderBlackEdition\razertra.exe[2604] C:\Windows\SysWOW64\WINMM.dll!waveInClose 00000000742e59cc 5 bytes JMP 000000011000ae40 .text D:\DeathAdderBlackEdition\razertra.exe[2604] C:\Windows\SysWOW64\WINMM.dll!waveInPrepareHeader 00000000742e5a6a 5 bytes JMP 000000011000aec0 .text D:\DeathAdderBlackEdition\razertra.exe[2604] C:\Windows\SysWOW64\WINMM.dll!waveInUnprepareHeader 00000000742e5ad7 5 bytes JMP 000000011000af00 .text D:\DeathAdderBlackEdition\razertra.exe[2604] C:\Windows\SysWOW64\WINMM.dll!waveInAddBuffer 00000000742e5b5b 5 bytes JMP 000000011000af40 .text D:\DeathAdderBlackEdition\razertra.exe[2604] C:\Windows\SysWOW64\WINMM.dll!waveInStart 00000000742e5bba 5 bytes JMP 000000011000af80 .text D:\DeathAdderBlackEdition\razertra.exe[2604] C:\Windows\SysWOW64\WINMM.dll!waveInStop 00000000742e5bee 5 bytes JMP 000000011000b000 .text D:\DeathAdderBlackEdition\razertra.exe[2604] C:\Windows\SysWOW64\WINMM.dll!waveInReset 00000000742e5c22 5 bytes JMP 000000011000b060 .text D:\DeathAdderBlackEdition\razertra.exe[2604] C:\Windows\SysWOW64\WINMM.dll!waveInGetPosition 00000000742e5c67 5 bytes JMP 000000011000b0d0 .text D:\DeathAdderBlackEdition\razertra.exe[2604] C:\Windows\SysWOW64\DSOUND.dll!DirectSoundCreate 0000000073f97e3d 5 bytes JMP 000000011000a690 .text D:\DeathAdderBlackEdition\razertra.exe[2604] C:\Windows\SysWOW64\DSOUND.dll!DirectSoundCreate8 0000000073fcde69 5 bytes JMP 000000011000a770 .text D:\DeathAdderBlackEdition\razertra.exe[2604] C:\Windows\SysWOW64\DSOUND.dll!DirectSoundCaptureCreate 0000000073fdd2c5 5 bytes JMP 000000011000a8a0 .text D:\DeathAdderBlackEdition\razertra.exe[2604] C:\Windows\SysWOW64\DSOUND.dll!DirectSoundCaptureCreate8 0000000073fdd371 5 bytes JMP 000000011000a990 .text D:\DeathAdderBlackEdition\razertra.exe[2604] C:\Windows\SysWOW64\DSOUND.dll!DirectSoundFullDuplexCreate 0000000073fdd429 5 bytes JMP 000000011000aa80 .text C:\Program Files (x86)\Brother\ControlCenter3\brccMCtl.exe[2632] C:\Windows\syswow64\ole32.dll!CoCreateInstance 00000000771e9d0b 5 bytes JMP 00000001002aa4d0 .text C:\Program Files (x86)\Brother\ControlCenter3\brccMCtl.exe[2632] C:\Windows\syswow64\ole32.dll!CoCreateInstanceEx 00000000771e9d4e 5 bytes JMP 00000001002aa630 .text C:\Program Files (x86)\Brother\ControlCenter3\brccMCtl.exe[2632] C:\Windows\SysWOW64\DSOUND.dll!DirectSoundCreate 0000000073f97e3d 5 bytes JMP 00000001002aa690 .text C:\Program Files (x86)\Brother\ControlCenter3\brccMCtl.exe[2632] C:\Windows\SysWOW64\DSOUND.dll!DirectSoundCreate8 0000000073fcde69 5 bytes JMP 00000001002aa770 .text C:\Program Files (x86)\Brother\ControlCenter3\brccMCtl.exe[2632] C:\Windows\SysWOW64\DSOUND.dll!DirectSoundCaptureCreate 0000000073fdd2c5 5 bytes JMP 00000001002aa8a0 .text C:\Program Files (x86)\Brother\ControlCenter3\brccMCtl.exe[2632] C:\Windows\SysWOW64\DSOUND.dll!DirectSoundCaptureCreate8 0000000073fdd371 5 bytes JMP 00000001002aa990 .text C:\Program Files (x86)\Brother\ControlCenter3\brccMCtl.exe[2632] C:\Windows\SysWOW64\DSOUND.dll!DirectSoundFullDuplexCreate 0000000073fdd429 5 bytes JMP 00000001002aaa80 .text C:\Program Files (x86)\Brother\ControlCenter3\brccMCtl.exe[2632] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000077811401 2 bytes JMP 7733b21b C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Brother\ControlCenter3\brccMCtl.exe[2632] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000077811419 2 bytes JMP 7733b346 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Brother\ControlCenter3\brccMCtl.exe[2632] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000077811431 2 bytes JMP 773b8f29 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Brother\ControlCenter3\brccMCtl.exe[2632] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 000000007781144a 2 bytes CALL 7731489d C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files (x86)\Brother\ControlCenter3\brccMCtl.exe[2632] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000778114dd 2 bytes JMP 773b8822 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Brother\ControlCenter3\brccMCtl.exe[2632] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000778114f5 2 bytes JMP 773b89f8 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Brother\ControlCenter3\brccMCtl.exe[2632] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 000000007781150d 2 bytes JMP 773b8718 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Brother\ControlCenter3\brccMCtl.exe[2632] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000077811525 2 bytes JMP 773b8ae2 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Brother\ControlCenter3\brccMCtl.exe[2632] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 000000007781153d 2 bytes JMP 7732fca8 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Brother\ControlCenter3\brccMCtl.exe[2632] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000077811555 2 bytes JMP 773368ef C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Brother\ControlCenter3\brccMCtl.exe[2632] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 000000007781156d 2 bytes JMP 773b8fe3 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Brother\ControlCenter3\brccMCtl.exe[2632] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000077811585 2 bytes JMP 773b8b42 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Brother\ControlCenter3\brccMCtl.exe[2632] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 000000007781159d 2 bytes JMP 773b86dc C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Brother\ControlCenter3\brccMCtl.exe[2632] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000778115b5 2 bytes JMP 7732fd41 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Brother\ControlCenter3\brccMCtl.exe[2632] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000778115cd 2 bytes JMP 7733b2dc C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Brother\ControlCenter3\brccMCtl.exe[2632] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000778116b2 2 bytes JMP 773b8ea4 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Brother\ControlCenter3\brccMCtl.exe[2632] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000778116bd 2 bytes JMP 773b8671 C:\Windows\syswow64\kernel32.dll .text D:\DeathAdderBlackEdition\razerofa.exe[2692] C:\Windows\SysWOW64\WINMM.dll!waveOutOpen 00000000742c451e 5 bytes JMP 000000011000ab40 .text D:\DeathAdderBlackEdition\razerofa.exe[2692] C:\Windows\SysWOW64\WINMM.dll!waveOutClose 00000000742c4b6d 5 bytes JMP 000000011000abb0 .text D:\DeathAdderBlackEdition\razerofa.exe[2692] C:\Windows\SysWOW64\WINMM.dll!waveOutUnprepareHeader 00000000742c4bf2 5 bytes JMP 000000011000ac90 .text D:\DeathAdderBlackEdition\razerofa.exe[2692] C:\Windows\SysWOW64\WINMM.dll!waveOutPrepareHeader 00000000742c4f0f 5 bytes JMP 000000011000ac50 .text D:\DeathAdderBlackEdition\razerofa.exe[2692] C:\Windows\SysWOW64\WINMM.dll!waveOutWrite 00000000742c4f7b 5 bytes JMP 000000011000ac10 .text D:\DeathAdderBlackEdition\razerofa.exe[2692] C:\Windows\SysWOW64\WINMM.dll!waveInOpen 00000000742c9054 5 bytes JMP 000000011000ad10 .text D:\DeathAdderBlackEdition\razerofa.exe[2692] C:\Windows\SysWOW64\WINMM.dll!waveOutReset 00000000742cadf9 5 bytes JMP 000000011000abe0 .text D:\DeathAdderBlackEdition\razerofa.exe[2692] C:\Windows\SysWOW64\WINMM.dll!waveOutGetVolume 00000000742e52e8 5 bytes JMP 000000011000acd0 .text D:\DeathAdderBlackEdition\razerofa.exe[2692] C:\Windows\SysWOW64\WINMM.dll!waveOutSetVolume 00000000742e535f 5 bytes JMP 000000011000acf0 .text D:\DeathAdderBlackEdition\razerofa.exe[2692] C:\Windows\SysWOW64\WINMM.dll!waveInClose 00000000742e59cc 5 bytes JMP 000000011000ae40 .text D:\DeathAdderBlackEdition\razerofa.exe[2692] C:\Windows\SysWOW64\WINMM.dll!waveInPrepareHeader 00000000742e5a6a 5 bytes JMP 000000011000aec0 .text D:\DeathAdderBlackEdition\razerofa.exe[2692] C:\Windows\SysWOW64\WINMM.dll!waveInUnprepareHeader 00000000742e5ad7 5 bytes JMP 000000011000af00 .text D:\DeathAdderBlackEdition\razerofa.exe[2692] C:\Windows\SysWOW64\WINMM.dll!waveInAddBuffer 00000000742e5b5b 5 bytes JMP 000000011000af40 .text D:\DeathAdderBlackEdition\razerofa.exe[2692] C:\Windows\SysWOW64\WINMM.dll!waveInStart 00000000742e5bba 5 bytes JMP 000000011000af80 .text D:\DeathAdderBlackEdition\razerofa.exe[2692] C:\Windows\SysWOW64\WINMM.dll!waveInStop 00000000742e5bee 5 bytes JMP 000000011000b000 .text D:\DeathAdderBlackEdition\razerofa.exe[2692] C:\Windows\SysWOW64\WINMM.dll!waveInReset 00000000742e5c22 5 bytes JMP 000000011000b060 .text D:\DeathAdderBlackEdition\razerofa.exe[2692] C:\Windows\SysWOW64\WINMM.dll!waveInGetPosition 00000000742e5c67 5 bytes JMP 000000011000b0d0 .text D:\DeathAdderBlackEdition\razerofa.exe[2692] C:\Windows\SysWOW64\DSOUND.dll!DirectSoundCreate 0000000073f97e3d 5 bytes JMP 000000011000a690 .text D:\DeathAdderBlackEdition\razerofa.exe[2692] C:\Windows\SysWOW64\DSOUND.dll!DirectSoundCreate8 0000000073fcde69 5 bytes JMP 000000011000a770 .text D:\DeathAdderBlackEdition\razerofa.exe[2692] C:\Windows\SysWOW64\DSOUND.dll!DirectSoundCaptureCreate 0000000073fdd2c5 5 bytes JMP 000000011000a8a0 .text D:\DeathAdderBlackEdition\razerofa.exe[2692] C:\Windows\SysWOW64\DSOUND.dll!DirectSoundCaptureCreate8 0000000073fdd371 5 bytes JMP 000000011000a990 .text D:\DeathAdderBlackEdition\razerofa.exe[2692] C:\Windows\SysWOW64\DSOUND.dll!DirectSoundFullDuplexCreate 0000000073fdd429 5 bytes JMP 000000011000aa80 .text D:\DeathAdderBlackEdition\razerofa.exe[2692] C:\Windows\syswow64\ole32.dll!CoCreateInstance 00000000771e9d0b 5 bytes JMP 000000011000a4d0 .text D:\DeathAdderBlackEdition\razerofa.exe[2692] C:\Windows\syswow64\ole32.dll!CoCreateInstanceEx 00000000771e9d4e 5 bytes JMP 000000011000a630 .text D:\DeathAdderBlackEdition\vdDaemon.exe[2776] C:\Windows\syswow64\ole32.dll!CoCreateInstance 00000000771e9d0b 5 bytes JMP 000000011000a4d0 .text D:\DeathAdderBlackEdition\vdDaemon.exe[2776] C:\Windows\syswow64\ole32.dll!CoCreateInstanceEx 00000000771e9d4e 5 bytes JMP 000000011000a630 .text D:\DeathAdderBlackEdition\vdDaemon.exe[2776] C:\Windows\SysWOW64\DSOUND.dll!DirectSoundCreate 0000000073f97e3d 5 bytes JMP 000000011000a690 .text D:\DeathAdderBlackEdition\vdDaemon.exe[2776] C:\Windows\SysWOW64\DSOUND.dll!DirectSoundCreate8 0000000073fcde69 5 bytes JMP 000000011000a770 .text D:\DeathAdderBlackEdition\vdDaemon.exe[2776] C:\Windows\SysWOW64\DSOUND.dll!DirectSoundCaptureCreate 0000000073fdd2c5 5 bytes JMP 000000011000a8a0 .text D:\DeathAdderBlackEdition\vdDaemon.exe[2776] C:\Windows\SysWOW64\DSOUND.dll!DirectSoundCaptureCreate8 0000000073fdd371 5 bytes JMP 000000011000a990 .text D:\DeathAdderBlackEdition\vdDaemon.exe[2776] C:\Windows\SysWOW64\DSOUND.dll!DirectSoundFullDuplexCreate 0000000073fdd429 5 bytes JMP 000000011000aa80 .text C:\Windows\SysWOW64\PnkBstrA.exe[2904] C:\Windows\SysWOW64\WSOCK32.dll!recv + 82 000000006c3f17fa 2 bytes CALL 773111a9 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\PnkBstrA.exe[2904] C:\Windows\SysWOW64\WSOCK32.dll!recvfrom + 88 000000006c3f1860 2 bytes CALL 773111a9 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\PnkBstrA.exe[2904] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 98 000000006c3f1942 2 bytes JMP 76c17089 C:\Windows\syswow64\WS2_32.dll .text C:\Windows\SysWOW64\PnkBstrA.exe[2904] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 109 000000006c3f194d 2 bytes JMP 76c1cba6 C:\Windows\syswow64\WS2_32.dll .text C:\Windows\SysWOW64\PnkBstrA.exe[2904] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000077811401 2 bytes JMP 7733b21b C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\PnkBstrA.exe[2904] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000077811419 2 bytes JMP 7733b346 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\PnkBstrA.exe[2904] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000077811431 2 bytes JMP 773b8f29 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\PnkBstrA.exe[2904] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 000000007781144a 2 bytes CALL 7731489d C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Windows\SysWOW64\PnkBstrA.exe[2904] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000778114dd 2 bytes JMP 773b8822 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\PnkBstrA.exe[2904] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000778114f5 2 bytes JMP 773b89f8 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\PnkBstrA.exe[2904] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 000000007781150d 2 bytes JMP 773b8718 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\PnkBstrA.exe[2904] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000077811525 2 bytes JMP 773b8ae2 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\PnkBstrA.exe[2904] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 000000007781153d 2 bytes JMP 7732fca8 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\PnkBstrA.exe[2904] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000077811555 2 bytes JMP 773368ef C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\PnkBstrA.exe[2904] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 000000007781156d 2 bytes JMP 773b8fe3 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\PnkBstrA.exe[2904] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000077811585 2 bytes JMP 773b8b42 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\PnkBstrA.exe[2904] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 000000007781159d 2 bytes JMP 773b86dc C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\PnkBstrA.exe[2904] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000778115b5 2 bytes JMP 7732fd41 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\PnkBstrA.exe[2904] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000778115cd 2 bytes JMP 7733b2dc C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\PnkBstrA.exe[2904] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000778116b2 2 bytes JMP 773b8ea4 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\PnkBstrA.exe[2904] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000778116bd 2 bytes JMP 773b8671 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe[2088] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000077811401 2 bytes JMP 7733b21b C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe[2088] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000077811419 2 bytes JMP 7733b346 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe[2088] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000077811431 2 bytes JMP 773b8f29 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe[2088] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 000000007781144a 2 bytes CALL 7731489d C:\Windows\syswow64\KERNEL32.dll .text ... * 9 .text C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe[2088] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000778114dd 2 bytes JMP 773b8822 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe[2088] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000778114f5 2 bytes JMP 773b89f8 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe[2088] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 000000007781150d 2 bytes JMP 773b8718 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe[2088] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000077811525 2 bytes JMP 773b8ae2 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe[2088] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 000000007781153d 2 bytes JMP 7732fca8 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe[2088] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000077811555 2 bytes JMP 773368ef C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe[2088] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 000000007781156d 2 bytes JMP 773b8fe3 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe[2088] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000077811585 2 bytes JMP 773b8b42 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe[2088] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 000000007781159d 2 bytes JMP 773b86dc C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe[2088] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000778115b5 2 bytes JMP 7732fd41 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe[2088] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000778115cd 2 bytes JMP 7733b2dc C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe[2088] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000778116b2 2 bytes JMP 773b8ea4 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe[2088] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000778116bd 2 bytes JMP 773b8671 C:\Windows\syswow64\KERNEL32.dll .text C:\Windows\system32\conhost.exe[9056] C:\Windows\SYSTEM32\ntdll.dll!NtOpenKey 00000000776adcd0 6 bytes [48, B8, A8, 15, F8, 01] .text C:\Windows\system32\conhost.exe[9056] C:\Windows\SYSTEM32\ntdll.dll!NtOpenKey + 8 00000000776adcd8 4 bytes {ADD [RAX], AL; JMP RAX} .text C:\Windows\system32\conhost.exe[9056] C:\Windows\SYSTEM32\ntdll.dll!NtCreateKey 00000000776add80 6 bytes [48, B8, 50, 14, F8, 01] .text C:\Windows\system32\conhost.exe[9056] C:\Windows\SYSTEM32\ntdll.dll!NtCreateKey + 8 00000000776add88 4 bytes {ADD [RAX], AL; JMP RAX} .text C:\Windows\system32\conhost.exe[9056] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile 00000000776adee0 6 bytes [48, B8, 64, 0F, F8, 01] .text C:\Windows\system32\conhost.exe[9056] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile + 8 00000000776adee8 4 bytes {ADD [RAX], AL; JMP RAX} .text C:\Windows\system32\conhost.exe[9056] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000776adf20 6 bytes [48, B8, D8, 0C, F8, 01] .text C:\Windows\system32\conhost.exe[9056] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection + 8 00000000776adf28 4 bytes {ADD [RAX], AL; JMP RAX} .text C:\Windows\system32\conhost.exe[9056] C:\Windows\SYSTEM32\ntdll.dll!NtQueryAttributesFile 00000000776adf80 6 bytes [48, B8, 64, 11, F8, 01] .text C:\Windows\system32\conhost.exe[9056] C:\Windows\SYSTEM32\ntdll.dll!NtQueryAttributesFile + 8 00000000776adf88 4 bytes {ADD [RAX], AL; JMP RAX} .text C:\Windows\system32\conhost.exe[9056] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000776adfb0 6 bytes [48, B8, 28, 06, F8, 01] .text C:\Windows\system32\conhost.exe[9056] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent + 8 00000000776adfb8 4 bytes {ADD [RAX], AL; JMP RAX} .text C:\Windows\system32\conhost.exe[9056] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000776ae030 6 bytes [48, B8, 04, 05, F8, 01] .text C:\Windows\system32\conhost.exe[9056] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent + 8 00000000776ae038 4 bytes {ADD [RAX], AL; JMP RAX} .text C:\Windows\system32\conhost.exe[9056] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000776ae050 6 bytes [48, B8, 94, 0B, F8, 01] .text C:\Windows\system32\conhost.exe[9056] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection + 8 00000000776ae058 4 bytes {ADD [RAX], AL; JMP RAX} .text C:\Windows\system32\conhost.exe[9056] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000776ae090 6 bytes [48, B8, 14, 16, F8, 01] .text C:\Windows\system32\conhost.exe[9056] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread + 8 00000000776ae098 4 bytes {ADD [RAX], AL; JMP RAX} .text C:\Windows\system32\conhost.exe[9056] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 00000000776ae100 6 bytes [48, B8, 00, 0D, F8, 01] .text C:\Windows\system32\conhost.exe[9056] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile + 8 00000000776ae108 4 bytes {ADD [RAX], AL; JMP RAX} .text C:\Windows\system32\conhost.exe[9056] C:\Windows\SYSTEM32\ntdll.dll!NtOpenDirectoryObject 00000000776ae130 6 bytes [48, B8, DC, 04, F8, 01] .text C:\Windows\system32\conhost.exe[9056] C:\Windows\SYSTEM32\ntdll.dll!NtOpenDirectoryObject + 8 00000000776ae138 4 bytes {ADD [RAX], AL; JMP RAX} .text C:\Windows\system32\conhost.exe[9056] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000776ae520 6 bytes [48, B8, 34, 13, F8, 01] .text C:\Windows\system32\conhost.exe[9056] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion + 8 00000000776ae528 4 bytes {ADD [RAX], AL; JMP RAX} .text C:\Windows\system32\conhost.exe[9056] C:\Windows\SYSTEM32\ntdll.dll!NtCreateKeyedEvent 00000000776ae560 6 bytes [48, B8, 50, 06, F8, 01] .text C:\Windows\system32\conhost.exe[9056] C:\Windows\SYSTEM32\ntdll.dll!NtCreateKeyedEvent + 8 00000000776ae568 4 bytes {ADD [RAX], AL; JMP RAX} .text C:\Windows\system32\conhost.exe[9056] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000776ae580 6 bytes [48, B8, 94, 07, F8, 01] .text C:\Windows\system32\conhost.exe[9056] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant + 8 00000000776ae588 4 bytes {ADD [RAX], AL; JMP RAX} .text C:\Windows\system32\conhost.exe[9056] C:\Windows\SYSTEM32\ntdll.dll!NtCreateNamedPipeFile 00000000776ae590 6 bytes [48, B8, C4, 0D, F8, 01] .text C:\Windows\system32\conhost.exe[9056] C:\Windows\SYSTEM32\ntdll.dll!NtCreateNamedPipeFile + 8 00000000776ae598 4 bytes {ADD [RAX], AL; JMP RAX} .text C:\Windows\system32\conhost.exe[9056] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000776ae610 6 bytes [48, B8, 04, 09, F8, 01] .text C:\Windows\system32\conhost.exe[9056] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore + 8 00000000776ae618 4 bytes {ADD [RAX], AL; JMP RAX} .text C:\Windows\system32\conhost.exe[9056] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000776ae640 6 bytes [48, B8, 50, 0A, F8, 01] .text C:\Windows\system32\conhost.exe[9056] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer + 8 00000000776ae648 4 bytes {ADD [RAX], AL; JMP RAX} .text C:\Windows\system32\conhost.exe[9056] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteFile 00000000776ae700 6 bytes [48, B8, A8, 10, F8, 01] .text C:\Windows\system32\conhost.exe[9056] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteFile + 8 00000000776ae708 4 bytes {ADD [RAX], AL; JMP RAX} .text C:\Windows\system32\conhost.exe[9056] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000776aeae0 6 bytes [48, B8, A8, 15, F8, 01] .text C:\Windows\system32\conhost.exe[9056] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion + 8 00000000776aeae8 4 bytes {ADD [RAX], AL; JMP RAX} .text C:\Windows\system32\conhost.exe[9056] C:\Windows\SYSTEM32\ntdll.dll!NtOpenKeyEx 00000000776aeb00 6 bytes [48, B8, E0, 15, F8, 01] .text C:\Windows\system32\conhost.exe[9056] C:\Windows\SYSTEM32\ntdll.dll!NtOpenKeyEx + 8 00000000776aeb08 4 bytes {ADD [RAX], AL; JMP RAX} .text C:\Windows\system32\conhost.exe[9056] C:\Windows\SYSTEM32\ntdll.dll!NtOpenKeyedEvent 00000000776aeb30 6 bytes [48, B8, 6C, 07, F8, 01] .text C:\Windows\system32\conhost.exe[9056] C:\Windows\SYSTEM32\ntdll.dll!NtOpenKeyedEvent + 8 00000000776aeb38 4 bytes {ADD [RAX], AL; JMP RAX} .text C:\Windows\system32\conhost.exe[9056] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000776aeb40 6 bytes [48, B8, DC, 08, F8, 01] .text C:\Windows\system32\conhost.exe[9056] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant + 8 00000000776aeb48 4 bytes {ADD [RAX], AL; JMP RAX} .text C:\Windows\system32\conhost.exe[9056] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000776aeb90 6 bytes [48, B8, 28, 0A, F8, 01] .text C:\Windows\system32\conhost.exe[9056] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore + 8 00000000776aeb98 4 bytes {ADD [RAX], AL; JMP RAX} .text C:\Windows\system32\conhost.exe[9056] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSymbolicLinkObject 00000000776aebb0 6 bytes [48, B8, B8, 04, F8, 01] .text C:\Windows\system32\conhost.exe[9056] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSymbolicLinkObject + 8 00000000776aebb8 4 bytes {ADD [RAX], AL; JMP RAX} .text C:\Windows\system32\conhost.exe[9056] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000776aebd0 6 bytes [48, B8, 6C, 0B, F8, 01] .text C:\Windows\system32\conhost.exe[9056] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer + 8 00000000776aebd8 4 bytes {ADD [RAX], AL; JMP RAX} .text C:\Windows\system32\conhost.exe[9056] C:\Windows\SYSTEM32\ntdll.dll!NtQueryFullAttributesFile 00000000776aed10 5 bytes [48, B8, 4C, 12, F8] .text C:\Windows\system32\conhost.exe[9056] C:\Windows\SYSTEM32\ntdll.dll!NtQueryFullAttributesFile + 8 00000000776aed18 4 bytes {ADD [RAX], AL; JMP RAX} .text C:\Windows\system32\conhost.exe[9056] C:\Windows\system32\kernel32.dll!CompareStringA 00000000775507a0 5 bytes JMP 0000000177430d96 .text C:\Windows\system32\conhost.exe[9056] C:\Windows\system32\kernel32.dll!CreateThread 0000000077555a20 5 bytes JMP 0000000177430d57 .text C:\Windows\system32\conhost.exe[9056] C:\Windows\system32\kernel32.dll!CreateProcessInternalW 000000007755dbc0 12 bytes {MOV RAX, 0x1f81734; JMP RAX} .text C:\Windows\system32\conhost.exe[9056] C:\Windows\system32\kernel32.dll!CreateProcessW + 1 0000000077560661 8 bytes [B8, C8, 16, F8, 01, 00, 00, ...] .text C:\Windows\system32\conhost.exe[9056] C:\Windows\system32\kernel32.dll!CreateProcessW + 10 000000007756066a 2 bytes {JMP RAX} .text C:\Windows\system32\conhost.exe[9056] C:\Windows\system32\ole32.dll!CoCreateInstance 000007fefe9d74a0 5 bytes JMP 000007fffe410fd9 .text C:\Windows\system32\conhost.exe[9056] C:\Windows\system32\OLEAUT32.dll!SysAllocString 000007fefe0734a0 5 bytes JMP 000007fefe410ed5 .text C:\Windows\system32\conhost.exe[9056] C:\Windows\system32\SHLWAPI.dll!GetAcceptLanguagesW 000007fefe1db230 5 bytes JMP 000007fefe410f0e .text C:\Windows\system32\conhost.exe[9056] C:\Windows\system32\SHLWAPI.dll!GetAcceptLanguagesA 000007fefe1f5f68 5 bytes JMP 000007fefe410f53 .text C:\Windows\system32\conhost.exe[9056] C:\Windows\system32\WS2_32.dll!GetAddrInfoW 000007fefdc123c0 5 bytes JMP 000007fefe410e93 .text C:\Windows\system32\conhost.exe[9056] C:\Windows\system32\WS2_32.dll!GetAddrInfoExW 000007fefdc1c090 5 bytes JMP 000007fefe410e53 .text C:\Windows\system32\conhost.exe[9056] C:\Windows\system32\urlmon.dll!ObtainUserAgentString 000007fefe5f47f0 5 bytes JMP 000007fffe410f93 .text C:\Windows\system32\conhost.exe[9056] C:\Windows\system32\SSPICLI.DLL!FreeCredentialsHandle 000007fefd1e1d90 12 bytes {MOV RAX, 0x1f82a40; JMP RAX} .text C:\Windows\system32\conhost.exe[9056] C:\Windows\system32\SSPICLI.DLL!AcquireCredentialsHandleA 000007fefd1f5444 12 bytes {MOV RAX, 0x1f817b4; JMP RAX} .text C:\Windows\system32\conhost.exe[9056] C:\Windows\system32\winmm.dll!PlaySoundW 000007fefa012144 5 bytes JMP 000007fffa000f93 .text C:\Windows\system32\conhost.exe[9056] C:\Windows\system32\winmm.dll!waveOutOpen 000007fefa0138d0 5 bytes JMP 000007fffa000f53 .text C:\Windows\system32\conhost.exe[9056] C:\Windows\system32\winmm.dll!PlaySound 000007fefa032f10 5 bytes JMP 000007fffa000fd9 .text C:\Windows\system32\conhost.exe[9056] C:\Windows\system32\mlang.dll!LcidToRfc1766W 000007feeee11744 5 bytes JMP 000007ffeee00fd3 .text C:\Windows\system32\dllhost.exe[1136] C:\Windows\SYSTEM32\ntdll.dll!NtOpenKey 00000000776adcd0 5 bytes [48, B8, C8, C2, 39] .text C:\Windows\system32\dllhost.exe[1136] C:\Windows\SYSTEM32\ntdll.dll!NtOpenKey + 8 00000000776adcd8 4 bytes {ADD [RAX], AL; JMP RAX} .text C:\Windows\system32\dllhost.exe[1136] C:\Windows\SYSTEM32\ntdll.dll!NtCreateKey 00000000776add80 5 bytes [48, B8, 70, C1, 39] .text C:\Windows\system32\dllhost.exe[1136] C:\Windows\SYSTEM32\ntdll.dll!NtCreateKey + 8 00000000776add88 4 bytes {ADD [RAX], AL; JMP RAX} .text C:\Windows\system32\dllhost.exe[1136] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile 00000000776adee0 5 bytes [48, B8, 84, BC, 39] .text C:\Windows\system32\dllhost.exe[1136] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile + 8 00000000776adee8 4 bytes {ADD [RAX], AL; JMP RAX} .text C:\Windows\system32\dllhost.exe[1136] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000776adf20 5 bytes [48, B8, F8, B9, 39] .text C:\Windows\system32\dllhost.exe[1136] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection + 8 00000000776adf28 4 bytes {ADD [RAX], AL; JMP RAX} .text C:\Windows\system32\dllhost.exe[1136] C:\Windows\SYSTEM32\ntdll.dll!NtQueryAttributesFile 00000000776adf80 5 bytes [48, B8, 84, BE, 39] .text C:\Windows\system32\dllhost.exe[1136] C:\Windows\SYSTEM32\ntdll.dll!NtQueryAttributesFile + 8 00000000776adf88 4 bytes {ADD [RAX], AL; JMP RAX} .text C:\Windows\system32\dllhost.exe[1136] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000776adfb0 5 bytes [48, B8, 48, B3, 39] .text C:\Windows\system32\dllhost.exe[1136] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent + 8 00000000776adfb8 4 bytes {ADD [RAX], AL; JMP RAX} .text C:\Windows\system32\dllhost.exe[1136] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000776ae030 5 bytes [48, B8, 24, B2, 39] .text C:\Windows\system32\dllhost.exe[1136] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent + 8 00000000776ae038 4 bytes {ADD [RAX], AL; JMP RAX} .text C:\Windows\system32\dllhost.exe[1136] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000776ae050 3 bytes [48, B8, B4] .text C:\Windows\system32\dllhost.exe[1136] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection + 4 00000000776ae054 1 byte [39] .text ... * 2 .text C:\Windows\system32\dllhost.exe[1136] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000776ae090 5 bytes [48, B8, 34, C3, 39] .text C:\Windows\system32\dllhost.exe[1136] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread + 8 00000000776ae098 4 bytes {ADD [RAX], AL; JMP RAX} .text C:\Windows\system32\dllhost.exe[1136] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 00000000776ae100 5 bytes [48, B8, 20, BA, 39] .text C:\Windows\system32\dllhost.exe[1136] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile + 8 00000000776ae108 4 bytes {ADD [RAX], AL; JMP RAX} .text C:\Windows\system32\dllhost.exe[1136] C:\Windows\SYSTEM32\ntdll.dll!NtOpenDirectoryObject 00000000776ae130 5 bytes [48, B8, FC, B1, 39] .text C:\Windows\system32\dllhost.exe[1136] C:\Windows\SYSTEM32\ntdll.dll!NtOpenDirectoryObject + 8 00000000776ae138 4 bytes {ADD [RAX], AL; JMP RAX} .text C:\Windows\system32\dllhost.exe[1136] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000776ae520 5 bytes [48, B8, 54, C0, 39] .text C:\Windows\system32\dllhost.exe[1136] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion + 8 00000000776ae528 4 bytes {ADD [RAX], AL; JMP RAX} .text C:\Windows\system32\dllhost.exe[1136] C:\Windows\SYSTEM32\ntdll.dll!NtCreateKeyedEvent 00000000776ae560 5 bytes [48, B8, 70, B3, 39] .text C:\Windows\system32\dllhost.exe[1136] C:\Windows\SYSTEM32\ntdll.dll!NtCreateKeyedEvent + 8 00000000776ae568 4 bytes {ADD [RAX], AL; JMP RAX} .text C:\Windows\system32\dllhost.exe[1136] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000776ae580 5 bytes [48, B8, B4, B4, 39] .text C:\Windows\system32\dllhost.exe[1136] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant + 8 00000000776ae588 4 bytes {ADD [RAX], AL; JMP RAX} .text C:\Windows\system32\dllhost.exe[1136] C:\Windows\SYSTEM32\ntdll.dll!NtCreateNamedPipeFile 00000000776ae590 5 bytes [48, B8, E4, BA, 39] .text C:\Windows\system32\dllhost.exe[1136] C:\Windows\SYSTEM32\ntdll.dll!NtCreateNamedPipeFile + 8 00000000776ae598 4 bytes {ADD [RAX], AL; JMP RAX} .text C:\Windows\system32\dllhost.exe[1136] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000776ae610 5 bytes [48, B8, 24, B6, 39] .text C:\Windows\system32\dllhost.exe[1136] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore + 8 00000000776ae618 4 bytes {ADD [RAX], AL; JMP RAX} .text C:\Windows\system32\dllhost.exe[1136] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000776ae640 5 bytes [48, B8, 70, B7, 39] .text C:\Windows\system32\dllhost.exe[1136] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer + 8 00000000776ae648 4 bytes {ADD [RAX], AL; JMP RAX} .text C:\Windows\system32\dllhost.exe[1136] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteFile 00000000776ae700 5 bytes [48, B8, C8, BD, 39] .text C:\Windows\system32\dllhost.exe[1136] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteFile + 8 00000000776ae708 4 bytes {ADD [RAX], AL; JMP RAX} .text C:\Windows\system32\dllhost.exe[1136] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000776aeae0 5 bytes [48, B8, C8, C2, 39] .text C:\Windows\system32\dllhost.exe[1136] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion + 8 00000000776aeae8 4 bytes {ADD [RAX], AL; JMP RAX} .text C:\Windows\system32\dllhost.exe[1136] C:\Windows\SYSTEM32\ntdll.dll!NtOpenKeyEx 00000000776aeb00 5 bytes [48, B8, 00, C3, 39] .text C:\Windows\system32\dllhost.exe[1136] C:\Windows\SYSTEM32\ntdll.dll!NtOpenKeyEx + 8 00000000776aeb08 4 bytes {ADD [RAX], AL; JMP RAX} .text C:\Windows\system32\dllhost.exe[1136] C:\Windows\SYSTEM32\ntdll.dll!NtOpenKeyedEvent 00000000776aeb30 5 bytes [48, B8, 8C, B4, 39] .text C:\Windows\system32\dllhost.exe[1136] C:\Windows\SYSTEM32\ntdll.dll!NtOpenKeyedEvent + 8 00000000776aeb38 4 bytes {ADD [RAX], AL; JMP RAX} .text C:\Windows\system32\dllhost.exe[1136] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000776aeb40 5 bytes [48, B8, FC, B5, 39] .text C:\Windows\system32\dllhost.exe[1136] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant + 8 00000000776aeb48 4 bytes {ADD [RAX], AL; JMP RAX} .text C:\Windows\system32\dllhost.exe[1136] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000776aeb90 5 bytes [48, B8, 48, B7, 39] .text C:\Windows\system32\dllhost.exe[1136] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore + 8 00000000776aeb98 4 bytes {ADD [RAX], AL; JMP RAX} .text C:\Windows\system32\dllhost.exe[1136] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSymbolicLinkObject 00000000776aebb0 5 bytes [48, B8, D8, B1, 39] .text C:\Windows\system32\dllhost.exe[1136] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSymbolicLinkObject + 8 00000000776aebb8 4 bytes {ADD [RAX], AL; JMP RAX} .text C:\Windows\system32\dllhost.exe[1136] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000776aebd0 3 bytes [48, B8, 8C] .text C:\Windows\system32\dllhost.exe[1136] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer + 4 00000000776aebd4 1 byte [39] .text ... * 2 .text C:\Windows\system32\dllhost.exe[1136] C:\Windows\SYSTEM32\ntdll.dll!NtQueryFullAttributesFile 00000000776aed10 6 bytes [48, B8, 6C, BF, 39, 00] .text C:\Windows\system32\dllhost.exe[1136] C:\Windows\SYSTEM32\ntdll.dll!NtQueryFullAttributesFile + 8 00000000776aed18 4 bytes {ADD [RAX], AL; JMP RAX} .text C:\Windows\system32\dllhost.exe[1136] C:\Windows\system32\kernel32.dll!CompareStringA 00000000775507a0 5 bytes JMP 0000000177430d96 .text C:\Windows\system32\dllhost.exe[1136] C:\Windows\system32\kernel32.dll!CreateThread 0000000077555a20 5 bytes JMP 0000000177430d57 .text C:\Windows\system32\dllhost.exe[1136] C:\Windows\system32\kernel32.dll!CreateProcessInternalW 000000007755dbc0 12 bytes {MOV RAX, 0x39c454; JMP RAX} .text C:\Windows\system32\dllhost.exe[1136] C:\Windows\system32\kernel32.dll!CreateProcessW + 1 0000000077560661 8 bytes [B8, E8, C3, 39, 00, 00, 00, ...] .text C:\Windows\system32\dllhost.exe[1136] C:\Windows\system32\kernel32.dll!CreateProcessW + 10 000000007756066a 2 bytes {JMP RAX} .text C:\Windows\system32\dllhost.exe[1136] C:\Windows\system32\ole32.dll!CoCreateInstance 000007fefe9d74a0 5 bytes JMP 000007fffe410fd9 .text C:\Windows\system32\dllhost.exe[1136] C:\Windows\system32\SHLWAPI.dll!GetAcceptLanguagesW 000007fefe1db230 5 bytes JMP 000007fefe410f0e .text C:\Windows\system32\dllhost.exe[1136] C:\Windows\system32\SHLWAPI.dll!GetAcceptLanguagesA 000007fefe1f5f68 5 bytes JMP 000007fefe410f53 .text C:\Windows\system32\dllhost.exe[1136] C:\Windows\system32\OLEAUT32.dll!SysAllocString 000007fefe0734a0 5 bytes JMP 000007fefe410ed5 .text C:\Windows\system32\dllhost.exe[1136] C:\Windows\system32\WS2_32.dll!GetAddrInfoW 000007fefdc123c0 5 bytes JMP 000007fefe410e93 .text C:\Windows\system32\dllhost.exe[1136] C:\Windows\system32\WS2_32.dll!GetAddrInfoExW 000007fefdc1c090 5 bytes JMP 000007fefe410e53 .text C:\Windows\system32\dllhost.exe[1136] C:\Windows\system32\urlmon.dll!ObtainUserAgentString 000007fefe5f47f0 5 bytes JMP 000007fffe410f93 .text C:\Windows\system32\dllhost.exe[1136] C:\Windows\system32\SSPICLI.DLL!FreeCredentialsHandle 000007fefd1e1d90 12 bytes {MOV RAX, 0x39d760; JMP RAX} .text C:\Windows\system32\dllhost.exe[1136] C:\Windows\system32\SSPICLI.DLL!AcquireCredentialsHandleA 000007fefd1f5444 12 bytes {MOV RAX, 0x39c4d4; JMP RAX} .text C:\Windows\system32\dllhost.exe[1136] C:\Windows\system32\winmm.dll!PlaySoundW 000007fefa012144 5 bytes JMP 000007fffa000f93 .text C:\Windows\system32\dllhost.exe[1136] C:\Windows\system32\winmm.dll!waveOutOpen 000007fefa0138d0 5 bytes JMP 000007fffa000f53 .text C:\Windows\system32\dllhost.exe[1136] C:\Windows\system32\winmm.dll!PlaySound 000007fefa032f10 5 bytes JMP 000007fffa000fd9 .text C:\Windows\system32\dllhost.exe[1136] C:\Windows\system32\mlang.dll!LcidToRfc1766W 000007feeee11744 5 bytes JMP 000007ffeee00fd3 .text C:\Windows\system32\cmd.exe[3924] C:\Windows\SYSTEM32\ntdll.dll!NtOpenKey 00000000776adcd0 5 bytes [48, B8, 28, 1F, 41] .text C:\Windows\system32\cmd.exe[3924] C:\Windows\SYSTEM32\ntdll.dll!NtOpenKey + 8 00000000776adcd8 4 bytes {ADD [RAX], AL; JMP RAX} .text C:\Windows\system32\cmd.exe[3924] C:\Windows\SYSTEM32\ntdll.dll!NtCreateKey 00000000776add80 5 bytes [48, B8, D0, 1D, 41] .text C:\Windows\system32\cmd.exe[3924] C:\Windows\SYSTEM32\ntdll.dll!NtCreateKey + 8 00000000776add88 4 bytes {ADD [RAX], AL; JMP RAX} .text C:\Windows\system32\cmd.exe[3924] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile 00000000776adee0 5 bytes [48, B8, E4, 18, 41] .text C:\Windows\system32\cmd.exe[3924] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile + 8 00000000776adee8 4 bytes {ADD [RAX], AL; JMP RAX} .text C:\Windows\system32\cmd.exe[3924] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000776adf20 5 bytes [48, B8, 58, 16, 41] .text C:\Windows\system32\cmd.exe[3924] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection + 8 00000000776adf28 4 bytes {ADD [RAX], AL; JMP RAX} .text C:\Windows\system32\cmd.exe[3924] C:\Windows\SYSTEM32\ntdll.dll!NtQueryAttributesFile 00000000776adf80 5 bytes [48, B8, E4, 1A, 41] .text C:\Windows\system32\cmd.exe[3924] C:\Windows\SYSTEM32\ntdll.dll!NtQueryAttributesFile + 8 00000000776adf88 4 bytes {ADD [RAX], AL; JMP RAX} .text C:\Windows\system32\cmd.exe[3924] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000776adfb0 5 bytes [48, B8, A8, 0F, 41] .text C:\Windows\system32\cmd.exe[3924] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent + 8 00000000776adfb8 4 bytes {ADD [RAX], AL; JMP RAX} .text C:\Windows\system32\cmd.exe[3924] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000776ae030 5 bytes [48, B8, 84, 0E, 41] .text C:\Windows\system32\cmd.exe[3924] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent + 8 00000000776ae038 4 bytes {ADD [RAX], AL; JMP RAX} .text C:\Windows\system32\cmd.exe[3924] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000776ae050 5 bytes [48, B8, 14, 15, 41] .text C:\Windows\system32\cmd.exe[3924] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection + 8 00000000776ae058 4 bytes {ADD [RAX], AL; JMP RAX} .text C:\Windows\system32\cmd.exe[3924] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000776ae090 5 bytes [48, B8, 94, 1F, 41] .text C:\Windows\system32\cmd.exe[3924] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread + 8 00000000776ae098 4 bytes {ADD [RAX], AL; JMP RAX} .text C:\Windows\system32\cmd.exe[3924] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 00000000776ae100 5 bytes [48, B8, 80, 16, 41] .text C:\Windows\system32\cmd.exe[3924] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile + 8 00000000776ae108 4 bytes {ADD [RAX], AL; JMP RAX} .text C:\Windows\system32\cmd.exe[3924] C:\Windows\SYSTEM32\ntdll.dll!NtOpenDirectoryObject 00000000776ae130 5 bytes [48, B8, 5C, 0E, 41] .text C:\Windows\system32\cmd.exe[3924] C:\Windows\SYSTEM32\ntdll.dll!NtOpenDirectoryObject + 8 00000000776ae138 4 bytes {ADD [RAX], AL; JMP RAX} .text C:\Windows\system32\cmd.exe[3924] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000776ae520 5 bytes [48, B8, B4, 1C, 41] .text C:\Windows\system32\cmd.exe[3924] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion + 8 00000000776ae528 4 bytes {ADD [RAX], AL; JMP RAX} .text C:\Windows\system32\cmd.exe[3924] C:\Windows\SYSTEM32\ntdll.dll!NtCreateKeyedEvent 00000000776ae560 5 bytes [48, B8, D0, 0F, 41] .text C:\Windows\system32\cmd.exe[3924] C:\Windows\SYSTEM32\ntdll.dll!NtCreateKeyedEvent + 8 00000000776ae568 4 bytes {ADD [RAX], AL; JMP RAX} .text C:\Windows\system32\cmd.exe[3924] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000776ae580 5 bytes [48, B8, 14, 11, 41] .text C:\Windows\system32\cmd.exe[3924] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant + 8 00000000776ae588 4 bytes {ADD [RAX], AL; JMP RAX} .text C:\Windows\system32\cmd.exe[3924] C:\Windows\SYSTEM32\ntdll.dll!NtCreateNamedPipeFile 00000000776ae590 5 bytes [48, B8, 44, 17, 41] .text C:\Windows\system32\cmd.exe[3924] C:\Windows\SYSTEM32\ntdll.dll!NtCreateNamedPipeFile + 8 00000000776ae598 4 bytes {ADD [RAX], AL; JMP RAX} .text C:\Windows\system32\cmd.exe[3924] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000776ae610 5 bytes [48, B8, 84, 12, 41] .text C:\Windows\system32\cmd.exe[3924] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore + 8 00000000776ae618 4 bytes {ADD [RAX], AL; JMP RAX} .text C:\Windows\system32\cmd.exe[3924] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000776ae640 5 bytes [48, B8, D0, 13, 41] .text C:\Windows\system32\cmd.exe[3924] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer + 8 00000000776ae648 4 bytes {ADD [RAX], AL; JMP RAX} .text C:\Windows\system32\cmd.exe[3924] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteFile 00000000776ae700 5 bytes [48, B8, 28, 1A, 41] .text C:\Windows\system32\cmd.exe[3924] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteFile + 8 00000000776ae708 4 bytes {ADD [RAX], AL; JMP RAX} .text C:\Windows\system32\cmd.exe[3924] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000776aeae0 5 bytes [48, B8, 28, 1F, 41] .text C:\Windows\system32\cmd.exe[3924] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion + 8 00000000776aeae8 4 bytes {ADD [RAX], AL; JMP RAX} .text C:\Windows\system32\cmd.exe[3924] C:\Windows\SYSTEM32\ntdll.dll!NtOpenKeyEx 00000000776aeb00 5 bytes [48, B8, 60, 1F, 41] .text C:\Windows\system32\cmd.exe[3924] C:\Windows\SYSTEM32\ntdll.dll!NtOpenKeyEx + 8 00000000776aeb08 4 bytes {ADD [RAX], AL; JMP RAX} .text C:\Windows\system32\cmd.exe[3924] C:\Windows\SYSTEM32\ntdll.dll!NtOpenKeyedEvent 00000000776aeb30 5 bytes [48, B8, EC, 10, 41] .text C:\Windows\system32\cmd.exe[3924] C:\Windows\SYSTEM32\ntdll.dll!NtOpenKeyedEvent + 8 00000000776aeb38 4 bytes {ADD [RAX], AL; JMP RAX} .text C:\Windows\system32\cmd.exe[3924] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000776aeb40 5 bytes [48, B8, 5C, 12, 41] .text C:\Windows\system32\cmd.exe[3924] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant + 8 00000000776aeb48 4 bytes {ADD [RAX], AL; JMP RAX} .text C:\Windows\system32\cmd.exe[3924] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000776aeb90 5 bytes [48, B8, A8, 13, 41] .text C:\Windows\system32\cmd.exe[3924] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore + 8 00000000776aeb98 4 bytes {ADD [RAX], AL; JMP RAX} .text C:\Windows\system32\cmd.exe[3924] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSymbolicLinkObject 00000000776aebb0 5 bytes [48, B8, 38, 0E, 41] .text C:\Windows\system32\cmd.exe[3924] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSymbolicLinkObject + 8 00000000776aebb8 4 bytes {ADD [RAX], AL; JMP RAX} .text C:\Windows\system32\cmd.exe[3924] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000776aebd0 5 bytes [48, B8, EC, 14, 41] .text C:\Windows\system32\cmd.exe[3924] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer + 8 00000000776aebd8 4 bytes {ADD [RAX], AL; JMP RAX} .text C:\Windows\system32\cmd.exe[3924] C:\Windows\SYSTEM32\ntdll.dll!NtQueryFullAttributesFile 00000000776aed10 6 bytes [48, B8, CC, 1B, 41, 00] .text C:\Windows\system32\cmd.exe[3924] C:\Windows\SYSTEM32\ntdll.dll!NtQueryFullAttributesFile + 8 00000000776aed18 4 bytes {ADD [RAX], AL; JMP RAX} .text C:\Windows\system32\cmd.exe[3924] C:\Windows\system32\kernel32.dll!CompareStringA 00000000775507a0 5 bytes JMP 0000000177430d96 .text C:\Windows\system32\cmd.exe[3924] C:\Windows\system32\kernel32.dll!CreateThread 0000000077555a20 5 bytes JMP 0000000177430d57 .text C:\Windows\system32\cmd.exe[3924] C:\Windows\system32\kernel32.dll!CreateProcessInternalW 000000007755dbc0 12 bytes {MOV RAX, 0x4120b4; JMP RAX} .text C:\Windows\system32\cmd.exe[3924] C:\Windows\system32\kernel32.dll!CreateProcessW + 1 0000000077560661 8 bytes [B8, 48, 20, 41, 00, 00, 00, ...] .text C:\Windows\system32\cmd.exe[3924] C:\Windows\system32\kernel32.dll!CreateProcessW + 10 000000007756066a 2 bytes {JMP RAX} .text C:\Windows\system32\cmd.exe[3924] C:\Windows\system32\SHLWAPI.dll!GetAcceptLanguagesW 000007fefe1db230 5 bytes JMP 000007fefe410f0e .text C:\Windows\system32\cmd.exe[3924] C:\Windows\system32\SHLWAPI.dll!GetAcceptLanguagesA 000007fefe1f5f68 5 bytes JMP 000007fefe410f53 .text C:\Windows\system32\cmd.exe[3924] C:\Windows\system32\ole32.dll!CoCreateInstance 000007fefe9d74a0 5 bytes JMP 000007fffe410fd9 .text C:\Windows\system32\cmd.exe[3924] C:\Windows\system32\OLEAUT32.dll!SysAllocString 000007fefe0734a0 5 bytes JMP 000007fefe410ed5 .text C:\Windows\system32\cmd.exe[3924] C:\Windows\system32\WS2_32.dll!GetAddrInfoW 000007fefdc123c0 5 bytes JMP 000007fefe410e93 .text C:\Windows\system32\cmd.exe[3924] C:\Windows\system32\WS2_32.dll!GetAddrInfoExW 000007fefdc1c090 5 bytes JMP 000007fefe410e53 .text C:\Windows\system32\cmd.exe[3924] C:\Windows\system32\urlmon.dll!ObtainUserAgentString 000007fefe5f47f0 5 bytes JMP 000007fffe410f93 .text C:\Windows\system32\cmd.exe[3924] C:\Windows\system32\SSPICLI.DLL!FreeCredentialsHandle 000007fefd1e1d90 12 bytes {MOV RAX, 0x4133c0; JMP RAX} .text C:\Windows\system32\cmd.exe[3924] C:\Windows\system32\SSPICLI.DLL!AcquireCredentialsHandleA 000007fefd1f5444 12 bytes {MOV RAX, 0x412134; JMP RAX} .text C:\Windows\system32\cmd.exe[3924] C:\Windows\system32\winmm.dll!PlaySoundW 000007fefa012144 5 bytes JMP 000007fffa000f93 .text C:\Windows\system32\cmd.exe[3924] C:\Windows\system32\winmm.dll!waveOutOpen 000007fefa0138d0 5 bytes JMP 000007fffa000f53 .text C:\Windows\system32\cmd.exe[3924] C:\Windows\system32\winmm.dll!PlaySound 000007fefa032f10 5 bytes JMP 000007fffa000fd9 .text C:\Windows\system32\cmd.exe[3924] C:\Windows\system32\mlang.dll!LcidToRfc1766W 000007feeee11744 5 bytes JMP 000007ffeee00fd3 .text C:\Windows\system32\conhost.exe[5400] C:\Windows\SYSTEM32\ntdll.dll!NtOpenKey 00000000776adcd0 6 bytes [48, B8, E8, 0D, DA, 01] .text C:\Windows\system32\conhost.exe[5400] C:\Windows\SYSTEM32\ntdll.dll!NtOpenKey + 8 00000000776adcd8 4 bytes {ADD [RAX], AL; JMP RAX} .text C:\Windows\system32\conhost.exe[5400] C:\Windows\SYSTEM32\ntdll.dll!NtCreateKey 00000000776add80 6 bytes [48, B8, 90, 0C, DA, 01] .text C:\Windows\system32\conhost.exe[5400] C:\Windows\SYSTEM32\ntdll.dll!NtCreateKey + 8 00000000776add88 4 bytes {ADD [RAX], AL; JMP RAX} .text C:\Windows\system32\conhost.exe[5400] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile 00000000776adee0 6 bytes [48, B8, A4, 07, DA, 01] .text C:\Windows\system32\conhost.exe[5400] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile + 8 00000000776adee8 4 bytes {ADD [RAX], AL; JMP RAX} .text C:\Windows\system32\conhost.exe[5400] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000776adf20 6 bytes [48, B8, 18, 05, DA, 01] .text C:\Windows\system32\conhost.exe[5400] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection + 8 00000000776adf28 4 bytes {ADD [RAX], AL; JMP RAX} .text C:\Windows\system32\conhost.exe[5400] C:\Windows\SYSTEM32\ntdll.dll!NtQueryAttributesFile 00000000776adf80 6 bytes [48, B8, A4, 09, DA, 01] .text C:\Windows\system32\conhost.exe[5400] C:\Windows\SYSTEM32\ntdll.dll!NtQueryAttributesFile + 8 00000000776adf88 4 bytes {ADD [RAX], AL; JMP RAX} .text C:\Windows\system32\conhost.exe[5400] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000776adfb0 6 bytes [48, B8, 68, FE, D9, 01] .text C:\Windows\system32\conhost.exe[5400] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent + 8 00000000776adfb8 4 bytes {ADD [RAX], AL; JMP RAX} .text C:\Windows\system32\conhost.exe[5400] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000776ae030 6 bytes [48, B8, 44, FD, D9, 01] .text C:\Windows\system32\conhost.exe[5400] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent + 8 00000000776ae038 4 bytes {ADD [RAX], AL; JMP RAX} .text C:\Windows\system32\conhost.exe[5400] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000776ae050 6 bytes [48, B8, D4, 03, DA, 01] .text C:\Windows\system32\conhost.exe[5400] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection + 8 00000000776ae058 4 bytes {ADD [RAX], AL; JMP RAX} .text C:\Windows\system32\conhost.exe[5400] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000776ae090 6 bytes [48, B8, 54, 0E, DA, 01] .text C:\Windows\system32\conhost.exe[5400] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread + 8 00000000776ae098 4 bytes {ADD [RAX], AL; JMP RAX} .text C:\Windows\system32\conhost.exe[5400] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 00000000776ae100 6 bytes [48, B8, 40, 05, DA, 01] .text C:\Windows\system32\conhost.exe[5400] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile + 8 00000000776ae108 4 bytes {ADD [RAX], AL; JMP RAX} .text C:\Windows\system32\conhost.exe[5400] C:\Windows\SYSTEM32\ntdll.dll!NtOpenDirectoryObject 00000000776ae130 6 bytes [48, B8, 1C, FD, D9, 01] .text C:\Windows\system32\conhost.exe[5400] C:\Windows\SYSTEM32\ntdll.dll!NtOpenDirectoryObject + 8 00000000776ae138 4 bytes {ADD [RAX], AL; JMP RAX} .text C:\Windows\system32\conhost.exe[5400] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000776ae520 6 bytes [48, B8, 74, 0B, DA, 01] .text C:\Windows\system32\conhost.exe[5400] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion + 8 00000000776ae528 4 bytes {ADD [RAX], AL; JMP RAX} .text C:\Windows\system32\conhost.exe[5400] C:\Windows\SYSTEM32\ntdll.dll!NtCreateKeyedEvent 00000000776ae560 6 bytes [48, B8, 90, FE, D9, 01] .text C:\Windows\system32\conhost.exe[5400] C:\Windows\SYSTEM32\ntdll.dll!NtCreateKeyedEvent + 8 00000000776ae568 4 bytes {ADD [RAX], AL; JMP RAX} .text C:\Windows\system32\conhost.exe[5400] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000776ae580 6 bytes [48, B8, D4, FF, D9, 01] .text C:\Windows\system32\conhost.exe[5400] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant + 8 00000000776ae588 4 bytes {ADD [RAX], AL; JMP RAX} .text C:\Windows\system32\conhost.exe[5400] C:\Windows\SYSTEM32\ntdll.dll!NtCreateNamedPipeFile 00000000776ae590 6 bytes [48, B8, 04, 06, DA, 01] .text C:\Windows\system32\conhost.exe[5400] C:\Windows\SYSTEM32\ntdll.dll!NtCreateNamedPipeFile + 8 00000000776ae598 4 bytes {ADD [RAX], AL; JMP RAX} .text C:\Windows\system32\conhost.exe[5400] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000776ae610 6 bytes [48, B8, 44, 01, DA, 01] .text C:\Windows\system32\conhost.exe[5400] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore + 8 00000000776ae618 4 bytes {ADD [RAX], AL; JMP RAX} .text C:\Windows\system32\conhost.exe[5400] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000776ae640 6 bytes [48, B8, 90, 02, DA, 01] .text C:\Windows\system32\conhost.exe[5400] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer + 8 00000000776ae648 4 bytes {ADD [RAX], AL; JMP RAX} .text C:\Windows\system32\conhost.exe[5400] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteFile 00000000776ae700 6 bytes [48, B8, E8, 08, DA, 01] .text C:\Windows\system32\conhost.exe[5400] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteFile + 8 00000000776ae708 4 bytes {ADD [RAX], AL; JMP RAX} .text C:\Windows\system32\conhost.exe[5400] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000776aeae0 6 bytes [48, B8, E8, 0D, DA, 01] .text C:\Windows\system32\conhost.exe[5400] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion + 8 00000000776aeae8 4 bytes {ADD [RAX], AL; JMP RAX} .text C:\Windows\system32\conhost.exe[5400] C:\Windows\SYSTEM32\ntdll.dll!NtOpenKeyEx 00000000776aeb00 6 bytes [48, B8, 20, 0E, DA, 01] .text C:\Windows\system32\conhost.exe[5400] C:\Windows\SYSTEM32\ntdll.dll!NtOpenKeyEx + 8 00000000776aeb08 4 bytes {ADD [RAX], AL; JMP RAX} .text C:\Windows\system32\conhost.exe[5400] C:\Windows\SYSTEM32\ntdll.dll!NtOpenKeyedEvent 00000000776aeb30 6 bytes [48, B8, AC, FF, D9, 01] .text C:\Windows\system32\conhost.exe[5400] C:\Windows\SYSTEM32\ntdll.dll!NtOpenKeyedEvent + 8 00000000776aeb38 4 bytes {ADD [RAX], AL; JMP RAX} .text C:\Windows\system32\conhost.exe[5400] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000776aeb40 6 bytes [48, B8, 1C, 01, DA, 01] .text C:\Windows\system32\conhost.exe[5400] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant + 8 00000000776aeb48 4 bytes {ADD [RAX], AL; JMP RAX} .text C:\Windows\system32\conhost.exe[5400] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000776aeb90 6 bytes [48, B8, 68, 02, DA, 01] .text C:\Windows\system32\conhost.exe[5400] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore + 8 00000000776aeb98 4 bytes {ADD [RAX], AL; JMP RAX} .text C:\Windows\system32\conhost.exe[5400] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSymbolicLinkObject 00000000776aebb0 6 bytes [48, B8, F8, FC, D9, 01] .text C:\Windows\system32\conhost.exe[5400] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSymbolicLinkObject + 8 00000000776aebb8 4 bytes {ADD [RAX], AL; JMP RAX} .text C:\Windows\system32\conhost.exe[5400] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000776aebd0 6 bytes [48, B8, AC, 03, DA, 01] .text C:\Windows\system32\conhost.exe[5400] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer + 8 00000000776aebd8 4 bytes {ADD [RAX], AL; JMP RAX} .text C:\Windows\system32\conhost.exe[5400] C:\Windows\SYSTEM32\ntdll.dll!NtQueryFullAttributesFile 00000000776aed10 5 bytes [48, B8, 8C, 0A, DA] .text C:\Windows\system32\conhost.exe[5400] C:\Windows\SYSTEM32\ntdll.dll!NtQueryFullAttributesFile + 8 00000000776aed18 4 bytes {ADD [RAX], AL; JMP RAX} .text C:\Windows\system32\conhost.exe[5400] C:\Windows\system32\kernel32.dll!CompareStringA 00000000775507a0 5 bytes JMP 0000000177430d96 .text C:\Windows\system32\conhost.exe[5400] C:\Windows\system32\kernel32.dll!CreateThread 0000000077555a20 5 bytes JMP 0000000177430d57 .text C:\Windows\system32\conhost.exe[5400] C:\Windows\system32\kernel32.dll!CreateProcessInternalW 000000007755dbc0 12 bytes {MOV RAX, 0x1da0f74; JMP RAX} .text C:\Windows\system32\conhost.exe[5400] C:\Windows\system32\kernel32.dll!CreateProcessW + 1 0000000077560661 8 bytes [B8, 08, 0F, DA, 01, 00, 00, ...] .text C:\Windows\system32\conhost.exe[5400] C:\Windows\system32\kernel32.dll!CreateProcessW + 10 000000007756066a 2 bytes {JMP RAX} .text C:\Windows\system32\conhost.exe[5400] C:\Windows\system32\ole32.dll!CoCreateInstance 000007fefe9d74a0 5 bytes JMP 000007fffe410fd9 .text C:\Windows\system32\conhost.exe[5400] C:\Windows\system32\OLEAUT32.dll!SysAllocString 000007fefe0734a0 5 bytes JMP 000007fefe410ed5 .text C:\Windows\system32\conhost.exe[5400] C:\Windows\system32\SHLWAPI.dll!GetAcceptLanguagesW 000007fefe1db230 5 bytes JMP 000007fefe410f0e .text C:\Windows\system32\conhost.exe[5400] C:\Windows\system32\SHLWAPI.dll!GetAcceptLanguagesA 000007fefe1f5f68 5 bytes JMP 000007fefe410f53 .text C:\Windows\system32\conhost.exe[5400] C:\Windows\system32\WS2_32.dll!GetAddrInfoW 000007fefdc123c0 5 bytes JMP 000007fefe410e93 .text C:\Windows\system32\conhost.exe[5400] C:\Windows\system32\WS2_32.dll!GetAddrInfoExW 000007fefdc1c090 5 bytes JMP 000007fefe410e53 .text C:\Windows\system32\conhost.exe[5400] C:\Windows\system32\urlmon.dll!ObtainUserAgentString 000007fefe5f47f0 5 bytes JMP 000007fffe410f93 .text C:\Windows\system32\conhost.exe[5400] C:\Windows\system32\SSPICLI.DLL!FreeCredentialsHandle 000007fefd1e1d90 12 bytes {MOV RAX, 0x1da2280; JMP RAX} .text C:\Windows\system32\conhost.exe[5400] C:\Windows\system32\SSPICLI.DLL!AcquireCredentialsHandleA 000007fefd1f5444 12 bytes {MOV RAX, 0x1da0ff4; JMP RAX} .text C:\Windows\system32\conhost.exe[5400] C:\Windows\system32\winmm.dll!PlaySoundW 000007fefa012144 5 bytes JMP 000007fffa000f93 .text C:\Windows\system32\conhost.exe[5400] C:\Windows\system32\winmm.dll!waveOutOpen 000007fefa0138d0 5 bytes JMP 000007fffa000f53 .text C:\Windows\system32\conhost.exe[5400] C:\Windows\system32\winmm.dll!PlaySound 000007fefa032f10 5 bytes JMP 000007fffa000fd9 .text C:\Windows\system32\conhost.exe[5400] C:\Windows\system32\mlang.dll!LcidToRfc1766W 000007feeee11744 5 bytes JMP 000007ffeee00fd3 .text C:\Windows\system32\PresentationHost.exe[8860] C:\Windows\SYSTEM32\ntdll.dll!NtOpenKey 00000000776adcd0 6 bytes [48, B8, 08, B5, 27, 02] .text C:\Windows\system32\PresentationHost.exe[8860] C:\Windows\SYSTEM32\ntdll.dll!NtOpenKey + 8 00000000776adcd8 4 bytes {ADD [RAX], AL; JMP RAX} .text C:\Windows\system32\PresentationHost.exe[8860] C:\Windows\SYSTEM32\ntdll.dll!NtCreateKey 00000000776add80 6 bytes [48, B8, B0, B3, 27, 02] .text C:\Windows\system32\PresentationHost.exe[8860] C:\Windows\SYSTEM32\ntdll.dll!NtCreateKey + 8 00000000776add88 4 bytes {ADD [RAX], AL; JMP RAX} .text C:\Windows\system32\PresentationHost.exe[8860] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile 00000000776adee0 6 bytes [48, B8, C4, AE, 27, 02] .text C:\Windows\system32\PresentationHost.exe[8860] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile + 8 00000000776adee8 4 bytes {ADD [RAX], AL; JMP RAX} .text C:\Windows\system32\PresentationHost.exe[8860] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000776adf20 6 bytes [48, B8, 38, AC, 27, 02] .text C:\Windows\system32\PresentationHost.exe[8860] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection + 8 00000000776adf28 4 bytes {ADD [RAX], AL; JMP RAX} .text C:\Windows\system32\PresentationHost.exe[8860] C:\Windows\SYSTEM32\ntdll.dll!NtQueryAttributesFile 00000000776adf80 6 bytes [48, B8, C4, B0, 27, 02] .text C:\Windows\system32\PresentationHost.exe[8860] C:\Windows\SYSTEM32\ntdll.dll!NtQueryAttributesFile + 8 00000000776adf88 4 bytes {ADD [RAX], AL; JMP RAX} .text C:\Windows\system32\PresentationHost.exe[8860] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000776adfb0 6 bytes [48, B8, 88, A5, 27, 02] .text C:\Windows\system32\PresentationHost.exe[8860] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent + 8 00000000776adfb8 4 bytes {ADD [RAX], AL; JMP RAX} .text C:\Windows\system32\PresentationHost.exe[8860] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000776ae030 6 bytes [48, B8, 64, A4, 27, 02] .text C:\Windows\system32\PresentationHost.exe[8860] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent + 8 00000000776ae038 4 bytes {ADD [RAX], AL; JMP RAX} .text C:\Windows\system32\PresentationHost.exe[8860] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000776ae050 6 bytes [48, B8, F4, AA, 27, 02] .text C:\Windows\system32\PresentationHost.exe[8860] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection + 8 00000000776ae058 4 bytes {ADD [RAX], AL; JMP RAX} .text C:\Windows\system32\PresentationHost.exe[8860] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000776ae090 6 bytes [48, B8, 74, B5, 27, 02] .text C:\Windows\system32\PresentationHost.exe[8860] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread + 8 00000000776ae098 4 bytes {ADD [RAX], AL; JMP RAX} .text C:\Windows\system32\PresentationHost.exe[8860] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 00000000776ae100 6 bytes [48, B8, 60, AC, 27, 02] .text C:\Windows\system32\PresentationHost.exe[8860] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile + 8 00000000776ae108 4 bytes {ADD [RAX], AL; JMP RAX} .text C:\Windows\system32\PresentationHost.exe[8860] C:\Windows\SYSTEM32\ntdll.dll!NtOpenDirectoryObject 00000000776ae130 6 bytes [48, B8, 3C, A4, 27, 02] .text C:\Windows\system32\PresentationHost.exe[8860] C:\Windows\SYSTEM32\ntdll.dll!NtOpenDirectoryObject + 8 00000000776ae138 4 bytes {ADD [RAX], AL; JMP RAX} .text C:\Windows\system32\PresentationHost.exe[8860] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000776ae520 6 bytes [48, B8, 94, B2, 27, 02] .text C:\Windows\system32\PresentationHost.exe[8860] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion + 8 00000000776ae528 4 bytes {ADD [RAX], AL; JMP RAX} .text C:\Windows\system32\PresentationHost.exe[8860] C:\Windows\SYSTEM32\ntdll.dll!NtCreateKeyedEvent 00000000776ae560 6 bytes [48, B8, B0, A5, 27, 02] .text C:\Windows\system32\PresentationHost.exe[8860] C:\Windows\SYSTEM32\ntdll.dll!NtCreateKeyedEvent + 8 00000000776ae568 4 bytes {ADD [RAX], AL; JMP RAX} .text C:\Windows\system32\PresentationHost.exe[8860] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000776ae580 6 bytes [48, B8, F4, A6, 27, 02] .text C:\Windows\system32\PresentationHost.exe[8860] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant + 8 00000000776ae588 4 bytes {ADD [RAX], AL; JMP RAX} .text C:\Windows\system32\PresentationHost.exe[8860] C:\Windows\SYSTEM32\ntdll.dll!NtCreateNamedPipeFile 00000000776ae590 6 bytes [48, B8, 24, AD, 27, 02] .text C:\Windows\system32\PresentationHost.exe[8860] C:\Windows\SYSTEM32\ntdll.dll!NtCreateNamedPipeFile + 8 00000000776ae598 4 bytes {ADD [RAX], AL; JMP RAX} .text C:\Windows\system32\PresentationHost.exe[8860] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000776ae610 6 bytes [48, B8, 64, A8, 27, 02] .text C:\Windows\system32\PresentationHost.exe[8860] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore + 8 00000000776ae618 4 bytes {ADD [RAX], AL; JMP RAX} .text C:\Windows\system32\PresentationHost.exe[8860] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000776ae640 6 bytes [48, B8, B0, A9, 27, 02] .text C:\Windows\system32\PresentationHost.exe[8860] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer + 8 00000000776ae648 4 bytes {ADD [RAX], AL; JMP RAX} .text C:\Windows\system32\PresentationHost.exe[8860] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteFile 00000000776ae700 6 bytes [48, B8, 08, B0, 27, 02] .text C:\Windows\system32\PresentationHost.exe[8860] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteFile + 8 00000000776ae708 4 bytes {ADD [RAX], AL; JMP RAX} .text C:\Windows\system32\PresentationHost.exe[8860] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000776aeae0 6 bytes [48, B8, 08, B5, 27, 02] .text C:\Windows\system32\PresentationHost.exe[8860] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion + 8 00000000776aeae8 4 bytes {ADD [RAX], AL; JMP RAX} .text C:\Windows\system32\PresentationHost.exe[8860] C:\Windows\SYSTEM32\ntdll.dll!NtOpenKeyEx 00000000776aeb00 6 bytes [48, B8, 40, B5, 27, 02] .text C:\Windows\system32\PresentationHost.exe[8860] C:\Windows\SYSTEM32\ntdll.dll!NtOpenKeyEx + 8 00000000776aeb08 4 bytes {ADD [RAX], AL; JMP RAX} .text C:\Windows\system32\PresentationHost.exe[8860] C:\Windows\SYSTEM32\ntdll.dll!NtOpenKeyedEvent 00000000776aeb30 6 bytes [48, B8, CC, A6, 27, 02] .text C:\Windows\system32\PresentationHost.exe[8860] C:\Windows\SYSTEM32\ntdll.dll!NtOpenKeyedEvent + 8 00000000776aeb38 4 bytes {ADD [RAX], AL; JMP RAX} .text C:\Windows\system32\PresentationHost.exe[8860] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000776aeb40 6 bytes [48, B8, 3C, A8, 27, 02] .text C:\Windows\system32\PresentationHost.exe[8860] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant + 8 00000000776aeb48 4 bytes {ADD [RAX], AL; JMP RAX} .text C:\Windows\system32\PresentationHost.exe[8860] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000776aeb90 6 bytes [48, B8, 88, A9, 27, 02] .text C:\Windows\system32\PresentationHost.exe[8860] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore + 8 00000000776aeb98 4 bytes {ADD [RAX], AL; JMP RAX} .text C:\Windows\system32\PresentationHost.exe[8860] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSymbolicLinkObject 00000000776aebb0 6 bytes [48, B8, 18, A4, 27, 02] .text C:\Windows\system32\PresentationHost.exe[8860] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSymbolicLinkObject + 8 00000000776aebb8 4 bytes {ADD [RAX], AL; JMP RAX} .text C:\Windows\system32\PresentationHost.exe[8860] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000776aebd0 6 bytes [48, B8, CC, AA, 27, 02] .text C:\Windows\system32\PresentationHost.exe[8860] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer + 8 00000000776aebd8 4 bytes {ADD [RAX], AL; JMP RAX} .text C:\Windows\system32\PresentationHost.exe[8860] C:\Windows\SYSTEM32\ntdll.dll!NtQueryFullAttributesFile 00000000776aed10 6 bytes [48, B8, AC, B1, 27, 02] .text C:\Windows\system32\PresentationHost.exe[8860] C:\Windows\SYSTEM32\ntdll.dll!NtQueryFullAttributesFile + 8 00000000776aed18 4 bytes {ADD [RAX], AL; JMP RAX} .text C:\Windows\system32\PresentationHost.exe[8860] C:\Windows\system32\kernel32.dll!CompareStringA 00000000775507a0 5 bytes JMP 0000000177430d96 .text C:\Windows\system32\PresentationHost.exe[8860] C:\Windows\system32\kernel32.dll!CreateThread 0000000077555a20 5 bytes JMP 0000000177430d57 .text C:\Windows\system32\PresentationHost.exe[8860] C:\Windows\system32\kernel32.dll!CreateProcessInternalW 000000007755dbc0 12 bytes {MOV RAX, 0x227b694; JMP RAX} .text C:\Windows\system32\PresentationHost.exe[8860] C:\Windows\system32\kernel32.dll!CreateProcessW + 1 0000000077560661 8 bytes [B8, 28, B6, 27, 02, 00, 00, ...] .text C:\Windows\system32\PresentationHost.exe[8860] C:\Windows\system32\kernel32.dll!CreateProcessW + 10 000000007756066a 2 bytes {JMP RAX} .text C:\Windows\system32\PresentationHost.exe[8860] C:\Windows\system32\ole32.dll!CoCreateInstance 000007fefe9d74a0 5 bytes JMP 000007fffe410fd9 .text C:\Windows\system32\PresentationHost.exe[8860] C:\Windows\system32\OLEAUT32.dll!SysAllocString 000007fefe0734a0 5 bytes JMP 000007fefe410ed5 .text C:\Windows\system32\PresentationHost.exe[8860] C:\Windows\system32\SHLWAPI.dll!GetAcceptLanguagesW 000007fefe1db230 5 bytes JMP 000007fefe410f0e .text C:\Windows\system32\PresentationHost.exe[8860] C:\Windows\system32\SHLWAPI.dll!GetAcceptLanguagesA 000007fefe1f5f68 5 bytes JMP 000007fefe410f53 .text C:\Windows\system32\PresentationHost.exe[8860] C:\Windows\system32\urlmon.dll!ObtainUserAgentString 000007fefe5f47f0 5 bytes JMP 000007fffe410f93 .text C:\Windows\system32\PresentationHost.exe[8860] C:\Windows\system32\WS2_32.dll!GetAddrInfoW 000007fefdc123c0 5 bytes JMP 000007fefe410e93 .text C:\Windows\system32\PresentationHost.exe[8860] C:\Windows\system32\WS2_32.dll!GetAddrInfoExW 000007fefdc1c090 5 bytes JMP 000007fefe410e53 .text C:\Windows\system32\PresentationHost.exe[8860] C:\Windows\system32\SSPICLI.DLL!FreeCredentialsHandle 000007fefd1e1d90 12 bytes {MOV RAX, 0x227c9a0; JMP RAX} .text C:\Windows\system32\PresentationHost.exe[8860] C:\Windows\system32\SSPICLI.DLL!AcquireCredentialsHandleA 000007fefd1f5444 12 bytes {MOV RAX, 0x227b714; JMP RAX} .text C:\Windows\system32\PresentationHost.exe[8860] C:\Windows\system32\winmm.dll!PlaySoundW 000007fefa012144 5 bytes JMP 000007fffa000f93 .text C:\Windows\system32\PresentationHost.exe[8860] C:\Windows\system32\winmm.dll!waveOutOpen 000007fefa0138d0 5 bytes JMP 000007fffa000f53 .text C:\Windows\system32\PresentationHost.exe[8860] C:\Windows\system32\winmm.dll!PlaySound 000007fefa032f10 5 bytes JMP 000007fffa000fd9 .text C:\Windows\system32\PresentationHost.exe[8860] C:\Windows\system32\mlang.dll!LcidToRfc1766W 000007feeee11744 5 bytes JMP 000007ffeee00fd3 .text C:\Windows\system32\msiexec.exe[6448] C:\Windows\SYSTEM32\ntdll.dll!NtOpenKey 00000000776adcd0 5 bytes [48, B8, C8, EC, 28] .text C:\Windows\system32\msiexec.exe[6448] C:\Windows\SYSTEM32\ntdll.dll!NtOpenKey + 8 00000000776adcd8 4 bytes {ADD [RAX], AL; JMP RAX} .text C:\Windows\system32\msiexec.exe[6448] C:\Windows\SYSTEM32\ntdll.dll!NtCreateKey 00000000776add80 5 bytes [48, B8, 70, EB, 28] .text C:\Windows\system32\msiexec.exe[6448] C:\Windows\SYSTEM32\ntdll.dll!NtCreateKey + 8 00000000776add88 4 bytes {ADD [RAX], AL; JMP RAX} .text C:\Windows\system32\msiexec.exe[6448] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile 00000000776adee0 5 bytes [48, B8, 84, E6, 28] .text C:\Windows\system32\msiexec.exe[6448] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile + 8 00000000776adee8 4 bytes {ADD [RAX], AL; JMP RAX} .text C:\Windows\system32\msiexec.exe[6448] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000776adf20 5 bytes [48, B8, F8, E3, 28] .text C:\Windows\system32\msiexec.exe[6448] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection + 8 00000000776adf28 4 bytes {ADD [RAX], AL; JMP RAX} .text C:\Windows\system32\msiexec.exe[6448] C:\Windows\SYSTEM32\ntdll.dll!NtQueryAttributesFile 00000000776adf80 5 bytes [48, B8, 84, E8, 28] .text C:\Windows\system32\msiexec.exe[6448] C:\Windows\SYSTEM32\ntdll.dll!NtQueryAttributesFile + 8 00000000776adf88 4 bytes {ADD [RAX], AL; JMP RAX} .text C:\Windows\system32\msiexec.exe[6448] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000776adfb0 5 bytes [48, B8, 48, DD, 28] .text C:\Windows\system32\msiexec.exe[6448] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent + 8 00000000776adfb8 4 bytes {ADD [RAX], AL; JMP RAX} .text C:\Windows\system32\msiexec.exe[6448] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000776ae030 5 bytes [48, B8, 24, DC, 28] .text C:\Windows\system32\msiexec.exe[6448] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent + 8 00000000776ae038 4 bytes {ADD [RAX], AL; JMP RAX} .text C:\Windows\system32\msiexec.exe[6448] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000776ae050 5 bytes [48, B8, B4, E2, 28] .text C:\Windows\system32\msiexec.exe[6448] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection + 8 00000000776ae058 4 bytes {ADD [RAX], AL; JMP RAX} .text C:\Windows\system32\msiexec.exe[6448] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000776ae090 5 bytes [48, B8, 34, ED, 28] .text C:\Windows\system32\msiexec.exe[6448] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread + 8 00000000776ae098 4 bytes {ADD [RAX], AL; JMP RAX} .text C:\Windows\system32\msiexec.exe[6448] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 00000000776ae100 5 bytes [48, B8, 20, E4, 28] .text C:\Windows\system32\msiexec.exe[6448] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile + 8 00000000776ae108 4 bytes {ADD [RAX], AL; JMP RAX} .text C:\Windows\system32\msiexec.exe[6448] C:\Windows\SYSTEM32\ntdll.dll!NtOpenDirectoryObject 00000000776ae130 5 bytes [48, B8, FC, DB, 28] .text C:\Windows\system32\msiexec.exe[6448] C:\Windows\SYSTEM32\ntdll.dll!NtOpenDirectoryObject + 8 00000000776ae138 4 bytes {ADD [RAX], AL; JMP RAX} .text C:\Windows\system32\msiexec.exe[6448] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000776ae520 5 bytes [48, B8, 54, EA, 28] .text C:\Windows\system32\msiexec.exe[6448] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion + 8 00000000776ae528 4 bytes {ADD [RAX], AL; JMP RAX} .text C:\Windows\system32\msiexec.exe[6448] C:\Windows\SYSTEM32\ntdll.dll!NtCreateKeyedEvent 00000000776ae560 5 bytes [48, B8, 70, DD, 28] .text C:\Windows\system32\msiexec.exe[6448] C:\Windows\SYSTEM32\ntdll.dll!NtCreateKeyedEvent + 8 00000000776ae568 4 bytes {ADD [RAX], AL; JMP RAX} .text C:\Windows\system32\msiexec.exe[6448] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000776ae580 5 bytes [48, B8, B4, DE, 28] .text C:\Windows\system32\msiexec.exe[6448] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant + 8 00000000776ae588 4 bytes {ADD [RAX], AL; JMP RAX} .text C:\Windows\system32\msiexec.exe[6448] C:\Windows\SYSTEM32\ntdll.dll!NtCreateNamedPipeFile 00000000776ae590 5 bytes [48, B8, E4, E4, 28] .text C:\Windows\system32\msiexec.exe[6448] C:\Windows\SYSTEM32\ntdll.dll!NtCreateNamedPipeFile + 8 00000000776ae598 4 bytes {ADD [RAX], AL; JMP RAX} .text C:\Windows\system32\msiexec.exe[6448] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000776ae610 5 bytes [48, B8, 24, E0, 28] .text C:\Windows\system32\msiexec.exe[6448] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore + 8 00000000776ae618 4 bytes {ADD [RAX], AL; JMP RAX} .text C:\Windows\system32\msiexec.exe[6448] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000776ae640 5 bytes [48, B8, 70, E1, 28] .text C:\Windows\system32\msiexec.exe[6448] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer + 8 00000000776ae648 4 bytes {ADD [RAX], AL; JMP RAX} .text C:\Windows\system32\msiexec.exe[6448] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteFile 00000000776ae700 5 bytes [48, B8, C8, E7, 28] .text C:\Windows\system32\msiexec.exe[6448] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteFile + 8 00000000776ae708 4 bytes {ADD [RAX], AL; JMP RAX} .text C:\Windows\system32\msiexec.exe[6448] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000776aeae0 5 bytes [48, B8, C8, EC, 28] .text C:\Windows\system32\msiexec.exe[6448] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion + 8 00000000776aeae8 4 bytes {ADD [RAX], AL; JMP RAX} .text C:\Windows\system32\msiexec.exe[6448] C:\Windows\SYSTEM32\ntdll.dll!NtOpenKeyEx 00000000776aeb00 5 bytes [48, B8, 00, ED, 28] .text C:\Windows\system32\msiexec.exe[6448] C:\Windows\SYSTEM32\ntdll.dll!NtOpenKeyEx + 8 00000000776aeb08 4 bytes {ADD [RAX], AL; JMP RAX} .text C:\Windows\system32\msiexec.exe[6448] C:\Windows\SYSTEM32\ntdll.dll!NtOpenKeyedEvent 00000000776aeb30 5 bytes [48, B8, 8C, DE, 28] .text C:\Windows\system32\msiexec.exe[6448] C:\Windows\SYSTEM32\ntdll.dll!NtOpenKeyedEvent + 8 00000000776aeb38 4 bytes {ADD [RAX], AL; JMP RAX} .text C:\Windows\system32\msiexec.exe[6448] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000776aeb40 5 bytes [48, B8, FC, DF, 28] .text C:\Windows\system32\msiexec.exe[6448] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant + 8 00000000776aeb48 4 bytes {ADD [RAX], AL; JMP RAX} .text C:\Windows\system32\msiexec.exe[6448] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000776aeb90 5 bytes [48, B8, 48, E1, 28] .text C:\Windows\system32\msiexec.exe[6448] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore + 8 00000000776aeb98 4 bytes {ADD [RAX], AL; JMP RAX} .text C:\Windows\system32\msiexec.exe[6448] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSymbolicLinkObject 00000000776aebb0 5 bytes [48, B8, D8, DB, 28] .text C:\Windows\system32\msiexec.exe[6448] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSymbolicLinkObject + 8 00000000776aebb8 4 bytes {ADD [RAX], AL; JMP RAX} .text C:\Windows\system32\msiexec.exe[6448] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000776aebd0 5 bytes [48, B8, 8C, E2, 28] .text C:\Windows\system32\msiexec.exe[6448] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer + 8 00000000776aebd8 4 bytes {ADD [RAX], AL; JMP RAX} .text C:\Windows\system32\msiexec.exe[6448] C:\Windows\SYSTEM32\ntdll.dll!NtQueryFullAttributesFile 00000000776aed10 6 bytes [48, B8, 6C, E9, 28, 00] .text C:\Windows\system32\msiexec.exe[6448] C:\Windows\SYSTEM32\ntdll.dll!NtQueryFullAttributesFile + 8 00000000776aed18 4 bytes {ADD [RAX], AL; JMP RAX} .text C:\Windows\system32\msiexec.exe[6448] C:\Windows\system32\kernel32.dll!CompareStringA 00000000775507a0 5 bytes JMP 0000000177430d96 .text C:\Windows\system32\msiexec.exe[6448] C:\Windows\system32\kernel32.dll!CreateThread 0000000077555a20 5 bytes JMP 0000000177430d57 .text C:\Windows\system32\msiexec.exe[6448] C:\Windows\system32\kernel32.dll!CreateProcessInternalW 000000007755dbc0 12 bytes {MOV RAX, 0x28ee54; JMP RAX} .text C:\Windows\system32\msiexec.exe[6448] C:\Windows\system32\kernel32.dll!CreateProcessW + 1 0000000077560661 8 bytes [B8, E8, ED, 28, 00, 00, 00, ...] .text C:\Windows\system32\msiexec.exe[6448] C:\Windows\system32\kernel32.dll!CreateProcessW + 10 000000007756066a 2 bytes {JMP RAX} .text C:\Windows\system32\msiexec.exe[6448] C:\Windows\system32\ole32.dll!CoCreateInstance 000007fefe9d74a0 5 bytes JMP 000007fffe410fd9 .text C:\Windows\system32\msiexec.exe[6448] C:\Windows\system32\SHLWAPI.dll!GetAcceptLanguagesW 000007fefe1db230 5 bytes JMP 000007fefe410f0e .text C:\Windows\system32\msiexec.exe[6448] C:\Windows\system32\SHLWAPI.dll!GetAcceptLanguagesA 000007fefe1f5f68 5 bytes JMP 000007fefe410f53 .text C:\Windows\system32\msiexec.exe[6448] C:\Windows\system32\SspiCli.dll!FreeCredentialsHandle 000007fefd1e1d90 12 bytes {MOV RAX, 0x290160; JMP RAX} .text C:\Windows\system32\msiexec.exe[6448] C:\Windows\system32\SspiCli.dll!AcquireCredentialsHandleA 000007fefd1f5444 12 bytes {MOV RAX, 0x28eed4; JMP RAX} .text C:\Windows\system32\msiexec.exe[6448] C:\Windows\system32\OLEAUT32.dll!SysAllocString 000007fefe0734a0 5 bytes JMP 000007fefe410ed5 .text C:\Windows\system32\msiexec.exe[6448] C:\Windows\system32\WS2_32.dll!GetAddrInfoW 000007fefdc123c0 5 bytes JMP 000007fefe410e93 .text C:\Windows\system32\msiexec.exe[6448] C:\Windows\system32\WS2_32.dll!GetAddrInfoExW 000007fefdc1c090 5 bytes JMP 000007fefe410e53 .text C:\Windows\system32\msiexec.exe[6448] C:\Windows\system32\urlmon.dll!ObtainUserAgentString 000007fefe5f47f0 5 bytes JMP 000007fffe410f93 .text C:\Windows\system32\msiexec.exe[6448] C:\Windows\system32\winmm.dll!PlaySoundW 000007fefa012144 5 bytes JMP 000007fffa000f93 .text C:\Windows\system32\msiexec.exe[6448] C:\Windows\system32\winmm.dll!waveOutOpen 000007fefa0138d0 5 bytes JMP 000007fffa000f53 .text C:\Windows\system32\msiexec.exe[6448] C:\Windows\system32\winmm.dll!PlaySound 000007fefa032f10 5 bytes JMP 000007fffa000fd9 .text C:\Windows\system32\msiexec.exe[6448] C:\Windows\system32\mlang.dll!LcidToRfc1766W 000007feeee11744 5 bytes JMP 000007ffeee00fd3 .text C:\Windows\system32\conhost.exe[3140] C:\Windows\SYSTEM32\ntdll.dll!NtOpenKey 00000000776adcd0 6 bytes [48, B8, 68, 4C, ED, 01] .text C:\Windows\system32\conhost.exe[3140] C:\Windows\SYSTEM32\ntdll.dll!NtOpenKey + 8 00000000776adcd8 4 bytes {ADD [RAX], AL; JMP RAX} .text C:\Windows\system32\conhost.exe[3140] C:\Windows\SYSTEM32\ntdll.dll!NtCreateKey 00000000776add80 6 bytes [48, B8, 10, 4B, ED, 01] .text C:\Windows\system32\conhost.exe[3140] C:\Windows\SYSTEM32\ntdll.dll!NtCreateKey + 8 00000000776add88 4 bytes {ADD [RAX], AL; JMP RAX} .text C:\Windows\system32\conhost.exe[3140] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile 00000000776adee0 6 bytes [48, B8, 24, 46, ED, 01] .text C:\Windows\system32\conhost.exe[3140] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile + 8 00000000776adee8 4 bytes {ADD [RAX], AL; JMP RAX} .text C:\Windows\system32\conhost.exe[3140] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000776adf20 6 bytes [48, B8, 98, 43, ED, 01] .text C:\Windows\system32\conhost.exe[3140] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection + 8 00000000776adf28 4 bytes {ADD [RAX], AL; JMP RAX} .text C:\Windows\system32\conhost.exe[3140] C:\Windows\SYSTEM32\ntdll.dll!NtQueryAttributesFile 00000000776adf80 6 bytes [48, B8, 24, 48, ED, 01] .text C:\Windows\system32\conhost.exe[3140] C:\Windows\SYSTEM32\ntdll.dll!NtQueryAttributesFile + 8 00000000776adf88 4 bytes {ADD [RAX], AL; JMP RAX} .text C:\Windows\system32\conhost.exe[3140] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000776adfb0 6 bytes [48, B8, E8, 3C, ED, 01] .text C:\Windows\system32\conhost.exe[3140] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent + 8 00000000776adfb8 4 bytes {ADD [RAX], AL; JMP RAX} .text C:\Windows\system32\conhost.exe[3140] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000776ae030 6 bytes [48, B8, C4, 3B, ED, 01] .text C:\Windows\system32\conhost.exe[3140] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent + 8 00000000776ae038 4 bytes {ADD [RAX], AL; JMP RAX} .text C:\Windows\system32\conhost.exe[3140] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000776ae050 6 bytes [48, B8, 54, 42, ED, 01] .text C:\Windows\system32\conhost.exe[3140] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection + 8 00000000776ae058 4 bytes {ADD [RAX], AL; JMP RAX} .text C:\Windows\system32\conhost.exe[3140] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000776ae090 6 bytes [48, B8, D4, 4C, ED, 01] .text C:\Windows\system32\conhost.exe[3140] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread + 8 00000000776ae098 4 bytes {ADD [RAX], AL; JMP RAX} .text C:\Windows\system32\conhost.exe[3140] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 00000000776ae100 6 bytes [48, B8, C0, 43, ED, 01] .text C:\Windows\system32\conhost.exe[3140] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile + 8 00000000776ae108 4 bytes {ADD [RAX], AL; JMP RAX} .text C:\Windows\system32\conhost.exe[3140] C:\Windows\SYSTEM32\ntdll.dll!NtOpenDirectoryObject 00000000776ae130 6 bytes [48, B8, 9C, 3B, ED, 01] .text C:\Windows\system32\conhost.exe[3140] C:\Windows\SYSTEM32\ntdll.dll!NtOpenDirectoryObject + 8 00000000776ae138 4 bytes {ADD [RAX], AL; JMP RAX} .text C:\Windows\system32\conhost.exe[3140] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000776ae520 6 bytes [48, B8, F4, 49, ED, 01] .text C:\Windows\system32\conhost.exe[3140] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion + 8 00000000776ae528 4 bytes {ADD [RAX], AL; JMP RAX} .text C:\Windows\system32\conhost.exe[3140] C:\Windows\SYSTEM32\ntdll.dll!NtCreateKeyedEvent 00000000776ae560 6 bytes [48, B8, 10, 3D, ED, 01] .text C:\Windows\system32\conhost.exe[3140] C:\Windows\SYSTEM32\ntdll.dll!NtCreateKeyedEvent + 8 00000000776ae568 4 bytes {ADD [RAX], AL; JMP RAX} .text C:\Windows\system32\conhost.exe[3140] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000776ae580 6 bytes [48, B8, 54, 3E, ED, 01] .text C:\Windows\system32\conhost.exe[3140] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant + 8 00000000776ae588 4 bytes {ADD [RAX], AL; JMP RAX} .text C:\Windows\system32\conhost.exe[3140] C:\Windows\SYSTEM32\ntdll.dll!NtCreateNamedPipeFile 00000000776ae590 6 bytes [48, B8, 84, 44, ED, 01] .text C:\Windows\system32\conhost.exe[3140] C:\Windows\SYSTEM32\ntdll.dll!NtCreateNamedPipeFile + 8 00000000776ae598 4 bytes {ADD [RAX], AL; JMP RAX} .text C:\Windows\system32\conhost.exe[3140] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000776ae610 6 bytes [48, B8, C4, 3F, ED, 01] .text C:\Windows\system32\conhost.exe[3140] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore + 8 00000000776ae618 4 bytes {ADD [RAX], AL; JMP RAX} .text C:\Windows\system32\conhost.exe[3140] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000776ae640 6 bytes [48, B8, 10, 41, ED, 01] .text C:\Windows\system32\conhost.exe[3140] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer + 8 00000000776ae648 4 bytes {ADD [RAX], AL; JMP RAX} .text C:\Windows\system32\conhost.exe[3140] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteFile 00000000776ae700 6 bytes [48, B8, 68, 47, ED, 01] .text C:\Windows\system32\conhost.exe[3140] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteFile + 8 00000000776ae708 4 bytes {ADD [RAX], AL; JMP RAX} .text C:\Windows\system32\conhost.exe[3140] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000776aeae0 6 bytes [48, B8, 68, 4C, ED, 01] .text C:\Windows\system32\conhost.exe[3140] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion + 8 00000000776aeae8 4 bytes {ADD [RAX], AL; JMP RAX} .text C:\Windows\system32\conhost.exe[3140] C:\Windows\SYSTEM32\ntdll.dll!NtOpenKeyEx 00000000776aeb00 6 bytes [48, B8, A0, 4C, ED, 01] .text C:\Windows\system32\conhost.exe[3140] C:\Windows\SYSTEM32\ntdll.dll!NtOpenKeyEx + 8 00000000776aeb08 4 bytes {ADD [RAX], AL; JMP RAX} .text C:\Windows\system32\conhost.exe[3140] C:\Windows\SYSTEM32\ntdll.dll!NtOpenKeyedEvent 00000000776aeb30 6 bytes [48, B8, 2C, 3E, ED, 01] .text C:\Windows\system32\conhost.exe[3140] C:\Windows\SYSTEM32\ntdll.dll!NtOpenKeyedEvent + 8 00000000776aeb38 4 bytes {ADD [RAX], AL; JMP RAX} .text C:\Windows\system32\conhost.exe[3140] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000776aeb40 6 bytes [48, B8, 9C, 3F, ED, 01] .text C:\Windows\system32\conhost.exe[3140] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant + 8 00000000776aeb48 4 bytes {ADD [RAX], AL; JMP RAX} .text C:\Windows\system32\conhost.exe[3140] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000776aeb90 6 bytes [48, B8, E8, 40, ED, 01] .text C:\Windows\system32\conhost.exe[3140] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore + 8 00000000776aeb98 4 bytes {ADD [RAX], AL; JMP RAX} .text C:\Windows\system32\conhost.exe[3140] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSymbolicLinkObject 00000000776aebb0 6 bytes [48, B8, 78, 3B, ED, 01] .text C:\Windows\system32\conhost.exe[3140] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSymbolicLinkObject + 8 00000000776aebb8 4 bytes {ADD [RAX], AL; JMP RAX} .text C:\Windows\system32\conhost.exe[3140] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000776aebd0 6 bytes [48, B8, 2C, 42, ED, 01] .text C:\Windows\system32\conhost.exe[3140] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer + 8 00000000776aebd8 4 bytes {ADD [RAX], AL; JMP RAX} .text C:\Windows\system32\conhost.exe[3140] C:\Windows\SYSTEM32\ntdll.dll!NtQueryFullAttributesFile 00000000776aed10 5 bytes [48, B8, 0C, 49, ED] .text C:\Windows\system32\conhost.exe[3140] C:\Windows\SYSTEM32\ntdll.dll!NtQueryFullAttributesFile + 8 00000000776aed18 4 bytes {ADD [RAX], AL; JMP RAX} .text C:\Windows\system32\conhost.exe[3140] C:\Windows\system32\kernel32.dll!CompareStringA 00000000775507a0 5 bytes JMP 0000000177430d96 .text C:\Windows\system32\conhost.exe[3140] C:\Windows\system32\kernel32.dll!CreateThread 0000000077555a20 5 bytes JMP 0000000177430d57 .text C:\Windows\system32\conhost.exe[3140] C:\Windows\system32\kernel32.dll!CreateProcessInternalW 000000007755dbc0 12 bytes {MOV RAX, 0x1ed4df4; JMP RAX} .text C:\Windows\system32\conhost.exe[3140] C:\Windows\system32\kernel32.dll!CreateProcessW + 1 0000000077560661 8 bytes [B8, 88, 4D, ED, 01, 00, 00, ...] .text C:\Windows\system32\conhost.exe[3140] C:\Windows\system32\kernel32.dll!CreateProcessW + 10 000000007756066a 2 bytes {JMP RAX} .text C:\Windows\system32\conhost.exe[3140] C:\Windows\system32\ole32.dll!CoCreateInstance 000007fefe9d74a0 5 bytes JMP 000007fffe410fd9 .text C:\Windows\system32\conhost.exe[3140] C:\Windows\system32\OLEAUT32.dll!SysAllocString 000007fefe0734a0 5 bytes JMP 000007fefe410ed5 .text C:\Windows\system32\conhost.exe[3140] C:\Windows\system32\SHLWAPI.dll!GetAcceptLanguagesW 000007fefe1db230 5 bytes JMP 000007fefe410f0e .text C:\Windows\system32\conhost.exe[3140] C:\Windows\system32\SHLWAPI.dll!GetAcceptLanguagesA 000007fefe1f5f68 5 bytes JMP 000007fefe410f53 .text C:\Windows\system32\conhost.exe[3140] C:\Windows\system32\WS2_32.dll!GetAddrInfoW 000007fefdc123c0 5 bytes JMP 000007fefe410e93 .text C:\Windows\system32\conhost.exe[3140] C:\Windows\system32\WS2_32.dll!GetAddrInfoExW 000007fefdc1c090 5 bytes JMP 000007fefe410e53 .text C:\Windows\system32\conhost.exe[3140] C:\Windows\system32\urlmon.dll!ObtainUserAgentString 000007fefe5f47f0 5 bytes JMP 000007fffe410f93 .text C:\Windows\system32\conhost.exe[3140] C:\Windows\system32\SSPICLI.DLL!FreeCredentialsHandle 000007fefd1e1d90 12 bytes {MOV RAX, 0x1ed6100; JMP RAX} .text C:\Windows\system32\conhost.exe[3140] C:\Windows\system32\SSPICLI.DLL!AcquireCredentialsHandleA 000007fefd1f5444 12 bytes {MOV RAX, 0x1ed4e74; JMP RAX} .text C:\Windows\system32\conhost.exe[3140] C:\Windows\system32\winmm.dll!PlaySoundW 000007fefa012144 5 bytes JMP 000007fffa000f93 .text C:\Windows\system32\conhost.exe[3140] C:\Windows\system32\winmm.dll!waveOutOpen 000007fefa0138d0 5 bytes JMP 000007fffa000f53 .text C:\Windows\system32\conhost.exe[3140] C:\Windows\system32\winmm.dll!PlaySound 000007fefa032f10 5 bytes JMP 000007fffa000fd9 .text C:\Windows\system32\conhost.exe[3140] C:\Windows\system32\mlang.dll!LcidToRfc1766W 000007feeee11744 5 bytes JMP 000007ffeee00fd3 .text C:\Windows\system32\dllhost.exe[6112] C:\Windows\SYSTEM32\ntdll.dll!NtOpenKey 00000000776adcd0 6 bytes [48, B8, 08, 49, CB, 01] .text C:\Windows\system32\dllhost.exe[6112] C:\Windows\SYSTEM32\ntdll.dll!NtOpenKey + 8 00000000776adcd8 4 bytes {ADD [RAX], AL; JMP RAX} .text C:\Windows\system32\dllhost.exe[6112] C:\Windows\SYSTEM32\ntdll.dll!NtCreateKey 00000000776add80 6 bytes [48, B8, B0, 47, CB, 01] .text C:\Windows\system32\dllhost.exe[6112] C:\Windows\SYSTEM32\ntdll.dll!NtCreateKey + 8 00000000776add88 4 bytes {ADD [RAX], AL; JMP RAX} .text C:\Windows\system32\dllhost.exe[6112] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile 00000000776adee0 6 bytes [48, B8, C4, 42, CB, 01] .text C:\Windows\system32\dllhost.exe[6112] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile + 8 00000000776adee8 4 bytes {ADD [RAX], AL; JMP RAX} .text C:\Windows\system32\dllhost.exe[6112] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000776adf20 6 bytes [48, B8, 38, 40, CB, 01] .text C:\Windows\system32\dllhost.exe[6112] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection + 8 00000000776adf28 4 bytes {ADD [RAX], AL; JMP RAX} .text C:\Windows\system32\dllhost.exe[6112] C:\Windows\SYSTEM32\ntdll.dll!NtQueryAttributesFile 00000000776adf80 6 bytes [48, B8, C4, 44, CB, 01] .text C:\Windows\system32\dllhost.exe[6112] C:\Windows\SYSTEM32\ntdll.dll!NtQueryAttributesFile + 8 00000000776adf88 4 bytes {ADD [RAX], AL; JMP RAX} .text C:\Windows\system32\dllhost.exe[6112] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000776adfb0 6 bytes [48, B8, 88, 39, CB, 01] .text C:\Windows\system32\dllhost.exe[6112] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent + 8 00000000776adfb8 4 bytes {ADD [RAX], AL; JMP RAX} .text C:\Windows\system32\dllhost.exe[6112] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000776ae030 6 bytes [48, B8, 64, 38, CB, 01] .text C:\Windows\system32\dllhost.exe[6112] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent + 8 00000000776ae038 4 bytes {ADD [RAX], AL; JMP RAX} .text C:\Windows\system32\dllhost.exe[6112] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000776ae050 6 bytes [48, B8, F4, 3E, CB, 01] .text C:\Windows\system32\dllhost.exe[6112] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection + 8 00000000776ae058 4 bytes {ADD [RAX], AL; JMP RAX} .text C:\Windows\system32\dllhost.exe[6112] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000776ae090 6 bytes [48, B8, 74, 49, CB, 01] .text C:\Windows\system32\dllhost.exe[6112] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread + 8 00000000776ae098 4 bytes {ADD [RAX], AL; JMP RAX} .text C:\Windows\system32\dllhost.exe[6112] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 00000000776ae100 6 bytes [48, B8, 60, 40, CB, 01] .text C:\Windows\system32\dllhost.exe[6112] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile + 8 00000000776ae108 4 bytes {ADD [RAX], AL; JMP RAX} .text C:\Windows\system32\dllhost.exe[6112] C:\Windows\SYSTEM32\ntdll.dll!NtOpenDirectoryObject 00000000776ae130 6 bytes [48, B8, 3C, 38, CB, 01] .text C:\Windows\system32\dllhost.exe[6112] C:\Windows\SYSTEM32\ntdll.dll!NtOpenDirectoryObject + 8 00000000776ae138 4 bytes {ADD [RAX], AL; JMP RAX} .text C:\Windows\system32\dllhost.exe[6112] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000776ae520 6 bytes [48, B8, 94, 46, CB, 01] .text C:\Windows\system32\dllhost.exe[6112] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion + 8 00000000776ae528 4 bytes {ADD [RAX], AL; JMP RAX} .text C:\Windows\system32\dllhost.exe[6112] C:\Windows\SYSTEM32\ntdll.dll!NtCreateKeyedEvent 00000000776ae560 6 bytes [48, B8, B0, 39, CB, 01] .text C:\Windows\system32\dllhost.exe[6112] C:\Windows\SYSTEM32\ntdll.dll!NtCreateKeyedEvent + 8 00000000776ae568 4 bytes {ADD [RAX], AL; JMP RAX} .text C:\Windows\system32\dllhost.exe[6112] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000776ae580 6 bytes [48, B8, F4, 3A, CB, 01] .text C:\Windows\system32\dllhost.exe[6112] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant + 8 00000000776ae588 4 bytes {ADD [RAX], AL; JMP RAX} .text C:\Windows\system32\dllhost.exe[6112] C:\Windows\SYSTEM32\ntdll.dll!NtCreateNamedPipeFile 00000000776ae590 6 bytes [48, B8, 24, 41, CB, 01] .text C:\Windows\system32\dllhost.exe[6112] C:\Windows\SYSTEM32\ntdll.dll!NtCreateNamedPipeFile + 8 00000000776ae598 4 bytes {ADD [RAX], AL; JMP RAX} .text C:\Windows\system32\dllhost.exe[6112] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000776ae610 6 bytes [48, B8, 64, 3C, CB, 01] .text C:\Windows\system32\dllhost.exe[6112] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore + 8 00000000776ae618 4 bytes {ADD [RAX], AL; JMP RAX} .text C:\Windows\system32\dllhost.exe[6112] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000776ae640 6 bytes [48, B8, B0, 3D, CB, 01] .text C:\Windows\system32\dllhost.exe[6112] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer + 8 00000000776ae648 4 bytes {ADD [RAX], AL; JMP RAX} .text C:\Windows\system32\dllhost.exe[6112] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteFile 00000000776ae700 6 bytes [48, B8, 08, 44, CB, 01] .text C:\Windows\system32\dllhost.exe[6112] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteFile + 8 00000000776ae708 4 bytes {ADD [RAX], AL; JMP RAX} .text C:\Windows\system32\dllhost.exe[6112] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000776aeae0 6 bytes [48, B8, 08, 49, CB, 01] .text C:\Windows\system32\dllhost.exe[6112] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion + 8 00000000776aeae8 4 bytes {ADD [RAX], AL; JMP RAX} .text C:\Windows\system32\dllhost.exe[6112] C:\Windows\SYSTEM32\ntdll.dll!NtOpenKeyEx 00000000776aeb00 6 bytes [48, B8, 40, 49, CB, 01] .text C:\Windows\system32\dllhost.exe[6112] C:\Windows\SYSTEM32\ntdll.dll!NtOpenKeyEx + 8 00000000776aeb08 4 bytes {ADD [RAX], AL; JMP RAX} .text C:\Windows\system32\dllhost.exe[6112] C:\Windows\SYSTEM32\ntdll.dll!NtOpenKeyedEvent 00000000776aeb30 6 bytes [48, B8, CC, 3A, CB, 01] .text C:\Windows\system32\dllhost.exe[6112] C:\Windows\SYSTEM32\ntdll.dll!NtOpenKeyedEvent + 8 00000000776aeb38 4 bytes {ADD [RAX], AL; JMP RAX} .text C:\Windows\system32\dllhost.exe[6112] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000776aeb40 6 bytes [48, B8, 3C, 3C, CB, 01] .text C:\Windows\system32\dllhost.exe[6112] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant + 8 00000000776aeb48 4 bytes {ADD [RAX], AL; JMP RAX} .text C:\Windows\system32\dllhost.exe[6112] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000776aeb90 6 bytes [48, B8, 88, 3D, CB, 01] .text C:\Windows\system32\dllhost.exe[6112] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore + 8 00000000776aeb98 4 bytes {ADD [RAX], AL; JMP RAX} .text C:\Windows\system32\dllhost.exe[6112] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSymbolicLinkObject 00000000776aebb0 6 bytes [48, B8, 18, 38, CB, 01] .text C:\Windows\system32\dllhost.exe[6112] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSymbolicLinkObject + 8 00000000776aebb8 4 bytes {ADD [RAX], AL; JMP RAX} .text C:\Windows\system32\dllhost.exe[6112] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000776aebd0 6 bytes [48, B8, CC, 3E, CB, 01] .text C:\Windows\system32\dllhost.exe[6112] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer + 8 00000000776aebd8 4 bytes {ADD [RAX], AL; JMP RAX} .text C:\Windows\system32\dllhost.exe[6112] C:\Windows\SYSTEM32\ntdll.dll!NtQueryFullAttributesFile 00000000776aed10 5 bytes [48, B8, AC, 45, CB] .text C:\Windows\system32\dllhost.exe[6112] C:\Windows\SYSTEM32\ntdll.dll!NtQueryFullAttributesFile + 8 00000000776aed18 4 bytes {ADD [RAX], AL; JMP RAX} .text C:\Windows\system32\dllhost.exe[6112] C:\Windows\system32\kernel32.dll!CompareStringA 00000000775507a0 5 bytes JMP 0000000177430d96 .text C:\Windows\system32\dllhost.exe[6112] C:\Windows\system32\kernel32.dll!CreateThread 0000000077555a20 5 bytes JMP 0000000177430d57 .text C:\Windows\system32\dllhost.exe[6112] C:\Windows\system32\kernel32.dll!CreateProcessInternalW 000000007755dbc0 12 bytes {MOV RAX, 0x1cb4a94; JMP RAX} .text C:\Windows\system32\dllhost.exe[6112] C:\Windows\system32\kernel32.dll!CreateProcessW + 1 0000000077560661 8 bytes [B8, 28, 4A, CB, 01, 00, 00, ...] .text C:\Windows\system32\dllhost.exe[6112] C:\Windows\system32\kernel32.dll!CreateProcessW + 10 000000007756066a 2 bytes {JMP RAX} .text C:\Windows\system32\dllhost.exe[6112] C:\Windows\system32\ole32.dll!CoCreateInstance 000007fefe9d74a0 5 bytes JMP 000007fffe410fd9 .text C:\Windows\system32\dllhost.exe[6112] C:\Windows\system32\SHLWAPI.dll!GetAcceptLanguagesW 000007fefe1db230 5 bytes JMP 000007fefe410f0e .text C:\Windows\system32\dllhost.exe[6112] C:\Windows\system32\SHLWAPI.dll!GetAcceptLanguagesA 000007fefe1f5f68 5 bytes JMP 000007fefe410f53 .text C:\Windows\system32\dllhost.exe[6112] C:\Windows\system32\OLEAUT32.dll!SysAllocString 000007fefe0734a0 5 bytes JMP 000007fefe410ed5 .text C:\Windows\system32\dllhost.exe[6112] C:\Windows\system32\WS2_32.dll!GetAddrInfoW 000007fefdc123c0 5 bytes JMP 000007fefe410e93 .text C:\Windows\system32\dllhost.exe[6112] C:\Windows\system32\WS2_32.dll!GetAddrInfoExW 000007fefdc1c090 5 bytes JMP 000007fefe410e53 .text C:\Windows\system32\dllhost.exe[6112] C:\Windows\system32\urlmon.dll!ObtainUserAgentString 000007fefe5f47f0 5 bytes JMP 000007fffe410f93 .text C:\Windows\system32\dllhost.exe[6112] C:\Windows\system32\SSPICLI.DLL!FreeCredentialsHandle 000007fefd1e1d90 12 bytes {MOV RAX, 0x1cb5da0; JMP RAX} .text C:\Windows\system32\dllhost.exe[6112] C:\Windows\system32\SSPICLI.DLL!AcquireCredentialsHandleA 000007fefd1f5444 12 bytes {MOV RAX, 0x1cb4b14; JMP RAX} .text C:\Windows\system32\dllhost.exe[6112] C:\Windows\system32\winmm.dll!PlaySoundW 000007fefa012144 5 bytes JMP 000007fffa000f93 .text C:\Windows\system32\dllhost.exe[6112] C:\Windows\system32\winmm.dll!waveOutOpen 000007fefa0138d0 5 bytes JMP 000007fffa000f53 .text C:\Windows\system32\dllhost.exe[6112] C:\Windows\system32\winmm.dll!PlaySound 000007fefa032f10 5 bytes JMP 000007fffa000fd9 .text C:\Windows\system32\dllhost.exe[6112] C:\Windows\system32\mlang.dll!LcidToRfc1766W 000007feeee11744 5 bytes JMP 000007ffeee00fd3 .text C:\Windows\system32\cmd.exe[6536] C:\Windows\SYSTEM32\ntdll.dll!NtOpenKey 00000000776adcd0 5 bytes [48, B8, C8, 33, 40] .text C:\Windows\system32\cmd.exe[6536] C:\Windows\SYSTEM32\ntdll.dll!NtOpenKey + 8 00000000776adcd8 4 bytes {ADD [RAX], AL; JMP RAX} .text C:\Windows\system32\cmd.exe[6536] C:\Windows\SYSTEM32\ntdll.dll!NtCreateKey 00000000776add80 5 bytes [48, B8, 70, 32, 40] .text C:\Windows\system32\cmd.exe[6536] C:\Windows\SYSTEM32\ntdll.dll!NtCreateKey + 8 00000000776add88 4 bytes {ADD [RAX], AL; JMP RAX} .text C:\Windows\system32\cmd.exe[6536] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile 00000000776adee0 5 bytes [48, B8, 84, 2D, 40] .text C:\Windows\system32\cmd.exe[6536] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile + 8 00000000776adee8 4 bytes {ADD [RAX], AL; JMP RAX} .text C:\Windows\system32\cmd.exe[6536] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000776adf20 5 bytes [48, B8, F8, 2A, 40] .text C:\Windows\system32\cmd.exe[6536] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection + 8 00000000776adf28 4 bytes {ADD [RAX], AL; JMP RAX} .text C:\Windows\system32\cmd.exe[6536] C:\Windows\SYSTEM32\ntdll.dll!NtQueryAttributesFile 00000000776adf80 5 bytes [48, B8, 84, 2F, 40] .text C:\Windows\system32\cmd.exe[6536] C:\Windows\SYSTEM32\ntdll.dll!NtQueryAttributesFile + 8 00000000776adf88 4 bytes {ADD [RAX], AL; JMP RAX} .text C:\Windows\system32\cmd.exe[6536] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000776adfb0 5 bytes [48, B8, 48, 24, 40] .text C:\Windows\system32\cmd.exe[6536] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent + 8 00000000776adfb8 4 bytes {ADD [RAX], AL; JMP RAX} .text C:\Windows\system32\cmd.exe[6536] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000776ae030 5 bytes [48, B8, 24, 23, 40] .text C:\Windows\system32\cmd.exe[6536] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent + 8 00000000776ae038 4 bytes {ADD [RAX], AL; JMP RAX} .text C:\Windows\system32\cmd.exe[6536] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000776ae050 5 bytes [48, B8, B4, 29, 40] .text C:\Windows\system32\cmd.exe[6536] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection + 8 00000000776ae058 4 bytes {ADD [RAX], AL; JMP RAX} .text C:\Windows\system32\cmd.exe[6536] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000776ae090 5 bytes [48, B8, 34, 34, 40] .text C:\Windows\system32\cmd.exe[6536] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread + 8 00000000776ae098 4 bytes {ADD [RAX], AL; JMP RAX} .text C:\Windows\system32\cmd.exe[6536] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 00000000776ae100 5 bytes [48, B8, 20, 2B, 40] .text C:\Windows\system32\cmd.exe[6536] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile + 8 00000000776ae108 4 bytes {ADD [RAX], AL; JMP RAX} .text C:\Windows\system32\cmd.exe[6536] C:\Windows\SYSTEM32\ntdll.dll!NtOpenDirectoryObject 00000000776ae130 5 bytes [48, B8, FC, 22, 40] .text C:\Windows\system32\cmd.exe[6536] C:\Windows\SYSTEM32\ntdll.dll!NtOpenDirectoryObject + 8 00000000776ae138 4 bytes {ADD [RAX], AL; JMP RAX} .text C:\Windows\system32\cmd.exe[6536] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000776ae520 5 bytes [48, B8, 54, 31, 40] .text C:\Windows\system32\cmd.exe[6536] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion + 8 00000000776ae528 4 bytes {ADD [RAX], AL; JMP RAX} .text C:\Windows\system32\cmd.exe[6536] C:\Windows\SYSTEM32\ntdll.dll!NtCreateKeyedEvent 00000000776ae560 5 bytes [48, B8, 70, 24, 40] .text C:\Windows\system32\cmd.exe[6536] C:\Windows\SYSTEM32\ntdll.dll!NtCreateKeyedEvent + 8 00000000776ae568 4 bytes {ADD [RAX], AL; JMP RAX} .text C:\Windows\system32\cmd.exe[6536] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000776ae580 5 bytes [48, B8, B4, 25, 40] .text C:\Windows\system32\cmd.exe[6536] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant + 8 00000000776ae588 4 bytes {ADD [RAX], AL; JMP RAX} .text C:\Windows\system32\cmd.exe[6536] C:\Windows\SYSTEM32\ntdll.dll!NtCreateNamedPipeFile 00000000776ae590 5 bytes [48, B8, E4, 2B, 40] .text C:\Windows\system32\cmd.exe[6536] C:\Windows\SYSTEM32\ntdll.dll!NtCreateNamedPipeFile + 8 00000000776ae598 4 bytes {ADD [RAX], AL; JMP RAX} .text C:\Windows\system32\cmd.exe[6536] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000776ae610 5 bytes [48, B8, 24, 27, 40] .text C:\Windows\system32\cmd.exe[6536] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore + 8 00000000776ae618 4 bytes {ADD [RAX], AL; JMP RAX} .text C:\Windows\system32\cmd.exe[6536] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000776ae640 5 bytes [48, B8, 70, 28, 40] .text C:\Windows\system32\cmd.exe[6536] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer + 8 00000000776ae648 4 bytes {ADD [RAX], AL; JMP RAX} .text C:\Windows\system32\cmd.exe[6536] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteFile 00000000776ae700 5 bytes [48, B8, C8, 2E, 40] .text C:\Windows\system32\cmd.exe[6536] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteFile + 8 00000000776ae708 4 bytes {ADD [RAX], AL; JMP RAX} .text C:\Windows\system32\cmd.exe[6536] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000776aeae0 5 bytes [48, B8, C8, 33, 40] .text C:\Windows\system32\cmd.exe[6536] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion + 8 00000000776aeae8 4 bytes {ADD [RAX], AL; JMP RAX} .text C:\Windows\system32\cmd.exe[6536] C:\Windows\SYSTEM32\ntdll.dll!NtOpenKeyEx 00000000776aeb00 5 bytes [48, B8, 00, 34, 40] .text C:\Windows\system32\cmd.exe[6536] C:\Windows\SYSTEM32\ntdll.dll!NtOpenKeyEx + 8 00000000776aeb08 4 bytes {ADD [RAX], AL; JMP RAX} .text C:\Windows\system32\cmd.exe[6536] C:\Windows\SYSTEM32\ntdll.dll!NtOpenKeyedEvent 00000000776aeb30 5 bytes [48, B8, 8C, 25, 40] .text C:\Windows\system32\cmd.exe[6536] C:\Windows\SYSTEM32\ntdll.dll!NtOpenKeyedEvent + 8 00000000776aeb38 4 bytes {ADD [RAX], AL; JMP RAX} .text C:\Windows\system32\cmd.exe[6536] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000776aeb40 5 bytes [48, B8, FC, 26, 40] .text C:\Windows\system32\cmd.exe[6536] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant + 8 00000000776aeb48 4 bytes {ADD [RAX], AL; JMP RAX} .text C:\Windows\system32\cmd.exe[6536] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000776aeb90 5 bytes [48, B8, 48, 28, 40] .text C:\Windows\system32\cmd.exe[6536] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore + 8 00000000776aeb98 4 bytes {ADD [RAX], AL; JMP RAX} .text C:\Windows\system32\cmd.exe[6536] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSymbolicLinkObject 00000000776aebb0 5 bytes [48, B8, D8, 22, 40] .text C:\Windows\system32\cmd.exe[6536] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSymbolicLinkObject + 8 00000000776aebb8 4 bytes {ADD [RAX], AL; JMP RAX} .text C:\Windows\system32\cmd.exe[6536] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000776aebd0 5 bytes [48, B8, 8C, 29, 40] .text C:\Windows\system32\cmd.exe[6536] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer + 8 00000000776aebd8 4 bytes {ADD [RAX], AL; JMP RAX} .text C:\Windows\system32\cmd.exe[6536] C:\Windows\SYSTEM32\ntdll.dll!NtQueryFullAttributesFile 00000000776aed10 6 bytes [48, B8, 6C, 30, 40, 00] .text C:\Windows\system32\cmd.exe[6536] C:\Windows\SYSTEM32\ntdll.dll!NtQueryFullAttributesFile + 8 00000000776aed18 4 bytes {ADD [RAX], AL; JMP RAX} .text C:\Windows\system32\cmd.exe[6536] C:\Windows\system32\kernel32.dll!CompareStringA 00000000775507a0 5 bytes JMP 0000000177430d96 .text C:\Windows\system32\cmd.exe[6536] C:\Windows\system32\kernel32.dll!CreateThread 0000000077555a20 5 bytes JMP 0000000177430d57 .text C:\Windows\system32\cmd.exe[6536] C:\Windows\system32\kernel32.dll!CreateProcessInternalW 000000007755dbc0 12 bytes {MOV RAX, 0x403554; JMP RAX} .text C:\Windows\system32\cmd.exe[6536] C:\Windows\system32\kernel32.dll!CreateProcessW + 1 0000000077560661 8 bytes [B8, E8, 34, 40, 00, 00, 00, ...] .text C:\Windows\system32\cmd.exe[6536] C:\Windows\system32\kernel32.dll!CreateProcessW + 10 000000007756066a 2 bytes {JMP RAX} .text C:\Windows\system32\cmd.exe[6536] C:\Windows\system32\SHLWAPI.dll!GetAcceptLanguagesW 000007fefe1db230 5 bytes JMP 000007fefe410f0e .text C:\Windows\system32\cmd.exe[6536] C:\Windows\system32\SHLWAPI.dll!GetAcceptLanguagesA 000007fefe1f5f68 5 bytes JMP 000007fefe410f53 .text C:\Windows\system32\cmd.exe[6536] C:\Windows\system32\ole32.dll!CoCreateInstance 000007fefe9d74a0 5 bytes JMP 000007fffe410fd9 .text C:\Windows\system32\cmd.exe[6536] C:\Windows\system32\OLEAUT32.dll!SysAllocString 000007fefe0734a0 5 bytes JMP 000007fefe410ed5 .text C:\Windows\system32\cmd.exe[6536] C:\Windows\system32\WS2_32.dll!GetAddrInfoW 000007fefdc123c0 5 bytes JMP 000007fefe410e93 .text C:\Windows\system32\cmd.exe[6536] C:\Windows\system32\WS2_32.dll!GetAddrInfoExW 000007fefdc1c090 5 bytes JMP 000007fefe410e53 .text C:\Windows\system32\cmd.exe[6536] C:\Windows\system32\urlmon.dll!ObtainUserAgentString 000007fefe5f47f0 5 bytes JMP 000007fffe410f93 .text C:\Windows\system32\cmd.exe[6536] C:\Windows\system32\SSPICLI.DLL!FreeCredentialsHandle 000007fefd1e1d90 12 bytes {MOV RAX, 0x404860; JMP RAX} .text C:\Windows\system32\cmd.exe[6536] C:\Windows\system32\SSPICLI.DLL!AcquireCredentialsHandleA 000007fefd1f5444 12 bytes {MOV RAX, 0x4035d4; JMP RAX} .text C:\Windows\system32\cmd.exe[6536] C:\Windows\system32\winmm.dll!PlaySoundW 000007fefa012144 5 bytes JMP 000007fffa000f93 .text C:\Windows\system32\cmd.exe[6536] C:\Windows\system32\winmm.dll!waveOutOpen 000007fefa0138d0 5 bytes JMP 000007fffa000f53 .text C:\Windows\system32\cmd.exe[6536] C:\Windows\system32\winmm.dll!PlaySound 000007fefa032f10 5 bytes JMP 000007fffa000fd9 .text C:\Windows\system32\cmd.exe[6536] C:\Windows\system32\mlang.dll!LcidToRfc1766W 000007feeee11744 5 bytes JMP 000007ffeee00fd3 .text C:\Windows\system32\ctfmon.exe[3328] C:\Windows\SYSTEM32\ntdll.dll!NtOpenKey 00000000776adcd0 5 bytes [48, B8, 08, 64, 4A] .text C:\Windows\system32\ctfmon.exe[3328] C:\Windows\SYSTEM32\ntdll.dll!NtOpenKey + 8 00000000776adcd8 4 bytes {ADD [RAX], AL; JMP RAX} .text C:\Windows\system32\ctfmon.exe[3328] C:\Windows\SYSTEM32\ntdll.dll!NtCreateKey 00000000776add80 5 bytes [48, B8, B0, 62, 4A] .text C:\Windows\system32\ctfmon.exe[3328] C:\Windows\SYSTEM32\ntdll.dll!NtCreateKey + 8 00000000776add88 4 bytes {ADD [RAX], AL; JMP RAX} .text C:\Windows\system32\ctfmon.exe[3328] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile 00000000776adee0 5 bytes [48, B8, C4, 5D, 4A] .text C:\Windows\system32\ctfmon.exe[3328] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile + 8 00000000776adee8 4 bytes {ADD [RAX], AL; JMP RAX} .text C:\Windows\system32\ctfmon.exe[3328] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000776adf20 5 bytes [48, B8, 38, 5B, 4A] .text C:\Windows\system32\ctfmon.exe[3328] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection + 8 00000000776adf28 4 bytes {ADD [RAX], AL; JMP RAX} .text C:\Windows\system32\ctfmon.exe[3328] C:\Windows\SYSTEM32\ntdll.dll!NtQueryAttributesFile 00000000776adf80 5 bytes [48, B8, C4, 5F, 4A] .text C:\Windows\system32\ctfmon.exe[3328] C:\Windows\SYSTEM32\ntdll.dll!NtQueryAttributesFile + 8 00000000776adf88 4 bytes {ADD [RAX], AL; JMP RAX} .text C:\Windows\system32\ctfmon.exe[3328] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000776adfb0 5 bytes [48, B8, 88, 54, 4A] .text C:\Windows\system32\ctfmon.exe[3328] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent + 8 00000000776adfb8 4 bytes {ADD [RAX], AL; JMP RAX} .text C:\Windows\system32\ctfmon.exe[3328] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000776ae030 5 bytes [48, B8, 64, 53, 4A] .text C:\Windows\system32\ctfmon.exe[3328] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent + 8 00000000776ae038 4 bytes {ADD [RAX], AL; JMP RAX} .text C:\Windows\system32\ctfmon.exe[3328] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000776ae050 5 bytes [48, B8, F4, 59, 4A] .text C:\Windows\system32\ctfmon.exe[3328] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection + 8 00000000776ae058 4 bytes {ADD [RAX], AL; JMP RAX} .text C:\Windows\system32\ctfmon.exe[3328] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000776ae090 5 bytes [48, B8, 74, 64, 4A] .text C:\Windows\system32\ctfmon.exe[3328] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread + 8 00000000776ae098 4 bytes {ADD [RAX], AL; JMP RAX} .text C:\Windows\system32\ctfmon.exe[3328] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 00000000776ae100 5 bytes [48, B8, 60, 5B, 4A] .text C:\Windows\system32\ctfmon.exe[3328] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile + 8 00000000776ae108 4 bytes {ADD [RAX], AL; JMP RAX} .text C:\Windows\system32\ctfmon.exe[3328] C:\Windows\SYSTEM32\ntdll.dll!NtOpenDirectoryObject 00000000776ae130 5 bytes [48, B8, 3C, 53, 4A] .text C:\Windows\system32\ctfmon.exe[3328] C:\Windows\SYSTEM32\ntdll.dll!NtOpenDirectoryObject + 8 00000000776ae138 4 bytes {ADD [RAX], AL; JMP RAX} .text C:\Windows\system32\ctfmon.exe[3328] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000776ae520 5 bytes [48, B8, 94, 61, 4A] .text C:\Windows\system32\ctfmon.exe[3328] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion + 8 00000000776ae528 4 bytes {ADD [RAX], AL; JMP RAX} .text C:\Windows\system32\ctfmon.exe[3328] C:\Windows\SYSTEM32\ntdll.dll!NtCreateKeyedEvent 00000000776ae560 5 bytes [48, B8, B0, 54, 4A] .text C:\Windows\system32\ctfmon.exe[3328] C:\Windows\SYSTEM32\ntdll.dll!NtCreateKeyedEvent + 8 00000000776ae568 4 bytes {ADD [RAX], AL; JMP RAX} .text C:\Windows\system32\ctfmon.exe[3328] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000776ae580 5 bytes [48, B8, F4, 55, 4A] .text C:\Windows\system32\ctfmon.exe[3328] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant + 8 00000000776ae588 4 bytes {ADD [RAX], AL; JMP RAX} .text C:\Windows\system32\ctfmon.exe[3328] C:\Windows\SYSTEM32\ntdll.dll!NtCreateNamedPipeFile 00000000776ae590 5 bytes [48, B8, 24, 5C, 4A] .text C:\Windows\system32\ctfmon.exe[3328] C:\Windows\SYSTEM32\ntdll.dll!NtCreateNamedPipeFile + 8 00000000776ae598 4 bytes {ADD [RAX], AL; JMP RAX} .text C:\Windows\system32\ctfmon.exe[3328] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000776ae610 5 bytes [48, B8, 64, 57, 4A] .text C:\Windows\system32\ctfmon.exe[3328] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore + 8 00000000776ae618 4 bytes {ADD [RAX], AL; JMP RAX} .text C:\Windows\system32\ctfmon.exe[3328] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000776ae640 5 bytes [48, B8, B0, 58, 4A] .text C:\Windows\system32\ctfmon.exe[3328] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer + 8 00000000776ae648 4 bytes {ADD [RAX], AL; JMP RAX} .text C:\Windows\system32\ctfmon.exe[3328] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteFile 00000000776ae700 5 bytes [48, B8, 08, 5F, 4A] .text C:\Windows\system32\ctfmon.exe[3328] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteFile + 8 00000000776ae708 4 bytes {ADD [RAX], AL; JMP RAX} .text C:\Windows\system32\ctfmon.exe[3328] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000776aeae0 5 bytes [48, B8, 08, 64, 4A] .text C:\Windows\system32\ctfmon.exe[3328] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion + 8 00000000776aeae8 4 bytes {ADD [RAX], AL; JMP RAX} .text C:\Windows\system32\ctfmon.exe[3328] C:\Windows\SYSTEM32\ntdll.dll!NtOpenKeyEx 00000000776aeb00 5 bytes [48, B8, 40, 64, 4A] .text C:\Windows\system32\ctfmon.exe[3328] C:\Windows\SYSTEM32\ntdll.dll!NtOpenKeyEx + 8 00000000776aeb08 4 bytes {ADD [RAX], AL; JMP RAX} .text C:\Windows\system32\ctfmon.exe[3328] C:\Windows\SYSTEM32\ntdll.dll!NtOpenKeyedEvent 00000000776aeb30 5 bytes [48, B8, CC, 55, 4A] .text C:\Windows\system32\ctfmon.exe[3328] C:\Windows\SYSTEM32\ntdll.dll!NtOpenKeyedEvent + 8 00000000776aeb38 4 bytes {ADD [RAX], AL; JMP RAX} .text C:\Windows\system32\ctfmon.exe[3328] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000776aeb40 5 bytes [48, B8, 3C, 57, 4A] .text C:\Windows\system32\ctfmon.exe[3328] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant + 8 00000000776aeb48 4 bytes {ADD [RAX], AL; JMP RAX} .text C:\Windows\system32\ctfmon.exe[3328] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000776aeb90 5 bytes [48, B8, 88, 58, 4A] .text C:\Windows\system32\ctfmon.exe[3328] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore + 8 00000000776aeb98 4 bytes {ADD [RAX], AL; JMP RAX} .text C:\Windows\system32\ctfmon.exe[3328] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSymbolicLinkObject 00000000776aebb0 5 bytes [48, B8, 18, 53, 4A] .text C:\Windows\system32\ctfmon.exe[3328] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSymbolicLinkObject + 8 00000000776aebb8 4 bytes {ADD [RAX], AL; JMP RAX} .text C:\Windows\system32\ctfmon.exe[3328] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000776aebd0 5 bytes [48, B8, CC, 59, 4A] .text C:\Windows\system32\ctfmon.exe[3328] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer + 8 00000000776aebd8 4 bytes {ADD [RAX], AL; JMP RAX} .text C:\Windows\system32\ctfmon.exe[3328] C:\Windows\SYSTEM32\ntdll.dll!NtQueryFullAttributesFile 00000000776aed10 6 bytes [48, B8, AC, 60, 4A, 00] .text C:\Windows\system32\ctfmon.exe[3328] C:\Windows\SYSTEM32\ntdll.dll!NtQueryFullAttributesFile + 8 00000000776aed18 4 bytes {ADD [RAX], AL; JMP RAX} .text C:\Windows\system32\ctfmon.exe[3328] C:\Windows\system32\kernel32.dll!CompareStringA 00000000775507a0 5 bytes JMP 0000000177430d96 .text C:\Windows\system32\ctfmon.exe[3328] C:\Windows\system32\kernel32.dll!CreateThread 0000000077555a20 5 bytes JMP 0000000177430d57 .text C:\Windows\system32\ctfmon.exe[3328] C:\Windows\system32\kernel32.dll!CreateProcessInternalW 000000007755dbc0 12 bytes {MOV RAX, 0x4a6594; JMP RAX} .text C:\Windows\system32\ctfmon.exe[3328] C:\Windows\system32\kernel32.dll!CreateProcessW + 1 0000000077560661 8 bytes [B8, 28, 65, 4A, 00, 00, 00, ...] .text C:\Windows\system32\ctfmon.exe[3328] C:\Windows\system32\kernel32.dll!CreateProcessW + 10 000000007756066a 2 bytes {JMP RAX} .text C:\Windows\system32\ctfmon.exe[3328] C:\Windows\system32\ole32.dll!CoCreateInstance 000007fefe9d74a0 5 bytes JMP 000007fffe410fd9 .text C:\Windows\system32\ctfmon.exe[3328] C:\Windows\system32\OLEAUT32.dll!SysAllocString 000007fefe0734a0 5 bytes JMP 000007fefe410ed5 .text C:\Windows\system32\ctfmon.exe[3328] C:\Windows\system32\urlmon.dll!ObtainUserAgentString 000007fefe5f47f0 5 bytes JMP 000007fffe410f93 .text C:\Windows\system32\ctfmon.exe[3328] C:\Windows\system32\SSPICLI.DLL!FreeCredentialsHandle 000007fefd1e1d90 12 bytes {MOV RAX, 0x4a78a0; JMP RAX} .text C:\Windows\system32\ctfmon.exe[3328] C:\Windows\system32\SSPICLI.DLL!AcquireCredentialsHandleA 000007fefd1f5444 12 bytes {MOV RAX, 0x4a6614; JMP RAX} .text C:\Windows\system32\ctfmon.exe[3328] C:\Windows\system32\winmm.dll!PlaySoundW 000007fefa012144 5 bytes JMP 000007fffa000f93 .text C:\Windows\system32\ctfmon.exe[3328] C:\Windows\system32\winmm.dll!waveOutOpen 000007fefa0138d0 5 bytes JMP 000007fffa000f53 .text C:\Windows\system32\ctfmon.exe[3328] C:\Windows\system32\winmm.dll!PlaySound 000007fefa032f10 5 bytes JMP 000007fffa000fd9 .text C:\Windows\system32\ctfmon.exe[3328] C:\Windows\system32\mlang.dll!LcidToRfc1766W 000007feeee11744 5 bytes JMP 000007ffeee00fd3 .text C:\Windows\system32\msdtc.exe[1204] C:\Windows\SYSTEM32\ntdll.dll!NtOpenKey 00000000776adcd0 6 bytes [48, B8, C8, 14, B6, 02] .text C:\Windows\system32\msdtc.exe[1204] C:\Windows\SYSTEM32\ntdll.dll!NtOpenKey + 8 00000000776adcd8 4 bytes {ADD [RAX], AL; JMP RAX} .text C:\Windows\system32\msdtc.exe[1204] C:\Windows\SYSTEM32\ntdll.dll!NtCreateKey 00000000776add80 6 bytes [48, B8, 70, 13, B6, 02] .text C:\Windows\system32\msdtc.exe[1204] C:\Windows\SYSTEM32\ntdll.dll!NtCreateKey + 8 00000000776add88 4 bytes {ADD [RAX], AL; JMP RAX} .text C:\Windows\system32\msdtc.exe[1204] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile 00000000776adee0 6 bytes [48, B8, 84, 0E, B6, 02] .text C:\Windows\system32\msdtc.exe[1204] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile + 8 00000000776adee8 4 bytes {ADD [RAX], AL; JMP RAX} .text C:\Windows\system32\msdtc.exe[1204] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000776adf20 6 bytes [48, B8, F8, 0B, B6, 02] .text C:\Windows\system32\msdtc.exe[1204] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection + 8 00000000776adf28 4 bytes {ADD [RAX], AL; JMP RAX} .text C:\Windows\system32\msdtc.exe[1204] C:\Windows\SYSTEM32\ntdll.dll!NtQueryAttributesFile 00000000776adf80 6 bytes [48, B8, 84, 10, B6, 02] .text C:\Windows\system32\msdtc.exe[1204] C:\Windows\SYSTEM32\ntdll.dll!NtQueryAttributesFile + 8 00000000776adf88 4 bytes {ADD [RAX], AL; JMP RAX} .text C:\Windows\system32\msdtc.exe[1204] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000776adfb0 6 bytes [48, B8, 48, 05, B6, 02] .text C:\Windows\system32\msdtc.exe[1204] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent + 8 00000000776adfb8 4 bytes {ADD [RAX], AL; JMP RAX} .text C:\Windows\system32\msdtc.exe[1204] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000776ae030 6 bytes [48, B8, 24, 04, B6, 02] .text C:\Windows\system32\msdtc.exe[1204] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent + 8 00000000776ae038 4 bytes {ADD [RAX], AL; JMP RAX} .text C:\Windows\system32\msdtc.exe[1204] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000776ae050 6 bytes [48, B8, B4, 0A, B6, 02] .text C:\Windows\system32\msdtc.exe[1204] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection + 8 00000000776ae058 4 bytes {ADD [RAX], AL; JMP RAX} .text C:\Windows\system32\msdtc.exe[1204] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000776ae090 6 bytes [48, B8, 34, 15, B6, 02] .text C:\Windows\system32\msdtc.exe[1204] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread + 8 00000000776ae098 4 bytes {ADD [RAX], AL; JMP RAX} .text C:\Windows\system32\msdtc.exe[1204] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 00000000776ae100 6 bytes [48, B8, 20, 0C, B6, 02] .text C:\Windows\system32\msdtc.exe[1204] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile + 8 00000000776ae108 4 bytes {ADD [RAX], AL; JMP RAX} .text C:\Windows\system32\msdtc.exe[1204] C:\Windows\SYSTEM32\ntdll.dll!NtOpenDirectoryObject 00000000776ae130 6 bytes [48, B8, FC, 03, B6, 02] .text C:\Windows\system32\msdtc.exe[1204] C:\Windows\SYSTEM32\ntdll.dll!NtOpenDirectoryObject + 8 00000000776ae138 4 bytes {ADD [RAX], AL; JMP RAX} .text C:\Windows\system32\msdtc.exe[1204] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000776ae520 6 bytes [48, B8, 54, 12, B6, 02] .text C:\Windows\system32\msdtc.exe[1204] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion + 8 00000000776ae528 4 bytes {ADD [RAX], AL; JMP RAX} .text C:\Windows\system32\msdtc.exe[1204] C:\Windows\SYSTEM32\ntdll.dll!NtCreateKeyedEvent 00000000776ae560 6 bytes [48, B8, 70, 05, B6, 02] .text C:\Windows\system32\msdtc.exe[1204] C:\Windows\SYSTEM32\ntdll.dll!NtCreateKeyedEvent + 8 00000000776ae568 4 bytes {ADD [RAX], AL; JMP RAX} .text C:\Windows\system32\msdtc.exe[1204] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000776ae580 6 bytes [48, B8, B4, 06, B6, 02] .text C:\Windows\system32\msdtc.exe[1204] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant + 8 00000000776ae588 4 bytes {ADD [RAX], AL; JMP RAX} .text C:\Windows\system32\msdtc.exe[1204] C:\Windows\SYSTEM32\ntdll.dll!NtCreateNamedPipeFile 00000000776ae590 6 bytes [48, B8, E4, 0C, B6, 02] .text C:\Windows\system32\msdtc.exe[1204] C:\Windows\SYSTEM32\ntdll.dll!NtCreateNamedPipeFile + 8 00000000776ae598 4 bytes {ADD [RAX], AL; JMP RAX} .text C:\Windows\system32\msdtc.exe[1204] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000776ae610 6 bytes [48, B8, 24, 08, B6, 02] .text C:\Windows\system32\msdtc.exe[1204] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore + 8 00000000776ae618 4 bytes {ADD [RAX], AL; JMP RAX} .text C:\Windows\system32\msdtc.exe[1204] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000776ae640 6 bytes [48, B8, 70, 09, B6, 02] .text C:\Windows\system32\msdtc.exe[1204] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer + 8 00000000776ae648 4 bytes {ADD [RAX], AL; JMP RAX} .text C:\Windows\system32\msdtc.exe[1204] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteFile 00000000776ae700 6 bytes [48, B8, C8, 0F, B6, 02] .text C:\Windows\system32\msdtc.exe[1204] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteFile + 8 00000000776ae708 4 bytes {ADD [RAX], AL; JMP RAX} .text C:\Windows\system32\msdtc.exe[1204] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000776aeae0 6 bytes [48, B8, C8, 14, B6, 02] .text C:\Windows\system32\msdtc.exe[1204] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion + 8 00000000776aeae8 4 bytes {ADD [RAX], AL; JMP RAX} .text C:\Windows\system32\msdtc.exe[1204] C:\Windows\SYSTEM32\ntdll.dll!NtOpenKeyEx 00000000776aeb00 6 bytes [48, B8, 00, 15, B6, 02] .text C:\Windows\system32\msdtc.exe[1204] C:\Windows\SYSTEM32\ntdll.dll!NtOpenKeyEx + 8 00000000776aeb08 4 bytes {ADD [RAX], AL; JMP RAX} .text C:\Windows\system32\msdtc.exe[1204] C:\Windows\SYSTEM32\ntdll.dll!NtOpenKeyedEvent 00000000776aeb30 6 bytes [48, B8, 8C, 06, B6, 02] .text C:\Windows\system32\msdtc.exe[1204] C:\Windows\SYSTEM32\ntdll.dll!NtOpenKeyedEvent + 8 00000000776aeb38 4 bytes {ADD [RAX], AL; JMP RAX} .text C:\Windows\system32\msdtc.exe[1204] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000776aeb40 6 bytes [48, B8, FC, 07, B6, 02] .text C:\Windows\system32\msdtc.exe[1204] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant + 8 00000000776aeb48 4 bytes {ADD [RAX], AL; JMP RAX} .text C:\Windows\system32\msdtc.exe[1204] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000776aeb90 6 bytes [48, B8, 48, 09, B6, 02] .text C:\Windows\system32\msdtc.exe[1204] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore + 8 00000000776aeb98 4 bytes {ADD [RAX], AL; JMP RAX} .text C:\Windows\system32\msdtc.exe[1204] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSymbolicLinkObject 00000000776aebb0 6 bytes [48, B8, D8, 03, B6, 02] .text C:\Windows\system32\msdtc.exe[1204] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSymbolicLinkObject + 8 00000000776aebb8 4 bytes {ADD [RAX], AL; JMP RAX} .text C:\Windows\system32\msdtc.exe[1204] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000776aebd0 6 bytes [48, B8, 8C, 0A, B6, 02] .text C:\Windows\system32\msdtc.exe[1204] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer + 8 00000000776aebd8 4 bytes {ADD [RAX], AL; JMP RAX} .text C:\Windows\system32\msdtc.exe[1204] C:\Windows\SYSTEM32\ntdll.dll!NtQueryFullAttributesFile 00000000776aed10 6 bytes [48, B8, 6C, 11, B6, 02] .text C:\Windows\system32\msdtc.exe[1204] C:\Windows\SYSTEM32\ntdll.dll!NtQueryFullAttributesFile + 8 00000000776aed18 4 bytes {ADD [RAX], AL; JMP RAX} .text C:\Windows\system32\msdtc.exe[1204] C:\Windows\system32\kernel32.dll!CompareStringA 00000000775507a0 5 bytes JMP 0000000177430d96 .text C:\Windows\system32\msdtc.exe[1204] C:\Windows\system32\kernel32.dll!CreateThread 0000000077555a20 5 bytes JMP 0000000177430d57 .text C:\Windows\system32\msdtc.exe[1204] C:\Windows\system32\kernel32.dll!CreateProcessInternalW 000000007755dbc0 12 bytes {MOV RAX, 0x2b61654; JMP RAX} .text C:\Windows\system32\msdtc.exe[1204] C:\Windows\system32\kernel32.dll!CreateProcessW + 1 0000000077560661 8 bytes [B8, E8, 15, B6, 02, 00, 00, ...] .text C:\Windows\system32\msdtc.exe[1204] C:\Windows\system32\kernel32.dll!CreateProcessW + 10 000000007756066a 2 bytes {JMP RAX} .text C:\Windows\system32\msdtc.exe[1204] C:\Windows\system32\ole32.dll!CoCreateInstance 000007fefe9d74a0 5 bytes JMP 000007fffe410fd9 .text C:\Windows\system32\msdtc.exe[1204] C:\Windows\system32\OLEAUT32.dll!SysAllocString 000007fefe0734a0 5 bytes JMP 000007fefe410ed5 .text C:\Windows\system32\msdtc.exe[1204] C:\Windows\system32\WS2_32.dll!GetAddrInfoW 000007fefdc123c0 5 bytes JMP 000007fefe410e93 .text C:\Windows\system32\msdtc.exe[1204] C:\Windows\system32\WS2_32.dll!GetAddrInfoExW 000007fefdc1c090 5 bytes JMP 000007fefe410e53 .text C:\Windows\system32\msdtc.exe[1204] C:\Windows\system32\WINMM.dll!PlaySoundW 000007fefa012144 5 bytes JMP 000007fffa000f93 .text C:\Windows\system32\msdtc.exe[1204] C:\Windows\system32\WINMM.dll!waveOutOpen 000007fefa0138d0 5 bytes JMP 000007fffa000f53 .text C:\Windows\system32\msdtc.exe[1204] C:\Windows\system32\WINMM.dll!PlaySound 000007fefa032f10 5 bytes JMP 000007fffa000fd9 .text C:\Windows\system32\msdtc.exe[1204] C:\Windows\system32\SHLWAPI.dll!GetAcceptLanguagesW 000007fefe1db230 5 bytes JMP 000007fefe410f0e .text C:\Windows\system32\msdtc.exe[1204] C:\Windows\system32\SHLWAPI.dll!GetAcceptLanguagesA 000007fefe1f5f68 5 bytes JMP 000007fefe410f53 .text C:\Windows\system32\msdtc.exe[1204] C:\Windows\system32\urlmon.dll!ObtainUserAgentString 000007fefe5f47f0 5 bytes JMP 000007fffe410f93 .text C:\Windows\system32\msdtc.exe[1204] C:\Windows\system32\SSPICLI.DLL!FreeCredentialsHandle 000007fefd1e1d90 12 bytes {MOV RAX, 0x2b62960; JMP RAX} .text C:\Windows\system32\msdtc.exe[1204] C:\Windows\system32\SSPICLI.DLL!AcquireCredentialsHandleA 000007fefd1f5444 12 bytes {MOV RAX, 0x2b616d4; JMP RAX} .text C:\Windows\system32\msdtc.exe[1204] C:\Windows\system32\mlang.dll!LcidToRfc1766W 000007feeee11744 5 bytes JMP 000007ffeee00fd3 .text C:\Windows\system32\msiexec.exe[7104] C:\Windows\SYSTEM32\ntdll.dll!NtOpenKey 00000000776adcd0 5 bytes [48, B8, A8, E7, 53] .text C:\Windows\system32\msiexec.exe[7104] C:\Windows\SYSTEM32\ntdll.dll!NtOpenKey + 8 00000000776adcd8 4 bytes {ADD [RAX], AL; JMP RAX} .text C:\Windows\system32\msiexec.exe[7104] C:\Windows\SYSTEM32\ntdll.dll!NtCreateKey 00000000776add80 5 bytes [48, B8, 50, E6, 53] .text C:\Windows\system32\msiexec.exe[7104] C:\Windows\SYSTEM32\ntdll.dll!NtCreateKey + 8 00000000776add88 4 bytes {ADD [RAX], AL; JMP RAX} .text C:\Windows\system32\msiexec.exe[7104] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile 00000000776adee0 5 bytes [48, B8, 64, E1, 53] .text C:\Windows\system32\msiexec.exe[7104] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile + 8 00000000776adee8 4 bytes {ADD [RAX], AL; JMP RAX} .text C:\Windows\system32\msiexec.exe[7104] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000776adf20 5 bytes [48, B8, D8, DE, 53] .text C:\Windows\system32\msiexec.exe[7104] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection + 8 00000000776adf28 4 bytes {ADD [RAX], AL; JMP RAX} .text C:\Windows\system32\msiexec.exe[7104] C:\Windows\SYSTEM32\ntdll.dll!NtQueryAttributesFile 00000000776adf80 5 bytes [48, B8, 64, E3, 53] .text C:\Windows\system32\msiexec.exe[7104] C:\Windows\SYSTEM32\ntdll.dll!NtQueryAttributesFile + 8 00000000776adf88 4 bytes {ADD [RAX], AL; JMP RAX} .text C:\Windows\system32\msiexec.exe[7104] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000776adfb0 5 bytes [48, B8, 28, D8, 53] .text C:\Windows\system32\msiexec.exe[7104] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent + 8 00000000776adfb8 4 bytes {ADD [RAX], AL; JMP RAX} .text C:\Windows\system32\msiexec.exe[7104] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000776ae030 5 bytes [48, B8, 04, D7, 53] .text C:\Windows\system32\msiexec.exe[7104] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent + 8 00000000776ae038 4 bytes {ADD [RAX], AL; JMP RAX} .text C:\Windows\system32\msiexec.exe[7104] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000776ae050 5 bytes [48, B8, 94, DD, 53] .text C:\Windows\system32\msiexec.exe[7104] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection + 8 00000000776ae058 4 bytes {ADD [RAX], AL; JMP RAX} .text C:\Windows\system32\msiexec.exe[7104] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000776ae090 5 bytes [48, B8, 14, E8, 53] .text C:\Windows\system32\msiexec.exe[7104] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread + 8 00000000776ae098 4 bytes {ADD [RAX], AL; JMP RAX} .text C:\Windows\system32\msiexec.exe[7104] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 00000000776ae100 5 bytes [48, B8, 00, DF, 53] .text C:\Windows\system32\msiexec.exe[7104] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile + 8 00000000776ae108 4 bytes {ADD [RAX], AL; JMP RAX} .text C:\Windows\system32\msiexec.exe[7104] C:\Windows\SYSTEM32\ntdll.dll!NtOpenDirectoryObject 00000000776ae130 5 bytes [48, B8, DC, D6, 53] .text C:\Windows\system32\msiexec.exe[7104] C:\Windows\SYSTEM32\ntdll.dll!NtOpenDirectoryObject + 8 00000000776ae138 4 bytes {ADD [RAX], AL; JMP RAX} .text C:\Windows\system32\msiexec.exe[7104] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000776ae520 5 bytes [48, B8, 34, E5, 53] .text C:\Windows\system32\msiexec.exe[7104] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion + 8 00000000776ae528 4 bytes {ADD [RAX], AL; JMP RAX} .text C:\Windows\system32\msiexec.exe[7104] C:\Windows\SYSTEM32\ntdll.dll!NtCreateKeyedEvent 00000000776ae560 5 bytes [48, B8, 50, D8, 53] .text C:\Windows\system32\msiexec.exe[7104] C:\Windows\SYSTEM32\ntdll.dll!NtCreateKeyedEvent + 8 00000000776ae568 4 bytes {ADD [RAX], AL; JMP RAX} .text C:\Windows\system32\msiexec.exe[7104] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000776ae580 5 bytes [48, B8, 94, D9, 53] .text C:\Windows\system32\msiexec.exe[7104] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant + 8 00000000776ae588 4 bytes {ADD [RAX], AL; JMP RAX} .text C:\Windows\system32\msiexec.exe[7104] C:\Windows\SYSTEM32\ntdll.dll!NtCreateNamedPipeFile 00000000776ae590 5 bytes [48, B8, C4, DF, 53] .text C:\Windows\system32\msiexec.exe[7104] C:\Windows\SYSTEM32\ntdll.dll!NtCreateNamedPipeFile + 8 00000000776ae598 4 bytes {ADD [RAX], AL; JMP RAX} .text C:\Windows\system32\msiexec.exe[7104] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000776ae610 5 bytes [48, B8, 04, DB, 53] .text C:\Windows\system32\msiexec.exe[7104] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore + 8 00000000776ae618 4 bytes {ADD [RAX], AL; JMP RAX} .text C:\Windows\system32\msiexec.exe[7104] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000776ae640 5 bytes [48, B8, 50, DC, 53] .text C:\Windows\system32\msiexec.exe[7104] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer + 8 00000000776ae648 4 bytes {ADD [RAX], AL; JMP RAX} .text C:\Windows\system32\msiexec.exe[7104] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteFile 00000000776ae700 5 bytes [48, B8, A8, E2, 53] .text C:\Windows\system32\msiexec.exe[7104] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteFile + 8 00000000776ae708 4 bytes {ADD [RAX], AL; JMP RAX} .text C:\Windows\system32\msiexec.exe[7104] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000776aeae0 5 bytes [48, B8, A8, E7, 53] .text C:\Windows\system32\msiexec.exe[7104] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion + 8 00000000776aeae8 4 bytes {ADD [RAX], AL; JMP RAX} .text C:\Windows\system32\msiexec.exe[7104] C:\Windows\SYSTEM32\ntdll.dll!NtOpenKeyEx 00000000776aeb00 5 bytes [48, B8, E0, E7, 53] .text C:\Windows\system32\msiexec.exe[7104] C:\Windows\SYSTEM32\ntdll.dll!NtOpenKeyEx + 8 00000000776aeb08 4 bytes {ADD [RAX], AL; JMP RAX} .text C:\Windows\system32\msiexec.exe[7104] C:\Windows\SYSTEM32\ntdll.dll!NtOpenKeyedEvent 00000000776aeb30 5 bytes [48, B8, 6C, D9, 53] .text C:\Windows\system32\msiexec.exe[7104] C:\Windows\SYSTEM32\ntdll.dll!NtOpenKeyedEvent + 8 00000000776aeb38 4 bytes {ADD [RAX], AL; JMP RAX} .text C:\Windows\system32\msiexec.exe[7104] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000776aeb40 5 bytes [48, B8, DC, DA, 53] .text C:\Windows\system32\msiexec.exe[7104] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant + 8 00000000776aeb48 4 bytes {ADD [RAX], AL; JMP RAX} .text C:\Windows\system32\msiexec.exe[7104] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000776aeb90 5 bytes [48, B8, 28, DC, 53] .text C:\Windows\system32\msiexec.exe[7104] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore + 8 00000000776aeb98 4 bytes {ADD [RAX], AL; JMP RAX} .text C:\Windows\system32\msiexec.exe[7104] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSymbolicLinkObject 00000000776aebb0 5 bytes [48, B8, B8, D6, 53] .text C:\Windows\system32\msiexec.exe[7104] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSymbolicLinkObject + 8 00000000776aebb8 4 bytes {ADD [RAX], AL; JMP RAX} .text C:\Windows\system32\msiexec.exe[7104] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000776aebd0 5 bytes [48, B8, 6C, DD, 53] .text C:\Windows\system32\msiexec.exe[7104] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer + 8 00000000776aebd8 4 bytes {ADD [RAX], AL; JMP RAX} .text C:\Windows\system32\msiexec.exe[7104] C:\Windows\SYSTEM32\ntdll.dll!NtQueryFullAttributesFile 00000000776aed10 6 bytes [48, B8, 4C, E4, 53, 00] .text C:\Windows\system32\msiexec.exe[7104] C:\Windows\SYSTEM32\ntdll.dll!NtQueryFullAttributesFile + 8 00000000776aed18 4 bytes {ADD [RAX], AL; JMP RAX} .text C:\Windows\system32\msiexec.exe[7104] C:\Windows\system32\kernel32.dll!CompareStringA 00000000775507a0 5 bytes JMP 0000000177430d96 .text C:\Windows\system32\msiexec.exe[7104] C:\Windows\system32\kernel32.dll!CreateThread 0000000077555a20 5 bytes JMP 0000000177430d57 .text C:\Windows\system32\msiexec.exe[7104] C:\Windows\system32\kernel32.dll!CreateProcessInternalW 000000007755dbc0 12 bytes {MOV RAX, 0x53e934; JMP RAX} .text C:\Windows\system32\msiexec.exe[7104] C:\Windows\system32\kernel32.dll!CreateProcessW + 1 0000000077560661 8 bytes [B8, C8, E8, 53, 00, 00, 00, ...] .text C:\Windows\system32\msiexec.exe[7104] C:\Windows\system32\kernel32.dll!CreateProcessW + 10 000000007756066a 2 bytes {JMP RAX} .text C:\Windows\system32\msiexec.exe[7104] C:\Windows\system32\ole32.dll!CoCreateInstance 000007fefe9d74a0 5 bytes JMP 000007fffe410fd9 .text C:\Windows\system32\msiexec.exe[7104] C:\Windows\system32\SHLWAPI.dll!GetAcceptLanguagesW 000007fefe1db230 5 bytes JMP 000007fefe410f0e .text C:\Windows\system32\msiexec.exe[7104] C:\Windows\system32\SHLWAPI.dll!GetAcceptLanguagesA 000007fefe1f5f68 5 bytes JMP 000007fefe410f53 .text C:\Windows\system32\msiexec.exe[7104] C:\Windows\system32\SspiCli.dll!FreeCredentialsHandle 000007fefd1e1d90 12 bytes {MOV RAX, 0x53fc40; JMP RAX} .text C:\Windows\system32\msiexec.exe[7104] C:\Windows\system32\SspiCli.dll!AcquireCredentialsHandleA 000007fefd1f5444 12 bytes {MOV RAX, 0x53e9b4; JMP RAX} .text C:\Windows\system32\msiexec.exe[7104] C:\Windows\system32\OLEAUT32.dll!SysAllocString 000007fefe0734a0 5 bytes JMP 000007fefe410ed5 .text C:\Windows\system32\msiexec.exe[7104] C:\Windows\system32\WS2_32.dll!GetAddrInfoW 000007fefdc123c0 5 bytes JMP 000007fefe410e93 .text C:\Windows\system32\msiexec.exe[7104] C:\Windows\system32\WS2_32.dll!GetAddrInfoExW 000007fefdc1c090 5 bytes JMP 000007fefe410e53 .text C:\Windows\system32\msiexec.exe[7104] C:\Windows\system32\urlmon.dll!ObtainUserAgentString 000007fefe5f47f0 5 bytes JMP 000007fffe410f93 .text C:\Windows\system32\msiexec.exe[7104] C:\Windows\system32\winmm.dll!PlaySoundW 000007fefa012144 5 bytes JMP 000007fffa000f93 .text C:\Windows\system32\msiexec.exe[7104] C:\Windows\system32\winmm.dll!waveOutOpen 000007fefa0138d0 5 bytes JMP 000007fffa000f53 .text C:\Windows\system32\msiexec.exe[7104] C:\Windows\system32\winmm.dll!PlaySound 000007fefa032f10 5 bytes JMP 000007fffa000fd9 .text C:\Windows\system32\msiexec.exe[7104] C:\Windows\system32\mlang.dll!LcidToRfc1766W 000007feeee11744 5 bytes JMP 000007ffeee00fd3 .text C:\Windows\system32\cmd.exe[7556] C:\Windows\SYSTEM32\ntdll.dll!NtOpenKey 00000000776adcd0 6 bytes [48, B8, 28, F5, F9, 01] .text C:\Windows\system32\cmd.exe[7556] C:\Windows\SYSTEM32\ntdll.dll!NtOpenKey + 8 00000000776adcd8 4 bytes {ADD [RAX], AL; JMP RAX} .text C:\Windows\system32\cmd.exe[7556] C:\Windows\SYSTEM32\ntdll.dll!NtCreateKey 00000000776add80 6 bytes [48, B8, D0, F3, F9, 01] .text C:\Windows\system32\cmd.exe[7556] C:\Windows\SYSTEM32\ntdll.dll!NtCreateKey + 8 00000000776add88 4 bytes {ADD [RAX], AL; JMP RAX} .text C:\Windows\system32\cmd.exe[7556] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile 00000000776adee0 6 bytes [48, B8, E4, EE, F9, 01] .text C:\Windows\system32\cmd.exe[7556] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile + 8 00000000776adee8 4 bytes {ADD [RAX], AL; JMP RAX} .text C:\Windows\system32\cmd.exe[7556] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000776adf20 6 bytes [48, B8, 58, EC, F9, 01] .text C:\Windows\system32\cmd.exe[7556] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection + 8 00000000776adf28 4 bytes {ADD [RAX], AL; JMP RAX} .text C:\Windows\system32\cmd.exe[7556] C:\Windows\SYSTEM32\ntdll.dll!NtQueryAttributesFile 00000000776adf80 6 bytes [48, B8, E4, F0, F9, 01] .text C:\Windows\system32\cmd.exe[7556] C:\Windows\SYSTEM32\ntdll.dll!NtQueryAttributesFile + 8 00000000776adf88 4 bytes {ADD [RAX], AL; JMP RAX} .text C:\Windows\system32\cmd.exe[7556] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000776adfb0 6 bytes [48, B8, A8, E5, F9, 01] .text C:\Windows\system32\cmd.exe[7556] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent + 8 00000000776adfb8 4 bytes {ADD [RAX], AL; JMP RAX} .text C:\Windows\system32\cmd.exe[7556] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000776ae030 6 bytes [48, B8, 84, E4, F9, 01] .text C:\Windows\system32\cmd.exe[7556] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent + 8 00000000776ae038 4 bytes {ADD [RAX], AL; JMP RAX} .text C:\Windows\system32\cmd.exe[7556] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000776ae050 6 bytes [48, B8, 14, EB, F9, 01] .text C:\Windows\system32\cmd.exe[7556] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection + 8 00000000776ae058 4 bytes {ADD [RAX], AL; JMP RAX} .text C:\Windows\system32\cmd.exe[7556] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000776ae090 6 bytes [48, B8, 94, F5, F9, 01] .text C:\Windows\system32\cmd.exe[7556] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread + 8 00000000776ae098 4 bytes {ADD [RAX], AL; JMP RAX} .text C:\Windows\system32\cmd.exe[7556] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 00000000776ae100 6 bytes [48, B8, 80, EC, F9, 01] .text C:\Windows\system32\cmd.exe[7556] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile + 8 00000000776ae108 4 bytes {ADD [RAX], AL; JMP RAX} .text C:\Windows\system32\cmd.exe[7556] C:\Windows\SYSTEM32\ntdll.dll!NtOpenDirectoryObject 00000000776ae130 6 bytes [48, B8, 5C, E4, F9, 01] .text C:\Windows\system32\cmd.exe[7556] C:\Windows\SYSTEM32\ntdll.dll!NtOpenDirectoryObject + 8 00000000776ae138 4 bytes {ADD [RAX], AL; JMP RAX} .text C:\Windows\system32\cmd.exe[7556] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000776ae520 6 bytes [48, B8, B4, F2, F9, 01] .text C:\Windows\system32\cmd.exe[7556] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion + 8 00000000776ae528 4 bytes {ADD [RAX], AL; JMP RAX} .text C:\Windows\system32\cmd.exe[7556] C:\Windows\SYSTEM32\ntdll.dll!NtCreateKeyedEvent 00000000776ae560 6 bytes [48, B8, D0, E5, F9, 01] .text C:\Windows\system32\cmd.exe[7556] C:\Windows\SYSTEM32\ntdll.dll!NtCreateKeyedEvent + 8 00000000776ae568 4 bytes {ADD [RAX], AL; JMP RAX} .text C:\Windows\system32\cmd.exe[7556] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000776ae580 6 bytes [48, B8, 14, E7, F9, 01] .text C:\Windows\system32\cmd.exe[7556] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant + 8 00000000776ae588 4 bytes {ADD [RAX], AL; JMP RAX} .text C:\Windows\system32\cmd.exe[7556] C:\Windows\SYSTEM32\ntdll.dll!NtCreateNamedPipeFile 00000000776ae590 6 bytes [48, B8, 44, ED, F9, 01] .text C:\Windows\system32\cmd.exe[7556] C:\Windows\SYSTEM32\ntdll.dll!NtCreateNamedPipeFile + 8 00000000776ae598 4 bytes {ADD [RAX], AL; JMP RAX} .text C:\Windows\system32\cmd.exe[7556] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000776ae610 6 bytes [48, B8, 84, E8, F9, 01] .text C:\Windows\system32\cmd.exe[7556] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore + 8 00000000776ae618 4 bytes {ADD [RAX], AL; JMP RAX} .text C:\Windows\system32\cmd.exe[7556] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000776ae640 6 bytes [48, B8, D0, E9, F9, 01] .text C:\Windows\system32\cmd.exe[7556] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer + 8 00000000776ae648 4 bytes {ADD [RAX], AL; JMP RAX} .text C:\Windows\system32\cmd.exe[7556] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteFile 00000000776ae700 6 bytes [48, B8, 28, F0, F9, 01] .text C:\Windows\system32\cmd.exe[7556] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteFile + 8 00000000776ae708 4 bytes {ADD [RAX], AL; JMP RAX} .text C:\Windows\system32\cmd.exe[7556] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000776aeae0 6 bytes [48, B8, 28, F5, F9, 01] .text C:\Windows\system32\cmd.exe[7556] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion + 8 00000000776aeae8 4 bytes {ADD [RAX], AL; JMP RAX} .text C:\Windows\system32\cmd.exe[7556] C:\Windows\SYSTEM32\ntdll.dll!NtOpenKeyEx 00000000776aeb00 6 bytes [48, B8, 60, F5, F9, 01] .text C:\Windows\system32\cmd.exe[7556] C:\Windows\SYSTEM32\ntdll.dll!NtOpenKeyEx + 8 00000000776aeb08 4 bytes {ADD [RAX], AL; JMP RAX} .text C:\Windows\system32\cmd.exe[7556] C:\Windows\SYSTEM32\ntdll.dll!NtOpenKeyedEvent 00000000776aeb30 6 bytes [48, B8, EC, E6, F9, 01] .text C:\Windows\system32\cmd.exe[7556] C:\Windows\SYSTEM32\ntdll.dll!NtOpenKeyedEvent + 8 00000000776aeb38 4 bytes {ADD [RAX], AL; JMP RAX} .text C:\Windows\system32\cmd.exe[7556] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000776aeb40 6 bytes [48, B8, 5C, E8, F9, 01] .text C:\Windows\system32\cmd.exe[7556] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant + 8 00000000776aeb48 4 bytes {ADD [RAX], AL; JMP RAX} .text C:\Windows\system32\cmd.exe[7556] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000776aeb90 6 bytes [48, B8, A8, E9, F9, 01] .text C:\Windows\system32\cmd.exe[7556] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore + 8 00000000776aeb98 4 bytes {ADD [RAX], AL; JMP RAX} .text C:\Windows\system32\cmd.exe[7556] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSymbolicLinkObject 00000000776aebb0 6 bytes [48, B8, 38, E4, F9, 01] .text C:\Windows\system32\cmd.exe[7556] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSymbolicLinkObject + 8 00000000776aebb8 4 bytes {ADD [RAX], AL; JMP RAX} .text C:\Windows\system32\cmd.exe[7556] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000776aebd0 6 bytes [48, B8, EC, EA, F9, 01] .text C:\Windows\system32\cmd.exe[7556] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer + 8 00000000776aebd8 4 bytes {ADD [RAX], AL; JMP RAX} .text C:\Windows\system32\cmd.exe[7556] C:\Windows\SYSTEM32\ntdll.dll!NtQueryFullAttributesFile 00000000776aed10 5 bytes [48, B8, CC, F1, F9] .text C:\Windows\system32\cmd.exe[7556] C:\Windows\SYSTEM32\ntdll.dll!NtQueryFullAttributesFile + 8 00000000776aed18 4 bytes {ADD [RAX], AL; JMP RAX} .text C:\Windows\system32\cmd.exe[7556] C:\Windows\system32\kernel32.dll!CompareStringA 00000000775507a0 5 bytes JMP 0000000177430d96 .text C:\Windows\system32\cmd.exe[7556] C:\Windows\system32\kernel32.dll!CreateThread 0000000077555a20 5 bytes JMP 0000000177430d57 .text C:\Windows\system32\cmd.exe[7556] C:\Windows\system32\kernel32.dll!CreateProcessInternalW 000000007755dbc0 12 bytes {MOV RAX, 0x1f9f6b4; JMP RAX} .text C:\Windows\system32\cmd.exe[7556] C:\Windows\system32\kernel32.dll!CreateProcessW + 1 0000000077560661 8 bytes [B8, 48, F6, F9, 01, 00, 00, ...] .text C:\Windows\system32\cmd.exe[7556] C:\Windows\system32\kernel32.dll!CreateProcessW + 10 000000007756066a 2 bytes {JMP RAX} .text C:\Windows\system32\cmd.exe[7556] C:\Windows\system32\SHLWAPI.dll!GetAcceptLanguagesW 000007fefe1db230 5 bytes JMP 000007fefe410f0e .text C:\Windows\system32\cmd.exe[7556] C:\Windows\system32\SHLWAPI.dll!GetAcceptLanguagesA 000007fefe1f5f68 5 bytes JMP 000007fefe410f53 .text C:\Windows\system32\cmd.exe[7556] C:\Windows\system32\ole32.dll!CoCreateInstance 000007fefe9d74a0 5 bytes JMP 000007fffe410fd9 .text C:\Windows\system32\cmd.exe[7556] C:\Windows\system32\OLEAUT32.dll!SysAllocString 000007fefe0734a0 5 bytes JMP 000007fefe410ed5 .text C:\Windows\system32\cmd.exe[7556] C:\Windows\system32\WS2_32.dll!GetAddrInfoW 000007fefdc123c0 5 bytes JMP 000007fefe410e93 .text C:\Windows\system32\cmd.exe[7556] C:\Windows\system32\WS2_32.dll!GetAddrInfoExW 000007fefdc1c090 5 bytes JMP 000007fefe410e53 .text C:\Windows\system32\cmd.exe[7556] C:\Windows\system32\urlmon.dll!ObtainUserAgentString 000007fefe5f47f0 5 bytes JMP 000007fffe410f93 .text C:\Windows\system32\cmd.exe[7556] C:\Windows\system32\SSPICLI.DLL!FreeCredentialsHandle 000007fefd1e1d90 12 bytes {MOV RAX, 0x1fa09c0; JMP RAX} .text C:\Windows\system32\cmd.exe[7556] C:\Windows\system32\SSPICLI.DLL!AcquireCredentialsHandleA 000007fefd1f5444 12 bytes {MOV RAX, 0x1f9f734; JMP RAX} .text C:\Users\Primol\Desktop\gmer.exe[7820] C:\Windows\SysWOW64\WINMM.dll!waveOutOpen 00000000742c451e 5 bytes JMP 000000011000ab40 .text C:\Users\Primol\Desktop\gmer.exe[7820] C:\Windows\SysWOW64\WINMM.dll!waveOutClose 00000000742c4b6d 5 bytes JMP 000000011000abb0 .text C:\Users\Primol\Desktop\gmer.exe[7820] C:\Windows\SysWOW64\WINMM.dll!waveOutUnprepareHeader 00000000742c4bf2 5 bytes JMP 000000011000ac90 .text C:\Users\Primol\Desktop\gmer.exe[7820] C:\Windows\SysWOW64\WINMM.dll!waveOutPrepareHeader 00000000742c4f0f 5 bytes JMP 000000011000ac50 .text C:\Users\Primol\Desktop\gmer.exe[7820] C:\Windows\SysWOW64\WINMM.dll!waveOutWrite 00000000742c4f7b 5 bytes JMP 000000011000ac10 .text C:\Users\Primol\Desktop\gmer.exe[7820] C:\Windows\SysWOW64\WINMM.dll!waveInOpen 00000000742c9054 5 bytes JMP 000000011000ad10 .text C:\Users\Primol\Desktop\gmer.exe[7820] C:\Windows\SysWOW64\WINMM.dll!waveOutReset 00000000742cadf9 5 bytes JMP 000000011000abe0 .text C:\Users\Primol\Desktop\gmer.exe[7820] C:\Windows\SysWOW64\WINMM.dll!waveOutGetVolume 00000000742e52e8 5 bytes JMP 000000011000acd0 .text C:\Users\Primol\Desktop\gmer.exe[7820] C:\Windows\SysWOW64\WINMM.dll!waveOutSetVolume 00000000742e535f 5 bytes JMP 000000011000acf0 .text C:\Users\Primol\Desktop\gmer.exe[7820] C:\Windows\SysWOW64\WINMM.dll!waveInClose 00000000742e59cc 5 bytes JMP 000000011000ae40 .text C:\Users\Primol\Desktop\gmer.exe[7820] C:\Windows\SysWOW64\WINMM.dll!waveInPrepareHeader 00000000742e5a6a 5 bytes JMP 000000011000aec0 .text C:\Users\Primol\Desktop\gmer.exe[7820] C:\Windows\SysWOW64\WINMM.dll!waveInUnprepareHeader 00000000742e5ad7 5 bytes JMP 000000011000af00 .text C:\Users\Primol\Desktop\gmer.exe[7820] C:\Windows\SysWOW64\WINMM.dll!waveInAddBuffer 00000000742e5b5b 5 bytes JMP 000000011000af40 .text C:\Users\Primol\Desktop\gmer.exe[7820] C:\Windows\SysWOW64\WINMM.dll!waveInStart 00000000742e5bba 5 bytes JMP 000000011000af80 .text C:\Users\Primol\Desktop\gmer.exe[7820] C:\Windows\SysWOW64\WINMM.dll!waveInStop 00000000742e5bee 5 bytes JMP 000000011000b000 .text C:\Users\Primol\Desktop\gmer.exe[7820] C:\Windows\SysWOW64\WINMM.dll!waveInReset 00000000742e5c22 5 bytes JMP 000000011000b060 .text C:\Users\Primol\Desktop\gmer.exe[7820] C:\Windows\SysWOW64\WINMM.dll!waveInGetPosition 00000000742e5c67 5 bytes JMP 000000011000b0d0 .text C:\Users\Primol\Desktop\gmer.exe[7820] C:\Windows\SysWOW64\DSOUND.dll!DirectSoundCreate 0000000073f97e3d 5 bytes JMP 000000011000a690 .text C:\Users\Primol\Desktop\gmer.exe[7820] C:\Windows\SysWOW64\DSOUND.dll!DirectSoundCreate8 0000000073fcde69 5 bytes JMP 000000011000a770 .text C:\Users\Primol\Desktop\gmer.exe[7820] C:\Windows\SysWOW64\DSOUND.dll!DirectSoundCaptureCreate 0000000073fdd2c5 5 bytes JMP 000000011000a8a0 .text C:\Users\Primol\Desktop\gmer.exe[7820] C:\Windows\SysWOW64\DSOUND.dll!DirectSoundCaptureCreate8 0000000073fdd371 5 bytes JMP 000000011000a990 .text C:\Users\Primol\Desktop\gmer.exe[7820] C:\Windows\SysWOW64\DSOUND.dll!DirectSoundFullDuplexCreate 0000000073fdd429 5 bytes JMP 000000011000aa80 .text C:\Users\Primol\Desktop\gmer.exe[7820] C:\Windows\syswow64\ole32.dll!CoCreateInstance 00000000771e9d0b 5 bytes JMP 000000011000a4d0 .text C:\Users\Primol\Desktop\gmer.exe[7820] C:\Windows\syswow64\ole32.dll!CoCreateInstanceEx 00000000771e9d4e 5 bytes JMP 000000011000a630 ---- User IAT/EAT - GMER 2.1 ---- IAT C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3128] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[sqmapi.dll!SqmAddToStreamDWord] [7fee64d741c] C:\Program Files\Common Files\Microsoft Shared\Windows Live\sqmapi.dll IAT C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3128] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[sqmapi.dll!SqmSet] [7fee64d5f10] C:\Program Files\Common Files\Microsoft Shared\Windows Live\sqmapi.dll IAT C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3128] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[sqmapi.dll!SqmEndSession] [7fee64d5674] C:\Program Files\Common Files\Microsoft Shared\Windows Live\sqmapi.dll IAT C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3128] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[sqmapi.dll!SqmStartSession] [7fee64d5e2c] C:\Program Files\Common Files\Microsoft Shared\Windows Live\sqmapi.dll IAT C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3128] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[sqmapi.dll!SqmStartUpload] [7fee64d7f48] C:\Program Files\Common Files\Microsoft Shared\Windows Live\sqmapi.dll IAT C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3128] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[sqmapi.dll!SqmSetAppVersion] [7fee64d6a38] C:\Program Files\Common Files\Microsoft Shared\Windows Live\sqmapi.dll IAT C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3128] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[sqmapi.dll!SqmSetMachineId] [7fee64d6ee8] C:\Program Files\Common Files\Microsoft Shared\Windows Live\sqmapi.dll IAT C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3128] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[sqmapi.dll!SqmWriteSharedMachineId] [7fee64d7b58] C:\Program Files\Common Files\Microsoft Shared\Windows Live\sqmapi.dll IAT C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3128] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[sqmapi.dll!SqmCreateNewId] [7fee64d7ea0] C:\Program Files\Common Files\Microsoft Shared\Windows Live\sqmapi.dll IAT C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3128] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[sqmapi.dll!SqmReadSharedMachineId] [7fee64d78b0] C:\Program Files\Common Files\Microsoft Shared\Windows Live\sqmapi.dll IAT C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3128] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[sqmapi.dll!SqmGetSession] [7fee64d4fb4] C:\Program Files\Common Files\Microsoft Shared\Windows Live\sqmapi.dll IAT C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3128] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[sqmapi.dll!SqmSetAppId] [7fee64d5d38] C:\Program Files\Common Files\Microsoft Shared\Windows Live\sqmapi.dll IAT C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3128] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[sqmapi.dll!SqmAddToStreamString] [7fee64d7584] C:\Program Files\Common Files\Microsoft Shared\Windows Live\sqmapi.dll IAT C:\Windows\system32\msiexec.exe[6448] @ C:\Windows\system32\msiexec.exe[ADVAPI32.dll!RegCreateKeyExW] [7fef1fbb4f4] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[6448] @ C:\Windows\system32\msiexec.exe[ADVAPI32.dll!RegDeleteValueW] [7fef1fbbbc8] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[6448] @ C:\Windows\system32\msiexec.exe[ADVAPI32.dll!RegOpenKeyExW] [7fef1fbb6d0] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[6448] @ C:\Windows\system32\msiexec.exe[ADVAPI32.dll!RegSetValueExW] [7fef1fbbaa8] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[6448] @ C:\Windows\system32\msiexec.exe[KERNEL32.dll!GetProcAddress] [7fefd214230] C:\Windows\system32\apphelp.dll IAT C:\Windows\system32\msiexec.exe[6448] @ C:\Windows\system32\ADVAPI32.dll[KERNEL32.dll!CopyFileW] [7fef1fba184] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[6448] @ C:\Windows\system32\ADVAPI32.dll[KERNEL32.dll!GetProcAddress] [7fefd214230] C:\Windows\system32\apphelp.dll IAT C:\Windows\system32\msiexec.exe[6448] @ C:\Windows\system32\ADVAPI32.dll[KERNEL32.dll!CreateFileW] [7fef1fba42c] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[6448] @ C:\Windows\system32\ADVAPI32.dll[KERNEL32.dll!DeleteFileW] [7fef1fba5e4] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[6448] @ C:\Windows\system32\USER32.dll[KERNEL32.dll!RegOpenKeyExW] [7fef1fbb6d0] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[6448] @ C:\Windows\system32\USER32.dll[KERNEL32.dll!RegCreateKeyExW] [7fef1fbb4f4] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[6448] @ C:\Windows\system32\USER32.dll[KERNEL32.dll!RegSetValueExW] [7fef1fbbaa8] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[6448] @ C:\Windows\system32\USER32.dll[KERNEL32.dll!GetProcAddress] [7fefd214230] C:\Windows\system32\apphelp.dll IAT C:\Windows\system32\msiexec.exe[6448] @ C:\Windows\system32\USER32.dll[KERNEL32.dll!CreateFileW] [7fef1fba42c] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[6448] @ C:\Windows\system32\GDI32.dll[KERNEL32.dll!CopyFileW] [7fef1fba184] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[6448] @ C:\Windows\system32\GDI32.dll[KERNEL32.dll!DeleteFileW] [7fef1fba5e4] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[6448] @ C:\Windows\system32\GDI32.dll[KERNEL32.dll!CreateFileW] [7fef1fba42c] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[6448] @ C:\Windows\system32\GDI32.dll[KERNEL32.dll!GetProcAddress] [7fefd214230] C:\Windows\system32\apphelp.dll IAT C:\Windows\system32\msiexec.exe[6448] @ C:\Windows\system32\msi.dll[ADVAPI32.dll!SetFileSecurityW] [7fef1fbbcb0] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[6448] @ C:\Windows\system32\msi.dll[ADVAPI32.dll!RegCreateKeyExW] [7fef1fbb4f4] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[6448] @ C:\Windows\system32\msi.dll[ADVAPI32.dll!RegSetValueExA] [7fef1fbba0c] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[6448] @ C:\Windows\system32\msi.dll[ADVAPI32.dll!RegOpenKeyExW] [7fef1fbb6d0] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[6448] @ C:\Windows\system32\msi.dll[ADVAPI32.dll!RegDeleteValueW] [7fef1fbbbc8] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[6448] @ C:\Windows\system32\msi.dll[ADVAPI32.dll!RegDeleteKeyW] [7fef1fbd12c] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[6448] @ C:\Windows\system32\msi.dll[ADVAPI32.dll!RegSetValueExW] [7fef1fbbaa8] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[6448] @ C:\Windows\system32\msi.dll[KERNEL32.dll!MoveFileExW] [7fef1fba804] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[6448] @ C:\Windows\system32\msi.dll[KERNEL32.dll!SetFileAttributesW] [7fef1fbabe0] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[6448] @ C:\Windows\system32\msi.dll[KERNEL32.dll!MoveFileW] [7fef1fba6e0] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[6448] @ C:\Windows\system32\msi.dll[KERNEL32.dll!DeleteFileW] [7fef1fba5e4] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[6448] @ C:\Windows\system32\msi.dll[KERNEL32.dll!CreateFileW] [7fef1fba42c] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[6448] @ C:\Windows\system32\msi.dll[KERNEL32.dll!GetProcAddress] [7fefd214230] C:\Windows\system32\apphelp.dll IAT C:\Windows\system32\msiexec.exe[6448] @ C:\Windows\system32\SHELL32.dll[KERNEL32.dll!CopyFileW] [7fef1fba184] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[6448] @ C:\Windows\system32\SHELL32.dll[KERNEL32.dll!MoveFileExW] [7fef1fba804] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[6448] @ C:\Windows\system32\SHELL32.dll[KERNEL32.dll!MoveFileW] [7fef1fba6e0] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[6448] @ C:\Windows\system32\SHLWAPI.dll[KERNEL32.dll!DeleteFileW] [7fef1fba5e4] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[6448] @ C:\Windows\system32\SHLWAPI.dll[KERNEL32.dll!CreateFileW] [7fef1fba42c] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[6448] @ C:\Windows\system32\SHLWAPI.dll[KERNEL32.dll!SetFileAttributesW] [7fef1fbabe0] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[6448] @ C:\Windows\system32\SHLWAPI.dll[KERNEL32.dll!SetFileAttributesA] [7fef1fbab7c] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[6448] @ C:\Windows\system32\SHLWAPI.dll[KERNEL32.dll!GetProcAddress] [7fefd214230] C:\Windows\system32\apphelp.dll IAT C:\Windows\system32\msiexec.exe[6448] @ C:\Windows\system32\SHLWAPI.dll[KERNEL32.dll!CreateFileA] [7fef1fba2d8] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[6448] @ C:\Windows\system32\WINSPOOL.DRV[KERNEL32.dll!DeleteFileW] [7fef1fba5e4] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[6448] @ C:\Windows\system32\WINSPOOL.DRV[KERNEL32.dll!MoveFileExW] [7fef1fba804] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[6448] @ C:\Windows\system32\WINSPOOL.DRV[KERNEL32.dll!SetFileAttributesW] [7fef1fbabe0] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[6448] @ C:\Windows\system32\WINSPOOL.DRV[KERNEL32.dll!CopyFileW] [7fef1fba184] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[6448] @ C:\Windows\system32\WINSPOOL.DRV[KERNEL32.dll!CreateFileW] [7fef1fba42c] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[6448] @ C:\Windows\system32\WINSPOOL.DRV[KERNEL32.dll!GetProcAddress] [7fefd214230] C:\Windows\system32\apphelp.dll IAT C:\Windows\system32\msiexec.exe[6448] @ C:\Windows\system32\MPR.dll[KERNEL32.dll!GetProcAddress] [7fefd214230] C:\Windows\system32\apphelp.dll IAT C:\Windows\system32\msiexec.exe[6448] @ C:\Windows\system32\sfc_os.DLL[KERNEL32.dll!GetProcAddress] [7fefd214230] C:\Windows\system32\apphelp.dll IAT C:\Windows\system32\msiexec.exe[6448] @ C:\Windows\system32\USERENV.dll[KERNEL32.dll!PrivCopyFileExW] [7fef1fbab04] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[6448] @ C:\Windows\system32\USERENV.dll[KERNEL32.dll!MoveFileExW] [7fef1fba804] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[6448] @ C:\Windows\system32\dwmapi.dll[KERNEL32.dll!GetProcAddress] [7fefd214230] C:\Windows\system32\apphelp.dll IAT C:\Windows\system32\msiexec.exe[6448] @ C:\Windows\system32\IMM32.DLL[KERNEL32.dll!OpenFile] [7fef1fba890] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[6448] @ C:\Windows\system32\IMM32.DLL[KERNEL32.dll!CreateFileW] [7fef1fba42c] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[6448] @ C:\Windows\system32\IMM32.DLL[KERNEL32.dll!GetProcAddress] [7fefd214230] C:\Windows\system32\apphelp.dll IAT C:\Windows\system32\msiexec.exe[6448] @ C:\Windows\system32\MSCTF.dll[KERNEL32.dll!GetProcAddress] [7fefd214230] C:\Windows\system32\apphelp.dll IAT C:\Windows\system32\msiexec.exe[6448] @ C:\Windows\system32\OLEAUT32.dll[KERNEL32.dll!GetProcAddress] [7fefd214230] C:\Windows\system32\apphelp.dll IAT C:\Windows\system32\msiexec.exe[6448] @ C:\Windows\system32\OLEAUT32.dll[KERNEL32.dll!_lwrite] [7fef1fbaa1c] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[6448] @ C:\Windows\system32\OLEAUT32.dll[KERNEL32.dll!CreateFileW] [7fef1fba42c] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[6448] @ C:\Windows\system32\OLEAUT32.dll[KERNEL32.dll!CreateFileA] [7fef1fba2d8] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[6448] @ C:\Windows\system32\WINHTTP.dll[KERNEL32.dll!CreateFileW] [7fef1fba42c] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[6448] @ C:\Windows\system32\WINHTTP.dll[KERNEL32.dll!GetProcAddress] [7fefd214230] C:\Windows\system32\apphelp.dll IAT C:\Windows\system32\msiexec.exe[6448] @ C:\Windows\system32\webio.dll[KERNEL32.dll!GetProcAddress] [7fefd214230] C:\Windows\system32\apphelp.dll IAT C:\Windows\system32\msiexec.exe[6448] @ C:\Windows\system32\webio.dll[KERNEL32.dll!RegOpenKeyExW] [7fef1fbb6d0] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[6448] @ C:\Windows\system32\urlmon.dll[KERNEL32.dll!GetProcAddress] [7fefd214230] C:\Windows\system32\apphelp.dll IAT C:\Windows\system32\msiexec.exe[6448] @ C:\Windows\system32\urlmon.dll[KERNEL32.dll!DeleteFileW] [7fef1fba5e4] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[6448] @ C:\Windows\system32\urlmon.dll[KERNEL32.dll!CreateFileW] [7fef1fba42c] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[6448] @ C:\Windows\system32\urlmon.dll[KERNEL32.dll!CreateFileA] [7fef1fba2d8] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[6448] @ C:\Windows\system32\urlmon.dll[KERNEL32.dll!SetFileAttributesA] [7fef1fbab7c] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[6448] @ C:\Windows\system32\urlmon.dll[KERNEL32.dll!DeleteFileA] [7fef1fba580] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[6448] @ C:\Windows\system32\urlmon.dll[KERNEL32.dll!CopyFileA] [7fef1fba120] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[6448] @ C:\Windows\system32\urlmon.dll[KERNEL32.dll!MoveFileExW] [7fef1fba804] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[6448] @ C:\Windows\system32\version.DLL[KERNEL32.dll!_lcreat] [7fef1fba9a0] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[6448] @ C:\Windows\system32\version.DLL[KERNEL32.dll!_lopen] [7fef1fba924] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[6448] @ C:\Windows\system32\version.DLL[KERNEL32.dll!_lwrite] [7fef1fbaa1c] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[6448] @ C:\Windows\system32\version.DLL[KERNEL32.dll!DeleteFileA] [7fef1fba580] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[6448] @ C:\Windows\system32\version.DLL[KERNEL32.dll!GetProcAddress] [7fefd214230] C:\Windows\system32\apphelp.dll IAT C:\Windows\system32\msiexec.exe[6448] @ C:\Windows\system32\version.DLL[KERNEL32.dll!CreateFileW] [7fef1fba42c] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[6448] @ C:\Windows\system32\version.DLL[KERNEL32.dll!DeleteFileW] [7fef1fba5e4] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[6448] @ C:\Windows\system32\version.DLL[KERNEL32.dll!MoveFileW] [7fef1fba6e0] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[6448] @ C:\Windows\system32\iertutil.dll[KERNEL32.dll!GetProcAddress] [7fefd214230] C:\Windows\system32\apphelp.dll IAT C:\Windows\system32\msiexec.exe[6448] @ C:\Windows\system32\iertutil.dll[KERNEL32.dll!CreateFileW] [7fef1fba42c] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[6448] @ C:\Windows\system32\WININET.dll[KERNEL32.dll!CopyFileW] [7fef1fba184] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[6448] @ C:\Windows\system32\WININET.dll[KERNEL32.dll!MoveFileW] [7fef1fba6e0] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[6448] @ C:\Windows\system32\WININET.dll[KERNEL32.dll!GetProcAddress] [7fefd214230] C:\Windows\system32\apphelp.dll IAT C:\Windows\system32\msiexec.exe[6448] @ C:\Windows\system32\WININET.dll[KERNEL32.dll!CreateFileW] [7fef1fba42c] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[6448] @ C:\Windows\system32\WININET.dll[KERNEL32.dll!DeleteFileW] [7fef1fba5e4] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[6448] @ C:\Windows\system32\WININET.dll[KERNEL32.dll!CreateFileA] [7fef1fba2d8] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[6448] @ C:\Windows\system32\WININET.dll[KERNEL32.dll!SetFileAttributesW] [7fef1fbabe0] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[6448] @ C:\Windows\system32\WININET.dll[KERNEL32.dll!MoveFileExW] [7fef1fba804] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[6448] @ C:\Windows\system32\srvcli.dll[KERNEL32.dll!GetProcAddress] [7fefd214230] C:\Windows\system32\apphelp.dll IAT C:\Windows\system32\msiexec.exe[6448] @ C:\Windows\system32\wkscli.dll[KERNEL32.dll!GetProcAddress] [7fefd214230] C:\Windows\system32\apphelp.dll IAT C:\Windows\system32\msiexec.exe[6448] @ C:\Windows\system32\secur32.dll[KERNEL32.dll!GetProcAddress] [7fefd214230] C:\Windows\system32\apphelp.dll IAT C:\Windows\system32\msiexec.exe[6448] @ C:\Windows\system32\credssp.dll[KERNEL32.dll!GetProcAddress] [7fefd214230] C:\Windows\system32\apphelp.dll IAT C:\Windows\system32\msiexec.exe[6448] @ C:\Windows\system32\schannel.DLL[KERNEL32.dll!MoveFileExW] [7fef1fba804] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[6448] @ C:\Windows\system32\schannel.DLL[KERNEL32.dll!GetProcAddress] [7fefd214230] C:\Windows\system32\apphelp.dll IAT C:\Windows\system32\msiexec.exe[6448] @ C:\Windows\system32\CRYPT32.dll[KERNEL32.dll!CreateFileA] [7fef1fba2d8] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[6448] @ C:\Windows\system32\CRYPT32.dll[KERNEL32.dll!DeleteFileW] [7fef1fba5e4] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[6448] @ C:\Windows\system32\CRYPT32.dll[KERNEL32.dll!SetFileAttributesW] [7fef1fbabe0] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[6448] @ C:\Windows\system32\CRYPT32.dll[KERNEL32.dll!CreateFileW] [7fef1fba42c] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[6448] @ C:\Windows\system32\CRYPT32.dll[KERNEL32.dll!GetProcAddress] [7fefd214230] C:\Windows\system32\apphelp.dll IAT C:\Windows\system32\msiexec.exe[6448] @ C:\Windows\system32\OLEACC.dll[KERNEL32.dll!GetProcAddress] [7fefd214230] C:\Windows\system32\apphelp.dll IAT C:\Windows\system32\msiexec.exe[6448] @ C:\Windows\system32\winmm.dll[KERNEL32.dll!DeleteFileW] [7fef1fba5e4] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[6448] @ C:\Windows\system32\winmm.dll[KERNEL32.dll!MoveFileW] [7fef1fba6e0] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[6448] @ C:\Windows\system32\winmm.dll[KERNEL32.dll!_lwrite] [7fef1fbaa1c] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[6448] @ C:\Windows\system32\winmm.dll[KERNEL32.dll!GetProcAddress] [7fefd214230] C:\Windows\system32\apphelp.dll IAT C:\Windows\system32\msiexec.exe[6448] @ C:\Windows\system32\winmm.dll[KERNEL32.dll!CreateFileW] [7fef1fba42c] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[6448] @ C:\Windows\system32\mlang.dll[KERNEL32.dll!GetProcAddress] [7fefd214230] C:\Windows\system32\apphelp.dll IAT C:\Windows\system32\msiexec.exe[6448] @ C:\Windows\system32\mlang.dll[KERNEL32.dll!CreateFileA] [7fef1fba2d8] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[6448] @ C:\Windows\system32\uxtheme.dll[KERNEL32.dll!CreateFileW] [7fef1fba42c] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[6448] @ C:\Windows\system32\uxtheme.dll[KERNEL32.dll!GetProcAddress] [7fefd214230] C:\Windows\system32\apphelp.dll IAT C:\Windows\system32\msiexec.exe[6448] @ C:\Windows\system32\uxtheme.dll[KERNEL32.dll!RegDeleteValueW] [7fef1fbbbc8] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[6448] @ C:\Windows\system32\CLBCatQ.DLL[ADVAPI32.dll!RegDeleteValueW] [7fef1fbbbc8] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[6448] @ C:\Windows\system32\CLBCatQ.DLL[ADVAPI32.dll!RegCreateKeyExW] [7fef1fbb4f4] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[6448] @ C:\Windows\system32\CLBCatQ.DLL[ADVAPI32.dll!RegSetValueExW] [7fef1fbbaa8] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[6448] @ C:\Windows\system32\CLBCatQ.DLL[ADVAPI32.dll!RegOpenKeyExW] [7fef1fbb6d0] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[6448] @ C:\Windows\system32\CLBCatQ.DLL[KERNEL32.dll!MoveFileExW] [7fef1fba804] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[6448] @ C:\Windows\system32\CLBCatQ.DLL[KERNEL32.dll!CreateFileW] [7fef1fba42c] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[6448] @ C:\Windows\system32\CLBCatQ.DLL[KERNEL32.dll!SetFileAttributesW] [7fef1fbabe0] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[6448] @ C:\Windows\system32\CLBCatQ.DLL[KERNEL32.dll!MoveFileW] [7fef1fba6e0] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[6448] @ C:\Windows\system32\CLBCatQ.DLL[KERNEL32.dll!DeleteFileW] [7fef1fba5e4] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[6448] @ C:\Windows\system32\CLBCatQ.DLL[KERNEL32.dll!GetProcAddress] [7fefd214230] C:\Windows\system32\apphelp.dll IAT C:\Windows\system32\msiexec.exe[6448] @ C:\Windows\System32\ieframe.dll[KERNEL32.dll!MoveFileExW] [7fef1fba804] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[6448] @ C:\Windows\System32\ieframe.dll[KERNEL32.dll!CreateFileW] [7fef1fba42c] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[6448] @ C:\Windows\System32\ieframe.dll[KERNEL32.dll!DeleteFileW] [7fef1fba5e4] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[6448] @ C:\Windows\System32\ieframe.dll[KERNEL32.dll!CopyFileW] [7fef1fba184] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[6448] @ C:\Windows\System32\ieframe.dll[KERNEL32.dll!MoveFileW] [7fef1fba6e0] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[6448] @ C:\Windows\System32\ieframe.dll[KERNEL32.dll!SetFileAttributesW] [7fef1fbabe0] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[6448] @ C:\Windows\System32\ieframe.dll[KERNEL32.dll!GetProcAddress] [7fefd214230] C:\Windows\system32\apphelp.dll IAT C:\Windows\system32\msiexec.exe[6448] @ C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757\comctl32.dll[KERNEL32.dll!CreateFileW] [7fef1fba42c] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[6448] @ C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757\comctl32.dll[KERNEL32.dll!GetProcAddress] [7fefd214230] C:\Windows\system32\apphelp.dll IAT C:\Windows\system32\msiexec.exe[6448] @ C:\Windows\system32\PROPSYS.dll[KERNEL32.dll!RegDeleteValueA] [7fef1fbbb44] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[6448] @ C:\Windows\system32\PROPSYS.dll[KERNEL32.dll!RegSetValueExA] [7fef1fbba0c] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[6448] @ C:\Windows\system32\PROPSYS.dll[KERNEL32.dll!GetProcAddress] [7fefd214230] C:\Windows\system32\apphelp.dll IAT C:\Windows\system32\msiexec.exe[6448] @ C:\Windows\system32\PROPSYS.dll[KERNEL32.dll!DeleteFileW] [7fef1fba5e4] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[6448] @ C:\Windows\system32\PROPSYS.dll[KERNEL32.dll!CreateFileW] [7fef1fba42c] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[6448] @ C:\Windows\system32\PROPSYS.dll[KERNEL32.dll!RegOpenKeyExA] [7fef1fbb60c] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[6448] @ C:\Windows\system32\PROPSYS.dll[KERNEL32.dll!RegDeleteValueW] [7fef1fbbbc8] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[6448] @ C:\Windows\system32\PROPSYS.dll[KERNEL32.dll!RegSetValueExW] [7fef1fbbaa8] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[6448] @ C:\Windows\system32\MSHTML.dll[KERNEL32.dll!GetProcAddress] [7fefd214230] C:\Windows\system32\apphelp.dll IAT C:\Windows\system32\msiexec.exe[6448] @ C:\Windows\system32\MSHTML.dll[KERNEL32.dll!CreateFileW] [7fef1fba42c] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[6448] @ C:\Windows\system32\MSHTML.dll[KERNEL32.dll!DeleteFileW] [7fef1fba5e4] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[6448] @ C:\Windows\system32\MSHTML.dll[KERNEL32.dll!CopyFileW] [7fef1fba184] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[6448] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL[KERNEL32.dll!GetVersionExA] [7feef0f3764] C:\Windows\AppPatch\AppPatch64\AcLayers.DLL IAT C:\Windows\system32\msiexec.exe[6448] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL[KERNEL32.dll!GetProcAddress] [7fefd214230] C:\Windows\system32\apphelp.dll IAT C:\Windows\system32\msiexec.exe[6448] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL[KERNEL32.dll!CreateFileA] [7fef1fba2d8] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[6448] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL[KERNEL32.dll!CreateFileW] [7fef1fba42c] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[6448] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL[ADVAPI32.dll!RegCreateKeyExW] [7fef1fbb4f4] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[6448] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL[ADVAPI32.dll!RegSetValueExW] [7fef1fbbaa8] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[6448] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL[ADVAPI32.dll!RegOpenKeyExW] [7fef1fbb6d0] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[6448] @ C:\Windows\System32\fwpuclnt.dll[KERNEL32.dll!CreateFileW] [7fef1fba42c] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[6448] @ C:\Windows\System32\fwpuclnt.dll[KERNEL32.dll!GetProcAddress] [7fefd214230] C:\Windows\system32\apphelp.dll IAT C:\Windows\system32\msiexec.exe[6448] @ C:\Windows\system32\bcrypt.dll[KERNEL32.dll!GetProcAddress] [7fefd214230] C:\Windows\system32\apphelp.dll IAT C:\Windows\system32\msiexec.exe[6448] @ C:\Windows\system32\rsaenh.dll[KERNEL32.dll!DeleteFileW] [7fef1fba5e4] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[6448] @ C:\Windows\system32\rsaenh.dll[KERNEL32.dll!CreateFileW] [7fef1fba42c] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[6448] @ C:\Windows\system32\rsaenh.dll[KERNEL32.dll!RegCreateKeyExA] [7fef1fbb3dc] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[6448] @ C:\Windows\system32\rsaenh.dll[KERNEL32.dll!GetProcAddress] [7fefd214230] C:\Windows\system32\apphelp.dll IAT C:\Windows\system32\msiexec.exe[6448] @ C:\Windows\system32\rsaenh.dll[KERNEL32.dll!MoveFileExW] [7fef1fba804] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[6448] @ C:\Windows\system32\rsaenh.dll[KERNEL32.dll!RegSetValueExA] [7fef1fbba0c] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[6448] @ C:\Windows\system32\DWrite.dll[ADVAPI32.dll!RegOpenKeyExW] [7fef1fbb6d0] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[6448] @ C:\Windows\system32\DWrite.dll[KERNEL32.dll!GetProcAddress] [7fefd214230] C:\Windows\system32\apphelp.dll IAT C:\Windows\system32\msiexec.exe[6448] @ C:\Windows\system32\DWrite.dll[KERNEL32.dll!CreateFileW] [7fef1fba42c] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[6448] @ C:\Windows\system32\dxgi.dll[KERNEL32.dll!GetProcAddress] [7fefd214230] C:\Windows\system32\apphelp.dll IAT C:\Windows\system32\msiexec.exe[6448] @ C:\Windows\system32\dxgi.dll[KERNEL32.dll!CreateFileA] [7fef1fba2d8] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[6448] @ C:\Windows\system32\dxgi.dll[ADVAPI32.dll!RegSetValueExA] [7fef1fbba0c] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[6448] @ C:\Windows\system32\dxgi.dll[ADVAPI32.dll!RegCreateKeyExA] [7fef1fbb3dc] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[6448] @ C:\Windows\system32\dxgi.dll[ADVAPI32.dll!RegOpenKeyExA] [7fef1fbb60c] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[6448] @ C:\Windows\system32\WINTRUST.dll[KERNEL32.dll!SetFileAttributesW] [7fef1fbabe0] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[6448] @ C:\Windows\system32\WINTRUST.dll[KERNEL32.dll!CreateFileW] [7fef1fba42c] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[6448] @ C:\Windows\system32\WINTRUST.dll[KERNEL32.dll!GetProcAddress] [7fefd214230] C:\Windows\system32\apphelp.dll IAT C:\Windows\system32\msiexec.exe[6448] @ C:\Windows\system32\d3d11.dll[KERNEL32.dll!GetProcAddress] [7fefd214230] C:\Windows\system32\apphelp.dll IAT C:\Windows\system32\msiexec.exe[6448] @ C:\Windows\system32\d3d11.dll[KERNEL32.dll!CreateFileA] [7fef1fba2d8] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[6448] @ C:\Windows\system32\d3d11.dll[ADVAPI32.dll!RegOpenKeyExA] [7fef1fbb60c] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[6448] @ C:\Windows\System32\jscript9.dll[KERNEL32.dll!CreateFileW] [7fef1fba42c] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[6448] @ C:\Windows\System32\jscript9.dll[KERNEL32.dll!GetProcAddress] [7fefd214230] C:\Windows\system32\apphelp.dll IAT C:\Windows\system32\msiexec.exe[6448] @ C:\Windows\system32\windowscodecs.dll[KERNEL32.dll!GetProcAddress] [7fefd214230] C:\Windows\system32\apphelp.dll IAT C:\Windows\system32\msiexec.exe[6448] @ C:\Windows\system32\windowscodecs.dll[KERNEL32.dll!CreateFileW] [7fef1fba42c] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[6448] @ C:\Windows\system32\windowscodecs.dll[KERNEL32.dll!RegOpenKeyExW] [7fef1fbb6d0] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[6448] @ C:\Windows\system32\MFPlat.DLL[KERNEL32.dll!GetProcAddress] [7fefd214230] C:\Windows\system32\apphelp.dll IAT C:\Windows\system32\msiexec.exe[6448] @ C:\Windows\system32\MFPlat.DLL[KERNEL32.dll!CreateFileW] [7fef1fba42c] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[6448] @ C:\Windows\system32\MFPlat.DLL[ADVAPI32.dll!RegDeleteValueW] [7fef1fbbbc8] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[6448] @ C:\Windows\system32\MFPlat.DLL[ADVAPI32.dll!RegSetValueExW] [7fef1fbbaa8] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[6448] @ C:\Windows\system32\MFPlat.DLL[ADVAPI32.dll!RegCreateKeyExW] [7fef1fbb4f4] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[6448] @ C:\Windows\system32\MFPlat.DLL[ADVAPI32.dll!RegOpenKeyExW] [7fef1fbb6d0] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[6448] @ C:\Windows\system32\MSHTMLMedia.dll[KERNEL32.dll!DeleteFileA] [7fef1fba580] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[6448] @ C:\Windows\system32\MSHTMLMedia.dll[KERNEL32.dll!CopyFileW] [7fef1fba184] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[6448] @ C:\Windows\system32\MSHTMLMedia.dll[KERNEL32.dll!CreateFileW] [7fef1fba42c] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[6448] @ C:\Windows\system32\MSHTMLMedia.dll[KERNEL32.dll!CreateFileA] [7fef1fba2d8] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[6448] @ C:\Windows\system32\MSHTMLMedia.dll[KERNEL32.dll!DeleteFileW] [7fef1fba5e4] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[6448] @ C:\Windows\system32\MSHTMLMedia.dll[KERNEL32.dll!GetProcAddress] [7fefd214230] C:\Windows\system32\apphelp.dll IAT C:\Windows\system32\msiexec.exe[6448] @ C:\Windows\system32\MSHTMLMedia.dll[ADVAPI32.dll!RegCreateKeyExW] [7fef1fbb4f4] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[6448] @ C:\Windows\system32\MSHTMLMedia.dll[ADVAPI32.dll!RegDeleteValueW] [7fef1fbbbc8] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[6448] @ C:\Windows\system32\MSHTMLMedia.dll[ADVAPI32.dll!RegOpenKeyExW] [7fef1fbb6d0] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[6448] @ C:\Windows\system32\MSHTMLMedia.dll[ADVAPI32.dll!RegSetValueExW] [7fef1fbbaa8] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[6448] @ C:\Windows\system32\MF.dll[KERNEL32.dll!DeleteFileA] [7fef1fba580] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[6448] @ C:\Windows\system32\MF.dll[KERNEL32.dll!DeleteFileW] [7fef1fba5e4] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[6448] @ C:\Windows\system32\MF.dll[KERNEL32.dll!CopyFileW] [7fef1fba184] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[6448] @ C:\Windows\system32\MF.dll[KERNEL32.dll!CreateFileA] [7fef1fba2d8] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[6448] @ C:\Windows\system32\MF.dll[KERNEL32.dll!GetProcAddress] [7fefd214230] C:\Windows\system32\apphelp.dll IAT C:\Windows\system32\msiexec.exe[6448] @ C:\Windows\system32\MF.dll[KERNEL32.dll!CreateFileW] [7fef1fba42c] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[6448] @ C:\Windows\system32\MF.dll[KERNEL32.dll!CopyFileExW] [7fef1fba260] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[6448] @ C:\Windows\system32\MF.dll[ADVAPI32.dll!RegCreateKeyExA] [7fef1fbb3dc] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[6448] @ C:\Windows\system32\MF.dll[ADVAPI32.dll!RegOpenKeyExW] [7fef1fbb6d0] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[6448] @ C:\Windows\system32\MF.dll[ADVAPI32.dll!RegCreateKeyExW] [7fef1fbb4f4] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[6448] @ C:\Windows\system32\MF.dll[ADVAPI32.dll!RegSetValueExW] [7fef1fbbaa8] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[6448] @ C:\Windows\system32\MF.dll[ADVAPI32.dll!RegSetValueExA] [7fef1fbba0c] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[6448] @ C:\Windows\system32\MF.dll[ADVAPI32.dll!RegDeleteValueW] [7fef1fbbbc8] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[6448] @ C:\Windows\system32\ATL.DLL[KERNEL32.dll!GetProcAddress] [7fefd214230] C:\Windows\system32\apphelp.dll IAT C:\Windows\system32\msiexec.exe[6448] @ C:\Windows\system32\ATL.DLL[KERNEL32.dll!CreateFileW] [7fef1fba42c] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[6448] @ C:\Windows\system32\D3D10Level9.dll[KERNEL32.dll!GetProcAddress] [7fefd214230] C:\Windows\system32\apphelp.dll IAT C:\Windows\system32\msiexec.exe[6448] @ C:\Windows\system32\D3D10Level9.dll[ADVAPI32.dll!RegOpenKeyExA] [7fef1fbb60c] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[6448] @ C:\Windows\system32\POWRPROF.dll[KERNEL32.dll!GetProcAddress] [7fefd214230] C:\Windows\system32\apphelp.dll IAT C:\Windows\system32\msiexec.exe[6448] @ C:\Windows\system32\SETUPAPI.dll[KERNEL32.dll!MoveFileExW] [7fef1fba804] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[6448] @ C:\Windows\system32\SETUPAPI.dll[KERNEL32.dll!CopyFileW] [7fef1fba184] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[6448] @ C:\Windows\system32\SETUPAPI.dll[KERNEL32.dll!CreateFileA] [7fef1fba2d8] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[6448] @ C:\Windows\system32\SETUPAPI.dll[KERNEL32.dll!RegSetValueExW] [7fef1fbbaa8] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[6448] @ C:\Windows\system32\SETUPAPI.dll[KERNEL32.dll!RegDeleteValueW] [7fef1fbbbc8] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[6448] @ C:\Windows\system32\SETUPAPI.dll[KERNEL32.dll!RegCreateKeyExW] [7fef1fbb4f4] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[6448] @ C:\Windows\system32\SETUPAPI.dll[KERNEL32.dll!RegOpenKeyExW] [7fef1fbb6d0] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[6448] @ C:\Windows\system32\SETUPAPI.dll[KERNEL32.dll!GetProcAddress] [7fefd214230] C:\Windows\system32\apphelp.dll IAT C:\Windows\system32\msiexec.exe[6448] @ C:\Windows\system32\SETUPAPI.dll[KERNEL32.dll!MoveFileW] [7fef1fba6e0] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[6448] @ C:\Windows\system32\SETUPAPI.dll[KERNEL32.dll!DeleteFileW] [7fef1fba5e4] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[6448] @ C:\Windows\system32\SETUPAPI.dll[KERNEL32.dll!SetFileAttributesW] [7fef1fbabe0] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[6448] @ C:\Windows\system32\SETUPAPI.dll[KERNEL32.dll!CreateFileW] [7fef1fba42c] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[6448] @ C:\Windows\system32\CFGMGR32.dll[ADVAPI32.dll!RegCreateKeyExW] [7fef1fbb4f4] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[6448] @ C:\Windows\system32\CFGMGR32.dll[ADVAPI32.dll!RegOpenKeyExW] [7fef1fbb6d0] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[6448] @ C:\Windows\system32\CFGMGR32.dll[ADVAPI32.dll!RegSetValueExW] [7fef1fbbaa8] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[6448] @ C:\Windows\system32\CFGMGR32.dll[ADVAPI32.dll!RegDeleteValueW] [7fef1fbbbc8] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[6448] @ C:\Windows\system32\CFGMGR32.dll[KERNEL32.dll!GetProcAddress] [7fefd214230] C:\Windows\system32\apphelp.dll IAT C:\Windows\system32\msiexec.exe[6448] @ C:\Windows\system32\DSOUND.dll[KERNEL32.dll!CreateFileW] [7fef1fba42c] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[6448] @ C:\Windows\system32\DSOUND.dll[KERNEL32.dll!GetProcAddress] [7fefd214230] C:\Windows\system32\apphelp.dll IAT C:\Windows\system32\msiexec.exe[6448] @ C:\Windows\system32\DSOUND.dll[ADVAPI32.dll!RegSetValueExW] [7fef1fbbaa8] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[6448] @ C:\Windows\system32\DSOUND.dll[ADVAPI32.dll!RegCreateKeyW] [7fef1fbb318] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[6448] @ C:\Windows\system32\DSOUND.dll[ADVAPI32.dll!RegOpenKeyExW] [7fef1fbb6d0] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[6448] @ C:\Windows\system32\DSOUND.dll[ADVAPI32.dll!RegOpenKeyExA] [7fef1fbb60c] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[6448] @ C:\Windows\system32\DSOUND.dll[ADVAPI32.dll!RegCreateKeyA] [7fef1fbb23c] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[6448] @ C:\Windows\system32\DSOUND.dll[ADVAPI32.dll!RegSetValueExA] [7fef1fbba0c] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[6448] @ C:\Windows\system32\DINPUT8.dll[KERNEL32.dll!CreateFileW] [7fef1fba42c] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[6448] @ C:\Windows\system32\DINPUT8.dll[KERNEL32.dll!GetProcAddress] [7fefd214230] C:\Windows\system32\apphelp.dll IAT C:\Windows\system32\msiexec.exe[6448] @ C:\Windows\system32\DINPUT8.dll[KERNEL32.dll!CreateFileA] [7fef1fba2d8] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[6448] @ C:\Windows\system32\DINPUT8.dll[ADVAPI32.dll!RegCreateKeyExW] [7fef1fbb4f4] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[6448] @ C:\Windows\system32\DINPUT8.dll[ADVAPI32.dll!RegDeleteValueW] [7fef1fbbbc8] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[6448] @ C:\Windows\system32\DINPUT8.dll[ADVAPI32.dll!RegSetValueExW] [7fef1fbbaa8] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[6448] @ C:\Windows\system32\DINPUT8.dll[ADVAPI32.dll!RegOpenKeyExW] [7fef1fbb6d0] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[6448] @ C:\Windows\system32\DINPUT8.dll[ADVAPI32.dll!RegCreateKeyW] [7fef1fbb318] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[6448] @ C:\Windows\system32\COMDLG32.dll[KERNEL32.dll!GetProcAddress] [7fefd214230] C:\Windows\system32\apphelp.dll IAT C:\Windows\system32\msiexec.exe[6448] @ C:\Windows\system32\COMDLG32.dll[KERNEL32.dll!DeleteFileW] [7fef1fba5e4] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[6448] @ C:\Windows\system32\COMDLG32.dll[KERNEL32.dll!CreateFileW] [7fef1fba42c] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[6448] @ C:\Windows\system32\mscms.dll[KERNEL32.dll!DeleteFileW] [7fef1fba5e4] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[6448] @ C:\Windows\system32\mscms.dll[KERNEL32.dll!CopyFileW] [7fef1fba184] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[6448] @ C:\Windows\system32\mscms.dll[KERNEL32.dll!CreateFileW] [7fef1fba42c] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[6448] @ C:\Windows\system32\mscms.dll[KERNEL32.dll!GetProcAddress] [7fefd214230] C:\Windows\system32\apphelp.dll IAT C:\Windows\system32\msiexec.exe[6448] @ C:\Windows\system32\msv1_0.DLL[KERNEL32.dll!CreateFileW] [7fef1fba42c] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[6448] @ C:\Windows\system32\msv1_0.DLL[KERNEL32.dll!GetProcAddress] [7fefd214230] C:\Windows\system32\apphelp.dll IAT C:\Windows\system32\msiexec.exe[6448] @ C:\Windows\system32\msv1_0.DLL[KERNEL32.dll!RegSetValueExW] [7fef1fbbaa8] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[6448] @ C:\Windows\system32\msv1_0.DLL[KERNEL32.dll!MoveFileExW] [7fef1fba804] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[6448] @ C:\Windows\system32\cryptdll.dll[KERNEL32.dll!GetProcAddress] [7fefd214230] C:\Windows\system32\apphelp.dll IAT C:\Windows\system32\msiexec.exe[6448] @ C:\Windows\system32\wdigest.DLL[KERNEL32.dll!MoveFileExW] [7fef1fba804] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[6448] @ C:\Windows\system32\T2EMBED.DLL[KERNEL32.dll!CreateFileA] [7fef1fba2d8] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[6448] @ C:\Windows\system32\T2EMBED.DLL[KERNEL32.dll!RegOpenKeyExA] [7fef1fbb60c] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[6448] @ C:\Windows\system32\T2EMBED.DLL[KERNEL32.dll!GetProcAddress] [7fefd214230] C:\Windows\system32\apphelp.dll IAT C:\Windows\system32\msiexec.exe[6448] @ C:\Windows\system32\T2EMBED.DLL[KERNEL32.dll!OpenFile] [7fef1fba890] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[6448] @ C:\Windows\system32\T2EMBED.DLL[KERNEL32.dll!MoveFileExA] [7fef1fba778] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[6448] @ C:\Windows\system32\T2EMBED.DLL[KERNEL32.dll!RegSetValueExA] [7fef1fbba0c] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[6448] @ C:\Windows\system32\T2EMBED.DLL[KERNEL32.dll!RegCreateKeyExA] [7fef1fbb3dc] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[6448] @ C:\Windows\system32\T2EMBED.DLL[KERNEL32.dll!RegDeleteValueA] [7fef1fbbb44] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[6448] @ C:\Windows\system32\T2EMBED.DLL[KERNEL32.dll!DeleteFileA] [7fef1fba580] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[6448] @ C:\Windows\system32\ncrypt.dll[KERNEL32.dll!DeleteFileW] [7fef1fba5e4] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[6448] @ C:\Windows\system32\ncrypt.dll[KERNEL32.dll!CreateFileW] [7fef1fba42c] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[6448] @ C:\Windows\system32\ncrypt.dll[KERNEL32.dll!MoveFileExW] [7fef1fba804] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[6448] @ C:\Windows\system32\GPAPI.dll[KERNEL32.dll!MoveFileExW] [7fef1fba804] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[6448] @ C:\Windows\system32\cryptnet.dll[KERNEL32.dll!SetFileAttributesW] [7fef1fbabe0] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[6448] @ C:\Windows\system32\cryptnet.dll[KERNEL32.dll!DeleteFileW] [7fef1fba5e4] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[6448] @ C:\Windows\system32\cryptnet.dll[KERNEL32.dll!CreateFileW] [7fef1fba42c] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[6448] @ C:\Windows\system32\cryptnet.dll[KERNEL32.dll!GetProcAddress] [7fefd214230] C:\Windows\system32\apphelp.dll IAT C:\Windows\system32\msiexec.exe[6448] @ C:\Windows\system32\WLDAP32.dll[KERNEL32.dll!GetProcAddress] [7fefd214230] C:\Windows\system32\apphelp.dll IAT C:\Windows\system32\msiexec.exe[6448] @ C:\Program Files\Common Files\Microsoft Shared\OFFICE15\MSOXMLMF.DLL[KERNEL32.dll!GetProcAddress] [7fefd214230] C:\Windows\system32\apphelp.dll IAT C:\Windows\system32\msiexec.exe[6448] @ C:\Program Files\Common Files\Microsoft Shared\OFFICE15\MSOXMLMF.DLL[ADVAPI32.dll!RegOpenKeyExW] [7fef1fbb6d0] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[6448] @ C:\Program Files\Common Files\Microsoft Shared\OFFICE15\MSOXMLMF.DLL[ADVAPI32.dll!RegSetValueExW] [7fef1fbbaa8] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[6448] @ C:\Program Files\Common Files\Microsoft Shared\OFFICE15\MSOXMLMF.DLL[ADVAPI32.dll!RegDeleteValueW] [7fef1fbbbc8] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[6448] @ C:\Program Files\Common Files\Microsoft Shared\OFFICE15\MSOXMLMF.DLL[ADVAPI32.dll!RegCreateKeyExW] [7fef1fbb4f4] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[6448] @ C:\Windows\system32\MSVCR100.dll[KERNEL32.dll!GetProcAddress] [7fefd214230] C:\Windows\system32\apphelp.dll IAT C:\Windows\system32\msiexec.exe[6448] @ C:\Windows\system32\MSVCR100.dll[KERNEL32.dll!SetFileAttributesA] [7fef1fbab7c] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[6448] @ C:\Windows\system32\MSVCR100.dll[KERNEL32.dll!MoveFileA] [7fef1fba648] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[6448] @ C:\Windows\system32\MSVCR100.dll[KERNEL32.dll!DeleteFileA] [7fef1fba580] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[6448] @ C:\Windows\system32\MSVCR100.dll[KERNEL32.dll!SetFileAttributesW] [7fef1fbabe0] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[6448] @ C:\Windows\system32\MSVCR100.dll[KERNEL32.dll!MoveFileW] [7fef1fba6e0] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[6448] @ C:\Windows\system32\MSVCR100.dll[KERNEL32.dll!DeleteFileW] [7fef1fba5e4] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[6448] @ C:\Windows\system32\MSVCR100.dll[KERNEL32.dll!CreateFileA] [7fef1fba2d8] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[6448] @ C:\Windows\system32\MSVCR100.dll[KERNEL32.dll!CreateFileW] [7fef1fba42c] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[6448] @ C:\Windows\System32\MMDevApi.dll[KERNEL32.dll!CreateFileW] [7fef1fba42c] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[6448] @ C:\Windows\System32\MMDevApi.dll[KERNEL32.dll!GetProcAddress] [7fefd214230] C:\Windows\system32\apphelp.dll IAT C:\Windows\system32\msiexec.exe[6448] @ C:\Windows\System32\colorcnv.dll[KERNEL32.dll!GetProcAddress] [7fefd214230] C:\Windows\system32\apphelp.dll IAT C:\Windows\system32\msiexec.exe[6448] @ C:\Windows\System32\colorcnv.dll[ADVAPI32.dll!RegCreateKeyW] [7fef1fbb318] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[6448] @ C:\Windows\System32\colorcnv.dll[ADVAPI32.dll!RegOpenKeyExW] [7fef1fbb6d0] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[6448] @ C:\Windows\System32\colorcnv.dll[ADVAPI32.dll!RegSetValueExA] [7fef1fbba0c] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[6448] @ C:\Windows\System32\colorcnv.dll[ADVAPI32.dll!RegSetValueA] [7fef1fbb864] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[6448] @ C:\Windows\System32\msdmo.dll[ADVAPI32.dll!RegSetValueW] [7fef1fbb974] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[6448] @ C:\Windows\System32\msdmo.dll[ADVAPI32.dll!RegOpenKeyExW] [7fef1fbb6d0] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[6448] @ C:\Windows\System32\msdmo.dll[ADVAPI32.dll!RegSetValueExW] [7fef1fbbaa8] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[6448] @ C:\Windows\System32\msdmo.dll[ADVAPI32.dll!RegCreateKeyExW] [7fef1fbb4f4] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[6448] @ C:\Windows\system32\devenum.dll[KERNEL32.dll!GetProcAddress] [7fefd214230] C:\Windows\system32\apphelp.dll IAT C:\Windows\system32\msiexec.exe[6448] @ C:\Windows\system32\devenum.dll[ADVAPI32.dll!RegSetValueExW] [7fef1fbbaa8] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[6448] @ C:\Windows\system32\devenum.dll[ADVAPI32.dll!RegOpenKeyExW] [7fef1fbb6d0] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[6448] @ C:\Windows\system32\devenum.dll[ADVAPI32.dll!RegCreateKeyExW] [7fef1fbb4f4] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[6448] @ C:\Windows\system32\devenum.dll[ADVAPI32.dll!RegDeleteValueW] [7fef1fbbbc8] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[6448] @ C:\Windows\system32\ntmarta.dll[ADVAPI32.dll!RegSetValueExW] [7fef1fbbaa8] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[6448] @ C:\Windows\system32\ntmarta.dll[ADVAPI32.dll!RegCreateKeyExW] [7fef1fbb4f4] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[6448] @ C:\Windows\system32\ntmarta.dll[ADVAPI32.dll!RegOpenKeyExW] [7fef1fbb6d0] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[6448] @ C:\Windows\system32\ntmarta.dll[KERNEL32.dll!CreateFileW] [7fef1fba42c] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[6448] @ C:\Windows\system32\ntmarta.dll[KERNEL32.dll!GetProcAddress] [7fefd214230] C:\Windows\system32\apphelp.dll IAT C:\Windows\system32\msiexec.exe[6448] @ C:\Windows\System32\msmpeg2vdec.dll[KERNEL32.dll!GetProcAddress] [7fefd214230] C:\Windows\system32\apphelp.dll IAT C:\Windows\system32\msiexec.exe[6448] @ C:\Windows\System32\msmpeg2vdec.dll[KERNEL32.dll!CreateFileA] [7fef1fba2d8] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[6448] @ C:\Windows\System32\msmpeg2vdec.dll[ADVAPI32.dll!RegCreateKeyExW] [7fef1fbb4f4] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[6448] @ C:\Windows\System32\msmpeg2vdec.dll[ADVAPI32.dll!RegOpenKeyExA] [7fef1fbb60c] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[6448] @ C:\Windows\System32\msmpeg2vdec.dll[ADVAPI32.dll!RegOpenKeyExW] [7fef1fbb6d0] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[6448] @ C:\Windows\System32\msmpeg2vdec.dll[ADVAPI32.dll!RegSetValueExW] [7fef1fbbaa8] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[6448] @ C:\Windows\System32\EVR.dll[KERNEL32.dll!GetProcAddress] [7fefd214230] C:\Windows\system32\apphelp.dll IAT C:\Windows\system32\msiexec.exe[6448] @ C:\Windows\System32\EVR.dll[ADVAPI32.dll!RegSetValueExA] [7fef1fbba0c] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[6448] @ C:\Windows\System32\EVR.dll[ADVAPI32.dll!RegCreateKeyW] [7fef1fbb318] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[6448] @ C:\Windows\System32\EVR.dll[ADVAPI32.dll!RegSetValueW] [7fef1fbb974] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[6448] @ C:\Windows\System32\EVR.dll[ADVAPI32.dll!RegSetValueExW] [7fef1fbbaa8] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[6448] @ C:\Windows\System32\EVR.dll[ADVAPI32.dll!RegOpenKeyExW] [7fef1fbb6d0] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[6448] @ C:\Windows\System32\EVR.dll[ADVAPI32.dll!RegCreateKeyExA] [7fef1fbb3dc] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[6448] @ C:\Windows\system32\wdmaud.drv[KERNEL32.dll!CreateFileW] [7fef1fba42c] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[6448] @ C:\Windows\system32\AUDIOSES.DLL[KERNEL32.dll!GetProcAddress] [7fefd214230] C:\Windows\system32\apphelp.dll IAT C:\Windows\system32\msiexec.exe[6448] @ C:\Windows\system32\AUDIOSES.DLL[ADVAPI32.dll!RegSetValueExW] [7fef1fbbaa8] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[6448] @ C:\Windows\system32\AUDIOSES.DLL[ADVAPI32.dll!RegOpenKeyExW] [7fef1fbb6d0] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[6448] @ C:\Windows\system32\AUDIOSES.DLL[ADVAPI32.dll!RegDeleteValueW] [7fef1fbbbc8] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[6448] @ C:\Windows\system32\AUDIOSES.DLL[ADVAPI32.dll!RegCreateKeyExW] [7fef1fbb4f4] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[6448] @ C:\Windows\system32\d3d9.dll[KERNEL32.dll!GetProcAddress] [7fefd214230] C:\Windows\system32\apphelp.dll IAT C:\Windows\system32\msiexec.exe[6448] @ C:\Windows\system32\d3d9.dll[KERNEL32.dll!CreateFileA] [7fef1fba2d8] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[6448] @ C:\Windows\System32\UIAnimation.dll[KERNEL32.dll!GetProcAddress] [7fefd214230] C:\Windows\system32\apphelp.dll IAT C:\Windows\system32\msiexec.exe[7104] @ C:\Windows\system32\msiexec.exe[ADVAPI32.dll!RegCreateKeyExW] [7fef1fbb4f4] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[7104] @ C:\Windows\system32\msiexec.exe[ADVAPI32.dll!RegDeleteValueW] [7fef1fbbbc8] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[7104] @ C:\Windows\system32\msiexec.exe[ADVAPI32.dll!RegOpenKeyExW] [7fef1fbb6d0] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[7104] @ C:\Windows\system32\msiexec.exe[ADVAPI32.dll!RegSetValueExW] [7fef1fbbaa8] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[7104] @ C:\Windows\system32\msiexec.exe[KERNEL32.dll!GetProcAddress] [7fefd214230] C:\Windows\system32\apphelp.dll IAT C:\Windows\system32\msiexec.exe[7104] @ C:\Windows\system32\ADVAPI32.dll[KERNEL32.dll!CopyFileW] [7fef1fba184] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[7104] @ C:\Windows\system32\ADVAPI32.dll[KERNEL32.dll!GetProcAddress] [7fefd214230] C:\Windows\system32\apphelp.dll IAT C:\Windows\system32\msiexec.exe[7104] @ C:\Windows\system32\ADVAPI32.dll[KERNEL32.dll!CreateFileW] [7fef1fba42c] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[7104] @ C:\Windows\system32\ADVAPI32.dll[KERNEL32.dll!DeleteFileW] [7fef1fba5e4] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[7104] @ C:\Windows\system32\USER32.dll[KERNEL32.dll!RegOpenKeyExW] [7fef1fbb6d0] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[7104] @ C:\Windows\system32\USER32.dll[KERNEL32.dll!RegCreateKeyExW] [7fef1fbb4f4] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[7104] @ C:\Windows\system32\USER32.dll[KERNEL32.dll!RegSetValueExW] [7fef1fbbaa8] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[7104] @ C:\Windows\system32\USER32.dll[KERNEL32.dll!GetProcAddress] [7fefd214230] C:\Windows\system32\apphelp.dll IAT C:\Windows\system32\msiexec.exe[7104] @ C:\Windows\system32\USER32.dll[KERNEL32.dll!CreateFileW] [7fef1fba42c] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[7104] @ C:\Windows\system32\GDI32.dll[KERNEL32.dll!CopyFileW] [7fef1fba184] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[7104] @ C:\Windows\system32\GDI32.dll[KERNEL32.dll!DeleteFileW] [7fef1fba5e4] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[7104] @ C:\Windows\system32\GDI32.dll[KERNEL32.dll!CreateFileW] [7fef1fba42c] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[7104] @ C:\Windows\system32\GDI32.dll[KERNEL32.dll!GetProcAddress] [7fefd214230] C:\Windows\system32\apphelp.dll IAT C:\Windows\system32\msiexec.exe[7104] @ C:\Windows\system32\msi.dll[ADVAPI32.dll!SetFileSecurityW] [7fef1fbbcb0] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[7104] @ C:\Windows\system32\msi.dll[ADVAPI32.dll!RegCreateKeyExW] [7fef1fbb4f4] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[7104] @ C:\Windows\system32\msi.dll[ADVAPI32.dll!RegSetValueExA] [7fef1fbba0c] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[7104] @ C:\Windows\system32\msi.dll[ADVAPI32.dll!RegOpenKeyExW] [7fef1fbb6d0] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[7104] @ C:\Windows\system32\msi.dll[ADVAPI32.dll!RegDeleteValueW] [7fef1fbbbc8] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[7104] @ C:\Windows\system32\msi.dll[ADVAPI32.dll!RegDeleteKeyW] [7fef1fbd12c] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[7104] @ C:\Windows\system32\msi.dll[ADVAPI32.dll!RegSetValueExW] [7fef1fbbaa8] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[7104] @ C:\Windows\system32\msi.dll[KERNEL32.dll!MoveFileExW] [7fef1fba804] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[7104] @ C:\Windows\system32\msi.dll[KERNEL32.dll!SetFileAttributesW] [7fef1fbabe0] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[7104] @ C:\Windows\system32\msi.dll[KERNEL32.dll!MoveFileW] [7fef1fba6e0] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[7104] @ C:\Windows\system32\msi.dll[KERNEL32.dll!DeleteFileW] [7fef1fba5e4] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[7104] @ C:\Windows\system32\msi.dll[KERNEL32.dll!CreateFileW] [7fef1fba42c] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[7104] @ C:\Windows\system32\msi.dll[KERNEL32.dll!GetProcAddress] [7fefd214230] C:\Windows\system32\apphelp.dll IAT C:\Windows\system32\msiexec.exe[7104] @ C:\Windows\system32\SHELL32.dll[KERNEL32.dll!CopyFileW] [7fef1fba184] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[7104] @ C:\Windows\system32\SHELL32.dll[KERNEL32.dll!MoveFileExW] [7fef1fba804] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[7104] @ C:\Windows\system32\SHELL32.dll[KERNEL32.dll!MoveFileW] [7fef1fba6e0] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[7104] @ C:\Windows\system32\SHLWAPI.dll[KERNEL32.dll!DeleteFileW] [7fef1fba5e4] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[7104] @ C:\Windows\system32\SHLWAPI.dll[KERNEL32.dll!CreateFileW] [7fef1fba42c] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[7104] @ C:\Windows\system32\SHLWAPI.dll[KERNEL32.dll!SetFileAttributesW] [7fef1fbabe0] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[7104] @ C:\Windows\system32\SHLWAPI.dll[KERNEL32.dll!SetFileAttributesA] [7fef1fbab7c] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[7104] @ C:\Windows\system32\SHLWAPI.dll[KERNEL32.dll!GetProcAddress] [7fefd214230] C:\Windows\system32\apphelp.dll IAT C:\Windows\system32\msiexec.exe[7104] @ C:\Windows\system32\SHLWAPI.dll[KERNEL32.dll!CreateFileA] [7fef1fba2d8] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[7104] @ C:\Windows\system32\WINSPOOL.DRV[KERNEL32.dll!DeleteFileW] [7fef1fba5e4] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[7104] @ C:\Windows\system32\WINSPOOL.DRV[KERNEL32.dll!MoveFileExW] [7fef1fba804] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[7104] @ C:\Windows\system32\WINSPOOL.DRV[KERNEL32.dll!SetFileAttributesW] [7fef1fbabe0] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[7104] @ C:\Windows\system32\WINSPOOL.DRV[KERNEL32.dll!CopyFileW] [7fef1fba184] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[7104] @ C:\Windows\system32\WINSPOOL.DRV[KERNEL32.dll!CreateFileW] [7fef1fba42c] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[7104] @ C:\Windows\system32\WINSPOOL.DRV[KERNEL32.dll!GetProcAddress] [7fefd214230] C:\Windows\system32\apphelp.dll IAT C:\Windows\system32\msiexec.exe[7104] @ C:\Windows\system32\MPR.dll[KERNEL32.dll!GetProcAddress] [7fefd214230] C:\Windows\system32\apphelp.dll IAT C:\Windows\system32\msiexec.exe[7104] @ C:\Windows\system32\sfc_os.DLL[KERNEL32.dll!GetProcAddress] [7fefd214230] C:\Windows\system32\apphelp.dll IAT C:\Windows\system32\msiexec.exe[7104] @ C:\Windows\system32\USERENV.dll[KERNEL32.dll!PrivCopyFileExW] [7fef1fbab04] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[7104] @ C:\Windows\system32\USERENV.dll[KERNEL32.dll!MoveFileExW] [7fef1fba804] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[7104] @ C:\Windows\system32\dwmapi.dll[KERNEL32.dll!GetProcAddress] [7fefd214230] C:\Windows\system32\apphelp.dll IAT C:\Windows\system32\msiexec.exe[7104] @ C:\Windows\system32\IMM32.DLL[KERNEL32.dll!OpenFile] [7fef1fba890] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[7104] @ C:\Windows\system32\IMM32.DLL[KERNEL32.dll!CreateFileW] [7fef1fba42c] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[7104] @ C:\Windows\system32\IMM32.DLL[KERNEL32.dll!GetProcAddress] [7fefd214230] C:\Windows\system32\apphelp.dll IAT C:\Windows\system32\msiexec.exe[7104] @ C:\Windows\system32\MSCTF.dll[KERNEL32.dll!GetProcAddress] [7fefd214230] C:\Windows\system32\apphelp.dll IAT C:\Windows\system32\msiexec.exe[7104] @ C:\Windows\system32\OLEAUT32.dll[KERNEL32.dll!GetProcAddress] [7fefd214230] C:\Windows\system32\apphelp.dll IAT C:\Windows\system32\msiexec.exe[7104] @ C:\Windows\system32\OLEAUT32.dll[KERNEL32.dll!_lwrite] [7fef1fbaa1c] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[7104] @ C:\Windows\system32\OLEAUT32.dll[KERNEL32.dll!CreateFileW] [7fef1fba42c] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[7104] @ C:\Windows\system32\OLEAUT32.dll[KERNEL32.dll!CreateFileA] [7fef1fba2d8] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[7104] @ C:\Windows\system32\WINHTTP.dll[KERNEL32.dll!CreateFileW] [7fef1fba42c] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[7104] @ C:\Windows\system32\WINHTTP.dll[KERNEL32.dll!GetProcAddress] [7fefd214230] C:\Windows\system32\apphelp.dll IAT C:\Windows\system32\msiexec.exe[7104] @ C:\Windows\system32\webio.dll[KERNEL32.dll!GetProcAddress] [7fefd214230] C:\Windows\system32\apphelp.dll IAT C:\Windows\system32\msiexec.exe[7104] @ C:\Windows\system32\webio.dll[KERNEL32.dll!RegOpenKeyExW] [7fef1fbb6d0] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[7104] @ C:\Windows\system32\urlmon.dll[KERNEL32.dll!GetProcAddress] [7fefd214230] C:\Windows\system32\apphelp.dll IAT C:\Windows\system32\msiexec.exe[7104] @ C:\Windows\system32\urlmon.dll[KERNEL32.dll!DeleteFileW] [7fef1fba5e4] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[7104] @ C:\Windows\system32\urlmon.dll[KERNEL32.dll!CreateFileW] [7fef1fba42c] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[7104] @ C:\Windows\system32\urlmon.dll[KERNEL32.dll!CreateFileA] [7fef1fba2d8] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[7104] @ C:\Windows\system32\urlmon.dll[KERNEL32.dll!SetFileAttributesA] [7fef1fbab7c] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[7104] @ C:\Windows\system32\urlmon.dll[KERNEL32.dll!DeleteFileA] [7fef1fba580] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[7104] @ C:\Windows\system32\urlmon.dll[KERNEL32.dll!CopyFileA] [7fef1fba120] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[7104] @ C:\Windows\system32\urlmon.dll[KERNEL32.dll!MoveFileExW] [7fef1fba804] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[7104] @ C:\Windows\system32\version.DLL[KERNEL32.dll!_lcreat] [7fef1fba9a0] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[7104] @ C:\Windows\system32\version.DLL[KERNEL32.dll!_lopen] [7fef1fba924] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[7104] @ C:\Windows\system32\version.DLL[KERNEL32.dll!_lwrite] [7fef1fbaa1c] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[7104] @ C:\Windows\system32\version.DLL[KERNEL32.dll!DeleteFileA] [7fef1fba580] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[7104] @ C:\Windows\system32\version.DLL[KERNEL32.dll!GetProcAddress] [7fefd214230] C:\Windows\system32\apphelp.dll IAT C:\Windows\system32\msiexec.exe[7104] @ C:\Windows\system32\version.DLL[KERNEL32.dll!CreateFileW] [7fef1fba42c] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[7104] @ C:\Windows\system32\version.DLL[KERNEL32.dll!DeleteFileW] [7fef1fba5e4] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[7104] @ C:\Windows\system32\version.DLL[KERNEL32.dll!MoveFileW] [7fef1fba6e0] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[7104] @ C:\Windows\system32\iertutil.dll[KERNEL32.dll!GetProcAddress] [7fefd214230] C:\Windows\system32\apphelp.dll IAT C:\Windows\system32\msiexec.exe[7104] @ C:\Windows\system32\iertutil.dll[KERNEL32.dll!CreateFileW] [7fef1fba42c] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[7104] @ C:\Windows\system32\WININET.dll[KERNEL32.dll!CopyFileW] [7fef1fba184] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[7104] @ C:\Windows\system32\WININET.dll[KERNEL32.dll!MoveFileW] [7fef1fba6e0] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[7104] @ C:\Windows\system32\WININET.dll[KERNEL32.dll!GetProcAddress] [7fefd214230] C:\Windows\system32\apphelp.dll IAT C:\Windows\system32\msiexec.exe[7104] @ C:\Windows\system32\WININET.dll[KERNEL32.dll!CreateFileW] [7fef1fba42c] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[7104] @ C:\Windows\system32\WININET.dll[KERNEL32.dll!DeleteFileW] [7fef1fba5e4] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[7104] @ C:\Windows\system32\WININET.dll[KERNEL32.dll!CreateFileA] [7fef1fba2d8] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[7104] @ C:\Windows\system32\WININET.dll[KERNEL32.dll!SetFileAttributesW] [7fef1fbabe0] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[7104] @ C:\Windows\system32\WININET.dll[KERNEL32.dll!MoveFileExW] [7fef1fba804] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[7104] @ C:\Windows\system32\srvcli.dll[KERNEL32.dll!GetProcAddress] [7fefd214230] C:\Windows\system32\apphelp.dll IAT C:\Windows\system32\msiexec.exe[7104] @ C:\Windows\system32\wkscli.dll[KERNEL32.dll!GetProcAddress] [7fefd214230] C:\Windows\system32\apphelp.dll IAT C:\Windows\system32\msiexec.exe[7104] @ C:\Windows\system32\secur32.dll[KERNEL32.dll!GetProcAddress] [7fefd214230] C:\Windows\system32\apphelp.dll IAT C:\Windows\system32\msiexec.exe[7104] @ C:\Windows\system32\credssp.dll[KERNEL32.dll!GetProcAddress] [7fefd214230] C:\Windows\system32\apphelp.dll IAT C:\Windows\system32\msiexec.exe[7104] @ C:\Windows\system32\schannel.DLL[KERNEL32.dll!MoveFileExW] [7fef1fba804] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[7104] @ C:\Windows\system32\schannel.DLL[KERNEL32.dll!GetProcAddress] [7fefd214230] C:\Windows\system32\apphelp.dll IAT C:\Windows\system32\msiexec.exe[7104] @ C:\Windows\system32\CRYPT32.dll[KERNEL32.dll!CreateFileA] [7fef1fba2d8] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[7104] @ C:\Windows\system32\CRYPT32.dll[KERNEL32.dll!DeleteFileW] [7fef1fba5e4] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[7104] @ C:\Windows\system32\CRYPT32.dll[KERNEL32.dll!SetFileAttributesW] [7fef1fbabe0] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[7104] @ C:\Windows\system32\CRYPT32.dll[KERNEL32.dll!CreateFileW] [7fef1fba42c] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[7104] @ C:\Windows\system32\CRYPT32.dll[KERNEL32.dll!GetProcAddress] [7fefd214230] C:\Windows\system32\apphelp.dll IAT C:\Windows\system32\msiexec.exe[7104] @ C:\Windows\system32\OLEACC.dll[KERNEL32.dll!GetProcAddress] [7fefd214230] C:\Windows\system32\apphelp.dll IAT C:\Windows\system32\msiexec.exe[7104] @ C:\Windows\system32\winmm.dll[KERNEL32.dll!DeleteFileW] [7fef1fba5e4] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[7104] @ C:\Windows\system32\winmm.dll[KERNEL32.dll!MoveFileW] [7fef1fba6e0] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[7104] @ C:\Windows\system32\winmm.dll[KERNEL32.dll!_lwrite] [7fef1fbaa1c] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[7104] @ C:\Windows\system32\winmm.dll[KERNEL32.dll!GetProcAddress] [7fefd214230] C:\Windows\system32\apphelp.dll IAT C:\Windows\system32\msiexec.exe[7104] @ C:\Windows\system32\winmm.dll[KERNEL32.dll!CreateFileW] [7fef1fba42c] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[7104] @ C:\Windows\system32\mlang.dll[KERNEL32.dll!GetProcAddress] [7fefd214230] C:\Windows\system32\apphelp.dll IAT C:\Windows\system32\msiexec.exe[7104] @ C:\Windows\system32\mlang.dll[KERNEL32.dll!CreateFileA] [7fef1fba2d8] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[7104] @ C:\Windows\system32\uxtheme.dll[KERNEL32.dll!CreateFileW] [7fef1fba42c] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[7104] @ C:\Windows\system32\uxtheme.dll[KERNEL32.dll!GetProcAddress] [7fefd214230] C:\Windows\system32\apphelp.dll IAT C:\Windows\system32\msiexec.exe[7104] @ C:\Windows\system32\uxtheme.dll[KERNEL32.dll!RegDeleteValueW] [7fef1fbbbc8] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[7104] @ C:\Windows\system32\CLBCatQ.DLL[ADVAPI32.dll!RegDeleteValueW] [7fef1fbbbc8] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[7104] @ C:\Windows\system32\CLBCatQ.DLL[ADVAPI32.dll!RegCreateKeyExW] [7fef1fbb4f4] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[7104] @ C:\Windows\system32\CLBCatQ.DLL[ADVAPI32.dll!RegSetValueExW] [7fef1fbbaa8] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[7104] @ C:\Windows\system32\CLBCatQ.DLL[ADVAPI32.dll!RegOpenKeyExW] [7fef1fbb6d0] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[7104] @ C:\Windows\system32\CLBCatQ.DLL[KERNEL32.dll!MoveFileExW] [7fef1fba804] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[7104] @ C:\Windows\system32\CLBCatQ.DLL[KERNEL32.dll!CreateFileW] [7fef1fba42c] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[7104] @ C:\Windows\system32\CLBCatQ.DLL[KERNEL32.dll!SetFileAttributesW] [7fef1fbabe0] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[7104] @ C:\Windows\system32\CLBCatQ.DLL[KERNEL32.dll!MoveFileW] [7fef1fba6e0] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[7104] @ C:\Windows\system32\CLBCatQ.DLL[KERNEL32.dll!DeleteFileW] [7fef1fba5e4] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[7104] @ C:\Windows\system32\CLBCatQ.DLL[KERNEL32.dll!GetProcAddress] [7fefd214230] C:\Windows\system32\apphelp.dll IAT C:\Windows\system32\msiexec.exe[7104] @ C:\Windows\System32\ieframe.dll[KERNEL32.dll!MoveFileExW] [7fef1fba804] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[7104] @ C:\Windows\System32\ieframe.dll[KERNEL32.dll!CreateFileW] [7fef1fba42c] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[7104] @ C:\Windows\System32\ieframe.dll[KERNEL32.dll!DeleteFileW] [7fef1fba5e4] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[7104] @ C:\Windows\System32\ieframe.dll[KERNEL32.dll!CopyFileW] [7fef1fba184] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[7104] @ C:\Windows\System32\ieframe.dll[KERNEL32.dll!MoveFileW] [7fef1fba6e0] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[7104] @ C:\Windows\System32\ieframe.dll[KERNEL32.dll!SetFileAttributesW] [7fef1fbabe0] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[7104] @ C:\Windows\System32\ieframe.dll[KERNEL32.dll!GetProcAddress] [7fefd214230] C:\Windows\system32\apphelp.dll IAT C:\Windows\system32\msiexec.exe[7104] @ C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757\comctl32.dll[KERNEL32.dll!CreateFileW] [7fef1fba42c] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[7104] @ C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757\comctl32.dll[KERNEL32.dll!GetProcAddress] [7fefd214230] C:\Windows\system32\apphelp.dll IAT C:\Windows\system32\msiexec.exe[7104] @ C:\Windows\system32\PROPSYS.dll[KERNEL32.dll!RegDeleteValueA] [7fef1fbbb44] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[7104] @ C:\Windows\system32\PROPSYS.dll[KERNEL32.dll!RegSetValueExA] [7fef1fbba0c] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[7104] @ C:\Windows\system32\PROPSYS.dll[KERNEL32.dll!GetProcAddress] [7fefd214230] C:\Windows\system32\apphelp.dll IAT C:\Windows\system32\msiexec.exe[7104] @ C:\Windows\system32\PROPSYS.dll[KERNEL32.dll!DeleteFileW] [7fef1fba5e4] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[7104] @ C:\Windows\system32\PROPSYS.dll[KERNEL32.dll!CreateFileW] [7fef1fba42c] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[7104] @ C:\Windows\system32\PROPSYS.dll[KERNEL32.dll!RegOpenKeyExA] [7fef1fbb60c] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[7104] @ C:\Windows\system32\PROPSYS.dll[KERNEL32.dll!RegDeleteValueW] [7fef1fbbbc8] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[7104] @ C:\Windows\system32\PROPSYS.dll[KERNEL32.dll!RegSetValueExW] [7fef1fbbaa8] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[7104] @ C:\Windows\system32\MSHTML.dll[KERNEL32.dll!GetProcAddress] [7fefd214230] C:\Windows\system32\apphelp.dll IAT C:\Windows\system32\msiexec.exe[7104] @ C:\Windows\system32\MSHTML.dll[KERNEL32.dll!CreateFileW] [7fef1fba42c] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[7104] @ C:\Windows\system32\MSHTML.dll[KERNEL32.dll!DeleteFileW] [7fef1fba5e4] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[7104] @ C:\Windows\system32\MSHTML.dll[KERNEL32.dll!CopyFileW] [7fef1fba184] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[7104] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL[KERNEL32.dll!GetVersionExA] [7feef0f3764] C:\Windows\AppPatch\AppPatch64\AcLayers.DLL IAT C:\Windows\system32\msiexec.exe[7104] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL[KERNEL32.dll!GetProcAddress] [7fefd214230] C:\Windows\system32\apphelp.dll IAT C:\Windows\system32\msiexec.exe[7104] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL[KERNEL32.dll!CreateFileA] [7fef1fba2d8] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[7104] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL[KERNEL32.dll!CreateFileW] [7fef1fba42c] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[7104] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL[ADVAPI32.dll!RegCreateKeyExW] [7fef1fbb4f4] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[7104] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL[ADVAPI32.dll!RegSetValueExW] [7fef1fbbaa8] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[7104] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL[ADVAPI32.dll!RegOpenKeyExW] [7fef1fbb6d0] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[7104] @ C:\Windows\System32\fwpuclnt.dll[KERNEL32.dll!CreateFileW] [7fef1fba42c] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[7104] @ C:\Windows\System32\fwpuclnt.dll[KERNEL32.dll!GetProcAddress] [7fefd214230] C:\Windows\system32\apphelp.dll IAT C:\Windows\system32\msiexec.exe[7104] @ C:\Windows\system32\bcrypt.dll[KERNEL32.dll!GetProcAddress] [7fefd214230] C:\Windows\system32\apphelp.dll IAT C:\Windows\system32\msiexec.exe[7104] @ C:\Windows\system32\rsaenh.dll[KERNEL32.dll!DeleteFileW] [7fef1fba5e4] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[7104] @ C:\Windows\system32\rsaenh.dll[KERNEL32.dll!CreateFileW] [7fef1fba42c] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[7104] @ C:\Windows\system32\rsaenh.dll[KERNEL32.dll!RegCreateKeyExA] [7fef1fbb3dc] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[7104] @ C:\Windows\system32\rsaenh.dll[KERNEL32.dll!GetProcAddress] [7fefd214230] C:\Windows\system32\apphelp.dll IAT C:\Windows\system32\msiexec.exe[7104] @ C:\Windows\system32\rsaenh.dll[KERNEL32.dll!MoveFileExW] [7fef1fba804] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[7104] @ C:\Windows\system32\rsaenh.dll[KERNEL32.dll!RegSetValueExA] [7fef1fbba0c] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[7104] @ C:\Windows\system32\windowscodecs.dll[KERNEL32.dll!GetProcAddress] [7fefd214230] C:\Windows\system32\apphelp.dll IAT C:\Windows\system32\msiexec.exe[7104] @ C:\Windows\system32\windowscodecs.dll[KERNEL32.dll!CreateFileW] [7fef1fba42c] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[7104] @ C:\Windows\system32\windowscodecs.dll[KERNEL32.dll!RegOpenKeyExW] [7fef1fbb6d0] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[7104] @ C:\Windows\system32\DWrite.dll[ADVAPI32.dll!RegOpenKeyExW] [7fef1fbb6d0] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[7104] @ C:\Windows\system32\DWrite.dll[KERNEL32.dll!GetProcAddress] [7fefd214230] C:\Windows\system32\apphelp.dll IAT C:\Windows\system32\msiexec.exe[7104] @ C:\Windows\system32\DWrite.dll[KERNEL32.dll!CreateFileW] [7fef1fba42c] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[7104] @ C:\Windows\system32\dxgi.dll[KERNEL32.dll!GetProcAddress] [7fefd214230] C:\Windows\system32\apphelp.dll IAT C:\Windows\system32\msiexec.exe[7104] @ C:\Windows\system32\dxgi.dll[KERNEL32.dll!CreateFileA] [7fef1fba2d8] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[7104] @ C:\Windows\system32\dxgi.dll[ADVAPI32.dll!RegSetValueExA] [7fef1fbba0c] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[7104] @ C:\Windows\system32\dxgi.dll[ADVAPI32.dll!RegCreateKeyExA] [7fef1fbb3dc] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[7104] @ C:\Windows\system32\dxgi.dll[ADVAPI32.dll!RegOpenKeyExA] [7fef1fbb60c] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[7104] @ C:\Windows\system32\WINTRUST.dll[KERNEL32.dll!SetFileAttributesW] [7fef1fbabe0] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[7104] @ C:\Windows\system32\WINTRUST.dll[KERNEL32.dll!CreateFileW] [7fef1fba42c] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[7104] @ C:\Windows\system32\WINTRUST.dll[KERNEL32.dll!GetProcAddress] [7fefd214230] C:\Windows\system32\apphelp.dll IAT C:\Windows\system32\msiexec.exe[7104] @ C:\Windows\system32\d3d11.dll[KERNEL32.dll!GetProcAddress] [7fefd214230] C:\Windows\system32\apphelp.dll IAT C:\Windows\system32\msiexec.exe[7104] @ C:\Windows\system32\d3d11.dll[KERNEL32.dll!CreateFileA] [7fef1fba2d8] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[7104] @ C:\Windows\system32\d3d11.dll[ADVAPI32.dll!RegOpenKeyExA] [7fef1fbb60c] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[7104] @ C:\Windows\System32\jscript9.dll[KERNEL32.dll!CreateFileW] [7fef1fba42c] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[7104] @ C:\Windows\System32\jscript9.dll[KERNEL32.dll!GetProcAddress] [7fefd214230] C:\Windows\system32\apphelp.dll IAT C:\Windows\system32\msiexec.exe[7104] @ C:\Windows\system32\MFPlat.DLL[KERNEL32.dll!GetProcAddress] [7fefd214230] C:\Windows\system32\apphelp.dll IAT C:\Windows\system32\msiexec.exe[7104] @ C:\Windows\system32\MFPlat.DLL[KERNEL32.dll!CreateFileW] [7fef1fba42c] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[7104] @ C:\Windows\system32\MFPlat.DLL[ADVAPI32.dll!RegDeleteValueW] [7fef1fbbbc8] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[7104] @ C:\Windows\system32\MFPlat.DLL[ADVAPI32.dll!RegSetValueExW] [7fef1fbbaa8] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[7104] @ C:\Windows\system32\MFPlat.DLL[ADVAPI32.dll!RegCreateKeyExW] [7fef1fbb4f4] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[7104] @ C:\Windows\system32\MFPlat.DLL[ADVAPI32.dll!RegOpenKeyExW] [7fef1fbb6d0] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[7104] @ C:\Windows\system32\MSHTMLMedia.dll[KERNEL32.dll!DeleteFileA] [7fef1fba580] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[7104] @ C:\Windows\system32\MSHTMLMedia.dll[KERNEL32.dll!CopyFileW] [7fef1fba184] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[7104] @ C:\Windows\system32\MSHTMLMedia.dll[KERNEL32.dll!CreateFileW] [7fef1fba42c] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[7104] @ C:\Windows\system32\MSHTMLMedia.dll[KERNEL32.dll!CreateFileA] [7fef1fba2d8] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[7104] @ C:\Windows\system32\MSHTMLMedia.dll[KERNEL32.dll!DeleteFileW] [7fef1fba5e4] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[7104] @ C:\Windows\system32\MSHTMLMedia.dll[KERNEL32.dll!GetProcAddress] [7fefd214230] C:\Windows\system32\apphelp.dll IAT C:\Windows\system32\msiexec.exe[7104] @ C:\Windows\system32\MSHTMLMedia.dll[ADVAPI32.dll!RegCreateKeyExW] [7fef1fbb4f4] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[7104] @ C:\Windows\system32\MSHTMLMedia.dll[ADVAPI32.dll!RegDeleteValueW] [7fef1fbbbc8] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[7104] @ C:\Windows\system32\MSHTMLMedia.dll[ADVAPI32.dll!RegOpenKeyExW] [7fef1fbb6d0] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[7104] @ C:\Windows\system32\MSHTMLMedia.dll[ADVAPI32.dll!RegSetValueExW] [7fef1fbbaa8] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[7104] @ C:\Windows\system32\MF.dll[KERNEL32.dll!DeleteFileA] [7fef1fba580] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[7104] @ C:\Windows\system32\MF.dll[KERNEL32.dll!DeleteFileW] [7fef1fba5e4] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[7104] @ C:\Windows\system32\MF.dll[KERNEL32.dll!CopyFileW] [7fef1fba184] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[7104] @ C:\Windows\system32\MF.dll[KERNEL32.dll!CreateFileA] [7fef1fba2d8] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[7104] @ C:\Windows\system32\MF.dll[KERNEL32.dll!GetProcAddress] [7fefd214230] C:\Windows\system32\apphelp.dll IAT C:\Windows\system32\msiexec.exe[7104] @ C:\Windows\system32\MF.dll[KERNEL32.dll!CreateFileW] [7fef1fba42c] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[7104] @ C:\Windows\system32\MF.dll[KERNEL32.dll!CopyFileExW] [7fef1fba260] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[7104] @ C:\Windows\system32\MF.dll[ADVAPI32.dll!RegCreateKeyExA] [7fef1fbb3dc] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[7104] @ C:\Windows\system32\MF.dll[ADVAPI32.dll!RegOpenKeyExW] [7fef1fbb6d0] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[7104] @ C:\Windows\system32\MF.dll[ADVAPI32.dll!RegCreateKeyExW] [7fef1fbb4f4] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[7104] @ C:\Windows\system32\MF.dll[ADVAPI32.dll!RegSetValueExW] [7fef1fbbaa8] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[7104] @ C:\Windows\system32\MF.dll[ADVAPI32.dll!RegSetValueExA] [7fef1fbba0c] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[7104] @ C:\Windows\system32\MF.dll[ADVAPI32.dll!RegDeleteValueW] [7fef1fbbbc8] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[7104] @ C:\Windows\system32\ATL.DLL[KERNEL32.dll!GetProcAddress] [7fefd214230] C:\Windows\system32\apphelp.dll IAT C:\Windows\system32\msiexec.exe[7104] @ C:\Windows\system32\ATL.DLL[KERNEL32.dll!CreateFileW] [7fef1fba42c] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[7104] @ C:\Windows\system32\D3D10Level9.dll[KERNEL32.dll!GetProcAddress] [7fefd214230] C:\Windows\system32\apphelp.dll IAT C:\Windows\system32\msiexec.exe[7104] @ C:\Windows\system32\D3D10Level9.dll[ADVAPI32.dll!RegOpenKeyExA] [7fef1fbb60c] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[7104] @ C:\Windows\system32\POWRPROF.dll[KERNEL32.dll!GetProcAddress] [7fefd214230] C:\Windows\system32\apphelp.dll IAT C:\Windows\system32\msiexec.exe[7104] @ C:\Windows\system32\SETUPAPI.dll[KERNEL32.dll!MoveFileExW] [7fef1fba804] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[7104] @ C:\Windows\system32\SETUPAPI.dll[KERNEL32.dll!CopyFileW] [7fef1fba184] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[7104] @ C:\Windows\system32\SETUPAPI.dll[KERNEL32.dll!CreateFileA] [7fef1fba2d8] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[7104] @ C:\Windows\system32\SETUPAPI.dll[KERNEL32.dll!RegSetValueExW] [7fef1fbbaa8] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[7104] @ C:\Windows\system32\SETUPAPI.dll[KERNEL32.dll!RegDeleteValueW] [7fef1fbbbc8] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[7104] @ C:\Windows\system32\SETUPAPI.dll[KERNEL32.dll!RegCreateKeyExW] [7fef1fbb4f4] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[7104] @ C:\Windows\system32\SETUPAPI.dll[KERNEL32.dll!RegOpenKeyExW] [7fef1fbb6d0] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[7104] @ C:\Windows\system32\SETUPAPI.dll[KERNEL32.dll!GetProcAddress] [7fefd214230] C:\Windows\system32\apphelp.dll IAT C:\Windows\system32\msiexec.exe[7104] @ C:\Windows\system32\SETUPAPI.dll[KERNEL32.dll!MoveFileW] [7fef1fba6e0] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[7104] @ C:\Windows\system32\SETUPAPI.dll[KERNEL32.dll!DeleteFileW] [7fef1fba5e4] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[7104] @ C:\Windows\system32\SETUPAPI.dll[KERNEL32.dll!SetFileAttributesW] [7fef1fbabe0] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[7104] @ C:\Windows\system32\SETUPAPI.dll[KERNEL32.dll!CreateFileW] [7fef1fba42c] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[7104] @ C:\Windows\system32\CFGMGR32.dll[ADVAPI32.dll!RegCreateKeyExW] [7fef1fbb4f4] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[7104] @ C:\Windows\system32\CFGMGR32.dll[ADVAPI32.dll!RegOpenKeyExW] [7fef1fbb6d0] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[7104] @ C:\Windows\system32\CFGMGR32.dll[ADVAPI32.dll!RegSetValueExW] [7fef1fbbaa8] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[7104] @ C:\Windows\system32\CFGMGR32.dll[ADVAPI32.dll!RegDeleteValueW] [7fef1fbbbc8] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[7104] @ C:\Windows\system32\CFGMGR32.dll[KERNEL32.dll!GetProcAddress] [7fefd214230] C:\Windows\system32\apphelp.dll IAT C:\Windows\system32\msiexec.exe[7104] @ C:\Windows\system32\DSOUND.dll[KERNEL32.dll!CreateFileW] [7fef1fba42c] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[7104] @ C:\Windows\system32\DSOUND.dll[KERNEL32.dll!GetProcAddress] [7fefd214230] C:\Windows\system32\apphelp.dll IAT C:\Windows\system32\msiexec.exe[7104] @ C:\Windows\system32\DSOUND.dll[ADVAPI32.dll!RegSetValueExW] [7fef1fbbaa8] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[7104] @ C:\Windows\system32\DSOUND.dll[ADVAPI32.dll!RegCreateKeyW] [7fef1fbb318] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[7104] @ C:\Windows\system32\DSOUND.dll[ADVAPI32.dll!RegOpenKeyExW] [7fef1fbb6d0] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[7104] @ C:\Windows\system32\DSOUND.dll[ADVAPI32.dll!RegOpenKeyExA] [7fef1fbb60c] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[7104] @ C:\Windows\system32\DSOUND.dll[ADVAPI32.dll!RegCreateKeyA] [7fef1fbb23c] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[7104] @ C:\Windows\system32\DSOUND.dll[ADVAPI32.dll!RegSetValueExA] [7fef1fbba0c] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[7104] @ C:\Windows\system32\DINPUT8.dll[KERNEL32.dll!CreateFileW] [7fef1fba42c] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[7104] @ C:\Windows\system32\DINPUT8.dll[KERNEL32.dll!GetProcAddress] [7fefd214230] C:\Windows\system32\apphelp.dll IAT C:\Windows\system32\msiexec.exe[7104] @ C:\Windows\system32\DINPUT8.dll[KERNEL32.dll!CreateFileA] [7fef1fba2d8] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[7104] @ C:\Windows\system32\DINPUT8.dll[ADVAPI32.dll!RegCreateKeyExW] [7fef1fbb4f4] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[7104] @ C:\Windows\system32\DINPUT8.dll[ADVAPI32.dll!RegDeleteValueW] [7fef1fbbbc8] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[7104] @ C:\Windows\system32\DINPUT8.dll[ADVAPI32.dll!RegSetValueExW] [7fef1fbbaa8] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[7104] @ C:\Windows\system32\DINPUT8.dll[ADVAPI32.dll!RegOpenKeyExW] [7fef1fbb6d0] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[7104] @ C:\Windows\system32\DINPUT8.dll[ADVAPI32.dll!RegCreateKeyW] [7fef1fbb318] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[7104] @ C:\Windows\system32\COMDLG32.dll[KERNEL32.dll!GetProcAddress] [7fefd214230] C:\Windows\system32\apphelp.dll IAT C:\Windows\system32\msiexec.exe[7104] @ C:\Windows\system32\COMDLG32.dll[KERNEL32.dll!DeleteFileW] [7fef1fba5e4] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[7104] @ C:\Windows\system32\COMDLG32.dll[KERNEL32.dll!CreateFileW] [7fef1fba42c] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[7104] @ C:\Windows\system32\mscms.dll[KERNEL32.dll!DeleteFileW] [7fef1fba5e4] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[7104] @ C:\Windows\system32\mscms.dll[KERNEL32.dll!CopyFileW] [7fef1fba184] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[7104] @ C:\Windows\system32\mscms.dll[KERNEL32.dll!CreateFileW] [7fef1fba42c] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[7104] @ C:\Windows\system32\mscms.dll[KERNEL32.dll!GetProcAddress] [7fefd214230] C:\Windows\system32\apphelp.dll IAT C:\Windows\system32\msiexec.exe[7104] @ C:\Windows\system32\ncrypt.dll[KERNEL32.dll!DeleteFileW] [7fef1fba5e4] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[7104] @ C:\Windows\system32\ncrypt.dll[KERNEL32.dll!CreateFileW] [7fef1fba42c] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[7104] @ C:\Windows\system32\ncrypt.dll[KERNEL32.dll!MoveFileExW] [7fef1fba804] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[7104] @ C:\Windows\system32\ntmarta.dll[ADVAPI32.dll!RegSetValueExW] [7fef1fbbaa8] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[7104] @ C:\Windows\system32\ntmarta.dll[ADVAPI32.dll!RegCreateKeyExW] [7fef1fbb4f4] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[7104] @ C:\Windows\system32\ntmarta.dll[ADVAPI32.dll!RegOpenKeyExW] [7fef1fbb6d0] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[7104] @ C:\Windows\system32\ntmarta.dll[KERNEL32.dll!CreateFileW] [7fef1fba42c] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[7104] @ C:\Windows\system32\ntmarta.dll[KERNEL32.dll!GetProcAddress] [7fefd214230] C:\Windows\system32\apphelp.dll IAT C:\Windows\system32\msiexec.exe[7104] @ C:\Windows\system32\WLDAP32.dll[KERNEL32.dll!GetProcAddress] [7fefd214230] C:\Windows\system32\apphelp.dll IAT C:\Windows\system32\msiexec.exe[7104] @ C:\Windows\system32\GPAPI.dll[KERNEL32.dll!MoveFileExW] [7fef1fba804] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[7104] @ C:\Windows\system32\cryptnet.dll[KERNEL32.dll!SetFileAttributesW] [7fef1fbabe0] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[7104] @ C:\Windows\system32\cryptnet.dll[KERNEL32.dll!DeleteFileW] [7fef1fba5e4] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[7104] @ C:\Windows\system32\cryptnet.dll[KERNEL32.dll!CreateFileW] [7fef1fba42c] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[7104] @ C:\Windows\system32\cryptnet.dll[KERNEL32.dll!GetProcAddress] [7fefd214230] C:\Windows\system32\apphelp.dll IAT C:\Windows\system32\msiexec.exe[7104] @ C:\Windows\system32\T2EMBED.DLL[KERNEL32.dll!CreateFileA] [7fef1fba2d8] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[7104] @ C:\Windows\system32\T2EMBED.DLL[KERNEL32.dll!RegOpenKeyExA] [7fef1fbb60c] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[7104] @ C:\Windows\system32\T2EMBED.DLL[KERNEL32.dll!GetProcAddress] [7fefd214230] C:\Windows\system32\apphelp.dll IAT C:\Windows\system32\msiexec.exe[7104] @ C:\Windows\system32\T2EMBED.DLL[KERNEL32.dll!OpenFile] [7fef1fba890] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[7104] @ C:\Windows\system32\T2EMBED.DLL[KERNEL32.dll!MoveFileExA] [7fef1fba778] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[7104] @ C:\Windows\system32\T2EMBED.DLL[KERNEL32.dll!RegSetValueExA] [7fef1fbba0c] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[7104] @ C:\Windows\system32\T2EMBED.DLL[KERNEL32.dll!RegCreateKeyExA] [7fef1fbb3dc] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[7104] @ C:\Windows\system32\T2EMBED.DLL[KERNEL32.dll!RegDeleteValueA] [7fef1fbbb44] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[7104] @ C:\Windows\system32\T2EMBED.DLL[KERNEL32.dll!DeleteFileA] [7fef1fba580] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[7104] @ C:\Windows\system32\msv1_0.DLL[KERNEL32.dll!CreateFileW] [7fef1fba42c] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[7104] @ C:\Windows\system32\msv1_0.DLL[KERNEL32.dll!GetProcAddress] [7fefd214230] C:\Windows\system32\apphelp.dll IAT C:\Windows\system32\msiexec.exe[7104] @ C:\Windows\system32\msv1_0.DLL[KERNEL32.dll!RegSetValueExW] [7fef1fbbaa8] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[7104] @ C:\Windows\system32\msv1_0.DLL[KERNEL32.dll!MoveFileExW] [7fef1fba804] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[7104] @ C:\Windows\system32\cryptdll.dll[KERNEL32.dll!GetProcAddress] [7fefd214230] C:\Windows\system32\apphelp.dll IAT C:\Windows\system32\msiexec.exe[7104] @ C:\Windows\system32\wdigest.DLL[KERNEL32.dll!MoveFileExW] [7fef1fba804] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[7104] @ C:\Program Files\Common Files\Microsoft Shared\OFFICE15\MSOXMLMF.DLL[KERNEL32.dll!GetProcAddress] [7fefd214230] C:\Windows\system32\apphelp.dll IAT C:\Windows\system32\msiexec.exe[7104] @ C:\Program Files\Common Files\Microsoft Shared\OFFICE15\MSOXMLMF.DLL[ADVAPI32.dll!RegOpenKeyExW] [7fef1fbb6d0] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[7104] @ C:\Program Files\Common Files\Microsoft Shared\OFFICE15\MSOXMLMF.DLL[ADVAPI32.dll!RegSetValueExW] [7fef1fbbaa8] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[7104] @ C:\Program Files\Common Files\Microsoft Shared\OFFICE15\MSOXMLMF.DLL[ADVAPI32.dll!RegDeleteValueW] [7fef1fbbbc8] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[7104] @ C:\Program Files\Common Files\Microsoft Shared\OFFICE15\MSOXMLMF.DLL[ADVAPI32.dll!RegCreateKeyExW] [7fef1fbb4f4] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[7104] @ C:\Windows\system32\MSVCR100.dll[KERNEL32.dll!GetProcAddress] [7fefd214230] C:\Windows\system32\apphelp.dll IAT C:\Windows\system32\msiexec.exe[7104] @ C:\Windows\system32\MSVCR100.dll[KERNEL32.dll!SetFileAttributesA] [7fef1fbab7c] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[7104] @ C:\Windows\system32\MSVCR100.dll[KERNEL32.dll!MoveFileA] [7fef1fba648] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[7104] @ C:\Windows\system32\MSVCR100.dll[KERNEL32.dll!DeleteFileA] [7fef1fba580] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[7104] @ C:\Windows\system32\MSVCR100.dll[KERNEL32.dll!SetFileAttributesW] [7fef1fbabe0] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[7104] @ C:\Windows\system32\MSVCR100.dll[KERNEL32.dll!MoveFileW] [7fef1fba6e0] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[7104] @ C:\Windows\system32\MSVCR100.dll[KERNEL32.dll!DeleteFileW] [7fef1fba5e4] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[7104] @ C:\Windows\system32\MSVCR100.dll[KERNEL32.dll!CreateFileA] [7fef1fba2d8] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[7104] @ C:\Windows\system32\MSVCR100.dll[KERNEL32.dll!CreateFileW] [7fef1fba42c] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[7104] @ C:\Windows\System32\MMDevApi.dll[KERNEL32.dll!CreateFileW] [7fef1fba42c] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[7104] @ C:\Windows\System32\MMDevApi.dll[KERNEL32.dll!GetProcAddress] [7fefd214230] C:\Windows\system32\apphelp.dll IAT C:\Windows\system32\msiexec.exe[7104] @ C:\Windows\System32\colorcnv.dll[KERNEL32.dll!GetProcAddress] [7fefd214230] C:\Windows\system32\apphelp.dll IAT C:\Windows\system32\msiexec.exe[7104] @ C:\Windows\System32\colorcnv.dll[ADVAPI32.dll!RegCreateKeyW] [7fef1fbb318] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[7104] @ C:\Windows\System32\colorcnv.dll[ADVAPI32.dll!RegOpenKeyExW] [7fef1fbb6d0] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[7104] @ C:\Windows\System32\colorcnv.dll[ADVAPI32.dll!RegSetValueExA] [7fef1fbba0c] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[7104] @ C:\Windows\System32\colorcnv.dll[ADVAPI32.dll!RegSetValueA] [7fef1fbb864] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[7104] @ C:\Windows\System32\msdmo.dll[ADVAPI32.dll!RegSetValueW] [7fef1fbb974] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[7104] @ C:\Windows\System32\msdmo.dll[ADVAPI32.dll!RegOpenKeyExW] [7fef1fbb6d0] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[7104] @ C:\Windows\System32\msdmo.dll[ADVAPI32.dll!RegSetValueExW] [7fef1fbbaa8] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[7104] @ C:\Windows\System32\msdmo.dll[ADVAPI32.dll!RegCreateKeyExW] [7fef1fbb4f4] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[7104] @ C:\Windows\system32\devenum.dll[KERNEL32.dll!GetProcAddress] [7fefd214230] C:\Windows\system32\apphelp.dll IAT C:\Windows\system32\msiexec.exe[7104] @ C:\Windows\system32\devenum.dll[ADVAPI32.dll!RegSetValueExW] [7fef1fbbaa8] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[7104] @ C:\Windows\system32\devenum.dll[ADVAPI32.dll!RegOpenKeyExW] [7fef1fbb6d0] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[7104] @ C:\Windows\system32\devenum.dll[ADVAPI32.dll!RegCreateKeyExW] [7fef1fbb4f4] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[7104] @ C:\Windows\system32\devenum.dll[ADVAPI32.dll!RegDeleteValueW] [7fef1fbbbc8] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[7104] @ C:\Windows\System32\msmpeg2vdec.dll[KERNEL32.dll!GetProcAddress] [7fefd214230] C:\Windows\system32\apphelp.dll IAT C:\Windows\system32\msiexec.exe[7104] @ C:\Windows\System32\msmpeg2vdec.dll[KERNEL32.dll!CreateFileA] [7fef1fba2d8] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[7104] @ C:\Windows\System32\msmpeg2vdec.dll[ADVAPI32.dll!RegCreateKeyExW] [7fef1fbb4f4] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[7104] @ C:\Windows\System32\msmpeg2vdec.dll[ADVAPI32.dll!RegOpenKeyExA] [7fef1fbb60c] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[7104] @ C:\Windows\System32\msmpeg2vdec.dll[ADVAPI32.dll!RegOpenKeyExW] [7fef1fbb6d0] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[7104] @ C:\Windows\System32\msmpeg2vdec.dll[ADVAPI32.dll!RegSetValueExW] [7fef1fbbaa8] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[7104] @ C:\Windows\System32\EVR.dll[KERNEL32.dll!GetProcAddress] [7fefd214230] C:\Windows\system32\apphelp.dll IAT C:\Windows\system32\msiexec.exe[7104] @ C:\Windows\System32\EVR.dll[ADVAPI32.dll!RegSetValueExA] [7fef1fbba0c] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[7104] @ C:\Windows\System32\EVR.dll[ADVAPI32.dll!RegCreateKeyW] [7fef1fbb318] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[7104] @ C:\Windows\System32\EVR.dll[ADVAPI32.dll!RegSetValueW] [7fef1fbb974] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[7104] @ C:\Windows\System32\EVR.dll[ADVAPI32.dll!RegSetValueExW] [7fef1fbbaa8] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[7104] @ C:\Windows\System32\EVR.dll[ADVAPI32.dll!RegOpenKeyExW] [7fef1fbb6d0] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[7104] @ C:\Windows\System32\EVR.dll[ADVAPI32.dll!RegCreateKeyExA] [7fef1fbb3dc] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[7104] @ C:\Users\Primol\AppData\Roaming\Copy\overlay\MSVCP110.dll[KERNEL32.dll!CopyFileW] [7fef1fba184] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[7104] @ C:\Users\Primol\AppData\Roaming\Copy\overlay\MSVCP110.dll[KERNEL32.dll!CreateFileW] [7fef1fba42c] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[7104] @ C:\Users\Primol\AppData\Roaming\Copy\overlay\MSVCR110.dll[KERNEL32.dll!GetProcAddress] [7fefd214230] C:\Windows\system32\apphelp.dll IAT C:\Windows\system32\msiexec.exe[7104] @ C:\Users\Primol\AppData\Roaming\Copy\overlay\MSVCR110.dll[KERNEL32.dll!SetFileAttributesW] [7fef1fbabe0] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[7104] @ C:\Users\Primol\AppData\Roaming\Copy\overlay\MSVCR110.dll[KERNEL32.dll!MoveFileExW] [7fef1fba804] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[7104] @ C:\Users\Primol\AppData\Roaming\Copy\overlay\MSVCR110.dll[KERNEL32.dll!DeleteFileW] [7fef1fba5e4] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[7104] @ C:\Users\Primol\AppData\Roaming\Copy\overlay\MSVCR110.dll[KERNEL32.dll!GetVersionExW] [7feef0f3860] C:\Windows\AppPatch\AppPatch64\AcLayers.DLL IAT C:\Windows\system32\msiexec.exe[7104] @ C:\Users\Primol\AppData\Roaming\Copy\overlay\MSVCR110.dll[KERNEL32.dll!CreateFileW] [7fef1fba42c] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[7104] @ C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18852_none_2b28839e71e973ae\gdiplus.dll[KERNEL32.dll!CreateFileW] [7fef1fba42c] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[7104] @ C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18852_none_2b28839e71e973ae\gdiplus.dll[KERNEL32.dll!CreateFileA] [7fef1fba2d8] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[7104] @ C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18852_none_2b28839e71e973ae\gdiplus.dll[KERNEL32.dll!GetProcAddress] [7fefd214230] C:\Windows\system32\apphelp.dll IAT C:\Windows\system32\msiexec.exe[7104] @ C:\Windows\system32\mfc100u.dll[KERNEL32.dll!CopyFileW] [7fef1fba184] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[7104] @ C:\Windows\system32\mfc100u.dll[KERNEL32.dll!SetFileAttributesW] [7fef1fbabe0] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[7104] @ C:\Windows\system32\mfc100u.dll[KERNEL32.dll!MoveFileW] [7fef1fba6e0] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[7104] @ C:\Windows\system32\mfc100u.dll[KERNEL32.dll!CreateFileW] [7fef1fba42c] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[7104] @ C:\Windows\system32\mfc100u.dll[KERNEL32.dll!DeleteFileW] [7fef1fba5e4] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[7104] @ C:\Windows\system32\mfc100u.dll[KERNEL32.dll!GetProcAddress] [7fefd214230] C:\Windows\system32\apphelp.dll IAT C:\Windows\system32\msiexec.exe[7104] @ C:\Windows\system32\EhStorShell.dll[KERNEL32.dll!GetProcAddress] [7fefd214230] C:\Windows\system32\apphelp.dll IAT C:\Windows\system32\msiexec.exe[7104] @ C:\Windows\system32\EhStorShell.dll[ADVAPI32.dll!RegSetValueExW] [7fef1fbbaa8] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[7104] @ C:\Windows\system32\EhStorShell.dll[ADVAPI32.dll!RegOpenKeyExW] [7fef1fbb6d0] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[7104] @ C:\Windows\system32\EhStorShell.dll[ADVAPI32.dll!RegDeleteValueW] [7fef1fbbbc8] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[7104] @ C:\Windows\system32\EhStorShell.dll[ADVAPI32.dll!RegCreateKeyExW] [7fef1fbb4f4] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[7104] @ C:\Windows\System32\cscui.dll[KERNEL32.dll!GetProcAddress] [7fefd214230] C:\Windows\system32\apphelp.dll IAT C:\Windows\system32\msiexec.exe[7104] @ C:\Windows\System32\CSCDLL.dll[KERNEL32.dll!GetProcAddress] [7fefd214230] C:\Windows\system32\apphelp.dll ---- Threads - GMER 2.1 ---- Thread C:\Windows\Explorer.EXE [1500:1912] 0000000002929300 Thread C:\Windows\Explorer.EXE [1500:1920] 0000000002929300 Thread C:\Windows\Explorer.EXE [1500:1924] 0000000002929300 Thread C:\Windows\Explorer.EXE [1500:1928] 0000000002929300 Thread C:\Windows\Explorer.EXE [1500:1932] 0000000002929300 Thread C:\Windows\Explorer.EXE [1500:1936] 0000000002929300 Thread C:\Windows\Explorer.EXE [1500:1956] 0000000002929300 Thread C:\Windows\Explorer.EXE [1500:1960] 0000000002929300 Thread C:\Windows\Explorer.EXE [1500:3040] 0000000002929300 Thread C:\Windows\Explorer.EXE [1500:3044] 0000000002929300 Thread C:\Windows\Explorer.EXE [1500:3048] 0000000002929300 Thread C:\Windows\Explorer.EXE [1500:3052] 0000000002929300 Thread C:\Windows\Explorer.EXE [1500:3056] 0000000002929300 Thread C:\Windows\Explorer.EXE [1500:3060] 0000000002929300 Thread C:\Windows\system32\taskhost.exe [1940:1964] 00000000003cce60 Thread C:\Windows\system32\taskhost.exe [1940:1968] 00000000003cce60 Thread C:\Windows\system32\GWX\GWX.exe [2000:536] 000000007767a7b0 Thread C:\Windows\system32\GWX\GWX.exe [2000:1096] 000000007767f480 Thread C:\Windows\system32\GWX\GWX.exe [2000:3676] 000000007767f480 Thread C:\Windows\SysWOW64\ntdll.dll [4528:4532] 0000000000402e7b Thread C:\Windows\SysWOW64\ntdll.dll [4528:4624] 000000006f13c690 Thread C:\Windows\SysWOW64\ntdll.dll [4528:4928] 000000006f134590 Thread C:\Windows\SysWOW64\ntdll.dll [4528:5904] 000000006f1342a0 Thread C:\Windows\SysWOW64\ntdll.dll [4528:7960] 00000000742ca3e0 Thread C:\Program Files\Windows Media Player\wmpnetwk.exe [2508:7864] 000007fefb4b2bf8 Thread C:\Windows\system32\msiexec.exe [5428:2720] 00000000003040e0 Thread C:\Windows\system32\msiexec.exe [5428:6200] 0000000000060838 Thread C:\Windows\system32\msiexec.exe [5428:3636] 00000000000639ec Thread C:\Windows\system32\ctfmon.exe [8816:6352] 0000000001c90880 Thread C:\Windows\system32\ctfmon.exe [8816:7240] 000000000006f278 Thread C:\Windows\system32\ctfmon.exe [8816:2052] 000000000007242c Thread C:\Windows\system32\conhost.exe [9056:3644] 0000000001f85560 Thread C:\Windows\system32\conhost.exe [9056:5472] 00000000000cedb8 Thread C:\Windows\system32\conhost.exe [9056:3224] 00000000000d1f6c Thread C:\Windows\system32\dllhost.exe [1136:6520] 00000000003a0280 Thread C:\Windows\system32\dllhost.exe [1136:5812] 00000000000bf438 Thread C:\Windows\system32\dllhost.exe [1136:4252] 00000000000c25ec Thread C:\Windows\system32\cmd.exe [3924:8356] 0000000000415ee0 Thread C:\Windows\system32\cmd.exe [3924:3684] 00000000000d0278 Thread C:\Windows\system32\cmd.exe [3924:8256] 00000000000d342c Thread C:\Windows\system32\conhost.exe [5400:7956] 0000000001da4da0 Thread C:\Windows\system32\conhost.exe [5400:5888] 00000000000cfaf8 Thread C:\Windows\system32\conhost.exe [5400:2160] 00000000000d2cac Thread C:\Windows\system32\PresentationHost.exe [8860:2504] 000000000227f4c0 Thread C:\Windows\system32\PresentationHost.exe [8860:8632] 00000000000cfeb8 Thread C:\Windows\system32\PresentationHost.exe [8860:2684] 00000000000d306c Thread C:\Windows\system32\msiexec.exe [6448:3744] 0000000000292c80 Thread C:\Windows\system32\msiexec.exe [6448:5076] 00000000000ffc78 Thread C:\Windows\system32\msiexec.exe [6448:3700] 0000000000102e2c Thread C:\Windows\system32\conhost.exe [3140:1132] 0000000001ed8c20 Thread C:\Windows\system32\conhost.exe [3140:4800] 00000000000cf338 Thread C:\Windows\system32\conhost.exe [3140:3688] 00000000000d24ec Thread C:\Windows\system32\dllhost.exe [6112:832] 0000000001cb88c0 Thread C:\Windows\system32\dllhost.exe [6112:2308] 00000000000bf7f8 Thread C:\Windows\system32\dllhost.exe [6112:6900] 00000000000c29ac Thread C:\Windows\system32\cmd.exe [6536:5484] 0000000000407380 Thread C:\Windows\system32\cmd.exe [6536:7348] 0000000000110838 Thread C:\Windows\system32\cmd.exe [6536:8272] 00000000001139ec Thread C:\Windows\system32\ctfmon.exe [3328:6096] 00000000004aa3c0 Thread C:\Windows\system32\ctfmon.exe [3328:2972] 00000000000706f8 Thread C:\Windows\system32\ctfmon.exe [3328:8708] 00000000000738ac Thread C:\Windows\system32\msdtc.exe [1204:3532] 0000000002b65480 Thread C:\Windows\system32\msdtc.exe [1204:3592] 00000000000cef38 Thread C:\Windows\system32\msdtc.exe [1204:944] 00000000000d20ec Thread C:\Windows\system32\msiexec.exe [7104:8688] 0000000000542760 Thread C:\Windows\system32\msiexec.exe [7104:7044] 000000000010fbf8 Thread C:\Windows\system32\msiexec.exe [7104:3848] 0000000000112dac Thread C:\Windows\system32\cmd.exe [7556:4064] 0000000001fa34e0 Thread C:\Windows\system32\cmd.exe [7556:6260] 00000000000cfcf8 ---- Processes - GMER 2.1 ---- Library C:\Users\Primol\AppData\Roaming\Copy\overlay\CopyShExt.dll (*** suspicious ***) @ C:\Windows\Explorer.EXE [1500] (Copy Shell Extensions/Barracuda Networks, Inc.)(2013-05-21 21:25:58) 000007fef5410000 Process C:\ProgramData\aspnet_regsql.exe (*** suspicious ***) @ C:\ProgramData\aspnet_regsql.exe [1328](2015-11-06 21:24:05) 0000000000400000 Library C:\Users\Primol\AppData\Roaming\Copy\overlay\CopyShExt.dll (*** suspicious ***) @ C:\Windows\system32\ctfmon.exe [8816] (Copy Shell Extensions/Barracuda Networks, Inc.)(2013-05-21 21:25:58) 000007fef5410000 Library C:\Users\Primol\AppData\Roaming\Copy\overlay\CopyShExt.dll (*** suspicious ***) @ C:\Windows\system32\PresentationHost.exe [8860] (Copy Shell Extensions/Barracuda Networks, Inc.)(2013-05-21 21:25:58) 000007fef5410000 Library C:\Users\Primol\AppData\Roaming\Copy\overlay\CopyShExt.dll (*** suspicious ***) @ C:\Windows\system32\msiexec.exe [7104] (Copy Shell Extensions/Barracuda Networks, Inc.)(2013-05-21 21:25:58) 000007fef5410000 ---- Registry - GMER 2.1 ---- Reg HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{32B080A1-C464-48BB-8C03-D570F54D5A14}@LeaseObtainedTime 1447701263 Reg HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{32B080A1-C464-48BB-8C03-D570F54D5A14}@T1 1447701390 Reg HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{32B080A1-C464-48BB-8C03-D570F54D5A14}@T2 1447701486 Reg HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{32B080A1-C464-48BB-8C03-D570F54D5A14}@LeaseTerminatesTime 1447701518 ---- EOF - GMER 2.1 ----